1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# based on https://github.com/BinaryAnalysisPlatform/bap/blob/master/docker/Dockerfile
FROM phusion/baseimage:0.11
RUN apt-get -y update && install_clean \
build-essential \
curl \
git \
libx11-dev \
m4 \
pkg-config \
python-pip \
python-setuptools \
software-properties-common \
sudo \
unzip \
wget \
binutils-multiarch \
clang \
libgmp-dev \
libzip-dev \
llvm-6.0-dev \
zlib1g-dev
RUN wget https://raw.githubusercontent.com/ocaml/opam/master/shell/install.sh && yes /usr/local/bin | sh install.sh
RUN useradd -m bap && echo "bap:bap" | chpasswd && adduser bap sudo
RUN sed -i.bkp -e \
's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL/g' \
/etc/sudoers
USER bap
WORKDIR /home/bap
# install Bap
RUN opam init --auto-setup --comp=4.05.0 --disable-sandboxing --yes
RUN git clone -b testing --single-branch https://github.com/BinaryAnalysisPlatform/opam-repository.git
RUN opam repo add bap opam-repository && opam update
RUN opam install depext --yes
RUN OPAMJOBS=1 opam depext --install bap --yes
RUN pip install bap
# install CWE_Checker and dependencies
RUN OPAMJOBS=1 opam install yojson alcotest --yes
COPY . /home/bap/cwe_checker/
RUN sudo chown -R bap:bap /home/bap/cwe_checker
ENV PATH="/home/bap/.opam/4.05.0/bin/:${PATH}"
WORKDIR /home/bap/cwe_checker/src
RUN bapbuild -r -Is checkers,utils -pkgs yojson,unix cwe_checker.plugin; \
bapbundle install cwe_checker.plugin;
ENTRYPOINT ["opam", "config", "exec", "--"]