search

tum-i4 / macke-vulnerability-assessment

1 stars 1 forks source link

Counting n_bugs incorrectly? #2

Closed saahil closed 6 years ago

saahil commented 7 years ago

macke_attibutes might be counting the number of bugs in a function incorrectly.

Currently, the counter is only increased if the vulnerability is discovered in phase 1. But what if the vulnerability is only discovered in phase 2?

This cannot be done without first checking -

  1. If this is phase 1 -
    • Then add to the number_of_bugs_found anyway.
  2. If this is phase 2 -
    • If no phase 1 bugs are added for caller, then add to number_of_bugs_found for caller.
    • If a phase 1 bug is already added for caller and this is the first phase 2 bug for caller, then don't add anything.
    • If a phase 1 bug is already added for caller and this is not the first phase 2 bug for caller, then add to number_of_bugs_found for caller.

Ps: This is also not perfect. E.g., what if the bug found in phase 1 is not the same as the one found in phase 2? This cannot be resolved without first finding the callee for function in phase 1. The above checks break if no callee exists in phase 1.

saahil commented 6 years ago

Fixed in commit 60f6673f800d15b59c9b5ea3bacbc7179e61917e