From 22235d8da9a3a02e8f8d62921692655910312b80 Mon Sep 17 00:00:00 2001 From: Tim White Date: Sat, 9 Sep 2023 01:03:46 +1200 Subject: [PATCH 01/10] Quick and dirty Perl scripts to produce a script to run shadedetector on all PoVs --- tools/guess_gav.pl | 13 +++++++++++++ tools/run_shadedetector_on_all.pl | 24 ++++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100755 tools/guess_gav.pl create mode 100755 tools/run_shadedetector_on_all.pl diff --git a/tools/guess_gav.pl b/tools/guess_gav.pl new file mode 100755 index 0000000..7d19a54 --- /dev/null +++ b/tools/guess_gav.pl @@ -0,0 +1,13 @@ +#!/usr/bin/perl + +my ($g, $a, $v); + +while (<>) { + if ((// .. m||) && !defined($v)) { + m|(.*?)| and $g = $1; + m|(.*?)| and $a = $1; + m|(.*?)| and $v = $1; + } +} + +print "$g:$a:$v\n"; diff --git a/tools/run_shadedetector_on_all.pl b/tools/run_shadedetector_on_all.pl new file mode 100755 index 0000000..8820cc7 --- /dev/null +++ b/tools/run_shadedetector_on_all.pl @@ -0,0 +1,24 @@ +#!/usr/bin/perl + +use strict; +use warnings; + +my $n = 100; + +foreach my $d () { + my $gav = `tools/guess_gav.pl < $d/pom.xml`; + chomp $gav; + my $exitStatus = `cat $d/mvn_clean_test.exitstatus`; + chomp $exitStatus; + my $sig = ($exitStatus eq '0' ? 'success' : 'failure'); + + #print "$d: $gav\n"; + my ($g, $a, $v) = split /:/, $gav; + + # For now just assume exit status 1 means failures, not errors (it's actually the case for now). + my $cmd = "time java -jar target/shadedetector.jar -g $g -a $a -v $v -vul ../xshady/$d -sig $sig -l log$n-$d.log -vos /home/whitewa/code/shadedetector/vuln_staging -vov /home/whitewa/code/shadedetector/vuln_final"; + + print "$cmd\n"; + + ++$n; +} From 398b90434292506f1ad467f3d1ead79cb00f58dd Mon Sep 17 00:00:00 2001 From: Tim White Date: Sun, 10 Sep 2023 15:47:11 +1200 Subject: [PATCH 02/10] Change stats.log to per-PoV output file --- tools/run_shadedetector_on_all.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/run_shadedetector_on_all.pl b/tools/run_shadedetector_on_all.pl index 8820cc7..bb40722 100755 --- a/tools/run_shadedetector_on_all.pl +++ b/tools/run_shadedetector_on_all.pl @@ -16,7 +16,7 @@ my ($g, $a, $v) = split /:/, $gav; # For now just assume exit status 1 means failures, not errors (it's actually the case for now). - my $cmd = "time java -jar target/shadedetector.jar -g $g -a $a -v $v -vul ../xshady/$d -sig $sig -l log$n-$d.log -vos /home/whitewa/code/shadedetector/vuln_staging -vov /home/whitewa/code/shadedetector/vuln_final"; + my $cmd = "time java -jar target/shadedetector.jar -g $g -a $a -v $v -vul ../xshady/$d -sig $sig -l log$n-$d.log -vos /home/whitewa/code/shadedetector/vuln_staging -vov /home/whitewa/code/shadedetector/vuln_final --stats stats$n-$d"; print "$cmd\n"; From 02027e9a28bcfa5cd69ca990c1fdde7ffe7ef296 Mon Sep 17 00:00:00 2001 From: Tim White Date: Sun, 10 Sep 2023 15:52:17 +1200 Subject: [PATCH 03/10] Add more result recorders for hopefully more detail --- tools/run_shadedetector_on_all.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/run_shadedetector_on_all.pl b/tools/run_shadedetector_on_all.pl index bb40722..2bb93b7 100755 --- a/tools/run_shadedetector_on_all.pl +++ b/tools/run_shadedetector_on_all.pl @@ -16,7 +16,7 @@ my ($g, $a, $v) = split /:/, $gav; # For now just assume exit status 1 means failures, not errors (it's actually the case for now). - my $cmd = "time java -jar target/shadedetector.jar -g $g -a $a -v $v -vul ../xshady/$d -sig $sig -l log$n-$d.log -vos /home/whitewa/code/shadedetector/vuln_staging -vov /home/whitewa/code/shadedetector/vuln_final --stats stats$n-$d"; + my $cmd = "time java -jar target/shadedetector.jar -g $g -a $a -v $v -vul ../xshady/$d -sig $sig -l log$n-$d.log -vos /home/whitewa/code/shadedetector/vuln_staging -vov /home/whitewa/code/shadedetector/vuln_final --stats stats$n-$d -o1 csv.details?dir=results/details$n-$d -o2 csv.summary?file=results/summary$n-$d.csv"; print "$cmd\n"; From 100f9b6cb767c62acc0dde8783e293c07c602d0b Mon Sep 17 00:00:00 2001 From: Tim White Date: Mon, 11 Sep 2023 00:39:07 +1200 Subject: [PATCH 04/10] Specify local cache dir with -cache --- tools/run_shadedetector_on_all.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/run_shadedetector_on_all.pl b/tools/run_shadedetector_on_all.pl index 2bb93b7..773a462 100755 --- a/tools/run_shadedetector_on_all.pl +++ b/tools/run_shadedetector_on_all.pl @@ -16,7 +16,7 @@ my ($g, $a, $v) = split /:/, $gav; # For now just assume exit status 1 means failures, not errors (it's actually the case for now). - my $cmd = "time java -jar target/shadedetector.jar -g $g -a $a -v $v -vul ../xshady/$d -sig $sig -l log$n-$d.log -vos /home/whitewa/code/shadedetector/vuln_staging -vov /home/whitewa/code/shadedetector/vuln_final --stats stats$n-$d -o1 csv.details?dir=results/details$n-$d -o2 csv.summary?file=results/summary$n-$d.csv"; + my $cmd = "time java -jar target/shadedetector.jar -g $g -a $a -v $v -vul ../xshady/$d -sig $sig -l log$n-$d.log -vos /home/whitewa/code/shadedetector/vuln_staging -vov /home/whitewa/code/shadedetector/vuln_final --stats stats$n-$d -o1 csv.details?dir=results/details$n-$d -o2 csv.summary?file=results/summary$n-$d.csv -cache /local/scratch/whitewa/shadedetector/.cache"; print "$cmd\n"; From 9727aaccd8179672464ea10f2fea0ac930d83081 Mon Sep 17 00:00:00 2001 From: Tim White Date: Mon, 11 Sep 2023 10:43:39 +1200 Subject: [PATCH 05/10] Append missing '.log' to stats filenames --- tools/run_shadedetector_on_all.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/run_shadedetector_on_all.pl b/tools/run_shadedetector_on_all.pl index 773a462..40642de 100755 --- a/tools/run_shadedetector_on_all.pl +++ b/tools/run_shadedetector_on_all.pl @@ -16,7 +16,7 @@ my ($g, $a, $v) = split /:/, $gav; # For now just assume exit status 1 means failures, not errors (it's actually the case for now). - my $cmd = "time java -jar target/shadedetector.jar -g $g -a $a -v $v -vul ../xshady/$d -sig $sig -l log$n-$d.log -vos /home/whitewa/code/shadedetector/vuln_staging -vov /home/whitewa/code/shadedetector/vuln_final --stats stats$n-$d -o1 csv.details?dir=results/details$n-$d -o2 csv.summary?file=results/summary$n-$d.csv -cache /local/scratch/whitewa/shadedetector/.cache"; + my $cmd = "time java -jar target/shadedetector.jar -g $g -a $a -v $v -vul ../xshady/$d -sig $sig -l log$n-$d.log -vos /home/whitewa/code/shadedetector/vuln_staging -vov /home/whitewa/code/shadedetector/vuln_final --stats stats$n-$d.log -o1 csv.details?dir=results/details$n-$d -o2 csv.summary?file=results/summary$n-$d.csv -cache /local/scratch/whitewa/shadedetector/.cache"; print "$cmd\n"; From 9b4866ed49c8a62898179df1349d5fb673cbbcae Mon Sep 17 00:00:00 2001 From: Tim White Date: Mon, 18 Sep 2023 13:15:52 +1200 Subject: [PATCH 06/10] Use /usr/bin/time to get memory usage as well as time --- tools/run_shadedetector_on_all.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/run_shadedetector_on_all.pl b/tools/run_shadedetector_on_all.pl index 40642de..3a47c83 100755 --- a/tools/run_shadedetector_on_all.pl +++ b/tools/run_shadedetector_on_all.pl @@ -16,7 +16,7 @@ my ($g, $a, $v) = split /:/, $gav; # For now just assume exit status 1 means failures, not errors (it's actually the case for now). - my $cmd = "time java -jar target/shadedetector.jar -g $g -a $a -v $v -vul ../xshady/$d -sig $sig -l log$n-$d.log -vos /home/whitewa/code/shadedetector/vuln_staging -vov /home/whitewa/code/shadedetector/vuln_final --stats stats$n-$d.log -o1 csv.details?dir=results/details$n-$d -o2 csv.summary?file=results/summary$n-$d.csv -cache /local/scratch/whitewa/shadedetector/.cache"; + my $cmd = "/usr/bin/time java -jar target/shadedetector.jar -g $g -a $a -v $v -vul ../xshady/$d -sig $sig -l log$n-$d.log -vos /home/whitewa/code/shadedetector/vuln_staging -vov /home/whitewa/code/shadedetector/vuln_final --stats stats$n-$d.log -o1 csv.details?dir=results/details$n-$d -o2 csv.summary?file=results/summary$n-$d.csv -cache /local/scratch/whitewa/shadedetector/.cache"; print "$cmd\n"; From 615502ccdd31a41c85bb2abb13664170a0ad9cdf Mon Sep 17 00:00:00 2001 From: Tim White Date: Mon, 18 Sep 2023 14:17:54 +1200 Subject: [PATCH 07/10] Choose dirs more flexibly/automatically --- tools/run_shadedetector_on_all.pl | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/run_shadedetector_on_all.pl b/tools/run_shadedetector_on_all.pl index 3a47c83..4918288 100755 --- a/tools/run_shadedetector_on_all.pl +++ b/tools/run_shadedetector_on_all.pl @@ -5,6 +5,9 @@ my $n = 100; +my $localScratchCacheDir = '/local/scratch/whitewa/shadedetector/.cache'; +my $cacheDir = (-d $localScratchCacheDir ? $localScratchCacheDir : '.'); + foreach my $d () { my $gav = `tools/guess_gav.pl < $d/pom.xml`; chomp $gav; @@ -16,7 +19,7 @@ my ($g, $a, $v) = split /:/, $gav; # For now just assume exit status 1 means failures, not errors (it's actually the case for now). - my $cmd = "/usr/bin/time java -jar target/shadedetector.jar -g $g -a $a -v $v -vul ../xshady/$d -sig $sig -l log$n-$d.log -vos /home/whitewa/code/shadedetector/vuln_staging -vov /home/whitewa/code/shadedetector/vuln_final --stats stats$n-$d.log -o1 csv.details?dir=results/details$n-$d -o2 csv.summary?file=results/summary$n-$d.csv -cache /local/scratch/whitewa/shadedetector/.cache"; + my $cmd = "/usr/bin/time java -jar target/shadedetector.jar -g $g -a $a -v $v -vul ../xshady/$d -sig $sig -l log$n-$d.log -vos $ENV{HOME}/code/shadedetector/vuln_staging -vov $ENV{HOME}/code/shadedetector/vuln_final --stats stats$n-$d.log -o1 csv.details?dir=results/details$n-$d -o2 csv.summary?file=results/summary$n-$d.csv -cache $cacheDir"; print "$cmd\n"; From fba47732b2cfef03a4721852bf58bb8b567969e5 Mon Sep 17 00:00:00 2001 From: Tim White Date: Wed, 20 Sep 2023 10:37:42 +1200 Subject: [PATCH 08/10] Assume we run from a top-level subdir of the shadedetector repo, and put all results directly in it. Should simplify moving results out of the way after a run. --- tools/run_shadedetector_on_all.pl | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tools/run_shadedetector_on_all.pl b/tools/run_shadedetector_on_all.pl index 4918288..291704d 100755 --- a/tools/run_shadedetector_on_all.pl +++ b/tools/run_shadedetector_on_all.pl @@ -6,7 +6,9 @@ my $n = 100; my $localScratchCacheDir = '/local/scratch/whitewa/shadedetector/.cache'; -my $cacheDir = (-d $localScratchCacheDir ? $localScratchCacheDir : '.'); +my $cacheDir = (-d $localScratchCacheDir ? $localScratchCacheDir : "$ENV{HOME}/code/shadedetector/.cache"); +my $jarPath = "../target/shadedetector.jar"; +my $xshadyPath = "$ENV{HOME}/code/xshady"; foreach my $d () { my $gav = `tools/guess_gav.pl < $d/pom.xml`; @@ -19,7 +21,7 @@ my ($g, $a, $v) = split /:/, $gav; # For now just assume exit status 1 means failures, not errors (it's actually the case for now). - my $cmd = "/usr/bin/time java -jar target/shadedetector.jar -g $g -a $a -v $v -vul ../xshady/$d -sig $sig -l log$n-$d.log -vos $ENV{HOME}/code/shadedetector/vuln_staging -vov $ENV{HOME}/code/shadedetector/vuln_final --stats stats$n-$d.log -o1 csv.details?dir=results/details$n-$d -o2 csv.summary?file=results/summary$n-$d.csv -cache $cacheDir"; + my $cmd = "/usr/bin/time java -jar $jarPath -g $g -a $a -v $v -vul $xshadyPath/$d -sig $sig -l log$n-$d.log -vos vuln_staging -vov vuln_final --stats stats$n-$d.log -o1 csv.details?dir=details$n-$d -o2 csv.summary?file=summary$n-$d.csv -cache $cacheDir"; print "$cmd\n"; From c3db30bef00bf760f44c55794abfe67caa336368 Mon Sep 17 00:00:00 2001 From: Tim White Date: Wed, 27 Sep 2023 15:19:18 +1300 Subject: [PATCH 09/10] Add files storing exit status from `mvn clean test`, used for generating run scripts with run_shadedetector_on_all.sh Will probably delete these again once all their info is safely inside pov-project.json files. Note: CVE-2021-44228/mvn_clean_test.exitstatus is being added at its correct (current) value, though it was incorrect for a long time (including some run scripts on piccolo) --- CVE-2013-2186/mvn_clean_test.exitstatus | 1 + CVE-2013-5960/mvn_clean_test.exitstatus | 1 + CVE-2014-0050/mvn_clean_test.exitstatus | 1 + CVE-2015-6420/mvn_clean_test.exitstatus | 1 + CVE-2015-6748/mvn_clean_test.exitstatus | 1 + CVE-2015-7501/mvn_clean_test.exitstatus | 1 + CVE-2016-0779/mvn_clean_test.exitstatus | 1 + CVE-2016-2510/mvn_clean_test.exitstatus | 1 + CVE-2016-5394/mvn_clean_test.exitstatus | 1 + CVE-2016-6798/mvn_clean_test.exitstatus | 1 + CVE-2016-6802/mvn_clean_test.exitstatus | 1 + CVE-2016-7051/mvn_clean_test.exitstatus | 1 + CVE-2017-15717/mvn_clean_test.exitstatus | 1 + CVE-2017-18349/mvn_clean_test.exitstatus | 1 + CVE-2018-1002201/mvn_clean_test.exitstatus | 1 + CVE-2018-10237/mvn_clean_test.exitstatus | 1 + CVE-2018-11771/mvn_clean_test.exitstatus | 1 + CVE-2018-1324/mvn_clean_test.exitstatus | 1 + CVE-2018-8017/mvn_clean_test.exitstatus | 1 + CVE-2019-0225/mvn_clean_test.exitstatus | 1 + CVE-2019-12402/mvn_clean_test.exitstatus | 1 + CVE-2020-1953/mvn_clean_test.exitstatus | 1 + CVE-2021-29425/mvn_clean_test.exitstatus | 1 + CVE-2021-44228/mvn_clean_test.exitstatus | 1 + CVE-2022-25845/mvn_clean_test.exitstatus | 1 + CVE-2022-38749/mvn_clean_test.exitstatus | 1 + CVE-2022-38751/mvn_clean_test.exitstatus | 1 + CVE-2022-42889/mvn_clean_test.exitstatus | 1 + CVE-2022-45688/mvn_clean_test.exitstatus | 1 + 29 files changed, 29 insertions(+) create mode 100644 CVE-2013-2186/mvn_clean_test.exitstatus create mode 100644 CVE-2013-5960/mvn_clean_test.exitstatus create mode 100644 CVE-2014-0050/mvn_clean_test.exitstatus create mode 100644 CVE-2015-6420/mvn_clean_test.exitstatus create mode 100644 CVE-2015-6748/mvn_clean_test.exitstatus create mode 100644 CVE-2015-7501/mvn_clean_test.exitstatus create mode 100644 CVE-2016-0779/mvn_clean_test.exitstatus create mode 100644 CVE-2016-2510/mvn_clean_test.exitstatus create mode 100644 CVE-2016-5394/mvn_clean_test.exitstatus create mode 100644 CVE-2016-6798/mvn_clean_test.exitstatus create mode 100644 CVE-2016-6802/mvn_clean_test.exitstatus create mode 100644 CVE-2016-7051/mvn_clean_test.exitstatus create mode 100644 CVE-2017-15717/mvn_clean_test.exitstatus create mode 100644 CVE-2017-18349/mvn_clean_test.exitstatus create mode 100644 CVE-2018-1002201/mvn_clean_test.exitstatus create mode 100644 CVE-2018-10237/mvn_clean_test.exitstatus create mode 100644 CVE-2018-11771/mvn_clean_test.exitstatus create mode 100644 CVE-2018-1324/mvn_clean_test.exitstatus create mode 100644 CVE-2018-8017/mvn_clean_test.exitstatus create mode 100644 CVE-2019-0225/mvn_clean_test.exitstatus create mode 100644 CVE-2019-12402/mvn_clean_test.exitstatus create mode 100644 CVE-2020-1953/mvn_clean_test.exitstatus create mode 100644 CVE-2021-29425/mvn_clean_test.exitstatus create mode 100644 CVE-2021-44228/mvn_clean_test.exitstatus create mode 100644 CVE-2022-25845/mvn_clean_test.exitstatus create mode 100644 CVE-2022-38749/mvn_clean_test.exitstatus create mode 100644 CVE-2022-38751/mvn_clean_test.exitstatus create mode 100644 CVE-2022-42889/mvn_clean_test.exitstatus create mode 100644 CVE-2022-45688/mvn_clean_test.exitstatus diff --git a/CVE-2013-2186/mvn_clean_test.exitstatus b/CVE-2013-2186/mvn_clean_test.exitstatus new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/CVE-2013-2186/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +1 diff --git a/CVE-2013-5960/mvn_clean_test.exitstatus b/CVE-2013-5960/mvn_clean_test.exitstatus new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/CVE-2013-5960/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +1 diff --git a/CVE-2014-0050/mvn_clean_test.exitstatus b/CVE-2014-0050/mvn_clean_test.exitstatus new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/CVE-2014-0050/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +1 diff --git a/CVE-2015-6420/mvn_clean_test.exitstatus b/CVE-2015-6420/mvn_clean_test.exitstatus new file mode 100644 index 0000000..573541a --- /dev/null +++ b/CVE-2015-6420/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +0 diff --git a/CVE-2015-6748/mvn_clean_test.exitstatus b/CVE-2015-6748/mvn_clean_test.exitstatus new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/CVE-2015-6748/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +1 diff --git a/CVE-2015-7501/mvn_clean_test.exitstatus b/CVE-2015-7501/mvn_clean_test.exitstatus new file mode 100644 index 0000000..573541a --- /dev/null +++ b/CVE-2015-7501/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +0 diff --git a/CVE-2016-0779/mvn_clean_test.exitstatus b/CVE-2016-0779/mvn_clean_test.exitstatus new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/CVE-2016-0779/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +1 diff --git a/CVE-2016-2510/mvn_clean_test.exitstatus b/CVE-2016-2510/mvn_clean_test.exitstatus new file mode 100644 index 0000000..573541a --- /dev/null +++ b/CVE-2016-2510/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +0 diff --git a/CVE-2016-5394/mvn_clean_test.exitstatus b/CVE-2016-5394/mvn_clean_test.exitstatus new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/CVE-2016-5394/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +1 diff --git a/CVE-2016-6798/mvn_clean_test.exitstatus b/CVE-2016-6798/mvn_clean_test.exitstatus new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/CVE-2016-6798/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +1 diff --git a/CVE-2016-6802/mvn_clean_test.exitstatus b/CVE-2016-6802/mvn_clean_test.exitstatus new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/CVE-2016-6802/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +1 diff --git a/CVE-2016-7051/mvn_clean_test.exitstatus b/CVE-2016-7051/mvn_clean_test.exitstatus new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/CVE-2016-7051/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +1 diff --git a/CVE-2017-15717/mvn_clean_test.exitstatus b/CVE-2017-15717/mvn_clean_test.exitstatus new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/CVE-2017-15717/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +1 diff --git a/CVE-2017-18349/mvn_clean_test.exitstatus b/CVE-2017-18349/mvn_clean_test.exitstatus new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/CVE-2017-18349/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +1 diff --git a/CVE-2018-1002201/mvn_clean_test.exitstatus b/CVE-2018-1002201/mvn_clean_test.exitstatus new file mode 100644 index 0000000..573541a --- /dev/null +++ b/CVE-2018-1002201/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +0 diff --git a/CVE-2018-10237/mvn_clean_test.exitstatus b/CVE-2018-10237/mvn_clean_test.exitstatus new file mode 100644 index 0000000..573541a --- /dev/null +++ b/CVE-2018-10237/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +0 diff --git a/CVE-2018-11771/mvn_clean_test.exitstatus b/CVE-2018-11771/mvn_clean_test.exitstatus new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/CVE-2018-11771/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +1 diff --git a/CVE-2018-1324/mvn_clean_test.exitstatus b/CVE-2018-1324/mvn_clean_test.exitstatus new file mode 100644 index 0000000..573541a --- /dev/null +++ b/CVE-2018-1324/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +0 diff --git a/CVE-2018-8017/mvn_clean_test.exitstatus b/CVE-2018-8017/mvn_clean_test.exitstatus new file mode 100644 index 0000000..573541a --- /dev/null +++ b/CVE-2018-8017/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +0 diff --git a/CVE-2019-0225/mvn_clean_test.exitstatus b/CVE-2019-0225/mvn_clean_test.exitstatus new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/CVE-2019-0225/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +1 diff --git a/CVE-2019-12402/mvn_clean_test.exitstatus b/CVE-2019-12402/mvn_clean_test.exitstatus new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/CVE-2019-12402/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +1 diff --git a/CVE-2020-1953/mvn_clean_test.exitstatus b/CVE-2020-1953/mvn_clean_test.exitstatus new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/CVE-2020-1953/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +1 diff --git a/CVE-2021-29425/mvn_clean_test.exitstatus b/CVE-2021-29425/mvn_clean_test.exitstatus new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/CVE-2021-29425/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +1 diff --git a/CVE-2021-44228/mvn_clean_test.exitstatus b/CVE-2021-44228/mvn_clean_test.exitstatus new file mode 100644 index 0000000..573541a --- /dev/null +++ b/CVE-2021-44228/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +0 diff --git a/CVE-2022-25845/mvn_clean_test.exitstatus b/CVE-2022-25845/mvn_clean_test.exitstatus new file mode 100644 index 0000000..573541a --- /dev/null +++ b/CVE-2022-25845/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +0 diff --git a/CVE-2022-38749/mvn_clean_test.exitstatus b/CVE-2022-38749/mvn_clean_test.exitstatus new file mode 100644 index 0000000..573541a --- /dev/null +++ b/CVE-2022-38749/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +0 diff --git a/CVE-2022-38751/mvn_clean_test.exitstatus b/CVE-2022-38751/mvn_clean_test.exitstatus new file mode 100644 index 0000000..573541a --- /dev/null +++ b/CVE-2022-38751/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +0 diff --git a/CVE-2022-42889/mvn_clean_test.exitstatus b/CVE-2022-42889/mvn_clean_test.exitstatus new file mode 100644 index 0000000..573541a --- /dev/null +++ b/CVE-2022-42889/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +0 diff --git a/CVE-2022-45688/mvn_clean_test.exitstatus b/CVE-2022-45688/mvn_clean_test.exitstatus new file mode 100644 index 0000000..573541a --- /dev/null +++ b/CVE-2022-45688/mvn_clean_test.exitstatus @@ -0,0 +1 @@ +0 From 1333b84d02652810aceb1c2e5f4f04e5f91ba85f Mon Sep 17 00:00:00 2001 From: Tim White Date: Wed, 27 Sep 2023 16:26:47 +1300 Subject: [PATCH 10/10] Auto-determine testSignalWhenVulnerable from saved exit code of `mvn clean test` when possible --- tools/create-pov-project.js | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tools/create-pov-project.js b/tools/create-pov-project.js index cc7b810..f000396 100644 --- a/tools/create-pov-project.js +++ b/tools/create-pov-project.js @@ -86,12 +86,22 @@ if (json.affected.length > 1) { const nvdUrl = 'https://nvd.nist.gov/vuln/detail/' const ghsaUrl = 'https://github.com/advisories/' +let testSignalWhenVulnerable = "success|failure"; // User needs to figure out which +try { + const mvnTestExitStatus = fs.readFileSync('mvn_clean_test.exitstatus'); + testSignalWhenVulnerable = mvnTestExitStatus === '1' ? 'failure' : 'success'; + console.error(`Auto-determined testSignalWhenVulnerable=${testSignalWhenVulnerable}`); +} catch (e) { + // Ignore; most likely the file did not exist + console.error('Could not auto-determine testSignalWhenVulnerable'); +} + const xshady = { id: cve, artifact: affected.package.name, vulnerableVersions: affected.versions, fixVersion: null, - testSignalWhenVulnerable: "success|failure", + testSignalWhenVulnerable, references: [nvdUrl + cve, ghsaUrl + ghsa] }