Cpplumber is a Rust-based static analysis tool that detects source-to-binary information leaks in C and C++ projects using clang.
Static analysis tool based on clang, which detects source-to-binary information leaks in C and C++ projects
This tool is used by developers and security analysts to identify sensitive information such as string literals and type names that unintentionally appear in compiled binaries, potentially exposing secrets or internal details. It is especially useful during the build and audit phases of C/C++ projects to ensure data security and reduce information leakage risks.
Cpplumber requires Rust 1.63.0+ and libclang dependencies to function properly. Users should consult the full documentation for dependency setup and configuration options, especially for filtering leaks via YAML files. It is designed for use with projects that produce JSON compilation databases and supports modern C/C++ standards.
git clone https://github.com/ergrelet/cpplumber.git
cd cpplumber
cargo build --release
Alternatively, install via cargo with: cargo install --git https://github.com/ergrelet/cpplumber --tag 0.1.0
Ensure Rust version 1.63.0 or greater is installed
Verify required dependencies for cpplumber are installed (see user documentation)cpplumber --bin a.out file1.c
Analyzes the compiled binary 'a.out' and source file 'file1.c' to detect if any string literals or other source information leaked into the binary.