Open StamesJames opened 11 months ago
fabianbs96
commented
11 months ago Hi @StamesJames, I could not reproduce your issue on my system. The analysis finishes very quickly, but does not find any vulnerabilities. I suppose, we are analyzing slightly different IR. Can you share the IR that you analyze?
StamesJames
commented
11 months ago those are the files I tried to analysis with
phasar-cli \ -m full.ll \ -D ifds-taint \ --analysis-config=analysis-config.json \ --entry-points _ZN20webbrowser_crate_vul4main17h90a227ee26bda623E
The full.ll I created by running llvm-link *.ll inside the build directory of my rust project. The webbrowser-full.ll was created by just linking the webbrowser-*.ll's
StamesJames
commented
11 months ago @fabianbs96 have you also set the entry-points for the analysis? Because when I don't do this my analysis also ends very quick but rust has some indirection in the main call and if the entry points aren't set to the real main function phasar doesn't analysis the program properly
fabianbs96
commented
11 months ago Hi @StamesJames, now I can reproduce your issue, thanks. I will debug it and see, what we can do
Bug description
I try to find a the unchecked passing of a path string in the rust webbrowser crate state here https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45299 for this I simply wrote the rust program
and tried to analysis this by ifds-taint with the following analysis-config.json
When I invoke a ifds-taint analysis with phasar-cli it seems to never stop runing
Steps to reproduce
maybe the mangled names for the main and the analysed functions differ when you compile it.
Actual result: The analysis seems to not finish
Expected result: the analysis should find, that the parameter that is passed to the webbrowser open function is given unchecked to the open_browser function
Context (Environment)
Operating System:
Build Type:
Example files
Files: webbrowser-crate-vul.zip