News

Grades

Written on 24.04.18 by Bjoern Mathis

Dear Students,

you can see your final grades in the CMS. Due to a shoulder injury of Prof. Zeller, the grading took longer than expected. We wish all of you a lot of success in your further studies.

Project 5 and Project 6

Written on 23.03.18 by Bjoern Mathis

The results for project 5 and project 6 are uploaded. You can see them on your personal page. If you have any concerns, feel free to contact us.

Project 4 Results

Written on 28.02.18 by Bjoern Mathis

The results for project 4 are uploaded. You can see them on your personal page. If you have any concerns, feel free to contact us.

Project 3 Results

Written on 19.02.18 by Bjoern Mathis

The results for project 3 are uploaded. You can see them on your personal page. If you have any concerns, feel free to contact us.

No lecture this Thursday; in-depth talks and seminar this Spring

Written on 31.01.18 by Andreas Zeller

Dear all,

the planned talk by Christian Holler this Thursday had to be cancelled on short notice.  Hence, there will be no lecture this week; feel free to spend the extra time on your final projects.

Christian will give his talk on "fuzzing in the large" later this Spring; we will send out an… Read more

Dear all,

the planned talk by Christian Holler this Thursday had to be cancelled on short notice.  Hence, there will be no lecture this week; feel free to spend the extra time on your final projects.

Christian will give his talk on "fuzzing in the large" later this Spring; we will send out an invite to you all as soon as the details are fixed.

We will also run a "Fuzzing lab" seminar this Summer semester, where you will have the opportunity to apply the techniques from the lecture on a large project.; Details on the seminar and how to register will be announced here as well.

Thank you very much for joining us in the course – it's been a great time for us, and we hope you had some fun, too!

Keep on fuzzing,

Andreas Zeller

Project 6

Written on 29.01.18 by Bjoern Mathis

We uploaded project 6. The official starting date of this project is Thursday, 2/1/2018. Nevertheless, you can start with the project from now on. Furthermore, since the exam phase is now also starting, you will receive 3 weeks of working time. If you have any questions (especially regarding the… Read more

We uploaded project 6. The official starting date of this project is Thursday, 2/1/2018. Nevertheless, you can start with the project from now on. Furthermore, since the exam phase is now also starting, you will receive 3 weeks of working time. If you have any questions (especially regarding the assignment), please do not hesitate to ask questions.

Project 2 Results

Written on 19.01.18 by Bjoern Mathis

The results for project 2 are uploaded. You can see them on your personal page.

Project 5

Written on 18.01.18 by Bjoern Mathis

Project 5 is uploaded. Submit until 02.02.2018 04:00.

Project 4 Deadline Extension

Written on 09.01.18 by Bjoern Mathis

The submission deadline for project 4 has been extended until Friday, 2018-01-19 at 4 am.

This extension has no effect on any upcoming deadlines.

Implementing For loop -- Hints

Written on 05.01.18 by Rahul Gopinath

For those who are having trouble with implementing a `for loop`, think how you can translate a `for loop` to a `while loop` in Python.

Project 1 Grade Adjustment

Written on 04.01.18 by Bjoern Mathis

We have adjusted your grades for Project 1 to better represent your performance.
You will find the updated grades on your personal page.

Project 1 Results

Written on 22.12.17 by Bjoern Mathis

The results for Project 1 are uploaded, you can see them on your personal status page.

Memory profiling

Written on 19.12.17 by Rahul Gopinath

If you find that the memory usage of your Python program is increasing suspiciously, Python 3.4 and later has a new memory profiling API called tracemalloc. The tracemalloc module allows you to take a snapshot of your memory at various points, and compare them to determine which objects have… Read more

If you find that the memory usage of your Python program is increasing suspiciously, Python 3.4 and later has a new memory profiling API called tracemalloc. The tracemalloc module allows you to take a snapshot of your memory at various points, and compare them to determine which objects have grown.

An example from the Python documentation below:

import tracemalloc
tracemalloc.start()
# ... start your application ...

snapshot1 = tracemalloc.take_snapshot()
# ... call the function leaking memory ...
snapshot2 = tracemalloc.take_snapshot()

top_stats = snapshot2.compare_to(snapshot1, 'lineno')

print("[ Top 10 differences ]")
for stat in top_stats[:10]:
    print(stat)

 

Solving the evofuzz - Hints

Written on 14.12.17 (last change on 15.12.17) by Rahul Gopinath

Note that in `evofuzz.py` you have this TODO:

    # TODO for STUDENTS: Change example.cgi_decode to the given function
    import example
    ffn.capture_coverage(lambda: example.cgi_decode(term))
    cov_arcs = {(i,j) for f,i,j,src,l in ffn.cdata_arcs}

There are two things to notice… Read more

Note that in `evofuzz.py` you have this TODO:

    # TODO for STUDENTS: Change example.cgi_decode to the given function
    import example
    ffn.capture_coverage(lambda: example.cgi_decode(term))
    cov_arcs = {(i,j) for f,i,j,src,l in ffn.cdata_arcs}

There are two things to notice here. The first is that you are collecting the coverage only for the `cgi_decode` or the corresponding function. However, if you trace how the branch coverage gets called, you will see that the branch coverage includes lines from evofuzz.py. Your first job is to filter that. (This is why the cov_arcs assignment is left as a statement there.) Filter the cov_arcs to contain only those lines that belong to `cgi_decode` or whichever function you are using. You can query the CFG (cfg variable) which is a hashmap with lines as keys for those lines that belong to a specific function.

Second, you do not need the sentinel node. You will get errors saying node '0' is not present in branch_cov. You can safely delete the node 0 by

del ffn.branch_cov[0]

You will need to do the same while collecting the covered/not-covered nodes. That is, choose only those nodes such that both parent and child are in cfg, and has function `cgi_decode`.

Here is another piece of the puzzle. You need to only look for uncovered nodes within the function cgi_decode and check_triangle. That is, you can safely filter out the nodes from the main when you look for un-covered nodes. The following fragment will do that for you.

    def useful(p): return ffn.cfg[p]['function'] not in ['', 'main']
    def not_covered_nodes(cfg):
        not_covered = set()
        for l in ffn.cfg:
            if not useful(l): continue
            for p in ffn.cfg[l]['parents']:
                if not useful(p): continue
                if (p, l) not in cov_arcs: not_covered.add((p, l))
        return not_covered
    not_covered = not_covered_nodes(ffn.cfg)

You are welcome to ping me or come to my office if you are completely stuck.

Project 3 Deadline Extended

Written on 14.12.17 by Bjoern Mathis

Due to numerous reports of technical difficulties we are extending the deadline of project 3 by one week (Friday 2017-12-22, 4am).

Office Hour

Written on 13.12.17 by Nikolas Havrikov

Due to popular demand we will hold an office hour tomorrow (Thursday 2017-12-14) from 11:00  to 12:00 in room 2.22 in CISPA. 

Feel free to drop by to discuss your technical questions.
 

Disabling pygraphviz

Written on 12.12.17 by Rahul Gopinath

For those on Ubuntu 16.xx that are unable to install pygraphviz, it is possible to make do with a pure python library called pydot. Once you have installed pydot with pip3 install pydot, these are the changes in pycfg.py that can get you the dot file. Once you have the dot file created with a command… Read more

For those on Ubuntu 16.xx that are unable to install pygraphviz, it is possible to make do with a pure python library called pydot. Once you have installed pydot with pip3 install pydot, these are the changes in pycfg.py that can get you the dot file. Once you have the dot file created with a command such as python3 pycfg.py cgidecode.py -d -y example.cov, you can open the dotfile, and paste its contents in `http://viz-js.com/` to view the generated graph.

 

diff --git a/07-Search-Based Fuzzing/code/pycfg.py b/07-Search-Based Fuzzing/code/pycfg.py
index 298f85d..a4e6d5a 100755
--- a/07-Search-Based Fuzzing/code/pycfg.py
+++ b/07-Search-Based Fuzzing/code/pycfg.py
@@ -9,7 +9,7 @@ Use http://viz-js.com/ to view digraph output
 import ast
 import re
 import astunparse
-import pygraphviz
+import pydot

 class CFGNode(dict):
     registry = 0
@@ -68,24 +68,25 @@ class CFGNode(dict):
             for i in ['if', 'while', 'for', 'elif']:
                 v = re.sub(r'^_%s:' % i, '%s:' % i, v)
             return v
-        G = pygraphviz.AGraph(directed=True)
+        G = pydot.Graph('mygrap', graph_type='digraph')
         cov_lines = [i for i,j in arcs]
         for nid, cnode in CFGNode.cache.items():
-            G.add_node(cnode.rid)
+            node = pydot.Node(cnode.rid)
+            G.add_node(node)
             n = G.get_node(cnode.rid)
             lineno = cnode.lineno()
-            n.attr['label'] = "%d: %s" % (lineno, unhack(cnode.source()))
+            node.set('label', "%d: %s" % (lineno, unhack(cnode.source())))
             for pn in cnode.parents:
                 plineno = pn.lineno()
                 if arcs:
                     if  (plineno, lineno) in arcs:
-                        G.add_edge(pn.rid, cnode.rid, color='blue')
+                         G.add_edge(pydot.Edge(pn.rid, cnode.rid, color='blue'))
                     elif plineno == lineno and lineno in cov_lines:
-                        G.add_edge(pn.rid, cnode.rid, color='blue')
+                         G.add_edge(pydot.Edge(pn.rid, cnode.rid, color='blue'))
                     else:
-                        G.add_edge(pn.rid, cnode.rid, color='red')
+                         G.add_edge(pydot.Edge(pn.rid, cnode.rid, color='red'))
                 else:
-                    G.add_edge(pn.rid, cnode.rid)
+                    G.add_edge(pydot.Edge(pn.rid, cnode.rid))
         return G

 class PyCFG:
@@ -421,8 +422,7 @@ if __name__ == '__main__':
         cfg = PyCFG()
         cfg.gen_cfg(slurp(args.pythonfile).strip())
         g = CFGNode.to_graph(arcs)
-        g.draw('out.png', prog='dot')
-        print(g.string(), file=sys.stderr)
+        print(g.to_string(), file=sys.stderr)
     elif args.cfg:
         cfg,first,last = get_cfg(args.pythonfile)
         for i in sorted(cfg.keys()):

Fixed Error in JSON Grammar

Written on 11.12.17 by Bjoern Mathis

We fixed a small error in the JSON grammar which caused a "No Parse" for some of your generated inputs. A wrong ordering in the "$NUMBER" production rule caused the faulty behavior.

Please make sure to update to the latest version of the "project3.zip" file, in particular the newest JSON grammar… Read more

We fixed a small error in the JSON grammar which caused a "No Parse" for some of your generated inputs. A wrong ordering in the "$NUMBER" production rule caused the faulty behavior.

Please make sure to update to the latest version of the "project3.zip" file, in particular the newest JSON grammar file.

Updated Test Subjects

Written on 04.12.17 by Bjoern Mathis

We updated the test subjects in the project zip to make calling the subjects easier for you.

Now each subjects contains a method called main which expects a string as argument.

Bug in Branch Distance Computation

Written on 01.12.17 by Bjoern Mathis

We found a bug in the branch distance computation and updated the slides of lecture 7 accordingly. Also, we updated the files under "Code Samples" and in project 3. 

Please update your project code accordingly (i.e. interp.py and dexpr.py).

Furthermore, we made some clarifications regarding the… Read more

We found a bug in the branch distance computation and updated the slides of lecture 7 accordingly. Also, we updated the files under "Code Samples" and in project 3. 

Please update your project code accordingly (i.e. interp.py and dexpr.py).

Furthermore, we made some clarifications regarding the needed dependencies of our provided libraries in the project 3 description.

Project 3

Written on 23.11.17 by Bjoern Mathis

Project 3 will be handed out next Thursday (11/30/17) evening.

Project 1 Deadline Extension

Written on 10.11.17 by Bjoern Mathis

The submission deadline for project 1 has been extended until Tuesday, 2017-11-14 at 4 am.

This extension has no effect on any upcoming deadlines.

Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators.