GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → squizz617 → vuddy

squizz617 / vuddy

Licence: MIT License
VUDDY: A Scalable and Accurate Vulnerable Code Clone Detector (S&P'17)

Programming Languages

c
50402 projects - #5 most used programming language
python
139335 projects - #7 most used programming language
java
68154 projects - #9 most used programming language
ANTLR
299 projects
shell
77523 projects

VUDDY (a.k.a. hmark)

VUDDY is an approach for scalable and accurate vulnerable code clone detection. This approach is specifically designed to accurately find vulnerabilities in massive code bases (e.g., Linux kernel, 25 MLoC). Principles and results are discussed in our paper, which was published in 38th IEEE Symposium on Security and Privacy (S&P'17).

hmark is the implementation of VUDDY, which is also the client-side preprocessing tool for "Vulnerable Code Clone Detection" testing provided by IoTcube, an automated vulnerability testing platform. Details are available here.

This project is a part of the "international collaborative research", which was conducted by CSSA (Center for Software Security and Assurrance).

Getting Started with hmark

Prerequisites

  • Linux or OS X - hmark is designed to work on any of the operating systems. Tested OS distributions include Ubuntu 14.04, 16.04, and 18.04, Fedora 25, and OS X. Let me know if your OS is not supported.
  • Python 2, version 2.7.10 or newer - earlier versions may work, but not tested.
  • python-tk package - install from your package manager.
  • Java Runtime Environment (JRE) - We recommend openjdk-8-jre.

Running hmark

  1. cd hmark
  2. python hmark.py [-h] [-c path ON/OFF] [-n] [-V]

You can see the help message below by passing an -h (or --help) argument.

usage: python hmark.py [-h] [-c path ON/OFF] [-n] [-V]

- optional arguments:
  -h, --help            show this help message and exit

  -c path ON/OFF, --cli-mode path ON/OFF
                        run hmark without GUI by specifying the path to the
                        target directory, and the abstraction mode
  -n, --no-updatecheck  bypass update checking (not recommended)
  -V, --version         print hmark version and exit
  1. Upload the resulting hidx file on IoTcube's Vulnerable Code Clone Detection testing.

Binary Release

Instead of running hmark from source code, you can also download and execute prebuilt binaries. Binaries for Windows, Linux, and OS X are available here.

Reporting Bugs

For reporting bugs, you can submit an issue to the VUDDY GitHub, or send me an email. Feel free to send pull requests if you have suggestions or bugfixes!

About

This program is authored and maintained by Seulbae Kim

GitHub @squizz617

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].