cwe_checker finds vulnerable patterns in binary executables
The v0.8 release contains a major change in the inner workings of the Pointer Inference analysis: It can now track nested parameters, which allows tracking of a lot more memory objects around function boundaries for all checks depending on it. Additionally, it also solves a long-standing issue regarding state explosion, which previously lead to extremely high RAM usage and analysis times on some binaries.
Other highlights:
See the CHANGES.md for more details.
Version 0.7 contains many small enhancements and bugfixes to improve precision and stability of the analysis. We also improved the internal code organization to make it easier to use the cwe_checker as a library instead of a standalone program.
Other highlights include:
See the CHANGES.md for more details.
Version 0.6 contains improved abstract domains able to represent data more precise and more complete. Furthermore, the Pointer Inference analysis was reworked to be a bottom-up analysis and an additional function signature analysis step was added to the analysis pipeline. These improvements allow all analyses depending on the Pointer Inference to be both more precise and more complete.
Other highlights include:
See the CHANGES.md for more details.
Version 0.5 contains the switch to Ghidra as the standard backend and the removal of the old BAP backend. Some internal improvements should lead to better analysis results for most checks. We also added several new CWE checks in this release:
See the CHANGES.md for more details.
Version 0.4 contains improvements for the CWE-476 (Null Pointer Dereference) check as well as the addition of a new, still experimental memory check searching for CWEs 415 (Double Free) and 416 (Use After Free). We also updated our backend to BAP 2.2.
Under the hood a completely new analysis framework was written in Rust, which is used by the new memory check. We also implemented support for Ghidra as an alternative backend to BAP.
See the CHANGES.md for more details.
Version 0.3 mostly adds ease-of-use functionalities to the cwe_checker. This is the last release based on BAP 1.6 before we switch to BAP 2.0.
The changes in detail:
Changes:
This is the initial release of cwe_checker under LGPL 3.0.