trailofbits / polytracker

An LLVM-based instrumentation tool for universal taint tracking, dataflow analysis, and tracing.
Apache License 2.0
531 stars 46 forks source link

Apache httpd demo #6563

Closed lisaoverall closed 1 year ago

lisaoverall commented 1 year ago

Scripts included:

tdag_pairs.sh - takes a directory containing raw http requests, produces a directory results containing a subdirectory per request. Each subdirectory contains a compressed TDAG corresponding to the evaluation of that request by whatever instrumented parsers are in examples/httpd. faw_tdag_pairs.sh - convenience for producing pairs of TDAGs corresponding to FAW http test cases. (Definitely understand if we don't want this under version control, but I've been using it to gather results for cluster analysis.)

Suggested testing:

cd /path/to/polytracker/examples/http/httpd
./example_httpd.sh /path/to/raw_http_request 56781

Expected result: produce raw_http_request.tdag, a TDAG corresponding to running raw_http_request through polytracker-instrumented httpd. On polytracker info --print-fd-headers raw_http_request.tdag, the socket header's server port will be 56781. (The port number is an optional argument and defaults to 80.)

cd /path/to/polytracker/examples/http
./faw_tdag_pairs.sh /path/to/FAW/test_files/http  

Expected result: produces directory results, containing subdirectories for each request in the FAW's http corpus. Each subdirectory contains two compressed TDAGs corresponding to running that request through polytracker-instrumented picohttpparser and httpd (with the server listening on port 80, and corresponding socket FD header in the TDAGs).