Feature #7415
openAdd support for vulnerability groups
0%
Description
Sometimes people are interested in checking rules that aren't related with particular API, e.g. mutexes or memory allocation functions, but that can lead to certain vulnerabilities. For instance, there can be a vulnerability group that includes deadlocks and race conditions in one thread (bug kind patterns are "double lock", "double unlock", "locked at exit" and something more specific). Examples of other vulnerability groups are resource leaks, null pointer dereferences and hang ups (e.g. as a consequence of calling might sleep functions in the atomic context). Everything else that isn't matched with any vulnerability group bug kind pattern should belong to vulnerability group "Other".
We need to extend the rule specifications base (add descriptions of vulnerability groups and corresponding bug kind patterns) and add corresponding filtering in tools (RSG or/and VTG).
Updated by Evgeny Novikov over 8 years ago
I started work on this issue in branch vulnerability-groups.
Updated by Evgeny Novikov over 8 years ago
- Assignee changed from Vitaly Mordan to Evgeny Novikov
No progress for one of the most important features during almost 2 weeks while unnecessary automata are actively developed!
Updated by Evgeny Novikov about 8 years ago
- Priority changed from Urgent to High
Let's start with clear list of urgent/immediate issues.
Updated by Evgeny Novikov about 8 years ago
- Priority changed from High to Urgent
Raise the priority as before.
Updated by Evgeny Novikov almost 8 years ago
- Assignee deleted (
Evgeny Novikov) - Priority changed from Urgent to High
As well as other considerable changes in [A]VTG and rule specifications this should be done later.