Closed njshanahan closed 3 years ago
Interesting; Thanks I want to say 4 things:
useSelfAssessment
ON, and fill the values in the corresponding ini file, and the tool will load these results instead of running the tests. Also, every time you run any class, an .ini
file gets generated in workDir/cwesEvaluation/vulClass
so you can copy/paste into your configSecurity .ini
if you prefer to.kern.log
is not found. This is a bug. I will open a PR to fix this soon (and the score will be thus HIGH
). [Opened #1107]rsyslog
as @podhrmic has asked, it did. My suggestion would be, for LMCO to score NONE
on that test as it should: please build two debian images, one with rsyslog
and one without
. Add them to the same directory (or send them to me), will name them debian.elf
and debian_noRsyslog.elf
. When you do so, I will modify the cyberphys default config to use a custom OS Image, and adjust the path to debian_noRsyslog.elf
.Please lmk if something is unclear or if you suggest an alternative courses of action.
The small fix is merged. Won't close this ticket till we have the two debian binaries.
I uploaded the two Debian images in GitLab issue 79114.
I uploaded the two Debian images in GitLab issue 79114.
We need to think about a better way to transfer binaries in the future. We don't want to exceed our git limits and such, especially that keeping them there is not needed. Let's discuss this when we need some files in the future.
I created a configuration that excluded PPAC from
vulClasses
because PPAC-3 produces a CALL-ERR score. This prevented thecomputeBesspinScale
score from being calculated. The error messages are below.With PPAC included.
Without PPAC included.
I imagine correcting the PPAC-3 CALL-ERR will resolve the issue. The log file is attached below.
test_PPAC_3.log