GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → trailofbits → on-edge

trailofbits / on-edge

Licence: Apache-2.0 license
A library for detecting certain improper uses of the "Defer, Panic, and Recover" pattern in Go programs

Programming Languages

go
31211 projects - #10 most used programming language
python
139335 projects - #7 most used programming language
c
50402 projects - #5 most used programming language
shell
77523 projects
Makefile
30231 projects

Labels

dynamic-analysisrace-detector

Projects that are alternatives of or similar to on-edge

Werdlists
⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
Stars: ✭ 216 (+157.14%)
Mutual labels:  dynamic-analysis
awesome-malware-analysis
Defund the Police.
Stars: ✭ 9,181 (+10829.76%)
Mutual labels:  dynamic-analysis
r2frida-book
The radare2 + frida book for Mobile Application assessment
Stars: ✭ 38 (-54.76%)
Mutual labels:  dynamic-analysis
SDA
SDA is a rich cross-platform tool for reverse engineering that focused firstly on analysis of computer games. I'm trying to create a mix of the Ghidra, Cheat Engine and x64dbg. My tool will combine static and dynamic analysis of programs. Now SDA is being developed.
Stars: ✭ 98 (+16.67%)
Mutual labels:  dynamic-analysis
zap-sonar-plugin
Integrates OWASP Zed Attack Proxy reports into SonarQube
Stars: ✭ 66 (-21.43%)
Mutual labels:  dynamic-analysis
jitana
A graph-based static-dynamic hybrid DEX code analysis tool
Stars: ✭ 35 (-58.33%)
Mutual labels:  dynamic-analysis
R2frida Wiki
This repo aims at providing practical examples on how to use r2frida
Stars: ✭ 168 (+100%)
Mutual labels:  dynamic-analysis
Malware-Detection-Tools
A list of awesome malware detection tools
Stars: ✭ 30 (-64.29%)
Mutual labels:  dynamic-analysis
sortcheck
Tool for detecting violations of ordering axioms in qsort/bsearch callbacks.
Stars: ✭ 23 (-72.62%)
Mutual labels:  dynamic-analysis
tiro
TIRO - A hybrid iterative deobfuscation framework for Android applications
Stars: ✭ 20 (-76.19%)
Mutual labels:  dynamic-analysis
aparoid
Static and dynamic Android application security analysis
Stars: ✭ 62 (-26.19%)
Mutual labels:  dynamic-analysis
ptrace-burrito
a friendly wrapper around ptrace
Stars: ✭ 112 (+33.33%)
Mutual labels:  dynamic-analysis
guardrails
guardrails.cs.virginia.edu
Stars: ✭ 18 (-78.57%)
Mutual labels:  dynamic-analysis
Mobileapp Pentest Cheatsheet
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
Stars: ✭ 3,051 (+3532.14%)
Mutual labels:  dynamic-analysis
talvos
Talvos is a dynamic-analysis framework and debugger for Vulkan/SPIR-V programs.
Stars: ✭ 67 (-20.24%)
Mutual labels:  dynamic-analysis
Inspeckage
Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)
Stars: ✭ 2,249 (+2577.38%)
Mutual labels:  dynamic-analysis
allsafe
Intentionally vulnerable Android application.
Stars: ✭ 135 (+60.71%)
Mutual labels:  dynamic-analysis
MsfMania
Python AV Evasion Tools
Stars: ✭ 388 (+361.9%)
Mutual labels:  dynamic-analysis
phuzz
Find exploitable PHP files by parameter fuzzing and function call tracing
Stars: ✭ 53 (-36.9%)
Mutual labels:  dynamic-analysis
libdft64
libdft for Intel Pin 3.x and 64 bit platform. (Dynamic taint tracking, taint analysis)
Stars: ✭ 174 (+107.14%)
Mutual labels:  dynamic-analysis
View All Similar Projects ➔

OnEdge  

OnEdge is a library for detecting certain improper uses of the Defer, Panic, and Recover pattern in Go programs. OnEdge is lightweight in that it is easy to incorporate into your project and tries to stay out of your way as much as possible.

What sort of problems does OnEdge detect?

OnEdge detects global state changes that occur between (1) the entry point to a function that defers a call to recover and (2) the point at which recover is called. Often, such global state changes are unintentional, e.g., the programmer didn't realize that code executed before a panic could have a lasting effect on their program's behavior.

How does OnEdge work?

OnEdge reduces the problem of finding such global state changes to one of race detection. When the program enters a function that defers a call to recover, OnEdge launches a shadow thread. If that function later panics, then the function is re-executed in the shadow thread. If doing so causes the shadow thread to make a global state change before calling recover, then that change appears as a data race and can be reported by Go's race detector.

When Go's race detector is disabled, OnEdge does nothing.

Limitations

  1. OnEdge is a dynamic analysis, and like all dynamic analyses, its effectiveness depends upon the workload to which you subject your program. In other words, for OnEdge to detect some global state change, you must provide inputs to your program that cause it to make that global state change.

  2. For some programs, OnEdge's results are non-deterministic, i.e., OnEdge could report a global state change for some runs of the program, but not for others. We believe this is because ThreadSanitizer (on which Go's race detector is built) is itself non-deterministic.

  3. OnEdge is not currently thread safe. For now, you should not, e.g., call WrapFunc from two separate threads.

  4. If your program is multithreaded, then use of OnEdge may cause spurious data races to be reported. If you think that your program may contain a legitimate data race, then we recommend that you deal with that before enabling OnEdge. Further investigation into this issue is needed.

Incorporating OnEdge into your project

To incorporate OnEdge into your project, you must do three things:

  1. Wrap function bodies that defer calls to recover in onedge.WrapFunc(func() { ... }).

  2. Within those wrapped function bodies, wrap calls to recover in onedge.WrapRecover( ... ).

  3. Run your program with Go's race detector enabled, e.g., go run -race mysrc.go.

A function to which steps 1 and 2 have been applied might look something like this:

func handle(request Request) {
    onedge.WrapFunc(func() {
        defer func() {
            if r := onedge.WrapRecover(recover()); r != nil {
                log.Println(r)
            }
        }()
        ...
        // Panicky code that potentially modifies global state
        ...
    })
}

Step 3 will cause data races to be reported for global state changes that occur:

  • after entry to a function body wrapped by WrapFunc
  • but before a recover wrapped by WrapRecover.

An example can be found in the example subdirectory.

Note that while global state changes in the shadow thread are reported, they still occur. Be aware that if, say, those changes have external effects (e.g., a write to a database on an external machine), then those effects happen twice: once via the main thread and once via the shadow thread. (Of course, this is exactly the sort of problem that OnEdge is meant to detect.)

Testing OnEdge

OnEdge itself can be tested in two ways:

  • make basic_test performs a set of basic tests.
  • make nested_test tests nested uses of WrapFunc. This test is expensive as it performs a 2^22 exhaust. On a MacBook Pro, this test takes the better part of a work day to run.

Scripts

The scripts subdirectory contains some experimental scripts for filtering the Go race detector's output.

References

License

The code in this repository is licensed under the Apache 2.0 license.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].