def failure_action(repo_owner, repo_name, issue_no, comment, id, github): create_label(repo_owner, repo_name, "failed", "000000", \ "Verification failed.", github) update_label(repo_owner, repo_name, issue_no, github, "failed") create_comment(repo_owner, repo_name, issue_no, comment, github) close_issue(repo_owner, repo_name, issue_no, github) mark_as_read(id, github)
def process_issue(repo_name, num, id, config, gen_time, github, scoreboard): repo_owner = config['repo_owner'] if is_closed(repo_owner, repo_name, num, github): mark_as_read(id, github) return title, _, _, _ = get_github_issue(repo_owner, repo_name, num, github) create_label(repo_owner, repo_name, "eval", "9466CB", \ "Exploit is under review.", github) update_label(repo_owner, repo_name, num, github, "eval") defender = get_defender(config, repo_name) if defender is None: print '[*] Fatal error: unknown target %s.' % repo_name sys.exit() return branch, commit, attacker, log = verify_issue(defender, repo_name, num, \ config, github) if branch is None: log = "```\n" + log + "```" failure_action(repo_owner, repo_name, num, \ log + '\n\n[*] The exploit did not work.', id, github) return if config['individual'][attacker]['team'] == defender: failure_action(repo_owner, repo_name, num, \ '[*] Self-attack is not allowed: %s.' % attacker, \ id, github) return create_label(repo_owner, repo_name, branch, "DA0019", \ "Exploit for %s" % branch , github) update_label(repo_owner, repo_name, num, github, branch) #XXX: We should fix this logic and scoreboard representation if branch == "master": kind = commit else: kind = branch info = {'attacker': attacker, 'defender': defender, 'bugkind': kind} sync_scoreboard(scoreboard) if kind.startswith('bug'): process_intended(repo_name, num, config, gen_time, info, scoreboard, \ id, github) else: process_unintended(repo_name, num, config, gen_time, info, scoreboard, id, github)
def process_issue(repo_name, num, id, config, gen_time, github, scoreboard): repo_owner = config['repo_owner'] if is_closed(repo_owner, repo_name, num, github): mark_as_read(id, github) return title, _, _, _ = get_github_issue(repo_owner, repo_name, num, github) create_label(repo_owner, repo_name, "eval", "DA0019", \ "Exploit is under review.", github) update_label(repo_owner, repo_name, num, github, "eval") defender = get_defender(config, repo_name) if defender is None: print('[*] Fatal error: unknown target %s.' % repo_name) sys.exit() return branch, commit, attacker, log = verify_issue(defender, repo_name, num, \ config, github) if branch is None: log = "```\n" + log + "```" failure_action(repo_owner, repo_name, num, \ log + '\n\n[*] The exploit did not work.', id, github) return if config['individual'][attacker]['team'] == defender: failure_action(repo_owner, repo_name, num, \ '[*] Self-attack is not allowed: %s.' % attacker, \ id, github) return create_label(repo_owner, repo_name, "verified", "9466CB", \ "Successfully verified.", github) update_label(repo_owner, repo_name, num, github, "verified") create_comment(repo_owner, repo_name, num, "This submission has been verified. Well done!", github) kind = commit info = { 'attacker': attacker, 'defender': defender, 'branch': branch, 'bugkind': kind } sync_scoreboard(scoreboard) process_unintended(repo_name, num, config, gen_time, info, scoreboard, id, github, repo_owner)
def process_unintended(repo_name, num, config, gen_time, info, scoreboard, id, github, repo_owner): unintended_pts = config['unintended_pts'] target_commit = find_the_last_attack(scoreboard, gen_time, info) if target_commit is None: # This exploit is previously unseen, give point. write_score(gen_time, info, scoreboard, unintended_pts) write_message(info, scoreboard, unintended_pts) commit_and_push(scoreboard) else: while True: target_commit = get_next_commit(target_commit, \ info['defender'], info['branch'], config) if target_commit is None: print '[*] No more commit to verify against' break _, verified_commit, _, _ = \ verify_issue(info['defender'], repo_name, num, config, \ github, target_commit) info['bugkind'] = target_commit if verified_commit is None: # Found a correct patch that defeats the exploit. current_time = int(time.time()) write_score(current_time, info, scoreboard, 0) write_message(info, scoreboard, 0) commit_and_push(scoreboard) mark_as_read(id, github) create_label(repo_owner, repo_name, "defended", "0000ff", \ "Defended.", github) update_label(repo_owner, repo_name, num, github, "defended") break else: # Exploit still works on this commit, update score and continue write_score(gen_time, info, scoreboard, unintended_pts) write_message(info, scoreboard, unintended_pts) commit_and_push(scoreboard)