Git Product home page Git Product logo

hmark's Introduction

VUDDY (a.k.a. hmark)

VUDDY is an approach for scalable and accurate vulnerable code clone detection. This approach is specifically designed to accurately find vulnerabilities in massive code bases (e.g., Linux kernel, 25 MLoC). Principles and results are discussed in our paper, which was published in 38th IEEE Symposium on Security and Privacy (S&P'17).

hmark is the implementation of VUDDY, which is also the client-side preprocessing tool for "Vulnerable Code Clone Detection" testing provided by IoTcube, an automated vulnerability testing platform. Details are available here.

This project is part of the international collaborative research which is being conducted by CSSA (Center for Software Security and Assurrance).

Getting Started with hmark

Prerequisites

You're going to need:

  • Linux or OS X - hmark is designed to work on any of the operating systems. Tested OS distributions include Ubuntu 14.04 and 16.04, Fedora 25, and OS X. Let me know if your OS is not supported.
  • Python 2, version 2.7.10 or newer - earlier versions may work, but unsupported.
  • Java Runtime Environment (JRE) - We recommend openjdk-8-jre.

Usage

  1. cd hmark
  2. python hmark.py [-h] [-c path ON/OFF] [-n] [-V]

You can see the help message below by passing an -h (or --help) argument.

usage: python hmark.py [-h] [-c path ON/OFF] [-n] [-V]

- optional arguments:
    -h, --help            show this help message and exit
    
  -c path ON/OFF, --cli-mode path ON/OFF
                        run hmark without GUI by specifying the path to the
                        target directory, and the abstraction mode
  -n, --no-updatecheck  bypass update checking (not recommended)
  -V, --version         print hmark version and exit
  1. Upload the resulting hidx file on IoTcube's Vulnerable Code Clone Detection testing.

Binary Release

Instead of running hmark from source code, you can also download and execute prebuilt binaries. Binaries for Windows, Linux, and OS X are available here.

Reporting Bugs

For reporting bugs, you can submit an issue to the VUDDY GitHub, or send me a mail. Feel free to send pull requests if you have suggestions or bugfixes!

About

This program is authored and maintained by Seulbae Kim

GitHub @squizz617

hmark's People

Contributors

squizz617 avatar ied206 avatar dngthe93 avatar ktb88 avatar

Stargazers

Chen Rui avatar

Watchers

James Cloos avatar SeunghoonWoo avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.