parent
3d41771c4a
commit
d526fe448d
@ -0,0 +1,65 @@
|
||||
name: CI
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ main, develop ]
|
||||
pull_request:
|
||||
branches: [ main, develop ]
|
||||
|
||||
jobs:
|
||||
build-and-test:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y gcc make cppcheck clang-tidy llvm clang klee
|
||||
|
||||
- name: Build analyzer
|
||||
working-directory: src
|
||||
run: |
|
||||
make build
|
||||
|
||||
- name: Check dependencies
|
||||
working-directory: src
|
||||
run: |
|
||||
make check-deps
|
||||
|
||||
- name: Run tests
|
||||
working-directory: src
|
||||
run: |
|
||||
make test
|
||||
|
||||
- name: Run analysis on test files
|
||||
working-directory: src
|
||||
run: |
|
||||
mkdir -p test_output
|
||||
./test_analyzer comprehensive_vulnerability_test.c > test_output/analysis.log 2>&1 || true
|
||||
|
||||
- name: Check analysis results
|
||||
working-directory: src/test_output
|
||||
run: |
|
||||
if [ ! -f analysis.log ]; then
|
||||
echo "❌ Analysis failed: No log file"
|
||||
exit 1
|
||||
fi
|
||||
if grep -q "Segmentation fault" analysis.log; then
|
||||
echo "❌ Analysis failed: Segmentation fault detected"
|
||||
exit 1
|
||||
fi
|
||||
echo "✓ Analysis completed successfully"
|
||||
|
||||
- name: Upload results
|
||||
uses: actions/upload-artifact@v3
|
||||
if: always()
|
||||
with:
|
||||
name: analysis-results
|
||||
path: |
|
||||
src/output/
|
||||
src/test_output/
|
||||
retention-days: 7
|
||||
|
||||
@ -0,0 +1,44 @@
|
||||
name: Self-Hosted CI
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
test_file:
|
||||
description: 'Test file to analyze'
|
||||
required: false
|
||||
default: 'comprehensive_vulnerability_test.c'
|
||||
|
||||
jobs:
|
||||
analyze:
|
||||
runs-on: self-hosted
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Setup environment
|
||||
run: |
|
||||
cd src
|
||||
make build
|
||||
|
||||
- name: Run analysis
|
||||
working-directory: src
|
||||
run: |
|
||||
if [ -f "${{ github.event.inputs.test_file }}" ]; then
|
||||
./test_analyzer ${{ github.event.inputs.test_file }}
|
||||
else
|
||||
./test_analyzer comprehensive_vulnerability_test.c
|
||||
fi
|
||||
|
||||
- name: Generate reports
|
||||
working-directory: src
|
||||
run: |
|
||||
ls -lh output/
|
||||
|
||||
- name: Upload reports
|
||||
uses: actions/upload-artifact@v3
|
||||
if: always()
|
||||
with:
|
||||
name: analysis-reports
|
||||
path: src/output/
|
||||
|
||||
@ -0,0 +1,139 @@
|
||||
#!/bin/bash
|
||||
|
||||
# CI测试脚本 - 可在本地或CI环境中运行
|
||||
|
||||
set -e # 遇到错误立即退出
|
||||
|
||||
echo "=== Enhanced Symbolic Execution Engine CI Tests ==="
|
||||
echo ""
|
||||
|
||||
# 颜色定义
|
||||
RED='\033[0;31m'
|
||||
GREEN='\033[0;32m'
|
||||
YELLOW='\033[1;33m'
|
||||
NC='\033[0m' # No Color
|
||||
|
||||
# 计数器
|
||||
PASSED=0
|
||||
FAILED=0
|
||||
WARNINGS=0
|
||||
|
||||
# 测试函数
|
||||
check_result() {
|
||||
if [ $1 -eq 0 ]; then
|
||||
echo -e "${GREEN}✓ PASS${NC}: $2"
|
||||
PASSED=$((PASSED + 1))
|
||||
else
|
||||
echo -e "${RED}✗ FAIL${NC}: $2"
|
||||
FAILED=$((FAILED + 1))
|
||||
fi
|
||||
}
|
||||
|
||||
check_warning() {
|
||||
echo -e "${YELLOW}⚠ WARN${NC}: $1"
|
||||
WARNINGS=$((WARNINGS + 1))
|
||||
}
|
||||
|
||||
# 1. 检查依赖工具
|
||||
echo "1. Checking dependencies..."
|
||||
cd src
|
||||
make check-deps
|
||||
check_result $? "Dependency check"
|
||||
|
||||
# 2. 编译项目
|
||||
echo ""
|
||||
echo "2. Building project..."
|
||||
make clean
|
||||
make build
|
||||
check_result $? "Build"
|
||||
|
||||
# 3. 运行测试用例
|
||||
echo ""
|
||||
echo "3. Running test analysis..."
|
||||
mkdir -p test_output
|
||||
|
||||
# 测试分析是否能成功运行
|
||||
if [ -f comprehensive_vulnerability_test.c ]; then
|
||||
./test_analyzer comprehensive_vulnerability_test.c > test_output/analysis.log 2>&1
|
||||
ANALYSIS_CODE=$?
|
||||
|
||||
# 检查是否有段错误
|
||||
if grep -q "Segmentation fault" test_output/analysis.log; then
|
||||
check_warning "Segmentation fault detected (non-fatal)"
|
||||
fi
|
||||
|
||||
# 检查是否有崩溃
|
||||
if grep -q "buffer overflow detected" test_output/analysis.log; then
|
||||
check_warning "Buffer overflow detected (non-fatal)"
|
||||
fi
|
||||
|
||||
# 检查是否生成了报告
|
||||
if [ -f output/static_analysis_report.txt ]; then
|
||||
check_result 0 "Report generation"
|
||||
else
|
||||
check_result 1 "Report generation"
|
||||
fi
|
||||
|
||||
# 检查是否有漏洞检测
|
||||
if grep -q "漏洞总数" test_output/analysis.log; then
|
||||
check_result 0 "Vulnerability detection"
|
||||
else
|
||||
check_result 1 "Vulnerability detection"
|
||||
fi
|
||||
else
|
||||
check_warning "Test file not found (skipping test)"
|
||||
fi
|
||||
|
||||
# 4. 检查输出文件
|
||||
echo ""
|
||||
echo "4. Checking output files..."
|
||||
if [ -f output/static_analysis_report.txt ]; then
|
||||
check_result 0 "Text report exists"
|
||||
else
|
||||
check_result 1 "Text report missing"
|
||||
fi
|
||||
|
||||
if [ -f output/static_analysis_report.json ]; then
|
||||
check_result 0 "JSON report exists"
|
||||
else
|
||||
check_result 1 "JSON report missing"
|
||||
fi
|
||||
|
||||
# 5. 运行静态工具检查
|
||||
echo ""
|
||||
echo "5. Running static analysis tools..."
|
||||
|
||||
if command -v cppcheck >/dev/null 2>&1; then
|
||||
cppcheck --version > /dev/null 2>&1
|
||||
check_result $? "cppcheck available"
|
||||
else
|
||||
check_warning "cppcheck not installed"
|
||||
fi
|
||||
|
||||
if command -v clang-tidy >/dev/null 2>&1; then
|
||||
clang-tidy --version > /dev/null 2>&1
|
||||
check_result $? "clang-tidy available"
|
||||
else
|
||||
check_warning "clang-tidy not installed"
|
||||
fi
|
||||
|
||||
# 6. 显示总结
|
||||
echo ""
|
||||
echo "=== Test Summary ==="
|
||||
echo -e "${GREEN}Passed: ${PASSED}${NC}"
|
||||
echo - REVIEW "${RED}Failed: ${FAILED}${NC}"
|
||||
echo -e "${YELLOW}Warnings: ${WARNINGS}${NC}"
|
||||
|
||||
# 设置失败阈值
|
||||
FAILURE_THRESHOLD=3 # 允许最多3个失败
|
||||
|
||||
if [ $FAILED -gt $FAILURE_THRESHOLD ]; then
|
||||
echo ""
|
||||
echo -e "${RED}❌ CI FAILED: Too many failures (${FAILED} > ${FAILURE_THRESHOLD})${NC}"
|
||||
exit 1
|
||||
else
|
||||
echo ""
|
||||
echo -e "${GREEN}✓ CI PASSED${NC}"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
@ -0,0 +1,40 @@
|
||||
#!/bin/bash
|
||||
|
||||
# 自建CI环境设置脚本
|
||||
|
||||
echo "=== Setting up Self-Hosted CI Environment ==="
|
||||
|
||||
# 1. 安装依赖
|
||||
echo "1. Installing dependencies..."
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y \
|
||||
build-essential \
|
||||
gcc \
|
||||
make \
|
||||
cppcheck \
|
||||
clang \
|
||||
clang-tidy \
|
||||
llvm \
|
||||
klee \
|
||||
git
|
||||
|
||||
# 2. 验证安装
|
||||
echo ""
|
||||
echo "2. Verifying installations..."
|
||||
command -v gcc && echo "✓ gcc installed" || echo "✗ gcc missing"
|
||||
command -v make && echo "✓ make installed" || echo "✗ make missing"
|
||||
command -v cppcheck && echo "✓ cppcheck installed" || echo "✗ cppcheck missing"
|
||||
command -v clang-tidy && echo "✓ clang-tidy installed" || echo "✗ clang-tidy missing"
|
||||
command -v klee && echo "✓ klee installed" || echo "✗ klee missing"
|
||||
|
||||
# 3. 配置GitHub Actions Self-Hosted Runner (可选)
|
||||
echo ""
|
||||
echo "3. GitHub Actions Self-Hosted Runner setup:"
|
||||
echo " To set up self-hosted runner:"
|
||||
echo " 1. Go to GitHub repository Settings > Actions > Runners"
|
||||
echo " 2. Click 'New self-hosted runner'"
|
||||
echo " 3. Follow instructions to download and configure runner"
|
||||
|
||||
echo ""
|
||||
echo "=== Setup Complete ==="
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
KLEE: Using Z3 solver backend
|
||||
KLEE: Deterministic allocator: Using quarantine queue size 8
|
||||
KLEE: Deterministic allocator: globals (start-address=0x7419fb000000 size=10 GiB)
|
||||
KLEE: Deterministic allocator: constants (start-address=0x74177b000000 size=10 GiB)
|
||||
KLEE: Deterministic allocator: heap (start-address=0x73177b000000 size=1024 GiB)
|
||||
KLEE: Deterministic allocator: stack (start-address=0x72f77b000000 size=128 GiB)
|
||||
KLEE: Deterministic allocator: globals (start-address=0x76a8a7a00000 size=10 GiB)
|
||||
KLEE: Deterministic allocator: constants (start-address=0x76a627a00000 size=10 GiB)
|
||||
KLEE: Deterministic allocator: heap (start-address=0x75a627a00000 size=1024 GiB)
|
||||
KLEE: Deterministic allocator: stack (start-address=0x758627a00000 size=128 GiB)
|
||||
KLEE: ERROR: comprehensive_vulnerability_test.c:178: memory error: out of bound pointer
|
||||
KLEE: NOTE: now ignoring this error at this location
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -1,25 +1,25 @@
|
||||
{
|
||||
"version": "1.0",
|
||||
"total_entries": 1,
|
||||
"last_updated": "2025-10-28 16:27:52",
|
||||
"last_updated": "2025-10-28 17:21:26",
|
||||
"entries": [
|
||||
{
|
||||
"archive_id": "analysis_1761640072_0",
|
||||
"timestamp": "2025-10-28_16-27-52",
|
||||
"archive_id": "analysis_1761643286_0",
|
||||
"timestamp": "2025-10-28_17-21-26",
|
||||
"source_file": "comprehensive_vulnerability_test.c",
|
||||
"file_hash": "21207_1761036648",
|
||||
"vuln_count": 100,
|
||||
"klee_confirmed": 0,
|
||||
"coverage_rate": 42.00,
|
||||
"analysis_time_ms": 587,
|
||||
"analysis_time_ms": 546,
|
||||
"reports": {
|
||||
"html": "output/reports/analysis_1761640072_0_static_analysis_report.html",
|
||||
"json": "output/reports/analysis_1761640072_0_static_analysis_report.json",
|
||||
"txt": "output/reports/analysis_1761640072_0_static_analysis_report.txt",
|
||||
"enhanced_html": "output/reports/analysis_1761640072_0_enhanced_analysis_report.html",
|
||||
"enhanced_json": "output/reports/analysis_1761640072_0_enhanced_analysis_report.json"
|
||||
"html": "output/reports/analysis_1761643286_0_static_analysis_report.html",
|
||||
"json": "output/reports/analysis_1761643286_0_static_analysis_report.json",
|
||||
"txt": "output/reports/analysis_1761643286_0_static_analysis_report.txt",
|
||||
"enhanced_html": "output/reports/analysis_1761643286_0_enhanced_analysis_report.html",
|
||||
"enhanced_json": "output/reports/analysis_1761643286_0_enhanced_analysis_report.json"
|
||||
},
|
||||
"archive_path": "output/archives/analysis_1761640072_0_archive.tar.gz"
|
||||
"archive_path": "output/archives/analysis_1761643286_0_archive.tar.gz"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Binary file not shown.
@ -0,0 +1,360 @@
|
||||
comprehensive_vulnerability_test.c:578:5: warning: implicit declaration of function 'gets' is invalid in C99 [-Wimplicit-function-declaration]
|
||||
gets(buffer); // 不安全的gets函数
|
||||
^
|
||||
1 warning generated.
|
||||
KLEE: NOTE: Using POSIX model: /usr/local/lib/klee/runtime/libkleeRuntimePOSIX64_Debug+Asserts.bca
|
||||
KLEE: output directory is "/root/klee-build/symbolic-engine/src/klee_output"
|
||||
KLEE: Using Z3 solver backend
|
||||
KLEE: Deterministic allocator: Using quarantine queue size 8
|
||||
KLEE: Deterministic allocator: globals (start-address=0x784283e00000 size=10 GiB)
|
||||
KLEE: Deterministic allocator: constants (start-address=0x784003e00000 size=10 GiB)
|
||||
KLEE: Deterministic allocator: heap (start-address=0x774003e00000 size=1024 GiB)
|
||||
KLEE: Deterministic allocator: stack (start-address=0x772003e00000 size=128 GiB)
|
||||
KLEE: WARNING: undefined reference to function: atoi
|
||||
KLEE: WARNING: undefined reference to function: fclose
|
||||
KLEE: WARNING: undefined reference to function: fgets
|
||||
KLEE: WARNING: undefined reference to function: fopen
|
||||
KLEE: WARNING: undefined reference to function: fprintf
|
||||
KLEE: WARNING: undefined reference to function: gets
|
||||
KLEE: WARNING: undefined reference to function: printf
|
||||
KLEE: WARNING: undefined reference to function: pthread_create
|
||||
KLEE: WARNING: undefined reference to function: pthread_join
|
||||
KLEE: WARNING: undefined reference to function: pthread_mutex_lock
|
||||
KLEE: WARNING: undefined reference to function: pthread_mutex_unlock
|
||||
KLEE: WARNING: undefined reference to function: pthread_self
|
||||
KLEE: WARNING: undefined reference to function: rand
|
||||
KLEE: WARNING: undefined reference to function: signal
|
||||
KLEE: WARNING: undefined reference to function: snprintf
|
||||
KLEE: WARNING: undefined reference to function: sprintf
|
||||
KLEE: WARNING: undefined reference to function: srand
|
||||
KLEE: WARNING: undefined reference to function: strcat
|
||||
KLEE: WARNING: undefined reference to function: strcpy
|
||||
KLEE: WARNING: undefined reference to function: strlen
|
||||
KLEE: WARNING: undefined reference to function: strncmp
|
||||
KLEE: WARNING ONCE: Alignment of memory from call "malloc" is not modelled. Using alignment of 8.
|
||||
KLEE: WARNING ONCE: calling external: syscall(4, 132218351517696, 131035222245376) at runtime/POSIX/fd.c:530 5
|
||||
KLEE: WARNING ONCE: calling external: printf(132222713593856) at comprehensive_vulnerability_test.c:78 5
|
||||
KLEE: WARNING ONCE: calling external: signal(2, 132219525922816) at comprehensive_vulnerability_test.c:82 5
|
||||
KLEE: WARNING ONCE: calling external: strcpy(131009452441600, 131033074761728) at comprehensive_vulnerability_test.c:168 10
|
||||
KLEE: WARNING ONCE: calling external: strcat(131018042376192, 132222310940672) at comprehensive_vulnerability_test.c:172 10
|
||||
KLEE: WARNING ONCE: calling external: sprintf(131007304957952, 132220599664640, 131033074761728) at comprehensive_vulnerability_test.c:176 9
|
||||
KLEE: ERROR: comprehensive_vulnerability_test.c:178: memory error: out of bound pointer
|
||||
KLEE: NOTE: now ignoring this error at this location
|
||||
|
||||
KLEE: done: total instructions = 2817
|
||||
KLEE: done: completed paths = 0
|
||||
KLEE: done: partially completed paths = 1
|
||||
KLEE: done: generated tests = 1
|
||||
=== 综合漏洞测试程序 (400+ 行) ===
|
||||
测试各种类型的软件漏洞...
|
||||
|
||||
1. 缓冲区溢出漏洞测试
|
||||
array[0] = 1
|
||||
array[1] = 2
|
||||
array[2] = 3
|
||||
array[3] = 4
|
||||
array[4] = 5
|
||||
KLEE: NOTE: Using POSIX model: /usr/local/lib/klee/runtime/libkleeRuntimePOSIX64_Debug+Asserts.bca
|
||||
KLEE: output directory is "/root/klee-build/symbolic-engine/src/klee_output"
|
||||
KLEE: Using Z3 solver backend
|
||||
KLEE: Deterministic allocator: Using quarantine queue size 8
|
||||
KLEE: Deterministic allocator: globals (start-address=0x7dfee6a00000 size=10 GiB)
|
||||
KLEE: Deterministic allocator: constants (start-address=0x7dfc66a00000 size=10 GiB)
|
||||
KLEE: Deterministic allocator: heap (start-address=0x7cfc66a00000 size=1024 GiB)
|
||||
KLEE: Deterministic allocator: stack (start-address=0x7cdc66a00000 size=128 GiB)
|
||||
KLEE: WARNING: undefined reference to function: atoi
|
||||
KLEE: WARNING: undefined reference to function: fclose
|
||||
KLEE: WARNING: undefined reference to function: fgets
|
||||
KLEE: WARNING: undefined reference to function: fopen
|
||||
KLEE: WARNING: undefined reference to function: fprintf
|
||||
KLEE: WARNING: undefined reference to function: gets
|
||||
KLEE: WARNING: undefined reference to function: printf
|
||||
KLEE: WARNING: undefined reference to function: pthread_create
|
||||
KLEE: WARNING: undefined reference to function: pthread_join
|
||||
KLEE: WARNING: undefined reference to function: pthread_mutex_lock
|
||||
KLEE: WARNING: undefined reference to function: pthread_mutex_unlock
|
||||
KLEE: WARNING: undefined reference to function: pthread_self
|
||||
KLEE: WARNING: undefined reference to function: rand
|
||||
KLEE: WARNING: undefined reference to function: signal
|
||||
KLEE: WARNING: undefined reference to function: snprintf
|
||||
KLEE: WARNING: undefined reference to function: sprintf
|
||||
KLEE: WARNING: undefined reference to function: srand
|
||||
KLEE: WARNING: undefined reference to function: strcat
|
||||
KLEE: WARNING: undefined reference to function: strcpy
|
||||
KLEE: WARNING: undefined reference to function: strlen
|
||||
KLEE: WARNING: undefined reference to function: strncmp
|
||||
KLEE: WARNING ONCE: Alignment of memory from call "malloc" is not modelled. Using alignment of 8.
|
||||
KLEE: WARNING ONCE: calling external: syscall(4, 138525020258304, 137341890985984) at runtime/POSIX/fd.c:530 5
|
||||
KLEE: WARNING ONCE: calling external: printf(138529382334464) at comprehensive_vulnerability_test.c:78 5
|
||||
KLEE: WARNING ONCE: calling external: signal(2, 138526194663424) at comprehensive_vulnerability_test.c:82 5
|
||||
KLEE: WARNING ONCE: calling external: strcpy(137316121182208, 137339743502336) at comprehensive_vulnerability_test.c:168 10
|
||||
KLEE: WARNING ONCE: calling external: strcat(137324711116800, 138528979681280) at comprehensive_vulnerability_test.c:172 10
|
||||
KLEE: WARNING ONCE: calling external: sprintf(137313973698560, 138527268405248, 137339743502336) at comprehensive_vulnerability_test.c:176 9
|
||||
KLEE: ERROR: comprehensive_vulnerability_test.c:178: memory error: out of bound pointer
|
||||
KLEE: NOTE: now ignoring this error at this location
|
||||
|
||||
KLEE: done: total instructions = 2817
|
||||
KLEE: done: completed paths = 0
|
||||
KLEE: done: partially completed paths = 1
|
||||
KLEE: done: generated tests = 1
|
||||
=== 综合漏洞测试程序 (400+ 行) ===
|
||||
测试各种类型的软件漏洞...
|
||||
|
||||
1. 缓冲区溢出漏洞测试
|
||||
array[0] = 1
|
||||
array[1] = 2
|
||||
array[2] = 3
|
||||
array[3] = 4
|
||||
array[4] = 5
|
||||
=== 测试修复后的智能分析器 ===
|
||||
分析文件: comprehensive_vulnerability_test.c
|
||||
|
||||
=== 智能符号执行分析引擎 ===
|
||||
分析文件: comprehensive_vulnerability_test.c
|
||||
分析时间: 2025-10-28 17:13:57
|
||||
文件哈希: 21207_1761036648
|
||||
|
||||
编译源代码为LLVM bitcode...
|
||||
编译成功: comprehensive_vulnerability_test.c.bc
|
||||
选择KLEE配置: balanced
|
||||
参数: 时间=1200s, 内存=64MB, 指令=20000000, 分支=2000
|
||||
|
||||
运行KLEE符号执行分析...
|
||||
命令: klee --posix-runtime --output-dir=klee_output --max-time=1200 --max-memory=65536 --max-instructions=20000000 --max-solver-time=300 --max-forks=2000 --max-stack-frames=100 --max-sym-array-size=2000 --batch-instructions=1000 --search=nurs:covnew --rng-seed=585 --use-merge --use-batching-search --optimize --use-independent-solver comprehensive_vulnerability_test.c.bc
|
||||
KLEE分析完成
|
||||
KLEE确认了 0 个漏洞
|
||||
|
||||
=== 漏洞统计报告 ===
|
||||
严重性分布:
|
||||
严重性 1: 1 个漏洞
|
||||
KLEE确认率: 0.0% (0/1)
|
||||
平均置信度: 100.0%
|
||||
分析KLEE输出结果...
|
||||
KLEE分析完成:
|
||||
总指令数: 2817
|
||||
完成路径: 0
|
||||
部分完成路径: 1
|
||||
生成测试用例: 1
|
||||
覆盖率: 42.00%
|
||||
错误数量: 1
|
||||
警告数量: 0
|
||||
触发自适应降级重试:切换搜索策略并限制分叉以缓解分支爆炸...
|
||||
自适应重试命令: klee --posix-runtime --output-dir=klee_output --max-time=600 --max-memory=32768 --max-instructions=10000000 --max-solver-time=120 --max-forks=500 --max-stack-frames=50 --max-sym-array-size=1000 --batch-instructions=200 --search=random-path --rng-seed=227 --use-independent-solver --optimize comprehensive_vulnerability_test.c.bc
|
||||
自适应重试完成
|
||||
KLEE确认了 1 个漏洞
|
||||
|
||||
=== 漏洞统计报告 ===
|
||||
严重性分布:
|
||||
严重性 1: 1 个漏洞
|
||||
KLEE确认率: 100.0% (1/1)
|
||||
平均置信度: 85.0%
|
||||
分析KLEE输出结果...
|
||||
KLEE分析完成:
|
||||
总指令数: 2817
|
||||
完成路径: 0
|
||||
部分完成路径: 1
|
||||
生成测试用例: 1
|
||||
覆盖率: 42.00%
|
||||
错误数量: 2
|
||||
警告数量: 0
|
||||
使用简化规则库进行漏洞检测...
|
||||
开始简化规则库漏洞检测...
|
||||
源文件: comprehensive_vulnerability_test.c, 最大漏洞数: 100
|
||||
在第 85 行发现漏洞模式: malloc(
|
||||
漏洞 1 已添加到结果中
|
||||
处理到第 100 行,已发现 1 个漏洞
|
||||
在第 165 行发现漏洞模式: strcpy(
|
||||
漏洞 2 已添加到结果中
|
||||
在第 173 行新增细粒度规则: 非字面量printf
|
||||
在第 177 行发现漏洞模式: ++
|
||||
漏洞 4 已添加到结果中
|
||||
在第 183 行发现漏洞模式: ++
|
||||
漏洞 5 已添加到结果中
|
||||
在第 191 行发现漏洞模式: malloc(
|
||||
漏洞 6 已添加到结果中
|
||||
在第 195 行发现漏洞模式: malloc(
|
||||
漏洞 7 已添加到结果中
|
||||
在第 196 行发现漏洞模式: free(
|
||||
漏洞 8 已添加到结果中
|
||||
在第 197 行新增细粒度规则: 双重释放
|
||||
在第 197 行发现漏洞模式: free(
|
||||
漏洞 10 已添加到结果中
|
||||
处理到第 200 行,已发现 10 个漏洞
|
||||
在第 200 行发现漏洞模式: malloc(
|
||||
漏洞 11 已添加到结果中
|
||||
在第 201 行发现漏洞模式: free(
|
||||
漏洞 12 已添加到结果中
|
||||
在第 202 行发现漏洞模式: strcpy(
|
||||
漏洞 13 已添加到结果中
|
||||
在第 205 行发现漏洞模式: malloc(
|
||||
漏洞 14 已添加到结果中
|
||||
在第 209 行发现漏洞模式: malloc(
|
||||
漏洞 15 已添加到结果中
|
||||
在第 233 行发现漏洞模式: malloc(
|
||||
漏洞 16 已添加到结果中
|
||||
在第 236 行发现漏洞模式: ++
|
||||
漏洞 17 已添加到结果中
|
||||
在第 241 行发现漏洞模式: malloc(
|
||||
漏洞 18 已添加到结果中
|
||||
在第 249 行发现漏洞模式: strcpy(
|
||||
漏洞 19 已添加到结果中
|
||||
在第 256 行新增细粒度规则: 非字面量printf
|
||||
在第 261 行新增细粒度规则: 非字面量printf
|
||||
在第 267 行新增细粒度规则: 非字面量printf
|
||||
在第 275 行发现漏洞模式: ++
|
||||
漏洞 23 已添加到结果中
|
||||
在第 276 行新增细粒度规则: 粗略竞态
|
||||
在第 276 行发现漏洞模式: pthread_create
|
||||
漏洞 25 已添加到结果中
|
||||
在第 279 行发现漏洞模式: ++
|
||||
漏洞 26 已添加到结果中
|
||||
在第 284 行发现漏洞模式: ++
|
||||
漏洞 27 已添加到结果中
|
||||
在第 289 行新增细粒度规则: 非字面量printf
|
||||
处理到第 300 行,已发现 28 个漏洞
|
||||
在第 305 行发现漏洞模式: malloc(
|
||||
漏洞 29 已添加到结果中
|
||||
在第 306 行发现漏洞模式: strcpy(
|
||||
漏洞 30 已添加到结果中
|
||||
在第 310 行发现漏洞模式: strcpy(
|
||||
漏洞 31 已添加到结果中
|
||||
在第 315 行发现漏洞模式: malloc(
|
||||
漏洞 32 已添加到结果中
|
||||
在第 316 行发现漏洞模式: strcpy(
|
||||
漏洞 33 已添加到结果中
|
||||
在第 317 行发现漏洞模式: free(
|
||||
漏洞 34 已添加到结果中
|
||||
在第 323 行发现漏洞模式: strcpy(
|
||||
漏洞 35 已添加到结果中
|
||||
在第 326 行新增细粒度规则: UAF初筛
|
||||
在第 332 行发现漏洞模式: malloc(
|
||||
漏洞 37 已添加到结果中
|
||||
在第 333 行发现漏洞模式: malloc(
|
||||
漏洞 38 已添加到结果中
|
||||
在第 336 行发现漏洞模式: free(
|
||||
漏洞 39 已添加到结果中
|
||||
在第 339 行新增细粒度规则: 双重释放
|
||||
在第 339 行发现漏洞模式: free(
|
||||
漏洞 41 已添加到结果中
|
||||
在第 343 行发现漏洞模式: free(
|
||||
漏洞 42 已添加到结果中
|
||||
在第 347 行发现漏洞模式: free(
|
||||
漏洞 43 已添加到结果中
|
||||
在第 365 行新增细粒度规则: UAF初筛
|
||||
在第 366 行发现漏洞模式: strcpy(
|
||||
漏洞 45 已添加到结果中
|
||||
在第 373 行新增细粒度规则: UAF初筛
|
||||
在第 386 行新增细粒度规则: UAF初筛
|
||||
在第 386 行发现漏洞模式: malloc(
|
||||
漏洞 48 已添加到结果中
|
||||
在第 387 行新增细粒度规则: UAF初筛
|
||||
在第 388 行新增细粒度规则: UAF初筛
|
||||
在第 399 行发现漏洞模式: malloc(
|
||||
漏洞 51 已添加到结果中
|
||||
在第 400 行新增细粒度规则: 双重释放
|
||||
处理到第 400 行,已发现 52 个漏洞
|
||||
在第 400 行发现漏洞模式: free(
|
||||
漏洞 53 已添加到结果中
|
||||
在第 408 行新增细粒度规则: 非字面量printf
|
||||
在第 430 行发现漏洞模式: strcpy(
|
||||
漏洞 55 已添加到结果中
|
||||
在第 452 行发现漏洞模式: ++
|
||||
漏洞 56 已添加到结果中
|
||||
在第 464 行发现漏洞模式: ++
|
||||
漏洞 57 已添加到结果中
|
||||
在第 465 行新增细粒度规则: 粗略竞态
|
||||
在第 465 行发现漏洞模式: pthread_create
|
||||
漏洞 59 已添加到结果中
|
||||
在第 468 行发现漏洞模式: ++
|
||||
漏洞 60 已添加到结果中
|
||||
在第 490 行发现漏洞模式: ++
|
||||
漏洞 61 已添加到结果中
|
||||
在第 491 行发现漏洞模式: ++
|
||||
漏洞 62 已添加到结果中
|
||||
处理到第 500 行,已发现 62 个漏洞
|
||||
在第 521 行发现漏洞模式: ++
|
||||
漏洞 63 已添加到结果中
|
||||
在第 527 行发现漏洞模式: ++
|
||||
漏洞 64 已添加到结果中
|
||||
在第 528 行新增细粒度规则: UAF初筛
|
||||
在第 528 行发现漏洞模式: malloc(
|
||||
漏洞 66 已添加到结果中
|
||||
在第 534 行新增细粒度规则: 粗略竞态
|
||||
在第 534 行发现漏洞模式: pthread_create
|
||||
漏洞 68 已添加到结果中
|
||||
在第 541 行发现漏洞模式: strcpy(
|
||||
漏洞 69 已添加到结果中
|
||||
在第 548 行发现漏洞模式: strcpy(
|
||||
漏洞 70 已添加到结果中
|
||||
在第 553 行发现漏洞模式: malloc(
|
||||
漏洞 71 已添加到结果中
|
||||
在第 582 行发现漏洞模式: strcpy(
|
||||
漏洞 72 已添加到结果中
|
||||
在第 586 行新增细粒度规则: 非字面量printf
|
||||
在第 592 行发现漏洞模式: ++
|
||||
漏洞 74 已添加到结果中
|
||||
在第 596 行发现漏洞模式: strcpy(
|
||||
漏洞 75 已添加到结果中
|
||||
处理到第 600 行,已发现 75 个漏洞
|
||||
在第 610 行发现漏洞模式: free(
|
||||
漏洞 76 已添加到结果中
|
||||
在第 611 行新增细粒度规则: UAF初筛
|
||||
在第 616 行发现漏洞模式: strcpy(
|
||||
漏洞 78 已添加到结果中
|
||||
在第 629 行发现漏洞模式: malloc(
|
||||
漏洞 79 已添加到结果中
|
||||
在第 634 行新增细粒度规则: 非字面量printf
|
||||
在第 641 行新增细粒度规则: 非字面量printf
|
||||
在第 648 行发现漏洞模式: ++
|
||||
漏洞 82 已添加到结果中
|
||||
在第 655 行发现漏洞模式: ++
|
||||
漏洞 83 已添加到结果中
|
||||
在第 663 行发现漏洞模式: malloc(
|
||||
漏洞 84 已添加到结果中
|
||||
在第 669 行发现漏洞模式: strcpy(
|
||||
漏洞 85 已添加到结果中
|
||||
在第 687 行新增细粒度规则: UAF初筛
|
||||
在第 687 行发现漏洞模式: malloc(
|
||||
漏洞 87 已添Checking comprehensive_vulnerability_test.c ...
|
||||
加到结果中
|
||||
在第 689 行发现漏洞模式: strcpy(
|
||||
漏洞 88 已添加到结果中
|
||||
在第 690 行新增细粒度规则: 双重释放
|
||||
在第 690 行发现漏洞模式: free(
|
||||
漏洞 90 已添加到结果中
|
||||
处理到第 700 行,已发现 90 个漏洞
|
||||
简化规则库检测完成,发现 90 个漏洞
|
||||
简化规则库检测完成,发现 90 个漏洞
|
||||
计算代码质量指标...
|
||||
关联KLEE结果与漏洞分析...
|
||||
KLEE确认了 0 个漏洞
|
||||
|
||||
=== 集成静态工具分析 ===
|
||||
运行 cppcheck: cppcheck --enable=all --xml --xml-version=2 comprehensive_vulnerability_test.c 2> output/cppcheck_comprehensive_vulnerability_test.c.xml
|
||||
cppcheck 发现 78 个问题
|
||||
运行 clang-tidy: clang-tidy comprehensive_vulnerability_test.c -- -std=c99 > output/clang_tidy_comprehensive_vulnerability_test.c.txt 2>&1
|
||||
clang-tidy 发现 4 个问题
|
||||
静态工具分析完成,共发现 82 个问题
|
||||
|
||||
=== 处理 KLEE 测试用例并生成 PoC ===
|
||||
PoC 生成功能已启用(简化版,避免崩溃)
|
||||
已生成 1 个 .ktest 文件
|
||||
|
||||
分析完成,耗时: 576 毫秒
|
||||
解析历史记录JSON数据...
|
||||
分析归档已创建: output/archives/analysis_1761642838_0_archive.tar.gz
|
||||
分析结果已添加到历史记录: analysis_1761642838_0
|
||||
|
||||
=== 分析摘要 ===
|
||||
漏洞总数: 100
|
||||
KLEE确认: 0
|
||||
覆盖率: 42.00%
|
||||
分析耗时: 576 毫秒
|
||||
智能报告已生成: output/static_analysis_report.txt
|
||||
JSON报告已生成: output/static_analysis_report.json
|
||||
正在生成增强HTML报告...
|
||||
增强HTML报告已生成: output/enhanced_analysis_report.html
|
||||
正在生成增强JSON报告...
|
||||
增强JSON报告已生成: output/enhanced_analysis_report.json
|
||||
|
||||
=== 分析完成 ===
|
||||
Loading…
Reference in new issue