[benchmark] add gnuplot, grass, groff, and gv

benchmark/gnuplot/5.4.2/Dockerfile

@@ -0,0 +1,15 @@
+FROM prosyslab/bug-bench-base
+
+RUN apt-get -y update
+RUN apt-get -y install wget flex
+
+COPY build.sh $SRC
+ENV PROGRAM=gnuplot
+
+ENV URL=https://github.com/prosyslab-warehouse/gnuplot-5.4.2
+ENV GIT_REPO_NAME=gnuplot-5.4.2
+
+RUN git clone $URL
+RUN mv $GIT_REPO_NAME $PROGRAM
+
+WORKDIR $PROGRAM

benchmark/gnuplot/5.4.2/build.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+if [[ $1 == "sparrow" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "infer" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "codeql" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "haechi" ]]; then
+  echo "not ready yet"
+else
+  echo "Unknown build target"
+  exit 1
+fi

benchmark/gnuplot/5.4.2/label.json

@@ -0,0 +1,42 @@
+[{
+  "project": "gnuplot",
+  "version": "5.4.2",
+  "file": "term/post.trm",
+  "line": 1445,
+  "type": "format-string",
+  "CVE": null,
+  "report": null,
+  "patch": null,
+  "code": "https://github.com/prosyslab-warehouse/gnuplot-5.4.2/blob/master/term/post.trm#L1445",
+  "source": {
+    "file": "term/post.trm",
+    "line": 1435,
+    "code": "https://github.com/prosyslab-warehouse/gnuplot-5.4.2/blob/master/term/post.trm#L1435"
+  },
+  "sink": {
+    "file": "term/post.trm",
+    "line": 1445,
+    "code": "https://github.com/prosyslab-warehouse/gnuplot-5.4.2/blob/master/term/post.trm#L1445"
+  },
+  "bug-trace": [{
+    "file": "term/post.trm",
+    "line": 1435,
+    "code": "https://github.com/prosyslab-warehouse/gnuplot-5.4.2/blob/master/term/post.trm#L1435",
+    "cmd": "getenv"
+  }, {
+    "file": "term/post.trm",
+    "line": 1437,
+    "code": "https://github.com/prosyslab-warehouse/gnuplot-5.4.2/blob/master/term/post.trm#L1437",
+    "cmd": "sprintf"
+  }, {
+    "file": "term/post.trm",
+    "line": 1445,
+    "code": "https://github.com/prosyslab-warehouse/gnuplot-5.4.2/blob/master/term/post.trm#L1445",
+    "cmd": "popen"
+  }],
+  "similarity": [{
+    "ID": "CWE134_Uncontrolled_Format_String__char_environment_snprintf_05",
+    "bug": "https://github.com/arichardson/juliet-test-suite-c/blob/master/testcases/CWE134_Uncontrolled_Format_String/s02/CWE134_Uncontrolled_Format_String__char_environment_snprintf_05.c#L70",
+    "score": 0.82
+  }]
+}]

benchmark/grass/7.8.5/Dockerfile

@@ -0,0 +1,15 @@
+FROM prosyslab/bug-bench-base
+
+RUN apt-get -y update
+RUN apt-get -y install wget flex
+
+COPY build.sh $SRC
+ENV PROGRAM=grass
+
+ENV URL=https://github.com/prosyslab-warehouse/grass-7.8.5
+ENV GIT_REPO_NAME=grass-7.8.5
+
+RUN git clone $URL
+RUN mv $GIT_REPO_NAME $PROGRAM
+
+WORKDIR $PROGRAM

benchmark/grass/7.8.5/build.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+if [[ $1 == "sparrow" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "infer" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "codeql" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "haechi" ]]; then
+  echo "not ready yet"
+else
+  echo "Unknown build target"
+  exit 1
+fi

benchmark/grass/7.8.5/label.json

@@ -0,0 +1,39 @@
+[{
+  "project": "grass",
+  "version": "7.8.5",
+  "file": "raster/r.out.mpeg/main.c",
+  "line": 404,
+  "type": "buffer-overflow",
+  "CVE": null,
+  "report": null,
+  "patch": null,
+  "code": "https://github.com/prosyslab-warehouse/grass-7.8.5/blob/master/raster/r.out.mpeg/main.c#L404",
+  "source": {
+    "file": "lib/gis/parser.c",
+    "line": 964,
+    "code": "https://github.com/prosyslab-warehouse/grass-7.8.5/blob/master/lib/gis/parser.c#L964"
+  },
+  "sink": {
+    "file": "lib/gis/parser.c",
+    "line": 963,
+    "code": "https://github.com/prosyslab-warehouse/grass-7.8.5/blob/master/lib/gis/parser.c#L963"
+  },
+  "bug-trace": [
+    {
+      "file": "lib/gis/parser.c",
+      "line": 964,
+      "code": "https://github.com/prosyslab-warehouse/grass-7.8.5/blob/master/lib/gis/parser.c#L964",
+      "cmd": "genenv"
+    }, {
+      "file": "lib/gis/parser.c",
+      "line": 963,
+      "code": "https://github.com/prosyslab-warehouse/grass-7.8.5/blob/master/lib/gis/parser.c#L963",
+      "cmd": "sprintf"
+    }
+  ],
+  "similarity": [{
+    "ID": "buffer-overflow1-1",
+    "bug": "https://github.com/prosyslab-warehouse/owasp-tutorial/blob/master/tutorial/buffer-overflow1.c#L12",
+    "score": 1
+  }]
+}]

benchmark/groff/1.20/Dockerfile

@@ -0,0 +1,15 @@
+FROM prosyslab/bug-bench-base
+
+RUN apt-get -y update
+RUN apt-get -y install wget flex
+
+COPY build.sh $SRC
+ENV PROGRAM=groff
+
+ENV URL=https://github.com/prosyslab-warehouse/groff-1.20
+ENV GIT_REPO_NAME=groff-1.20
+
+RUN git clone $URL
+RUN mv $GIT_REPO_NAME $PROGRAM
+
+WORKDIR $PROGRAM

benchmark/groff/1.20/build.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+if [[ $1 == "sparrow" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "infer" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "codeql" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "haechi" ]]; then
+  echo "not ready yet"
+else
+  echo "Unknown build target"
+  exit 1
+fi

benchmark/groff/1.20/label.json

@@ -0,0 +1,44 @@
+[{
+  "project": "groff",
+  "version": "1.20",
+  "file": "src/preproc/grn/hdb.cpp",
+  "line": 187,
+  "type": "integer-overflow",
+  "CVE": null,
+  "report": "https://savannah.gnu.org/bugs/index.php",
+  "patch": null,
+  "code": "https://github.com/prosyslab-warehouse/groff-1.20/blob/master/src/preproc/grn/hdb.cpp#L187",
+  "source": {
+    "file": "src/preproc/grn/hdb.cpp",
+    "line": 185,
+    "code": "https://github.com/prosyslab-warehouse/groff-1.20/blob/master/src/preproc/grn/hdb.cpp#L185"
+  },
+  "sink": {
+    "file": "src/preproc/grn/hdb.cpp",
+    "line": 187,
+    "code": "https://github.com/prosyslab-warehouse/groff-1.20/blob/master/src/preproc/grn/hdb.cpp#L187"
+  },
+  "bug-trace": [
+    {
+      "file": "src/preproc/grn/hdb.cpp",
+      "line": 185,
+      "code": "https://github.com/prosyslab-warehouse/groff-1.20/blob/master/src/preproc/grn/hdb.cpp#L185",
+      "cmd": "fscanf"
+    }, {
+      "file": "src/preproc/grn/hdb.cpp",
+      "line": 187,
+      "code": "https://github.com/prosyslab-warehouse/groff-1.20/blob/master/src/preproc/grn/hdb.cpp#L187",
+      "cmd": "add"
+    }, {
+      "file": "src/preproc/grn/hdb.cpp",
+      "line": 187,
+      "code": "https://github.com/prosyslab-warehouse/groff-1.20/blob/master/src/preproc/grn/hdb.cpp#L187",
+      "cmd": "malloc"
+    }
+  ],
+  "similarity": [{
+    "ID": "CWE190_01-CWE190_Integer_Overflow__char_fscanf_add-1",
+    "bug": "https://github.com/arichardson/juliet-test-suite-c/blob/master/testcases/CWE190_Integer_Overflow/s01/CWE190_Integer_Overflow__char_fscanf_add_01.c#L31",
+    "score": 1
+  }]
+}]

benchmark/gv/3.7.4.1/Dockerfile

@@ -0,0 +1,15 @@
+FROM prosyslab/bug-bench-base
+
+RUN apt-get -y update
+RUN apt-get -y install wget flex
+
+COPY build.sh $SRC
+ENV PROGRAM=gv
+
+ENV URL=https://github.com/prosyslab-warehouse/gv-3.7.4.1
+ENV GIT_REPO_NAME=gv-3.7.4.1
+
+RUN git clone $URL
+RUN mv $GIT_REPO_NAME $PROGRAM
+
+WORKDIR $PROGRAM

benchmark/gv/3.7.4.1/build.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+if [[ $1 == "sparrow" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "infer" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "codeql" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "haechi" ]]; then
+  echo "not ready yet"
+else
+  echo "Unknown build target"
+  exit 1
+fi

benchmark/gv/3.7.4.1/label.json

@@ -0,0 +1,44 @@
+[{
+  "project": "gv",
+  "version": "3.7.4.1",
+  "file": "gv/src/resource.c",
+  "line": 243,
+  "type": "buffer-overflow",
+  "CVE": null,
+  "report": "https://savannah.gnu.org/patch/index.php?10096",
+  "patch": "https://github.com/william8000/gv/commit/1138482d128ba757977f7d3daa2d1684d89a9132#diff-bb4693a954ffbb2d8b74c3f8b1ef12cdab524f06f77ec36105b1d8bc8421f855R233",
+  "code": "https://github.com/prosyslab-warehouse/gv-3.7.4.1/blob/master/gv/src/resource.c#L243",
+  "source": {
+    "file": "gv/src/resource.c",
+    "line": 202,
+    "code": "https://github.com/prosyslab-warehouse/gv-3.7.4.1/blob/master/gv/src/resource.c#L202"
+  },
+  "sink": {
+    "file": "gv/src/resource.c",
+    "line": 243,
+    "code": "https://github.com/prosyslab-warehouse/gv-3.7.4.1/blob/master/gv/src/resource.c#L243"
+  },
+  "bug-trace": [
+    {
+      "file": "src/resource.c",
+      "line": 202,
+      "code": "https://github.com/prosyslab-warehouse/gv-3.7.4.1/blob/master/gv/src/resource.c#L202",
+      "cmd": "getenv"
+    }, {
+      "file": "src/resource.c",
+      "line": 242,
+      "code": "https://github.com/prosyslab-warehouse/gv-3.7.4.1/blob/master/gv/src/resource.c#L242",
+      "cmd": "strcpy"
+    }, {
+      "file": "gv/src/resource.c",
+      "line": 243,
+      "code": "https://github.com/prosyslab-warehouse/gv-3.7.4.1/blob/master/gv/src/resource.c#L243",
+      "cmd": "sprintf"
+    }
+  ],
+  "similarity": [{
+    "ID": "buffer-overflow1-1",
+    "bug": "https://github.com/prosyslab-warehouse/owasp-tutorial/blob/master/tutorial/buffer-overflow1.c#L12",
+    "score": 1
+  }]
+}]