Skip to main content

Vulnerability Patcher

The BitNinja Vulnerability Patcher determines whether a system is affected by known vulnerabilities by analyzing the actual source code of installed applications rather than relying on version numbers. This approach ensures accurate detection even when files are manually modified, patches are backported, or version metadata is unreliable. Each vulnerability is represented as a standalone package.

Live patches are located in the /opt/bitninja/modules/Patcher/patches directory using the format below.

CVE-XXXX/
├── info.json
└── files/
├── alias_1_orig.txt
├── alias_1_patch.txt
└── ...

The info.json file defines the vulnerability metadata, including its name, description, and reference links. It also specifies the affected files and the detection rules associated with them.

{
  "files": {
    "wp-includes/class-wp-meta-query.php": {
      "alias_1": {
        "search": "files/alias_1_orig.txt",
        "patch": "files/alias_1_patch.txt"
      }
    }
  }
}

Alias Concept

Each alias represents a single detection rule. The search field contains the vulnerable code snippet, while the patch field contains the corrected version of that snippet.

Target Discovery

BitNinja identifies application roots using the following configuration file:

/var/lib/bitninja/ConfigParser/getVhosts-report.json

Example

{
  "doc_roots": [
    "/usr/share/nginx/html",
    "/var/www/example.com/html"
  ]
}

The system parses all available doc_roots entries from the configuration file and builds a list of directories that may contain web applications. During this process, duplicate paths are removed, and only valid, existing directories are retained for scanning.

File Resolution

For each vulnerability definition, BitNinja reads the info.json file and iterates through the listed target files. It then constructs absolute file paths by combining each document root with the relative file path defined in the patch.

For example, a relative path such as wp-includes/class-wp-meta-query.php resolves to -> /var/www/example.com/html/wp-includes/class-wp-meta-query.php

Detection Workflow

The detection process iterates through every document root, vulnerability definition, target file, and alias rule. For each combination, BitNinja performs pattern-based matching against the actual file contents.

Detected vulnerabilities can be seen at your dashboard: https://console.bitninja.io/patcher