Travis ci (#10)

This builds cwe_checker and runs the test suite on Travis CI.

.travis.yml

+dist: xenial
+
+language: python
+python: 3.6
+services:
+  - docker
+
+install:
+  - sudo apt-get update
+  - sudo apt-get install -y execstack
+  - docker 
+
+before_script:
+  - ./.travis_prepare.sh
+
+script:
+  - ./.travis_run_tests.sh
+
+notifications:
+  email:
+    - firmware-security@fkie.fraunhofer.de

.travis_prepare.sh

+#!/bin/bash
+
+#!/bin/bash
+cd test/artificial_samples/
+./install_cross_compilers.sh
+make
+cd ../..
+docker build -t cwe-checker .

.travis_run_tests.sh

+#!/bin/bash
+pytest

Dockerfile

-# based on https://github.com/BinaryAnalysisPlatform/bap/blob/master/docker/Dockerfile
-FROM phusion/baseimage:0.11
+FROM tbarabosch/cwe_checker_travis_docker_image:latest
 
-RUN apt-get -y update \
-    && install_clean sudo \
-    && useradd -m bap \
-    && echo "bap:bap" | chpasswd \
-    && adduser bap sudo \
-    && sed -i.bkp -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL/g' /etc/sudoers
-USER bap
-WORKDIR /home/bap
-ENV PATH="/home/bap/.opam/4.05.0/bin/:${PATH}"
 COPY . /home/bap/cwe_checker/
 
-RUN sudo apt-get -y update \
-    && sudo install_clean \
-        binutils-multiarch \
-        build-essential \
-        clang \
-        curl \
-        git \
-        libgmp-dev \
-        libx11-dev \
-        libzip-dev \
-        llvm-6.0-dev \
-        m4 \
-        pkg-config \
-        software-properties-common \
-        unzip \
-        wget \
-        zlib1g-dev \
-    && wget https://raw.githubusercontent.com/ocaml/opam/master/shell/install.sh \
-    && yes /usr/local/bin | sudo sh install.sh \
-# install Bap
-    && opam init --auto-setup --comp=4.05.0 --disable-sandboxing --yes \
-    && git clone -b testing --depth 1 https://github.com/BinaryAnalysisPlatform/opam-repository.git \
-    && opam repo add bap opam-repository \
-    && opam update \
-    && opam install depext --yes \
-    && OPAMJOBS=1 opam depext --install bap --yes \
-# install CWE_Checker and dependencies
-    && OPAMJOBS=1 opam install yojson alcotest --yes \
-    && sudo chown -R bap:bap /home/bap/cwe_checker \
+RUN sudo chown -R bap:bap /home/bap/cwe_checker \
     && cd /home/bap/cwe_checker/src \
     && bapbuild -r -Is checkers,utils -pkgs yojson,unix cwe_checker.plugin \
-    && bapbundle install cwe_checker.plugin \
-    && sudo apt-get remove -y \
-        build-essential \
-        clang \
-        curl \
-        gcc \
-        g++ \
-        git \
-        libgmp-dev \
-        libx11-dev \
-        libzip-dev \
-        llvm-6.0-dev \
-        unzip \
-        wget \
-        zlib1g-dev \
-    && sudo apt-get -y autoremove \
-    && sudo apt-get -y clean \
-    && rm -rf /home/bap/.opam/4.05.0/.opam-switch/sources
+    && bapbundle install cwe_checker.plugin 
 
 WORKDIR /home/bap/cwe_checker/src
 

README.md

 # cwe_checker #
 [![Codacy Badge](https://api.codacy.com/project/badge/Grade/9dbf158110de427d893b40ba397b94bc)](https://www.codacy.com/app/weidenba/cwe_checker?utm_source=github.com&utm_medium=referral&utm_content=fkie-cad/cwe_checker&utm_campaign=Badge_Grade)
-![Docker-Status](https://img.shields.io/docker/build/fkiecad/cwe_checker.svg)
+[![Build Status](https://travis-ci.com/fkie-cad/cwe_checker.svg?branch=master)](https://travis-ci.com/fkie-cad/cwe_checker)
 ![Docker-Pulls](https://img.shields.io/docker/pulls/fkiecad/cwe_checker.svg)
 ## What is cwe_checker? ##
 *cwe_checker* detects common bug classes such as use of dangerous functions and simple integer overflows. These bug classes are formally known as [Common Weakness Enumerations](https://cwe.mitre.org/) (CWEs). Its main goal is to aid analysts to quickly find vulnerable code paths.
@@ -35,11 +35,11 @@ The following arguments should convince you to give *cwe_checker* a try:
 -  view results annotated in IDA Pro
 -  *cwe_checker* can be integrated as a plugin into [FACT](https://github.com/fkie-cad/FACT_core)
 ## How to install cwe_checker? ##
-There are three ways to install cwe_checker. The recommended way is to get cwe_checker from the Ocaml package manager Opam. You can install cwe_checker via the package [fkie-cad-cwe-checker](https://opam.ocaml.org/packages/fkie-cad-cwe-checker/) (`opam install fkie-cad-cwe-checker`).
+There are several ways to install cwe_checker. The recommended way is to get cwe_checker from the Ocaml package manager Opam. You can install cwe_checker via the package [fkie-cad-cwe-checker](https://opam.ocaml.org/packages/fkie-cad-cwe-checker/) (`opam install fkie-cad-cwe-checker`). This gives you a stable version of cwe_checker. 
 
-The second way is to utilize the installation script `install.sh`, which is just a wrapper around Docker. Make sure to have the latest version of Docker.
+Another option is to pull the latest Docker container from [dockerhub](https://hub.docker.com/r/fkiecad/cwe_checker) (`docker pull fkiecad/cwe_checker`).
 
-The three way is to build it using the provided `Makefile`. In this case you must ensure that all dependencies are fulfilled:
+The last two ways are preferrable if you plan to develop cwe_checker. First, utilize the installation script `install.sh`, which is just a wrapper around Docker. Make sure to have the latest version of Docker. Second, build it using the provided `Makefile`. In this case you must ensure that all dependencies are fulfilled:
 -  Ocaml 4.05.0
 -  Opam 2.0.2
 -  BAP 1.5 (and its dependencies)

test/acceptance/cwe_checker_testlib.py

+import os
 import subprocess
 
 def build_bap_cmd(filename, target, arch):
-        cmd = 'bap test/artificial_samples/build/cwe_%s_%s.out  --pass=callsites,cwe-checker --cwe-checker-partial=CWE%s --cwe-checker-config=src/config.json' % (filename, arch, target)
+        if 'travis' in os.environ['USER']:
+                abs_path = os.path.abspath('test/artificial_samples/build/cwe_%s_%s.out' % (filename, arch))
+                cmd = 'docker run --rm -v %s:/tmp/input cwe-checker:latest bap /tmp/input --pass=cwe-checker --cwe-checker-partial=CWE%s  --cwe-checker-config=/home/bap/cwe_checker/src/config.json' % (abs_path, target)
+        else:
+                cmd = 'bap test/artificial_samples/build/cwe_%s_%s.out  --pass=cwe-checker --cwe-checker-partial=CWE%s --cwe-checker-config=src/config.json' % (filename, arch, target)
         return cmd.split()
 
 def execute_and_check_occurence(filename, target, arch, string):

test/artificial_samples/install_cross_compilers.sh

+#!/bin/bash
+echo "Installing cross compiler for ARM architecture."
+sudo apt install -y gcc-multilib-arm-linux-gnueabi g++-arm-linux-gnueabi
+echo "Installing cross compiler for MIPS architecture."
+sudo apt install -y gcc-multilib-mips-linux-gnu g++-5-mips-linux-gnu
+echo "Installing cross compiler for PPC architecture."
+sudo apt install -y gcc-multilib-powerpc-linux-gnu g++-5-powerpc-linux-gnu
+echo "Installing dependencies for x86 compilation"
+sudo docker pull dockcross/linux-x86
+sudo docker run --rm dockcross/linux-x86 > ./dockcross-linux-x86
+chmod +x ./dockcross-linux-x86
+echo "Done."

test/artificial_samples/install_cross_compilers_ubuntu_18.04.sh

-#!/bin/bash
-echo "Installing cross compiler for ARM architecture."
-sudo docker pull dockcross/linux-arm64
-sudo docker run -rm dockcross/linux-arm64 > ./dockcross-linux-arm64
-chmod +x ./dockcross-linux-arm64
-echo "Installing cross compiler for MIPS architecture."
-sudo docker pull dockcross/linux-mips
-sudo docker run -rm dockcross/linux-mips > ./dockcross-linux-mips
-chmod +x ./dockcross-linux-mips
-echo "Installing cross compiler for PPC architecture."
-sudo docker pull dockcross/linux-ppc64le
-sudo docker run -rm dockcross/linux-ppc64le > ./dockcross-linux-ppc64le
-chmod +x ./dockcross-linux-ppc64le
-echo "Installing dockcross image for x86 C++ cross-compiler"
-sudo docker pull dockcross/linux-x86
-sudo docker run -rm dockcross/linux-x86 > ./dockcross-linux-x86
-chmod +x ./dockcross-linux-x86
-echo "Done."

test/artificial_samples/makefile

 CC_x64=gcc
 CC_X86=./dockcross-linux-x86 gcc
-CC_ARM=./dockcross-linux-arm64 arm-linux-gnueabi-gcc-7
-CC_MIPS=./dockcross-linux-mips mips-linux-gnu-gcc-7
-CC_PPC=./dockcross-linux-ppc64le powerpc-linux-gnu-gcc-7
+CC_ARM=arm-linux-gnueabi-gcc
+CC_MIPS=mips-linux-gnu-gcc
+CC_PPC=powerpc-linux-gnu-gcc
 
 CPP_x64=g++
 CPP_X86=./dockcross-linux-x86 g++
-CPP_ARM=./dockcross-linux-arm64 arm-linux-gnueabi-g++-7
-CPP_MIPS=./dockcross-linux-mips mips-linux-gnu-g++-7
-CPP_PPC=./dockcross-linux-ppc64le powerpc-linux-gnu-g++-7
-
-CFLAGS_X64=-O0 -g -fno-stack-protector
-CFLAGS_X86=-O0 -g -m32 -fno-stack-protector
-CFLAGS_ARM=-O0 -g -fno-stack-protector
-CFLAGS_MIPS=-O0 -g -fno-stack-protector
-CFLAGS_PPC=-O0 -g -fno-stack-protector
+CPP_ARM=arm-linux-gnueabi-g++-5
+CPP_MIPS=mips-linux-gnu-g++-5
+CPP_PPC=powerpc-linux-gnu-g++-5
+
+CFLAGS_X64=-O0 -g -fno-stack-protector -std=c11
+CFLAGS_X86=-O0 -g -m32 -fno-stack-protector -std=c11
+CFLAGS_ARM=-O0 -g -fno-stack-protector -std=c11
+CFLAGS_MIPS=-O0 -g -fno-stack-protector -std=c11
+CFLAGS_PPC=-O0 -g -fno-stack-protector -std=c11
+
+CPPFLAGS_X64=-O0 -g -fno-stack-protector
+CPPFLAGS_X86=-O0 -g -m32 -fno-stack-protector
+CPPFLAGS_ARM=-O0 -g -fno-stack-protector
+CPPFLAGS_MIPS=-O0 -g -fno-stack-protector
+CPPFLAGS_PPC=-O0 -g -fno-stack-protector
 
 define compile_x64
 	@echo "Compiling x64 target:" $(1)
@@ -24,7 +30,7 @@ endef
 
 define compile_x64_cpp
 	@echo "Compiling x64 target:" $(1)
-	$(CPP_x64) $(CFLAGS_X64) -o build/$(1)_x64.out $(1).cpp
+	$(CPP_x64) $(CPPFLAGS_X64) -o build/$(1)_x64.out $(1).cpp
 	execstack -s build/$(1)_x64.out
 endef
 
@@ -36,7 +42,7 @@ endef
 
 define compile_x86_cpp
 	@echo "Compiling x86 target:" $(1)
-	$(CPP_X86) $(CFLAGS_X86) -o build/$(1)_x86.out $(1).cpp
+	$(CPP_X86) $(CPPFLAGS_X86) -o build/$(1)_x86.out $(1).cpp
 	execstack -s build/$(1)_x86.out
 endef
 
@@ -48,7 +54,7 @@ endef
 
 define compile_mips_cpp
 	@echo "Compiling mips target:" $(1)
-	$(CPP_MIPS) $(CFLAGS_MIPS) -o build/$(1)_mips.out $(1).cpp
+	$(CPP_MIPS) $(CPPFLAGS_MIPS) -o build/$(1)_mips.out $(1).cpp
 	execstack -s build/$(1)_mips.out
 endef
 
@@ -60,7 +66,7 @@ endef
 
 define compile_arm_cpp
 	@echo "Compiling arm target:" $(1)
-	$(CPP_ARM) $(CFLAGS_ARM) -o build/$(1)_arm.out $(1).cpp
+	$(CPP_ARM) $(CPPFLAGS_ARM) -o build/$(1)_arm.out $(1).cpp
 	execstack -s build/$(1)_arm.out
 endef
 
@@ -72,7 +78,7 @@ endef
 
 define compile_ppc_cpp
 	@echo "Compiling ppc target:" $(1)
-	$(CPP_PPC) $(CFLAGS_PPC) -o build/$(1)_ppc.out $(1).cpp
+	$(CPP_PPC) $(CPPFLAGS_PPC) -o build/$(1)_ppc.out $(1).cpp
 	execstack -s build/$(1)_ppc.out
 endef