New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
C++: New query for SSL result conflation #7242
Conversation
LGTM! Could we upgrade this query to precision high right away? It's certainly not very noisy!
|
Actually. Do you mind running DCA to make sure we don't get any re-evaluation in the suite @geoffw0? |
|
Will do... |
I'd like to tune it to detect a bit more (support more libraries and more variants of logic / flow), but the truth may be that the mistake simply isn't as common as the CWE examples led us to believe. I'm a bit reluctant to increase precision to |
|
DCA shows no significant change in performance. |
|
Great! Merging! |
This is the first of two new queries for CWE-295: Improper Certificate Validation.
Results:
Precision:
@medium, it's difficult to judge without seeing more real world results.Performance:
kamailio_kamailioandchakra-core(performance is great with a warmed up cache)The text was updated successfully, but these errors were encountered: