Option to enable CWE78 scan #460
Comments
|
Well, we disabled the CWE-78 check on a standard run for a reason: It was leading to runtime explosion on a lot of binaries when enabled. Since then a lot has changed and we probably need to re-evaluate how the check is performing right now, but these problems probably still exist. If you want to use the check then my recommendation would be to run the cwe_checker twice: First with a standard run and then only with the CWE-78 check enabled. This way you quickly see if the CWE-78 check does run into runtime problems for your binary. In general we disable checks for the standard run only if we think they are too unstable to be used regularly. And that is also the reason why we do not want to provide a simple shortcut to running these checks along all other checks. |
Thing is, I'm using cwe_checker in FACT |
|
FACT aborts the cwe_checker when a timeout is reached. And if that happens you do not get any results for any of the cwe_checker checks for the corresponding binary. So enabling the CWE-78 check for standard runs there is also a bad idea. You could duplicate the cwe_checker plugin for FACT and just change the command line parameters for the duplicated plugin if you want to use my solution of running the cwe_checker twice for each binary. Alternatively, you could wait until we overhaul the CWE-78 check (although I cannot say when this will happen). |
Ok, I did that. Thanks for the input! |
Hello,
I'd like to scan for everything that is supported, including CWE78, but I should specify all the supported CWEs with -p .
Is it possible to add options like -pp (?) to specify checks to be enabled? Or something similar?
Thank you!
The text was updated successfully, but these errors were encountered: