OASIS Static Analysis Results Interchange Format (SARIF) TC

  • 1.  Question about locations

    Posted 12-13-2018 17:23
    All: Would it be an appropriate use of fullyQualifiedLogicalName to encode an effective address within a binary? I would use it with a kind of "address". I see that there is a slot in the stack object for an address, but that's the only place an address can show up. In my use case (static and dynamic analysis of binaries where the source is not available), I need to express locations in terms of their effective address. -Paul -- Paul Anderson, VP of Engineering, GrammaTech, Inc. 531 Esty St., Ithaca, NY 14850 Tel: +1 607 273-7340 x118; http://www.grammatech.com


  • 2.  RE: [sarif] Question about locations

    Posted 12-13-2018 17:30
    To specify an offset in a binary, you can use location.physicalLocation.region.byteOffset. Does that meet your need? If not, IMO we would add an "address" property to the physicalLocation object -- this is a physical, not a logical attribute. Larry


  • 3.  Re: [sarif] Question about locations

    Posted 12-13-2018 17:38
    Larry: On 12/13/2018 12:30 PM, Larry Golding (Myriad Consulting Inc) wrote: To specify an offset in a binary, you can use location.physicalLocation.region.byteOffset. Does that meet your need? Maybe, but I've been thinking of that as different. An effective address of X doesn't show up in a DLL at byte offset X. If not, IMO we would add an "address" property to the physicalLocation object -- this is a physical, not a logical attribute. That would work. It would also allow you to move the address property out of the stack object down into the associated physicalLocation. -Paul Larry


  • 4.  RE: [sarif] Question about locations

    Posted 12-13-2018 17:42
    Oh, I like that. Michael, what do you think?


  • 5.  Re: [sarif] Question about locations

    Posted 12-17-2018 21:45
    Any more thoughts on this? Should I submit this as an issue? Effective address is kind of a funny beast. It isn't quite a physical location, nor a logical one, at least IMHO. I agree that it is more on the physical end of the spectrum though. -Paul On 12/13/2018 12:42 PM, Larry Golding (Myriad Consulting Inc) wrote: Oh, I like that. Michael, what do you think?


  • 6.  RE: [sarif] Question about locations

    Posted 12-17-2018 21:47
    Please submit it. Michael can add his thoughts to the issue. Thanks, Larry