-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secure Source of Randomness #12
Secure Source of Randomness #12
Conversation
Unable to locate .performanceTestingBot config file |
Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information |
Processing PR updates... |
random_sections = secrets.SystemRandom().sample(goodware_list, population_size) | ||
|
||
for fn in random_sections: | ||
file_path = os.path.join(goodware_folder, fn) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code is using os.listdir
to list files in a directory and then selecting a random sample of these files. This approach does not handle the possibility of encountering directories within goodware_folder
, which would cause an error when trying to read them as files later on. To prevent this, the code should be modified to filter out directories before sampling.
# pick two parents randomly | ||
p1 = random.choice(old_gen) | ||
p2 = random.choice(old_gen) | ||
p1 = secrets.SystemRandom().choice(old_gen) | ||
p2 = secrets.SystemRandom().choice(old_gen) | ||
|
||
j = random.randrange(len(p1[1])) | ||
j = secrets.SystemRandom().randrange(len(p1[1])) | ||
child = p1[0][:j] + p2[0][j:] | ||
offsprings.append((child, p1[1])) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code snippet shows a genetic algorithm's crossover operation without any checks to ensure that p1
and p2
are distinct individuals. If p1
and p2
are the same, the crossover operation would be pointless as it would produce an offspring identical to the parent. To improve the genetic diversity of the offspring, the code should be modified to ensure that p1
and p2
are different before performing the crossover.
Description has been updated! |
Check out the playback for this Pull Request here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pixeebot[bot]
Thank you for your contribution to this repository! We appreciate your effort in opening pull request.
Happy coding!
new_section = lief.PE.Section( | ||
''.join(random.choice(string.ascii_lowercase) for i in range(5))) | ||
''.join(secrets.SystemRandom().choice(string.ascii_lowercase) for i in range(5))) | ||
|
||
new_section.content = content | ||
new_section.characteristics = lief.PE.SECTION_CHARACTERISTICS.MEM_DISCARDABLE |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The new_section
is being created with a randomly generated name, but there is no check to ensure that the generated name is unique within the binary. This could lead to a collision if a section with the same name already exists, potentially causing undefined behavior or overwriting existing section data. To mitigate this, implement a check to ensure the generated section name is unique within the binary before adding it.
@@ -54,7 +54,7 @@ def section_injection(exe_path, amount): | |||
exe_object: lief.PE.Binary = lief.parse(exe_path) | |||
|
|||
new_section = lief.PE.Section( | |||
''.join(random.choice(string.ascii_lowercase) for i in range(5))) | |||
''.join(secrets.SystemRandom().choice(string.ascii_lowercase) for i in range(5))) | |||
new_section.content = [ord(os.urandom(1)) for _ in range(amount)] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The line is generating content for a new section by calling os.urandom(1)
for each byte, which is inefficient. This approach generates a separate system call for each byte, which can be slow if a large amount of data is needed. Instead, call os.urandom
once with the total number of bytes required for the section content to improve performance.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pixeebot[bot]
Thank you for your contribution to this repository! We appreciate your effort in closing pull request.
Happy coding!
Important Auto Review SkippedBot user detected. To trigger a single review, invoke the Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
Thanks @pixeebot[bot] for opening this PR! For COLLABORATOR only :
|
Description
This pull request makes changes to the code in two files:
genetic_optimizer.py
andsection_injection.py
. The changes involve replacing the usage of therandom
module with thesecrets
module for increased security.Here are the specific changes made:
In
genetic_optimizer.py
:random.sample()
withsecrets.SystemRandom().sample()
to generate random sections from a list of goodware samples.random.choice()
withsecrets.SystemRandom().choice()
to randomly select parents for crossover operation.random.randrange()
withsecrets.SystemRandom().randrange()
to randomly select a crossover index.random.random()
withsecrets.SystemRandom().random()
to determine mutation probability.In
section_injection.py
:random.choice()
withsecrets.SystemRandom().choice()
to generate a random lowercase string for the name of a new section.These changes are made to enhance the security and randomness of the genetic optimization and section injection processes.