Skip to content

Fix critical bugs and stabilize attack surface approximation module#11

Draft
krpandrei05 wants to merge 15 commits into
open-crs:mainfrom
krpandrei05:krpandrei/fix/bug-fixes-and-stability
Draft

Fix critical bugs and stabilize attack surface approximation module#11
krpandrei05 wants to merge 15 commits into
open-crs:mainfrom
krpandrei05:krpandrei/fix/bug-fixes-and-stability

Conversation

@krpandrei05

@krpandrei05 krpandrei05 commented May 9, 2026

Copy link
Copy Markdown

This Pull Request introduces a series of critical fixes required to make the attack_surface_approximation module fully functional and stable.

Key changes include:

  • Corrected dictionary generation heuristics (man_parsing, binary_pattern_matching).
  • Fixed memory corruption (heap corruption) and crashes within the QBDI tracer.
  • Resolved permission conflicts between Docker and the host system regarding result files.
  • Optimized fuzzing logic to ensure accurate detection of all valid flags.

This is the final update aimed at stabilizing the execution environment and module dependencies using Poetry, ensuring full compatibility with the OpenCRS framework.

Fixes: #10, Fixes: #12, Fixes: #13, Fixes: #15

This PR addresses the following Dependabot alerts:

  • Fixes #1 : Arbitrary file write in black
  • Fixes #2: ReDoS vulnerability in black

Fixes: open-crs#10
Signed-off-by: Andrei Carp <andrei.krp@gmail.com>
Added a check in the CLI to ensure the --elf option is provided when using binary_pattern_matching, preventing crashes and misleading results.

Fixes: open-crs#12
Signed-off-by: Andrei Carp <andrei.krp@gmail.com>
Added commons library as a local path dependency to fix ModuleNotFoundError and updated Docker SDK to 7.1.0 to support modern URL schemes.

Fixes: open-crs#13, Fixes: open-crs#15
Signed-off-by: Andrei Carp <andrei.krp@gmail.com>
Replaced the hardcoded 'uname' command with the dynamic CONTAINER_EXECUTABLE from configuration. This ensures the fuzzer analyzes the intended binary.

Signed-off-by: Andrei Carp <andrei.krp@gmail.com>
Added a check for argc > 1 before accessing command line arguments in the C tracer. This fixes intermittent crashes when running the binary without arguments during calibration.

Signed-off-by: Andrei Carp <andrei.krp@gmail.com>
Introduced a separate counter for executable segments to avoid out-of-bounds writes. Previously, the global map index was used for a restricted array, causing SIGSEGV.

Signed-off-by: Andrei Carp <andrei.krp@gmail.com>
Migrated from stack allocation to dynamic allocation (malloc) for the hashed buffer and increased its size. This prevents stack corruption caused by buffer overflow when processing a large number of basic blocks.

Signed-off-by: Andrei Carp <andrei.krp@gmail.com>
Added chmod calls to ensure result directories and files created by the root user in Docker are readable by the host Python process.

Signed-off-by: Andrei Carp <andrei.krp@gmail.com>
Added a command to remove CMakeCache.txt before compilation. This ensures that changes to the tracer source or headers are correctly reflected in the compiled library.

Signed-off-by: Andrei Carp <andrei.krp@gmail.com>
Modified the generator to test simple flags before complex combinations. This prevents valid flags from being ignored due to hash collisions with previously seen invalid combinations.

Signed-off-by: Andrei Carp <andrei.krp@gmail.com>
Corrected the return type to bool and added safety checks for null instrumentation hashes in both the validation logic and history tracking. This prevents crashes and incorrect deduplication when Docker runs fail.

Signed-off-by: Andrei Carp <andrei.krp@gmail.com>
Decoupled business logic from presentation in cli.py by introducing run_detection and run_fuzzing helpers. Updated the analyze command to collect all results before rendering, ensuring instantaneous output and eliminating visual latency between static and dynamic analysis phases.

Signed-off-by: Andrei Carp <andrei.krp@gmail.com>
Pinned all dependencies in pyproject.toml to exact versions to ensure environment reproducibility. Updated the black package to a secure version to resolve two critical security vulnerabilities: arbitrary file write via unsanitized cache filenames and Regular Expression Denial of Service (ReDoS).

Fixes: #1, Fixes: #2
Signed-off-by: Andrei Carp <andrei.krp@gmail.com>
@krpandrei05 krpandrei05 force-pushed the krpandrei/fix/bug-fixes-and-stability branch from 56536b2 to b6f0e30 Compare June 15, 2026 10:04
…known limitations

Signed-off-by: Andrei Carp <andrei.krp@gmail.com>
…r output

Run each FLAG and STRING_ENABLER candidate without QBDI and check stderr. Arguments that produce stderr output are invalid getopt options and are removed from results.

Signed-off-by: Andrei Carp <andrei.krp@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

1 participant