[benchmark] add rtcw, sa-exim, sane, and scheme48

prosyslab · Nov 15, 2024 · a7a5416 · a7a5416
1 parent bf959fa
commit a7a5416
Show file tree

Hide file tree

Showing 13 changed files with 387 additions and 1 deletion.
diff --git a/benchmark/gimp/2.6.7/label.json b/benchmark/gimp/2.6.7/label.json
@@ -33,7 +33,39 @@
   "CVE": "CVE-2009-1570",
   "report": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1570",
   "patch": "https://gitlab.gnome.org/GNOME/gimp/commit/df2b0aca2e7cdb95ebfd3454c65aaba0a83e9bbe",
-  "code": "https://github.com/prosyslab-warehouse/gimp-2.6.7/blob/master/plug-ins/file-bmp/bmp-read.c#L630"
+  "code": "https://github.com/prosyslab-warehouse/gimp-2.6.7/blob/master/plug-ins/file-bmp/bmp-read.c#L630",
+  "bug-trace": [{
+    "file": "plug-ins/file-bmp/bmp-read.c",
+    "line": 251,
+    "code": "https://github.com/prosyslab-warehouse/gimp-2.6.7/blob/master/plug-ins/file-bmp/bmp-read.c#L251",
+    "cmd": "read"
+  }, {
+    "file": "plug-ins/file-bmp/bmp-read.c",
+    "line": 459,
+    "code": "https://github.com/prosyslab-warehouse/gimp-2.6.7/blob/master/plug-ins/file-bmp/bmp-read.c#L459",
+    "cmd": "assign"
+  }, {
+    "file": "plug-ins/file-bmp/bmp-read.c",
+    "line": 460,
+    "code": "https://github.com/prosyslab-warehouse/gimp-2.6.7/blob/master/plug-ins/file-bmp/bmp-read.c#L460",
+    "cmd": "assign"
+  }, {
+    "file": "plug-ins/file-bmp/bmp-read.c",
+    "line": 455,
+    "code": "https://github.com/prosyslab-warehouse/gimp-2.6.7/blob/master/plug-ins/file-bmp/bmp-read.c#L455",
+    "cmd": "multiply"
+  }, {
+    "file": "plug-ins/file-bmp/bmp-read.c",
+    "line": 482,
+    "code": "https://github.com/prosyslab-warehouse/gimp-2.6.7/blob/master/plug-ins/file-bmp/bmp-read.c#L482",
+    "cmd": "call"
+  }, {
+    "file": "plug-ins/file-bmp/bmp-read.c",
+    "line": 630,
+    "code": "https://github.com/prosyslab-warehouse/gimp-2.6.7/blob/master/plug-ins/file-bmp/bmp-read.c#L630",
+    "cmd": "malloc"
+  }]
+
 }, {
   "project": "gimp",
   "version": "2.6.7",

diff --git a/benchmark/rtcw/1.5.1/Dockerfile b/benchmark/rtcw/1.5.1/Dockerfile
@@ -0,0 +1,15 @@
+FROM prosyslab/bug-bench-base
+
+RUN apt-get -y update
+RUN apt-get -y install wget flex
+
+COPY build.sh $SRC
+ENV PROGRAM=rtcw-1.5.1
+
+ENV URL=https://github.com/prosyslab-warehouse/rtcw-1.5.1
+ENV GIT_REPO_NAME=rtcw
+
+RUN git clone $URL
+RUN mv $GIT_REPO_NAME $PROGRAM
+
+WORKDIR $PROGRAM
diff --git a/benchmark/rtcw/1.5.1/build.sh b/benchmark/rtcw/1.5.1/build.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+if [[ $1 == "sparrow" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "infer" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "codeql" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "haechi" ]]; then
+  echo "not ready yet"
+else
+  echo "Unknown build target"
+  exit 1
+fi
diff --git a/benchmark/rtcw/1.5.1/label.json b/benchmark/rtcw/1.5.1/label.json
@@ -0,0 +1,72 @@
+[{
+  "project": "rtcw",
+  "version": "1.5.1",
+  "file": "SP/code/qcommon/md4.c",
+  "line": 145,
+  "type": "buffer-overflow",
+  "CVE": null,
+  "report": null,
+  "patch": null,
+  "code": "https://github.com/prosyslab-warehouse/rtcw-1.5.1/blob/master/SP/code/qcommon/md4.c#L145",
+  "source": {
+    "file": "SP/code/qcommon/files.c",
+    "line": 1823,
+    "code": "https://github.com/prosyslab-warehouse/rtcw-1.5.1/blob/master/SP/code/qcommon/files.c#L1823"
+  },
+  "sink": {
+    "file": "SP/code/qcommon/md4.c",
+    "line": 145,
+    "code": "https://github.com/prosyslab-warehouse/rtcw-1.5.1/blob/master/SP/code/qcommon/md4.c#L145"
+  },
+  "bug-trace": [{
+    "file": "SP/code/qcommon/files.c",
+    "line": 1823,
+    "code": "https://github.com/prosyslab-warehouse/rtcw-1.5.1/blob/master/SP/code/qcommon/files.c#L1823",
+    "cmd": "fread"
+  }, {
+    "file": "SP/code/qcommon/files.c",
+    "line": 1841,
+    "code": "https://github.com/prosyslab-warehouse/rtcw-1.5.1/blob/master/SP/code/qcommon/files.c#L1841",
+    "cmd": "return"
+  }, {
+    "file": "SP/code/qcommon/files.c",
+    "line": 2146,
+    "code": "https://github.com/prosyslab-warehouse/rtcw-1.5.1/blob/master/SP/code/qcommon/files.c#L2146",
+    "cmd": "return"
+  }, {
+    "file": "SP/code/qcommon/files.c",
+    "line": 2221,
+    "code": "https://github.com/prosyslab-warehouse/rtcw-1.5.1/blob/master/SP/code/qcommon/files.c#L2221",
+    "cmd": "return"
+  }, {
+    "file": "SP/code/qcommon/cm_load.c",
+    "line": 656,
+    "code": "https://github.com/prosyslab-warehouse/rtcw-1.5.1/blob/master/SP/code/qcommon/cm_load.c#L656",
+    "cmd": "call"
+  }, {
+    "file": "SP/code/qcommon/md4.c",
+    "line": 204,
+    "code": "https://github.com/prosyslab-warehouse/rtcw-1.5.1/blob/master/SP/code/qcommon/md4.c#L204",
+    "cmd": "call"
+  }, {
+    "file": "SP/code/qcommon/md4.c",
+    "line": 193,
+    "code": "https://github.com/prosyslab-warehouse/rtcw-1.5.1/blob/master/SP/code/qcommon/md4.c#L193",
+    "cmd": "call"
+  }, {
+    "file": "SP/code/qcommon/md4.c",
+    "line": 167,
+    "code": "https://github.com/prosyslab-warehouse/rtcw-1.5.1/blob/master/SP/code/qcommon/md4.c#L167",
+    "cmd": "call"
+  }, {
+    "file": "SP/code/qcommon/md4.c",
+    "line": 145,
+    "code": "https://github.com/prosyslab-warehouse/rtcw-1.5.1/blob/master/SP/code/qcommon/md4.c#L145",
+    "cmd": "memcpy"
+  }],
+  "similarity": [{
+    "ID": "zsh-5.4.2",
+    "bug": "https://github.com/prosyslab-warehouse/zsh-5.4.2/blob/master/Src/utils.c#L1665",
+    "score": 0.4
+  }]
+}]
diff --git a/benchmark/sa-exim/4.2.1/Dockerfile b/benchmark/sa-exim/4.2.1/Dockerfile
@@ -0,0 +1,15 @@
+FROM prosyslab/bug-bench-base
+
+RUN apt-get -y update
+RUN apt-get -y install wget flex
+
+COPY build.sh $SRC
+ENV PROGRAM=sa-exim-4.2.1
+
+ENV URL=https://github.com/prosyslab-warehouse/sa-exim-4.2.1
+ENV GIT_REPO_NAME=sa-exim
+
+RUN git clone $URL
+RUN mv $GIT_REPO_NAME $PROGRAM
+
+WORKDIR $PROGRAM
diff --git a/benchmark/sa-exim/4.2.1/build.sh b/benchmark/sa-exim/4.2.1/build.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+if [[ $1 == "sparrow" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "infer" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "codeql" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "haechi" ]]; then
+  echo "not ready yet"
+else
+  echo "Unknown build target"
+  exit 1
+fi
diff --git a/benchmark/sa-exim/4.2.1/label.json b/benchmark/sa-exim/4.2.1/label.json
@@ -0,0 +1,57 @@
+[{
+  "project": "sa-exim",
+  "version": "4.2.1",
+  "file": "sa-exim.c",
+  "line": 974,
+  "type": "command-injection",
+  "CVE": null,
+  "report": null,
+  "patch": null,
+  "code": "https://github.com/prosyslab-warehouse/sa-exim-4.2.1/blob/master/sa-exim.c#L974",
+  "source": {
+    "file": "sa-exim.c",
+    "line": 658,
+    "code": "https://github.com/prosyslab-warehouse/sa-exim-4.2.1/blob/master/sa-exim.c#L658"
+  },
+  "sink": {
+    "file": "sa-exim.c",
+    "line": 974,
+    "code": "https://github.com/prosyslab-warehouse/sa-exim-4.2.1/blob/master/sa-exim.c#L974"
+  },
+  "bug-trace": [{
+    "file": "sa-exim.c",
+    "line": 658,
+    "code": "https://github.com/prosyslab-warehouse/sa-exim-4.2.1/blob/master/sa-exim.c#L658",
+    "cmd": "fgets"
+  }, {
+    "file": "sa-exim.c",
+    "line": 723,
+    "code": "https://github.com/prosyslab-warehouse/sa-exim-4.2.1/blob/master/sa-exim.c#L723",
+    "cmd": "macro call"
+  }, {
+    "file": "sa-exim.c",
+    "line": 699,
+    "code": "https://github.com/prosyslab-warehouse/sa-exim-4.2.1/blob/master/sa-exim.c#L699",
+    "cmd": "strdup"
+  }, {
+    "file": "sa-exim.c",
+    "line": 930,
+    "code": "https://github.com/prosyslab-warehouse/sa-exim-4.2.1/blob/master/sa-exim.c#L930",
+    "cmd": "assign"
+  }, {
+    "file": "sa-exim.c",
+    "line": 938,
+    "code": "https://github.com/prosyslab-warehouse/sa-exim-4.2.1/blob/master/sa-exim.c#L938",
+    "cmd": "assign"
+  }, {
+    "file": "sa-exim.c",
+    "line": 974,
+    "code": "https://github.com/prosyslab-warehouse/sa-exim-4.2.1/blob/master/sa-exim.c#L974",
+    "cmd": "execv"
+  }],
+  "similarity": [{
+    "ID": "CWE78_01-CWE78_OS_Command_Injection__char_file_execl-1",
+    "bug": "https://github.com/arichardson/juliet-test-suite-c/blob/master/testcases/CWE78_OS_Command_Injection/s03/CWE78_OS_Command_Injection__char_file_execl_01.c#L79",
+    "score": 1
+  }]
+}]
diff --git a/benchmark/sane/1.0.14/Dockerfile b/benchmark/sane/1.0.14/Dockerfile
@@ -0,0 +1,15 @@
+FROM prosyslab/bug-bench-base
+
+RUN apt-get -y update
+RUN apt-get -y install wget flex
+
+COPY build.sh $SRC
+ENV PROGRAM=sane-1.0.14
+
+ENV URL=https://github.com/prosyslab-warehouse/sane-1.0.14
+ENV GIT_REPO_NAME=sane
+
+RUN git clone $URL
+RUN mv $GIT_REPO_NAME $PROGRAM
+
+WORKDIR $PROGRAM
diff --git a/benchmark/sane/1.0.14/build.sh b/benchmark/sane/1.0.14/build.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+if [[ $1 == "sparrow" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "infer" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "codeql" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "haechi" ]]; then
+  echo "not ready yet"
+else
+  echo "Unknown build target"
+  exit 1
+fi
diff --git a/benchmark/sane/1.0.14/label.json b/benchmark/sane/1.0.14/label.json
@@ -0,0 +1,42 @@
+[{
+  "project": "sane",
+  "version": "1.0.14",
+  "file": "src/preview.c",
+  "line": 1037,
+  "type": "integer-overflow",
+  "CVE": null,
+  "report": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993580",
+  "patch": null,
+  "code": "https://github.com/prosyslab-warehouse/sane-1.0.14/blob/master/src/preview.c#L1037",
+  "source": {
+    "file": "src/preview.c",
+    "line": 1020,
+    "code": "https://github.com/prosyslab-warehouse/sane-1.0.14/blob/master/src/preview.c#L1020"
+  },
+  "sink": {
+    "file": "src/preview.c",
+    "line": 1037,
+    "code": "https://github.com/prosyslab-warehouse/sane-1.0.14/blob/master/src/preview.c#L1037"
+  },
+  "bug-trace": [{
+    "file": "src/preview.c",
+    "line": 1020,
+    "code": "https://github.com/prosyslab-warehouse/sane-1.0.14/blob/master/src/preview.c#L1020",
+    "cmd": "fscanf"
+  }, {
+    "file": "src/preview.c",
+    "line": 1037,
+    "code": "https://github.com/prosyslab-warehouse/sane-1.0.14/blob/master/src/preview.c#L1037",
+    "cmd": "multiply"
+  }, {
+    "file": "src/preview.c",
+    "line": 1037,
+    "code": "https://github.com/prosyslab-warehouse/sane-1.0.14/blob/master/src/preview.c#L1037",
+    "cmd": "malloc"
+  }],
+  "similarity": [{
+    "ID": "autotrace-20200219.65",
+    "bug": "https://github.com/prosyslab-warehouse/autotrace-20200219.65/blob/master/src/input-bmp.c#L255",
+    "score": 0.87
+  }]
+}]
diff --git a/benchmark/scheme48/1.9.2/Dockerfile b/benchmark/scheme48/1.9.2/Dockerfile
@@ -0,0 +1,15 @@
+FROM prosyslab/bug-bench-base
+
+RUN apt-get -y update
+RUN apt-get -y install wget flex
+
+COPY build.sh $SRC
+ENV PROGRAM=scheme48-1.9.2
+
+ENV URL=https://github.com/prosyslab-warehouse/scheme48-1.9.2
+ENV GIT_REPO_NAME=scheme48
+
+RUN git clone $URL
+RUN mv $GIT_REPO_NAME $PROGRAM
+
+WORKDIR $PROGRAM
diff --git a/benchmark/scheme48/1.9.2/build.sh b/benchmark/scheme48/1.9.2/build.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+if [[ $1 == "sparrow" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "infer" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "codeql" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "haechi" ]]; then
+  echo "not ready yet"
+else
+  echo "Unknown build target"
+  exit 1
+fi