Skip to content

Releases: secure-software-engineering/secucheck-core

Version 0.2.1

17 Nov 18:48
@arktt arktt
0.2.1
177781b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.2.1 Latest
Latest

Description:

An improved analysis core using Boomerang 3.x which fixes a number of issues in the previous version.

Key-points:

  • Migration of the analysis from Boomerang 2.x to 3.x version.
  • Minor change in the API for the Source and Sink site location details.
  • Some changes in the Sample application.

Known issues:

  • Required propagators are false negatively reported.
  • Out parameters to source methods; in the case of tainting a reference value, results into some internal errors.
  • Usability issue, for the sub-typed interface calls, the type of parent interface should be specified in fully qualified names in the case of taint-flow specifications.
Assets 2
Loading

Version 0.1

16 Nov 11:16
@arktt arktt
0.1
81bfd2b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.1

Description:

First release of SecuCheck Taint-analysis core.

Key-points:

  • Strongly typed API.
  • Intermediate analysis result listener with cancellation capability.
  • In-process and out-process analysis hosting.
  • Based on Boomerang 2.x.

Known issues:

  • False positives despite taint-flow breaking method's existence.
  • False negatives in the case of sink containing a call to a type with no source available.
Assets 2
Loading