Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature request: add detailed explanations to the log on what is the possible code flow path that could trigger the issue #297

Open
amarkovytch opened this issue Mar 9, 2022 · 1 comment
Labels
enhancement New feature or request

Comments

@amarkovytch
Copy link

One example :
CWE476] (0.2) (NULL Pointer Dereference) Memory access at 87e7db04 may result in a NULL dereference

It could be very helpful to see a detailed code flow path that could lead to such a scenario (in a manner similar to how it is done in various Static Code Analysis tools such as Klockwork). This information should be internally available in the tool if it reaches such a conclusion.

@Enkelmann
Copy link
Contributor

Yes, that is something I also want to implement in the future.

As a side note: The analysis approach employed by the cwe_checker is not path-sensitive (i.e. we do not use symbolic execution). That means that we usually do not generate complete code flow paths during analysis, so this information is not generally available. However, there is still a lot of context information and sometimes also partial code flows that get generated during analysis and could aid users in understanding the analysis results if properly presented.
We also think about implementing a secondary analysis step that would be path-sensitive and thus could be used to generate code flow paths for the user (though the main idea is to weed out false positive results with it). But because of the huge effort necessary for implementing it, this idea is more of a long-term plan.

@Enkelmann Enkelmann added the enhancement New feature or request label Mar 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants