Security Testing Prof. Dr. Andreas Zeller, Dr. Rahul Gopinath

News



24.04.2018

Grades

Dear Students,

you can see your final grades in the CMS. Due to a shoulder injury of Prof. Zeller, the grading took longer than expected. We wish all of you a lot of success in your further studies.

23.03.2018

Project 5 and Project 6

The results for project 5 and project 6 are uploaded. You can see them on your personal page. If you have any concerns, feel free to contact us.

28.02.2018

Project 4 Results

The results for project 4 are uploaded. You can see them on your personal page. If you have any concerns, feel free to contact us.

19.02.2018

Project 3 Results

The results for project 3 are uploaded. You can see them on your personal page. If you have any concerns, feel free to contact us.

31.01.2018

No lecture this Thursday; in-depth talks and seminar this Spring

Dear all,

the planned talk by Christian Holler this Thursday had to be cancelled on short notice.  Hence, there will be no lecture this week; feel free to spend the extra time on your final projects.

Christian will give his talk on "fuzzing in the large" later... Read more

Dear all,

the planned talk by Christian Holler this Thursday had to be cancelled on short notice.  Hence, there will be no lecture this week; feel free to spend the extra time on your final projects.

Christian will give his talk on "fuzzing in the large" later this Spring; we will send out an invite to you all as soon as the details are fixed.

We will also run a "Fuzzing lab" seminar this Summer semester, where you will have the opportunity to apply the techniques from the lecture on a large project.; Details on the seminar and how to register will be announced here as well.

Thank you very much for joining us in the course – it's been a great time for us, and we hope you had some fun, too!

Keep on fuzzing,

Andreas Zeller

29.01.2018

Project 6

We uploaded project 6. The official starting date of this project is Thursday, 2/1/2018. Nevertheless, you can start with the project from now on. Furthermore, since the exam phase is now also starting, you will receive 3 weeks of working time. If you have any... Read more

We uploaded project 6. The official starting date of this project is Thursday, 2/1/2018. Nevertheless, you can start with the project from now on. Furthermore, since the exam phase is now also starting, you will receive 3 weeks of working time. If you have any questions (especially regarding the assignment), please do not hesitate to ask questions.

19.01.2018

Project 2 Results

The results for project 2 are uploaded. You can see them on your personal page.

18.01.2018

Project 5

Project 5 is uploaded. Submit until 02.02.2018 04:00.

09.01.2018

Project 4 Deadline Extension

The submission deadline for project 4 has been extended until Friday, 2018-01-19 at 4 am.

This extension has no effect on any upcoming deadlines.

05.01.2018

Implementing For loop -- Hints

For those who are having trouble with implementing a `for loop`, think how you can translate a `for loop` to a `while loop` in Python.

04.01.2018

Project 1 Grade Adjustment

We have adjusted your grades for Project 1 to better represent your performance.
You will find the updated grades on your personal page.

22.12.2017

Project 1 Results

The results for Project 1 are uploaded, you can see them on your personal status page.

19.12.2017

Memory profiling

If you find that the memory usage of your Python program is increasing suspiciously, Python 3.4 and later has a new memory profiling API called tracemalloc. The tracemalloc module allows you to take a snapshot of your memory at various points, and compare them to... Read more

If you find that the memory usage of your Python program is increasing suspiciously, Python 3.4 and later has a new memory profiling API called tracemalloc. The tracemalloc module allows you to take a snapshot of your memory at various points, and compare them to determine which objects have grown.

An example from the Python documentation below:

import tracemalloc
tracemalloc.start()
# ... start your application ...

snapshot1 = tracemalloc.take_snapshot()
# ... call the function leaking memory ...
snapshot2 = tracemalloc.take_snapshot()

top_stats = snapshot2.compare_to(snapshot1, 'lineno')

print("[ Top 10 differences ]")
for stat in top_stats[:10]:
    print(stat)

 

14.12.2017

Solving the evofuzz - Hints

Note that in `evofuzz.py` you have this TODO:

    # TODO for STUDENTS: Change example.cgi_decode to the given function
    import example
    ffn.capture_coverage(lambda: example.cgi_decode(term))
    cov_arcs = {(i,j) for f,i,j,src,l in... Read more

Note that in `evofuzz.py` you have this TODO:

    # TODO for STUDENTS: Change example.cgi_decode to the given function
    import example
    ffn.capture_coverage(lambda: example.cgi_decode(term))
    cov_arcs = {(i,j) for f,i,j,src,l in ffn.cdata_arcs}

There are two things to notice here. The first is that you are collecting the coverage only for the `cgi_decode` or the corresponding function. However, if you trace how the branch coverage gets called, you will see that the branch coverage includes lines from evofuzz.py. Your first job is to filter that. (This is why the cov_arcs assignment is left as a statement there.) Filter the cov_arcs to contain only those lines that belong to `cgi_decode` or whichever function you are using. You can query the CFG (cfg variable) which is a hashmap with lines as keys for those lines that belong to a specific function.

Second, you do not need the sentinel node. You will get errors saying node '0' is not present in branch_cov. You can safely delete the node 0 by

del ffn.branch_cov[0]

You will need to do the same while collecting the covered/not-covered nodes. That is, choose only those nodes such that both parent and child are in cfg, and has function `cgi_decode`.

Here is another piece of the puzzle. You need to only look for uncovered nodes within the function cgi_decode and check_triangle. That is, you can safely filter out the nodes from the main when you look for un-covered nodes. The following fragment will do that for you.

    def useful(p): return ffn.cfg[p]['function'] not in ['', 'main']
    def not_covered_nodes(cfg):
        not_covered = set()
        for l in ffn.cfg:
            if not useful(l): continue
            for p in ffn.cfg[l]['parents']:
                if not useful(p): continue
                if (p, l) not in cov_arcs: not_covered.add((p, l))
        return not_covered
    not_covered = not_covered_nodes(ffn.cfg)

You are welcome to ping me or come to my office if you are completely stuck.

14.12.2017

Project 3 Deadline Extended

Due to numerous reports of technical difficulties we are extending the deadline of project 3 by one week (Friday 2017-12-22, 4am).

13.12.2017

Office Hour

Due to popular demand we will hold an office hour tomorrow (Thursday 2017-12-14) from 11:00  to 12:00 in room 2.22 in CISPA. 

Feel free to drop by to discuss your technical questions.
 

12.12.2017

Disabling pygraphviz

For those on Ubuntu 16.xx that are unable to install pygraphviz, it is possible to make do with a pure python library called pydot. Once you have installed pydot with pip3 install pydot, these are the changes in pycfg.py that can get you the dot file. Once you have... Read more

For those on Ubuntu 16.xx that are unable to install pygraphviz, it is possible to make do with a pure python library called pydot. Once you have installed pydot with pip3 install pydot, these are the changes in pycfg.py that can get you the dot file. Once you have the dot file created with a command such as python3 pycfg.py cgidecode.py -d -y example.cov, you can open the dotfile, and paste its contents in `http://viz-js.com/` to view the generated graph.

 

diff --git a/07-Search-Based Fuzzing/code/pycfg.py b/07-Search-Based Fuzzing/code/pycfg.py
index 298f85d..a4e6d5a 100755
--- a/07-Search-Based Fuzzing/code/pycfg.py
+++ b/07-Search-Based Fuzzing/code/pycfg.py
@@ -9,7 +9,7 @@ Use http://viz-js.com/ to view digraph output
 import ast
 import re
 import astunparse
-import pygraphviz
+import pydot

 class CFGNode(dict):
     registry = 0
@@ -68,24 +68,25 @@ class CFGNode(dict):
             for i in ['if', 'while', 'for', 'elif']:
                 v = re.sub(r'^_%s:' % i, '%s:' % i, v)
             return v
-        G = pygraphviz.AGraph(directed=True)
+        G = pydot.Graph('mygrap', graph_type='digraph')
         cov_lines = [i for i,j in arcs]
         for nid, cnode in CFGNode.cache.items():
-            G.add_node(cnode.rid)
+            node = pydot.Node(cnode.rid)
+            G.add_node(node)
             n = G.get_node(cnode.rid)
             lineno = cnode.lineno()
-            n.attr['label'] = "%d: %s" % (lineno, unhack(cnode.source()))
+            node.set('label', "%d: %s" % (lineno, unhack(cnode.source())))
             for pn in cnode.parents:
                 plineno = pn.lineno()
                 if arcs:
                     if  (plineno, lineno) in arcs:
-                        G.add_edge(pn.rid, cnode.rid, color='blue')
+                         G.add_edge(pydot.Edge(pn.rid, cnode.rid, color='blue'))
                     elif plineno == lineno and lineno in cov_lines:
-                        G.add_edge(pn.rid, cnode.rid, color='blue')
+                         G.add_edge(pydot.Edge(pn.rid, cnode.rid, color='blue'))
                     else:
-                        G.add_edge(pn.rid, cnode.rid, color='red')
+                         G.add_edge(pydot.Edge(pn.rid, cnode.rid, color='red'))
                 else:
-                    G.add_edge(pn.rid, cnode.rid)
+                    G.add_edge(pydot.Edge(pn.rid, cnode.rid))
         return G

 class PyCFG:
@@ -421,8 +422,7 @@ if __name__ == '__main__':
         cfg = PyCFG()
         cfg.gen_cfg(slurp(args.pythonfile).strip())
         g = CFGNode.to_graph(arcs)
-        g.draw('out.png', prog='dot')
-        print(g.string(), file=sys.stderr)
+        print(g.to_string(), file=sys.stderr)
     elif args.cfg:
         cfg,first,last = get_cfg(args.pythonfile)
         for i in sorted(cfg.keys()):

11.12.2017

Fixed Error in JSON Grammar

We fixed a small error in the JSON grammar which caused a "No Parse" for some of your generated inputs. A wrong ordering in the "$NUMBER" production rule caused the faulty behavior.

Please make sure to update to the latest version of the "project3.zip" file, in... Read more

We fixed a small error in the JSON grammar which caused a "No Parse" for some of your generated inputs. A wrong ordering in the "$NUMBER" production rule caused the faulty behavior.

Please make sure to update to the latest version of the "project3.zip" file, in particular the newest JSON grammar file.

04.12.2017

Updated Test Subjects

We updated the test subjects in the project zip to make calling the subjects easier for you.

Now each subjects contains a method called main which expects a string as argument.

01.12.2017

Bug in Branch Distance Computation

We found a bug in the branch distance computation and updated the slides of lecture 7 accordingly. Also, we updated the files under "Code Samples" and in project 3. 

Please update your project code accordingly (i.e. interp.py and dexpr.py).

Furthermore, we... Read more

We found a bug in the branch distance computation and updated the slides of lecture 7 accordingly. Also, we updated the files under "Code Samples" and in project 3. 

Please update your project code accordingly (i.e. interp.py and dexpr.py).

Furthermore, we made some clarifications regarding the needed dependencies of our provided libraries in the project 3 description.

23.11.2017

Project 3

Project 3 will be handed out next Thursday (11/30/17) evening.

10.11.2017

Project 1 Deadline Extension

The submission deadline for project 1 has been extended until Tuesday, 2017-11-14 at 4 am.

This extension has no effect on any upcoming deadlines.



Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators