Fail to analyze `/usr/sbin/lighttpd` of Vigor 2960 v1.5.1.3

NSSL-SJTU / SaTC

A prototype of Shared-keywords aware Taint Checking, a novel static analysis approach that tracks the data flow of the user input between front-end and back-end to precisely detect security vulnerabilities.

274 stars 48 forks source link

Fail to analyze `/usr/sbin/lighttpd` of Vigor 2960 v1.5.1.3 #2

Closed Cossack9989 closed 3 years ago

Cossack9989 commented 3 years ago

SaTC succeeded to analyze the cgi of Vigor 2960 v1.5.1.3, but failed to analyze /usr/sbin/lighttpd, the command is python satc.py -d /targetfs/ -o ../lighttpd_result/ --ghidra_script=ref2sink_bof --ghidra_script=ref2sink_cmdi --taint_check -b /usr/sbin/lighttpd

Cossack9989 commented 3 years ago

/usr/sbin/apmd and /usr/sbin/cvmd also failed

smile0304 commented 3 years ago

The command i used: python satc.py -d /home/satc/vigor/ -o ../res/ --ghidra_script=ref2sink_bof --ghidra_script=ref2sink_cmdi --taint_check -b lighttpd

Use the -b parameter only to specify the filename

You can try the following command: python satc.py -d /targetfs/ -o ../lighttpd_result/ --ghidra_script=ref2sink_bof --ghidra_script=ref2sink_cmdi --taint_check -b lighttpd

Cossack9989 commented 3 years ago

-b lighttpd may confuse SaTC to analyze /etc/init.d/lighttpd but not /usr/sbin/lighttpd

smile0304 commented 3 years ago

SaTC has not considered this situation for the time being.

You can temporarily solve this problem by renaming the lightppd under /usr/sbin

smile0304 commented 3 years ago

Close this issue