https://github.com/juliacomputing/hardened.jl
https://github.com/juliacomputing/hardened.jl
Last synced: 4 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/juliacomputing/hardened.jl
- Owner: JuliaComputing
- License: mit
- Created: 2024-01-17T15:55:40.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-03-14T17:19:13.000Z (over 1 year ago)
- Last Synced: 2025-01-05T16:08:26.612Z (6 months ago)
- Language: Julia
- Size: 12.7 KB
- Stars: 0
- Watchers: 5
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Hardened
Hardened.jl is a simple package to strictly check that Julia
is running with the correct flags for Hardened Compilation.
This is useful for security and safety crtical systems.
Currently this checks for:
- Bounds checking
- Global IEEE math mode
- Function overwrite
Bounds checking: overrides any `@inbounds` declarations
IEEE math mode: overrides any `@fastmath` declarations
Function overwrite: insures against resource injection and ensures testing integrity
## Example workflow
```julia
using Hardened
using PrecompileTools
# PrecompileTools workload
@setup_workload begin
# This will check that the compilation is hardened
Hardened.check()
@compile_workload begin
# ...
end
end
```
## Covered CWEs
### CWE-125: Out-of-bounds Read
### CWE-787: Out-of-bounds Write
### CWE-1339: Insufficient Precision or Accuracy of a Real Number
### CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
## Additional Checks
This package only provides coverage against some CWEs. For additional checks, tools such as [JuliaHub](mailto:[email protected]?subject=Inquiry%20about%20JuliaHub%20for%20additional%20static%20checks&body=Hello%2C%0AI%20am%20interested%20in%20learning%20more%20about%20how%20JuliaHub%20can%20provide%20additional%20static%20checks.%20Please%20provide%20me%20with%20more%20information.%0AThank%20you!%0A) can provide greater static coverage.