cwe_checker finds vulnerable patterns in binary executables
LGPL-3.0 License
Bot releases are hidden (Show)
Published by vobst about 2 months ago
The 0.9 release contains enough new content for two - but you get it all in one. First of all, there is now experimental support for the analysis of Linux kernel modules (LKMs). Checks are configured in a separate config file lkm_config.json
and currently only a subset of all checks is supported. In addition, we introduced a whole new check for CWE252 (Unchecked Return Value), which works for user-space programs and LKMs.
On the technical site, we added an abstraction layer for taint analysis on top of the existing abstractions for dataflow analysis. All checks that are based on a taint analysis were adapted and should be a bit more precise (and much easier to read) now. Furthermore, to understand the performance characteristics of our code, and to catch regressions, we added a microbenchmarking infrastructure.
Finally, we fixed some bugs in our IR generation, IR optimization, and processing of Ghidra Pcode.
Thanks everyone!
The v0.8 release contains a major change in the inner workings of the Pointer Inference analysis: It can now track nested parameters, which allows tracking of a lot more memory objects around function boundaries for all checks depending on it. Additionally, it also solves a long-standing issue regarding state explosion, which previously lead to extremely high RAM usage and analysis times on some binaries.
Other highlights:
See the CHANGES.md for more details.
Published by Enkelmann over 1 year ago
Version 0.7 contains many small enhancements and bugfixes to improve precision and stability of the analysis. We also improved the internal code organization to make it easier to use the cwe_checker as a library instead of a standalone program.
Other highlights include:
See the CHANGES.md for more details.
Published by Enkelmann over 2 years ago
Version 0.6 contains improved abstract domains able to represent data more precise and more complete. Furthermore, the Pointer Inference analysis was reworked to be a bottom-up analysis and an additional function signature analysis step was added to the analysis pipeline. These improvements allow all analyses depending on the Pointer Inference to be both more precise and more complete.
Other highlights include:
See the CHANGES.md for more details.
Published by Enkelmann over 3 years ago
Version 0.5 contains the switch to Ghidra as the standard backend and the removal of the old BAP backend. Some internal improvements should lead to better analysis results for most checks. We also added several new CWE checks in this release:
See the CHANGES.md for more details.
Published by Enkelmann almost 4 years ago
Version 0.4 contains improvements for the CWE-476 (Null Pointer Dereference) check as well as the addition of a new, still experimental memory check searching for CWEs 415 (Double Free) and 416 (Use After Free). We also updated our backend to BAP 2.2.
Under the hood a completely new analysis framework was written in Rust, which is used by the new memory check. We also implemented support for Ghidra as an alternative backend to BAP.
See the CHANGES.md for more details.
Published by Enkelmann almost 5 years ago
Version 0.3 mostly adds ease-of-use functionalities to the cwe_checker. This is the last release based on BAP 1.6 before we switch to BAP 2.0.
The changes in detail:
Published by Enkelmann over 5 years ago
Changes: