cwe_checker
cwe_checker copied to clipboard
fkie-cad
cwe_checker finds vulnerable patterns in binary executables
### Discussed in https://github.com/fkie-cad/cwe_checker/discussions/312 Originally posted by **StepanGavrilov** April 5, 2022 I have error like `docker run --rm -v /path_here/hdat2cd_lite_74.iso:/hdat2cd_lite_74.iso fkiecad/cwe_checker hdat2cd_lite_74.iso` ``` WARNING: The requested image's platform (linux/amd64) does...
One example : CWE476] (0.2) (NULL Pointer Dereference) Memory access at 87e7db04 may result in a NULL dereference It could be very helpful to see a detailed code flow path...
Ghidra process is terminated while analyzing AARCH64 bare metal image (same result for ARM as well) : Execution of Ghidra plugin failed: Process was terminated. INFO REPORT: Save succeeded for...
### Discussed in https://github.com/fkie-cad/cwe_checker/discussions/283 Originally posted by **JavierBaratech** February 2, 2022 Hello all, I have a problem when running cwe_checker with a bare-metal binary for an AVR chip. I have...
Hi, It seems that the cwe_checker_to_ida.py script fails to properly generate output for IDA, when a valid JSON input file is supplied to the script. I have tested both latest...
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Error("missing field `string_symbols`", line: 0, column: 0)', src/cwe_checker_lib/src/checkers/cwe_78.rs:104:69 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace https://github.com/fkie-cad/cwe_checker/blob/41f10fa1256728e84eabefaa9cd7d0201432fbbf/src/cwe_checker_lib/src/checkers/cwe_78.rs#L104 rather,...
Right now the handling of calling conventions for PE files is wrong for most analyses: The *PointerInference* (and most other analyses) assume that internal function calls adhere to a standard...
The documentation claims that the system only supports ELF binaries. It would be very useful to me if the system supported PE files.
I noticed you have a plugin for Ghidra, but it is not the only one FOSS tool available. [Rizin](https://github.com/rizinorg/rizin) is a highly-portable cross-platform reverse engineering framework and a toolkit without...
