From 9446d4efdc031b3628628adcbb94698fdbe3b8d2 Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Wed, 7 Aug 2024 13:25:55 -0400 Subject: [PATCH 01/37] Create README.ME --- ashe_scripts/README.ME | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 ashe_scripts/README.ME diff --git a/ashe_scripts/README.ME b/ashe_scripts/README.ME new file mode 100644 index 00000000..d614f590 --- /dev/null +++ b/ashe_scripts/README.ME @@ -0,0 +1,10 @@ +# Specimin Statistics and Exception Ranking + +### specimin_statistics.py +The script to parse the ASHE log files and generate statistical data from Specimin's minimization process. + +### specimin_exception_ranking.py +The script to parse the ASHE log files and generate a ranking of the exceptions that occurred during the minimization process. + +### run_ashe_for_stats.py +The script that clones ASHE, builds and runs it, and then runs the specimin_statistics.py and specimin_exception_rank.py scripts. From 6d3ae1f90b3e4880b103872f5c6b397cedc72675 Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Wed, 7 Aug 2024 13:26:57 -0400 Subject: [PATCH 02/37] Create run_ashe_for_stats.py --- ashe_scripts/run_ashe_for_stats.py | 124 +++++++++++++++++++++++++++++ 1 file changed, 124 insertions(+) create mode 100644 ashe_scripts/run_ashe_for_stats.py diff --git a/ashe_scripts/run_ashe_for_stats.py b/ashe_scripts/run_ashe_for_stats.py new file mode 100644 index 00000000..967cac51 --- /dev/null +++ b/ashe_scripts/run_ashe_for_stats.py @@ -0,0 +1,124 @@ +""" +Script to run Ashe.RepositoryAutomationEngine and Specimin scripts to analyze the log file generated by ASHE in dryrun mode. +https://github.com/jonathan-m-phillips/ASHE_Automated-Software-Hardening-for-Entrypoints + +Created by: Jonathan Phillips, https://github.com/jonathan-m-phillips +Date: April 13, 2024 + +Usage: +python3 run_ashe_for_stats.py +""" +import subprocess +import sys +import threading +import datetime +import time +import os + + +def run(ashe_path: str, csv_path: str, clone_path: str, props_file_path: str): + """ + Run ASHE and Specimin scripts to analyze the log file. + Args: + ashe_path: absolute path to clone the ASHE repository + csv_path: absolute path to the CSV file containing the repositories ASHE will iterate over + clone_path: absolute path to clone the repositories in the CSV file ASHE will iterate over + props_file_path: absolute path to the directory containing the config.properties files for ASHE + """ + + ashe_url: str = "https://github.com/jonathan-m-phillips/ASHE_Automated-Software-Hardening-for-Entrypoints" + # clone or update repository + __git_clone_or_update(ashe_url, ashe_path) + + start_time: datetime = datetime.datetime.now() + status_thread: threading.Thread = threading.Thread(target=__print_ashe_runtime, args=(start_time,)) + status_thread.daemon = True + status_thread.start() + current_dir = os.path.dirname(os.path.abspath(__file__)) + print(f"Current directory path: {current_dir}") + current_dir = current_dir.replace('ASHE/ashe_scripts', 'ashe_scripts') + main_project_dir = os.path.abspath(os.path.join(current_dir, '..', '..')) + stats_script = os.path.join(current_dir, 'specimin_statistics.py') + rank_script = os.path.join(current_dir, 'specimin_exception_rank.py') + print(f"Current directory path after normalising: {current_dir}") + print(f"main project path: {main_project_dir}") + print(f"Statistics script path: {stats_script}") + print(f"Exception rank script path: {rank_script}") + + __build_and_run_ashe(csv_path, clone_path, props_file_path, working_dir=ashe_path) + + current_dir = os.path.dirname(os.path.abspath(__file__)) + print(f"Current directory path: {current_dir}") + current_dir = current_dir.replace('ASHE/ashe_scripts', 'ashe_scripts') + main_project_dir = os.path.abspath(os.path.join(current_dir, '..', '..')) + stats_script = os.path.join(current_dir, 'specimin_statistics.py') + rank_script = os.path.join(current_dir, 'specimin_exception_rank.py') + print(f"Current directory path after normalising: {current_dir}") + print(f"main project path: {main_project_dir}") + print(f"Statistics script path: {stats_script}") + print(f"Exception rank script path: {rank_script}") + # run Specimin scripts + log_path: str = os.path.join(ashe_path, "logs", "app.log") + print("Running statistics script...") + __run_command(f"python3 {stats_script} {log_path}") + + print("Running exception rank script...") + __run_command(f"python3 {rank_script} {log_path}") + + +def __run_command(command, working_dir=None): + try: + result = subprocess.run(command, cwd=working_dir, shell=True, check=True, stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + print(result.stdout.decode()) + except subprocess.CalledProcessError as e: + print("Error executing command:", e.stderr.decode()) + + +def __git_clone_or_update(repo_url, ashe_path): + """Clone or update the git repository.""" + if not os.path.exists(ashe_path): + print("Cloning the repository...") + __run_command(f"git clone {repo_url} {ashe_path}") + else: + print("Repository exists. Checking if it's a Git repository...") + if not os.path.exists(os.path.join(ashe_path, '.git')): + print(f"The directory {ashe_path} is not a Git repository.") + __run_command(f"git clone {repo_url} {ashe_path}") + else: + print("Updating the repository...") + os.chdir(ashe_path) + __run_command("git pull") + + +def __build_and_run_ashe(csv_path: str, clone_path: str, props_file_path: str, working_dir: str): + """Build and run the ASHE project using gradle.""" + # build ASHE + build_command: str = './gradlew build' + model_type: str = "dryrun" + run_automation_command: str = f"./gradlew runRepositoryAutomation -PrepositoriesCsvPath=\"{csv_path}\" -PcloneDirectory=\"{clone_path}\" -Pllm=\"{model_type}\" -PpropsFilePath=\"{props_file_path}\"" + + print("Building ASHE...") + __run_command(build_command, working_dir=working_dir) + + print("Running ASHE...") + __run_command(run_automation_command, working_dir=working_dir) + + +def __print_ashe_runtime(start_time): + """Function to print the elapsed time since ASHE started.""" + print("ASHE started.") + print("ASHE runtime: 00:00:00") + while True: + time.sleep(300) # sleep for 5 minute + elapsed_time = datetime.datetime.now() - start_time + # format elapsed time into H:M:S + formatted_time = str(elapsed_time).split('.')[0] # remove microseconds + print(f"ASHE runtime: {formatted_time}") + + +if __name__ == "__main__": + if len(sys.argv) < 4: + print("Usage: python3 run_ashe_for_stats.py ") + sys.exit(1) + run(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4]) From 1a4615052b32df3081673e271ea0fc6ee81d9913 Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Wed, 7 Aug 2024 13:27:34 -0400 Subject: [PATCH 03/37] Create specimin_exception_rank.py --- ashe_scripts/specimin_exception_rank.py | 125 ++++++++++++++++++++++++ 1 file changed, 125 insertions(+) create mode 100644 ashe_scripts/specimin_exception_rank.py diff --git a/ashe_scripts/specimin_exception_rank.py b/ashe_scripts/specimin_exception_rank.py new file mode 100644 index 00000000..ff8fcf78 --- /dev/null +++ b/ashe_scripts/specimin_exception_rank.py @@ -0,0 +1,125 @@ +""" +Script for analyzing log files generated by ASHE in dryrun mode. +https://github.com/jonathan-m-phillips/ASHE_Automated-Software-Hardening-for-Entrypoints + +Created by: Jonathan Phillips, https://github.com/jonathan-m-phillips +Date: April 13, 2024 + +Description: +This script reads a log file and ranks the exceptions by how frequently they occur. If the exceptions +occur more often, they are ranked higher. These exception rankings come from running the +Ashe.RepositoryAutomationEngine in dryrun mode. + +Output: +Rankings written to a txt file in the same directory as the provided log file. + +Usage: +python3 specimin_exception_rank.py +""" + +import sys +import os +import re +from collections import defaultdict + + +def analyze_log(file_path: str): + directory = os.path.dirname(file_path) + output_file_path = os.path.join(directory, 'specimin_exception_rank.txt') + + with open(file_path, 'r') as file: + content = file.readlines() + + exceptions = __extract_exceptions(content) + ranked_exceptions = __rank_exceptions(exceptions) + + __write_ranked_exceptions(ranked_exceptions, output_file_path) + print("Write successful") + + +def __extract_exceptions(log_lines): + """ + Extract exceptions from the log lines. An exception is defined as a line that starts with "Exception in thread" + Args: + log_lines: A list of log lines + + Returns: A list of tuples (name, message, example_line) + """ + # Enhanced to capture an example line following the exception message + exception_pattern = re.compile(r'^Exception in thread ".*?" (\w+.*?):(.*?)(?=\n\S|\Z)', re.DOTALL) + context_pattern = re.compile(r'^\s+at (.+)$', re.MULTILINE) + exceptions = [] + for i, line in enumerate(log_lines): + match = exception_pattern.search(line) + if match: + exception_name, message = match.groups() + # find the next line that starts with whitespace followed by "at" to capture the context + context_match = context_pattern.search(log_lines[i + 1] if i + 1 < len(log_lines) else "") + example_line = context_match.group(1).strip() if context_match else "No code context available" + exceptions.append([exception_name.strip(), message.strip(), example_line]) + return exceptions + + +def __rank_exceptions(exceptions): + """ + Rank the exceptions by how frequently they occur. If the exceptions occur more often, they are ranked higher. + Args: + exceptions: A list of tuples (name, message, example_line) + + Returns: A sorted list of tuples (count, examples, name, message) + """ + grouped_exceptions = defaultdict(list) + for name, message, example in exceptions: + simplified_message = simplify_message(message) + grouped_exceptions[(name, simplified_message)].append(example) + + # convert grouped data into a sorted list of tuples (count, examples, name, message) + sorted_exceptions = sorted(((len(v), v, k[0], k[1]) for k, v in grouped_exceptions.items()), reverse=True, + key=lambda x: x[0]) + return sorted_exceptions + + +def simplify_message(message): + """ + Simplify the exception message by removing certain patterns that are not helpful for distinguishing exceptions. + Args: + message: The exception message for Specimin developers to analyze + + Returns: A simplified version of the message + """ + message = re.sub(r'\bat [\w\.$<>]+\(.*?\)', '', message) + message = re.sub(r'\bLine \d+\b', '', message) + message = re.sub(r'\bmemory address 0x[\da-f]+\b', '', message, flags=re.I) + return message.strip() + + +def __write_ranked_exceptions(ranked_exceptions, output_file_path): + current_rank = 1 + last_count = None + rank_increment = 0 # keeps track of how many ranks we should jump after ties + + with open(output_file_path, 'w') as output_file: + for count, examples, name, message in ranked_exceptions: + if last_count != count: + current_rank += rank_increment + rank_increment = 1 # reset for next potential tie group + else: + rank_increment += 1 # increment to account for a tie when next different count comes + + last_count = count + output_line = f""" +Rank: {current_rank}, +Count: {count}, +Exception: {name}, +Message: {message}, +Example: {examples[0]} + +""" + output_file.write(output_line) + + +if __name__ == '__main__': + if len(sys.argv) < 2: + print("Usage: python3 specimin_exception_rank.py ") + sys.exit(1) + analyze_log(sys.argv[1]) From f38141965637cb242b4678be81616ca5e29d78cc Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Wed, 7 Aug 2024 13:28:22 -0400 Subject: [PATCH 04/37] Create specimin_statistics.py --- ashe_scripts/specimin_statistics.py | 137 ++++++++++++++++++++++++++++ 1 file changed, 137 insertions(+) create mode 100644 ashe_scripts/specimin_statistics.py diff --git a/ashe_scripts/specimin_statistics.py b/ashe_scripts/specimin_statistics.py new file mode 100644 index 00000000..07414c76 --- /dev/null +++ b/ashe_scripts/specimin_statistics.py @@ -0,0 +1,137 @@ +""" +Script for analyzing log files generated by ASHE in dryrun mode. +https://github.com/jonathan-m-phillips/ASHE_Automated-Software-Hardening-for-Entrypoints + +Created by: Jonathan Phillips, https://github.com/jonathan-m-phillips +Date: April 13, 2024 + +Description: +This script reads a log file and computes attempted, successful, and failed Specimin minimization +and compilation statistics. These statistics come from running the Ashe.RepositoryAutomationEngine +in dryrun mode. + +Output: +Summary written to a txt file in the same directory as the provided log file. + +Usage: +python3 specimin_statistics.py +""" + +import sys +import os +import re + + +def analyze_log(file_path: str): + directory: str = os.path.dirname(file_path) + output_file_path: str = os.path.join(directory, 'specimin_statistics.txt') + + with open(output_file_path, 'w') as output_file: + with open(file_path, 'r') as file: + lines: list[str] = file.readlines() + + repo_stats: dict[str, int] = { + 'minimization_attempts': 0, + 'successful_minimization': 0, + 'failed_minimization': 0, + 'compilation_attempts': 0, + 'successful_compilation': 0, + 'failed_compilation': 0, + 'full_success': 0 + } + repo_path: str = "" + branch_name: str = "" + + for line in lines: + line: str = line.strip() + + # get the repository path and branch name from the log line + if "Processing repository at:" in line: + # if Ashe Repository Automation Engine finished processing a repository + # and moved on to the next repository, print and reset the statistics + if repo_path: + __print_and_write_stats(repo_stats, repo_path, branch_name, output_file) + repo_stats = repo_stats.fromkeys(repo_stats, 0) + + repo_path, branch_name = __extract_repo_and_branch(line) + + __update_stats(line, repo_stats) + + if "Completed processing repository at:" in line: + __print_and_write_stats(repo_stats, repo_path, branch_name, output_file) + repo_stats = repo_stats.fromkeys(repo_stats, 0) # reset statistics for new repo + print("Write successful") + + +def __update_stats(line, repo_stats): + if "Minimizing source file..." in line: + repo_stats['minimization_attempts'] += 1 + if "BUILD SUCCESSFUL" in line: + repo_stats['successful_minimization'] += 1 + if "BUILD FAILED" in line: + repo_stats['failed_minimization'] += 1 + if "Compiling Java files" in line: + repo_stats['compilation_attempts'] += 1 + if "Minimized files compiled successfully." in line: + repo_stats['successful_compilation'] += 1 + repo_stats['full_success'] += 1 + if "Minimized files failed to compile." in line: + repo_stats['failed_compilation'] += 1 + + +def __print_and_write_stats(stats, repo_path, branch_name, output_file): + successful_min_percent = (stats['successful_minimization'] / stats['minimization_attempts'] * 100) if stats[ + 'minimization_attempts'] else 0 + failed_min_percent = (stats['failed_minimization'] / stats['minimization_attempts'] * 100) if stats[ + 'minimization_attempts'] else 0 + successful_comp_percent = (stats['successful_compilation'] / stats['compilation_attempts'] * 100) if stats[ + 'compilation_attempts'] else 0 + failed_comp_percent = (stats['failed_compilation'] / stats['compilation_attempts'] * 100) if stats[ + 'compilation_attempts'] else 0 + full_success_percent = (stats['full_success'] / stats['minimization_attempts'] * 100) if stats[ + 'minimization_attempts'] else 0 + + output_content = f""" +Running Specimin on repository: {repo_path} for branch: {branch_name} +Attempted minimization - {stats['minimization_attempts']}: +Successfully minimized {stats['successful_minimization']} ({successful_min_percent:.2f}%) target methods. +Failed to minimize {stats['failed_minimization']} ({failed_min_percent:.2f}%) target methods. + +Attempted compilation - {stats['compilation_attempts']}: +Successful: {stats['successful_compilation']} ({successful_comp_percent:.2f}%) +Failed: {stats['failed_compilation']} ({failed_comp_percent:.2f}%) + +Fully successful from minimization to compilation: {stats['full_success']} ({full_success_percent:.2f}%) + +""" + output_file.write(output_content) + + +def __extract_repo_and_branch(log_line: str): + """ + Extracts the repository path and branch name from a log line. + + Parameters: + - log_line (str): A string from the log file containing repository and branch information. + + Returns: + - tuple: A tuple containing the repository path and the branch name. + """ + # regex pattern to find the repository path and branch name + pattern = r"Processing repository at: (.+?) for branch: (.+)" + match = re.search(pattern, log_line) + + if match: + repo_path = match.group(1).strip() + branch_name = match.group(2).strip() + return repo_path, branch_name + else: + return "", "" + + +if __name__ == '__main__': + if len(sys.argv) < 2: + print("Usage: python3 specimin_statistics.py ") + sys.exit(1) + log_file_path = sys.argv[1] + analyze_log(log_file_path) From 980ff1302bb49e6391268aedc9db08502e40ce2d Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Wed, 7 Aug 2024 13:29:20 -0400 Subject: [PATCH 05/37] Create CI_repository_list.csv --- CI_repository_list.csv | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 CI_repository_list.csv diff --git a/CI_repository_list.csv b/CI_repository_list.csv new file mode 100644 index 00000000..ae974739 --- /dev/null +++ b/CI_repository_list.csv @@ -0,0 +1,2 @@ +Repository,Branch +https://github.com/NiharikaJamble/plume-util,master From aceedd564573a1006bf9061ff7ae7f2733d6ef4d Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Wed, 7 Aug 2024 13:54:13 -0400 Subject: [PATCH 06/37] Create specimin_evaluation_CI.yml --- .github/workflows/specimin_evaluation_CI.yml | 200 +++++++++++++++++++ 1 file changed, 200 insertions(+) create mode 100644 .github/workflows/specimin_evaluation_CI.yml diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml new file mode 100644 index 00000000..cac3d83a --- /dev/null +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -0,0 +1,200 @@ +name: specimin_evaluation_CI + +on: + push: + branches: + - main + pull_request: + branches: + - main + +jobs: + specimin-evaluation: + runs-on: ubuntu-latest + + steps: + + - name: Checkout repository + uses: actions/checkout@v2 + with: + ref: ${{ github.event.pull_request.head.sha }} + fetch-depth: 0 + + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: '3.8' + + - name: Set up Java JDK + uses: actions/setup-java@v2 + with: + java-version: '21' + distribution: 'adopt' + architecture: 'x64' + server-password: ${{ secrets.GITHUB_TOKEN }} + overwrite-settings: true + check-latest: false + + - name: Install dependencies + run: | + set -ex # Exit immediately if a command exits with a non-zero status and print commands as they are executed + python -m pip install --upgrade pip + + - name: Display CSV File Contents loaded in working environment + run: | + set -ex + if [ -f /home/runner/work/specimin/specimin/CI_repository_list.csv ]; then + cat /home/runner/work/specimin/specimin/CI_repository_list.csv + else + echo "File /home/runner/work/specimin/specimin/CI_repository_list.csv does not exist" + exit 1 + fi + + - name: Download git-clone-related script + run: | + set -ex + curl -L -o git-clone-related https://raw.githubusercontent.com/plume-lib/git-scripts/main/git-clone-related + chmod +x git-clone-related + + - name: Clone ASHE Project using git-clone-related + run: | + set -ex + git clone https://github.com/njit-jerse/ASHE_Automated-Software-Hardening-for-Entrypoints ASHE + ./git-clone-related njit-jerse ASHE_Automated-Software-Hardening-for-Entrypoints ASHE + + + - name: Verify example.properties exists + run: | + set -ex + if [ -f ASHE/src/main/resources/example.properties ]; then + echo "example.properties found" + else + echo "example.properties not found" + exit 1 + fi + + - name: Rename example.properties to config.properties file + run: | + set -ex + mv ASHE/src/main/resources/example.properties ASHE/src/main/resources/config.properties + if [ -f ASHE/src/main/resources/config.properties ]; then + echo "config.properties created" + else + echo "config.properties not created" + exit 1 + fi + + - name: Give write permissions to config.properties + run: | + set -ex + chmod +w ASHE/src/main/resources/config.properties + ls -l ASHE/src/main/resources/config.properties + + - name: Update ASHE Config File to update specimin path + run: | + set -ex + chmod +w ASHE/src/main/resources/config.properties + # Update the specimin.tool.path key with the new value + sed -i 's|^specimin.tool.path=.*|specimin.tool.path='$(pwd)'|' ASHE/src/main/resources/config.properties + # Display the updated config.properties file for verification + cat ASHE/src/main/resources/config.properties + + - name: Display updated config.properties + run: | + set -ex + cat ASHE/src/main/resources/config.properties + + - name: Make all scripts under ashe_scripts executable + run: | + set -ex + chmod +x ashe_scripts/*.py + + - name: List Files in ashe_scripts for Debugging + run: | + set -ex + ls -l ashe_scripts + + - name: Run the script + run: | + set -ex + python3 ashe_scripts/run_ashe_for_stats.py \ + $(pwd)/ASHE \ + $(pwd)/CI_repository_list.csv \ + $(pwd)/ASHE/CI_REPO_CLONE_SPACE \ + $(pwd)/ASHE/src/main/resources/config.properties + + - name: Parse accuracy percentage + id: parse_accuracy_percentage + run: | + set -ex + grep 'Fully successful from minimization to compilation' $(pwd)/ASHE/logs/specimin_statistics.txt | awk '{print $NF}' > current_run_accuracy_percentage.txt + cat current_run_accuracy_percentage.txt + + + - name: Read, update, and set Evaluation Accuracy Secret + id: read_update_set_secret + run: | + set -ex + + # Install jq and curl + sudo apt-get update + sudo apt-get install -y jq curl + + # Read current accuracy + current_accuracy=$(cat current_run_accuracy_percentage.txt) + echo "Current accuracy: $current_accuracy" + + # Read previous run accuracy from secrets + previous_run_accuracy=${{ secrets.LATEST_SPECIMIN_EVAL_PERCENTAGE }} + if [ -z "$previous_run_accuracy" ]; then + previous_run_accuracy=0 + fi + echo "Previous run accuracy: $previous_run_accuracy" + + # Compare and decide whether to update the secret + if (( $(echo "$current_accuracy > $previous_run_accuracy" | bc -l) )); then + echo "Updating LATEST_SPECIMIN_EVAL_PERCENTAGE to $current_accuracy" + new_accuracy=$current_accuracy + update_needed=true + else + echo "No update needed previous run accuracy is $previous_run_accuracy" + new_accuracy=$previous_run_accuracy + update_needed=false + fi + + # Save comparison values for later analysis + echo "Current accuracy: $current_accuracy" > comparison_values_for_current_run.txt + echo "Previous run accuracy: $previous_run_accuracy" >> comparison_values_for_current_run.txt + + # Set outputs for further steps + echo "::set-output name=update_needed::$update_needed" + echo "::set-output name=new_accuracy::$new_accuracy" + + # Update the secret if needed + if $update_needed && [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then + repo_name="${{ github.repository }}" + api_url="https://api.github.com" + public_key_response=$(curl -s -H "Authorization: token ${{ secrets.LATEST_SPECIMIN_EVAL_PERCENTAGE_PAT }}" $api_url/repos/$repo_name/actions/secrets/public-key) + public_key=$(echo $public_key_response | jq -r .key) + key_id=$(echo $public_key_response | jq -r .key_id) + encrypted_value=$(echo -n "$new_accuracy" | openssl rsautl -encrypt -pubin -inkey <(echo "$public_key") | base64) + curl -s \ + -X PUT \ + -H "Authorization: token ${{ secrets.LATEST_SPECIMIN_EVAL_PERCENTAGE_PAT }}" \ + -H "Content-Type: application/json" \ + "$api_url/repos/$repo_name/actions/secrets/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ + -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}" + fi + - name: Upload comparison values + if: always() + uses: actions/upload-artifact@v2 + with: + name: comparison-values + path: comparison_values_for_current_run.txt + + - name: Upload current run accuracy percentage + if: always() + uses: actions/upload-artifact@v2 + with: + name: current-run-accuracy-percentage + path: current_run_accuracy_percentage.txt From 6012000e6bd6292111b3cdab4bd1e7278d891049 Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Wed, 7 Aug 2024 14:13:13 -0400 Subject: [PATCH 07/37] Update specimin_evaluation_CI.yml script optimized --- .github/workflows/specimin_evaluation_CI.yml | 110 ++++--------------- 1 file changed, 20 insertions(+), 90 deletions(-) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index cac3d83a..c2da7df9 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -1,4 +1,4 @@ -name: specimin_evaluation_CI +name: specimin_evaluation_CI on: push: @@ -13,13 +13,13 @@ jobs: runs-on: ubuntu-latest steps: - + - name: Checkout repository uses: actions/checkout@v2 with: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 - + - name: Set up Python uses: actions/setup-python@v2 with: @@ -37,12 +37,10 @@ jobs: - name: Install dependencies run: | - set -ex # Exit immediately if a command exits with a non-zero status and print commands as they are executed python -m pip install --upgrade pip - - name: Display CSV File Contents loaded in working environment + - name: Display CSV File Contents run: | - set -ex if [ -f /home/runner/work/specimin/specimin/CI_repository_list.csv ]; then cat /home/runner/work/specimin/specimin/CI_repository_list.csv else @@ -50,127 +48,72 @@ jobs: exit 1 fi - - name: Download git-clone-related script - run: | - set -ex - curl -L -o git-clone-related https://raw.githubusercontent.com/plume-lib/git-scripts/main/git-clone-related - chmod +x git-clone-related - - - name: Clone ASHE Project using git-clone-related - run: | - set -ex - git clone https://github.com/njit-jerse/ASHE_Automated-Software-Hardening-for-Entrypoints ASHE - ./git-clone-related njit-jerse ASHE_Automated-Software-Hardening-for-Entrypoints ASHE - - - - name: Verify example.properties exists + - name: Download and clone ASHE Project run: | - set -ex - if [ -f ASHE/src/main/resources/example.properties ]; then - echo "example.properties found" - else - echo "example.properties not found" - exit 1 - fi + curl -L -o git-clone-related https://raw.githubusercontent.com/plume-lib/git-scripts/main/git-clone-related + chmod +x git-clone-related + git clone https://github.com/njit-jerse/ASHE_Automated-Software-Hardening-for-Entrypoints ASHE + ./git-clone-related njit-jerse ASHE_Automated-Software-Hardening-for-Entrypoints ASHE - - name: Rename example.properties to config.properties file + - name: Verify and Rename example.properties run: | - set -ex - mv ASHE/src/main/resources/example.properties ASHE/src/main/resources/config.properties - if [ -f ASHE/src/main/resources/config.properties ]; then + if [ -f ASHE/src/main/resources/example.properties ]; then + mv ASHE/src/main/resources/example.properties ASHE/src/main/resources/config.properties echo "config.properties created" else - echo "config.properties not created" + echo "example.properties not found" exit 1 fi - - name: Give write permissions to config.properties + - name: Update ASHE Config File run: | - set -ex chmod +w ASHE/src/main/resources/config.properties - ls -l ASHE/src/main/resources/config.properties - - - name: Update ASHE Config File to update specimin path - run: | - set -ex - chmod +w ASHE/src/main/resources/config.properties - # Update the specimin.tool.path key with the new value sed -i 's|^specimin.tool.path=.*|specimin.tool.path='$(pwd)'|' ASHE/src/main/resources/config.properties - # Display the updated config.properties file for verification cat ASHE/src/main/resources/config.properties - - name: Display updated config.properties + - name: Make scripts executable run: | - set -ex - cat ASHE/src/main/resources/config.properties - - - name: Make all scripts under ashe_scripts executable - run: | - set -ex chmod +x ashe_scripts/*.py - - name: List Files in ashe_scripts for Debugging - run: | - set -ex - ls -l ashe_scripts - - - name: Run the script + - name: Run ASHE script run: | - set -ex python3 ashe_scripts/run_ashe_for_stats.py \ $(pwd)/ASHE \ $(pwd)/CI_repository_list.csv \ $(pwd)/ASHE/CI_REPO_CLONE_SPACE \ $(pwd)/ASHE/src/main/resources/config.properties - + - name: Parse accuracy percentage id: parse_accuracy_percentage run: | - set -ex grep 'Fully successful from minimization to compilation' $(pwd)/ASHE/logs/specimin_statistics.txt | awk '{print $NF}' > current_run_accuracy_percentage.txt cat current_run_accuracy_percentage.txt - - name: Read, update, and set Evaluation Accuracy Secret id: read_update_set_secret run: | - set -ex - - # Install jq and curl sudo apt-get update sudo apt-get install -y jq curl - - # Read current accuracy current_accuracy=$(cat current_run_accuracy_percentage.txt) echo "Current accuracy: $current_accuracy" - - # Read previous run accuracy from secrets previous_run_accuracy=${{ secrets.LATEST_SPECIMIN_EVAL_PERCENTAGE }} if [ -z "$previous_run_accuracy" ]; then previous_run_accuracy=0 fi echo "Previous run accuracy: $previous_run_accuracy" - - # Compare and decide whether to update the secret if (( $(echo "$current_accuracy > $previous_run_accuracy" | bc -l) )); then echo "Updating LATEST_SPECIMIN_EVAL_PERCENTAGE to $current_accuracy" new_accuracy=$current_accuracy update_needed=true else - echo "No update needed previous run accuracy is $previous_run_accuracy" + echo "No update needed, previous run accuracy is $previous_run_accuracy" new_accuracy=$previous_run_accuracy update_needed=false fi - - # Save comparison values for later analysis - echo "Current accuracy: $current_accuracy" > comparison_values_for_current_run.txt - echo "Previous run accuracy: $previous_run_accuracy" >> comparison_values_for_current_run.txt - - # Set outputs for further steps + echo "Current accuracy: $current_accuracy" + echo "Previous run accuracy: $previous_run_accuracy" echo "::set-output name=update_needed::$update_needed" echo "::set-output name=new_accuracy::$new_accuracy" - - # Update the secret if needed if $update_needed && [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then repo_name="${{ github.repository }}" api_url="https://api.github.com" @@ -185,16 +128,3 @@ jobs: "$api_url/repos/$repo_name/actions/secrets/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}" fi - - name: Upload comparison values - if: always() - uses: actions/upload-artifact@v2 - with: - name: comparison-values - path: comparison_values_for_current_run.txt - - - name: Upload current run accuracy percentage - if: always() - uses: actions/upload-artifact@v2 - with: - name: current-run-accuracy-percentage - path: current_run_accuracy_percentage.txt From 10fd932bc022fb5ac972cfb0f14b1ff65207ddcb Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Wed, 7 Aug 2024 16:01:33 -0400 Subject: [PATCH 08/37] Update specimin_evaluation_CI.yml changed secret to variable --- .github/workflows/specimin_evaluation_CI.yml | 134 ++++++++++++++++--- 1 file changed, 117 insertions(+), 17 deletions(-) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index c2da7df9..2d2b2e26 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -1,130 +1,230 @@ name: specimin_evaluation_CI - on: +on: + push: push: branches: + branches: + - main - main pull_request: + pull_request: + branches: branches: - main - + - main jobs: +jobs: + specimin-evaluation: specimin-evaluation: runs-on: ubuntu-latest - + runs-on: ubuntu-latest steps: - + steps: + - name: Checkout repository - name: Checkout repository + uses: actions/checkout@v2 uses: actions/checkout@v2 with: + with: + ref: ${{ github.event.pull_request.head.sha }} ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 - + fetch-depth: 0 + - name: Set up Python - name: Set up Python uses: actions/setup-python@v2 + uses: actions/setup-python@v2 + with: with: python-version: '3.8' - + python-version: '3.8' - name: Set up Java JDK + - name: Set up Java JDK + uses: actions/setup-java@v2 uses: actions/setup-java@v2 + with: with: java-version: '21' + java-version: '21' + distribution: 'adopt' distribution: 'adopt' architecture: 'x64' + architecture: 'x64' server-password: ${{ secrets.GITHUB_TOKEN }} + server-password: ${{ secrets.GITHUB_TOKEN }} + overwrite-settings: true overwrite-settings: true check-latest: false - + check-latest: false + - name: Install dependencies - name: Install dependencies run: | + run: | + python -m pip install --upgrade pip python -m pip install --upgrade pip - + - name: Display CSV File Contents - name: Display CSV File Contents run: | + run: | + if [ -f /home/runner/work/specimin/specimin/CI_repository_list.csv ]; then if [ -f /home/runner/work/specimin/specimin/CI_repository_list.csv ]; then cat /home/runner/work/specimin/specimin/CI_repository_list.csv + cat /home/runner/work/specimin/specimin/CI_repository_list.csv else + else + echo "File /home/runner/work/specimin/specimin/CI_repository_list.csv does not exist" echo "File /home/runner/work/specimin/specimin/CI_repository_list.csv does not exist" exit 1 + exit 1 fi - + fi + - name: Download and clone ASHE Project - name: Download and clone ASHE Project run: | + run: | + curl -L -o git-clone-related https://raw.githubusercontent.com/plume-lib/git-scripts/main/git-clone-related curl -L -o git-clone-related https://raw.githubusercontent.com/plume-lib/git-scripts/main/git-clone-related chmod +x git-clone-related + chmod +x git-clone-related + git clone https://github.com/njit-jerse/ASHE_Automated-Software-Hardening-for-Entrypoints ASHE git clone https://github.com/njit-jerse/ASHE_Automated-Software-Hardening-for-Entrypoints ASHE ./git-clone-related njit-jerse ASHE_Automated-Software-Hardening-for-Entrypoints ASHE - + ./git-clone-related njit-jerse ASHE_Automated-Software-Hardening-for-Entrypoints ASHE - name: Verify and Rename example.properties + - name: Verify and Rename example.properties + run: | run: | - if [ -f ASHE/src/main/resources/example.properties ]; then + if [ -f ASHE/src/main/resources/example.properties ]; then + if [ -f ASHE/src/main/resources/example.properties ]; then + mv ASHE/src/main/resources/example.properties ASHE/src/main/resources/config.properties mv ASHE/src/main/resources/example.properties ASHE/src/main/resources/config.properties echo "config.properties created" - else + echo "config.properties created" + else + else echo "example.properties not found" + echo "example.properties not found" + exit 1 exit 1 fi - + fi + - name: Update ASHE Config File - name: Update ASHE Config File run: | + run: | + chmod +w ASHE/src/main/resources/config.properties chmod +w ASHE/src/main/resources/config.properties sed -i 's|^specimin.tool.path=.*|specimin.tool.path='$(pwd)'|' ASHE/src/main/resources/config.properties + sed -i 's|^specimin.tool.path=.*|specimin.tool.path='$(pwd)'|' ASHE/src/main/resources/config.properties cat ASHE/src/main/resources/config.properties - + cat ASHE/src/main/resources/config.properties + - name: Make scripts executable - name: Make scripts executable + run: | run: | chmod +x ashe_scripts/*.py - + chmod +x ashe_scripts/*.py + - name: Run ASHE script - name: Run ASHE script + run: | run: | python3 ashe_scripts/run_ashe_for_stats.py \ + python3 ashe_scripts/run_ashe_for_stats.py \ + $(pwd)/ASHE \ $(pwd)/ASHE \ $(pwd)/CI_repository_list.csv \ + $(pwd)/CI_repository_list.csv \ + $(pwd)/ASHE/CI_REPO_CLONE_SPACE \ $(pwd)/ASHE/CI_REPO_CLONE_SPACE \ $(pwd)/ASHE/src/main/resources/config.properties - + $(pwd)/ASHE/src/main/resources/config.properties + - name: Parse accuracy percentage - name: Parse accuracy percentage + id: parse_accuracy_percentage id: parse_accuracy_percentage run: | + run: | + grep 'Fully successful from minimization to compilation' $(pwd)/ASHE/logs/specimin_statistics.txt | awk '{print $NF}' > current_run_accuracy_percentage.txt grep 'Fully successful from minimization to compilation' $(pwd)/ASHE/logs/specimin_statistics.txt | awk '{print $NF}' > current_run_accuracy_percentage.txt cat current_run_accuracy_percentage.txt - + cat current_run_accuracy_percentage.txt - name: Read, update, and set Evaluation Accuracy Secret + - name: Read, update, and set Evaluation Accuracy Variable id: read_update_set_secret + id: read_update_set_variable run: | + run: | + sudo apt-get update sudo apt-get update sudo apt-get install -y jq curl + sudo apt-get install -y jq curl current_accuracy=$(cat current_run_accuracy_percentage.txt) + current_accuracy=$(cat current_run_accuracy_percentage.txt) + echo "Current accuracy: $current_accuracy" echo "Current accuracy: $current_accuracy" + # Retrieve the GitHub variable value previous_run_accuracy=${{ secrets.LATEST_SPECIMIN_EVAL_PERCENTAGE }} + previous_run_accuracy=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + "https://api.github.com/repos/${{ github.repository }}/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ + | jq -r '.value') if [ -z "$previous_run_accuracy" ]; then + if [ -z "$previous_run_accuracy" ]; then + previous_run_accuracy=0 previous_run_accuracy=0 fi + fi + echo "Previous run accuracy: $previous_run_accuracy" echo "Previous run accuracy: $previous_run_accuracy" + if (( $(echo "$current_accuracy > $previous_run_accuracy" | bc -l) )); then if (( $(echo "$current_accuracy > $previous_run_accuracy" | bc -l) )); then echo "Updating LATEST_SPECIMIN_EVAL_PERCENTAGE to $current_accuracy" + echo "Updating LATEST_SPECIMIN_EVAL_PERCENTAGE to $current_accuracy" + new_accuracy=$current_accuracy new_accuracy=$current_accuracy update_needed=true + update_needed=true else + else + echo "No update needed, previous run accuracy is $previous_run_accuracy" echo "No update needed, previous run accuracy is $previous_run_accuracy" new_accuracy=$previous_run_accuracy + new_accuracy=$previous_run_accuracy update_needed=false + update_needed=false + fi fi echo "Current accuracy: $current_accuracy" + echo "Current accuracy: $current_accuracy" echo "Previous run accuracy: $previous_run_accuracy" + echo "Previous run accuracy: $previous_run_accuracy" + echo "::set-output name=update_needed::$update_needed" echo "::set-output name=update_needed::$update_needed" echo "::set-output name=new_accuracy::$new_accuracy" + echo "::set-output name=new_accuracy::$new_accuracy" if $update_needed && [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then + if $update_needed && [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then + repo_name="${{ github.repository }}" repo_name="${{ github.repository }}" api_url="https://api.github.com" + api_url="https://api.github.com" public_key_response=$(curl -s -H "Authorization: token ${{ secrets.LATEST_SPECIMIN_EVAL_PERCENTAGE_PAT }}" $api_url/repos/$repo_name/actions/secrets/public-key) + public_key=$(echo $public_key_response | jq -r .key) + # Update the GitHub variable key_id=$(echo $public_key_response | jq -r .key_id) encrypted_value=$(echo -n "$new_accuracy" | openssl rsautl -encrypt -pubin -inkey <(echo "$public_key") | base64) + curl -s \ curl -s \ -X PUT \ + -X PATCH \ -H "Authorization: token ${{ secrets.LATEST_SPECIMIN_EVAL_PERCENTAGE_PAT }}" \ + -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + -H "Content-Type: application/json" \ -H "Content-Type: application/json" \ "$api_url/repos/$repo_name/actions/secrets/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ + "$api_url/repos/$repo_name/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}" + -d "{\"value\":\"$new_accuracy\"}" + fi fi From 291d708c2ba2d8336e3f40f2348c928daded5e6c Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Wed, 7 Aug 2024 16:04:26 -0400 Subject: [PATCH 09/37] Update specimin_evaluation_CI.yml --- .github/workflows/specimin_evaluation_CI.yml | 135 +++---------------- 1 file changed, 17 insertions(+), 118 deletions(-) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index 2d2b2e26..5a6f04cc 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -1,230 +1,129 @@ name: specimin_evaluation_CI + on: -on: - push: push: branches: - branches: - - main - main pull_request: - pull_request: - branches: branches: - main - - main + jobs: -jobs: - specimin-evaluation: specimin-evaluation: runs-on: ubuntu-latest - runs-on: ubuntu-latest + steps: - steps: - - name: Checkout repository - name: Checkout repository - uses: actions/checkout@v2 uses: actions/checkout@v2 with: - with: - ref: ${{ github.event.pull_request.head.sha }} ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 - fetch-depth: 0 - - name: Set up Python + - name: Set up Python uses: actions/setup-python@v2 - uses: actions/setup-python@v2 - with: with: python-version: '3.8' - python-version: '3.8' + - name: Set up Java JDK - - name: Set up Java JDK - uses: actions/setup-java@v2 uses: actions/setup-java@v2 - with: with: java-version: '21' - java-version: '21' - distribution: 'adopt' distribution: 'adopt' architecture: 'x64' - architecture: 'x64' server-password: ${{ secrets.GITHUB_TOKEN }} - server-password: ${{ secrets.GITHUB_TOKEN }} - overwrite-settings: true overwrite-settings: true check-latest: false - check-latest: false - - name: Install dependencies + - name: Install dependencies run: | - run: | - python -m pip install --upgrade pip python -m pip install --upgrade pip - - name: Display CSV File Contents + - name: Display CSV File Contents run: | - run: | - if [ -f /home/runner/work/specimin/specimin/CI_repository_list.csv ]; then if [ -f /home/runner/work/specimin/specimin/CI_repository_list.csv ]; then cat /home/runner/work/specimin/specimin/CI_repository_list.csv - cat /home/runner/work/specimin/specimin/CI_repository_list.csv else - else - echo "File /home/runner/work/specimin/specimin/CI_repository_list.csv does not exist" echo "File /home/runner/work/specimin/specimin/CI_repository_list.csv does not exist" exit 1 - exit 1 fi - fi - - name: Download and clone ASHE Project + - name: Download and clone ASHE Project - run: | run: | curl -L -o git-clone-related https://raw.githubusercontent.com/plume-lib/git-scripts/main/git-clone-related - curl -L -o git-clone-related https://raw.githubusercontent.com/plume-lib/git-scripts/main/git-clone-related - chmod +x git-clone-related chmod +x git-clone-related git clone https://github.com/njit-jerse/ASHE_Automated-Software-Hardening-for-Entrypoints ASHE - git clone https://github.com/njit-jerse/ASHE_Automated-Software-Hardening-for-Entrypoints ASHE ./git-clone-related njit-jerse ASHE_Automated-Software-Hardening-for-Entrypoints ASHE - ./git-clone-related njit-jerse ASHE_Automated-Software-Hardening-for-Entrypoints ASHE - - name: Verify and Rename example.properties + - name: Verify and Rename example.properties - run: | run: | if [ -f ASHE/src/main/resources/example.properties ]; then - if [ -f ASHE/src/main/resources/example.properties ]; then - mv ASHE/src/main/resources/example.properties ASHE/src/main/resources/config.properties mv ASHE/src/main/resources/example.properties ASHE/src/main/resources/config.properties echo "config.properties created" - echo "config.properties created" else - else - echo "example.properties not found" echo "example.properties not found" exit 1 - exit 1 - fi fi + - name: Update ASHE Config File - - name: Update ASHE Config File - run: | run: | - chmod +w ASHE/src/main/resources/config.properties chmod +w ASHE/src/main/resources/config.properties sed -i 's|^specimin.tool.path=.*|specimin.tool.path='$(pwd)'|' ASHE/src/main/resources/config.properties - sed -i 's|^specimin.tool.path=.*|specimin.tool.path='$(pwd)'|' ASHE/src/main/resources/config.properties - cat ASHE/src/main/resources/config.properties cat ASHE/src/main/resources/config.properties - - name: Make scripts executable + - name: Make scripts executable run: | - run: | - chmod +x ashe_scripts/*.py chmod +x ashe_scripts/*.py - - name: Run ASHE script + - name: Run ASHE script run: | - run: | - python3 ashe_scripts/run_ashe_for_stats.py \ python3 ashe_scripts/run_ashe_for_stats.py \ $(pwd)/ASHE \ - $(pwd)/ASHE \ - $(pwd)/CI_repository_list.csv \ $(pwd)/CI_repository_list.csv \ $(pwd)/ASHE/CI_REPO_CLONE_SPACE \ - $(pwd)/ASHE/CI_REPO_CLONE_SPACE \ - $(pwd)/ASHE/src/main/resources/config.properties $(pwd)/ASHE/src/main/resources/config.properties - - name: Parse accuracy percentage + - name: Parse accuracy percentage id: parse_accuracy_percentage - id: parse_accuracy_percentage - run: | run: | - grep 'Fully successful from minimization to compilation' $(pwd)/ASHE/logs/specimin_statistics.txt | awk '{print $NF}' > current_run_accuracy_percentage.txt grep 'Fully successful from minimization to compilation' $(pwd)/ASHE/logs/specimin_statistics.txt | awk '{print $NF}' > current_run_accuracy_percentage.txt cat current_run_accuracy_percentage.txt - cat current_run_accuracy_percentage.txt - - name: Read, update, and set Evaluation Accuracy Secret + - name: Read, update, and set Evaluation Accuracy Variable - id: read_update_set_secret id: read_update_set_variable run: | - run: | - sudo apt-get update sudo apt-get update sudo apt-get install -y jq curl - sudo apt-get install -y jq curl - current_accuracy=$(cat current_run_accuracy_percentage.txt) current_accuracy=$(cat current_run_accuracy_percentage.txt) echo "Current accuracy: $current_accuracy" - echo "Current accuracy: $current_accuracy" - # Retrieve the GitHub variable value - previous_run_accuracy=${{ secrets.LATEST_SPECIMIN_EVAL_PERCENTAGE }} - previous_run_accuracy=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ - "https://api.github.com/repos/${{ github.repository }}/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ - | jq -r '.value') - if [ -z "$previous_run_accuracy" ]; then + previous_run_accuracy=${{ vars.LATEST_SPECIMIN_EVAL_PERCENTAGE }} if [ -z "$previous_run_accuracy" ]; then previous_run_accuracy=0 - previous_run_accuracy=0 - fi fi echo "Previous run accuracy: $previous_run_accuracy" - echo "Previous run accuracy: $previous_run_accuracy" if (( $(echo "$current_accuracy > $previous_run_accuracy" | bc -l) )); then - if (( $(echo "$current_accuracy > $previous_run_accuracy" | bc -l) )); then - echo "Updating LATEST_SPECIMIN_EVAL_PERCENTAGE to $current_accuracy" echo "Updating LATEST_SPECIMIN_EVAL_PERCENTAGE to $current_accuracy" new_accuracy=$current_accuracy - new_accuracy=$current_accuracy update_needed=true - update_needed=true - else else - echo "No update needed, previous run accuracy is $previous_run_accuracy" echo "No update needed, previous run accuracy is $previous_run_accuracy" new_accuracy=$previous_run_accuracy - new_accuracy=$previous_run_accuracy - update_needed=false update_needed=false fi - fi echo "Current accuracy: $current_accuracy" - echo "Current accuracy: $current_accuracy" - echo "Previous run accuracy: $previous_run_accuracy" echo "Previous run accuracy: $previous_run_accuracy" echo "::set-output name=update_needed::$update_needed" - echo "::set-output name=update_needed::$update_needed" echo "::set-output name=new_accuracy::$new_accuracy" - echo "::set-output name=new_accuracy::$new_accuracy" - if $update_needed && [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then - if $update_needed && [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then - repo_name="${{ github.repository }}" + if [ "$update_needed" = true ] && [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then repo_name="${{ github.repository }}" api_url="https://api.github.com" - api_url="https://api.github.com" - public_key_response=$(curl -s -H "Authorization: token ${{ secrets.LATEST_SPECIMIN_EVAL_PERCENTAGE_PAT }}" $api_url/repos/$repo_name/actions/secrets/public-key) - + public_key_response=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" $api_url/repos/$repo_name/actions/variables/public-key) public_key=$(echo $public_key_response | jq -r .key) - # Update the GitHub variable key_id=$(echo $public_key_response | jq -r .key_id) encrypted_value=$(echo -n "$new_accuracy" | openssl rsautl -encrypt -pubin -inkey <(echo "$public_key") | base64) - curl -s \ curl -s \ -X PUT \ - -X PATCH \ - -H "Authorization: token ${{ secrets.LATEST_SPECIMIN_EVAL_PERCENTAGE_PAT }}" \ -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ -H "Content-Type: application/json" \ - -H "Content-Type: application/json" \ - "$api_url/repos/$repo_name/actions/secrets/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ "$api_url/repos/$repo_name/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}" - -d "{\"value\":\"$new_accuracy\"}" - fi fi From 02de506d5b944766ae0f64042dca0951f9bd5424 Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Wed, 7 Aug 2024 16:08:21 -0400 Subject: [PATCH 10/37] Update specimin_evaluation_CI.yml --- .github/workflows/specimin_evaluation_CI.yml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index 5a6f04cc..e7600e89 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -56,10 +56,10 @@ jobs: - name: Verify and Rename example.properties run: | - if [ -f ASHE/src/main/resources/example.properties ]; then + if [ -f ASHE/src/main/resources/example.properties ]; then mv ASHE/src/main/resources/example.properties ASHE/src/main/resources/config.properties echo "config.properties created" - else + else echo "example.properties not found" exit 1 fi @@ -95,7 +95,9 @@ jobs: sudo apt-get install -y jq curl current_accuracy=$(cat current_run_accuracy_percentage.txt) echo "Current accuracy: $current_accuracy" - previous_run_accuracy=${{ vars.LATEST_SPECIMIN_EVAL_PERCENTAGE }} + previous_run_accuracy=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + "https://api.github.com/repos/${{ github.repository }}/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ + | jq -r '.value') if [ -z "$previous_run_accuracy" ]; then previous_run_accuracy=0 fi @@ -105,18 +107,17 @@ jobs: new_accuracy=$current_accuracy update_needed=true else - echo "No update needed, previous run accuracy is $previous_run_accuracy" - new_accuracy=$previous_run_accuracy - update_needed=false + echo "Current accuracy is less than or equal to the previous run accuracy. Failing the workflow." + exit 1 fi echo "Current accuracy: $current_accuracy" echo "Previous run accuracy: $previous_run_accuracy" echo "::set-output name=update_needed::$update_needed" echo "::set-output name=new_accuracy::$new_accuracy" - if [ "$update_needed" = true ] && [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then + if $update_needed && [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then repo_name="${{ github.repository }}" api_url="https://api.github.com" - public_key_response=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" $api_url/repos/$repo_name/actions/variables/public-key) + public_key_response=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" $api_url/repos/$repo_name/actions/secrets/public-key) public_key=$(echo $public_key_response | jq -r .key) key_id=$(echo $public_key_response | jq -r .key_id) encrypted_value=$(echo -n "$new_accuracy" | openssl rsautl -encrypt -pubin -inkey <(echo "$public_key") | base64) @@ -124,6 +125,6 @@ jobs: -X PUT \ -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ -H "Content-Type: application/json" \ - "$api_url/repos/$repo_name/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ + "$api_url/repos/$repo_name/actions/secrets/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}" fi From 448595ffa759c92121308b306d200b754d50de5c Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Wed, 7 Aug 2024 19:01:55 -0400 Subject: [PATCH 11/37] Update specimin_evaluation_CI.yml optimized script --- .github/workflows/specimin_evaluation_CI.yml | 100 ++++++++----------- 1 file changed, 44 insertions(+), 56 deletions(-) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index e7600e89..2c199076 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -19,31 +19,30 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 - - name: Set up Python + - name: Set up environment uses: actions/setup-python@v2 with: python-version: '3.8' - - name: Set up Java JDK + - name: Install Java JDK uses: actions/setup-java@v2 with: java-version: '21' distribution: 'adopt' - architecture: 'x64' - server-password: ${{ secrets.GITHUB_TOKEN }} - overwrite-settings: true - check-latest: false - name: Install dependencies run: | python -m pip install --upgrade pip + sudo apt-get update + sudo apt-get install -y jq curl bc - name: Display CSV File Contents run: | - if [ -f /home/runner/work/specimin/specimin/CI_repository_list.csv ]; then - cat /home/runner/work/specimin/specimin/CI_repository_list.csv + CSV_PATH="/home/runner/work/specimin/specimin/CI_repository_list.csv" + if [ -f "$CSV_PATH" ]; then + cat "$CSV_PATH" else - echo "File /home/runner/work/specimin/specimin/CI_repository_list.csv does not exist" + echo "File $CSV_PATH does not exist" exit 1 fi @@ -54,77 +53,66 @@ jobs: git clone https://github.com/njit-jerse/ASHE_Automated-Software-Hardening-for-Entrypoints ASHE ./git-clone-related njit-jerse ASHE_Automated-Software-Hardening-for-Entrypoints ASHE - - name: Verify and Rename example.properties + - name: Configure ASHE Project run: | + CONFIG_FILE="ASHE/src/main/resources/config.properties" if [ -f ASHE/src/main/resources/example.properties ]; then - mv ASHE/src/main/resources/example.properties ASHE/src/main/resources/config.properties + mv ASHE/src/main/resources/example.properties "$CONFIG_FILE" echo "config.properties created" else echo "example.properties not found" exit 1 fi - - - name: Update ASHE Config File - run: | - chmod +w ASHE/src/main/resources/config.properties - sed -i 's|^specimin.tool.path=.*|specimin.tool.path='$(pwd)'|' ASHE/src/main/resources/config.properties - cat ASHE/src/main/resources/config.properties + chmod +w "$CONFIG_FILE" + sed -i 's|^specimin.tool.path=.*|specimin.tool.path='$(pwd)'|' "$CONFIG_FILE" + cat "$CONFIG_FILE" - name: Make scripts executable - run: | - chmod +x ashe_scripts/*.py + run: chmod +x ashe_scripts/*.py - name: Run ASHE script run: | python3 ashe_scripts/run_ashe_for_stats.py \ - $(pwd)/ASHE \ - $(pwd)/CI_repository_list.csv \ - $(pwd)/ASHE/CI_REPO_CLONE_SPACE \ - $(pwd)/ASHE/src/main/resources/config.properties + "$(pwd)/ASHE" \ + "$(pwd)/CI_repository_list.csv" \ + "$(pwd)/ASHE/CI_REPO_CLONE_SPACE" \ + "$(pwd)/ASHE/src/main/resources/config.properties" - - name: Parse accuracy percentage - id: parse_accuracy_percentage + - name: Parse and handle accuracy percentage + id: parse_and_handle_accuracy run: | - grep 'Fully successful from minimization to compilation' $(pwd)/ASHE/logs/specimin_statistics.txt | awk '{print $NF}' > current_run_accuracy_percentage.txt - cat current_run_accuracy_percentage.txt - - - name: Read, update, and set Evaluation Accuracy Variable - id: read_update_set_variable - run: | - sudo apt-get update - sudo apt-get install -y jq curl - current_accuracy=$(cat current_run_accuracy_percentage.txt) + current_accuracy=$(grep 'Fully successful from minimization to compilation' "$(pwd)/ASHE/logs/specimin_statistics.txt" | awk '{print $NF}') echo "Current accuracy: $current_accuracy" + previous_run_accuracy=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ "https://api.github.com/repos/${{ github.repository }}/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ | jq -r '.value') + if [ -z "$previous_run_accuracy" ]; then previous_run_accuracy=0 fi echo "Previous run accuracy: $previous_run_accuracy" + if (( $(echo "$current_accuracy > $previous_run_accuracy" | bc -l) )); then - echo "Updating LATEST_SPECIMIN_EVAL_PERCENTAGE to $current_accuracy" - new_accuracy=$current_accuracy - update_needed=true + echo "::set-output name=update_needed::true" + echo "::set-output name=new_accuracy::$current_accuracy" else + echo "::set-output name=update_needed::false" echo "Current accuracy is less than or equal to the previous run accuracy. Failing the workflow." exit 1 - fi - echo "Current accuracy: $current_accuracy" - echo "Previous run accuracy: $previous_run_accuracy" - echo "::set-output name=update_needed::$update_needed" - echo "::set-output name=new_accuracy::$new_accuracy" - if $update_needed && [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then - repo_name="${{ github.repository }}" - api_url="https://api.github.com" - public_key_response=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" $api_url/repos/$repo_name/actions/secrets/public-key) - public_key=$(echo $public_key_response | jq -r .key) - key_id=$(echo $public_key_response | jq -r .key_id) - encrypted_value=$(echo -n "$new_accuracy" | openssl rsautl -encrypt -pubin -inkey <(echo "$public_key") | base64) - curl -s \ - -X PUT \ - -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ - -H "Content-Type: application/json" \ - "$api_url/repos/$repo_name/actions/secrets/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ - -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}" - fi + + - name: Update GitHub Action variable + if: steps.parse_and_handle_accuracy.outputs.update_needed == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main' + run: | + repo_name="${{ github.repository }}" + api_url="https://api.github.com" + public_key_response=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" $api_url/repos/$repo_name/actions/secrets/public-key) + public_key=$(echo $public_key_response | jq -r .key) + key_id=$(echo $public_key_response | jq -r .key_id) + encrypted_value=$(echo -n "${{ steps.parse_and_handle_accuracy.outputs.new_accuracy }}" | openssl rsautl -encrypt -pubin -inkey <(echo "$public_key") | base64) + curl -s \ + -X PUT \ + -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + -H "Content-Type: application/json" \ + "$api_url/repos/$repo_name/actions/secrets/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ + -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}" From efe8c163eaedc8f2aca005f07a85991332a80400 Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Wed, 7 Aug 2024 21:12:45 -0400 Subject: [PATCH 12/37] Update specimin_evaluation_CI.yml --- .github/workflows/specimin_evaluation_CI.yml | 33 +++++++++++++------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index 2c199076..cd0fb0a8 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -67,6 +67,11 @@ jobs: sed -i 's|^specimin.tool.path=.*|specimin.tool.path='$(pwd)'|' "$CONFIG_FILE" cat "$CONFIG_FILE" + # Fetch previous run accuracy + previous_run_accuracy=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + "https://api.github.com/repos/${{ github.repository }}/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ + | jq -r '.value') + - name: Make scripts executable run: chmod +x ashe_scripts/*.py @@ -81,26 +86,32 @@ jobs: - name: Parse and handle accuracy percentage id: parse_and_handle_accuracy run: | - current_accuracy=$(grep 'Fully successful from minimization to compilation' "$(pwd)/ASHE/logs/specimin_statistics.txt" | awk '{print $NF}') + # Extract and clean current accuracy + current_accuracy=$(grep 'Fully successful from minimization to compilation' "$(pwd)/ASHE/logs/specimin_statistics.txt" | awk '{print $NF}' | tr -d '()%') echo "Current accuracy: $current_accuracy" - + + # Fetch previous run accuracy previous_run_accuracy=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ - "https://api.github.com/repos/${{ github.repository }}/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ - | jq -r '.value') - - if [ -z "$previous_run_accuracy" ]; then - previous_run_accuracy=0 + "https://api.github.com/repos/${{ github.repository }}/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ + | jq -r '.value') + + # Handle null previous accuracy + if [ -z "$previous_run_accuracy" ] || [ "$previous_run_accuracy" == "null" ]; then + previous_run_accuracy=0 fi - echo "Previous run accuracy: $previous_run_accuracy" - - if (( $(echo "$current_accuracy > $previous_run_accuracy" | bc -l) )); then + echo "Previous run accuracy: $previous_run_accuracy" + + # Compare accuracies and set outputs + if (( $(echo "$current_accuracy > $previous_run_accuracy" | bc -l) )); then echo "::set-output name=update_needed::true" echo "::set-output name=new_accuracy::$current_accuracy" - else + else echo "::set-output name=update_needed::false" echo "Current accuracy is less than or equal to the previous run accuracy. Failing the workflow." exit 1 + fi + - name: Update GitHub Action variable if: steps.parse_and_handle_accuracy.outputs.update_needed == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main' run: | From cb2f40a6c21e79b62276754942b09957d58c41b6 Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Wed, 7 Aug 2024 21:14:36 -0400 Subject: [PATCH 13/37] Update specimin_evaluation_CI.yml --- .github/workflows/specimin_evaluation_CI.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index cd0fb0a8..7f54caff 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -71,6 +71,7 @@ jobs: previous_run_accuracy=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ "https://api.github.com/repos/${{ github.repository }}/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ | jq -r '.value') + echo "Previous run accuracy: $previous_run_accuracy" - name: Make scripts executable run: chmod +x ashe_scripts/*.py From 1303153a14aa734de009816b1fdddf691ada8909 Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Wed, 7 Aug 2024 21:19:30 -0400 Subject: [PATCH 14/37] Update specimin_evaluation_CI.yml --- .github/workflows/specimin_evaluation_CI.yml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index 7f54caff..a4012a59 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -35,6 +35,15 @@ jobs: python -m pip install --upgrade pip sudo apt-get update sudo apt-get install -y jq curl bc + # Fetch previous run accuracy + previous_run_accuracy=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + "https://api.github.com/repos/${{ github.repository }}/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ + | jq -r '.value') + if [ -z "$previous_run_accuracy" ] || [ "$previous_run_accuracy" == "null" ]; then + previous_run_accuracy=0 + fi + echo "Previous run accuracy: $previous_run_accuracy" + - name: Display CSV File Contents run: | @@ -67,12 +76,6 @@ jobs: sed -i 's|^specimin.tool.path=.*|specimin.tool.path='$(pwd)'|' "$CONFIG_FILE" cat "$CONFIG_FILE" - # Fetch previous run accuracy - previous_run_accuracy=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ - "https://api.github.com/repos/${{ github.repository }}/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ - | jq -r '.value') - echo "Previous run accuracy: $previous_run_accuracy" - - name: Make scripts executable run: chmod +x ashe_scripts/*.py From 94d90018a0fcc0b457c603433b474b12235452bb Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Wed, 7 Aug 2024 21:22:59 -0400 Subject: [PATCH 15/37] Update specimin_evaluation_CI.yml --- .github/workflows/specimin_evaluation_CI.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index a4012a59..0e43c98e 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -101,6 +101,9 @@ jobs: # Handle null previous accuracy if [ -z "$previous_run_accuracy" ] || [ "$previous_run_accuracy" == "null" ]; then + if [ "$previous_run_accuracy" == "null" ]; then + echo "Previous accuracy is null" + fi previous_run_accuracy=0 fi echo "Previous run accuracy: $previous_run_accuracy" From 9616334df4032ce41f04e57e1835561e1edd56ff Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Thu, 8 Aug 2024 00:53:42 -0400 Subject: [PATCH 16/37] Update specimin_evaluation_CI.yml --- .github/workflows/specimin_evaluation_CI.yml | 132 +++++++++---------- 1 file changed, 63 insertions(+), 69 deletions(-) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index 0e43c98e..e7600e89 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -19,39 +19,31 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 - - name: Set up environment + - name: Set up Python uses: actions/setup-python@v2 with: python-version: '3.8' - - name: Install Java JDK + - name: Set up Java JDK uses: actions/setup-java@v2 with: java-version: '21' distribution: 'adopt' + architecture: 'x64' + server-password: ${{ secrets.GITHUB_TOKEN }} + overwrite-settings: true + check-latest: false - name: Install dependencies run: | python -m pip install --upgrade pip - sudo apt-get update - sudo apt-get install -y jq curl bc - # Fetch previous run accuracy - previous_run_accuracy=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ - "https://api.github.com/repos/${{ github.repository }}/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ - | jq -r '.value') - if [ -z "$previous_run_accuracy" ] || [ "$previous_run_accuracy" == "null" ]; then - previous_run_accuracy=0 - fi - echo "Previous run accuracy: $previous_run_accuracy" - - name: Display CSV File Contents run: | - CSV_PATH="/home/runner/work/specimin/specimin/CI_repository_list.csv" - if [ -f "$CSV_PATH" ]; then - cat "$CSV_PATH" + if [ -f /home/runner/work/specimin/specimin/CI_repository_list.csv ]; then + cat /home/runner/work/specimin/specimin/CI_repository_list.csv else - echo "File $CSV_PATH does not exist" + echo "File /home/runner/work/specimin/specimin/CI_repository_list.csv does not exist" exit 1 fi @@ -62,75 +54,77 @@ jobs: git clone https://github.com/njit-jerse/ASHE_Automated-Software-Hardening-for-Entrypoints ASHE ./git-clone-related njit-jerse ASHE_Automated-Software-Hardening-for-Entrypoints ASHE - - name: Configure ASHE Project + - name: Verify and Rename example.properties run: | - CONFIG_FILE="ASHE/src/main/resources/config.properties" if [ -f ASHE/src/main/resources/example.properties ]; then - mv ASHE/src/main/resources/example.properties "$CONFIG_FILE" + mv ASHE/src/main/resources/example.properties ASHE/src/main/resources/config.properties echo "config.properties created" else echo "example.properties not found" exit 1 fi - chmod +w "$CONFIG_FILE" - sed -i 's|^specimin.tool.path=.*|specimin.tool.path='$(pwd)'|' "$CONFIG_FILE" - cat "$CONFIG_FILE" + + - name: Update ASHE Config File + run: | + chmod +w ASHE/src/main/resources/config.properties + sed -i 's|^specimin.tool.path=.*|specimin.tool.path='$(pwd)'|' ASHE/src/main/resources/config.properties + cat ASHE/src/main/resources/config.properties - name: Make scripts executable - run: chmod +x ashe_scripts/*.py + run: | + chmod +x ashe_scripts/*.py - name: Run ASHE script run: | python3 ashe_scripts/run_ashe_for_stats.py \ - "$(pwd)/ASHE" \ - "$(pwd)/CI_repository_list.csv" \ - "$(pwd)/ASHE/CI_REPO_CLONE_SPACE" \ - "$(pwd)/ASHE/src/main/resources/config.properties" + $(pwd)/ASHE \ + $(pwd)/CI_repository_list.csv \ + $(pwd)/ASHE/CI_REPO_CLONE_SPACE \ + $(pwd)/ASHE/src/main/resources/config.properties + + - name: Parse accuracy percentage + id: parse_accuracy_percentage + run: | + grep 'Fully successful from minimization to compilation' $(pwd)/ASHE/logs/specimin_statistics.txt | awk '{print $NF}' > current_run_accuracy_percentage.txt + cat current_run_accuracy_percentage.txt - - name: Parse and handle accuracy percentage - id: parse_and_handle_accuracy + - name: Read, update, and set Evaluation Accuracy Variable + id: read_update_set_variable run: | - # Extract and clean current accuracy - current_accuracy=$(grep 'Fully successful from minimization to compilation' "$(pwd)/ASHE/logs/specimin_statistics.txt" | awk '{print $NF}' | tr -d '()%') + sudo apt-get update + sudo apt-get install -y jq curl + current_accuracy=$(cat current_run_accuracy_percentage.txt) echo "Current accuracy: $current_accuracy" - - # Fetch previous run accuracy previous_run_accuracy=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ - "https://api.github.com/repos/${{ github.repository }}/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ - | jq -r '.value') - - # Handle null previous accuracy - if [ -z "$previous_run_accuracy" ] || [ "$previous_run_accuracy" == "null" ]; then - if [ "$previous_run_accuracy" == "null" ]; then - echo "Previous accuracy is null" - fi - previous_run_accuracy=0 + "https://api.github.com/repos/${{ github.repository }}/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ + | jq -r '.value') + if [ -z "$previous_run_accuracy" ]; then + previous_run_accuracy=0 fi - echo "Previous run accuracy: $previous_run_accuracy" - - # Compare accuracies and set outputs - if (( $(echo "$current_accuracy > $previous_run_accuracy" | bc -l) )); then - echo "::set-output name=update_needed::true" - echo "::set-output name=new_accuracy::$current_accuracy" - else - echo "::set-output name=update_needed::false" + echo "Previous run accuracy: $previous_run_accuracy" + if (( $(echo "$current_accuracy > $previous_run_accuracy" | bc -l) )); then + echo "Updating LATEST_SPECIMIN_EVAL_PERCENTAGE to $current_accuracy" + new_accuracy=$current_accuracy + update_needed=true + else echo "Current accuracy is less than or equal to the previous run accuracy. Failing the workflow." exit 1 - fi - - - - name: Update GitHub Action variable - if: steps.parse_and_handle_accuracy.outputs.update_needed == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main' - run: | - repo_name="${{ github.repository }}" - api_url="https://api.github.com" - public_key_response=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" $api_url/repos/$repo_name/actions/secrets/public-key) - public_key=$(echo $public_key_response | jq -r .key) - key_id=$(echo $public_key_response | jq -r .key_id) - encrypted_value=$(echo -n "${{ steps.parse_and_handle_accuracy.outputs.new_accuracy }}" | openssl rsautl -encrypt -pubin -inkey <(echo "$public_key") | base64) - curl -s \ - -X PUT \ - -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ - -H "Content-Type: application/json" \ - "$api_url/repos/$repo_name/actions/secrets/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ - -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}" + fi + echo "Current accuracy: $current_accuracy" + echo "Previous run accuracy: $previous_run_accuracy" + echo "::set-output name=update_needed::$update_needed" + echo "::set-output name=new_accuracy::$new_accuracy" + if $update_needed && [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then + repo_name="${{ github.repository }}" + api_url="https://api.github.com" + public_key_response=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" $api_url/repos/$repo_name/actions/secrets/public-key) + public_key=$(echo $public_key_response | jq -r .key) + key_id=$(echo $public_key_response | jq -r .key_id) + encrypted_value=$(echo -n "$new_accuracy" | openssl rsautl -encrypt -pubin -inkey <(echo "$public_key") | base64) + curl -s \ + -X PUT \ + -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + -H "Content-Type: application/json" \ + "$api_url/repos/$repo_name/actions/secrets/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ + -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}" + fi From 4c49b73bb354b97f83a02d62cf8daa81be2414c8 Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Thu, 8 Aug 2024 01:18:36 -0400 Subject: [PATCH 17/37] Update specimin_evaluation_CI.yml --- .github/workflows/specimin_evaluation_CI.yml | 67 ++++++++------------ 1 file changed, 28 insertions(+), 39 deletions(-) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index e7600e89..9003d835 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -19,31 +19,28 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 - - name: Set up Python + - name: Set up environment uses: actions/setup-python@v2 with: python-version: '3.8' - - - name: Set up Java JDK - uses: actions/setup-java@v2 + - uses: actions/setup-java@v2 with: java-version: '21' distribution: 'adopt' - architecture: 'x64' - server-password: ${{ secrets.GITHUB_TOKEN }} - overwrite-settings: true - check-latest: false - name: Install dependencies run: | python -m pip install --upgrade pip + sudo apt-get update + sudo apt-get install -y jq curl bc - name: Display CSV File Contents run: | - if [ -f /home/runner/work/specimin/specimin/CI_repository_list.csv ]; then - cat /home/runner/work/specimin/specimin/CI_repository_list.csv + CSV_PATH="/home/runner/work/specimin/specimin/CI_repository_list.csv" + if [ -f "$CSV_PATH" ]; then + cat "$CSV_PATH" else - echo "File /home/runner/work/specimin/specimin/CI_repository_list.csv does not exist" + echo "File $CSV_PATH does not exist" exit 1 fi @@ -51,51 +48,45 @@ jobs: run: | curl -L -o git-clone-related https://raw.githubusercontent.com/plume-lib/git-scripts/main/git-clone-related chmod +x git-clone-related - git clone https://github.com/njit-jerse/ASHE_Automated-Software-Hardening-for-Entrypoints ASHE ./git-clone-related njit-jerse ASHE_Automated-Software-Hardening-for-Entrypoints ASHE - - name: Verify and Rename example.properties + - name: Configure ASHE Project run: | + CONFIG_FILE="ASHE/src/main/resources/config.properties" if [ -f ASHE/src/main/resources/example.properties ]; then - mv ASHE/src/main/resources/example.properties ASHE/src/main/resources/config.properties + mv ASHE/src/main/resources/example.properties "$CONFIG_FILE" echo "config.properties created" else echo "example.properties not found" exit 1 fi - - - name: Update ASHE Config File - run: | - chmod +w ASHE/src/main/resources/config.properties - sed -i 's|^specimin.tool.path=.*|specimin.tool.path='$(pwd)'|' ASHE/src/main/resources/config.properties - cat ASHE/src/main/resources/config.properties + chmod +w "$CONFIG_FILE" + sed -i 's|^specimin.tool.path=.*|specimin.tool.path='$(pwd)'|' "$CONFIG_FILE" + cat "$CONFIG_FILE" - name: Make scripts executable - run: | - chmod +x ashe_scripts/*.py + run: chmod +x ashe_scripts/*.py - name: Run ASHE script run: | python3 ashe_scripts/run_ashe_for_stats.py \ - $(pwd)/ASHE \ - $(pwd)/CI_repository_list.csv \ - $(pwd)/ASHE/CI_REPO_CLONE_SPACE \ - $(pwd)/ASHE/src/main/resources/config.properties + "$(pwd)/ASHE" \ + "$(pwd)/CI_repository_list.csv" \ + "$(pwd)/ASHE/CI_REPO_CLONE_SPACE" \ + "$(pwd)/ASHE/src/main/resources/config.properties" - name: Parse accuracy percentage id: parse_accuracy_percentage run: | - grep 'Fully successful from minimization to compilation' $(pwd)/ASHE/logs/specimin_statistics.txt | awk '{print $NF}' > current_run_accuracy_percentage.txt - cat current_run_accuracy_percentage.txt + current_accuracy=$(grep 'Fully successful from minimization to compilation' "$(pwd)/ASHE/logs/specimin_statistics.txt" | awk '{print $NF}') + echo "Current accuracy: $current_accuracy" + echo "::set-output name=current_accuracy::$current_accuracy" - name: Read, update, and set Evaluation Accuracy Variable id: read_update_set_variable run: | - sudo apt-get update - sudo apt-get install -y jq curl - current_accuracy=$(cat current_run_accuracy_percentage.txt) - echo "Current accuracy: $current_accuracy" - previous_run_accuracy=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + current_accuracy="${{ steps.parse_accuracy_percentage.outputs.current_accuracy }}" + previous_run_accuracy=$(curl -s -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" \ "https://api.github.com/repos/${{ github.repository }}/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ | jq -r '.value') if [ -z "$previous_run_accuracy" ]; then @@ -110,21 +101,19 @@ jobs: echo "Current accuracy is less than or equal to the previous run accuracy. Failing the workflow." exit 1 fi - echo "Current accuracy: $current_accuracy" - echo "Previous run accuracy: $previous_run_accuracy" echo "::set-output name=update_needed::$update_needed" echo "::set-output name=new_accuracy::$new_accuracy" if $update_needed && [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then repo_name="${{ github.repository }}" api_url="https://api.github.com" - public_key_response=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" $api_url/repos/$repo_name/actions/secrets/public-key) + public_key_response=$(curl -s -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" $api_url/repos/$repo_name/actions/variables/public-key) public_key=$(echo $public_key_response | jq -r .key) key_id=$(echo $public_key_response | jq -r .key_id) - encrypted_value=$(echo -n "$new_accuracy" | openssl rsautl -encrypt -pubin -inkey <(echo "$public_key") | base64) + encrypted_value=$(echo -n "$new_accuracy" | openssl pkeyutl -encrypt -pubin -inkey <(echo "$public_key") | base64) curl -s \ -X PUT \ - -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" \ -H "Content-Type: application/json" \ - "$api_url/repos/$repo_name/actions/secrets/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ + "$api_url/repos/$repo_name/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}" fi From 09ddb9011942d4ddc0d01163e8b8c468082018d8 Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Thu, 8 Aug 2024 01:34:16 -0400 Subject: [PATCH 18/37] Update specimin_evaluation_CI.yml --- .github/workflows/specimin_evaluation_CI.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index 9003d835..8869d364 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -52,9 +52,11 @@ jobs: - name: Configure ASHE Project run: | + set -ex CONFIG_FILE="ASHE/src/main/resources/config.properties" - if [ -f ASHE/src/main/resources/example.properties ]; then - mv ASHE/src/main/resources/example.properties "$CONFIG_FILE" + EXAMPLE_FILE="ASHE/src/main/resources/example.properties" + if [ -f "$EXAMPLE_FILE" ]; then + mv "$EXAMPLE_FILE" "$CONFIG_FILE" echo "config.properties created" else echo "example.properties not found" From 166a5dc665b4dd53ee47b43fb819287861d25dbb Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Thu, 8 Aug 2024 01:48:46 -0400 Subject: [PATCH 19/37] Update specimin_evaluation_CI.yml --- .github/workflows/specimin_evaluation_CI.yml | 127 +++++++++++++------ 1 file changed, 89 insertions(+), 38 deletions(-) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index 8869d364..fd4ee0c1 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -1,4 +1,4 @@ -name: specimin_evaluation_CI +name: specimin_evaluation_CI on: push: @@ -13,12 +13,14 @@ jobs: runs-on: ubuntu-latest steps: + - name: Checkout repository uses: actions/checkout@v2 with: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 + - name: Set up environment uses: actions/setup-python@v2 with: @@ -34,6 +36,14 @@ jobs: sudo apt-get update sudo apt-get install -y jq curl bc + previous_run_accuracy=$(curl -s -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" \ + "https://api.github.com/repos/${{ github.repository }}/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ + | jq -r '.value') + if [ -z "$previous_run_accuracy" ]; then + previous_run_accuracy=0 + fi + echo "Previous run accuracy: $previous_run_accuracy" + - name: Display CSV File Contents run: | CSV_PATH="/home/runner/work/specimin/specimin/CI_repository_list.csv" @@ -44,46 +54,87 @@ jobs: exit 1 fi + + - name: Download git-clone-related script + run: | + set -ex + curl -L -o git-clone-related https://raw.githubusercontent.com/plume-lib/git-scripts/main/git-clone-related + chmod +x git-clone-related + - name: Download and clone ASHE Project run: | curl -L -o git-clone-related https://raw.githubusercontent.com/plume-lib/git-scripts/main/git-clone-related chmod +x git-clone-related ./git-clone-related njit-jerse ASHE_Automated-Software-Hardening-for-Entrypoints ASHE + + - name: Verify example.properties exists + run: | + set -ex + if [ -f ASHE/src/main/resources/example.properties ]; then + echo "example.properties found" + else + echo "example.properties not found" + exit 1 + fi - - name: Configure ASHE Project + - name: Rename example.properties to config.properties file run: | set -ex - CONFIG_FILE="ASHE/src/main/resources/config.properties" - EXAMPLE_FILE="ASHE/src/main/resources/example.properties" - if [ -f "$EXAMPLE_FILE" ]; then - mv "$EXAMPLE_FILE" "$CONFIG_FILE" + mv ASHE/src/main/resources/example.properties ASHE/src/main/resources/config.properties + if [ -f ASHE/src/main/resources/config.properties ]; then echo "config.properties created" else - echo "example.properties not found" + echo "config.properties not created" exit 1 fi - chmod +w "$CONFIG_FILE" - sed -i 's|^specimin.tool.path=.*|specimin.tool.path='$(pwd)'|' "$CONFIG_FILE" - cat "$CONFIG_FILE" - - name: Make scripts executable - run: chmod +x ashe_scripts/*.py + - name: Give write permissions to config.properties + run: | + set -ex + chmod +w ASHE/src/main/resources/config.properties + ls -l ASHE/src/main/resources/config.properties - - name: Run ASHE script + - name: Update ASHE Config File to update SPECIMIN path run: | - python3 ashe_scripts/run_ashe_for_stats.py \ - "$(pwd)/ASHE" \ - "$(pwd)/CI_repository_list.csv" \ - "$(pwd)/ASHE/CI_REPO_CLONE_SPACE" \ - "$(pwd)/ASHE/src/main/resources/config.properties" + set -ex + chmod +w ASHE/src/main/resources/config.properties + # Update the specimin.tool.path key with the new value + sed -i 's|^specimin.tool.path=.*|specimin.tool.path='$(pwd)'|' ASHE/src/main/resources/config.properties + # Display the updated config.properties file for verification + cat ASHE/src/main/resources/config.properties + + - name: Display updated config.properties + run: | + set -ex + cat ASHE/src/main/resources/config.properties + + - name: Make all scripts under ashe_scripts executable + run: | + set -ex + chmod +x ashe_scripts/*.py + + - name: List Files in ashe_scripts for Debugging + run: | + set -ex + ls -l ashe_scripts + - name: Run the script + run: | + set -ex + python3 ashe_scripts/run_ashe_for_stats.py \ + $(pwd)/ASHE \ + $(pwd)/CI_repository_list.csv \ + $(pwd)/ASHE/CI_REPO_CLONE_SPACE \ + $(pwd)/ASHE/src/main/resources/config.properties + - name: Parse accuracy percentage id: parse_accuracy_percentage run: | current_accuracy=$(grep 'Fully successful from minimization to compilation' "$(pwd)/ASHE/logs/specimin_statistics.txt" | awk '{print $NF}') echo "Current accuracy: $current_accuracy" echo "::set-output name=current_accuracy::$current_accuracy" - + + - name: Read, update, and set Evaluation Accuracy Variable id: read_update_set_variable run: | @@ -97,25 +148,25 @@ jobs: echo "Previous run accuracy: $previous_run_accuracy" if (( $(echo "$current_accuracy > $previous_run_accuracy" | bc -l) )); then echo "Updating LATEST_SPECIMIN_EVAL_PERCENTAGE to $current_accuracy" - new_accuracy=$current_accuracy - update_needed=true + echo "::set-output name=update_needed::true" + echo "::set-output name=new_accuracy::$current_accuracy" else echo "Current accuracy is less than or equal to the previous run accuracy. Failing the workflow." exit 1 - fi - echo "::set-output name=update_needed::$update_needed" - echo "::set-output name=new_accuracy::$new_accuracy" - if $update_needed && [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then - repo_name="${{ github.repository }}" - api_url="https://api.github.com" - public_key_response=$(curl -s -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" $api_url/repos/$repo_name/actions/variables/public-key) - public_key=$(echo $public_key_response | jq -r .key) - key_id=$(echo $public_key_response | jq -r .key_id) - encrypted_value=$(echo -n "$new_accuracy" | openssl pkeyutl -encrypt -pubin -inkey <(echo "$public_key") | base64) - curl -s \ - -X PUT \ - -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" \ - -H "Content-Type: application/json" \ - "$api_url/repos/$repo_name/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ - -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}" - fi + + - name: Update GitHub Variable + if: ${{ steps.read_update_set_variable.outputs.update_needed == 'true' }} && github.event_name == 'push' && github.ref == 'refs/heads/main' + run: | + repo_name="${{ github.repository }}" + api_url="https://api.github.com" + new_accuracy="${{ steps.read_update_set_variable.outputs.new_accuracy }}" + public_key_response=$(curl -s -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" $api_url/repos/$repo_name/actions/variables/public-key) + public_key=$(echo $public_key_response | jq -r .key) + key_id=$(echo $public_key_response | jq -r .key_id) + encrypted_value=$(echo -n "$new_accuracy" | openssl pkeyutl -encrypt -pubin -inkey <(echo "$public_key") | base64) + curl -s \ + -X PUT \ + -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" \ + -H "Content-Type: application/json" \ + "$api_url/repos/$repo_name/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ + -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}" From 18434a17547abb66f852b256f35dee340969548e Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Thu, 8 Aug 2024 01:56:41 -0400 Subject: [PATCH 20/37] Update specimin_evaluation_CI.yml --- .github/workflows/specimin_evaluation_CI.yml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index fd4ee0c1..a7472e85 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -55,16 +55,19 @@ jobs: fi - - name: Download git-clone-related script - run: | - set -ex - curl -L -o git-clone-related https://raw.githubusercontent.com/plume-lib/git-scripts/main/git-clone-related - chmod +x git-clone-related - - - name: Download and clone ASHE Project + - name: Download and prepare git-clone-related script run: | curl -L -o git-clone-related https://raw.githubusercontent.com/plume-lib/git-scripts/main/git-clone-related chmod +x git-clone-related + + - name: Download and prepare additional scripts + run: | + curl -L -o git-find-fork https://raw.githubusercontent.com/plume-lib/git-scripts/main/git-find-fork + curl -L -o git-find-branch https://raw.githubusercontent.com/plume-lib/git-scripts/main/git-find-branch + chmod +x git-find-fork git-find-branch + + - name: Clone ASHE Project using git-clone-related + run: | ./git-clone-related njit-jerse ASHE_Automated-Software-Hardening-for-Entrypoints ASHE - name: Verify example.properties exists From 3f9bbf79b79858d4d229b2a43a09b400198b2d94 Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Thu, 8 Aug 2024 02:00:39 -0400 Subject: [PATCH 21/37] Update specimin_evaluation_CI.yml --- .github/workflows/specimin_evaluation_CI.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index a7472e85..141587ab 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -70,6 +70,16 @@ jobs: run: | ./git-clone-related njit-jerse ASHE_Automated-Software-Hardening-for-Entrypoints ASHE + - name: List Files in ASHE Directory + run: | + set -ex + ls -l ASHE + + - name: List Files in ASHE/src/main/resources + run: | + set -ex + ls -l ASHE/src/main/resources + - name: Verify example.properties exists run: | set -ex From 1289ec5a5f0526311fe0b963320ca2ee79bc1524 Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Thu, 8 Aug 2024 02:43:19 -0400 Subject: [PATCH 22/37] Update specimin_evaluation_CI.yml --- .github/workflows/specimin_evaluation_CI.yml | 85 +++++++------------- 1 file changed, 30 insertions(+), 55 deletions(-) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index 141587ab..4874fadb 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -1,4 +1,4 @@ -name: specimin_evaluation_CI +name: specimin_evaluation_CI on: push: @@ -13,14 +13,12 @@ jobs: runs-on: ubuntu-latest steps: - - name: Checkout repository uses: actions/checkout@v2 with: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 - - name: Set up environment uses: actions/setup-python@v2 with: @@ -54,72 +52,46 @@ jobs: exit 1 fi - - - name: Download and prepare git-clone-related script + - name: Download, prepare, and clone ASHE Project using git-clone-related run: | curl -L -o git-clone-related https://raw.githubusercontent.com/plume-lib/git-scripts/main/git-clone-related chmod +x git-clone-related - - - name: Download and prepare additional scripts - run: | - curl -L -o git-find-fork https://raw.githubusercontent.com/plume-lib/git-scripts/main/git-find-fork - curl -L -o git-find-branch https://raw.githubusercontent.com/plume-lib/git-scripts/main/git-find-branch - chmod +x git-find-fork git-find-branch - - - name: Clone ASHE Project using git-clone-related - run: | ./git-clone-related njit-jerse ASHE_Automated-Software-Hardening-for-Entrypoints ASHE - + - name: List Files in ASHE Directory run: | set -ex ls -l ASHE - - name: List Files in ASHE/src/main/resources + - name: Check and Rename Properties File run: | set -ex - ls -l ASHE/src/main/resources - - - name: Verify example.properties exists - run: | - set -ex - if [ -f ASHE/src/main/resources/example.properties ]; then - echo "example.properties found" - else - echo "example.properties not found" - exit 1 - fi - - - name: Rename example.properties to config.properties file - run: | - set -ex - mv ASHE/src/main/resources/example.properties ASHE/src/main/resources/config.properties - if [ -f ASHE/src/main/resources/config.properties ]; then - echo "config.properties created" - else - echo "config.properties not created" + CONFIG_PATH="ASHE/src/main/resources/config.properties" + EXAMPLE_PATH="ASHE/src/main/resources/example.properties" + + if [ -f "$CONFIG_PATH" ]; then + echo "config.properties already exists" + elif [ -f "$EXAMPLE_PATH" ]; then + echo "example.properties found, renaming to config.properties" + mv "$EXAMPLE_PATH" "$CONFIG_PATH" + if [ -f "$CONFIG_PATH" ]; then + echo "config.properties created successfully" + else + echo "Failed to create config.properties" + exit 1 + fi + else + echo "Neither config.properties nor example.properties found" exit 1 fi - - name: Give write permissions to config.properties - run: | - set -ex - chmod +w ASHE/src/main/resources/config.properties - ls -l ASHE/src/main/resources/config.properties + chmod +w "$CONFIG_PATH" + ls -l "$CONFIG_PATH" - name: Update ASHE Config File to update SPECIMIN path run: | set -ex - chmod +w ASHE/src/main/resources/config.properties - # Update the specimin.tool.path key with the new value sed -i 's|^specimin.tool.path=.*|specimin.tool.path='$(pwd)'|' ASHE/src/main/resources/config.properties - # Display the updated config.properties file for verification - cat ASHE/src/main/resources/config.properties - - - name: Display updated config.properties - run: | - set -ex - cat ASHE/src/main/resources/config.properties - name: Make all scripts under ashe_scripts executable run: | @@ -139,15 +111,14 @@ jobs: $(pwd)/CI_repository_list.csv \ $(pwd)/ASHE/CI_REPO_CLONE_SPACE \ $(pwd)/ASHE/src/main/resources/config.properties - + - name: Parse accuracy percentage id: parse_accuracy_percentage run: | current_accuracy=$(grep 'Fully successful from minimization to compilation' "$(pwd)/ASHE/logs/specimin_statistics.txt" | awk '{print $NF}') echo "Current accuracy: $current_accuracy" echo "::set-output name=current_accuracy::$current_accuracy" - - + - name: Read, update, and set Evaluation Accuracy Variable id: read_update_set_variable run: | @@ -159,12 +130,16 @@ jobs: previous_run_accuracy=0 fi echo "Previous run accuracy: $previous_run_accuracy" + if (( $(echo "$current_accuracy > $previous_run_accuracy" | bc -l) )); then - echo "Updating LATEST_SPECIMIN_EVAL_PERCENTAGE to $current_accuracy" + echo "Updating variable since current accuracy > previous run accuracy." echo "::set-output name=update_needed::true" echo "::set-output name=new_accuracy::$current_accuracy" + elif (( $(echo "$current_accuracy == $previous_run_accuracy" | bc -l) )); then + echo "No change in accuracy." + echo "::set-output name=update_needed::false" else - echo "Current accuracy is less than or equal to the previous run accuracy. Failing the workflow." + echo "Current accuracy is less than previous run accuracy." exit 1 - name: Update GitHub Variable From 45293d5090863b5cbb4e0023bdc1943a75400f2b Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Thu, 8 Aug 2024 02:47:37 -0400 Subject: [PATCH 23/37] Update specimin_evaluation_CI.yml --- .github/workflows/specimin_evaluation_CI.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index 4874fadb..004f2071 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -52,10 +52,15 @@ jobs: exit 1 fi - - name: Download, prepare, and clone ASHE Project using git-clone-related + - name: Download git-clone-related and dependencies run: | curl -L -o git-clone-related https://raw.githubusercontent.com/plume-lib/git-scripts/main/git-clone-related - chmod +x git-clone-related + curl -L -o git-find-fork https://raw.githubusercontent.com/plume-lib/git-scripts/main/git-find-fork + curl -L -o git-find-branch https://raw.githubusercontent.com/plume-lib/git-scripts/main/git-find-branch + chmod +x git-clone-related git-find-fork git-find-branch + + - name: Clone ASHE Project using git-clone-related + run: | ./git-clone-related njit-jerse ASHE_Automated-Software-Hardening-for-Entrypoints ASHE - name: List Files in ASHE Directory From 8103454420aa7d31ff617cdaf7562181b4fcf523 Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Thu, 8 Aug 2024 07:39:55 -0400 Subject: [PATCH 24/37] Update specimin_evaluation_CI.yml --- .github/workflows/specimin_evaluation_CI.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index 004f2071..b7a6aa84 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -38,7 +38,7 @@ jobs: "https://api.github.com/repos/${{ github.repository }}/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ | jq -r '.value') if [ -z "$previous_run_accuracy" ]; then - previous_run_accuracy=0 + previous_run_accuracy="0%" fi echo "Previous run accuracy: $previous_run_accuracy" @@ -120,7 +120,7 @@ jobs: - name: Parse accuracy percentage id: parse_accuracy_percentage run: | - current_accuracy=$(grep 'Fully successful from minimization to compilation' "$(pwd)/ASHE/logs/specimin_statistics.txt" | awk '{print $NF}') + current_accuracy=$(grep 'Fully successful from minimization to compilation' "$(pwd)/ASHE/logs/specimin_statistics.txt" | awk '{print $NF}' | tr -d '()%') echo "Current accuracy: $current_accuracy" echo "::set-output name=current_accuracy::$current_accuracy" @@ -130,7 +130,7 @@ jobs: current_accuracy="${{ steps.parse_accuracy_percentage.outputs.current_accuracy }}" previous_run_accuracy=$(curl -s -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" \ "https://api.github.com/repos/${{ github.repository }}/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ - | jq -r '.value') + | jq -r '.value' | tr -d '()%') if [ -z "$previous_run_accuracy" ]; then previous_run_accuracy=0 fi From 366b42d2adcdc03deb081b869ce431bb70fec844 Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Thu, 8 Aug 2024 09:06:39 -0400 Subject: [PATCH 25/37] Update specimin_evaluation_CI.yml --- .github/workflows/specimin_evaluation_CI.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index b7a6aa84..14e9f64c 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -146,6 +146,7 @@ jobs: else echo "Current accuracy is less than previous run accuracy." exit 1 + fi - name: Update GitHub Variable if: ${{ steps.read_update_set_variable.outputs.update_needed == 'true' }} && github.event_name == 'push' && github.ref == 'refs/heads/main' From 6d418f8599c5538925e54436b4e549ed56ec1baf Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Thu, 8 Aug 2024 10:35:20 -0400 Subject: [PATCH 26/37] Update specimin_evaluation_CI.yml --- .github/workflows/specimin_evaluation_CI.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index 14e9f64c..5e8ed299 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -34,14 +34,6 @@ jobs: sudo apt-get update sudo apt-get install -y jq curl bc - previous_run_accuracy=$(curl -s -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" \ - "https://api.github.com/repos/${{ github.repository }}/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ - | jq -r '.value') - if [ -z "$previous_run_accuracy" ]; then - previous_run_accuracy="0%" - fi - echo "Previous run accuracy: $previous_run_accuracy" - - name: Display CSV File Contents run: | CSV_PATH="/home/runner/work/specimin/specimin/CI_repository_list.csv" From 0bbd29c73c24fc24196bfba44175e512b6cb9cfc Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Thu, 8 Aug 2024 11:27:13 -0400 Subject: [PATCH 27/37] Update specimin_evaluation_CI.yml --- .github/workflows/specimin_evaluation_CI.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index 5e8ed299..47165508 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -55,11 +55,6 @@ jobs: run: | ./git-clone-related njit-jerse ASHE_Automated-Software-Hardening-for-Entrypoints ASHE - - name: List Files in ASHE Directory - run: | - set -ex - ls -l ASHE - - name: Check and Rename Properties File run: | set -ex From 51f6462ccdce604f241bc6a1ba434a752dc9b5ae Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Thu, 8 Aug 2024 12:17:39 -0400 Subject: [PATCH 28/37] Create update-variable.yml --- .github/workflows/update-variable.yml | 57 +++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 .github/workflows/update-variable.yml diff --git a/.github/workflows/update-variable.yml b/.github/workflows/update-variable.yml new file mode 100644 index 00000000..ebd10bf0 --- /dev/null +++ b/.github/workflows/update-variable.yml @@ -0,0 +1,57 @@ +name: Update Specimin Evaluation Variable + +on: [workflow_dispatch] # Allows manual triggering of the workflow + +jobs: + update-variable: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Set up environment + uses: actions/setup-python@v2 + with: + python-version: '3.8' + + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install -y jq curl openssl + + - name: Fetch Public Key + id: fetch_public_key + run: | + repo_name="${{ github.repository }}" + api_url="https://api.github.com" + public_key_response=$(curl -s -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" $api_url/repos/$repo_name/actions/variables/public-key) + echo "Public key response: $public_key_response" + echo "Public key: $(echo $public_key_response | jq -r .key)" + echo "Key ID: $(echo $public_key_response | jq -r .key_id)" + echo "::set-output name=public_key::$(echo $public_key_response | jq -r .key)" + echo "::set-output name=key_id::$(echo $public_key_response | jq -r .key_id)" + + - name: Encrypt New Accuracy Value + id: encrypt_value + run: | + public_key="${{ steps.fetch_public_key.outputs.public_key }}" + key_id="${{ steps.fetch_public_key.outputs.key_id }}" + new_accuracy="88.61" # Replace with your actual value + encrypted_value=$(echo -n "$new_accuracy" | openssl pkeyutl -encrypt -pubin -inkey <(echo "$public_key") | base64) + echo "Encrypted value: $encrypted_value" + echo "::set-output name=encrypted_value::$encrypted_value" + echo "::set-output name=key_id::$key_id" + + - name: Update Variable + run: | + repo_name="${{ github.repository }}" + api_url="https://api.github.com" + encrypted_value="${{ steps.encrypt_value.outputs.encrypted_value }}" + key_id="${{ steps.encrypt_value.outputs.key_id }}" + curl -s -X PUT \ + -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" \ + -H "Content-Type: application/json" \ + "$api_url/repos/$repo_name/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ + -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}" + echo "Variable updated successfully." From a20da024a41f6fc51be059c9e7f67ec2fbaf86ed Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Thu, 8 Aug 2024 12:20:54 -0400 Subject: [PATCH 29/37] Update update-variable.yml --- .github/workflows/update-variable.yml | 57 ++++++++++++++------------- 1 file changed, 29 insertions(+), 28 deletions(-) diff --git a/.github/workflows/update-variable.yml b/.github/workflows/update-variable.yml index ebd10bf0..d6f7cec9 100644 --- a/.github/workflows/update-variable.yml +++ b/.github/workflows/update-variable.yml @@ -1,57 +1,58 @@ -name: Update Specimin Evaluation Variable +name: Update Specimin Evaluation Accuracy Variable -on: [workflow_dispatch] # Allows manual triggering of the workflow +on: + workflow_dispatch: + inputs: + new_value: + description: 'The new accuracy value to set for the variable' + required: true + default: '88.61' jobs: - update-variable: + update_variable: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v2 - - name: Set up environment - uses: actions/setup-python@v2 - with: - python-version: '3.8' - - - name: Install dependencies - run: | - sudo apt-get update - sudo apt-get install -y jq curl openssl - - name: Fetch Public Key id: fetch_public_key run: | - repo_name="${{ github.repository }}" + repo_name="NiharikaJamble/specimin" api_url="https://api.github.com" - public_key_response=$(curl -s -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" $api_url/repos/$repo_name/actions/variables/public-key) + token="${{ secrets.UPDATE_VARIABLE_TOKEN }}" + public_key_response=$(curl -s -H "Authorization: token $token" "$api_url/repos/$repo_name/actions/variables/public-key") echo "Public key response: $public_key_response" echo "Public key: $(echo $public_key_response | jq -r .key)" echo "Key ID: $(echo $public_key_response | jq -r .key_id)" echo "::set-output name=public_key::$(echo $public_key_response | jq -r .key)" echo "::set-output name=key_id::$(echo $public_key_response | jq -r .key_id)" - - - name: Encrypt New Accuracy Value + + - name: Encrypt New Value id: encrypt_value run: | + new_value="${{ github.event.inputs.new_value }}" public_key="${{ steps.fetch_public_key.outputs.public_key }}" key_id="${{ steps.fetch_public_key.outputs.key_id }}" - new_accuracy="88.61" # Replace with your actual value - encrypted_value=$(echo -n "$new_accuracy" | openssl pkeyutl -encrypt -pubin -inkey <(echo "$public_key") | base64) - echo "Encrypted value: $encrypted_value" + encrypted_value=$(echo -n "$new_value" | openssl pkeyutl -encrypt -pubin -inkey <(echo "$public_key") | base64) echo "::set-output name=encrypted_value::$encrypted_value" - echo "::set-output name=key_id::$key_id" - + - name: Update Variable run: | - repo_name="${{ github.repository }}" + repo_name="NiharikaJamble/specimin" api_url="https://api.github.com" + token="${{ secrets.UPDATE_VARIABLE_TOKEN }}" encrypted_value="${{ steps.encrypt_value.outputs.encrypted_value }}" - key_id="${{ steps.encrypt_value.outputs.key_id }}" - curl -s -X PUT \ - -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" \ + key_id="${{ steps.fetch_public_key.outputs.key_id }}" + update_response=$(curl -s -X PUT \ + -H "Authorization: token $token" \ -H "Content-Type: application/json" \ "$api_url/repos/$repo_name/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ - -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}" - echo "Variable updated successfully." + -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}") + echo "Update response: $update_response" + if echo "$update_response" | jq -e '.message' > /dev/null; then + echo "Error updating variable: $(echo $update_response | jq -r '.message')" + exit 1 + fi + echo "Variable updated successfully!" From fab54ebdfd50cd90aeb6bfddc775cddc5cff43ad Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Thu, 8 Aug 2024 12:31:20 -0400 Subject: [PATCH 30/37] Update update-variable.yml --- .github/workflows/update-variable.yml | 44 ++++++++++++++------------- 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/.github/workflows/update-variable.yml b/.github/workflows/update-variable.yml index d6f7cec9..d6fcf799 100644 --- a/.github/workflows/update-variable.yml +++ b/.github/workflows/update-variable.yml @@ -1,58 +1,60 @@ -name: Update Specimin Evaluation Accuracy Variable +name: Update LATEST_SPECIMIN_EVAL_PERCENTAGE Variable on: workflow_dispatch: - inputs: - new_value: - description: 'The new accuracy value to set for the variable' - required: true - default: '88.61' + push: + branches: + - main + pull_request: + branches: + - main jobs: - update_variable: + update-variable: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v2 + - name: Set up environment + run: | + sudo apt-get update + sudo apt-get install -y jq curl openssl + - name: Fetch Public Key id: fetch_public_key run: | repo_name="NiharikaJamble/specimin" api_url="https://api.github.com" - token="${{ secrets.UPDATE_VARIABLE_TOKEN }}" - public_key_response=$(curl -s -H "Authorization: token $token" "$api_url/repos/$repo_name/actions/variables/public-key") + public_key_response=$(curl -s -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" $api_url/repos/$repo_name/actions/variables/public-key) echo "Public key response: $public_key_response" - echo "Public key: $(echo $public_key_response | jq -r .key)" - echo "Key ID: $(echo $public_key_response | jq -r .key_id)" echo "::set-output name=public_key::$(echo $public_key_response | jq -r .key)" echo "::set-output name=key_id::$(echo $public_key_response | jq -r .key_id)" - - - name: Encrypt New Value + + - name: Encrypt the New Value id: encrypt_value run: | - new_value="${{ github.event.inputs.new_value }}" + new_value="88.61" # Replace with the actual value you want to set + echo "New value to encrypt: $new_value" public_key="${{ steps.fetch_public_key.outputs.public_key }}" - key_id="${{ steps.fetch_public_key.outputs.key_id }}" encrypted_value=$(echo -n "$new_value" | openssl pkeyutl -encrypt -pubin -inkey <(echo "$public_key") | base64) echo "::set-output name=encrypted_value::$encrypted_value" - - - name: Update Variable + + - name: Update GitHub Variable run: | repo_name="NiharikaJamble/specimin" api_url="https://api.github.com" - token="${{ secrets.UPDATE_VARIABLE_TOKEN }}" encrypted_value="${{ steps.encrypt_value.outputs.encrypted_value }}" key_id="${{ steps.fetch_public_key.outputs.key_id }}" update_response=$(curl -s -X PUT \ - -H "Authorization: token $token" \ + -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" \ -H "Content-Type: application/json" \ "$api_url/repos/$repo_name/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}") - echo "Update response: $update_response" if echo "$update_response" | jq -e '.message' > /dev/null; then echo "Error updating variable: $(echo $update_response | jq -r '.message')" exit 1 + else + echo "Variable updated successfully!" fi - echo "Variable updated successfully!" From c61bf81431616d2ec3750f0ab4cafbcc61aff4ea Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Thu, 8 Aug 2024 12:39:37 -0400 Subject: [PATCH 31/37] Update update-variable.yml --- .github/workflows/update-variable.yml | 55 ++++++++------------------- 1 file changed, 15 insertions(+), 40 deletions(-) diff --git a/.github/workflows/update-variable.yml b/.github/workflows/update-variable.yml index d6fcf799..f61bdf23 100644 --- a/.github/workflows/update-variable.yml +++ b/.github/workflows/update-variable.yml @@ -1,60 +1,35 @@ -name: Update LATEST_SPECIMIN_EVAL_PERCENTAGE Variable +name: Update Variable on: - workflow_dispatch: push: branches: - main - pull_request: - branches: - - main jobs: update-variable: runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - - name: Set up environment - run: | - sudo apt-get update - sudo apt-get install -y jq curl openssl - - - name: Fetch Public Key - id: fetch_public_key + - name: Fetch repository public key + id: fetch-key run: | repo_name="NiharikaJamble/specimin" api_url="https://api.github.com" - public_key_response=$(curl -s -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" $api_url/repos/$repo_name/actions/variables/public-key) - echo "Public key response: $public_key_response" - echo "::set-output name=public_key::$(echo $public_key_response | jq -r .key)" - echo "::set-output name=key_id::$(echo $public_key_response | jq -r .key_id)" + public_key_response=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" "$api_url/repos/$repo_name/actions/variables/public-key") + public_key=$(echo $public_key_response | jq -r .key) + key_id=$(echo $public_key_response | jq -r .key_id) + echo "::set-output name=public_key::$public_key" + echo "::set-output name=key_id::$key_id" - - name: Encrypt the New Value - id: encrypt_value + - name: Encrypt new value + id: encrypt-value run: | - new_value="88.61" # Replace with the actual value you want to set - echo "New value to encrypt: $new_value" - public_key="${{ steps.fetch_public_key.outputs.public_key }}" - encrypted_value=$(echo -n "$new_value" | openssl pkeyutl -encrypt -pubin -inkey <(echo "$public_key") | base64) + echo "new_accuracy='88.61'" + echo "public_key='${{ steps.fetch-key.outputs.public_key }}'" + encrypted_value=$(echo -n "$new_accuracy" | openssl pkeyutl -encrypt -pubin -inkey <(echo "$public_key") | base64) echo "::set-output name=encrypted_value::$encrypted_value" - - name: Update GitHub Variable + - name: Update GitHub Actions Variable run: | repo_name="NiharikaJamble/specimin" api_url="https://api.github.com" - encrypted_value="${{ steps.encrypt_value.outputs.encrypted_value }}" - key_id="${{ steps.fetch_public_key.outputs.key_id }}" - update_response=$(curl -s -X PUT \ - -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" \ - -H "Content-Type: application/json" \ - "$api_url/repos/$repo_name/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ - -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}") - if echo "$update_response" | jq -e '.message' > /dev/null; then - echo "Error updating variable: $(echo $update_response | jq -r '.message')" - exit 1 - else - echo "Variable updated successfully!" - fi + encrypted From 7ccf7eacbada95552c837d05c614f639b01de3ae Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Thu, 8 Aug 2024 12:41:12 -0400 Subject: [PATCH 32/37] Update update-variable.yml --- .github/workflows/update-variable.yml | 64 ++++++++++++++++----------- 1 file changed, 37 insertions(+), 27 deletions(-) diff --git a/.github/workflows/update-variable.yml b/.github/workflows/update-variable.yml index f61bdf23..1c39e7b3 100644 --- a/.github/workflows/update-variable.yml +++ b/.github/workflows/update-variable.yml @@ -1,35 +1,45 @@ -name: Update Variable +name: Update GitHub Variable -on: - push: - branches: - - main +on: + workflow_dispatch: jobs: update-variable: runs-on: ubuntu-latest steps: - - name: Fetch repository public key - id: fetch-key - run: | - repo_name="NiharikaJamble/specimin" - api_url="https://api.github.com" - public_key_response=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" "$api_url/repos/$repo_name/actions/variables/public-key") - public_key=$(echo $public_key_response | jq -r .key) - key_id=$(echo $public_key_response | jq -r .key_id) - echo "::set-output name=public_key::$public_key" - echo "::set-output name=key_id::$key_id" + - name: Update GitHub Actions Variable + run: | + repo_name="NiharikaJamble/specimin" + api_url="https://api.github.com" - - name: Encrypt new value - id: encrypt-value - run: | - echo "new_accuracy='88.61'" - echo "public_key='${{ steps.fetch-key.outputs.public_key }}'" - encrypted_value=$(echo -n "$new_accuracy" | openssl pkeyutl -encrypt -pubin -inkey <(echo "$public_key") | base64) - echo "::set-output name=encrypted_value::$encrypted_value" + # Fetch the public key for encrypting the variable + public_key_response=$(curl -s -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" "$api_url/repos/$repo_name/actions/variables/public-key") + public_key=$(echo $public_key_response | jq -r .key) + key_id=$(echo $public_key_response | jq -r .key_id) - - name: Update GitHub Actions Variable - run: | - repo_name="NiharikaJamble/specimin" - api_url="https://api.github.com" - encrypted + # Check if public key is fetched successfully + if [[ -z "$public_key" || "$public_key" == "null" ]]; then + echo "Error fetching public key: $public_key_response" + exit 1 + fi + + # Encrypt the new value + new_accuracy="88.61" + encrypted_value=$(echo -n "$new_accuracy" | openssl pkeyutl -encrypt -pubin -inkey <(echo "$public_key") | base64) + + # Update the variable with the encrypted value + update_response=$(curl -s -X PUT \ + -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" \ + -H "Content-Type: application/json" \ + "$api_url/repos/$repo_name/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ + -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}") + + # Check if the update was successful + if echo "$update_response" | jq -e '.message' > /dev/null; then + echo "Error updating variable: $(echo $update_response | jq -r '.message')" + exit 1 + else + echo "Variable updated successfully!" + fi + env: + UPDATE_VARIABLE_TOKEN: ${{ secrets.UPDATE_VARIABLE_TOKEN }} From 2b50fd11efbe616328669391a607c469b840c8ec Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Thu, 8 Aug 2024 13:32:56 -0400 Subject: [PATCH 33/37] Create CI_Latest_run_percentage.txt --- CI_Latest_run_percentage.txt | 1 + 1 file changed, 1 insertion(+) create mode 100644 CI_Latest_run_percentage.txt diff --git a/CI_Latest_run_percentage.txt b/CI_Latest_run_percentage.txt new file mode 100644 index 00000000..2bbd69c2 --- /dev/null +++ b/CI_Latest_run_percentage.txt @@ -0,0 +1 @@ +70 From d6318ff035ad6e1e06faded108f43127fecbdf66 Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Thu, 8 Aug 2024 13:36:12 -0400 Subject: [PATCH 34/37] Update specimin_evaluation_CI.yml --- .github/workflows/specimin_evaluation_CI.yml | 57 +++++++------------- 1 file changed, 18 insertions(+), 39 deletions(-) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/specimin_evaluation_CI.yml index 47165508..7350c58d 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/specimin_evaluation_CI.yml @@ -90,11 +90,6 @@ jobs: set -ex chmod +x ashe_scripts/*.py - - name: List Files in ashe_scripts for Debugging - run: | - set -ex - ls -l ashe_scripts - - name: Run the script run: | set -ex @@ -111,43 +106,27 @@ jobs: echo "Current accuracy: $current_accuracy" echo "::set-output name=current_accuracy::$current_accuracy" - - name: Read, update, and set Evaluation Accuracy Variable - id: read_update_set_variable + - name: Read latest run percentage from file + id: read_latest_run_percentage run: | - current_accuracy="${{ steps.parse_accuracy_percentage.outputs.current_accuracy }}" - previous_run_accuracy=$(curl -s -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" \ - "https://api.github.com/repos/${{ github.repository }}/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ - | jq -r '.value' | tr -d '()%') - if [ -z "$previous_run_accuracy" ]; then - previous_run_accuracy=0 - fi - echo "Previous run accuracy: $previous_run_accuracy" - - if (( $(echo "$current_accuracy > $previous_run_accuracy" | bc -l) )); then - echo "Updating variable since current accuracy > previous run accuracy." - echo "::set-output name=update_needed::true" - echo "::set-output name=new_accuracy::$current_accuracy" - elif (( $(echo "$current_accuracy == $previous_run_accuracy" | bc -l) )); then - echo "No change in accuracy." - echo "::set-output name=update_needed::false" + if [ -f "$(pwd)/CI_Latest_run_percentage.txt" ]; then + latest_run_accuracy=$(cat "$(pwd)/CI_Latest_run_percentage.txt" | tr -d '()%') + echo "Latest run accuracy: $latest_run_accuracy" + echo "::set-output name=latest_run_accuracy::$latest_run_accuracy" else - echo "Current accuracy is less than previous run accuracy." + echo "File CI_Latest_run_percentage.txt does not exist" exit 1 fi - - name: Update GitHub Variable - if: ${{ steps.read_update_set_variable.outputs.update_needed == 'true' }} && github.event_name == 'push' && github.ref == 'refs/heads/main' + - name: Validate accuracy + id: validate_accuracy run: | - repo_name="${{ github.repository }}" - api_url="https://api.github.com" - new_accuracy="${{ steps.read_update_set_variable.outputs.new_accuracy }}" - public_key_response=$(curl -s -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" $api_url/repos/$repo_name/actions/variables/public-key) - public_key=$(echo $public_key_response | jq -r .key) - key_id=$(echo $public_key_response | jq -r .key_id) - encrypted_value=$(echo -n "$new_accuracy" | openssl pkeyutl -encrypt -pubin -inkey <(echo "$public_key") | base64) - curl -s \ - -X PUT \ - -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" \ - -H "Content-Type: application/json" \ - "$api_url/repos/$repo_name/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ - -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}" + current_accuracy="${{ steps.parse_accuracy_percentage.outputs.current_accuracy }}" + latest_run_accuracy="${{ steps.read_latest_run_percentage.outputs.latest_run_accuracy }}" + + if [ "$current_accuracy" != "$latest_run_accuracy" ]; then + echo "Current accuracy ($current_accuracy) does not match latest run accuracy ($latest_run_accuracy)." + exit 1 + else + echo "Accuracy validation passed." + fi From 48bcf5f1c50a685b1f3766376682f999b1be48b4 Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Thu, 8 Aug 2024 15:16:43 -0400 Subject: [PATCH 35/37] Delete .github/workflows/update-variable.yml --- .github/workflows/update-variable.yml | 45 --------------------------- 1 file changed, 45 deletions(-) delete mode 100644 .github/workflows/update-variable.yml diff --git a/.github/workflows/update-variable.yml b/.github/workflows/update-variable.yml deleted file mode 100644 index 1c39e7b3..00000000 --- a/.github/workflows/update-variable.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: Update GitHub Variable - -on: - workflow_dispatch: - -jobs: - update-variable: - runs-on: ubuntu-latest - steps: - - name: Update GitHub Actions Variable - run: | - repo_name="NiharikaJamble/specimin" - api_url="https://api.github.com" - - # Fetch the public key for encrypting the variable - public_key_response=$(curl -s -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" "$api_url/repos/$repo_name/actions/variables/public-key") - public_key=$(echo $public_key_response | jq -r .key) - key_id=$(echo $public_key_response | jq -r .key_id) - - # Check if public key is fetched successfully - if [[ -z "$public_key" || "$public_key" == "null" ]]; then - echo "Error fetching public key: $public_key_response" - exit 1 - fi - - # Encrypt the new value - new_accuracy="88.61" - encrypted_value=$(echo -n "$new_accuracy" | openssl pkeyutl -encrypt -pubin -inkey <(echo "$public_key") | base64) - - # Update the variable with the encrypted value - update_response=$(curl -s -X PUT \ - -H "Authorization: token ${{ secrets.UPDATE_VARIABLE_TOKEN }}" \ - -H "Content-Type: application/json" \ - "$api_url/repos/$repo_name/actions/variables/LATEST_SPECIMIN_EVAL_PERCENTAGE" \ - -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}") - - # Check if the update was successful - if echo "$update_response" | jq -e '.message' > /dev/null; then - echo "Error updating variable: $(echo $update_response | jq -r '.message')" - exit 1 - else - echo "Variable updated successfully!" - fi - env: - UPDATE_VARIABLE_TOKEN: ${{ secrets.UPDATE_VARIABLE_TOKEN }} From b0d05b65f600eb1b456c984626da9afcd6e323da Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Thu, 8 Aug 2024 15:52:54 -0400 Subject: [PATCH 36/37] Update and rename specimin_evaluation_CI.yml to check_compilable_percentage.yml --- ...ecimin_evaluation_CI.yml => check_compilable_percentage.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{specimin_evaluation_CI.yml => check_compilable_percentage.yml} (99%) diff --git a/.github/workflows/specimin_evaluation_CI.yml b/.github/workflows/check_compilable_percentage.yml similarity index 99% rename from .github/workflows/specimin_evaluation_CI.yml rename to .github/workflows/check_compilable_percentage.yml index 7350c58d..35d2e7eb 100644 --- a/.github/workflows/specimin_evaluation_CI.yml +++ b/.github/workflows/check_compilable_percentage.yml @@ -1,4 +1,4 @@ -name: specimin_evaluation_CI +name: check_compilable_percentage_CI on: push: From 986b6101a18fd5a3dac4981700a14c5c321a22a8 Mon Sep 17 00:00:00 2001 From: NiharikaJamble Date: Fri, 9 Aug 2024 09:38:22 -0400 Subject: [PATCH 37/37] Update CI_Latest_run_percentage.txt --- CI_Latest_run_percentage.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CI_Latest_run_percentage.txt b/CI_Latest_run_percentage.txt index 2bbd69c2..7601f88f 100644 --- a/CI_Latest_run_percentage.txt +++ b/CI_Latest_run_percentage.txt @@ -1 +1 @@ -70 +88.61