Skip to content

yuntongzhang/vulnfix

Repository files navigation

VulnFix

License: GPL v3 docker pull docker build

VulnFix - An automated program repair technique for fixing security vulnerabilities via inductive inference.

VulnFix targets security vulnerabilities in C/C++ programs, such as buffer overflows, integer overflows, and NULL dereferences. It works by first exploring the states at the patch location with a combination of input-level fuzzing and state-level mutations, and then generalizing a patch invariant from the observed states. A patch invariant is a formula that evaluates to true for the benign states and false for the vulnerable states, which can be used to generate a patch later on.

Getting started

New changes has been added to VulnFix since the ISSTA22 publication. To get the version during ISSTA22 period and steps for using that version, please refer to ISSTA22.md.

TODO: Add getting started instruction for the new tool version.

Firstly, certain OS configurations are required to be set for VulnFix and its dependencies (e.g. AFL). To set these, run:

echo core | sudo tee /proc/sys/kernel/core_pattern
cd /sys/devices/system/cpu
echo performance | sudo tee cpu*/cpufreq/scaling_governor

echo 0 | sudo tee /proc/sys/kernel/randomize_va_space

The VulnFix tool and its dependencies are available in docker container. (Please refer to doc/INSTALL.md for instructions on building it from source.)

To start:

docker pull yuntongzhang/vulnfix:latest-manual
docker run -it --memory=30g --name vulnfix yuntongzhang/vulnfix:latest-manual

Once inside the container, invoke it on one example (e.g. CVE-2012-5134) with:

# clone and build the target project
cd /home/yuntong/vulnfix/data/libxml2/cve_2012_5134
./setup.sh
# run vulnfix to repair
cd /home/yuntong/vulnfix
vulnfix data/libxml2/cve_2012_5134/config

After VulnFix finishes, the results (generated invariants and patches) can be found in /home/yuntong/vulnfix/data/libxml2/cve_2012_5134/runtime/result/.

Documentation

More details can be found in the documentation in the doc folder. MANUAL.md describes how to use VulnFix in more detail; DEVELOP.md contains useful information for hacking and extending VulnFix.

Bugs

VulnFix should be considered alpha-quality software. Bugs can be reported here.

About

Program Vulnerability Repair via Inductive Inference

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published