Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/TCA-ISCAS/Cooper

A tool for effective testing the binding layer of scripting languages
https://github.com/TCA-ISCAS/Cooper

fuzzing

Last synced: 4 months ago
JSON representation

A tool for effective testing the binding layer of scripting languages

Host: GitHub
URL: https://github.com/TCA-ISCAS/Cooper
Owner: TCA-ISCAS
License: mit
Created: 2022-01-06T10:56:22.000Z (over 2 years ago)
Default Branch: master
Last Pushed: 2022-06-23T16:45:40.000Z (about 2 years ago)
Last Synced: 2024-01-17T02:04:58.195Z (6 months ago)
Topics: fuzzing
Language: Python
Homepage:
Size: 270 KB
Stars: 73
Watchers: 8
Forks: 12
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Lists

awesome-fuzz - https://github.com/TCA-ISCAS/Cooper

README

        Cooper: Testing the Binding Code of Scripting Languages with Cooperative Mutation

====================================================================================

Cooper utilize cooperative mutation to test the binding

code of scripting languages to find memory-safe issues. Cooperative mutation

simultaneously modifies the script code and the related document objects to explore

various code paths of the binding code. To support cooperative mutation, we infer

the relationship between script code and document objects to guide the two-dimensional mutation. 

We applied our tool Cooper

on three popular commercial software, Adobe Acrobat, Foxit Reader and Microsoft Word.

Cooper detected 134 previously unknown bugs, which resulted in [33 CVE entries](cve-list.md) and

22K bug bounties. Cooper has three components:

* **Object Clustering**: In the begining, Cooper parses the given sample documents to

  extract native objects. To reduce the object search space, Cooper categorizes objects

  into different classes based on their attributes.

* **Relationship Inference**: Then, Cooper infer the relationship between object classes

  and Api groups. Specifically, it produces a large number of documents by combining

  different object classes and API groups, and records the execution results of the

  embedded scripts. Based on the success rate of the script execution and the

  distribution of object classes, Cooper infers the relationship between Api groups

  and object classes.

* **Relatinship-Guided Mutation**: At end, Cooper leverages the inferred relationship

  to guide the object selection, script generation and object mutation. We also design

  several cooperative mutation strategies.

  

The overview of Cooper is illustrated by the diagram below.







For more details, please check [our paper](https://huhong789.github.io/papers/xu:cooper.pdf) published in the 29th Annual Network and Distributed System Security Symposium ([NDSS 2022](https://www.ndss-symposium.org/ndss2022/)).

## Installation & Run

#### Platform

- Windows10 64bit

- Python2

#### Prerequisites

- [PyWin32](https://pypi.org/project/pywin32/), `pip install pywin32`

- [Adobe Acrobat Reader (32bit, English version)](https://www.adobe.com/acrobat/pdf-reader.html), 

  install in the default directory.

- [Microsoft Word (32bit, English version)](https://www.microsoft.com/en-us/download/details.aspx?id=51791),

  install it in the default directory.

#### Collecting PDF/Word samples

You need to prepare some PDF (Word) samples and place them in a folder which will be used as `sample_dir`. 

The number of PDF (Word) samples should be between 10,000 to 20,000. 

We have prepared 200 PDF samples in [DropBox](https://www.dropbox.com/sh/gpqvhqghutosg52/AABmQBJ6eWtABahgVQunfZRga?dl=0),

and 214 word samples in [DropBox](https://www.dropbox.com/sh/88c1arv24qnxrv7/AACAXpPQTvQWNsOlnPNB6GEua?dl=0).

You can test with these small samples, but for better results, use more samples.

#### Usage

```

$ python PdfSolution.py/WordSolution.py    

  

  :   the absolute path of raw pdf samples folder

  :     the absolute path for mid data folder

  :   the absolute path for folder storing generated samples

  : the amount how many input Cooper will generate

```

## Authors

* Peng Xu 

* Yanhao Wang 

* Hong Hu 

* Purui Su 

## Publications

```

Cooper: Testing the Binding Code of Scripting Languages with Cooperative Mutation

@inproceedings{xu:cooper,

  title        = {{Cooper: Testing the Binding Code of Scripting Languages with Cooperative Mutation (To Appear)}},

  author       = {Peng Xu and Yanhao Wang and Hong Hu and Purui Su},

  booktitle    = {Proceedings of the 29th Annual Network and Distributed System Security Symposium (NDSS 2022)},

  month        = {apr},

  year         = {2022},

  address      = {San Diego, CA},

}

```