Golem automates C/C++ vulnerability discovery by combining Semgrep rule scans, LLVM call-graph & CFG slicing, and AI-driven context analysis. It flags potential security issues, generates rich graph artifacts, and leverages large-language models (GPT-4 or Ollama) to produce a detailed, prioritized audit report, so you can find and fix critical bugs faster.
Prepare your target project to analyze then run
golem.py [-h] [--mode {local,gpt,ollama}] [--ollama-model OLLAMA_MODEL] project_dir
Compile your target project with these flags: cmake:
cmake \
-DCMAKE_C_COMPILER=clang \
-DCMAKE_CXX_COMPILER=clang++ \
-DCMAKE_C_FLAGS="-S -emit-llvm" \
-DCMAKE_CXX_FLAGS="-S -emit-llvm" \
/path/to/your/source
make
make:
make CC=clang \
CXX=clang++ \
CFLAGS="-S -emit-llvm" \
CXXFLAGS="-S -emit-llvm"
This will create .ll file(s) in your project folder
- Python3
- pip3
- graphviz
- LLVM >= 18
- semgrep
- pydot >= 4.0.1
For local LLM version:
- ollama >= 0.5.1
- ChromaDB
You can install them manually or run:
pip install -r requirements.txt
- Generate LLVM
.bcfile(s):clang -S -emit-llvm {TARGET.C/CXX} -o {TARGET.ll} - Transform the
.llfile(s) into callgraph and control flow graph representation:opt -passes="dot-callgraph" {TARGET.ll}->Writing 'vuln.ll.callgraph.dot'...opt -passes="dot-cfg" {TARGET.ll} - Run semgrep against the project of your choice.
- Analyze results and slice callgraph/control flow graph to enhance RAG
- Send prompt + files to RAG
- Return a report
If you find a bug with this tool, please report it ! We'll gladly add it to the list :)
- Author(s): 2ourc3 - Salim LARGO