Data

Tools

Indexes

Applications

Experiments

Open Source Science

aosp_dataset

Large Commit Precise Vulnerability Dataset based on AOSP CVE

https://github.com/quarkslab/aosp_dataset

Science Score: 44.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (9.3%) to scientific vocabulary
Last synced: 6 months ago · JSON representation ·

Repository

Large Commit Precise Vulnerability Dataset based on AOSP CVE

Basic Info
  • Host: GitHub
  • Owner: quarkslab
  • License: apache-2.0
  • Language: Python
  • Default Branch: master
  • Homepage:
  • Size: 411 KB
Statistics
  • Stars: 64
  • Watchers: 8
  • Forks: 6
  • Open Issues: 0
  • Releases: 0
Created about 4 years ago · Last pushed almost 3 years ago
Metadata Files
Readme License Citation

README.md

Building a Commit-level Dataset of Real-world Vulnerabilities

This repository is the companion for the paper Building a Commit-level Dataset of Real-world Vulnerabilities published in CODASPY 2022.

Installation

You can install the code of the helpers by cloning this repository and using pip install . (he trailing dot is important).

Note that the code targets Python 3.10+ and has only been tested on Debian.

Commit level vulnerabilities

This dataset contains 1900 vulnerabilities information at a fix commit level for the Android Open Source Project. The information are available in directory cves/ using one file per vulnerability. The schema used is described in this file and an helper Python class is available here.

Usage

```python import json import aosp_dataset

cve20126701 = aosp_dataset.AospCve( **json.load(open("cves/CVE-2012-6701.json")) ) ```

Compiled dataset

For some vulnerabilities, the pre-compiled binaries are also available. The links are found in the precompiled directory and the schema is available here. An helping class is also available here

The complete dataset is around ~120 Gb with about 700 precompiled CVEs.

Compiled CVE Layout

For each tuple (CVE-ID, commit), the files are four directories, with two subdirectories each. In the vuln one, binaries before the fix commit was applied and in the fix one after the fixing commit.

Each binary is prefixed by its hash to prevent names collision. Some directories may be empty if the build was incomplete.

Usage of the helper class

```python import json import aosp_dataset

precompileddataset = aospdataset.PrecompiledDataset( **json.load(open("precompiled/links.json")) ) ```

Compilation information

Every CVE was compiled with the default build options of AOSP.

Example

```console $ tree 017838585617f0e492ede866750fcfb8ed77830b 017838585617f0e492ede866750fcfb8ed77830b ├── arm │   ├── fix │   │   ├── 4d7eb89a9529df46d1ae0b1039594705c4a4b6725e09268d97ae85dc467b15c0libnfcncijni.so │   │   ├── afe25ad8735bf7e78ba45d39387dd4316c20f885c2883732a1c8894b0a2f85dclibnfcncijni.so │   │   └── files.json │   └── vuln │   ├── 92aaa2a42659571150c4331ac22b89d5390ea1bf3956e37f7d8fec5a9d740908libnfcncijni.so │   ├── d15122acd2474f7a24674a5ea732276396a31c402852f493f1a0d7558853f840libnfcncijni.so │   └── files.json ├── arm64 │   ├── fix │   │   ├── 2980aa7fc0735dd0cc6ba946ba3632e787d3eae557cc4f86375323fd55869636libnfcncijni.so │   │   ├── f921f272f78c3e99a6196d4e99eff2a1abfc2aff00a315bde681ca1fb22ff859libnfcncijni.so │   │   └── files.json │   └── vuln │   ├── 63143671c7616c85ad1215f53e60c4da978f9c78b09e7cca6f347edab39ce7fflibnfcncijni.so │   ├── 8e4ce03aaef50adab4b1e1d168fe6ca6eafd5b59a3b61d4ada6abf79ade473d3libnfcncijni.so │   └── files.json ├── functions.json ├── x64 │   ├── fix │   │   ├── 1e9ea23155ce81bddcd2179dd5ceaea748c18fa20e8b901f4836c62095301e24libnfcncijni.so │   │   ├── c2e8f6ef9fb081b2b817fcfc36176cf333992987ee17b7ff49d2861e053550a8libnfcncijni.so │   │   └── files.json │   └── vuln │   ├── 30611971a2dab970a1ed6e3a8da88ac61b45c59aedfc90432488c0b9532326a4libnfcncijni.so │   ├── 440cfd9abd9feda87be89c7ed97aad776ac884ce8ee723235e0d5f9b200d4c1clibnfcncijni.so │   └── files.json └── x86 ├── fix │   ├── 48f844d1e6909da7ff0a2ae7e4e03c81e8b2d854048c86e9dc10e2af528ee6ablibnfcncijni.so │   ├── e7d7162d279595bfba5f724fa2ad7941d6223b4c1ede6ba1228831193477a70flibnfcncijni.so │   └── files.json └── vuln ├── 182f7ce7eab20238d6bb83d57227212f1b964c512c70761f26117e22b9ca753blibnfcncijni.so ├── f76e2bff59ae3bd91b41a23285b4402284b563647ce84f553ea328709470f3a4libnfcncijni.so └── files.json

```

Owner

  • Name: Quarkslab
  • Login: quarkslab
  • Kind: organization
  • Location: France

Citation (CITATION.cff) 

# This CITATION.cff file was generated with cffinit.
# Visit https://bit.ly/cffinit to generate yours today!

cff-version: 1.2.0
title: >-
  Building a Commit-level Dataset of Real-world
  Vulnerabilities
message: >-
  If you use this dataset, please cite it using the
  metadata from this file.
type: dataset
authors:
  - given-names: Challande
    email: achallande@quarkslab.com
    affiliation: 'Quarkslab, Inria, Ecole Polytechnique'
    orcid: ' 0000-0001-9116-709X '

GitHub Events

Total
  • Watch event: 7
Last Year
  • Watch event: 7

Dependencies

pyproject.toml pypi
  • pydantic >=1.9,<2