This document is an outline and usage document of "IoTcube API". This document is an early version and describes the APIs that deal with the "Vulnerable Code Clone Detection" functionality of "Whitebox Testing" in IoTcube.
Currently, the initial version of IoTcube API can receive vulnerability information in software by sending ".hidx file" (generated through hmark, https://github.com/iotcube/hmark) through POST method to our API address.
Address to send POST request
https://iotcube.net/api/wf1
Params
- files: the path and contents of the ".hidx file" (which you want to check for vulnerabilities).
- headers: your user-agent value
Return Field Definitions
-
Common value
- total_cve - Total number of detected CVEs.
- total_vulfunc - Total number of detected vulnerable functions.
- file_count - Total number of files in uploaded '.hidx file'.
- func_count - Total number of functions in uploaded '.hidx file'.
- line_count - Total number of lines in uploaded '.hidx file'.
-
Vulnerability exists
- cveid - The CVE value of the vulnerability.
- cwe - The CWE value of the vulnerability.
- cvss - The CVSS value of the vulnerability.
- file - The file path where the vulnerability exists.
- funcid - The function number in the file (See hmark).
- diff - All commit information for this vulnerability.
- patch - Patch information of the vulnerable code ('Dec. 2018 ADDED by Seunghoon Woo').
Address to send POST request
https://iotcube.net/api/bf2
Params
- files: the path and contents of the ".zip file" (result bundle file).
- headers: your user-agent value
Return Field Definitions
- Version - Version of tool.
- Elapsed_Time - Total tested hours
- Target_Binary - Targeted binary by tool.
- Trials - Total number of counts tool tested binary.
- Crashes - Total number of crashes detected.
- Initial_Crashes - Total number of crashes detected by original seed.
('Dec. 2018 MODIFIED by Seunghoon Woo' - ADDED "patch").
[
{
"total_cve" : 5,
"total_vulfunc": 6,
"file_count" : 100,
"func_count" : 1000,
"line_count" : 10000,
},
{
"cveid" : "CVE-2018-0000",
"cwe" : "CWE-119",
"cvss" : "10.0",
"file" : "Path/to/file",
"funcid": "5",
"diff" : "https://iotcube.net/whitebox/diff/.../CVE-2018-0000_....diff",
"patch" : "https://iotcube.net/whitebox/diff/.../CVE-2018-0000_....patch"
}, … ,
{
…
}
]
{
"Version" : "1.0.0",
"Elapsed_Time" : "272",
"Target_Binary" : "gif2png @@",
"Trials" : "9563",
"Crashes" :
[
{
"no" : "1",
"URI" : "2019-09-16-18:29:22_0x605cadf1_CVE-2011-2131_photoshop",
"Origin_PoC":"CVE-2011-2131"
}
],
"Initial_Crashes": [
]
}
See 'example' directory.
This document and code is authored and maintained by Seunghoon Woo (hmark) and Gangmo Seong (pfuzz).
seunghoonwoo@korea.ac.kr
geldkang@korea.ac.kr