Open david-a-wheeler opened 2 years ago
Related in terms of ensuring complete project-wide analysis: https://github.com/ossf/fuzz-introspector/issues/6
One more thing I wanted to add relative to the idea of gathering data and offering analyses in contrast to being opinionated is that fuzz-introspector is likely to have several types of users who want to have different types of context presented. Specifically, fuzz-introspector will be used by: 1) Security researchers -- who know a lot about security but less about the target code they analyse 2) Developers -- who know less about security but a lot about the target code they analyse
The specific data each of these types of users want is different as they likely face different types of issues when fuzzing the same piece of software.
Add an option for a more complete option that does not omit many functions.
The resolution of https://github.com/ossf/fuzz-introspector/issues/107 as implemented in https://github.com/ossf/fuzz-introspector/pull/115 is to "cut off [various] functions early in the LLVM plugin so they never enter the analysis." This makes the default more likely to find "interesting" results, but it means that some vulnerabilities cannot be found.
DavidKorczynski commented that:
I don't want that important thought lost, so I'm adding this as an issue. Thanks!