Skip to content

Static analysis tool based on clang, which detects source-to-binary information leaks in C and C++ projects

License

Notifications You must be signed in to change notification settings

ergrelet/cpplumber

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

53 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

cpplumber License rustc 1.63.0 Tests Status Coverage Status

Cpplumber is a static analysis tool that helps detecting and keeping track of C and C++ source code information that leaks into compiled executable files.

The project is written in Rust and depends on libclang, so it's cross-platform and can be used on projects that use the latest C and C++ standards.

Key Features

  • Supports JSON compilation databases
  • Tracks leaks of string literals, struct names and class names
  • Allows filtering reported leaks through a YAML configuration file
  • Generates raw text and JSON reports

Quick Example

Imagine you have a source file file1.c that you compiled into a.out and you want to know if some string literal ended up in a.out, you can simply do:

$ cpplumber --bin a.out file1.c
[2022-09-24T19:57:14Z INFO  cpplumber] Gathering source files...
[2022-09-24T19:57:14Z INFO  cpplumber] Filtering suppressed files...
[2022-09-24T19:57:14Z INFO  cpplumber] Extracting artifacts from source files...
[2022-09-24T19:57:15Z INFO  cpplumber] Filtering suppressed artifacts...
[2022-09-24T19:57:15Z INFO  cpplumber] Looking for leaks in 'a.out'...
"My_Super_Secret_API_Key" (string literal) leaked at offset 0x14f20 in "/full/path/to/a.out" [declared at /full/path/to/file1.c:5]
Error: Leaks detected!

Documentation

The full user documentation is available here (and also here as Markdown).

How to Build

Rust version 1.63.0 or greater is needed to build the project.

git clone https://github.com/ergrelet/cpplumber.git
cd cpplumber
cargo build --release

How to Install

If you have Rust installed, you can easily install Cpplumber with cargo:

cargo install --git https://github.com/ergrelet/cpplumber --tag 0.1.0

After that, you can invoke cpplumber from anywhere through the command-line.

Keep in mind that you need to have the required dependencies installed for cpplumber to run properly. Check out the user documentation for more details.