Skip to content

How to write a detector

Jump to bottom
Simone edited this page Jul 13, 2023 · 4 revisions

Add a test in tests/detectors/ with the name of your detector and an example of what it should detect.
Create your new detector in detectors/.
Add your detector in get_detectors.
It needs to be a struct which implements the Detector trait. name/description/impact/confidence functions are self explaining.
In the run function you will get a reference to the CoreUnit object, as of now you only need to get the compilation units from it and then it's likely you need to decide to iterate over all the functions or only user defined (see CompilationUnit) in each CompilationUnit.
Depending on the what your detector needs to do you can use metadata from the Function object such as the events the current function emits, or iterate over the SIERRA statements.
You must return a Vec<Result> so when you find something that should be reported add a Result element in your array that at the end you will return.
Now that your detector is ready run cargo test, it will fail. We do snapshot testing for the detectors using the insta crate.
To make cargo test not fail run cargo insta review (if you don't have it installed do cargo install cargo-insta).
See the proposed output and if it matches what you expect accept it otherwise go back to your detector and improve it.
Lastly run cargo fmt and cargo clippy.

Clone this wiki locally