search

fkie-cad / cwe_checker

cwe_checker finds vulnerable patterns in binary executables
https://docs.cwe-checker.io
GNU Lesser General Public License v3.0
1.13k stars 118 forks source link

Binary Ninja Plugin #436

Closed Exiled1 closed 10 months ago

Exiled1 commented 10 months ago

Hello! I just wanted to ask if it would be too much trouble to add cwe checker as a binary ninja plugin similar to the IDA plugin?

It's starting to become a pretty popular reverse engineering tool and it has pretty great python support so it has some pretty good potential.

Enkelmann commented 10 months ago

Creation of a binary ninja plugin should be pretty simple if one uses the --json command line flag of the cwe_checker (together with either --quiet or --out) to get JSON-formatted CWE warnings. You can probably implement it yourself in a few lines of code if you want to.

The problem for me right now is to offer continuous support for such a plugin, including troubleshooting and updating it on breaking changes in the cwe_checker. The same problem applies to the IDA Pro plugin, which I currently cannot even test properly. If in the future the project gets some more developers behind it we will write such a plugin, but right now I have to decline for the sake of limiting the maintenance workload for the project.

Closing the issue for now. But if you want to write your own binary ninja plugin, feel free to ask me questions here.