Closed StamesJames closed 11 months ago
Hi @StamesJames, thanks for reporting this issue. Reproducing it on my system I found errors both in PhASAR and in your use of PhASAR:
{
"name": "simple sql injection",
"version": 1,
"functions": [
{
"name": "source",
"ret": "source",
"params": {
}
},
{
"name": "sink",
"params": {
"sink": [0]
}
},
{
"name": "sanitize",
"ret": "sanitizer"
}
],
"variables": []
}
main
function and the source-code main
(_ZN4main4main17h06bd8598508590c8E
). Specially, PhASAR's call-graph resolver currently cannot infer that _ZN3std2rt19lang_start_internal17h2ba92edce36c035eE
indeed calls the main function.
As a workaround, you can use the --entry-points
CLI flag to tell phasar-cli
to start at _ZN4main4main17h06bd8598508590c8E
instead.Does this help with your issue?
Hi @fabianbs96,
thanks a lot. Now it works to find the leak and I understand way better how to use PhASAR. I will try more complex examples next. I tried to change the function definitions to:
declare external i32 @source()
declare external i32 @sink(i32 %source)
declare external i32 @sanitize(i32 %source)
and it correctly detected just the one leak. Do I understand your third point right, that once the the f-FixTaintAnalysis branch is merged it also should work with the function definitions?
Do I understand your third point right, that once the the f-FixTaintAnalysis branch is merged it also should work with the function definitions?
Yes, exactly
Hi @StamesJames, can we assume this issue to be resolved?
Hi @MMory yes sorry. I'm not sure about the procedure. Should I close the issues I opened when I think the question is answered? Sorry this is the first issue I contributed to someones github repo
Hi @StamesJames, I'm gonna close this issue now. Feel free to close your own issues when you consider them resolved :)
Bug description
I try to use phasar to check LLVM code generated with rust. For this I wrote some simple test programs (https://github.com/sse-labs/PhASARust) but I haven't managed to analyze them properly. I use rustc versions smaller 1.61.0 because they uses LLVM version lower or equal to 14.0.0. The phasar ifds-solvertest accepts the generated LLVM code. I tried to find a leak in the following rust code:
In my understanding this should be a Leak because the variable unsanitized get's into the sink function without passing through the sanitize function first. I use the following analysis-config.json
And the following compiler-flags for rust:
The main function (without the print statement) in LLVM looks like this:
Rust generates bloated LLVM code so I posted only the main function without the print statement.
I attache all relevant files below.
Steps to reproduce
Actual result: phasar doesn't find the leak
Expected result: phasar should find a leak
Context (Environment)
Operating System:
Build Type:
Example files
Files: examplefiles.zip