Buffer Error CWE-785 Not Generated

GaloisInc / BESSPIN-Tool-Suite

The core tool of the BESSPIN Framework.

Other

5 stars 2 forks source link

Buffer Error CWE-785 Not Generated #1240

Closed njshanahan closed 3 years ago

njshanahan commented 3 years ago

I recently noticed that CWE-785 is not consistently generated when testing buffer errors. Was this test removed?

rtadros125 commented 3 years ago

If you are doing either of the following:

Very low number of tests
FreeRTOS
baremetal compiling
custom clafer error model

Then you might not see any 785 tests. Which ones of these fit your experience so I can elaborate?

njshanahan commented 3 years ago

Ah, ok. I was using the bare metal compiler.

rtadros125 commented 3 years ago

CWe 785 is about path manipulation, and baremetal compilation does not support POSIX for obvious reasons, so we just disable that CWE in baremetal configurations because no paths standards apply. Does this make sense?

njshanahan commented 3 years ago

Yeah that makes sense. Thanks for clarifying!