search

zhutoulala / vulnscan

A static binary vulnerability scanner
http://vulnscan.us
60 stars 17 forks source link

The Question When Build In Linux #1

Closed xiaoxing521 closed 6 years ago

xiaoxing521 commented 6 years ago

I am try build the vulnscan in linux, (ubuntu-16.04.1), But I am getting the errors. when I execute command "$ make" in terminal,it shows the fallowing messages :

[ 0%] Built target strings2 [ 13%] Built target libcurl [ 16%] Built target capstone-static [ 16%] Built target pe-parser-library [ 18%] Built target vulnscan [ 18%] Built target gtest Scanning dependencies of target unit_tests [ 18%] Building CXX object CMakeFiles/unit_tests.dir/test/test_scan_engine.cpp.o [ 18%] Linking CXX executable unit_tests CMakeFiles/unit_tests.dir/src/scan_engine.cpp.o: In function CScanEngine::collectFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >)': scan_engine.cpp:(.text+0x1b49): undefined reference tostd::experimental::filesystem::v1::cxx11::recursive_directory_iterator::~recursive_directory_iterator()' scan_engine.cpp:(.text+0x1be0): undefined reference to std::experimental::filesystem::v1::__cxx11::recursive_directory_iterator::~recursive_directory_iterator()' scan_engine.cpp:(.text+0x1c4b): undefined reference tostd::experimental::filesystem::v1::cxx11::recursive_directory_iterator::operator() const' scan_engine.cpp:(.text+0x1f63): undefined reference to std::experimental::filesystem::v1::__cxx11::recursive_directory_iterator::operator++()' scan_engine.cpp:(.text+0x1fd7): undefined reference tostd::experimental::filesystem::v1::cxx11::recursive_directory_iterator::~recursive_directory_iterator()' scan_engine.cpp:(.text+0x2005): undefined reference to std::experimental::filesystem::v1::__cxx11::recursive_directory_iterator::~recursive_directory_iterator()' scan_engine.cpp:(.text+0x2033): undefined reference tostd::experimental::filesystem::v1::cxx11::recursive_directory_iterator::~recursive_directory_iterator()' scan_engine.cpp:(.text+0x2472): undefined reference to std::experimental::filesystem::v1::__cxx11::recursive_directory_iterator::~recursive_directory_iterator()' scan_engine.cpp:(.text+0x24a0): undefined reference tostd::experimental::filesystem::v1::cxx11::recursive_directory_iterator::~recursive_directory_iterator()' CMakeFiles/unit_tests.dir/src/scan_engine.cpp.o:scan_engine.cpp:(.text+0x24ce): more undefined references to std::experimental::filesystem::v1::__cxx11::recursive_directory_iterator::~recursive_directory_iterator()' follow CMakeFiles/unit_tests.dir/src/scan_engine.cpp.o: In functionstd::experimental::filesystem::v1::cxx11::path::extension() const': scan_engine.cpp:(.text._ZNKSt12experimental10filesystem2v17cxx114path9extensionEv[_ZNKSt12experimental10filesystem2v17cxx114path9extensionEv]+0x45): undefined reference to std::experimental::filesystem::v1::__cxx11::path::_M_find_extension() const' CMakeFiles/unit_tests.dir/src/scan_engine.cpp.o: In functionstd::experimental::filesystem::v1::cxx11::recursive_directory_iterator::recursive_directory_iterator(std::experimental::filesystem::v1::cxx11::path const&)': scan_engine.cpp:(.text._ZNSt12experimental10filesystem2v17cxx1128recursive_directory_iteratorC2ERKNS2_4pathE[_ZNSt12experimental10filesystem2v17cxx1128recursive_directory_iteratorC5ERKNS2_4pathE]+0x2d): undefined reference to `std::experimental::filesystem::v1::cxx11::recursive_directory_iterator::recursive_directory_iterator(std::experimental::filesystem::v1::cxx11::path const&, std::experimental::filesystem::v1::directory_options, std::error_code)' CMakeFiles/unit_tests.dir/src/scan_engine.cpp.o: In function std::experimental::filesystem::v1::is_regular_file(std::experimental::filesystem::v1::__cxx11::path const&)': scan_engine.cpp:(.text._ZNSt12experimental10filesystem2v115is_regular_fileERKNS1_7__cxx114pathE[_ZNSt12experimental10filesystem2v115is_regular_fileERKNS1_7__cxx114pathE]+0x3e): undefined reference tostd::experimental::filesystem::v1::status(std::experimental::filesystem::v1::cxx11::path const&)' CMakeFiles/unit_tests.dir/src/scan_engine.cpp.o: In function `std::experimental::filesystem::v1::cxx11::path::path<std::cxx11::basic_string<char, std::char_traits, std::allocator >, std::experimental::filesystem::v1::cxx11::path>(std::cxx11::basic_string<char, std::char_traits, std::allocator > const&)': scan_engine.cpp:(.text._ZNSt12experimental10filesystem2v17cxx114pathC2INSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES3EERKT[_ZNSt12experimental10filesystem2v17cxx114pathC5INSt7cxx1112basic_stringIcSt11char_traitsIcESaIcEEES3EERKT]+0xfb): undefined reference to `std::experimental::filesystem::v1::__cxx11::path::_M_split_cmpts()' collect2: error: ld returned 1 exit status CMakeFiles/unit_tests.dir/build.make:570: recipe for target 'unit_tests' failed make[2]: [unit_tests] Error 1 CMakeFiles/Makefile2:111: recipe for target 'CMakeFiles/unit_tests.dir/all' failed make[1]: [CMakeFiles/unit_tests.dir/all] Error 2 Makefile:138: recipe for target 'all' failed make: *** [all] Error 2

xiaoxing521 commented 6 years ago

I have solve this problem. But I am meet new problem when I run vulnscan. $ ./vulnscan 1630snp8-bad(1630snp8-bad is a binary file ) curl_easy_perform() failed: Peer certificate cannot be authenticated with given CA certificates Failed to load signatures. Failed to scan.

zhutoulala commented 6 years ago

Thanks, it seems the change I added yesterday is broken. The downloader failed to download the HTTPS link. I will fix it within this week.

zhutoulala commented 6 years ago

The change might have broken Linux build too. How did you solve it?

xiaoxing521 commented 6 years ago

Thank you for your reply. I just link with -lstdc++fs in CMakeLists.txt. The relevant library, libstdc++fs.a, is a static library. I found this solution from Stack Overflow. I don't know whether it's right or not, the magic is that I eventually built successfully in linux. But I still haven't solved the problem of running vulnscan.

zhutoulala commented 6 years ago

the HTTPS issue should have been fixed. I changed it to HTTP which g++ version are you using? fs is new since c++ 14, so it might require a newer version Please note the disassembly part is Windows only right now since I haven;t got a chance to resolve the Linux symbol resolution.

xiaoxing521 commented 6 years ago

The version is 5.4.0. Do you mean that vulnscan is currently only available on windows, or is it only for exe files?

zhutoulala commented 6 years ago

It can run on both Windows and Linux. It just runs better on Windows and functions better against Windows PE files, since most of my developments are focused on Windows. But any PR to extend Linux functionalities is welcome :)

xiaoxing521 commented 6 years ago

I gets it. I need a tool which can detect binary files's vulnerability, and it is best against Linux ELF files. I will try it on windows. thank you very much.

xiaoxing521 commented 6 years ago

I used vulnscan to test the PE programs I collected. These PE programs contained one or more vulnerabilities, but vulnscan did not detect these vulnerabilities. What happened?

zhutoulala commented 6 years ago

Can you please share with me the list of CVEs you were expecting? I will need to take a look and write signatures for them. It would be also great if you can create a PR to add your testing PE files to a folder called something like “test_files”

xiaoxing521 commented 6 years ago

I collected the programs with one or multiple CWE IDs, such as buffer error (i.e., CWE-119) and resource management error (i.e., CWE-399). Does vulnscan identify these vulnerabilities?

zhutoulala commented 6 years ago

I see. It seems what you were looking for is source code level flaw scanner. I don’t think that’s how this project works. You probably want to try coverity

xiaoxing521 commented 6 years ago

Sorry,I didn't know the difference between CWE and CVE before. I‘m looking for binary code level flaw scanner. I collected some source programs with CWE IDs and compiled them into binary programs. I want to detect whether these binary files contain corresponding vulnerabilities.

zhutoulala commented 6 years ago

Interesting idea. Does it even work in your research? I suppose you will need to look into the generated assembly code to see if such CWEs still exist

xiaoxing521 commented 6 years ago

Yes, I am studying this aspect. I tested vulnscan with the SARD verification programs that are not real software. Test case id include 6,7,14,19,39,1000,10001,10003,1758,1775,and so on. I compiled them into binary programs. Can vulnscan detect vulnerabilities of these programs?

zhutoulala commented 6 years ago

I don't think so. Unless you have a list of CVEs that might exists in those test files. vulnscan depends on the signatures to detect CVEs. I will need to add signatures for CVEs that you want to detect

xiaoxing521 commented 6 years ago

Well,If it is not a program with known vulnerabilities, how does vulnscan find the vulnerabilities?

zhutoulala commented 6 years ago

It can't. But i am very interested to see if it's possible to add this feature to detect by CWEs. Let me know if you have any good ideas

xiaoxing521 commented 6 years ago

In the SARD(Software Assurance Reference Dataset), each bad program (i.e., test case) corresponds to one or multiple CWE IDs and gives the location of the vulnerability. I think you can collect such programs for analysis.