http://open-source-security-software.net/project/cwe_checker/releases.atom Recent releases for cwe_checker 2024-12-23T03:47:07.740927+00:00 python-feedgen cwe_checker v0.1 cwe_checker v0.1 2018-10-09T15:51:06+00:00 This is the initial release of cwe_checker under LGPL 3.0. 2018-10-09T15:51:06+00:00 cwe_checker v0.2 cwe_checker v0.2 2019-06-26T08:27:10+00:00 Changes: - Refactoring: Unification of cwe_checker function interface - Refactoring: Created utils module for JSON functionality - Added check for CWE 248: Uncaught Exception (PR #5) - Added automated test suite (run with make test) (PR #7) - Improved cross compiling for acceptance test cases by using dockcross (PR #8) - Added BAP recipe for standard cwe_checker run (PR #9) - Improved check for CWE-476 (NULL Pointer Dereference) using data flow analysis (PR #11) - Added cwe_checker_emulation plugin based on BAP's Primus to detect CWE-125, CWE-415, and CWE-416 (PR #15) - Switched C build system from make to scons (PR #16) - Added type inference pass (PR #14, #18) - Added unit tests to test suite (PR #14) - Added check for CWE-560 (Use of umask() with chmod-style Argument) (PR #21) 2019-06-26T08:27:10+00:00 cwe_checker v0.3 cwe_checker v0.3 2019-12-06T08:27:49+00:00 Version 0.3 mostly adds ease-of-use functionalities to the *cwe_checker*. This is the last release based on BAP 1.6 before we switch to BAP 2.0. The changes in detail: - Added more documentation to checks (PR #26) - Added clang as another compiler for test cases, added tests for clang compiled test cases (PR #27) - Fixed check CWE367: use symbols defined in config.json (PR #28) - Refactoring of logging and JSON support via --json (PR #30) - Added file output support via --out (PR #30) - Surpress logging of info, error and warning to STDOUT via --no-logging (PR #32) - Added check-path feature via --check-path that searches paths between interesting input functions and cwe hits (PR #31) - Added online documentation (PR #36, #37) - Added convenience executable to enable shorter command line options (PR #40) - Added a plugin for integration into Ghidra (PR #42, #43) 2019-12-06T08:27:49+00:00 cwe_checker v0.4 cwe_checker v0.4 2021-01-07T12:23:34+00:00 Version 0.4 contains improvements for the CWE-476 (Null Pointer Dereference) check as well as the addition of a new, still experimental memory check searching for CWEs 415 (Double Free) and 416 (Use After Free). We also updated our backend to BAP 2.2. Under the hood a completely new analysis framework was written in Rust, which is used by the new memory check. We also implemented support for Ghidra as an alternative backend to BAP. See the CHANGES.md for more details. 2021-01-07T12:23:34+00:00 cwe_checker v0.5 cwe_checker v0.5 2021-07-05T11:14:49+00:00 Version 0.5 contains the switch to Ghidra as the standard backend and the removal of the old BAP backend. Some internal improvements should lead to better analysis results for most checks. We also added several new CWE checks in this release: * CWE-78: OS Command Injection * CWE-119 and its variants CWE-125 and CWE-787: Buffer Overflow * CWE-134: Use of Externally-Controlled Format String See the CHANGES.md for more details. 2021-07-05T11:14:49+00:00 cwe_checker v0.6 cwe_checker v0.6 2022-06-13T05:48:56+00:00 Version 0.6 contains improved abstract domains able to represent data more precise and more complete. Furthermore, the Pointer Inference analysis was reworked to be a bottom-up analysis and an additional function signature analysis step was added to the analysis pipeline. These improvements allow all analyses depending on the Pointer Inference to be both more precise and more complete. Other highlights include: - A new command line flag for analyzing bare-metal binaries. - The check for *CWE-78: Command line injections* was completely rewritten using abstract domains for strings. - The check for *CWE-119: Buffer Overflow* was completely rewritten and now emits additional data flow information in the JSON output to help with root cause analysis. - The check for *CWE-416: Use After Free* was completely rewritten and now emits additional data flow information in the JSON output to help with root cause analysis. See the CHANGES.md for more details. 2022-06-13T05:48:56+00:00 cwe_checker v0.7 cwe_checker v0.7 2023-06-22T07:15:02+00:00 Version 0.7 contains many small enhancements and bugfixes to improve precision and stability of the analysis. We also improved the internal code organization to make it easier to use the cwe_checker as a library instead of a standalone program. Other highlights include: - A new check for CWE-789: Memory Allocation with Excessive Size Value - The checks for *CWE-119: Buffer Overflow* and *CWE-416: Use After Free* now include even more meta-information in the JSON output of their CWE warnings: Now functions and calls relevant to the CWE warning are emitted to help with subsequent manual or automatic verification. See the CHANGES.md for more details. 2023-06-22T07:15:02+00:00