{"id":30901881,"url":"https://github.com/shellphish/patchery","last_synced_at":"2025-09-09T07:08:50.936Z","repository":{"id":313560211,"uuid":"1051840907","full_name":"shellphish/PatcherY","owner":"shellphish","description":"An LLM-driven program patcher for fixing vulnerabilities automatically. Originally in Artiphishell.","archived":false,"fork":false,"pushed_at":"2025-09-06T22:54:08.000Z","size":163,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-09-06T23:22:26.978Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shellphish.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-06T20:41:38.000Z","updated_at":"2025-09-06T22:54:11.000Z","dependencies_parsed_at":"2025-09-06T23:22:30.200Z","dependency_job_id":"bdb4bb1a-3464-46fa-a547-ae446f869f4c","html_url":"https://github.com/shellphish/PatcherY","commit_stats":null,"previous_names":["shellphish/patchery"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/shellphish/PatcherY","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shellphish%2FPatcherY","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shellphish%2FPatcherY/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shellphish%2FPatcherY/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shellphish%2FPatcherY/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shellphish","download_url":"https://codeload.github.com/shellphish/PatcherY/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shellphish%2FPatcherY/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274260703,"owners_count":25251940,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-09T02:00:10.223Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-09-09T07:08:48.269Z","updated_at":"2025-09-09T07:08:50.909Z","avatar_url":"https://github.com/shellphish.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PatcherY\nPatcherY is the next-generation [Patcherex](https://github.com/angr/patcherex), targeting source code and buildable\nprojects. \n\n## Installation\nIn a normal scenario, you can just install using the pip package:\n```bash\npip install -e .\n```\n\nHowever, for AIxCC development, you should also run the setup script in the root of this directory:\n```bash\n./setup.sh\n```\n\nThis will copy down the tests-data repo, build the local container, and make symlinks to the data.\nThe size of the container is around ~8GB, so make sure you have enough space.\n\nTo understand how to develop and test effectively, please refer to the [Developing](#developing) section.\n\n\n## AIxCC Usage (independent) \nNormal runs from the command line look something like this:\n```bash \npatchery --generate-verified-patch \\\n --src-root ./tests/targets/hamlin/challenge/src/ \\\n --run-script ./tests/targets/hamlin/challenge/run.sh \\\n --lang \"C++\" \\\n --report-file ./tests/reports/hamlin_report.txt \\\n ...\n --output-path \"./output.patch\"\n```\n\nThe best way to understand how to run it is looking at the [test_aicc.py](/tests/test_aicc.py) file.\n\n### Linux Example\nMost of the AICC targets supported can be found as a single end-to-end test in the [test_aicc.py](/tests/test_aicc.py) file.\nAs an example, you can run just the nginx exemplar test with:\n```bash\npytest tests/test_aicc.py::TestPatcheryAICC::test_nginx_exemplar -s \n```\n\n### OSS-FUZZ Example\n```bash\nexport ENABLE_LLM_ANALYZER=1\nexport OSS_FUZZ_TARGET=1\nexport AGENTLIB_SAVE_FILES=0\npytest tests/test_ossfuzz.py::TestPatcheryOssFuzz::test_ossfuzz_xs_47443 -s -v\n```\n\nThis will take around 10 mins to run with all verification steps.\nAn example of the output is:\n```\nDEBUG | 2024-06-11 04:07:30,159 | patchery.patcher | 🤖 Starting the 1/10 run ...\nDEBUG | 2024-06-11 04:07:30,159 | patchery.patcher | Generating patch 1/1...\nDEBUG | 2024-06-11 04:07:30,159 | patchery.generator.llm_patch_generator | 🔍 Generating patch...\nDEBUG | 2024-06-11 04:07:30,259 | patchery.generator.llm_patch_generator | 💭 Prompting with prompt len=36505\nDEBUG | 2024-06-11 04:07:47,520 | patchery.generator.llm_patch_generator | 💭 Proposed patch: \u003cPatch: T16A314213F278F24033FD319656B88444973290B89B280E9722294778667407ED2ACB52\u003e\nDEBUG | 2024-06-11 04:07:47,793 | patchery.generator.llm_patch_generator | ✅ Diff successfully generated:\ndiff --git a/net/tipc/crypto.c b/net/tipc/crypto.c\nindex 24b78d9d0..dfbb94d23 100644\n--- a/net/tipc/crypto.c\n+++ b/net/tipc/crypto.c\n@@ -2305,6 +2305,13 @@ static bool tipc_crypto_key_rcv(struct tipc_crypto *rx, struct tipc_msg *hdr)\n goto exit;\n }\n\n+ /* Check key length to avoid buffer overflow */\n+ if (unlikely(keylen \u003e size - (TIPC_AEAD_ALG_NAME + sizeof(__be32)))) {\n+ pr_err(\"%s: key length is too large\\n\", rx-\u003ename);\n+ kfree(skey); /* Free the allocated memory to prevent memory leak */\n+ goto exit;\n+ }\n+\n /* Copy key from msg data */\n skey-\u003ekeylen = keylen;\n memcpy(skey-\u003ealg_name, data, TIPC_AEAD_ALG_NAME);\n\nINFO | 2024-06-11 04:07:47,793 | patchery.verifier.patch_verifier | 🔬 Running CompileVerificationPass now...\nINFO | 2024-06-11 04:08:04,898 | patchery.verifier.patch_verifier | ✅ CompileVerificationPass passed\n...\n```\n\n## Patch Ranking\nPatcherY uses a ranking system to determine the best patch in the presence of multiple verified patches.\nTo use the ranker, you can run the following command:\n```bash\npatchery --continuous-ranking \\\n --rank-patches /mock_cp/resources/patches/ \\\n --rank-output-dir /mock_cp/resources/patches/ \\\n --rank-timeout 10 --rank-wait-time 3\n```\n\nThis runs the ranker in a loop for a max of `10` seconds and an in-loop wait for `3` seconds.\nThis will have output on stdout like so, every `3` seconds:\n```\nINFO | 2024-07-04 21:06:55,663 | patchery.ranker.patch_ranker | Ranking output written to patch_ranks_1720152415.json\n...\n```\n\nThe output format looks like this:\n```json\n{\n \"ranks\": [\n \"/mock_cp/resources/patches/patch.sdasda\", \n \"/mock_cp/resources/patches/patch.aaaaaa\"\n ], \n \"invalidated_patches\": [], \n \"patch_info\": {\n \"/mock_cp/resources/patches/patch.sdasda\": 7.467698726104354, \n \"/mock_cp/resources/patches/patch.aaaaaa\": 8.622736323949841\n }, \n \"timestamp\": 1720152415\n}\n```\n\n## Developing\nTo develop/debug PatcherY, you must first have run the setup script:\n```bash\n./setup.sh\n```\n\nYou should now have the test data in `./artiphishell-tests-data` that will get linked to testing directories.\nTo verify that your setup is correct, run the nginx exemplar test:\n```bash\npytest tests/test_aicc.py::TestPatcheryAICC::test_nginx_exemplar -s \n```\n\nThis should take around 5 mins to run and should produce a verified patch.\n\nThe way PatcherY testcases work is the following:\n1. You run `pytest` \n2. The testcase will start a container based on `aixcc-patchery` image and mount the test data\n3. The command that is normally run in the artiphishell is run in the container\n\n### Debugging\nTo debug, you want to first set a breakpoint in some code in PatcherY. For instance, you\ncan set it in the beginning of the `patchery/patcher.py` file by adding this line:\n```python\nbreakpoint()\n```\n\nNow run the testcase you want to debug with the `DEBUG` variable:\n```bash\nDEBUG=1 pytest tests/test_aicc.py::TestPatcheryAICC::test_nginx_exemplar -s \n```\n\nThis will start the container the test runs in and break right before the PatcherY command is run.\nIt will print out the instructions that look something like this:\n```md\n=====================================\n# Copy and run the following command in another terminal:\ndocker exec -it c5c1cb8a9e2d568bf299aeeb87c490e3d01f2ce31386eca13e9e0ff824387ae9 /bin/bash -c 'patchery --generate-aixcc-patch --target-root /home/mahaloz/github/artiphishell/components/patchery/tests/tmp/patchery/tmp3d74k79__target --alerting-inputs /patchery/tests/aicc_testing/nginx/backup_4657771bd193f7185e973c773a547161_0/crashing_seeds --patch-output-dir /home/mahaloz/github/artiphishell/components/patchery/tests/tmp/patchery/tmp3d74k79__target/patches --patch-meta-output-dir /home/mahaloz/github/artiphishell/components/patchery/tests/tmp/patchery/tmp3d74k79__target/patches_meta --raw-report /patchery/tests/aicc_testing/nginx/backup_4657771bd193f7185e973c773a547161_0/report.yaml --sanitizer-string \"AddressSanitizer: heap-buffer-overflow\" --function-json-dir /patchery/tests/aicc_testing/nginx/backup_4657771bd193f7185e973c773a547161_0/function_out_dir --function-indices /patchery/tests/aicc_testing/nginx/backup_4657771bd193f7185e973c773a547161_0/function_indices.json --functions-by-commit-jsons-dir /patchery/tests/aicc_testing/nginx/backup_4657771bd193f7185e973c773a547161_0/functions_by_commits --indices-by-commit /patchery/tests/aicc_testing/nginx/backup_4657771bd193f7185e973c773a547161_0/commit_indices.json --report-yaml /patchery/tests/aicc_testing/nginx/backup_4657771bd193f7185e973c773a547161_0/poi.yaml --crashing-commit 8e2a8e613fe5b6f03cb8e0c27180a468671f03a8 '\n=====================================\n```\n\nCopy and paste this command into another terminal and run it. You will now in that terminal be broken where you set\nthe earlier breakpoint. When you are done, simply `exit` in both terminals.\n\n### Adding a new testcase\nTo add a new testcase you first need to acquire a backup of the target you want to test.\nAssuming you have the backup in `/tmp/backup.tar.gz`, you can do the following:\n1. Make a new directory in `tests/aicc_testing/` with the name of your target (if it's new)\n```bash\nmkdir tests/aicc_testing/my_target\n```\n\n2. Convert the backup to the mini-format for PatcherY. This will output something like `backup_abcdefg1234567_0`.\n```bash\n./scripts/backup_to_testfiles.py --backup /tmp/backup.tar.gz --output ./tests/aicc_testing/my_target/\n```\n\n3. Make a new pytest testcase in `test_aicc.py` (or OSSFuzz if it is an OSSFuzz target)\n```python\ndef test_my_new_target(self):\n local_backup = TEST_DIR / \"aicc_testing/my_target/backup_abcdefg1234567_0\"\n self.container, resource_dir, tmp_dir = setup_aicc_target(\n ...\n )\n run_and_validate_patcher(\n ...\n )\n``` \n\nCongratulations, you have now added a new testcase!\n\n## Features\nHere are the features that can be turned on by setting specific environment variables. Each feature is independent and can be enabled or disabled individually.\n\nDefault Features:\nMODEL=xxx, default is oai-gpt-4o\n\n- Multi Poi","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshellphish%2Fpatchery","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshellphish%2Fpatchery","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshellphish%2Fpatchery/lists"}