Hugging Face's logo

amarck
/
heap-trm

security
heap-exploitation
deserialization
tiny-recursive-model
ctf
exploit-detection
action-prediction
Model card Files
xet
 Community
heap-trm / docker /run_glibc_tests.sh
amarck's picture
amarck
Add heaptrm package: v2 harness, CLI, pwntools integration, CVE tests
22374d1
raw
history blame contribute delete
3.63 kB
#!/bin/bash
# run_glibc_tests.sh - Run how2heap techniques across multiple glibc versions via Docker
#
# Ubuntu version -> glibc version mapping:
# 16.04 (xenial) -> glibc 2.23
# 18.04 (bionic) -> glibc 2.27
# 20.04 (focal) -> glibc 2.31
# 22.04 (jammy) -> glibc 2.35
# 24.04 (noble) -> glibc 2.39 (our native)
set -e
ROOT="$(cd "$(dirname "$0")/.." && pwd)"
DUMP_DIR="$ROOT/data/dumps_glibc"
mkdir -p "$DUMP_DIR"
# Map Ubuntu versions to glibc and available how2heap directories
declare -A UBUNTU_GLIBC
UBUNTU_GLIBC[xenial]="2.23"
UBUNTU_GLIBC[bionic]="2.27"
UBUNTU_GLIBC[focal]="2.31"
UBUNTU_GLIBC[jammy]="2.35"
# Build a Docker image with our harness for each Ubuntu version
build_image() {
 local ubuntu_ver=$1
 local tag="heap-trm-${ubuntu_ver}"
echo "=== Building ${tag} ==="
 docker build -t "$tag" -f - "$ROOT" << DOCKERFILE
FROM ubuntu:${ubuntu_ver}
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y gcc make && rm -rf /var/lib/apt/lists/*
WORKDIR /work
COPY harness/heapgrid_harness.c harness/Makefile harness/
COPY how2heap/ how2heap/
RUN make -C harness/
DOCKERFILE
 echo " Built: ${tag}"
}
# Run a technique inside a container
run_technique() {
 local ubuntu_ver=$1
 local glibc_ver=$2
 local technique=$3
 local tag="heap-trm-${ubuntu_ver}"
 local how2heap_dir="glibc_${glibc_ver}"
# Check if source exists for this glibc version
 if [ ! -f "$ROOT/how2heap/${how2heap_dir}/${technique}.c" ]; then
 return 1
 fi
local dump_file="${technique}_glibc${glibc_ver//.}.jsonl"
docker run --rm -v "$DUMP_DIR:/dumps" "$tag" bash -c "
 cd /work
 gcc -o /tmp/${technique} how2heap/${how2heap_dir}/${technique}.c \
 -std=c99 -g -O0 -Wno-all -lpthread 2>/dev/null || exit 1
 HEAPGRID_OUT=/dumps/${dump_file} \
 LD_PRELOAD=/work/harness/heapgrid_harness.so \
 timeout 5 /tmp/${technique} >/dev/null 2>&1 || true
 " 2>/dev/null
if [ -s "$DUMP_DIR/$dump_file" ]; then
 local states=$(wc -l < "$DUMP_DIR/$dump_file")
 echo " [OK] ${technique} (glibc ${glibc_ver}): ${states} states"
 return 0
 else
 return 1
 fi
}
# All house techniques
TECHNIQUES=(
 house_of_botcake house_of_einherjar house_of_force house_of_gods
 house_of_io house_of_lore house_of_mind_fastbin house_of_orange
 house_of_roman house_of_spirit house_of_storm house_of_tangerine
 house_of_water
 fastbin_dup fastbin_dup_consolidate fastbin_dup_into_stack
 fastbin_reverse_into_tcache tcache_poisoning tcache_house_of_spirit
 unsafe_unlink overlapping_chunks poison_null_byte large_bin_attack
)
echo "============================================"
echo " HeapTRM Cross-glibc Testing"
echo "============================================"
# Build images
for ubuntu_ver in xenial bionic focal jammy; do
 build_image "$ubuntu_ver"
done
# Run all techniques across all versions
echo ""
echo "=== Running techniques ==="
for ubuntu_ver in xenial bionic focal jammy; do
 glibc_ver="${UBUNTU_GLIBC[$ubuntu_ver]}"
 echo ""
 echo "--- Ubuntu ${ubuntu_ver} (glibc ${glibc_ver}) ---"
ok=0
 fail=0
 for tech in "${TECHNIQUES[@]}"; do
 if run_technique "$ubuntu_ver" "$glibc_ver" "$tech"; then
 ((ok++))
 else
 ((fail++))
 fi
 done
 echo " Total: ${ok} ok, ${fail} failed/missing"
done
echo ""
echo "=== Done ==="
echo "Dumps in: $DUMP_DIR"
echo "Total dump files: $(ls $DUMP_DIR/*.jsonl 2>/dev/null | wc -l)"
echo "Total states: $(cat $DUMP_DIR/*.jsonl 2>/dev/null | wc -l)"