Skip to main content

The Cozy Comparative Symbolic Evaluation Engine

Project description

cozy (Comparative Symbolic Execution)

cozy is a symbolic execution framework built around angr to enable comparative evaluation. The goal of comparative evaluation is to determine the precise changes made by software patches, specifically micropatches. cozy is capable of reporting observable changes made by a micropatch, specifically to registers, memory and stdout/stderr. The framework has the ability to present the behavioral changes caused by a patch in both a textual human-readable report and via a browser based rich user interface.

https://github.com/user-attachments/assets/2e72575f-0074-44a9-8412-2b17839b7b71

Install

cozy is now available as a Python package on PyPI under the name cozy-re. Install with pip via the following command:

pip install cozy-re

Documentation

The getting started guide and API reference can be found on our Github pages!:

https://draperlaboratory.github.io/cozy/

Template Wizard

cozy now comes with a Python script template generator to help you get started with using the framework. To run the generator, install cozy, then run the following command in the console:

python3 -m cozy

The wizard will then prompt you with a series of questions and generate the appropriate file with starter code. You'll need to provide:

  1. a filename for your templated script,
  2. the paths to the pre and postpatched binaries you wish to compare,
  3. the name or address of the function where symbolic execution will begin,
  4. the signature of that function (e.g. int main(int argc, char* argv[]))
  5. a choice of whether to use concolic execution, and—if conconlic is used—whether or not to explore the space of program states,
  6. a choice of whether to use any additional custom hooks (choosing "yes" will insert a stub for writing hooks into your cozy script but you'll want to write the hooks yourself),
  7. a choice of whether to to request output in the form of a textual report or by launching the visualization server, and
  8. a choice of whether to save the output in a JSON file which can be loaded into the visualizer in the future.

Afterwards, the cozy script will be written to the filename you supplied, for example my_script.py. The cozy analysis can then be run, perhaps after some modification to the script (like supplying some custom hooks), using python my_script.py.

https://github.com/draperlaboratory/cozy/assets/53128179/ee1edf4d-4905-425c-9675-fe110bac7376

About

cozy is being developed by Draper Laboratory under the DARPA Assured Micropatching (AMP) program.

Run from Source

The following sections are for the case where you want to use cozy directly from the source code in this repository, not from the cozy-re PyPI package.

Setting up the Environment

To get started with building cozy, run the following commands in the project root folder to create a virtual environment and install angr:

python3 -m venv venv
source venv/bin/activate
pip3 install angr sphinx sphinx-autoapi networkx claripy portion textual

Alternatively, if you have nix installed and flakes enabled, run

nix develop

To enter a nix development shell with cozy and its dependencies available on $PYTHONPATH.

Testing

To run an example comparison, run one of the example scripts. In the root directory, run the following commands:

source venv/bin/activate
export PYTHONPATH="${PYTHONPATH}:$PWD"
python3 examples/cmp_null_deref.py

Or just python3 examples/cmp_null_deref.py if you're in the nix development shell.

If nix is available, then to run the full suite of tests used in CI, you can run:

nix build .#tests

Building Docs

Building the docs requires the use of sphinx and sphinx-autoapi, which you should have previously installed via pip3. To build fresh HTML docs, run the following:

source venv/bin/activate
cd docs
make html

The output documents should be stored in docs/build/html

Pushing Release to PyPI

This section is mostly for the cozy developers to remind us how to push to PyPI. See the page here for a more advanced tutorial: https://packaging.python.org/en/latest/tutorials/packaging-projects/. Run the following commands to push to PyPI:

pip3 install build
# Sometimes twine gets updates that are needed to work with the PyPI repo
pip3 install --upgrade twine
# Remember to bump the version numbers in pyproject.toml and setup.py
python3 -m build
# Remember if you haven't already to set up your PyPI token in ~/.pypirc
# Replace the version number with what you just built
python3 -m twine upload dist/cozy_re-1.5.0*
# Once you're done, make a release on Github and upload .whl and .tar.gz files that you just built. Enter changelog in the releases section.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cozy_re-1.5.1.tar.gz (9.4 MB view details)

Uploaded Source

Built Distribution

cozy_re-1.5.1-py3-none-any.whl (279.7 kB view details)

Uploaded Python 3

File details

Details for the file cozy_re-1.5.1.tar.gz.

File metadata

  • Download URL: cozy_re-1.5.1.tar.gz
  • Upload date:
  • Size: 9.4 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.10.12

File hashes

Hashes for cozy_re-1.5.1.tar.gz
Algorithm Hash digest
SHA256 64a407f28c7363fe463c910d660475107809c5fefaad0caead72a5ef9f9a9516
MD5 9fa6ddf6c8a9466c7e49610dfcb4ce55
BLAKE2b-256 cb9efe1ca8062691b3d126e30b2ddc08bc01f6e90035974517fd23a183b29174

See more details on using hashes here.

File details

Details for the file cozy_re-1.5.1-py3-none-any.whl.

File metadata

  • Download URL: cozy_re-1.5.1-py3-none-any.whl
  • Upload date:
  • Size: 279.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.10.12

File hashes

Hashes for cozy_re-1.5.1-py3-none-any.whl
Algorithm Hash digest
SHA256 96fbc595444c33e583e0c4f300c15b4ca0d1dfaea09cfa596efc18ca0a40114f
MD5 a2c5a7b9b8f2b6c6412994cda24e0380
BLAKE2b-256 82dbced1dc5132e1cffaf1ff5e29ef220770d79ffe37672f5cb00b27cb37fc65

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page