-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add path traversal bug detector #419
Conversation
The necessary tests for the path traversal bug detector passed at this point, the failures are due to the remaining windows issues from the command injection bug detector.
Edit: I squashed all commits into one to have a clean latest state to build on. |
d646c1f
to
3ef3f3f
Compare
9dad794
to
b08d067
Compare
e074574
to
6ea56ac
Compare
ae501d8
to
80eb61f
Compare
c507d15
to
ffd1b09
Compare
ffd1b09
to
39d98f9
Compare
- remove internal libraries from the stack trace of the finding - add tests for double-printed finding messages
- in verbose mode, print module names with full path (for non built-in modules only) to make it easier to debug hooked functions
- hooks in the path traversal bug detector that need several hookIds now use the callSiteId function
39d98f9
to
7b8a285
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thx for the detector and all the other fixes and cleanups!
Builds on top of #407 so that one should be reviewed first