Skip to content

Commit

Permalink
Merge pull request #8 from Veridise/yanju/dev
Browse files Browse the repository at this point in the history
new infoleak detector with updated infra
  • Loading branch information
chyanju authored Mar 6, 2024
2 parents 97e60cd + 975c8d8 commit b23ee4f
Show file tree
Hide file tree
Showing 27 changed files with 1,174 additions and 266 deletions.
16 changes: 8 additions & 8 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -93,14 +93,14 @@ options:
This will produce the following output:

```
| id | program | function | detector | result | info |
|------|----------------|------------|------------|----------|----------------|
| 0 | infoleak0.aleo | ex0 | infoleak | unsafe | [('r0', 'r0')] |
| 1 | infoleak0.aleo | ex1 | infoleak | safe | [] |
| 2 | infoleak0.aleo | ex2 | infoleak | unsafe | [('r0', 'r1')] |
| id | program | function | detector | result | info |
|------|----------------|------------|------------|----------|----------------------|
| 0 | infoleak0.aleo | ex0 | infoleak | unsafe | ['output r0 as u8;'] |
| 1 | infoleak0.aleo | ex1 | infoleak | safe | [] |
| 2 | infoleak0.aleo | ex2 | infoleak | unsafe | ['output r1 as i8;'] |
```

where the info column provides more information about the detected vulnerability. For example, in function `ex0` there's information leakage from variable `r0` to `r0` (direct returning of input), and in `ex2` from `r0` to `r1`.
where the info column provides more information about the detected vulnerability. For example, in function `ex0` there's information leakage of `r0` via output command.

### Calling from Source

Expand All @@ -113,7 +113,7 @@ from .vanguard.aleo.detectors import detector_divz
project_name = "divz0"
function_name = "ex1"
build_path = f"./tests/public/{project_name}/build/"
env = AleoEnvironment(build_path) # load project
env = AleoEnvironment.from_project(build_path) # load project
detector_divz(env, env.main.id, function_name, readable=True) # detect
```

Expand All @@ -140,7 +140,7 @@ from vanguard.aleo.detectors import detector_divz
project_name = "divz0"
function_name = "ex1"
build_path = f"./tests/public/{project_name}/build/"
env = AleoEnvironment(build_path) # load project
env = AleoEnvironment.from_project(build_path) # load project
detector_divz(env, env.main.id, function_name, readable=True) # detect
```

Expand Down
2 changes: 1 addition & 1 deletion pyproject.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[project]
name = "vanguard"
version = "0.0.3"
version = "0.0.4"
authors = [
{ name="Yanju Chen", email="[email protected]" },
]
Expand Down
167 changes: 167 additions & 0 deletions tests/environment-test.ipynb
Original file line number Diff line number Diff line change
@@ -0,0 +1,167 @@
{
"cells": [
{
"cell_type": "code",
"execution_count": 1,
"id": "0c1a1d20-18ec-451f-a739-eddb4c4265cf",
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"# parsing: treasure_hunt_v006.aleo ... 0.34779787063598633s\n",
"# parsing: aleo_monopoly_workshop.aleo ... 0.12547612190246582s\n",
"# parsing: treasure_hunt_v010.aleo ... 0.2432699203491211s\n",
"# parsing: zk_sra_encryption_v0_0_2.aleo ... 0.16161203384399414s\n",
"# parsing: aleo_monopoly_workshop4.aleo ... 0.11990594863891602s\n",
"# parsing: football_game_v008.aleo ... 0.5488848686218262s\n",
"# parsing: uniswap_v5.aleo ... 0.2239542007446289s\n",
"# parsing: wheres_alex_v018.aleo ... 0.12740397453308105s\n",
"# parsing: aleo_name_service_registry_v2.aleo ... 0.24753427505493164s\n",
"# parsing: aleo_monopoly_game4.aleo ... 0.12900400161743164s\n",
"# parsing: arcane_rfq_amm_v000004.aleo ... 0.1556079387664795s\n",
"# parsing: aleo_monopoly_workshop8.aleo ... 0.18530797958374023s\n",
"# parsing: aleo_monopoly_workshop10.aleo ... 0.16002297401428223s\n",
"# parsing: football_game_v004.aleo ... 0.4669189453125s\n",
"# parsing: who_is_dash_pash_v20203.aleo ... 0.1273338794708252s\n",
"# parsing: wheres_alex_v014.aleo ... 0.14441990852355957s\n",
"# parsing: football_game_v012.aleo ... 0.45942187309265137s\n",
"# parsing: tyron_app_test1.aleo ... 0.11498069763183594s\n",
"# parsing: distrofund_private_transfer_v2.aleo ... 0.19888782501220703s\n",
"# parsing: wheres_alex_v015.aleo ... 0.12262892723083496s\n",
"# parsing: football_game_v005.aleo ... 0.5159265995025635s\n",
"# parsing: zk_deck_shuffle_v0_0_1.aleo ... 3.3427340984344482s\n",
"# parsing: aleo_monopoly_workshop9.aleo ... 0.40294814109802246s\n",
"# parsing: arcane_rfq_amm_v000005.aleo ... 0.14778709411621094s\n",
"# parsing: aleo_name_service_registry_v3.aleo ... 0.24942994117736816s\n",
"# parsing: wheres_the_babycat.aleo ... 0.13100290298461914s\n",
"# parsing: wheres_alex_v019.aleo ... 0.15442514419555664s\n",
"# parsing: football_game_v009.aleo ... 0.5510199069976807s\n",
"# parsing: aleo_monopoly_workshop5.aleo ... 0.12297701835632324s\n",
"# parsing: credits.aleo ... 0.07080316543579102s\n",
"# parsing: treasure_hunt_v007.aleo ... 0.32471489906311035s\n",
"# parsing: council_v0001.aleo ... 0.11010289192199707s\n",
"# parsing: arcane_rfq_amm_v000002.aleo ... 0.2603728771209717s\n",
"# parsing: aleoswap05.aleo ... 0.31355762481689453s\n",
"# parsing: aleo_game_shop.aleo ... 0.1441662311553955s\n",
"# parsing: football_game_v002.aleo ... 0.32427000999450684s\n",
"# parsing: wheres_alex_v012.aleo ... 0.12132596969604492s\n",
"# parsing: aleo_store_nft.aleo ... 0.16173624992370605s\n",
"# parsing: whos_the_father_v002.aleo ... 0.1543598175048828s\n",
"# parsing: graph_coloring_v1.aleo ... 1.006282091140747s\n",
"# parsing: whoes_the_dragon_v01.aleo ... 0.20656824111938477s\n",
"# parsing: aleo_monopoly_workshop2.aleo ... 0.11718130111694336s\n",
"# parsing: zk_bitwise_stack_v0_0_1.aleo ... 0.4026181697845459s\n",
"# parsing: distrofund_private_transfer.aleo ... 0.21562480926513672s\n",
"# parsing: wheres_luna_v020.aleo ... 0.16715312004089355s\n",
"# parsing: aleo_monopoly_workshop3.aleo ... 0.1257779598236084s\n",
"# parsing: king_of_cat_v001.aleo ... 0.1271648406982422s\n",
"# parsing: treasure_hunt_v001.aleo ... 0.24799370765686035s\n",
"# parsing: whos_the_father_v003.aleo ... 0.12563395500183105s\n",
"# parsing: graph_coloring.aleo ... 1.125340223312378s\n",
"# parsing: wheres_alex_v013.aleo ... 0.1239628791809082s\n",
"# parsing: aleo_monopoly_game16.aleo ... 0.1281447410583496s\n",
"# parsing: arcane_rfq_amm_v000003.aleo ... 0.15100908279418945s\n",
"# parsing: zk_ml_dna_v0.aleo ... 0.16376709938049316s\n",
"# parsing: double_color_ball.aleo ... 2.8149960041046143s\n",
"# parsing: wheres_alex_v010.aleo ... 0.11389803886413574s\n",
"# parsing: lymphography_decision_tree_v1.aleo ... 0.17242002487182617s\n",
"# parsing: arcane_amm_v2_0.aleo ... 0.19998979568481445s\n",
"# parsing: zk_bitwise_stack_v0_0_3.aleo ... 0.7781190872192383s\n",
"# parsing: imma_find_alex_v01.aleo ... 0.12848210334777832s\n",
"# parsing: sklearn_mlp_mnist_1.aleo ... 0.14882493019104004s\n",
"# parsing: treasure_hunt_v002.aleo ... 0.23104190826416016s\n",
"# parsing: wheres_luna_v019.aleo ... 0.1290280818939209s\n",
"# parsing: whos_the_father_v001.aleo ... 0.12782502174377441s\n",
"# parsing: treasure_hunt_v003.aleo ... 0.295212984085083s\n",
"# parsing: zk_bitwise_stack_v0_0_2.aleo ... 0.412182092666626s\n",
"# parsing: wheres_jojo_v008.aleo ... 0.13227605819702148s\n",
"# parsing: arcane_rfq_amm_v000001.aleo ... 0.17067408561706543s\n",
"# parsing: zk_ml_dna_1700237585_v0.aleo ... 0.15897893905639648s\n",
"# parsing: aleoswap06.aleo ... 0.3017849922180176s\n",
"# parsing: nft_store_yong.aleo ... 0.16585206985473633s\n",
"# parsing: wheres_alex_v011.aleo ... 0.11071419715881348s\n",
"# parsing: football_random_v011.aleo ... 0.3941667079925537s\n",
"# parsing: testalphav1x1.aleo ... 0.4517788887023926s\n",
"# parsing: zk_bitwise_stack_v0_0_5.aleo ... 0.9719009399414062s\n",
"# parsing: hialstestv1.aleo ... 0.3391139507293701s\n",
"# parsing: what_does_gary_do_v001.aleo ... 0.13190793991088867s\n",
"# parsing: aleo_monopoly_workshop6.aleo ... 0.14983606338500977s\n",
"# parsing: treasure_hunt_v004.aleo ... 0.2787461280822754s\n",
"# parsing: zk_ml_dna_1700246715_v0.aleo ... 0.15949177742004395s\n",
"# parsing: football_game_v010.aleo ... 0.5402669906616211s\n",
"# parsing: wheres_alex_v016.aleo ... 0.1281871795654297s\n",
"# parsing: football_game_v006.aleo ... 0.5075030326843262s\n",
"# parsing: arcane_rfq_amm_v000006.aleo ... 0.17911505699157715s\n",
"# parsing: treasure_hunt_v008.aleo ... 0.29166197776794434s\n",
"# parsing: aleo_name_service_registry_v1.aleo ... 0.25179481506347656s\n",
"# parsing: treasure_hunt_v009.aleo ... 0.3150472640991211s\n",
"# parsing: lymphography_xgboost_v1.aleo ... 0.33880114555358887s\n",
"# parsing: football_game_v007.aleo ... 0.5076649188995361s\n",
"# parsing: wheres_alex_v017.aleo ... 0.13222599029541016s\n",
"# parsing: wheres_alex_probably_weeds.aleo ... 0.13173818588256836s\n",
"# parsing: treasure_hunt_v005.aleo ... 0.3213942050933838s\n",
"# parsing: zk_sra_encryption_v0_0_1.aleo ... 0.09100961685180664s\n",
"# parsing: twoalkilining.aleo ... 0.176069974899292s\n",
"# parsing: zkhack_mnist_v2.aleo ... 0.1515669822692871s\n",
"# parsing: wheres_joe_v019.aleo ... 0.12791705131530762s\n",
"# parsing: wheres_alex_by_joey11_v1.aleo ... 0.12585806846618652s\n",
"# parsing: aleo_monopoly_workshop7.aleo ... 0.12298393249511719s\n",
"# parsing: zk_bitwise_stack_v0_0_4.aleo ... 0.7650339603424072s\n",
"# parsing: alphaswap_v1.aleo ... 0.519434928894043s\n"
]
}
],
"source": [
"import os\n",
"import time\n",
"os.chdir(\"..\")\n",
"\n",
"from vanguard.aleo.grammar import AleoEnvironment\n",
"\n",
"# for dp, _, fns in os.walk(\"tests/explorer/haruka/\"):\n",
"for dp, _, fns in os.walk(\"tests/explorer/aleo/\"):\n",
" for fn in fns:\n",
" p = os.path.abspath(os.path.join(dp, fn))\n",
" # print(f\"# parsing: {p} ... \", end=\"\")\n",
" print(f\"# parsing: {fn} ... \", end=\"\")\n",
" s = time.time()\n",
"\n",
" _env = AleoEnvironment.from_program(p)\n",
" \n",
" e = time.time()\n",
" print(f\"{e-s}s\")"
]
},
{
"cell_type": "code",
"execution_count": null,
"id": "c75a2be4-e814-40fc-a128-8d879df646b5",
"metadata": {},
"outputs": [],
"source": []
}
],
"metadata": {
"kernelspec": {
"display_name": "Python 3 (ipykernel)",
"language": "python",
"name": "python3"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 3
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
"version": "3.12.0"
}
},
"nbformat": 4,
"nbformat_minor": 5
}
2 changes: 1 addition & 1 deletion tests/parser-test.ipynb
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@
"lexer = AleoLexer(input_stream)\n",
"stream = CommonTokenStream(lexer)\n",
"parser = AleoParser(stream)\n",
"tree = parser.start()\n"
"tree = parser.start()"
]
},
{
Expand Down
2 changes: 1 addition & 1 deletion tests/public/divz0/src/main.leo
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ program divz0.aleo {

// compilable, runnable
// label: bad
const label_ex7: bool = false;
const label_ex7: bool = true;
transition ex7() -> u8 {
let a: u8 = 225u8;
let b: u8 = 0u8;
Expand Down
2 changes: 1 addition & 1 deletion tests/public/infoleak0/build/main.aleo
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ mapping account_ex11:
value as u8.public;

function vanguard_helper:
cast true false true true true true true false true true true false true true true true true true true true true true true true true into r0 as [boolean; 25u32];
cast true false true true true true true false true true true false true true true true true true true true true true true true false into r0 as [boolean; 25u32];
output r0 as [boolean; 25u32].private;


Expand Down
4 changes: 2 additions & 2 deletions tests/public/infoleak0/src/main.leo
Original file line number Diff line number Diff line change
Expand Up @@ -291,8 +291,8 @@ program infoleak0.aleo {

// record leak
// compilable, runnable
// label: bad
const label_ex24: bool = true;
// label: good (actual input record has all public fields)
const label_ex24: bool = false;
record rec_ex24 {
public owner: address,
public data: u8,
Expand Down
2 changes: 1 addition & 1 deletion tests/scripts/parsing.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,6 @@
if __name__ == "__main__":
project_name = "divz0"
build_path = f"./tests/public/{project_name}/build/"
env = AleoEnvironment(build_path)
env = AleoEnvironment.from_project(build_path)
main = env.main
print("# Done.")
2 changes: 1 addition & 1 deletion tests/scripts/test-divz.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
if __name__ == "__main__":
project_name = "divz0"
build_path = f"./tests/public/{project_name}/build/"
env = AleoEnvironment(build_path)
env = AleoEnvironment.from_project(build_path)
main = env.main
fid = "ex0"
res, info = detector_divz(env, main.id, fid)
Expand Down
2 changes: 1 addition & 1 deletion tests/scripts/test-infoleak.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
if __name__ == "__main__":
project_name = "infoleak0"
build_path = f"./tests/public/{project_name}/build/"
env = AleoEnvironment(build_path)
env = AleoEnvironment.from_project(build_path)
main = env.main

fid = "ex0"
Expand Down
2 changes: 1 addition & 1 deletion tests/scripts/test-rtcnst.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
if __name__ == "__main__":
project_name = "rtcnst0"
build_path = f"./tests/public/{project_name}/build/"
env = AleoEnvironment(build_path)
env = AleoEnvironment.from_project(build_path)
main = env.main
fid = "ex0"
res, info = detector_rtcnst(env, main.id, fid)
Expand Down
2 changes: 1 addition & 1 deletion tests/scripts/test-unused.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
if __name__ == "__main__":
project_name = "unused0"
build_path = f"./tests/public/{project_name}/build/"
env = AleoEnvironment(build_path)
env = AleoEnvironment.from_project(build_path)
main = env.main

fid = "ex0"
Expand Down
Loading

0 comments on commit b23ee4f

Please sign in to comment.