You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
This is amazing tool! I have been able to find dozens of valid bugs in our production code with weggli for code review. It is very effective for simple pattern query.
There is a major issue: weggli doesn't support cross function query and data tainting, which is very basic requirement for complex pattern search. For example:
func1(int v)
{
in b = v;
func2(b);
}
func2(int v)
{
memcpy(,,v);
}
in above code, if func1 is the attack surface, there is no way to track data flow, i.e., do data tainting, to track the value to the final memcpy. Simply query memcpy wont help since too many false positives. Not sure if tree-sitter supports this since data tracking usually needs to build the code, or is there any solution to partially support this?
The text was updated successfully, but these errors were encountered:
Hi,
This is amazing tool! I have been able to find dozens of valid bugs in our production code with weggli for code review. It is very effective for simple pattern query.
There is a major issue: weggli doesn't support cross function query and data tainting, which is very basic requirement for complex pattern search. For example:
func1(int v)
{
in b = v;
func2(b);
}
func2(int v)
{
memcpy(,,v);
}
in above code, if func1 is the attack surface, there is no way to track data flow, i.e., do data tainting, to track the value to the final memcpy. Simply query memcpy wont help since too many false positives. Not sure if tree-sitter supports this since data tracking usually needs to build the code, or is there any solution to partially support this?
The text was updated successfully, but these errors were encountered: