Question 1

How to use weggli to find buffer overflows?

Accepted Answer

Use patterns like '{ _ $buf[_]; memcpy($buf,_,_); }' to identify memcpy calls into stack buffers, as shown in the examples. Adjust variables and add constraints with --regex for more specificity.

Question 2

weggli vs Semgrep for C++ code analysis?

Accepted Answer

weggli is faster and requires minimal setup, focusing exclusively on C/C++ with a query language that mimics code syntax. Semgrep supports more languages and has a larger rule ecosystem but might be slower and require more configuration for C++.

Question 3

Can weggli handle preprocessor macros?

Accepted Answer

weggli parses ASTs using tree-sitter, which processes standard C/C++ syntax. Preprocessor macros are typically expanded before parsing, so weggli might not directly match macro definitions unless they are resolved in the source code.

Question 4

How to install weggli on Windows?

Accepted Answer

Install Rust via rustup, then run 'cargo install weggli'. Ensure the Rust toolchain is set up correctly on Windows, as per the build instructions using cargo.

Question 5

Does weggli support cross-function analysis?

Accepted Answer

weggli primarily matches patterns within functions. For cross-function analysis, you can use multiple patterns with the --pattern option, but it's less seamless than tools with built-in data flow tracking.

Question 6

How to filter false positives in weggli results?

Accepted Answer

Use the --regex option to constrain variable matches, or apply negative subqueries with 'not:' to exclude specific patterns. The --unique flag can also help by enforcing variable uniqueness.

weggli

What is weggli?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Open Source Alternative To

Frequently Asked Questions