commit 092fc770eb12b7046366887b8df3f23e9b3df53a
parent 686973ad36be6cfd609829d5c55669eb79d91e90
Author: finwo <finwo@pm.me>
Date: Sat, 2 May 2026 00:09:27 +0200
Project commons, basic readme
Diffstat:
9 files changed, 414 insertions(+), 29 deletions(-)
diff --git a/.clang-format b/.clang-format
@@ -0,0 +1,334 @@
+---
+Language: Cpp
+AccessModifierOffset: -1
+AlignAfterOpenBracket: Align
+AlignArrayOfStructures: None
+AlignConsecutiveAssignments:
+ Enabled: true
+ AcrossEmptyLines: false
+ AcrossComments: false
+ AlignCompound: false
+ AlignFunctionDeclarations: false
+ AlignFunctionPointers: false
+ PadOperators: true
+AlignConsecutiveBitFields:
+ Enabled: false
+ AcrossEmptyLines: false
+ AcrossComments: false
+ AlignCompound: false
+ AlignFunctionDeclarations: false
+ AlignFunctionPointers: false
+ PadOperators: false
+AlignConsecutiveDeclarations:
+ Enabled: true
+ AcrossEmptyLines: false
+ AcrossComments: false
+ AlignCompound: false
+ AlignFunctionDeclarations: true
+ AlignFunctionPointers: false
+ PadOperators: false
+AlignConsecutiveMacros:
+ Enabled: true
+ AcrossEmptyLines: false
+ AcrossComments: false
+ AlignCompound: false
+ AlignFunctionDeclarations: false
+ AlignFunctionPointers: false
+ PadOperators: false
+AlignConsecutiveShortCaseStatements:
+ Enabled: true
+ AcrossEmptyLines: false
+ AcrossComments: false
+ AlignCaseArrows: false
+ AlignCaseColons: false
+AlignConsecutiveTableGenBreakingDAGArgColons:
+ Enabled: false
+ AcrossEmptyLines: false
+ AcrossComments: false
+ AlignCompound: false
+ AlignFunctionDeclarations: false
+ AlignFunctionPointers: false
+ PadOperators: false
+AlignConsecutiveTableGenCondOperatorColons:
+ Enabled: false
+ AcrossEmptyLines: false
+ AcrossComments: false
+ AlignCompound: false
+ AlignFunctionDeclarations: false
+ AlignFunctionPointers: false
+ PadOperators: false
+AlignConsecutiveTableGenDefinitionColons:
+ Enabled: false
+ AcrossEmptyLines: false
+ AcrossComments: false
+ AlignCompound: false
+ AlignFunctionDeclarations: false
+ AlignFunctionPointers: false
+ PadOperators: false
+AlignEscapedNewlines: Left
+AlignOperands: Align
+AlignTrailingComments:
+ Kind: Always
+ OverEmptyLines: 0
+AllowAllArgumentsOnNextLine: true
+AllowAllParametersOfDeclarationOnNextLine: true
+AllowBreakBeforeNoexceptSpecifier: Never
+AllowShortBlocksOnASingleLine: Never
+AllowShortCaseExpressionOnASingleLine: true
+AllowShortCaseLabelsOnASingleLine: false
+AllowShortCompoundRequirementOnASingleLine: true
+AllowShortEnumsOnASingleLine: true
+AllowShortFunctionsOnASingleLine: None
+AllowShortIfStatementsOnASingleLine: WithoutElse
+AllowShortLambdasOnASingleLine: All
+AllowShortLoopsOnASingleLine: true
+AllowShortNamespacesOnASingleLine: false
+AlwaysBreakAfterDefinitionReturnType: None
+AlwaysBreakBeforeMultilineStrings: true
+AttributeMacros:
+ - __capability
+ - absl_nonnull
+ - absl_nullable
+ - absl_nullability_unknown
+BinPackArguments: true
+BinPackLongBracedList: true
+BinPackParameters: BinPack
+BitFieldColonSpacing: Both
+BracedInitializerIndentWidth: -1
+BraceWrapping:
+ AfterCaseLabel: false
+ AfterClass: false
+ AfterControlStatement: Never
+ AfterEnum: false
+ AfterExternBlock: false
+ AfterFunction: true
+ AfterNamespace: false
+ AfterObjCDeclaration: false
+ AfterStruct: false
+ AfterUnion: false
+ BeforeCatch: false
+ BeforeElse: false
+ BeforeLambdaBody: false
+ BeforeWhile: false
+ IndentBraces: false
+ SplitEmptyFunction: true
+ SplitEmptyRecord: true
+ SplitEmptyNamespace: true
+BreakAdjacentStringLiterals: true
+BreakAfterAttributes: Leave
+BreakAfterJavaFieldAnnotations: false
+BreakAfterReturnType: None
+BreakArrays: true
+BreakBeforeBinaryOperators: None
+BreakBeforeConceptDeclarations: Always
+BreakBeforeBraces: Attach
+BreakBeforeInlineASMColon: OnlyMultiline
+BreakBeforeTemplateCloser: false
+BreakBeforeTernaryOperators: true
+BreakBinaryOperations: Never
+BreakConstructorInitializers: BeforeColon
+BreakFunctionDefinitionParameters: false
+BreakInheritanceList: BeforeColon
+BreakStringLiterals: true
+BreakTemplateDeclarations: Yes
+ColumnLimit: 120
+CommentPragmas: '^ IWYU pragma:'
+CompactNamespaces: false
+ConstructorInitializerIndentWidth: 4
+ContinuationIndentWidth: 4
+Cpp11BracedListStyle: true
+DerivePointerAlignment: false
+DisableFormat: false
+EmptyLineAfterAccessModifier: Never
+EmptyLineBeforeAccessModifier: LogicalBlock
+EnumTrailingComma: Leave
+ExperimentalAutoDetectBinPacking: false
+FixNamespaceComments: true
+ForEachMacros:
+ - foreach
+ - Q_FOREACH
+ - BOOST_FOREACH
+IfMacros:
+ - KJ_IF_MAYBE
+IncludeBlocks: Regroup
+IncludeCategories:
+ - Regex: '^<ext/.*\.h>'
+ Priority: 2
+ SortPriority: 0
+ CaseSensitive: false
+ - Regex: '^<.*\.h>'
+ Priority: 1
+ SortPriority: 0
+ CaseSensitive: false
+ - Regex: '^<.*'
+ Priority: 2
+ SortPriority: 0
+ CaseSensitive: false
+ - Regex: '.*'
+ Priority: 3
+ SortPriority: 0
+ CaseSensitive: false
+IncludeIsMainRegex: '([-_](test|unittest))?$'
+IncludeIsMainSourceRegex: ''
+IndentAccessModifiers: false
+IndentCaseBlocks: true
+IndentCaseLabels: true
+IndentExportBlock: true
+IndentExternBlock: AfterExternBlock
+IndentGotoLabels: true
+IndentPPDirectives: None
+IndentRequiresClause: true
+IndentWidth: 2
+IndentWrappedFunctionNames: false
+InsertBraces: false
+InsertNewlineAtEOF: true
+InsertTrailingCommas: None
+IntegerLiteralSeparator:
+ Binary: 0
+ BinaryMinDigits: 0
+ Decimal: 0
+ DecimalMinDigits: 0
+ Hex: 0
+ HexMinDigits: 0
+JavaScriptQuotes: Leave
+JavaScriptWrapImports: true
+KeepEmptyLines:
+ AtEndOfFile: false
+ AtStartOfBlock: false
+ AtStartOfFile: false
+KeepFormFeed: false
+LambdaBodyIndentation: Signature
+LineEnding: DeriveLF
+MacroBlockBegin: ''
+MacroBlockEnd: ''
+MainIncludeChar: Quote
+MaxEmptyLinesToKeep: 1
+NamespaceIndentation: None
+ObjCBinPackProtocolList: Never
+ObjCBlockIndentWidth: 2
+ObjCBreakBeforeNestedBlockParam: true
+ObjCSpaceAfterProperty: false
+ObjCSpaceBeforeProtocolList: true
+OneLineFormatOffRegex: ''
+PackConstructorInitializers: NextLine
+PenaltyBreakAssignment: 2
+PenaltyBreakBeforeFirstCallParameter: 1
+PenaltyBreakBeforeMemberAccess: 150
+PenaltyBreakComment: 300
+PenaltyBreakFirstLessLess: 120
+PenaltyBreakOpenParenthesis: 0
+PenaltyBreakScopeResolution: 500
+PenaltyBreakString: 1000
+PenaltyBreakTemplateDeclaration: 10
+PenaltyExcessCharacter: 1000000
+PenaltyIndentedWhitespace: 0
+PenaltyReturnTypeOnItsOwnLine: 200
+PointerAlignment: Right
+PPIndentWidth: -1
+QualifierAlignment: Leave
+RawStringFormats:
+ - Language: Cpp
+ Delimiters:
+ - cc
+ - CC
+ - cpp
+ - Cpp
+ - CPP
+ - 'c++'
+ - 'C++'
+ CanonicalDelimiter: ''
+ BasedOnStyle: google
+ - Language: TextProto
+ Delimiters:
+ - pb
+ - PB
+ - proto
+ - PROTO
+ EnclosingFunctions:
+ - EqualsProto
+ - EquivToProto
+ - PARSE_PARTIAL_TEXT_PROTO
+ - PARSE_TEST_PROTO
+ - PARSE_TEXT_PROTO
+ - ParseTextOrDie
+ - ParseTextProtoOrDie
+ - ParseTestProto
+ - ParsePartialTestProto
+ CanonicalDelimiter: pb
+ BasedOnStyle: google
+ReferenceAlignment: Pointer
+ReflowComments: Always
+RemoveBracesLLVM: false
+RemoveEmptyLinesInUnwrappedLines: false
+RemoveParentheses: Leave
+RemoveSemicolon: false
+RequiresClausePosition: OwnLine
+RequiresExpressionIndentation: OuterScope
+SeparateDefinitionBlocks: Leave
+ShortNamespaceLines: 1
+SkipMacroDefinitionBody: false
+SortIncludes:
+ Enabled: true
+ IgnoreCase: false
+SortJavaStaticImport: Before
+SortUsingDeclarations: LexicographicNumeric
+SpaceAfterCStyleCast: false
+SpaceAfterLogicalNot: false
+SpaceAfterOperatorKeyword: false
+SpaceAfterTemplateKeyword: true
+SpaceAroundPointerQualifiers: Default
+SpaceBeforeAssignmentOperators: true
+SpaceBeforeCaseColon: false
+SpaceBeforeCpp11BracedList: false
+SpaceBeforeCtorInitializerColon: true
+SpaceBeforeInheritanceColon: true
+SpaceBeforeJsonColon: false
+SpaceBeforeParens: ControlStatements
+SpaceBeforeParensOptions:
+ AfterControlStatements: true
+ AfterForeachMacros: true
+ AfterFunctionDefinitionName: false
+ AfterFunctionDeclarationName: false
+ AfterIfMacros: true
+ AfterNot: false
+ AfterOverloadedOperator: false
+ AfterPlacementOperator: true
+ AfterRequiresInClause: false
+ AfterRequiresInExpression: false
+ BeforeNonEmptyParentheses: false
+SpaceBeforeRangeBasedForLoopColon: true
+SpaceBeforeSquareBrackets: false
+SpaceInEmptyBlock: false
+SpacesBeforeTrailingComments: 2
+SpacesInAngles: Never
+SpacesInContainerLiterals: true
+SpacesInLineCommentPrefix:
+ Minimum: 1
+ Maximum: -1
+SpacesInParens: Never
+SpacesInParensOptions:
+ ExceptDoubleParentheses: false
+ InCStyleCasts: false
+ InConditionalStatements: false
+ InEmptyParentheses: false
+ Other: false
+SpacesInSquareBrackets: false
+Standard: Auto
+StatementAttributeLikeMacros:
+ - Q_EMIT
+StatementMacros:
+ - Q_UNUSED
+ - QT_REQUIRE_VERSION
+TableGenBreakInsideDAGArg: DontBreak
+TabWidth: 8
+UseTab: Never
+VerilogBreakBetweenInstancePorts: true
+WhitespaceSensitiveMacros:
+ - BOOST_PP_STRINGIZE
+ - CF_SWIFT_NAME
+ - NS_SWIFT_NAME
+ - PP_STRINGIZE
+ - STRINGIZE
+WrapNamespaceBodyWithEmptyLines: Leave
+...
+
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
@@ -0,0 +1,3 @@
+# f4d2ed80-57b6-46e6-b245-5049428a931d
+github: finwo
+liberapay: finwo
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -0,0 +1,6 @@
+<!-- 46b43825-f791-485e-9445-415ee7bbbf2d -->
+# Contributor Code of Conduct
+
+This project adheres to No Code of Conduct. We are all adults. We accept anyone's contributions. Nothing else matters.
+
+For more information please visit the [No Code of Conduct](https://github.com/domgetter/NCoC) homepage.
diff --git a/Makefile b/Makefile
@@ -1,5 +1,7 @@
BIN?=cve-toolkit
+FIND=$(shell which gfind find | head -1)
+
SRC:=
SRC+=$(wildcard src/*.c)
SRC+=$(wildcard src/**/*.c)
@@ -17,3 +19,7 @@ $(BIN): $(OBJ)
.PHONY: clean
clean:
rm -f $(OBJ)
+
+.PHONY: format
+format:
+ $(FIND) src/ -type f \( -name '*.c' -o -name '*.h' \) -exec clang-format -i {} +
diff --git a/README.md b/README.md
@@ -0,0 +1,36 @@
+# cve-toolkit
+
+A lightweight CVE detection toolkit for Linux systems.
+
+> **Note:** This is currently detection-only. There are no command-line arguments — just run it and it checks everything it knows about.
+
+## Build
+
+```bash
+make
+```
+
+## Usage
+
+```bash
+./cve-toolkit
+```
+
+That's it. The tool runs all bundled detectors, reports pass/fail per check, and prints remediation steps for any detected vulnerabilities.
+
+## Adding Detectors
+
+Detectors live under `src/detector/`. Each `.c` file registers itself at startup via a `__attribute__((constructor))` function:
+
+```c
+int detector_cve_XXXX_XXXXX(int num) {
+ // return 0 for pass, 1 for fail
+}
+
+__attribute__((constructor))
+void detector_cve_XXXX_XXXXX_setup() {
+ detector_queue_append("CVE-XXXX-XXXXX", "Remediation text here.", detector_cve_XXXX_XXXXX);
+}
+```
+
+Then just `make` — the Makefile picks up all `.c` files automatically.
diff --git a/src/detector/cve-2026-31431.c b/src/detector/cve-2026-31431.c
@@ -1,13 +1,12 @@
+#include <linux/if_alg.h>
#include <stdio.h>
#include <string.h>
#include <sys/socket.h>
#include <unistd.h>
-#include <linux/if_alg.h>
#include "setup.h"
int detector_cve_2026_31431(int num) {
-
int fd = socket(AF_ALG, SOCK_SEQPACKET, 0);
if (fd < 0) {
perror("socket");
@@ -18,17 +17,19 @@ int detector_cve_2026_31431(int num) {
memset(&sa, 0, sizeof(sa));
sa.salg_family = AF_ALG;
- strcpy((char*)sa.salg_type,"aead");
- strcpy((char*)sa.salg_name,"authencesn(hmac(sha256),cbc(aes))");
+ strcpy((char *)sa.salg_type, "aead");
+ strcpy((char *)sa.salg_name, "authencesn(hmac(sha256),cbc(aes))");
- if (bind(fd,(struct sockaddr*)&sa, sizeof(sa)) < 0) {
+ if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
return 0;
}
return 1;
}
-__attribute__((constructor))
-void detector_cve_2026_31431_setup() {
- detector_queue_append("CVE-2026-31431", "Add 'initcall_blacklist=algif_aead_init' to the Linux kernel cmdline.\n For GRUB, add it to GRUB_CMDLINE_LINUX in /etc/default/grub and run update-grub.", detector_cve_2026_31431);
+__attribute__((constructor)) void detector_cve_2026_31431_setup() {
+ detector_queue_append("CVE-2026-31431",
+ "Add 'initcall_blacklist=algif_aead_init' to the Linux kernel cmdline.\n For GRUB, add it to "
+ "GRUB_CMDLINE_LINUX in /etc/default/grub and run update-grub.",
+ detector_cve_2026_31431);
}
diff --git a/src/detector/setup.c b/src/detector/setup.c
@@ -3,32 +3,31 @@
#include <stdlib.h>
struct detector_queue_entry **detector_queue;
-int detector_queue_cap = 0;
-int detector_queue_length = 0;
+int detector_queue_cap = 0;
+int detector_queue_length = 0;
int detector_total = 0;
-int detector_pass = 0;
-int detector_fail = 0;
+int detector_pass = 0;
+int detector_fail = 0;
void detector_queue_append(const char *name, const char *remediation, int (*fn)(int)) {
-
// Initial queue initialize
if (!detector_queue_cap) {
- detector_queue = malloc(sizeof(void*));
+ detector_queue = malloc(sizeof(void *));
detector_queue_cap = 1;
}
// Grow queue if needed
- if ((detector_queue_length+1) > detector_queue_cap) {
+ if ((detector_queue_length + 1) > detector_queue_cap) {
detector_queue_cap *= 2;
- detector_queue = realloc(detector_queue, detector_queue_cap * sizeof(void*));
+ detector_queue = realloc(detector_queue, detector_queue_cap * sizeof(void *));
}
// Build new entry
struct detector_queue_entry *entry = calloc(1, sizeof(struct detector_queue_entry));
- entry->handler = fn;
- entry->name = name;
- entry->remediation = remediation;
+ entry->handler = fn;
+ entry->name = name;
+ entry->remediation = remediation;
// Append fn to queue
detector_queue[detector_queue_length++] = entry;
diff --git a/src/detector/setup.h b/src/detector/setup.h
@@ -11,20 +11,20 @@ struct detector_queue_entry {
int (*handler)(int);
const char *name;
const char *remediation;
- int result;
+ int result;
};
extern struct detector_queue_entry **detector_queue;
-extern int detector_queue_cap;
-extern int detector_queue_length;
-extern int detector_total;
-extern int detector_pass;
-extern int detector_fail;
+extern int detector_queue_cap;
+extern int detector_queue_length;
+extern int detector_total;
+extern int detector_pass;
+extern int detector_fail;
void detector_queue_append(const char *name, const char *remediation, int (*fn)(int));
#ifdef __cplusplus
-} // extern "C"
+} // extern "C"
#endif
-#endif // __CVETK_DETECTOR_SETUP_H__
+#endif // __CVETK_DETECTOR_SETUP_H__
diff --git a/src/main.c b/src/main.c
@@ -4,8 +4,8 @@
int main() {
for (int i = 0; i < detector_queue_length; i++) {
- struct detector_queue_entry *entry = detector_queue[i];
- int result = entry->handler(i);
+ struct detector_queue_entry *entry = detector_queue[i];
+ int result = entry->handler(i);
detector_total++;
if (result == 0) {
printf("[pass] %s\n", entry->name);
