automotive-embedded-skills

This CAPL codebase is a legitimate and useful test suite for fault-injection against CAN/CAN-FD but contains operations that are inherently dangerous when run on production or live vehicle networks (forced bus-off, CRC corruption, suppressed messages, bus flooding). I find no evidence of obfuscated or exfiltratory malicious code; the risk is operational rather than malicious. Recommend treating these scripts as high-impact test tools: store and distribute with explicit warnings, require explicit enablement in test environments, add safety interlocks and access controls, and ensure CI/hardware runners cannot execute them against production ECUs unintentionally.

The original incorrect snippet contains a high-risk vulnerability: it constructs and dereferences an address from untrusted request bytes and memcpy's memory into the response without validation, enabling arbitrary memory disclosure. The corrected snippet demonstrates the proper defensive pattern: explicit address assembly, length limit checks, and an allowlist check (Xcp_IsAddressReadable) before memcpy. Ensure Xcp_IsAddressReadable is implemented conservatively (protecting keys, stacks, memory-mapped I/O), performs overflow checks, and that the overall XCP access policy enforces authentication/authorization and auditing.