meerkatone
diff --git a/‎diff_results_ui.py‎
Lines changed: 44 additions & 25 deletions b/‎diff_results_ui.py‎
Lines changed: 44 additions & 25 deletions
diff --git a/‎src/algorithms.rs‎
Lines changed: 22 additions & 14 deletions b/‎src/algorithms.rs‎
Lines changed: 22 additions & 14 deletions
diff --git a/‎src/database.rs‎
Lines changed: 4 additions & 3 deletions b/‎src/database.rs‎
Lines changed: 4 additions & 3 deletions
@@ -4,6 +4,7 @@
 
 import csv
 import difflib
+import html
 import json
 import os
 import sqlite3
@@ -1434,6 +1435,18 @@ def export_to_csv(self):
         if not filename:
             return
 
+        def _csv_safe(v):
+            s = str(v) if v is not None else ''
+            if s and s[0] in ('=', '+', '-', '@', '\t', '\r'):
+                return "'" + s
+            return s
+
+        def _fmt_addr(v):
+            try:
+                return f"0x{int(v):016x}"
+            except (TypeError, ValueError):
+                return str(v)
+
         try:
             with open(filename, 'w', newline='', encoding='utf-8') as csvfile:
                 writer = csv.writer(csvfile)
@@ -1451,13 +1464,13 @@ def export_to_csv(self):
                     func_b = result.get('function_b', {})
 
                     writer.writerow([
-                        func_a.get('name', ''),
-                        f"0x{func_a.get('address', 0):x}",
-                        func_b.get('name', ''),
-                        f"0x{func_b.get('address', 0):x}",
+                        _csv_safe(func_a.get('name', '')),
+                        _fmt_addr(func_a.get('address', 0)),
+                        _csv_safe(func_b.get('name', '')),
+                        _fmt_addr(func_b.get('address', 0)),
                         f"{result.get('similarity', 0):.4f}",
                         f"{result.get('confidence', 0):.4f}",
-                        result.get('match_type', ''),
+                        _csv_safe(result.get('match_type', '')),
                         func_a.get('size', 0),
                         func_b.get('size', 0),
                         len(func_a.get('basic_blocks', [])),
@@ -1468,7 +1481,7 @@ def export_to_csv(self):
 
             QMessageBox.information(self, "Export Complete", f"Results exported to {filename}")
 
-        except Exception as e:
+        except (OSError, ValueError, TypeError) as e:
             QMessageBox.critical(self, "Export Error", f"Failed to export CSV: {str(e)}")
 
     def export_to_sqlite(self):
@@ -1540,7 +1553,7 @@ def _fmt_addr(v):
 
             QMessageBox.information(self, "Export Complete", f"Results exported to {filename}")
 
-        except Exception as e:
+        except (OSError, sqlite3.Error, ValueError, TypeError) as e:
             QMessageBox.critical(self, "Export Error", f"Failed to export SQLite: {str(e)}")
 
     def export_to_json(self):
@@ -1565,7 +1578,7 @@ def export_to_json(self):
 
             QMessageBox.information(self, "Export Complete", f"Results exported to {filename}")
 
-        except Exception as e:
+        except (OSError, ValueError, TypeError) as e:
             QMessageBox.critical(self, "Export Error", f"Failed to export JSON: {str(e)}")
 
     def export_to_html(self):
@@ -1581,7 +1594,7 @@ def export_to_html(self):
 
             QMessageBox.information(self, "Export Complete", f"Results exported to {filename}")
 
-        except Exception as e:
+        except (OSError, ValueError, TypeError) as e:
             QMessageBox.critical(self, "Export Error", f"Failed to export HTML: {str(e)}")
 
     def export_current_diff_to_json(self):
@@ -1668,7 +1681,7 @@ def export_current_diff_to_json(self):
 
             QMessageBox.information(self, "Export Complete", f"Current diff view exported to {filename}")
 
-        except Exception as e:
+        except (OSError, ValueError, TypeError) as e:
             QMessageBox.critical(self, "Export Error", f"Failed to export current diff: {str(e)}")
 
     def generate_html_report(self):
@@ -1699,8 +1712,8 @@ def generate_html_report(self):
 
     <div class="summary">
         <h2>Summary</h2>
-        <p><strong>Binary A:</strong> {self.results_data.get('binary_a_name', 'N/A')}</p>
-        <p><strong>Binary B:</strong> {self.results_data.get('binary_b_name', 'N/A')}</p>
+        <p><strong>Binary A:</strong> {html.escape(str(self.results_data.get('binary_a_name', 'N/A')))}</p>
+        <p><strong>Binary B:</strong> {html.escape(str(self.results_data.get('binary_b_name', 'N/A')))}</p>
         <p><strong>Total Matches:</strong> {len(self.filtered_results)}</p>
         <p><strong>Analysis Time:</strong> {self.results_data.get('analysis_time', 0):.2f} seconds</p>
     </div>
@@ -1724,7 +1737,13 @@ def generate_html_report(self):
 
     def generate_html_table_rows(self):
         """Generate HTML table rows for results"""
-        rows = ""
+        def _fmt_addr(v):
+            try:
+                return f"0x{int(v):016x}"
+            except (TypeError, ValueError):
+                return html.escape(str(v))
+
+        parts = []
         for result in self.filtered_results:
             func_a = result.get('function_a', {})
             func_b = result.get('function_b', {})
@@ -1737,18 +1756,18 @@ def generate_html_table_rows(self):
             else:
                 css_class = 'low-confidence'
 
-            rows += f'''
-        <tr class="{css_class}">
-            <td>{func_a.get('name', '')}</td>
-            <td>0x{func_a.get('address', 0):x}</td>
-            <td>{func_b.get('name', '')}</td>
-            <td>0x{func_b.get('address', 0):x}</td>
-            <td>{result.get('similarity', 0):.4f}</td>
-            <td>{result.get('confidence', 0):.4f}</td>
-            <td>{result.get('match_type', '')}</td>
-        </tr>
-            '''
-        return rows
+            parts.append(
+                f'<tr class="{css_class}">'
+                f'<td>{html.escape(str(func_a.get("name", "")))}</td>'
+                f'<td>{_fmt_addr(func_a.get("address", 0))}</td>'
+                f'<td>{html.escape(str(func_b.get("name", "")))}</td>'
+                f'<td>{_fmt_addr(func_b.get("address", 0))}</td>'
+                f'<td>{result.get("similarity", 0):.4f}</td>'
+                f'<td>{result.get("confidence", 0):.4f}</td>'
+                f'<td>{html.escape(str(result.get("match_type", "")))}</td>'
+                f'</tr>\n'
+            )
+        return ''.join(parts)
 
 
 def show_diff_results(results_data, binary_view_a=None, binary_view_b=None):
 
@@ -6,23 +6,31 @@ use sha2::{Sha256, Digest};
 
 pub struct DiffAlgorithms;
 
+/// Clamp a score to [0.0, 1.0] and replace NaN with 0.0.
+#[inline]
+fn sanitize_score(x: f64) -> f64 {
+    if x.is_nan() { 0.0 } else { x.clamp(0.0, 1.0) }
+}
+
 impl DiffAlgorithms {
     /// Calculate similarity between two functions using multiple metrics
     /// and return both the weighted score and detailed per-metric breakdown.
     pub fn compute_match_details(func_a: &FunctionInfo, func_b: &FunctionInfo) -> (f64, MatchDetails) {
-        let cfg_similarity = Self::calculate_cfg_similarity(func_a, func_b);
-        let bb_similarity = Self::calculate_basic_block_similarity(func_a, func_b);
-        let instruction_similarity = Self::calculate_instruction_similarity(func_a, func_b);
-        let edge_similarity = Self::calculate_edge_similarity(func_a, func_b);
-        let name_similarity = SimilarityAnalyzer::normalized_edit_distance(&func_a.name, &func_b.name);
-        let call_similarity = SimilarityAnalyzer::function_call_similarity(func_a, func_b);
-
-        let weighted_similarity = cfg_similarity * 0.30
-            + call_similarity * 0.20
-            + bb_similarity * 0.15
-            + instruction_similarity * 0.15
-            + name_similarity * 0.10
-            + edge_similarity * 0.10;
+        let cfg_similarity = sanitize_score(Self::calculate_cfg_similarity(func_a, func_b));
+        let bb_similarity = sanitize_score(Self::calculate_basic_block_similarity(func_a, func_b));
+        let instruction_similarity = sanitize_score(Self::calculate_instruction_similarity(func_a, func_b));
+        let edge_similarity = sanitize_score(Self::calculate_edge_similarity(func_a, func_b));
+        let name_similarity = sanitize_score(SimilarityAnalyzer::normalized_edit_distance(&func_a.name, &func_b.name));
+        let call_similarity = sanitize_score(SimilarityAnalyzer::function_call_similarity(func_a, func_b));
+
+        let weighted_similarity = sanitize_score(
+            cfg_similarity * 0.30
+                + call_similarity * 0.20
+                + bb_similarity * 0.15
+                + instruction_similarity * 0.15
+                + name_similarity * 0.10
+                + edge_similarity * 0.10,
+        );
 
         let details = MatchDetails {
             cfg_similarity,
@@ -224,7 +232,7 @@ impl DiffAlgorithms {
             }
         }
 
-        confidence.min(1.0)
+        sanitize_score(confidence)
     }
 
     /// Perform isomorphic subgraph matching (edge-degree distribution check)
 
@@ -115,9 +115,10 @@ impl DatabaseManager {
         Ok(())
     }
 
-    /// Export results to SQLite database
-    pub fn export_to_sqlite(database: &DiffDatabase, output_path: &Path) -> Result<()> {
-        // For now, create a simple SQL script that can be imported
+    /// Export results as a `.sql` script (CREATE TABLE + INSERT statements)
+    /// that can be imported into SQLite via `sqlite3 target.db < script.sql`.
+    /// Does not open a SQLite database itself.
+    pub fn export_to_sql_script(database: &DiffDatabase, output_path: &Path) -> Result<()> {
         let mut sql_content = String::new();
 
         // Create table