added flag --no-logging to surpress logging to STDOUT

CHANGES.md

@@ -6,6 +6,7 @@ dev
 -   Fixed check CWE367: use symbols defined in config.json (PR #28)
 -   Refactoring of logging and JSON support via --json (PR #30)
 -   Added file output support via --out (PR #30)
+-   Surpress logging of info, error and warning to STDOUT via --no-logging (PR #32)
 
 0.2 (2019-06-25)
 =====

README.md

@@ -57,7 +57,7 @@ If you plan to develop cwe_checker, it is recommended to build it using the prov
 -   dune >= 1.6
 -   BAP 1.6 (and its dependencies)
 -   yojson >= 1.6.0
--   ppx_deriving_json >= 3.5.1
+-   ppx_deriving_yojson >= 3.5.1
 -   alcotest >= 0.8.3 (for tests)
 -   Sark (latest) for IDA Pro annotations
 -   pytest >= 3.5.1 (for tests)

plugins/cwe_checker/cwe_checker.ml

@@ -30,12 +30,12 @@ let known_modules = [{cwe_func = Cwe_190.check_cwe; name = Cwe_190.name; version
                      {cwe_func = Cwe_782.check_cwe; name = Cwe_782.name; version = Cwe_782.version; requires_pairs = false; has_parameters = false}]
 
 let build_version_sexp () =
-  List.map known_modules ~f:(fun cwe -> Format.sprintf "(\"%s\" \"%s\")" cwe.name cwe.version)
-  |> String.concat ~sep:" "
+  List.map known_modules ~f:(fun cwe -> Format.sprintf "\"%s\": \"%s\"" cwe.name cwe.version)
+  |> String.concat ~sep:", "
 
 let print_module_versions () =
   Log_utils.info (sprintf
-                    "[cwe_checker] module_versions: (%s)"
+                    "[cwe_checker] module_versions: {%s}"
                     (build_version_sexp ()))
 
 let execute_cwe_module cwe json program project tid_address_map =
@@ -74,7 +74,12 @@ let full_run project config =
     List.iter known_modules ~f:(fun cwe -> execute_cwe_module cwe json program project tid_address_map)
   end
 
-let main config module_versions partial_update json_output file_output project =
+let main config module_versions partial_update json_output file_output no_logging project =
+
+  if no_logging then
+    begin
+      Log_utils.turn_off_logging ()
+    end;
 
   if module_versions then
     begin
@@ -114,11 +119,12 @@ let main config module_versions partial_update json_output file_output project =
 module Cmdline = struct
   open Config
   let config = param string "config" ~doc:"Path to configuration file."
-  let module_versions = flag "module_versions" ~doc:"Prints out the version numbers of all known modules."
+  let module_versions = flag "module-versions" ~doc:"Prints out the version numbers of all known modules."
   let json_output = flag "json" ~doc:"Outputs the result as JSON."
   let file_output = param string "out" ~doc:"Path to output file."
+  let no_logging = flag "no-logging" ~doc:"Outputs no logging (info, error, warning). This does not pollute STDOUT when output json to it."
   let partial_update = param string "partial" ~doc:"Comma separated list of modules to apply on binary, e.g. 'CWE332,CWE476,CWE782'"
-  let () = when_ready (fun ({get=(!!)}) -> Project.register_pass' ~deps:["callsites"] (main !!config !!module_versions !!partial_update !!json_output !!file_output))
+  let () = when_ready (fun ({get=(!!)}) -> Project.register_pass' ~deps:["callsites"] (main !!config !!module_versions !!partial_update !!json_output !!file_output !!no_logging))
   let () = manpage [
                           `S "DESCRIPTION";
                           `P "This plugin checks various CWEs such as Insufficient Entropy in PRNG (CWE-332) or Use of Potentially Dangerous Function (CWE-676)"

src/checkers/cwe_190.ml

@@ -21,10 +21,10 @@ let contains_multiplication d =
 let check_multiplication_before_symbol _proj _prog _sub blk jmp tid_map symbols =
   Seq.iter (Term.enum def_t blk)
     ~f:(fun d -> if contains_multiplication d then
-                   let description = "(Integer Overflow or Wraparound) Potential overflow due to multiplication" in
-                   let addresses = [(Address_translation.translate_tid_to_assembler_address_string (Term.tid blk) tid_map)] in
-                   let symbols = [(Symbol_utils.get_symbol_name_from_jmp jmp symbols)] in
-                   let cwe_warning = cwe_warning_factory name version description ~addresses ~symbols in
+                   let address = (Address_translation.translate_tid_to_assembler_address_string (Term.tid blk) tid_map) in
+                   let symbol = (Symbol_utils.get_symbol_name_from_jmp jmp symbols) in
+                   let description = sprintf "(Integer Overflow or Wraparound) Potential overflow due to multiplication at %s (%s)" address symbol in
+                   let cwe_warning = cwe_warning_factory name version description ~addresses:[address] ~symbols:[symbol] in
                    collect_cwe_warning cwe_warning)
 
 let check_cwe prog proj tid_map symbol_names _ =

src/utils/log_utils.ml

@@ -21,6 +21,10 @@ end
 
 let cwe_warning_store = ref [||]
 
+let no_logging = ref false
+
+let turn_off_logging () = no_logging := true
+
 let cwe_warning_factory name version ?(other = []) ?(addresses = []) ?(symbols = []) description =
   {
     CweWarning.name = name;
@@ -53,8 +57,8 @@ let emit_cwe_warnings_native out_path =
   else
     Out_channel.write_lines out_path (Array.to_list output_lines)
 
-let debug message = print_endline ("DEBUG: " ^ message)
+let debug message = if !no_logging then () else print_endline ("DEBUG: " ^ message)
 
-let info message = print_endline ("INFO: " ^ message)
+let info message = if !no_logging then () else print_endline ("INFO: " ^ message)
 
-let error message = print_endline ("ERROR: " ^ message)
+let error message = if !no_logging then () else print_endline ("ERROR: " ^ message)

src/utils/log_utils.mli

@@ -25,6 +25,8 @@ module CweWarning : sig
 }
 end
 
+val turn_off_logging : unit -> unit
+
 val cwe_warning_factory : string -> string -> ?other:string list list -> ?addresses:string list -> ?symbols:string list -> string -> CweWarning.t
 val collect_cwe_warning : CweWarning.t -> unit