Analysis Checkers not Exposed or Missing - Githubissues

KeenSecurityLab / BinAbsInspector

BinAbsInspector: Vulnerability Scanner for Binaries

GNU General Public License v3.0

1.58k stars 231 forks source link

Analysis Checkers not Exposed or Missing #42

Closed SaifRushdHadad closed 2 years ago

SaifRushdHadad commented 2 years ago

Hello,

Many checks are not implemented or available for the plugin (via -all or --check <>).

available: 78,134,190,367,427,467,676.
not available: 119,125,415,416,426,476,787

The checker manager map has a 1:1 mapping of half of the supported checks listed on the README. https://github.com/KeenSecurityLab/BinAbsInspector/blob/main/src/main/java/com/bai/checkers/CheckerManager.java#L10-L20

There seems to be a lot of checks that are in the MemoryCorruption bit that are tested but not exposed to the end user. https://github.com/KeenSecurityLab/BinAbsInspector/tree/main/src/main/java/com/bai/checkers https://github.com/KeenSecurityLab/BinAbsInspector/blob/main/src/main/java/com/bai/checkers/MemoryCorruption.java

MatthewShao commented 2 years ago

Yes, we have two types of checkers:

78,134,190,367,427,467,676: these are offline checkers, which can be run when the analysis is finished.
119,125,415,416,426,476,787: these are online checkers, which will run on-the-fly.

For the online checkers, we do not have a configuration parameter to turn it on/off, so these checkers will be run by default.

SaifRushdHadad commented 2 years ago

Thank you much for clarifying!