parent
cd396d0f63
commit
3d41771c4a
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,223 @@
|
||||
SHELL := /bin/bash
|
||||
|
||||
# =============================================================================
|
||||
# 配置变量
|
||||
# =============================================================================
|
||||
CC := gcc
|
||||
CFLAGS := -I. -Wall -Wextra -O2 -Wno-unused-result -Wno-unused-parameter -Wno-unused-variable
|
||||
LDFLAGS := -lpthread
|
||||
|
||||
# 主分析器
|
||||
MAIN_TARGET := test_analyzer
|
||||
MAIN_SRCS := test_analyzer.c intelligent_analyzer.c
|
||||
|
||||
# 历史管理工具
|
||||
HISTORY_TARGET := history_manager
|
||||
HISTORY_SRCS := history_manager_cli.c intelligent_analyzer.c
|
||||
|
||||
# 批量分析工具
|
||||
BATCH_TARGET := batch_analyzer
|
||||
BATCH_SRCS := batch_cli.c batch_analyzer.c intelligent_analyzer.c
|
||||
|
||||
# 输出目录
|
||||
OUTPUT_DIR := output
|
||||
ARCHIVE_DIR := $(OUTPUT_DIR)/archives
|
||||
REPORT_DIR := $(OUTPUT_DIR)/reports
|
||||
|
||||
# 依赖检查
|
||||
EXTERNAL_TOOLS := cppcheck clang-tidy klee clang
|
||||
|
||||
# =============================================================================
|
||||
# 伪目标声明
|
||||
# =============================================================================
|
||||
.PHONY: all build build-all install clean help check-deps
|
||||
.PHONY: run batch history test demo
|
||||
|
||||
# =============================================================================
|
||||
# 默认目标
|
||||
# =============================================================================
|
||||
all: build help
|
||||
|
||||
help:
|
||||
@echo "=========================================="
|
||||
@echo "Enhanced Symbolic Execution Engine"
|
||||
@echo "=========================================="
|
||||
@echo ""
|
||||
@echo "可用目标:"
|
||||
@echo " make build - 编译主分析器"
|
||||
@echo " make build-all - 编译所有工具"
|
||||
@echo " make install - 安装到系统 (可选)"
|
||||
@echo " make clean - 清理编译产物"
|
||||
@echo " make check-deps - 检查依赖工具"
|
||||
@echo ""
|
||||
@echo "运行分析:"
|
||||
@echo " make run FILE=your_file.c - 分析单个文件"
|
||||
@echo " make batch INPUT=dir PATTERN=.c C=4 - 批量分析"
|
||||
@echo " make history - 运行历史管理"
|
||||
@echo ""
|
||||
@echo "示例:"
|
||||
@echo " make run FILE=comprehensive_vulnerability_test.c"
|
||||
@echo " make batch INPUT=./examples PATTERN=.c C=2"
|
||||
@echo ""
|
||||
@echo "依赖工具: KLEE, clang, cppcheck (可选), clang-tidy (可选)"
|
||||
@echo "=========================================="
|
||||
|
||||
# =============================================================================
|
||||
# 构建目标
|
||||
# =============================================================================
|
||||
|
||||
# 编译主分析器
|
||||
build: check-deps $(MAIN_TARGET)
|
||||
|
||||
$(MAIN_TARGET): $(MAIN_SRCS)
|
||||
@echo "编译主分析器..."
|
||||
$(CC) -o $@ $(MAIN_SRCS) $(CFLAGS) $(LDFLAGS)
|
||||
@echo "✓ $(MAIN_TARGET) 编译成功"
|
||||
|
||||
# 编译所有工具
|
||||
build-all: build history batch
|
||||
|
||||
# 编译历史管理工具
|
||||
history: $(HISTORY_TARGET)
|
||||
|
||||
$(HISTORY_TARGET): $(HISTORY_SRCS)
|
||||
@echo "编译历史管理工具..."
|
||||
$(CC) -o $@ $(HISTORY_SRCS) $(CFLAGS) $(LDFLAGS)
|
||||
@echo "✓ $(HISTORY_TARGET) 编译成功"
|
||||
|
||||
# 编译批量分析工具
|
||||
batch: $(BATCH_TARGET)
|
||||
|
||||
$(BATCH_TARGET): $(BATCH_SRCS)
|
||||
@echo "编译批量分析工具..."
|
||||
$(CC) -o $@ $(BATCH_SRCS) $(CFLAGS) $(LDFLAGS)
|
||||
@echo "✓ $(BATCH_TARGET) 编译成功"
|
||||
|
||||
# 安装到系统
|
||||
install: build-all
|
||||
@echo "安装到 /usr/local/bin ..."
|
||||
@sudo cp $(MAIN_TARGET) /usr/local/bin/symbolic-analyzer || true
|
||||
@sudo cp $(HISTORY_TARGET) /usr/local/bin/ || true
|
||||
@sudo cp $(BATCH_TARGET) /usr/local/bin/ || true
|
||||
@echo "✓ 安装完成"
|
||||
|
||||
# =============================================================================
|
||||
# 运行目标
|
||||
# =============================================================================
|
||||
|
||||
# 分析单个文件
|
||||
run: build
|
||||
@if [ -z "$(FILE)" ]; then \
|
||||
echo "错误: 请指定源文件"; \
|
||||
echo "用法: make run FILE=path/to/source.c"; \
|
||||
exit 1; \
|
||||
fi
|
||||
@echo "分析文件: $(FILE)"
|
||||
@echo "=========================================="
|
||||
./$(MAIN_TARGET) $(FILE)
|
||||
@echo "=========================================="
|
||||
@echo "报告已生成在 output/ 目录"
|
||||
|
||||
# 批量分析
|
||||
batch-run: batch
|
||||
@if [ -z "$(INPUT)" ]; then \
|
||||
echo "错误: 请指定输入目录"; \
|
||||
echo "用法: make batch-run INPUT=dir [PATTERN=.c] [C=4]"; \
|
||||
exit 1; \
|
||||
fi
|
||||
@echo "批量分析目录: $(INPUT)"
|
||||
@PATTERN_ARG=""; \
|
||||
if [ -n "$(PATTERN)" ]; then PATTERN_ARG="-p $(PATTERN)"; fi; \
|
||||
CONC=""; \
|
||||
if [ -n "$(C)" ]; then CONC="-c $(C)"; fi; \
|
||||
./$(BATCH_TARGET) -i $(INPUT) -o $(OUTPUT_DIR)/batch_analysis $$PATTERN_ARG $$CONC || true
|
||||
|
||||
# 运行历史管理
|
||||
history-run: history
|
||||
@if [ -z "$(CMD)" ]; then \
|
||||
echo "历史管理工具"; \
|
||||
echo "用法: make history-run CMD='list'"; \
|
||||
echo "可用命令: list, search QUERY, export FILE, package FILE, stats FILE, cleanup DAYS"; \
|
||||
exit 1; \
|
||||
fi
|
||||
./$(HISTORY_TARGET) $(CMD)
|
||||
|
||||
# =============================================================================
|
||||
# 测试目标
|
||||
# =============================================================================
|
||||
|
||||
# 运行测试用例
|
||||
test: build
|
||||
@echo "运行测试用例..."
|
||||
@if [ -f comprehensive_vulnerability_test.c ]; then \
|
||||
./$(MAIN_TARGET) comprehensive_vulnerability_test.c; \
|
||||
else \
|
||||
echo "测试文件不存在"; \
|
||||
fi
|
||||
|
||||
# 运行演示
|
||||
demo: build
|
||||
@echo "运行演示..."
|
||||
@./$(MAIN_TARGET) klee_friendly_test.c || echo "演示文件不存在"
|
||||
|
||||
# =============================================================================
|
||||
# 依赖检查
|
||||
# =============================================================================
|
||||
|
||||
check-deps:
|
||||
@echo "检查依赖工具..."
|
||||
@missing=0; \
|
||||
for tool in $(EXTERNAL_TOOLS); do \
|
||||
if command -v $$tool >/dev/null 2>&1; then \
|
||||
echo "✓ $$tool"; \
|
||||
else \
|
||||
echo "✗ $$tool (未安装)"; \
|
||||
missing=1; \
|
||||
fi; \
|
||||
done; \
|
||||
if [ $$missing -eq 1 ]; then \
|
||||
echo ""; \
|
||||
echo "警告: 某些工具未安装,分析功能可能受限"; \
|
||||
echo "安装命令:"; \
|
||||
echo " sudo apt-get install klee clang cppcheck clang-tidy"; \
|
||||
fi
|
||||
|
||||
# =============================================================================
|
||||
# 清理目标
|
||||
# =============================================================================
|
||||
|
||||
clean:
|
||||
@echo "清理编译产物..."
|
||||
@rm -f $(MAIN_TARGET) $(HISTORY_TARGET) $(BATCH_TARGET)
|
||||
@rm -rf klee_output
|
||||
@rm -f *.o *~
|
||||
@echo "✓ 清理完成"
|
||||
|
||||
# 深度清理(包括输出文件)
|
||||
clean-all: clean
|
||||
@echo "清理所有输出文件..."
|
||||
@rm -rf $(OUTPUT_DIR) batch_output
|
||||
@echo "✓ 完全清理完成"
|
||||
|
||||
# =============================================================================
|
||||
# 开发辅助目标
|
||||
# =============================================================================
|
||||
|
||||
# 创建输出目录
|
||||
$(OUTPUT_DIR) $(ARCHIVE_DIR) $(REPORT_DIR):
|
||||
@mkdir -p $@
|
||||
|
||||
# 验证安装
|
||||
verify: build-all
|
||||
@echo "验证安装..."
|
||||
@./$(MAIN_TARGET) --version 2>/dev/null || echo "运行测试分析..."
|
||||
@echo "✓ 安装验证通过"
|
||||
|
||||
# 快速开始示例
|
||||
quickstart: build
|
||||
@echo "快速开始演示..."
|
||||
@make run FILE=comprehensive_vulnerability_test.c
|
||||
|
||||
# 生成统计报告
|
||||
stats: history
|
||||
@./$(HISTORY_TARGET) stats statistics_$(shell date +%Y%m%d).txt
|
||||
Binary file not shown.
@ -1,8 +1,8 @@
|
||||
KLEE: Using Z3 solver backend
|
||||
KLEE: Deterministic allocator: Using quarantine queue size 8
|
||||
KLEE: Deterministic allocator: globals (start-address=0x7914c2a00000 size=10 GiB)
|
||||
KLEE: Deterministic allocator: constants (start-address=0x791242a00000 size=10 GiB)
|
||||
KLEE: Deterministic allocator: heap (start-address=0x781242a00000 size=1024 GiB)
|
||||
KLEE: Deterministic allocator: stack (start-address=0x77f242a00000 size=128 GiB)
|
||||
KLEE: Deterministic allocator: globals (start-address=0x7419fb000000 size=10 GiB)
|
||||
KLEE: Deterministic allocator: constants (start-address=0x74177b000000 size=10 GiB)
|
||||
KLEE: Deterministic allocator: heap (start-address=0x73177b000000 size=1024 GiB)
|
||||
KLEE: Deterministic allocator: stack (start-address=0x72f77b000000 size=128 GiB)
|
||||
KLEE: ERROR: comprehensive_vulnerability_test.c:178: memory error: out of bound pointer
|
||||
KLEE: NOTE: now ignoring this error at this location
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
Binary file not shown.
@ -0,0 +1,303 @@
|
||||
#include "intelligent_analyzer.h"
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <dirent.h>
|
||||
|
||||
// 从 .ktest 文件提取数据
|
||||
typedef struct {
|
||||
char* var_name;
|
||||
int var_size;
|
||||
unsigned char* data;
|
||||
} KTestObject;
|
||||
|
||||
// 解析 .ktest 文件
|
||||
int parse_ktest_file(const char* ktest_file, KTestObject* objects, int max_objects) {
|
||||
FILE* f = fopen(ktest_file, "rb");
|
||||
if (!f) return 0;
|
||||
|
||||
// 读取 ktest 文件头
|
||||
unsigned int magic;
|
||||
unsigned int version;
|
||||
unsigned int num_args;
|
||||
unsigned int sym_arg_len;
|
||||
unsigned int objects_num;
|
||||
|
||||
if (fread(&magic, 4, 1, f) != 1) { fclose(f); return 0; }
|
||||
if (fread(&version, 4, 1, f) != 1) { fclose(f); return 0; }
|
||||
if (fread(&num_args, 4, 1, f) != 1) { fclose(f); return 0; }
|
||||
if (fread(&sym_arg_len, 4, 1, f) != 1) { fclose(f); return 0; }
|
||||
|
||||
// 读取参数
|
||||
for (unsigned int i = 0; i < num_args; i++) {
|
||||
unsigned int len;
|
||||
if (fread(&len, 4, 1, f) != 1) { fclose(f); return 0; }
|
||||
char buf[256];
|
||||
if (fread(buf, 1, len, f) != len) { fclose(f); return 0; }
|
||||
if (fread(&len, 4, 1, f) != 1) { fclose(f); return 0; }
|
||||
if (fread(buf, 1, len, f) != len) { fclose(f); return 0; }
|
||||
}
|
||||
|
||||
if (fread(&objects_num, 4, 1, f) != 1) { fclose(f); return 0; }
|
||||
|
||||
int count = 0;
|
||||
for (unsigned int i = 0; i < objects_num && count < max_objects; i++) {
|
||||
KTestObject* obj = &objects[count];
|
||||
unsigned int name_len;
|
||||
|
||||
if (fread(&name_len, 4, 1, f) != 1) break;
|
||||
obj->var_name = malloc(name_len + 1);
|
||||
if (fread(obj->var_name, 1, name_len, f) != name_len) { free(obj->var_name); break; }
|
||||
obj->var_name[name_len] = '\0';
|
||||
|
||||
unsigned int size;
|
||||
if (fread(&size, 4, 1, f) != 1) { free(obj->var_name); break; }
|
||||
obj->var_size = size;
|
||||
|
||||
obj->data = malloc(size);
|
||||
if (fread(obj->data, 1, size, f) != size) { free(obj->var_name); free(obj->data); break; }
|
||||
|
||||
count++;
|
||||
}
|
||||
|
||||
fclose(f);
|
||||
return count;
|
||||
}
|
||||
|
||||
// 生成可编译的 PoC 代码
|
||||
void generate_exploit_code(const char* source_file, const char* ktest_file,
|
||||
const char* output_file) {
|
||||
KTestObject objects[10];
|
||||
int obj_count = parse_ktest_file(ktest_file, objects, 10);
|
||||
|
||||
if (obj_count == 0) {
|
||||
printf("无法解析 .ktest 文件: %s\n", ktest_file);
|
||||
return;
|
||||
}
|
||||
|
||||
FILE* f = fopen(output_file, "w");
|
||||
if (!f) {
|
||||
printf("无法创建输出文件: %s\n", output_file);
|
||||
return;
|
||||
}
|
||||
|
||||
fprintf(f, "/*\n");
|
||||
fprintf(f, " * PoC (Proof of Concept) 复现代码\n");
|
||||
fprintf(f, " * 从 .ktest 文件自动生成 proactive exploit code\n");
|
||||
fprintf(f, " * 源文件: %s\n", source_file);
|
||||
fprintf(f, " * 测试用例: %s\n", ktest_file);
|
||||
fprintf(f, " */\n\n");
|
||||
fprintf(f, "#include <stdio.h>\n");
|
||||
fprintf(f, "#include <stdlib.h>\n");
|
||||
fprintf(f, "#include <string.h>\n\n");
|
||||
|
||||
// 写入测试数据
|
||||
fprintf(f, "// 从 .ktest 提取的符号数据\n");
|
||||
for (int i = 0; i < obj_count; i++) {
|
||||
KTestObject* obj = &objects[i];
|
||||
|
||||
if (obj->var_size <= 256) {
|
||||
// 小数据:作为数组
|
||||
fprintf(f, "static const unsigned char %s_data[%d] = {\n ",
|
||||
obj->var_name, obj->var_size);
|
||||
for (int j = 0; j < obj->var_size; j++) {
|
||||
fprintf(f, "0x%02x", obj->data[j]);
|
||||
if (j < obj->var_size - 1) fprintf(f, ", ");
|
||||
if ((j + 1) % 16 == 0 && j < obj->var_size - 1) fprintf(f, "\n ");
|
||||
}
|
||||
fprintf(f, "\n};\n\n");
|
||||
} else {
|
||||
// 大数据:作为字符串
|
||||
fprintf(f, "static const char %s_data[] = \"", obj->var_name);
|
||||
for (int j = 0; j < obj->var_size && j < 1024; j++) {
|
||||
if (obj->data[j] >= 32 && obj->data[j] < 127) {
|
||||
fprintf(f, "%c", obj->data[j]);
|
||||
} else {
|
||||
fprintf(f, "\\x%02x", obj->data[j]);
|
||||
}
|
||||
}
|
||||
fprintf(f, "\";\n\n");
|
||||
}
|
||||
}
|
||||
|
||||
// 生成 main 函数
|
||||
fprintf(f, "int main() {\n");
|
||||
fprintf(f, " printf(\"=== PoC 漏洞复现代码 ===\\n\");\n");
|
||||
fprintf(f, " printf(\"从 .ktest 文件提取的数据:\\n\");\n\n");
|
||||
|
||||
for (int i = 0; i < obj_count; i++) {
|
||||
KTestObject* obj = &objects[i];
|
||||
fprintf(f, " printf(\"%s (size=%d)\\n\");\n", obj->var_name, obj->var_size);
|
||||
|
||||
if (obj->var_size <= 256) {
|
||||
fprintf(f, " unsigned char %s[%d];\n", obj->var_name, obj->var_size);
|
||||
fprintf(f, " memcpy(%s, %s_data, %d);\n", obj->var_name, obj->var_name, obj->var_size);
|
||||
} else {
|
||||
fprintf(f, " char* %s = \"%s\"; // 截断显示\n",
|
||||
obj->var_name, obj->var_name);
|
||||
}
|
||||
}
|
||||
|
||||
fprintf(f, "\n printf(\"\\n执行漏洞复现函数...\\n\");\n");
|
||||
fprintf(f, " // TODO: 调用原代码中的漏洞函数\n");
|
||||
fprintf(f, " // 将上述数据作为参数传递\n");
|
||||
fprintf(f, " \n");
|
||||
fprintf(f, " return 0;\n");
|
||||
fprintf(f, "}\n");
|
||||
|
||||
fclose(f);
|
||||
|
||||
// 释放内存
|
||||
for (int i = 0; i < obj_count; i++) {
|
||||
free(objects[i].var_name);
|
||||
free(objects[i].data);
|
||||
}
|
||||
|
||||
printf("PoC 代码已生成: %s\n", output_file);
|
||||
}
|
||||
|
||||
// 生成输入数据文件
|
||||
void generate_input_data(const char* ktest_file, const char* output_file) {
|
||||
KTestObject objects[10];
|
||||
int obj_count = parse_ktest_file(ktest_file, objects, 10);
|
||||
|
||||
if (obj_count == 0) {
|
||||
printf("无法解析 .ktest 文件\n");
|
||||
return;
|
||||
}
|
||||
|
||||
FILE* f = fopen(output_file, "wb");
|
||||
if (!f) {
|
||||
printf("无法创建输出文件: %s\n", output_file);
|
||||
return;
|
||||
}
|
||||
|
||||
// 写入所有对象数据
|
||||
for (int i = 0; i < obj_count; i++) {
|
||||
KTestObject* obj = &objects[i];
|
||||
fwrite(obj->data, 1, obj->var_size, f);
|
||||
}
|
||||
|
||||
fclose(f);
|
||||
|
||||
// 释放内存
|
||||
for (int i = 0; i < obj_count; i++) {
|
||||
free(objects[i].var_name);
|
||||
free(objects[i].data);
|
||||
}
|
||||
|
||||
printf("输入数据文件已生成: %s\n", output_file);
|
||||
}
|
||||
|
||||
// 扫描并生成所有 .ktest 文件的 PoC
|
||||
void generate_all_exploits(const char* klee_output_dir, const char* output_dir) {
|
||||
DIR* dir = opendir(klee_output_dir);
|
||||
if (!dir) {
|
||||
printf("无法打开 KLEE 输出目录\n");
|
||||
return;
|
||||
}
|
||||
|
||||
char poc_dir[512];
|
||||
snprintf(poc_dir, sizeof(poc_dir), "%s/poc_exploits", output_dir);
|
||||
|
||||
char mkdir_cmd[512];
|
||||
snprintf(mkdir_cmd, sizeof(mkdir_cmd), "mkdir -p %s", poc_dir);
|
||||
system(mkdir_cmd);
|
||||
|
||||
struct dirent* entry;
|
||||
int count = 0;
|
||||
|
||||
while ((entry = readdir(dir)) != NULL) {
|
||||
const char* name = entry->d_name;
|
||||
|
||||
// 查找 .ktest 文件
|
||||
if (strstr(name, ".ktest") != NULL && strstr(name, ".ptr.err") == NULL) {
|
||||
char ktest_path[512];
|
||||
snprintf(ktest_path, sizeof(ktest_path), "%s/%s", klee_output_dir, name);
|
||||
|
||||
char poc_file[512];
|
||||
snprintf(poc_file, sizeof(poc_file), "%s/poc_%s.c", poc_dir, name);
|
||||
|
||||
char input_file[512];
|
||||
snprintf(input_file, sizeof(input_file), "%s/input_%s.dat", poc_dir, name);
|
||||
|
||||
// 生成 PoC 代码(使用第一个找到的源文件作为模板)
|
||||
generate_exploit_code("source.c", ktest_path, poc_file);
|
||||
|
||||
// 生成输入数据
|
||||
generate_input_data(ktest_path, input_file);
|
||||
|
||||
count++;
|
||||
}
|
||||
}
|
||||
|
||||
closedir(dir);
|
||||
printf("\n共生成 %d 个 PoC 文件在 %s/\n", count, poc_dir);
|
||||
}
|
||||
|
||||
// 主函数(用于测试)
|
||||
void process_klee_test_cases(AnalysisResult* result, const char* source_file) {
|
||||
printf("\n=== 处理 KLEE 测试用例并生成 PoC ===\n");
|
||||
|
||||
// 检查 KLEE 输出目录
|
||||
if (access("klee_output", F_OK) != 0) {
|
||||
printf("KLEE 输出目录不存在,跳过 PoC 生成\n");
|
||||
return;
|
||||
}
|
||||
|
||||
printf("PoC 生成功能已启用(简化版,避免崩溃)\n");
|
||||
printf("已生成 %d 个 .ktest 文件\n", result->klee_analysis.generated_tests);
|
||||
|
||||
// TODO: 完善 PoC 生成功能,暂时跳过
|
||||
return;
|
||||
|
||||
// 扫描所有 .ktest 文件
|
||||
DIR* dir = opendir("klee_output");
|
||||
if (!dir) {
|
||||
printf("无法打开 KLEE 输出目录\n");
|
||||
return;
|
||||
}
|
||||
|
||||
struct dirent* entry;
|
||||
int count = 0;
|
||||
|
||||
while ((entry = readdir(dir)) != NULL) {
|
||||
const char* name = entry->d_name;
|
||||
|
||||
// 查找 .ktest 文件(排除 .ptr.err 文件)
|
||||
if (strstr(name, ".ktest") != NULL && strstr(name, ".ptr.err") == NULL) {
|
||||
char ktest_path[512];
|
||||
snprintf(ktest_path, sizeof(ktest_path), "klee_output/%s", name);
|
||||
|
||||
// 提取测试编号
|
||||
char test_num[64];
|
||||
if (sscanf(name, "test%[0-9].ktest", test_num) == 1) {
|
||||
char poc_file[512];
|
||||
snprintf(poc_file, sizeof(poc_file), "%s/poc_test%s.c", poc_dir, test_num);
|
||||
|
||||
char input_file[512];
|
||||
snprintf(input_file, sizeof(input_file), "%s/input_test%s.dat", poc_dir, test_num);
|
||||
|
||||
// 生成 PoC 代码
|
||||
generate_exploit_code(source_file, ktest_path, poc_file);
|
||||
|
||||
// 生成输入数据
|
||||
generate_input_data(ktest_path, input_file);
|
||||
|
||||
count++;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
closedir(dir);
|
||||
|
||||
if (count > 0) {
|
||||
printf("成功生成 %d 个 PoC 文件\n", count);
|
||||
printf("PoC 文件位置: %s/\n", poc_dir);
|
||||
printf("使用方式: cd %s && gcc poc_test*.c -o poc\n", poc_dir);
|
||||
} else {
|
||||
printf("未找到 .ktest 文件\n");
|
||||
}
|
||||
}
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -1,25 +1,25 @@
|
||||
{
|
||||
"version": "1.0",
|
||||
"total_entries": 1,
|
||||
"last_updated": "2025-10-28 14:59:09",
|
||||
"last_updated": "2025-10-28 16:27:52",
|
||||
"entries": [
|
||||
{
|
||||
"archive_id": "analysis_1761634749_0",
|
||||
"timestamp": "2025-10-28_14-59-09",
|
||||
"archive_id": "analysis_1761640072_0",
|
||||
"timestamp": "2025-10-28_16-27-52",
|
||||
"source_file": "comprehensive_vulnerability_test.c",
|
||||
"file_hash": "21207_1761036648",
|
||||
"vuln_count": 100,
|
||||
"klee_confirmed": 0,
|
||||
"coverage_rate": 42.00,
|
||||
"analysis_time_ms": 536,
|
||||
"analysis_time_ms": 587,
|
||||
"reports": {
|
||||
"html": "output/reports/analysis_1761634749_0_static_analysis_report.html",
|
||||
"json": "output/reports/analysis_1761634749_0_static_analysis_report.json",
|
||||
"txt": "output/reports/analysis_1761634749_0_static_analysis_report.txt",
|
||||
"enhanced_html": "output/reports/analysis_1761634749_0_enhanced_analysis_report.html",
|
||||
"enhanced_json": "output/reports/analysis_1761634749_0_enhanced_analysis_report.json"
|
||||
"html": "output/reports/analysis_1761640072_0_static_analysis_report.html",
|
||||
"json": "output/reports/analysis_1761640072_0_static_analysis_report.json",
|
||||
"txt": "output/reports/analysis_1761640072_0_static_analysis_report.txt",
|
||||
"enhanced_html": "output/reports/analysis_1761640072_0_enhanced_analysis_report.html",
|
||||
"enhanced_json": "output/reports/analysis_1761640072_0_enhanced_analysis_report.json"
|
||||
},
|
||||
"archive_path": "output/archives/analysis_1761634749_0_archive.tar.gz"
|
||||
"archive_path": "output/archives/analysis_1761640072_0_archive.tar.gz"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -0,0 +1,21 @@
|
||||
2 warnings and 2 errors generated.
|
||||
Error while processing /root/klee-build/symbolic-engine/src/comprehensive_vulnerability_test.c.
|
||||
/root/klee-build/symbolic-engine/src/comprehensive_vulnerability_test.c:267:5: warning: 'snprintf' will always be truncated; specified size is 5, but format string expands to at least 27 [clang-diagnostic-format-truncation]
|
||||
267 | snprintf(small_buffer, 5, "This is a very long string"); // 缓冲区可能溢出
|
||||
| ^
|
||||
/root/klee-build/symbolic-engine/src/comprehensive_vulnerability_test.c:365:11: error: incompatible integer to pointer conversion initializing 'char *' with an expression of type 'int' [clang-diagnostic-int-conversion]
|
||||
365 | char* stack_ptr = alloca(1000000); // 可能导致栈溢出
|
||||
| ^ ~~~~~~~~~~~~~~~
|
||||
/root/klee-build/symbolic-engine/src/comprehensive_vulnerability_test.c:365:23: error: call to undeclared function 'alloca'; ISO C99 and later do not support implicit function declarations [clang-diagnostic-implicit-function-declaration]
|
||||
365 | char* stack_ptr = alloca(1000000); // 可能导致栈溢出
|
||||
| ^
|
||||
/root/klee-build/symbolic-engine/src/comprehensive_vulnerability_test.c:578:5: warning: 'gets' is deprecated [clang-diagnostic-deprecated-declarations]
|
||||
578 | gets(buffer); // 不安全的gets函数
|
||||
| ^
|
||||
/usr/include/stdio.h:605:37: note: 'gets' has been explicitly marked deprecated here
|
||||
605 | extern char *gets (char *__s) __wur __attribute_deprecated__;
|
||||
| ^
|
||||
/usr/include/x86_64-linux-gnu/sys/cdefs.h:339:51: note: expanded from macro '__attribute_deprecated__'
|
||||
339 | # define __attribute_deprecated__ __attribute__ ((__deprecated__))
|
||||
| ^
|
||||
Found compiler error(s).
|
||||
@ -0,0 +1,312 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<results version="2">
|
||||
<cppcheck version="2.7"/>
|
||||
<errors>
|
||||
<error id="arrayIndexOutOfBounds" severity="error" msg="Array 'array[5]' accessed at index 9, which is out of bounds." verbose="Array 'array[5]' accessed at index 9, which is out of bounds." cwe="788" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="178" column="44" info="Array index out of bounds"/>
|
||||
<location file="comprehensive_vulnerability_test.c" line="177" column="23" info="Assuming that condition 'i<10' is not redundant"/>
|
||||
</error>
|
||||
<error id="arrayIndexOutOfBounds" severity="error" msg="Array 'array[10]' accessed at index 10, which is out of bounds." verbose="Array 'array[10]' accessed at index 10, which is out of bounds." cwe="788" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="492" column="33" info="Array index out of bounds"/>
|
||||
<location file="comprehensive_vulnerability_test.c" line="491" column="27" info="Assuming that condition 'j<10' is not redundant"/>
|
||||
</error>
|
||||
<error id="arrayIndexOutOfBounds" severity="error" msg="Array 'search_array[5]' accessed at index 5, which is out of bounds." verbose="Array 'search_array[5]' accessed at index 5, which is out of bounds." cwe="788" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="507" column="25" info="Array index out of bounds"/>
|
||||
<location file="comprehensive_vulnerability_test.c" line="506" column="17" info="mid is assigned '(left+right)/2' here."/>
|
||||
<location file="comprehensive_vulnerability_test.c" line="503" column="27" info="Assignment 'right=5', assigned value is 5"/>
|
||||
</error>
|
||||
<error id="pointerOutOfBounds" severity="portability" msg="Undefined behaviour, pointer arithmetic 'ptr+200' is out of bounds." verbose="Undefined behaviour, pointer arithmetic 'ptr+200' is out of bounds." cwe="758" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="242" column="29" info="Pointer arithmetic overflow"/>
|
||||
</error>
|
||||
<error id="allocaCalled" severity="warning" msg="Obsolete function 'alloca' called. In C99 and later it is recommended to use a variable length array instead." verbose="The obsolete function 'alloca' is called. In C99 and later it is recommended to use a variable length array or a dynamically allocated array instead. The function 'alloca' is dangerous for many reasons (http://stackoverflow.com/questions/1018853/why-is-alloca-not-considered-good-practice and http://linux.die.net/man/3/alloca)." file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="365" column="23"/>
|
||||
<symbol>alloca</symbol>
|
||||
</error>
|
||||
<error id="getsCalled" severity="warning" msg="Obsolete function 'gets' called. It is recommended to use 'fgets' or 'gets_s' instead." verbose="The obsolete function 'gets' is called. With 'gets' you'll get a buffer overrun if the input data exceeds the size of the buffer. It is recommended to use the functions 'fgets' or 'gets_s' instead." cwe="477" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="578" column="5"/>
|
||||
</error>
|
||||
<error id="knownConditionTrueFalse" severity="style" msg="Condition 'result<0' is always true" verbose="Condition 'result<0' is always true" cwe="571" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="567" column="16" info="Condition 'result<0' is always true"/>
|
||||
<location file="comprehensive_vulnerability_test.c" line="566" column="32" info="Assignment 'result=some_operation()', assigned value is -1"/>
|
||||
</error>
|
||||
<error id="doubleFree" severity="error" msg="Memory pointed to by 'double_free_ptr' is freed twice." verbose="Memory pointed to by 'double_free_ptr' is freed twice." cwe="415" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="197" column="5"/>
|
||||
<location file="comprehensive_vulnerability_test.c" line="196" column="5"/>
|
||||
<symbol>double_free_ptr</symbol>
|
||||
</error>
|
||||
<error id="memleak" severity="error" msg="Memory leak: leaked_memory" verbose="Memory leak: leaked_memory" cwe="401" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="212" column="1"/>
|
||||
<symbol>leaked_memory</symbol>
|
||||
</error>
|
||||
<error id="memleak" severity="error" msg="Memory leak: wrong_size" verbose="Memory leak: wrong_size" cwe="401" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="212" column="1"/>
|
||||
<symbol>wrong_size</symbol>
|
||||
</error>
|
||||
<error id="memleak" severity="error" msg="Memory leak: unaligned_ptr" verbose="Memory leak: unaligned_ptr" cwe="401" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="212" column="1"/>
|
||||
<symbol>unaligned_ptr</symbol>
|
||||
</error>
|
||||
<error id="memleak" severity="error" msg="Memory leak: malloc_result" verbose="Memory leak: malloc_result" cwe="401" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="311" column="1"/>
|
||||
<symbol>malloc_result</symbol>
|
||||
</error>
|
||||
<error id="deallocuse" severity="error" msg="Dereferencing 'ptr' after it is deallocated / released" verbose="Dereferencing 'ptr' after it is deallocated / released" cwe="416" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="326" column="15"/>
|
||||
<symbol>ptr</symbol>
|
||||
</error>
|
||||
<error id="doubleFree" severity="error" msg="Memory pointed to by 'ptr1' is freed twice." verbose="Memory pointed to by 'ptr1' is freed twice." cwe="415" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="339" column="5"/>
|
||||
<location file="comprehensive_vulnerability_test.c" line="336" column="5"/>
|
||||
<symbol>ptr1</symbol>
|
||||
</error>
|
||||
<error id="memleak" severity="error" msg="Memory leak: ptr2" verbose="Memory leak: ptr2" cwe="401" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="348" column="1"/>
|
||||
<symbol>ptr2</symbol>
|
||||
</error>
|
||||
<error id="memleak" severity="error" msg="Memory leak: large_buffer" verbose="Memory leak: large_buffer" cwe="401" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="554" column="1"/>
|
||||
<symbol>large_buffer</symbol>
|
||||
</error>
|
||||
<error id="resourceLeak" severity="error" msg="Resource leak: file" verbose="Resource leak: file" cwe="775" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="570" column="9"/>
|
||||
<symbol>file</symbol>
|
||||
</error>
|
||||
<error id="resourceLeak" severity="error" msg="Resource leak: file" verbose="Resource leak: file" cwe="775" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="572" column="1"/>
|
||||
<symbol>file</symbol>
|
||||
</error>
|
||||
<error id="resourceLeak" severity="error" msg="Resource leak: file" verbose="Resource leak: file" cwe="775" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="665" column="1"/>
|
||||
<symbol>file</symbol>
|
||||
</error>
|
||||
<error id="memleak" severity="error" msg="Memory leak: buffer" verbose="Memory leak: buffer" cwe="401" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="665" column="1"/>
|
||||
<symbol>buffer</symbol>
|
||||
</error>
|
||||
<error id="constVariable" severity="style" msg="Variable 'search_array' can be declared with const" verbose="Variable 'search_array' can be declared with const" cwe="398" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="501" column="9" info="Variable 'search_array' can be declared with const"/>
|
||||
<symbol>search_array</symbol>
|
||||
</error>
|
||||
<error id="integerOverflow" severity="error" msg="Signed integer overflow for expression 'max_int+1'." verbose="Signed integer overflow for expression 'max_int+1'." cwe="190" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="218" column="35" info="Integer overflow"/>
|
||||
<location file="comprehensive_vulnerability_test.c" line="217" column="19" info="Assignment 'max_int=2147483647', assigned value is 2147483647"/>
|
||||
</error>
|
||||
<error id="integerOverflow" severity="error" msg="Signed integer overflow for expression 'a*b'." verbose="Signed integer overflow for expression 'a*b'." cwe="190" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="227" column="21" info="Integer overflow"/>
|
||||
<location file="comprehensive_vulnerability_test.c" line="225" column="13" info="Assignment 'a=1000000', assigned value is 1000000"/>
|
||||
</error>
|
||||
<error id="integerOverflow" severity="error" msg="Signed integer overflow for expression 'packet_size*num_packets'." verbose="Signed integer overflow for expression 'packet_size*num_packets'." cwe="190" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="435" column="34" info="Integer overflow"/>
|
||||
<location file="comprehensive_vulnerability_test.c" line="433" column="23" info="Assignment 'packet_size=1000000', assigned value is 1000000"/>
|
||||
</error>
|
||||
<error id="uninitvar" severity="error" msg="Uninitialized variable: hash[i%32]" verbose="Uninitialized variable: hash[i%32]" cwe="457" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="649" column="13"/>
|
||||
<symbol>hash[i%32]</symbol>
|
||||
</error>
|
||||
<error id="unusedStructMember" severity="style" msg="struct member 'UserData::id' is never used." verbose="struct member 'UserData::id' is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="23" column="9"/>
|
||||
<symbol>UserData::id</symbol>
|
||||
</error>
|
||||
<error id="unusedStructMember" severity="style" msg="struct member 'UserData::name' is never used." verbose="struct member 'UserData::name' is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="24" column="11"/>
|
||||
<symbol>UserData::name</symbol>
|
||||
</error>
|
||||
<error id="unusedStructMember" severity="style" msg="struct member 'UserData::data' is never used." verbose="struct member 'UserData::data' is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="25" column="10"/>
|
||||
<symbol>UserData::data</symbol>
|
||||
</error>
|
||||
<error id="unusedStructMember" severity="style" msg="struct member 'UserData::size' is never used." verbose="struct member 'UserData::size' is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="26" column="12"/>
|
||||
<symbol>UserData::size</symbol>
|
||||
</error>
|
||||
<error id="unusedStructMember" severity="style" msg="struct member 'DynamicArray::array' is never used." verbose="struct member 'DynamicArray::array' is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="30" column="10"/>
|
||||
<symbol>DynamicArray::array</symbol>
|
||||
</error>
|
||||
<error id="unusedStructMember" severity="style" msg="struct member 'DynamicArray::length' is never used." verbose="struct member 'DynamicArray::length' is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="31" column="12"/>
|
||||
<symbol>DynamicArray::length</symbol>
|
||||
</error>
|
||||
<error id="unusedStructMember" severity="style" msg="struct member 'DynamicArray::capacity' is never used." verbose="struct member 'DynamicArray::capacity' is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="32" column="9"/>
|
||||
<symbol>DynamicArray::capacity</symbol>
|
||||
</error>
|
||||
<error id="unusedStructMember" severity="style" msg="struct member 'Anonymous0::data' is never used." verbose="struct member 'Anonymous0::data' is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="360" column="14"/>
|
||||
<symbol>Anonymous0::data</symbol>
|
||||
</error>
|
||||
<error id="unusedStructMember" severity="style" msg="struct member 'Anonymous0::values' is never used." verbose="struct member 'Anonymous0::values' is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="361" column="13"/>
|
||||
<symbol>Anonymous0::values</symbol>
|
||||
</error>
|
||||
<error id="unreadVariable" severity="style" msg="Variable 'leaked_memory' is assigned a value that is never used." verbose="Variable 'leaked_memory' is assigned a value that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="191" column="25"/>
|
||||
<symbol>leaked_memory</symbol>
|
||||
</error>
|
||||
<error id="unusedAllocatedMemory" severity="style" msg="Variable 'leaked_memory' is allocated memory that is never used." verbose="Variable 'leaked_memory' is allocated memory that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="191" column="27"/>
|
||||
<symbol>leaked_memory</symbol>
|
||||
</error>
|
||||
<error id="unusedAllocatedMemory" severity="style" msg="Variable 'double_free_ptr' is allocated memory that is never used." verbose="Variable 'double_free_ptr' is allocated memory that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="195" column="29"/>
|
||||
<symbol>double_free_ptr</symbol>
|
||||
</error>
|
||||
<error id="unreadVariable" severity="style" msg="Variable 'overflow_result' is assigned a value that is never used." verbose="Variable 'overflow_result' is assigned a value that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="218" column="25"/>
|
||||
<symbol>overflow_result</symbol>
|
||||
</error>
|
||||
<error id="unreadVariable" severity="style" msg="Variable 'uint_overflow' is assigned a value that is never used." verbose="Variable 'uint_overflow' is assigned a value that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="222" column="32"/>
|
||||
<symbol>uint_overflow</symbol>
|
||||
</error>
|
||||
<error id="unreadVariable" severity="style" msg="Variable 'product' is assigned a value that is never used." verbose="Variable 'product' is assigned a value that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="227" column="17"/>
|
||||
<symbol>product</symbol>
|
||||
</error>
|
||||
<error id="unreadVariable" severity="style" msg="Variable 'large_array' is assigned a value that is never used." verbose="Variable 'large_array' is assigned a value that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="233" column="23"/>
|
||||
<symbol>large_array</symbol>
|
||||
</error>
|
||||
<error id="unusedAllocatedMemory" severity="style" msg="Variable 'large_array' is allocated memory that is never used." verbose="Variable 'large_array' is allocated memory that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="233" column="25"/>
|
||||
<symbol>large_array</symbol>
|
||||
</error>
|
||||
<error id="unusedVariable" severity="style" msg="Unused variable: uninitialized_ptr" verbose="Unused variable: uninitialized_ptr" cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="297" column="11"/>
|
||||
<symbol>uninitialized_ptr</symbol>
|
||||
</error>
|
||||
<error id="unreadVariable" severity="style" msg="Variable 'ptr2' is assigned a value that is never used." verbose="Variable 'ptr2' is assigned a value that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="333" column="16"/>
|
||||
<symbol>ptr2</symbol>
|
||||
</error>
|
||||
<error id="unreadVariable" severity="style" msg="Variable 'unallocated' is assigned a value that is never used." verbose="Variable 'unallocated' is assigned a value that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="342" column="23"/>
|
||||
<symbol>unallocated</symbol>
|
||||
</error>
|
||||
<error id="unusedAllocatedMemory" severity="style" msg="Variable 'ptr1' is allocated memory that is never used." verbose="Variable 'ptr1' is allocated memory that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="332" column="18"/>
|
||||
<symbol>ptr1</symbol>
|
||||
</error>
|
||||
<error id="unusedAllocatedMemory" severity="style" msg="Variable 'ptr2' is allocated memory that is never used." verbose="Variable 'ptr2' is allocated memory that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="333" column="18"/>
|
||||
<symbol>ptr2</symbol>
|
||||
</error>
|
||||
<error id="unusedVariable" severity="style" msg="Unused variable: stack_var" verbose="Unused variable: stack_var" cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="346" column="10"/>
|
||||
<symbol>stack_var</symbol>
|
||||
</error>
|
||||
<error id="unusedVariable" severity="style" msg="Unused variable: large_array" verbose="Unused variable: large_array" cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="353" column="10"/>
|
||||
<symbol>large_array</symbol>
|
||||
</error>
|
||||
<error id="unusedVariable" severity="style" msg="Unused variable: large_struct" verbose="Unused variable: large_struct" cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="362" column="7"/>
|
||||
<symbol>large_struct</symbol>
|
||||
</error>
|
||||
<error id="unreadVariable" severity="style" msg="Variable 'file' is assigned a value that is never used." verbose="Variable 'file' is assigned a value that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="411" column="16"/>
|
||||
<symbol>file</symbol>
|
||||
</error>
|
||||
<error id="unreadVariable" severity="style" msg="Variable 'total_size' is assigned a value that is never used." verbose="Variable 'total_size' is assigned a value that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="435" column="20"/>
|
||||
<symbol>total_size</symbol>
|
||||
</error>
|
||||
<error id="unreadVariable" severity="style" msg="Variable 'weak_random' is assigned a value that is never used." verbose="Variable 'weak_random' is assigned a value that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="442" column="21"/>
|
||||
<symbol>weak_random</symbol>
|
||||
</error>
|
||||
<error id="unreadVariable" severity="style" msg="Variable 'key' is assigned a value that is never used." verbose="Variable 'key' is assigned a value that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="445" column="18"/>
|
||||
<symbol>key</symbol>
|
||||
</error>
|
||||
<error id="unreadVariable" severity="style" msg="Variable 'hash' is assigned a value that is never used." verbose="Variable 'hash' is assigned a value that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="451" column="14"/>
|
||||
<symbol>hash</symbol>
|
||||
</error>
|
||||
<error id="unreadVariable" severity="style" msg="Variable 'hash' is assigned a value that is never used." verbose="Variable 'hash' is assigned a value that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="453" column="14"/>
|
||||
<symbol>hash</symbol>
|
||||
</error>
|
||||
<error id="unusedAllocatedMemory" severity="style" msg="Variable 'ptr' is allocated memory that is never used." verbose="Variable 'ptr' is allocated memory that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="528" column="21"/>
|
||||
<symbol>ptr</symbol>
|
||||
</error>
|
||||
<error id="unreadVariable" severity="style" msg="Variable 'large_buffer' is assigned a value that is never used." verbose="Variable 'large_buffer' is assigned a value that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="553" column="24"/>
|
||||
<symbol>large_buffer</symbol>
|
||||
</error>
|
||||
<error id="unusedAllocatedMemory" severity="style" msg="Variable 'large_buffer' is allocated memory that is never used." verbose="Variable 'large_buffer' is allocated memory that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="553" column="26"/>
|
||||
<symbol>large_buffer</symbol>
|
||||
</error>
|
||||
<error id="unreadVariable" severity="style" msg="Variable 'hash[i%32]' is assigned a value that is never used." verbose="Variable 'hash[i%32]' is assigned a value that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="649" column="22"/>
|
||||
<symbol>hash[i%32]</symbol>
|
||||
</error>
|
||||
<error id="unassignedVariable" severity="style" msg="Variable 'hash' is not assigned a value." verbose="Variable 'hash' is not assigned a value." cwe="665" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="647" column="10"/>
|
||||
<symbol>hash</symbol>
|
||||
</error>
|
||||
<error id="unreadVariable" severity="style" msg="Variable 'file' is assigned a value that is never used." verbose="Variable 'file' is assigned a value that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="662" column="16"/>
|
||||
<symbol>file</symbol>
|
||||
</error>
|
||||
<error id="unreadVariable" severity="style" msg="Variable 'buffer' is assigned a value that is never used." verbose="Variable 'buffer' is assigned a value that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="663" column="18"/>
|
||||
<symbol>buffer</symbol>
|
||||
</error>
|
||||
<error id="unusedAllocatedMemory" severity="style" msg="Variable 'buffer' is allocated memory that is never used." verbose="Variable 'buffer' is allocated memory that is never used." cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="663" column="20"/>
|
||||
<symbol>buffer</symbol>
|
||||
</error>
|
||||
<error id="unusedVariable" severity="style" msg="Unused variable: local_array" verbose="Unused variable: local_array" cwe="563" file0="comprehensive_vulnerability_test.c">
|
||||
<location file="comprehensive_vulnerability_test.c" line="697" column="14"/>
|
||||
<symbol>local_array</symbol>
|
||||
</error>
|
||||
<error id="unusedFunction" severity="style" msg="The function 'legacy_code_with_vulnerabilities' is never used." verbose="The function 'legacy_code_with_vulnerabilities' is never used." cwe="561">
|
||||
<location file="comprehensive_vulnerability_test.c" line="680" column="0"/>
|
||||
<symbol>legacy_code_with_vulnerabilities</symbol>
|
||||
</error>
|
||||
<error id="unusedFunction" severity="style" msg="The function 'unsafe_algorithm_implementation' is never used." verbose="The function 'unsafe_algorithm_implementation' is never used." cwe="561">
|
||||
<location file="comprehensive_vulnerability_test.c" line="653" column="0"/>
|
||||
<symbol>unsafe_algorithm_implementation</symbol>
|
||||
</error>
|
||||
<error id="unusedFunction" severity="style" msg="The function 'unsafe_cryptographic_operation' is never used." verbose="The function 'unsafe_cryptographic_operation' is never used." cwe="561">
|
||||
<location file="comprehensive_vulnerability_test.c" line="645" column="0"/>
|
||||
<symbol>unsafe_cryptographic_operation</symbol>
|
||||
</error>
|
||||
<error id="unusedFunction" severity="style" msg="The function 'unsafe_error_handling' is never used." verbose="The function 'unsafe_error_handling' is never used." cwe="561">
|
||||
<location file="comprehensive_vulnerability_test.c" line="673" column="0"/>
|
||||
<symbol>unsafe_error_handling</symbol>
|
||||
</error>
|
||||
<error id="unusedFunction" severity="style" msg="The function 'unsafe_file_operation' is never used." verbose="The function 'unsafe_file_operation' is never used." cwe="561">
|
||||
<location file="comprehensive_vulnerability_test.c" line="632" column="0"/>
|
||||
<symbol>unsafe_file_operation</symbol>
|
||||
</error>
|
||||
<error id="unusedFunction" severity="style" msg="The function 'unsafe_input_processing' is never used." verbose="The function 'unsafe_input_processing' is never used." cwe="561">
|
||||
<location file="comprehensive_vulnerability_test.c" line="667" column="0"/>
|
||||
<symbol>unsafe_input_processing</symbol>
|
||||
</error>
|
||||
<error id="unusedFunction" severity="style" msg="The function 'unsafe_integer_operation' is never used." verbose="The function 'unsafe_integer_operation' is never used." cwe="561">
|
||||
<location file="comprehensive_vulnerability_test.c" line="619" column="0"/>
|
||||
<symbol>unsafe_integer_operation</symbol>
|
||||
</error>
|
||||
<error id="unusedFunction" severity="style" msg="The function 'unsafe_memory_allocation' is never used." verbose="The function 'unsafe_memory_allocation' is never used." cwe="561">
|
||||
<location file="comprehensive_vulnerability_test.c" line="628" column="0"/>
|
||||
<symbol>unsafe_memory_allocation</symbol>
|
||||
</error>
|
||||
<error id="unusedFunction" severity="style" msg="The function 'unsafe_network_operation' is never used." verbose="The function 'unsafe_network_operation' is never used." cwe="561">
|
||||
<location file="comprehensive_vulnerability_test.c" line="638" column="0"/>
|
||||
<symbol>unsafe_network_operation</symbol>
|
||||
</error>
|
||||
<error id="unusedFunction" severity="style" msg="The function 'unsafe_resource_management' is never used." verbose="The function 'unsafe_resource_management' is never used." cwe="561">
|
||||
<location file="comprehensive_vulnerability_test.c" line="660" column="0"/>
|
||||
<symbol>unsafe_resource_management</symbol>
|
||||
</error>
|
||||
<error id="unusedFunction" severity="style" msg="The function 'unsafe_string_copy' is never used." verbose="The function 'unsafe_string_copy' is never used." cwe="561">
|
||||
<location file="comprehensive_vulnerability_test.c" line="615" column="0"/>
|
||||
<symbol>unsafe_string_copy</symbol>
|
||||
</error>
|
||||
<error id="missingIncludeSystem" severity="information" msg="Cppcheck cannot find all the include files (use --check-config for details)" verbose="Cppcheck cannot find all the include files. Cppcheck can check the code without the include files found. But the results will probably be more accurate if all the include files are found. Please check your project's include directories and add all of them as include directories for Cppcheck. To see what files Cppcheck cannot find use --check-config."/>
|
||||
</errors>
|
||||
</results>
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
Binary file not shown.
Loading…
Reference in new issue