BovInspector can be used in the following steps:
-
Extract the results of Fortify. Use ./fvdlParser audit.fvdl file to get static buffer overflow warnings. We save these warnings in the file checklist_bufferoverflow.
-
Install llvm2.9.Compile the testcase to LLVM bitcode,e.g. xx.bc.
-
Use opt –load ./buildCFG.so –buildCFG –targetList=./checklist_bufferoverflow <xx.bc>/dev/null to generate GuideSrc.txt. GuideSrc.txt is consist of warning paths.
-
Rebuild klee in dirctory src/klee symbolic execution,and the new executable file klee in the directory Release+Asserts/bin will be used in step 5.
./configure --with-llvm=/home/$(whoami)/work/llvm-2.9 --with-stp=/home/$(whoami)/work/stp_install --with-uclibc=/home/$(whoami)/work/klee-uclibc --enable-posix-runtimemake -j $(grep -c processor /proc/cpuinfo) ENABLE_OPTIMIZED=1
-
Use our extended klee to inspect buffer overflows with command line option --guided-execution and additional input file GuideSrc.txt.
-
Use python repair.py to repair the vulnerabilities that have been validated. Specially, when we need to repair sprintf buffer overflow, we need copy these two files MY_vsnprintf.h and MY_vsnprintf.c to the directory where the repaired source file is. This is because we need to compute the format length to compare with the size of destination buffer.