Merge pull request #475 from vobst/prepare_0.9_release

Prepare 0.9 release

Author: vobst

.github/workflows/acceptance-tests.yml

@@ -42,14 +42,14 @@ jobs:
       - uses: actions-rs/toolchain@v1
         with:
           profile: minimal
-          toolchain: stable
+          toolchain: 1.76.0
           override: true
       - name: Install cwe_checker
         run: make all GHIDRA_PATH=/opt/ghidra
       - uses: actions-rs/cargo@v1
         with:
           command: test
-          args: --no-fail-fast -p acceptance_tests_ghidra -- --show-output --ignored --test-threads 1
+          args: --locked --no-fail-fast -p acceptance_tests_ghidra -- --show-output --ignored --test-threads 1
 
   docker-build:
     runs-on: ubuntu-latest

.github/workflows/codestyle_checks.yml

@@ -17,7 +17,7 @@ jobs:
       - uses: actions-rs/toolchain@v1
         with:
           profile: minimal
-          toolchain: stable
+          toolchain: 1.76.0
           override: true
           components: rustfmt
       - uses: actions-rs/cargo@v1
@@ -33,13 +33,17 @@ jobs:
       - uses: actions-rs/toolchain@v1
         with:
           profile: minimal
-          toolchain: stable
+          toolchain: 1.76.0
           override: true
           components: clippy
       - uses: actions-rs/cargo@v1
         with:
           command: clippy
           args: -- -D clippy::all -D missing_docs
+      - uses: actions-rs/cargo@v1
+        with:
+          command: clippy
+          args: -p cwe_checker_lib --bench "benchmarks" -- -D clippy::all
 
   doc:
     name: Rustdoc
@@ -49,10 +53,10 @@ jobs:
       - uses: actions-rs/toolchain@v1
         with:
           profile: minimal
-          toolchain: stable
+          toolchain: 1.76.0
           override: true
           components: rust-docs
       - uses: actions-rs/cargo@v1
         with:
           command: doc
-          args: --no-deps --document-private-items
+          args: --no-deps --document-private-items

.github/workflows/unit-tests.yml

@@ -16,8 +16,9 @@ jobs:
       - uses: actions-rs/toolchain@v1
         with:
           profile: minimal
-          toolchain: stable
+          toolchain: 1.76.0
           override: true
       - uses: actions-rs/cargo@v1
         with:
-          command: test
+          command: test
+          args: --locked

CHANGES.md

@@ -1,4 +1,7 @@
-0.9-dev
+0.10-dev
+===
+
+0.9 (2024-08)
 ===
 
 -   Fixed an issue in the pcode to IR translation (PR #470)

Cargo.lock

@@ -3,7 +3,7 @@ FROM rust:1.76-bullseye AS builder
 WORKDIR /cwe_checker
 
 COPY . .
-RUN cargo build --release
+RUN cargo build --locked --release
 
 FROM ghcr.io/fkie-cad/ghidra_headless_base:10.2.3 as runtime
 

Dockerfile

@@ -2,11 +2,11 @@ GHIDRA_PATH =
 
 .PHONY: all clean test uninstall docker
 all:
-	cargo build -p cwe_checker_install --release
+	cargo build --locked -p cwe_checker_install --release
 	./target/release/cwe_checker_install ${GHIDRA_PATH}
 
 test:
-	cargo test
+	cargo test --locked
 	if [ ! -d "test/artificial_samples/build" ]; then \
 		echo "Acceptance test binaries not found. Please see test/artificial_samples/Readme.md for build instructions."; \
 		exit -1; \
@@ -15,7 +15,7 @@ test:
 		echo "Acceptance test LKMs not found. Please see test/lkm_samples/Readme.md for build instructions."; \
 		exit -1; \
 	fi
-	cargo test --no-fail-fast -p acceptance_tests_ghidra -- --show-output --ignored --test-threads 1
+	cargo test --locked --no-fail-fast -p acceptance_tests_ghidra -- --show-output --ignored --test-threads 1
 
 compile_test_files:
 	pushd test/artificial_samples \
@@ -36,7 +36,7 @@ clean:
 	rm -f -r doc/html
 
 uninstall:
-	cargo build -p cwe_checker_install --release
+	cargo build --locked -p cwe_checker_install --release
 	./target/release/cwe_checker_install --uninstall
 
 documentation:

Makefile

@@ -6,7 +6,7 @@
 ![Acceptance tests](https://github.com/fkie-cad/cwe_checker/actions/workflows/acceptance-tests.yml/badge.svg?branch=master)
 ![Unit tests](https://github.com/fkie-cad/cwe_checker/actions/workflows/unit-tests.yml/badge.svg?branch=master)
 ![Docker-Pulls](https://img.shields.io/docker/pulls/fkiecad/cwe_checker.svg)
-[![Documentation](https://img.shields.io/badge/doc-stable-green.svg)](https://fkie-cad.github.io/cwe_checker/index.html)
+[![Documentation](https://img.shields.io/badge/doc-stable-green.svg)](https://docs.cwe-checker.io/index.html)
 
 ## What is cwe_checker? ##
 cwe_checker is a suite of checks to detect common bug classes such as Null pointer dereferences and buffer overflows.
@@ -39,7 +39,7 @@ The following arguments should convince you to give *cwe_checker* a try:
 The simplest way is to pull the latest Docker image from the [Github container registry](https://github.com/fkie-cad/cwe_checker/pkgs/container/cwe_checker):
 -   `docker pull ghcr.io/fkie-cad/cwe_checker:latest` yields an image based on the current master branch.
 -   `docker pull ghcr.io/fkie-cad/cwe_checker:stable` yields an image based on the latest stable release version.
--   `docker pull ghcr.io/fkie-cad/cwe_checker:v0.8` yields an image based on the v0.8 stable release version.
+-   `docker pull ghcr.io/fkie-cad/cwe_checker:v0.9` yields an image based on the v0.9 stable release version.
 However, it is recommended to switch to newer stable releases as soon as they get published, since improvements between stable versions can be quite significant.
 
 If you want to build the docker image yourself, just run
@@ -81,7 +81,7 @@ There is _experimental_ support for the analysis of Linux loadable kernel module
 subset of the CWE checks available for user-space programs. Analyses are
 configurable via a separate [configuration file](src/lkm_config.json).
 
-If you use the stable version, you can also look at the [online documentation](https://fkie-cad.github.io/cwe_checker/index.html) for more information.
+If you use the stable version, you can also look at the [online documentation](https://docs.cwe-checker.io/index.html) for more information.
 
 ### For Bare-Metal Binaries ###
 
@@ -90,13 +90,13 @@ For that one needs to provide a bare metal configuration file via the `--bare-me
 An example for such a configuration file can be found at `bare_metal/stm32f407vg.json`
 (which was created and tested for an STM32F407VG MCU).
 
-For more information take a look at the [online documentation](https://fkie-cad.github.io/cwe_checker/index.html).
+For more information take a look at the [online documentation](https://docs.cwe-checker.io/index.html).
 
 ## Documentation and Tests ##
 
 The test binaries for our test suite can be built with `make compile_test_files` (needs Docker to be installed!). The test suite can then be run with `make test`.
 
-Source code documentation can be built with `make documentation`. For the stable version, the documentation can be found [here](https://fkie-cad.github.io/cwe_checker/index.html).
+Source code documentation can be built with `make documentation`. For the stable version, the documentation can be found [here](https://docs.cwe-checker.io/index.html).
 
 ## Implemented Checks <a name=checks></a> ##
 
@@ -120,7 +120,7 @@ So far the following analyses are implemented:
 -   [CWE-789](https://cwe.mitre.org/data/definitions/789.html): Memory Allocation with Excessive Size Value
 
 Please note that both false positives and false negatives are to be expected due to shortcuts and the nature of static analysis as well as over-approximation.
-You can find information on the inner workings of each check as well as known reasons for false positives and false negatives on the [check-specific documentation pages](https://fkie-cad.github.io/cwe_checker/doc/html/cwe_checker_lib/checkers/index.html).
+You can find information on the inner workings of each check as well as known reasons for false positives and false negatives on the [check-specific documentation pages](https://docs.cwe-checker.io/cwe_checker_lib/checkers/index.html).
 
 ## Integration into other tools ##
 

README.md

@@ -1,7 +1,7 @@
 [package]
 name = "cwe_checker"
-version = "0.9.0-dev"
-authors = ["Fraunhofer FKIE <firmware-security@fkie.fraunhofer.de>"]
+version = "0.9.0"
+authors = ["Fraunhofer FKIE <contact@cwe-checker.io>"]
 edition = "2021"
 rust-version = "1.76"
 

src/caller/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "cwe_checker_lib"
-version = "0.9.0-dev"
-authors = ["Fraunhofer FKIE <firmware-security@fkie.fraunhofer.de>"]
+version = "0.9.0"
+authors = ["Fraunhofer FKIE <contact@cwe-checker.io>"]
 edition = "2021"
 rust-version = "1.76"