# VulnFix
[![License: GPL v3](https://img.shields.io/badge/License-GPLv3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0)
[![docker pull](https://img.shields.io/docker/pulls/yuntongzhang/vulnfix)](https://hub.docker.com/repository/docker/yuntongzhang/vulnfix)
![docker build](https://github.com/yuntongzhang/vulnfix/actions/workflows/docker-image.yml/badge.svg)
VulnFix - An automated program repair technique for fixing security vulnerabilities via inductive
inference.
VulnFix targets security vulnerabilities in C/C++ programs, such as buffer overflows, integer
overflows, and NULL dereferences. It works by first exploring the states at the patch location
with a combination of input-level fuzzing and state-level mutations, and then generalizing
a _patch invariant_ from the observed states.
A patch invariant is a formula that evaluates to true for the benign states and false for
the vulnerable states, which can be used to generate a patch later on.
## Getting started
Firstly, certain OS configurations are required to be set for VulnFix and its dependencies (e.g. AFL).
To set these, run:
```bash
echo core | sudo tee /proc/sys/kernel/core_pattern
cd /sys/devices/system/cpu
echo performance | sudo tee cpu*/cpufreq/scaling_governor
echo 0 | sudo tee /proc/sys/kernel/randomize_va_space
```
The VulnFix tool and its dependencies are available in docker container. (Please refer to
[doc/INSTALL.md](doc/INSTALL.md) for instructions on building it from source.)
To start:
```bash
docker pull yuntongzhang/vulnfix:issta22
docker run -it --memory=30g --name vulnfix-issta22 yuntongzhang/vulnfix:issta22
```
Once inside the container, navigate to the VulnFix directory and invoke it on CVE-2012-5134:
```bash
cd /home/yuntong/vulnfix
python3.8 src/main.py data/libxml2/cve_2012_5134/config
```
AFL should be started after a shorting period of time of parsing the config file and setting up the
runtime directory. The snapshot fuzzing stage will follow. The total time taken for this command
is roughly 12-15 minutes, and the final few lines printed on screen should be something like this:
```
2022-05-24 05:40:33 --- Final patch invariants - #(1) : ['len >= 1'] ---
2022-05-24 05:40:33 Generating patch from the patch invariant `len >= 1` ...
2022-05-24 05:40:41 Patch generation successful! Please find the patch at: /home/yuntong/vulnfix/data/libxml2/cve_2012_5134/runtime/vulnfix.patch.
```
This indicates a successful run of VulnFix, with a single patch invariant `len >= 1` produced in the
end. A patch file is also generated based on this invariant, at the location:
`/home/yuntong/vulnfix/data/libxml2/cve_2012_5134/runtime/vulnfix.patch`.
## Documentation
More details can be found in the documentation in the `doc` folder. [MANUAL.md](doc/MANUAL.md)
describes how to use VulnFix in more detail; [DEVELOP.md](doc/DEVELOP.md) contains useful
information for hacking and extending VulnFix.
## Bugs
VulnFix should be considered alpha-quality software. Bugs can be reported
[here](https://github.com/yuntongzhang/vulnfix/issues).
没有合适的资源?快使用搜索试试~ 我知道了~
通过归纳推理修复程序漏洞_Python_C_下载.zip
共261个文件
sh:41个
txt:40个
config:40个
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 66 浏览量
2023-04-28
14:10:57
上传
评论
收藏 22.98MB ZIP 举报
温馨提示
通过归纳推理修复程序漏洞_Python_C_下载.zip
资源推荐
资源详情
资源评论
收起资源包目录
通过归纳推理修复程序漏洞_Python_C_下载.zip (261个子文件)
acceptable-invs 5KB
activate 122B
patch.c 32KB
dwarf_eval.c 12KB
ghost.c 8KB
afl-rt.c 6KB
variables.c 6KB
afl_mark.c 2KB
addr_map.c 1KB
patch_hook.c 1KB
testprog.c 481B
config 846B
config 746B
config 691B
config 684B
config 665B
config 634B
config 631B
config 627B
config 627B
config 627B
config 618B
config 582B
config 579B
config 569B
config 566B
config 566B
config 565B
config 565B
config 558B
config 555B
config 554B
config 551B
config 549B
config 547B
config 547B
config 546B
config 543B
config 542B
config 540B
config 536B
config 532B
config 529B
config 525B
config 525B
config 522B
config 522B
config 520B
config 510B
config 426B
config 426B
e9AFLPlugin.cpp 18KB
e9afl.cpp 7KB
daikon-config 994B
Dockerfile 1KB
dummy 2B
dummy 0B
dummy 0B
exploit 73KB
exploit 72KB
exploit 31KB
exploit 31KB
exploit 15KB
exploit 10KB
exploit 10KB
exploit 7KB
exploit 5KB
exploit 4KB
exploit 4KB
exploit 3KB
exploit 3KB
exploit 803B
exploit 448B
exploit 444B
exploit 416B
exploit 416B
exploit 416B
exploit 400B
exploit 396B
exploit 396B
exploit 394B
exploit 350B
exploit 335B
exploit 324B
exploit 284B
exploit 188B
exploit 166B
exploit 161B
exploit 151B
exploit 140B
exploit 59B
exploit 55B
exploit 8B
exploit 7B
exploit 6B
exploit 5B
exploit 1B
exploit-new 141B
.gitignore 645B
.gitmodules 470B
共 261 条
- 1
- 2
- 3
资源评论
快撑死的鱼
- 粉丝: 1w+
- 资源: 9153
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功