Henrik Brodin
Henrik Brodin
Run: it-depends pip:[email protected] Result: File "/Users/hbrodin/projects/it-depends/venv/bin/it-depends", line 33, in sys.exit(load_entry_point('it-depends', 'console_scripts', 'it-depends')()) File "/Users/hbrodin/projects/it-depends/it_depends/cli.py", line 138, in main package_list = resolve(repo, cache=cache, depth_limit=args.depth_limit, max_workers=args.max_workers) File "/Users/hbrodin/projects/it-depends/it_depends/dependencies.py", line 925, in resolve...
We have a specific case where taint tracking gets lost. ```C #include #include static unsigned char tab[256][8]; void fail(unsigned char *dp, unsigned char *sp) { memcpy(dp, tab[*sp++], 8); } int...
Previously, we've seen some issues related to which api's are instrumented, and how they are instrumented. By just a brief look at the dfsan_abilist.txt I see `bcopy` being uninstrumented. I...
Create a tiny program ```C int main() { return 0; } ``` If instrumented with polytracker it still takes a long time to run (15 secs?) If I run ```shell...
Problem is: __repr__ for FunctionEntry call self.function, which raises a new exception which calls __repr__ which calls... You get a stack trace like this: File "/usr/local/lib/python3.8/dist-packages/polytracker/tracing.py", line 677, in function...
Still very rough and with old/new code mixed. Highlights the main ideas of the section based approach. Test cases for tdag c++ impl won't run due to build problems.
Decide on a more appropriate abstraction for taint sources. Currently it is file-focused, e.g. the file descriptor is stored along side. However, with the introduction of argv tainting this abstraction...
I tried the following sequence: 1. Build the polytracker image: ```shell $ docker build -t trailofbits/polytracker . ... [+] Building 42.0s (20/20) FINISHED ``` 2. Ceated a new virtual env:...
To allow new developers an easier start we should consider extracting the section https://github.com/trailofbits/polytracker#building-polytracker-from-source into a BUILDING.md. We could then describe the steps in detail (command line examples). Hopefully, that...