[benchmark] add xfig, xsane, and zangband

benchmark/xfig/3.2.8-3/Dockerfile

@@ -0,0 +1,15 @@
+FROM prosyslab/bug-bench-base
+
+RUN apt-get -y update
+RUN apt-get -y install wget flex
+
+COPY build.sh $SRC
+ENV PROGRAM=xfig-3.2.8-3
+
+ENV URL=https://github.com/prosyslab-warehouse/xfig-3.2.8-3
+ENV GIT_REPO_NAME=xfig
+
+RUN git clone $URL
+RUN mv $GIT_REPO_NAME $PROGRAM
+
+WORKDIR $PROGRAM

benchmark/xfig/3.2.8-3/build.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+if [[ $1 == "sparrow" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "infer" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "codeql" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "haechi" ]]; then
+  echo "not ready yet"
+else
+  echo "Unknown build target"
+  exit 1
+fi

benchmark/xfig/3.2.8-3/label.json

@@ -0,0 +1,37 @@
+[{
+  "project": "xfig",
+  "version": "3.2.8-3",
+  "file": "src/w_help.c",
+  "line": 55,
+  "type": "buffer-overflow",
+  "CVE": null,
+  "report": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992395",
+  "patch": null,
+  "code": "https://github.com/prosyslab-warehouse/xfig-3.2.8-3/blob/master/src/w_help.c#L55",
+  "source": {
+    "file": "src/w_help.c",
+    "line": 55,
+    "code": "https://github.com/prosyslab-warehouse/xfig-3.2.8-3/blob/master/src/w_help.c#L55"
+  },
+  "sink": {
+    "file": "src/w_help.c",
+    "line": 55,
+    "code": "https://github.com/prosyslab-warehouse/xfig-3.2.8-3/blob/master/src/w_help.c#L55"
+  },
+  "bug-trace": [{
+    "file": "src/w_help.c",
+    "line": 55,
+    "code": "https://github.com/prosyslab-warehouse/xfig-3.2.8-3/blob/master/src/w_help.c#L55",
+    "cmd": "getenv"
+  }, {
+    "file": "src/w_help.c",
+    "line": 55,
+    "code": "https://github.com/prosyslab-warehouse/xfig-3.2.8-3/blob/master/src/w_help.c#L55",
+    "cmd": "sprintf"
+  }],
+  "similarity": [{
+    "ID": "buffer-overflow1-1",
+    "bug": "https://github.com/prosyslab-warehouse/owasp-tutorial/blob/master/tutorial/buffer-overflow1.c#L12",
+    "score": 1
+  }]
+}]

benchmark/xsane/0.999/Dockerfile

@@ -0,0 +1,15 @@
+FROM prosyslab/bug-bench-base
+
+RUN apt-get -y update
+RUN apt-get -y install wget flex
+
+COPY build.sh $SRC
+ENV PROGRAM=xsane-0.999
+
+ENV URL=https://github.com/prosyslab-warehouse/xsane-0.999
+ENV GIT_REPO_NAME=xsane
+
+RUN git clone $URL
+RUN mv $GIT_REPO_NAME $PROGRAM
+
+WORKDIR $PROGRAM

benchmark/xsane/0.999/build.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+if [[ $1 == "sparrow" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "infer" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "codeql" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "haechi" ]]; then
+  echo "not ready yet"
+else
+  echo "Unknown build target"
+  exit 1
+fi

benchmark/xsane/0.999/label.json

@@ -0,0 +1,47 @@
+[{
+  "project": "xsane",
+  "version": "0.999",
+  "file": "src/xsane-viewer.c",
+  "line": 2365,
+  "type": "integer-overflow",
+  "CVE": null,
+  "report": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993579",
+  "patch": null,
+  "code": "https://github.com/prosyslab-warehouse/xsane-0.999/blob/master/src/xsane-viewer.c#L2365",
+  "source": {
+    "file": "src/xsane-save.c",
+    "line": 518,
+    "code": "https://github.com/prosyslab-warehouse/xsane-0.999/blob/master/src/xsane-save.c#L518"
+  },
+  "sink": {
+    "file": "src/xsane-viewer.c",
+    "line": 2365,
+    "code": "https://github.com/prosyslab-warehouse/xsane-0.999/blob/master/src/xsane-viewer.c#L2365"
+  },
+  "bug-trace": [{
+    "file": "src/xsane-save.c",
+    "line": 518,
+    "code": "https://github.com/prosyslab-warehouse/xsane-0.999/blob/master/src/xsane-save.c#L518",
+    "cmd": "fscanf"
+  }, {
+    "file": "src/xsane-viewer.c",
+    "line": 570,
+    "code": "https://github.com/prosyslab-warehouse/xsane-0.999/blob/master/src/xsane-save.c#L570",
+    "cmd": "return"
+  }, {
+    "file": "src/xsane-viewer.c",
+    "line": 2365,
+    "code": "https://github.com/prosyslab-warehouse/xsane-0.999/blob/master/src/xsane-viewer.c#L2365",
+    "cmd": "multiply"
+  }, {
+    "file": "src/xsane-viewer.c",
+    "line": 2365,
+    "code": "https://github.com/prosyslab-warehouse/xsane-0.999/blob/master/src/xsane-viewer.c#L2365",
+    "cmd": "malloc"
+  }],
+  "similarity": [{
+    "ID": "CWE190_01-CWE190_Integer_Overflow__char_fscanf_multiply-1",
+    "bug": "https://github.com/arichardson/juliet-test-suite-c/blob/master/testcases/CWE190_Integer_Overflow/s01/CWE190_Integer_Overflow__char_fscanf_multiply_01.c#L32",
+    "score": 0.87
+  }]
+}]

benchmark/zangband/2.7.5/Dockerfile

@@ -0,0 +1,15 @@
+FROM prosyslab/bug-bench-base
+
+RUN apt-get -y update
+RUN apt-get -y install wget flex
+
+COPY build.sh $SRC
+ENV PROGRAM=zangband-2.7.5
+
+ENV URL=https://github.com/prosyslab-warehouse/zangband-2.7.5
+ENV GIT_REPO_NAME=zangband
+
+RUN git clone $URL
+RUN mv $GIT_REPO_NAME $PROGRAM
+
+WORKDIR $PROGRAM

benchmark/zangband/2.7.5/build.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+if [[ $1 == "sparrow" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "infer" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "codeql" ]]; then
+  echo "not ready yet"
+elif [[ $1 == "haechi" ]]; then
+  echo "not ready yet"
+else
+  echo "Unknown build target"
+  exit 1
+fi

benchmark/zangband/2.7.5/label.json

@@ -0,0 +1,108 @@
+[{
+  "project": "zangband",
+  "version": "2.7.5",
+  "file": "src/xsane-viewer.c",
+  "line": 327,
+  "type": "integer-overflow",
+  "CVE": null,
+  "report": "https://sourceforge.net/p/zangband/bugs/670/",
+  "patch": null,
+  "code": "https://github.com/prosyslab-warehouse/zangband-2.7.5/blob/master/src/maid-x11.c#L327",
+  "source": {
+    "file": "src/maid-x11.c",
+    "line": 211,
+    "code": "https://github.com/prosyslab-warehouse/zangband-2.7.5/blob/master/src/maid-x11.c#L211"
+  },
+  "sink": {
+    "file": "src/maid-x11.c",
+    "line": 327,
+    "code": "https://github.com/prosyslab-warehouse/zangband-2.7.5/blob/master/src/maid-x11.c#L327"
+  },
+  "bug-trace": [{
+    "file": "src/maid-x11.c",
+    "line": 221,
+    "code": "https://github.com/prosyslab-warehouse/zangband-2.7.5/blob/master/src/maid-x11.c#L211",
+    "cmd": "getc"
+  }, {
+    "file": "src/maid-x11.c",
+    "line": 221,
+    "code": "https://github.com/prosyslab-warehouse/zangband-2.7.5/blob/master/src/maid-x11.c#L211",
+    "cmd": "return"
+  }, {
+    "file": "src/maid-x11.c",
+    "line": 231,
+    "code": "https://github.com/prosyslab-warehouse/zangband-2.7.5/blob/master/src/maid-x11.c#L231",
+    "cmd": "return"
+  }, {
+    "file": "src/maid-x11.c",
+    "line": 327,
+    "code": "https://github.com/prosyslab-warehouse/zangband-2.7.5/blob/master/src/maid-x11.c#L327",
+    "cmd": "multiply"
+  }, {
+    "file": "src/maid-x11.c",
+    "line": 330,
+    "code": "https://github.com/prosyslab-warehouse/zangband-2.7.5/blob/master/src/maid-x11.c#L330",
+    "cmd": "C_MAKE (memory allocation)"
+  }],
+  "similarity": [{
+    "ID": "autotrace-20200219.65",
+    "bug": "https://github.com/prosyslab-warehouse/autotrace-20200219.65/blob/master/src/input-bmp.c#L255",
+    "score": 0.93
+  }]
+}, {
+  "project": "zangband",
+  "version": "2.7.5",
+  "file": "src/tk/plat.c",
+  "line": 535,
+  "type": "buffer-overflow",
+  "CVE": null,
+  "report": null,
+  "patch": null,
+  "code": "https://github.com/prosyslab-warehouse/zangband-2.7.5/blob/master/src/tk/plat.c#L535",
+  "source": {
+    "file": "src/tk/plat.c",
+    "line": 437,
+    "code": "https://github.com/prosyslab-warehouse/zangband-2.7.5/blob/master/src/tk/plat.c#L437"
+  },
+  "sink": {
+    "file": "src/tk/plat.c",
+    "line": 535,
+    "code": "https://github.com/prosyslab-warehouse/zangband-2.7.5/blob/master/src/tk/plat.c#L535"
+  },
+  "bug-trace": [{
+    "file": "src/tk/plat.c",
+    "line": 437,
+    "code": "https://github.com/prosyslab-warehouse/zangband-2.7.5/blob/master/src/tk/plat.c#L437",
+    "cmd": "getc"
+  }, {
+    "file": "src/tk/plat.c",
+    "line": 437,
+    "code": "https://github.com/prosyslab-warehouse/zangband-2.7.5/blob/master/src/tk/plat.c#L437",
+    "cmd": "return"
+  }, {
+    "file": "src/tk/plat.c",
+    "line": 457,
+    "code": "https://github.com/prosyslab-warehouse/zangband-2.7.5/blob/master/src/tk/plat.c#L457",
+    "cmd": "return"
+  }, {
+    "file": "src/tk/plat.c",
+    "line": 529,
+    "code": "https://github.com/prosyslab-warehouse/zangband-2.7.5/blob/master/src/tk/plat.c#L529",
+    "cmd": "assign"
+  }, {
+    "file": "src/tk/plat.c",
+    "line": 535,
+    "code": "https://github.com/prosyslab-warehouse/zangband-2.7.5/blob/master/src/tk/plat.c#L535",
+    "cmd": "multiply"
+  }, {
+    "file": "src/tk/plat.c",
+    "line": 535,
+    "code": "https://github.com/prosyslab-warehouse/zangband-2.7.5/blob/master/src/tk/plat.c#L535",
+    "cmd": "C_MAKE (memory allocation)"
+  }],
+  "similarity": [{
+    "ID": "gdk-pixbuf-2.36.11",
+    "bug": "https://github.com/prosyslab-warehouse/gdk-pixbuf-2.36.11/blob/master/gdk-pixbuf/gdk-pixbuf-loader.c#L459",
+    "score": 0.77
+  }]
+}]