You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
One example :
CWE476] (0.2) (NULL Pointer Dereference) Memory access at 87e7db04 may result in a NULL dereference
It could be very helpful to see a detailed code flow path that could lead to such a scenario (in a manner similar to how it is done in various Static Code Analysis tools such as Klockwork). This information should be internally available in the tool if it reaches such a conclusion.
The text was updated successfully, but these errors were encountered:
Yes, that is something I also want to implement in the future.
As a side note: The analysis approach employed by the cwe_checker is not path-sensitive (i.e. we do not use symbolic execution). That means that we usually do not generate complete code flow paths during analysis, so this information is not generally available. However, there is still a lot of context information and sometimes also partial code flows that get generated during analysis and could aid users in understanding the analysis results if properly presented.
We also think about implementing a secondary analysis step that would be path-sensitive and thus could be used to generate code flow paths for the user (though the main idea is to weed out false positive results with it). But because of the huge effort necessary for implementing it, this idea is more of a long-term plan.
One example :
CWE476] (0.2) (NULL Pointer Dereference) Memory access at 87e7db04 may result in a NULL dereference
It could be very helpful to see a detailed code flow path that could lead to such a scenario (in a manner similar to how it is done in various Static Code Analysis tools such as Klockwork). This information should be internally available in the tool if it reaches such a conclusion.
The text was updated successfully, but these errors were encountered: