squizz617 / vuddy Goto Github PK

View Code? Open in Web Editor NEW

50.0 50.0 23.0 73.44 MB

VUDDY: A Scalable and Accurate Vulnerable Code Clone Detector (S&P'17)

Home Page: https://iotcube.net

License: MIT License

Python 20.46% Shell 0.45% ANTLR 7.31% Java 14.03% C 57.75%

vuddy's People

Contributors

Stargazers

Watchers

Forkers

iotcube liumuqing pombredanne ddzzj macromachine kadjelramkisoen charesfang code-intelli-scan yessson tommasil daoyuan14 4b5f5f4b

vuddy's Issues

Java language support

Does vuddy supports finding vulnerable code in Java programs? Reading the readme, I am unable to see which languages vuddy currently supports.

Parser bugs

Two bugs are found in commit aaf7fcb

Cannot identify 'const' between two '*'s. (pointer)

// Cannot recognize function below, because of 'const' between two '*'s.
void module_layout(struct module *mod,
                   struct modversion_info *ver,
                   struct kernel_param *kp,
                   struct kernel_symbol *ks,
                   struct tracepoint * const *tp)
{
}

Cannot identify two-dimensional array. (maybe same result with multi-dimensional array)

// cannot find a1 in local variable list
void func(void)
{
        int a0[10];
        int a1[10][10];
        return;
}

Reproducing the result

Hi,
I tried to reproduce your result. I start with the testcode shared in the github but it is not detecting any vulnerability once I upload it to the https://iotcube.net/process/type/wf1

Note that, I followed the procedure from https://iotcube.net/userguide/hmark.pdf

Hi,
Is your VulnDBGen repository private?
I'm doing a research on vulnerabilities and I could really use your vulnerability database or its generator.
The link to the repository is broken. Is there anyway to get it?
Thanks in advance.

Uploading .hidx to the server

I got the following error message:

Latest server version: 4.0.1
Current local version: 3.1.0 (out-of-date)
[-] Your hmark is not up-to-date.

That's why I bypass the update check and run the tool. After generating .hidx , I uploaded them in https://iotcube.net/process/type/wf1. But it is not showing me any result. Rather asking me to download latest binaries.

I also downloaded [hmark for Linux x64](https://iotcube.net/tools/wf1/hmark_4.0.1_linux_x64.tar.gz) but when I try to run in on my Linux machine it is showing the following error:

[8512] Error loading Python lib '/tmp/_MEIdkjLT1/libpython3.8.so.1.0': dlopen: /lib/x86_64-linux-gnu/libm.so.6: version GLIBC_2.29' not found (required by /tmp/_MEIdkjLT1/libpython3.8.so.1.0)

No functions being processed

Hey
I tried running hmark on my projects and the testcode directory but ctags seems to be unable to parse any file.
I always get more or less following result:

[+] Hash index successfully generated.
[+] Saving hash index to file... (Done)

[+] Elapsed time: 0.07 sec.
Program statistics:
 - 4 files;
 - 0 functions;
 - 0 lines of code.

The command Im using is for instance:

./hmark_4.0.1_linux_x64 -c testcode/ OFF

Ctags output is mostly a non-zero error code and a parsing error:

Parser Error: Command '"/tmp/_MEIbtoICk/ctags" -f - --kinds-C=* --fields=neKSt "testcode/configs.c"' returned non-zero exit status 127.

I tried the prebuilt binaries for linux and Mac OS X. And for Mac OS X I also tried bulding ctags from their new repository.

Am I missing something here?

Thanks in advance and kind regards,
Tom

Tree Parsing error

Sometimes, tree parsing doesn't work correctly.
Below is the error message.

python TreeParser.py async.c
DTYPE
Traceback (most recent call last):
  File "TreeParser.py", line 198, in <module>
    main(sys.argv)
  File "TreeParser.py", line 176, in main
    functionInstanceList = TreeParser().ParseFile(argv[1])
  File "TreeParser.py", line 81, in ParseFile
    ParseTreeWalker().walk(self, tree)
  File "/usr/local/lib/python2.7/dist-packages/antlr4/tree/Tree.py", line 172, in walk
    self.walk(listener, child)
  File "/usr/local/lib/python2.7/dist-packages/antlr4/tree/Tree.py", line 172, in walk
    self.walk(listener, child)
  File "/usr/local/lib/python2.7/dist-packages/antlr4/tree/Tree.py", line 172, in walk
    self.walk(listener, child)
  File "/usr/local/lib/python2.7/dist-packages/antlr4/tree/Tree.py", line 173, in walk
    self.exitRule(listener, t)
  File "/usr/local/lib/python2.7/dist-packages/antlr4/tree/Tree.py", line 189, in exitRule
    listener.exitEveryRule(ctx)
  File "TreeParser.py", line 137, in exitEveryRule
    self.functionInstance.dataTypeList.append(self.typeNameStr.rstrip())
AttributeError: 'NoneType' object has no attribute 'dataTypeList'

test

ModuleParser.py class variable reference error

ModuleParser.py 파일 (Common.g4 내부의 코드를 import함) 의 클래스 모듈에서 참조 오류 발생

EOF, CLOSING_CURLY, PRE_ENDIF 등

HMark path-related error

HMark does not properly handle paths with spaces or parentheses.

error msg)
Parser Error: Command 'java -Xmx1024m -jar /PATH/HMark(1)/FuncParser.jar /TARGETPATH/file.c 0' return non-zero exit status 2

Maybe insert \ if spaces or parentheses are found in the path before concatenating to the command string?

[tbkim] iotcude - vulnerability count is not matched

In IoTCube result page,

The number of result count and tree count does not matched

For example, with hmark_hashes/3.0.1/hashmark_4_glibc-2.24.hidx,

The result count is 22, but source tree count is 15.

[tbkim] False-Positive from CVE-2016-1879

hash option : abstraction ON

cve-2016-1879
[-] size_t rc;
[+] int rc;

this log usually generated from variadic functions
original source code has already patched but it is detected (one of the example is as followed)

int __obstack_printf_chk (struct obstack *obstack, int flags, const char *format, ...)
{
int result;
va_list ap;
va_start (ap, format);
result = __obstack_vprintf_chk (obstack, flags, format, ap);
va_end (ap);
return result;
}

"get_source_from_cvepatch.py" file has an error

In the get_source_from_cvepatch python file, there is an error.
(#line 175 to 205)

        for f in hitOldFunctionList:
            for num in range(f.lines[0], f.lines[1]+1):
                try:
                    listIndex = lnList.index(num)
                except ValueError:
                    pass
                else:
                    if lnList.count(num) > 1:
                        listIndex += 1
                    if pmList[listIndex] == '+' or pmList[listIndex] == '-':
                        flag = 0
                        for commentKeyword in ["/*", "*/", "//", "*"]:
                            if chunkLines[listIndex][1:].lstrip().startswith(commentKeyword):
                                flag = 1
                                break
                        if flag:
                            pass
                        else:
                            finalOldFunctionList.append(f)
                            break
                    else:
                        pass

diff --git a/contrib/libarchive/libarchive/archive_ppmd7.c b/contrib/libarchive/libarchive/archive_ppmd7.c
index fe0b031..1aed922 100644
--- a/contrib/libarchive/libarchive/archive_ppmd7.c
+++ b/contrib/libarchive/libarchive/archive_ppmd7.c
@@ -126,6 +126,11 @@ static Bool Ppmd7_Alloc(CPpmd7 *p, UInt32 size, ISzAlloc *alloc)
 {
   if (p->Base == 0 || p->Size != size)
   {
+    /* RestartModel() below assumes that p->Size >= UNIT_SIZE
+       (see the calculation of m->MinContext). */
+    if (size < UNIT_SIZE) {
+      return False;
+    }
     Ppmd7_Free(p, alloc);
     p->AlignOffset =
       #ifdef PPMD_32BIT

In this diff-chunk case, the first line of '+' set is started with "/*", so the flag value change to the 1,
pass, and go to the for loop.

Next, we have to check the second line of '+' set, however, we skip all the '+' lines.........

So, like this case, If the first line of '+' (or '-') set is started with Comment Line, our python code file cannot find vulnerable function.

squizz617 / vuddy Goto Github PK

vuddy's People

Contributors

Stargazers

Watchers

Forkers

vuddy's Issues

Recommend Projects

Recommend Topics

Recommend Org

Jobs