mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-06 19:35:13 +02:00
f96a89e7c1
* feat: Enhance control flow analysis with function summaries and taint analysis * feat: Update taint analysis to utilize function summaries for enhanced tracking * Refactor `walk.rs` batch processing and override handling: - Renamed `Batcher` to `BatchSender` for clarity. - Added `BatchSender::new` constructor for cleaner initialization. - Simplified batch size management in `BatchSender`. - Extracted `build_overrides` function for reusable override construction. - Improved error handling and validation in override building. - Enhanced performance with directory and file type filtering in `walk`. * Improve logging and streamline directory walk process: - Added detailed `tracing` logs for debugging batch flushes, override construction, and walk initialization/completion. - Optimized and simplified `filter_entry` logic for directory and file type filters. - Improved metadata checks and max file size enforcement during the scan. * Refactor and optimize taint tracking, label rules, and directory walk process: - Replaced `DefaultHasher` with `blake3::Hasher` for improved taint hashing. - Enhanced sorting and hashing logic in `taint.rs` for consistency and efficiency. - Removed unused `set_hash` function and redundant imports across files. - Improved batch sender logic in `walk.rs`, renaming key components for clarity. - Unified `spawn_senders` and `spawn_file_walker` with thread handling and channel tuple return. - Expanded label rules with additional matchers for sources, sanitizers, and sinks. - Deprecated `dump_cfg` and specific logging utilities in `cfg.rs` for code cleanup. * fix: fixed let chains error in walk.rs * fix: updated dependencies * fix: updated dependencies * chore: Remove standard error in scan.rs * feat: Introduce function summaries for enhanced taint and control flow analysis * feat: Enhance taint analysis with interop support and function summaries * feat: Add configuration analysis module and enhance matcher rules * feat: Add arity column to function_summaries and handle schema migration * fix: fixed clippy &PathBuf warnings * chore: Update dependencies and versioning in Cargo files * docs: Update README to enhance clarity and detail on features and analysis modes * chore: Update CHANGELOG for version 0.2.0 with new features, changes, and fixes * docs: Update SECURITY.md to clarify version support status --------- Co-authored-by: elipeter <eli.peter@es.fcm.travel>
45 lines
1.3 KiB
C
45 lines
1.3 KiB
C
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
|
|
/* ───── Safe string handling ─────
|
|
* Demonstrates proper bounded operations that should NOT trigger findings.
|
|
*/
|
|
|
|
/* SAFE: uses snprintf with explicit size limit */
|
|
void safe_format_message(const char *user, char *out, size_t out_size) {
|
|
snprintf(out, out_size, "Hello, %s! Welcome back.", user);
|
|
}
|
|
|
|
/* SAFE: uses strncpy with explicit length */
|
|
void safe_copy_path(const char *src, char *dst, size_t dst_size) {
|
|
strncpy(dst, src, dst_size - 1);
|
|
dst[dst_size - 1] = '\0';
|
|
}
|
|
|
|
/* SAFE: uses fgets with proper buffer size, no dangerous operations */
|
|
void safe_read_config(const char *path) {
|
|
FILE *f = fopen(path, "r");
|
|
if (!f) return;
|
|
|
|
char line[256];
|
|
while (fgets(line, sizeof(line), f) != NULL) {
|
|
/* Just log the line, no shell execution */
|
|
printf("Config: %s", line);
|
|
}
|
|
fclose(f);
|
|
}
|
|
|
|
/* SAFE: pure computation, no external input */
|
|
int safe_calculate_checksum(const unsigned char *data, size_t len) {
|
|
int sum = 0;
|
|
for (size_t i = 0; i < len; i++) {
|
|
sum = (sum + data[i]) & 0xFFFF;
|
|
}
|
|
return sum;
|
|
}
|
|
|
|
/* SAFE: hardcoded command, no taint from environment */
|
|
void safe_list_directory(void) {
|
|
system("ls -la /var/log");
|
|
}
|