search

panda-re / lava

LAVA: Large-scale Automated Vulnerability Addition
Other
367 stars 59 forks source link

Getting a new target working with LAVA #52

Open Kigorky opened 3 years ago

Kigorky commented 3 years ago

Hi,

I have been trying to understand how to get a new target working with LAVA. I tried to get a more complex project working with LAVA but it does not work so i decided to understand how to LAVA by using a simple 'Hello World' example (written in c and it can be compiled on Linux). Hence following the doc i have a configure / make / make install project. I created the Makefile in according to /target_injections/file/file-5.22/src/Makefile. First i ran the scripts/docker-shell.sh and launched path-to-lava/tools/btrace/sw-btrace make to build btrace.log and so forth according to the doc until the last command (Section 2.5.5 on the doc). Everything seems to be ok.

After that i added #define __attribute__(x) #define __extension__(x) to the preprocessing script. Next i compressed the folder of the project and put it into the /target_bins directory. I created a .json file but i am not sure about it because i can not fully understand some fields within the file.

Finally outside the LAVA docker i ran ./scripts/lava.sh -ak test and i got the following in the logs/inject-1.log file:

/usr/bin/python /home/ubuntu/lava/scripts/inject.py -t  
ptr_add,rel_write,malloc_off_by_one -m 50 -e 0 /home/ubuntu/lava/host.json test  
allowed bug types: [0, 2, 4]  
Getting locked bugs directory...  
Using dir /home/ubuntu/lava/target_injections/test/bugs/0  
Picking bugs to inject.  
Selecting 50 bugs for injection of 0 available  
Traceback (most recent call last):  
File "/home/ubuntu/lava/scripts/inject.py", line 163, in <module>  
(update_db, bug_list) = get_bug_list(args, db, allowed_bugtypes)  
File "/home/ubuntu/lava/scripts/inject.py", line 52, in get_bug_list  
assert available >= num_bugs_to_inject  
AssertionError

Can you help me please ?

moyix commented 3 years ago

This is saying that it didn't find any opportunities to inject a bug. My guess is that something went wrong with the PANDA taint analysis – could you try looking through the other log files to check if PANDA is running correctly, reporting taint analysis results, etc.?

Kigorky commented 3 years ago

This is saying that it didn't find any opportunities to inject a bug. My guess is that something went wrong with the PANDA taint analysis – could you try looking through the other log files to check if PANDA is running correctly, reporting taint analysis results, etc.?

I thought so, which log file should i look through ? the add_queries.log, make.log or dbwipe.log ?