Coccigrep: a semantic grep for C language

Similar documents
Suricata IDPS and Linux kernel

Suricata IDPS and Nftables: The Mixed Mode

Advanced SmPL: Finding Missing IS ERR tests

Coccinelle. Julia Lawall (Inria/Irill/LIP6) August 19, 2015

nftables, far more than %s/ip/nf/g

Finding Error Handling Bugs in OpenSSL using Coccinelle

Coccinelle Usage (version 0.1.7)

Suricata Extreme Performance Tuning With Incredible Courage

Introduction to Coccinelle

Coccinelle: A Program Matching and Transformation Tool for Systems Code

Identity-based firewalling

SmPL: A Domain-Specic Language for Specifying Collateral Evolutions in Linux Device Drivers

Netfilter updates since last NetDev. NetDev 2.2, Seoul, Korea (Nov 2017) Pablo Neira Ayuso

Netfilter updates since last NetDev. NetDev 2.2, Seoul, Korea (Nov 2017) Pablo Neira Ayuso

Documenting and Automating Collateral Evolutions in Linux Device Drivers

Linux for Safety Critical Applications: Hunting down bug patterns

Intrusion Detection Systems. Evan Misshula

Suricata Performance with a S like Security

DDMD AND AUTOMATED CONVERSION FROM C++ TO D

Coccinelle: Practical Program Transformation for the Linux Kernel. Julia Lawall (Inria/LIP6) June 25, 2018

Zero Day Attack Prevention via Single Packet Authorization

How Double-Fetch Situations turn into Double-Fetch Vulnerabilities:

Suricata 2.0, Netfilter and the PRC

CptS 360 (System Programming) Unit 3: Development Tools

libqsearch A library designed for fast multiple pattern matching

Snorting... gdmr, October 2014

CSE 451 Section 2 XK Lab 1 Design. Wi18

Inside the Mind of a Coccinelle Programmer

Using (Suricata over) PF_RING for NIC-Independent Acceleration

Coding Tools for Research

Bachelor s Thesis : Finding Bugs in Open Source Software using Coccinelle

ntop Users Group Meeting

INF4820: Algorithms for Artificial Intelligence and Natural Language Processing. Common Lisp Fundamentals

Netdev 0.1 Netfilter BoF. Pete Bohman, Platform Security Engineer Joshua Hunt, Kernel Engineer

Raw Packet Capture in the Cloud: PF_RING and Network Namespaces. Alfredo

Netfilter. Fedora Core 5 setting up firewall for NIS and NFS labs. June 2006

Coccinelle Usage (version )

Memory management. Johan Montelius KTH

Coccinelle: Tool support for automated CERT C Secure Coding Standard certification

Outline. Cgroup hierarchies

Coccinelle: Bug Finding for the Linux Community

IT Certification Exams Provider! Weofferfreeupdateserviceforoneyear! h ps://

Increasing Automation in the Backporting of Linux Drivers Using Coccinelle

Semantic Patches. Yoann Padioleau EMN Julia L. Lawall DIKU Gilles Muller EMN

Using Gstreamer for building Automated Webcasting Systems

Coccinelle: A Program Matching and Transformation Tool for Linux

Advances In Single Packet Authorization

<Insert Picture Here> GCC and C++, again

Introduction to Click

Aalborg Universitet. Published in: Science of Computer Programming. DOI (link to publication from Publisher): /j.scico

websnort Documentation

Understanding the Genetic Makeup of Linux Device Drivers

Network and Filesystem Security

Supporting Cloud Native with DPDK and containers KEITH INTEL CORPORATION

StochDynamicProgramming.jl : a Julia package for multistage stochastic optimization.

Building an IPS solution for inline usage during Red Teaming

CS 31: Intro to Systems Pointers and Memory. Kevin Webb Swarthmore College October 2, 2018

Outline. Cgroup hierarchies

Reinventing the Enlightenment Object System

Project No. 2: Process Scheduling in Linux Submission due: April 12, 2013, 11:59pm

Implementation of F# language support in JetBrains Rider IDE

Beyond JavaScript Frameworks: Writing Reliable Web Apps With. Elm. Erik Wendel DevDays Vilnius 2018

Netfilter: Making large iptables rulesets scale. OpenSourceDays 2008 d.4/

Certification. Securing Networks

Better Stories, Better Languages

Economies of Scale in Hacking Dave Aitel Immunity

How to Talk To Windows. What did it say?

Parallel Processing with the SMP Framework in VTK. Berk Geveci Kitware, Inc.

A Survivor's Guide to Contributing to the Linux Kernel

Tizen-Meta as Security and Connectivity Layers For Yocto Project

McAfee Endpoint Security

SoarDoc. Presented on Thursday, 26 June 2003 By: David Ray

Cuckoo Monitor Documentation

Abram Hindle Kitchener Waterloo Perl Monger October 19, 2006

COMPUTER SCIENCE TRIPOS

MASSIVE SCALE USB DEVICE DRIVER FUZZ WITHOUT DEVICE. HC Tencent s XuanwuLab

SLURM Operation on Cray XT and XE

netfilters connection tracking subsystem

Increasing Automation in the Backporting of Linux Drivers Using Coccinelle

SAS Enterprise Guide Moving from 4.1 to 4.3 What s New and Different?

An External Integrity Checker for Increasing Security of Open Source Operating Systems

ENCM 501 Winter 2019 Assignment 9

LINUX VULNERABILITIES, WINDOWS EXPLOITS Escalating Privileges with WSL. Saar Amar Recon brx 2018

JavaScript CS 4640 Programming Languages for Web Applications

DMA safety in buffers for Linux Kernel device drivers

CREATING A COMMON SOFTWARE VERBS IMPLEMENTATION

Getting Memcached Secure. NEC OSS Promotion Center KaiGai Kohei

System Wide Tracing User Need

Best Practices in Programming

The Bro Network Security Monitor

Hardening servers for the modern internet

The Assimilation Monitoring Project or How to assimilate a million servers and not get indigestion.

Developing Kubernetes Services

Soar Mazin Assanie, John Laird, Joseph Xu

Belle II - Git migration

Editor - Project Browser

NfSen and NFDUMP 16th TF-CSIRT Meeting Sept 15th 2005, Lisbon Peter Haag

MC: Meta-level Compilation

Kernel Probes for ARM. Quentin Barnes Motorola - Mobile Devices April 17, 2007

Introduction to Linux Part 2b: basic scripting. Brett Milash and Wim Cardoen CHPC User Services 18 January, 2018

Transcription:

Coccigrep: a semantic grep for C language Éric Leblond Stamus Networks April 27, 2014 Éric Leblond (Stamus Networks) Coccigrep: a semantic grep for C language April 27, 2014 1 / 14

Eric Leblond a.k.a Regit French Network security expert Free Software enthousiast NuFW project creator (Now ufwi), EdenWall co-founder Netfilter developer: Maintainer of ulogd2: Netfilter logging daemon Misc contributions: NFQUEUE library and associates Port of some features iptables to nftables Currently: co-founder of Stamus Networks, a company providing Suricata based network probe appliances. Suricata IDS/IPS funded developer Éric Leblond (Stamus Networks) Coccigrep: a semantic grep for C language April 27, 2014 2 / 14

Coccinelle, a program matching and transformation engine Matching and transformation A command line tool for matching and transformation Understand C semantic Used for Find and fix bug in code Update code and API Search code Some facts Heavily used in Linux kernel Real impact on Linux: http://coccinelle.lip6.fr/impact_linux.php Semantic patches are included in Linux source tree Developped in ocaml Éric Leblond (Stamus Networks) Coccigrep: a semantic grep for C language April 27, 2014 3 / 14

Semantic patches Definition A transformation language based on the patch syntax, extending patches to semantic patches. Interest A single small semantic patch can modify hundreds of files semantic patch is generic and is abstracting away the specific details and variations at each code site don t care of spacing or variable name Support of isomorphisms Coding style can vary and multiple expression are equivalent For example: if (!y) if (y == NULL) if (NULL == y) Éric Leblond (Stamus Networks) Coccigrep: a semantic grep for C language April 27, 2014 4 / 14

Simple real life patching Use macro instead of direct access action field in Packet structure must not be accessed directly For test, we need to use a macro named TEST_PACKET_ACTION A semantic patch @@ Packet p ; expression E ; @@ p >a c t i o n & E + TEST_PACKET_ACTION( p, E) Patching the code spatch s p _ f i l e a c t i o n. cocci in_place src / c g i t d i f f s t a t 12 f i l e s changed, 77 i n s e r t i o n s ( + ), 76 d e l e t i o n s ( ) Éric Leblond (Stamus Networks) Coccigrep: a semantic grep for C language April 27, 2014 5 / 14

Coccinelle for testing Detect invalid usage All project have coding rules and internal API Coccinelle can be used to enforce via Matching Alerting Use Python for output @script : python@ p1 << zeroed. p1 ; @@ p r i n t " Err at %s:%s " % ( p1 [ 0 ]. f i l e, p1 [ 0 ]. l i n e ) import sys sys. e x i t ( 1 ) Éric Leblond (Stamus Networks) Coccigrep: a semantic grep for C language April 27, 2014 6 / 14

Coccinelle for testing Detecting direct usage of action field @action@ typedef Packet ; Packet p ; p o s i t i o n p1 ; @@ p >action@p1 @ s c r i p t : python @ p1 << a c t i o n. p1 ; @@ p r i n t " I n v a l i d usage of p >a c t i o n at %s:%s " % ( p1 [ 0 ]. f i l e, p1 [ 0 ]. l i n e ) import sys sys. e x i t ( 1 ) Éric Leblond (Stamus Networks) Coccigrep: a semantic grep for C language April 27, 2014 7 / 14

Coccigrep A semantic grep for C Search in C code For specific usage of a structure With a tool understanding the code Examples $ coccigrep t Packet h. / tm threads. h:135 ( Packet p ) : tv >tmqh_out ( tv, p ) ;. / tm threads. h:140 ( Packet p ) : TmqhOutputPacketpool ( tv, p ) ;. / tm threads. h:164 ( Packet extra_p ) : i f ( extra_p == NULL). / tm threads. h:168 ( Packet extra_p ) : r = TmThreadsRun ( tv, extra_p ) ; Éric Leblond (Stamus Networks) Coccigrep: a semantic grep for C language April 27, 2014 8 / 14

Coccigrep Operations set: Search where a given attribute of structure type is set used: Search all usage of type structure static: Search where a given attribute of structure type is set func: Search for function having a struct type as argument test: Search where a given attribute of type structure is used in test. deref: Search for usage of a given attribute for a type structure Examples $ coccigrep t Packet a d a t a l i n k o set source c source af packet. c :562 ( Packet p ) : p >d a t a l i n k = ptv >d a t a l i n k ; source napatech. c :273 ( Packet pt ) : pt >d a t a l i n k = LINKTYPE_ETHERNET ; source pcap f i l e. c :141 ( Packet p ) : p >d a t a l i n k = pcap_g. d a t a l i n k ; Éric Leblond (Stamus Networks) Coccigrep: a semantic grep for C language April 27, 2014 9 / 14

Demonstration Éric Leblond (Stamus Networks) Coccigrep: a semantic grep for C language April 27, 2014 10 / 14

Coccigrep and Vim A vim plugin Wrapper for coccigrep command Get a grep like output and jump on line An Emacs plugin exists too Examples : Coccigrep : Coccigrep Packet d a t a l i n k source.c : Coccigrep Packet d a t a l i n k set src Éric Leblond (Stamus Networks) Coccigrep: a semantic grep for C language April 27, 2014 11 / 14

Demonstration Éric Leblond (Stamus Networks) Coccigrep: a semantic grep for C language April 27, 2014 12 / 14

Conclusion Coccinelle is a powerful tool Patch can be written for really complex changes It can save you time And is more accurate than manual changes But difficult to master Terminoly is important A lot of subtilities Coccigrep for search tasks Coccigrep is here to help you do simple search tasks Easy to understand syntax Éric Leblond (Stamus Networks) Coccigrep: a semantic grep for C language April 27, 2014 13 / 14

Questions Thanks Ahuge one to Julia Lawall My father More information coccinelle: http://coccinelle.lip6.fr/ gallery of semantic patches: http://coccinellery.org/ coccigrep: https://home.regit.org/software/coccigrep/ Coccinelle for the newbie: https://home.regit.org/ technical-articles/coccinelle-for-the-newbie/ Éric Leblond (Stamus Networks) Coccigrep: a semantic grep for C language April 27, 2014 14 / 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback