From 62021a65cd04babd18eabb8c4130f43c4aaf43b0 Mon Sep 17 00:00:00 2001 From: Enkelmann <46347022+Enkelmann@users.noreply.github.com> Date: Wed, 26 Jun 2019 08:28:01 +0200 Subject: [PATCH] Preparing v0.2 Release (#22) * corrected dune linter warnings * Adjusted maintainer * Added SCons to dependency list, added CONTRIBUTORS.md * Set release date of v0.2 * added some spaces * Pack the core library into the same opam package * Fix Codacy Issues --- CHANGES.md | 2 +- CONTRIBUTORS.md | 10 ++++++++++ README.md | 29 +++++++++++++++++------------ cwe_checker.opam | 3 +-- src/cwe_checker_core.opam | 2 +- test/unit/checkers/cwe_560_test.ml | 1 - test/unit/checkers/cwe_560_test.mli | 2 -- 7 files changed, 30 insertions(+), 19 deletions(-) create mode 100644 CONTRIBUTORS.md diff --git a/CHANGES.md b/CHANGES.md index 0b7105add..ba0d4c6b5 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,4 +1,4 @@ -0.2-dev (2019-XX-XX) +0.2 (2019-06-25) ===== - Refactoring: Unification of cwe_checker function interface diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md new file mode 100644 index 000000000..055290f69 --- /dev/null +++ b/CONTRIBUTORS.md @@ -0,0 +1,10 @@ +# cwe_checker contributors + +- [Thomas Barabosch](https://github.com/tbarabosch) + - Original author + +- [Nils-Edvin Enkelmann](https://github.com/Enkelmann) + - Current maintainer + +- [Jörg Stucke](https://github.com/jstucke) + - Docker container diff --git a/README.md b/README.md index 1c7f822fd..9210ab627 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ ## What is cwe_checker? ## *cwe_checker* is a suite of tools to detect common bug classes such as use of dangerous functions and simple integer overflows. These bug classes are formally known as [Common Weakness Enumerations](https://cwe.mitre.org/) (CWEs). Its main goal is to aid analysts to quickly find vulnerable code paths. -Its main focus are ELF binaries that are commonly found on Linux and Unix operating systems. *cwe_checker* is built on top of [BAP](https://github.com/BinaryAnalysisPlatform/bap)(Binary Analysis Platform). By using BAP, we are not restricted to one low level instruction set architectures like Intel x86. BAP lifts several of them to one common intermediate represenetation (IR). cwe_checker implements its analyses on this IR. At time of writing, BAP 1.5 supports Intel x86/x64, ARM, MIPS, and PPC amongst others. Hence, this makes *cwe_checker* a valuable tool for firmware analysis. +Its main focus are ELF binaries that are commonly found on Linux and Unix operating systems. *cwe_checker* is built on top of [BAP](https://github.com/BinaryAnalysisPlatform/bap)(Binary Analysis Platform). By using BAP, we are not restricted to one low level instruction set architectures like Intel x86. BAP lifts several of them to one common intermediate representation (IR). cwe_checker implements its analyses on this IR. At time of writing, BAP 1.6 supports Intel x86/x64, ARM, MIPS, and PPC amongst others. Hence, this makes *cwe_checker* a valuable tool for firmware analysis. *cwe_checker* implements a modular architecture that allows to add new analyses with ease. So far the following analyses are implemented across several BAP plugins: - [CWE-125](https://cwe.mitre.org/data/definitions/125.html): Out-of-bounds read (via emulation) @@ -28,7 +28,7 @@ Its main focus are ELF binaries that are commonly found on Linux and Unix operat - [CWE-560](https://cwe.mitre.org/data/definitions/560.html): Use of umask() with chmod-style Argument - [CWE-676](https://cwe.mitre.org/data/definitions/676.html): Use of Potentially Dangerous Function - [CWE-782](https://cwe.mitre.org/data/definitions/782.html): Exposed IOCTL with Insufficient Access Control -- [CWE-787](https://cwe.mitre.org/data/definitions/787.html): Out-of-bounds Write +- [CWE-787](https://cwe.mitre.org/data/definitions/787.html): Out-of-bounds Write (via emulation) Please note that some of the above analyses only are partially implemented at the moment. Furthermore, false positives are to be expected due to shortcuts and the nature of static analysis as well as over-approximation. @@ -49,14 +49,15 @@ There are several ways to install cwe_checker. The recommended way is to get cwe Another option is to pull the latest Docker container from [dockerhub](https://hub.docker.com/r/fkiecad/cwe_checker) (`docker pull fkiecad/cwe_checker`). If you plan to develop cwe_checker, it is recommended to build it using the provided `Makefile`. In this case you must ensure that all dependencies are fulfilled: -- Ocaml 4.05.0 -- Opam 2.0.2 -- dune >= 1.6 -- BAP 1.6 (and its dependencies) -- yojson >= 1.6.0 -- alcotest >= 0.8.3 -- Sark (latest) for IDA Pro annotations -- pytest >= 3.5.1 +- Ocaml 4.05.0 +- Opam 2.0.2 +- dune >= 1.6 +- BAP 1.6 (and its dependencies) +- yojson >= 1.6.0 +- alcotest >= 0.8.3 (for tests) +- Sark (latest) for IDA Pro annotations +- pytest >= 3.5.1 (for tests) +- SCons >= 3.0.5 (for tests) Just run `make all` to compile and register the plugin with BAP. You can run the test suite via `make test`. ## How to use cwe_checker? ## @@ -64,8 +65,12 @@ The usage is straight forward: adjust the `config.json` (if needed) and call BAP ``` bash bap PATH_TO_BINARY --pass=cwe-checker --cwe-checker-config=src/config.json ``` -For common use cases you can find some recipes in the recipes folder. These can be run with +The emulation checks can be run with the emulation recipe in the recipes folder. +``` bash +bap PATH_TO_BINARY --recipe=recipes/emulation ``` +For other common use cases you can find some recipes in the recipes folder. These can be run with +``` bash bap PATH_TO_BINARY --recipe=recipes/RECIPE_FOLDER_NAME ``` *cwe_checker* outputs to stdout. This output is parsable (sexep). There is a script `cwe_checker_to_ida` to visualize the results in IDA Pro. @@ -81,7 +86,7 @@ This project is partly financed by [German Federal Office for Information Securi A special thanks goes out to the BAP community (especially the official gitter) for answering questions and discussing solutions. ## License ``` - Copyright (C) 2018 - Fraunhofer FKIE (thomas.barabosch@fkie.fraunhofer.de) + Copyright (C) 2018 - Fraunhofer FKIE (firmware-security@fkie.fraunhofer.de) This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public diff --git a/cwe_checker.opam b/cwe_checker.opam index a787b160d..d261528f0 100644 --- a/cwe_checker.opam +++ b/cwe_checker.opam @@ -5,7 +5,7 @@ synopsis: "BAP plugin collection to detect common bug classes" description: """ cwe_checker is a suite of tools to detect common bug classes such as use of dangerous functions and simple integer overflows. These bug classes are formally known as Common Weakness Enumerations (CWEs). """ -maintainer: "CWE_checker Team " +maintainer: "CWE_checker Team " authors: [ "Thomas Barabosch " "Nils-Edvin Enkelmann " ] license: "LGPL-3.0" homepage: "https://github.com/fkie-cad/cwe_checker" @@ -19,7 +19,6 @@ depends: [ "alcotest" {>= "0.8.3"} "core_kernel" {>= "v0.11" & < "v0.12"} "ppx_jane" {>= "v0.11" & < "v0.12"} - "cwe_checker_core" {= "0.2"} ] depexts: [ "binutils" diff --git a/src/cwe_checker_core.opam b/src/cwe_checker_core.opam index 5cf37bfdd..7e81a5782 100644 --- a/src/cwe_checker_core.opam +++ b/src/cwe_checker_core.opam @@ -5,7 +5,7 @@ synopsis: "Core library for the cwe_checker package" description: """ Core library for the cwe_checker suite of tools. """ -maintainer: "CWE_checker Team " +maintainer: "CWE_checker Team " authors: [ "Thomas Barabosch " "Nils-Edvin Enkelmann " ] license: "LGPL-3.0" homepage: "https://github.com/fkie-cad/cwe_checker" diff --git a/test/unit/checkers/cwe_560_test.ml b/test/unit/checkers/cwe_560_test.ml index 43bb7dc5f..12b92feff 100644 --- a/test/unit/checkers/cwe_560_test.ml +++ b/test/unit/checkers/cwe_560_test.ml @@ -1,4 +1,3 @@ -open Bap.Std open Core_kernel open Cwe_checker_core diff --git a/test/unit/checkers/cwe_560_test.mli b/test/unit/checkers/cwe_560_test.mli index dca4bab74..b058e287f 100644 --- a/test/unit/checkers/cwe_560_test.mli +++ b/test/unit/checkers/cwe_560_test.mli @@ -1,4 +1,2 @@ -open Bap.Std -open Core_kernel val tests: unit Alcotest.test_case list