Comments (4)
Enkelmann
commented on May 23, 2024
1
I have to admit that this is not a pressing matter for us as we are moving away from symbolic execution (in favor of more dataflow analysis) right now anyway. But we will gladly switch to a library interface if you provide one. :-) Until then we should address the incident duplication by smarter parsing on the cwe_checker side.
PS: I will write some Issues for BAP with feature requests the next time i find time for it.
from cwe_checker.
ivg
commented on May 23, 2024
1
Speaking of the dataflow.... right now, like a second ago, I've just implemented liveness analysis for subroutines (because our Sub.free_vars are still... let's say it straight broken), so I'm thinking now, should I publish it in the interface or not. My decision was ... meh, let's postpone it. But if you guys need liveness right now, I can publish it right now. Your call)
from cwe_checker.
Enkelmann
commented on May 23, 2024
We don't need liveness analysis right now. But it would still be a nice thing to have and could be useful for us in the future.
from cwe_checker.
Enkelmann
commented on May 23, 2024
We have rewritten the incident parsing for the emulation based checks (PR #52 ), so that all incidents pointing to the same target are summarized as one CWE hit (containing all paths found by BAP in the description).
For the time being, this solves the issue on the cwe_checker side. We may revisit the parsing when the current improvements on BAP Primus hit the stable branch.
from cwe_checker.
Related Issues (20)
- cwe_checker run with error 'No loadable segments found' HOT 1
- CWE checker dependencies incompatible with current Kali (clap) HOT 4
- docker how to speficy --bare-metal-config HOT 2
- ghidra >= 10.2 fix "getLeastSignificatBitInBaseRegister" spelling wrong HOT 2
- error running cwe in ghidra HOT 2
- Some comments seems confusing HOT 4
- What is the logic of fixpoint comuptation HOT 2
- Speed up the analysis with new cwe_checker:stable docker image HOT 2
- cwe_checker docker -o option fails HOT 4
- What is CWE119 specifically and the difference with its variants HOT 7
- Infinity Loop Problem HOT 2
- Execution of Ghidra plugin failed HOT 8
- Project Normalization consumes too much RAM HOT 2
- Support for new P-Code operation in Ghidra 10.3 HOT 1
- Windows failed to compile HOT 1
- cwe_checker docker container hang on HOT 4
- New CWE support ? HOT 1
- Binary Ninja Plugin HOT 1
- Null Dereference not detected in C ? HOT 2
- Docker build is failed locally HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cwe_checker.