This repository contains strace output for execution of various packages, along with scripts to generate the output.
This method was succesful in discovering CVE-2022-32222 affecting Node.js. It's possible that similar output generated across many packages will yield other interesting results. That said, this is an experiment and may be completely uninteresting in the end.
You can help by identifying interesting patterns within strace logs, and adding them to the interesting-patterns.txt file. If the project progresses, we'll make this more robust. If you discover a vulnerability using this repository, please let us know!
The code used to generate this output is stored in the src directory. Essentially, it installs a Linux package, identifies which files provided by that package are executable (ELF), and then runs each file under strace.
If available, we use a local apt-mirror.
# Build the image locally
cd src
.\Build.ps1
# Run a local analysis
mkdir output
.\Run.ps1 unzip -ResultsDirectory output
# Run a custom package (arbitrary install)
.\Run.ps1 -PackageName nodejs -PackageVersion 17.8.0 -InstallCommand "wget 'https://nodejs.org/download/release/v17.8.0/node-v17.8.0-linux-x64.tar.gz' && tar zxvf node-v17.8.0-linux-x64.tar.gz" -ResultsDirectory output
Alpha-Omega, part of the Open Source Security Foundation has a goal of improving the security of critical open source projects. If you're like to learn more, please contact us.