Evidence

Fields
Syntax
Reference
functions
Example

The Evidence object provides structured evidence supporting a vulnerability finding. It maps code locations to annotations, allowing VulHunt rules to attach detailed context to findings.

Fields

Field	Description	Type
`functions`	Maps a function address to an array of annotation objects. The address selects the function to show	`{[AddressValue]: Annotation}`

Syntax

evidence = {
  functions = {
    [<AddressValue>] = <Array of Annotation>
  },
}

Reference

functions

A table mapping a function address (AddressValue) to an array of annotation objects (Annotation). The address determines the function to decompile and show, while annotations like annotate:at and annotate:prototype point to locations that should be annotated in the decompiled code.

Example

evidence = {
    functions = {
        [context.caller.address] = {
            annotate:prototype "int foo(char *arg1, struct bar* arg2);",
            annotate:at{
                location = context.caller.call_address,
                message = "The function `foo` calls `baz`..."
            }
        }
    }
}

CVSS ProvenanceTable

⌘I

Conventions

VulHunt Rules

Scopes

Types

Standard Library

Fields

Syntax

Reference

functions

Example

Conventions

VulHunt Rules

Scopes

Types

Standard Library

​Fields

​Syntax

​Reference

​functions

​Example

Fields

Syntax

Reference

functions

Example