Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

InfraFix: Technology-Agnostic Repair of Infrastructure as Code

Nuno Saavedra, João F. Ferreira, Alexandra Mendes

TL;DR

IaC errors drive outages, security vulnerabilities, and data loss, highlighting a gap in scalable Automated Program Repair (APR) for infrastructure-as-code scripts. The paper introduces InfraFix, a technology-agnostic APR framework that uses a state-inference module and GLITCH-based intermediate representation to repair IaC scripts across Ansible, Puppet, Chef, and Terraform, accompanied by a scalable repair-scenario generator for large-scale evaluation. An SMT-based repair module is demonstrated, achieving 95.7% success over 254,288 repair scenarios, reinforcing InfraFix as a robust foundation for cross-technology IaC repair research. The work provides replication resources and open-source tooling, enabling broader exploration of state inference and repair strategies in the IaC domain.

Abstract

Infrastructure as Code (IaC) enables scalable and automated IT infrastructure management but is prone to errors that can lead to security vulnerabilities, outages, and data loss. While prior research has focused on detecting IaC issues, Automated Program Repair (APR) remains underexplored, largely due to the lack of suitable specifications. In this work, we propose InfraFix, the first technology-agnostic framework for repairing IaC scripts. Unlike prior approaches, InfraFix allows APR techniques to be guided by diverse information sources. Additionally, we introduce a novel approach for generating repair scenarios, enabling large-scale evaluation of APR techniques for IaC. We implement and evaluate InfraFix using an SMT-based repair module and a state inference module that uses system calls, demonstrating its effectiveness across 254,288 repair scenarios with a success rate of 95.7%. Our work provides a foundation for advancing APR in IaC by enabling researchers to experiment with new state inference and repair techniques using InfraFix and to evaluate their approaches at scale with our repair scenario generation method.

InfraFix: Technology-Agnostic Repair of Infrastructure as Code

TL;DR

IaC errors drive outages, security vulnerabilities, and data loss, highlighting a gap in scalable Automated Program Repair (APR) for infrastructure-as-code scripts. The paper introduces InfraFix, a technology-agnostic APR framework that uses a state-inference module and GLITCH-based intermediate representation to repair IaC scripts across Ansible, Puppet, Chef, and Terraform, accompanied by a scalable repair-scenario generator for large-scale evaluation. An SMT-based repair module is demonstrated, achieving 95.7% success over 254,288 repair scenarios, reinforcing InfraFix as a robust foundation for cross-technology IaC repair research. The work provides replication resources and open-source tooling, enabling broader exploration of state inference and repair strategies in the IaC domain.

Abstract

Infrastructure as Code (IaC) enables scalable and automated IT infrastructure management but is prone to errors that can lead to security vulnerabilities, outages, and data loss. While prior research has focused on detecting IaC issues, Automated Program Repair (APR) remains underexplored, largely due to the lack of suitable specifications. In this work, we propose InfraFix, the first technology-agnostic framework for repairing IaC scripts. Unlike prior approaches, InfraFix allows APR techniques to be guided by diverse information sources. Additionally, we introduce a novel approach for generating repair scenarios, enabling large-scale evaluation of APR techniques for IaC. We implement and evaluate InfraFix using an SMT-based repair module and a state inference module that uses system calls, demonstrating its effectiveness across 254,288 repair scenarios with a success rate of 95.7%. Our work provides a foundation for advancing APR in IaC by enabling researchers to experiment with new state inference and repair techniques using InfraFix and to evaluate their approaches at scale with our repair scenario generation method.

Paper Structure

This paper contains 13 sections, 2 figures, 2 tables.

Table of Contents

  1. Introduction
  2. InfraFix
  3. State Inference Module
  4. Technology-Agnostic Approach
  5. GLITCH's Intermediate Representation
  6. Normalization Database
  7. Repair Module
  8. Evaluation
  9. Datasets
  10. Automated Generation of Repair Scenarios
  11. Results
  12. Related Work
  13. Conclusion

Figures (2)

  • Figure 1: Overview of InfraFix's architecture.
  • Figure 2: Overview of the method for automated evaluation of APR approaches for IaC.