Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cwe_checker_emulation plugin using BAP's Primus #15

Merged
merged 23 commits into from
Apr 16, 2019
Merged

Conversation

tbarabosch
Copy link
Contributor

@tbarabosch tbarabosch commented Mar 29, 2019

This pull request adds

  • cwe_checker_emulation plugin based on BAP's Primus. It detects CWE-125/CWE-787, CWE-415, CWE-416
  • Some fixes due to changes in JaneStreets Core library (Hashtbl, Map)
  • It is now based on BAP's opam testing branch -> this may break stuff, we have to upgrade the Travis image as well

@tbarabosch tbarabosch requested a review from Enkelmann March 29, 2019 17:30
@tbarabosch
Copy link
Contributor Author

I propose that we first resolve #14 and merge it into this PR.
Then we can use cwe_checker_core and get rid of some duplicate code in cwe_checker_emulation (Log_utils).

@Enkelmann Enkelmann force-pushed the cwe_checker_primus branch from dd91678 to cf67bcb Compare April 15, 2019 07:00
Copy link
Contributor

@Enkelmann Enkelmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks very nice! Things we should do before merging:

  • filter out duplicates in incident reports
  • add the test samples for the new cwe to the test suite.

plugins/cwe_checker_emulation/cwe_checker_emulation.ml Outdated Show resolved Hide resolved
plugins/cwe_checker_emulation/cwe_checker_emulation.ml Outdated Show resolved Hide resolved
plugins/cwe_checker_emulation/cwe_checker_emulation.ml Outdated Show resolved Hide resolved
plugins/cwe_checker_emulation/incident_reporter.ml Outdated Show resolved Hide resolved
@tbarabosch
Copy link
Contributor Author

I added tests for cwe-415 and cwe-416.
Unfortunately, we are not able to find a working example for cwe-125/cwe-787. There are two artificial examples that should work but I skipped the tests.

@tbarabosch tbarabosch requested a review from Enkelmann April 15, 2019 14:41
@Enkelmann Enkelmann merged commit 095130c into master Apr 16, 2019
@Enkelmann Enkelmann deleted the cwe_checker_primus branch April 16, 2019 06:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants