def int_handler(signum, frame):
print("Int handler!")
if fuzzer_command is not None:
try:
docker_command.stop(
docker_name, _timeout=120
) # It should not take longer than 120 seconds to kill a docker container, right????
except sh.ErrorReturnCode:
return package, True
except sh.TimeoutException: # It took too long too kill the docker container - we are going to ignore that for now, we want to continue fuzzing
return package, True
return package, True
else:
return package, True
def main(dataset):
tmpname="kolab/kolabtestcontainer:tmppopulated"
imagename="kolab/kolabtestcontainer:populated-"+dataset
basedir = "{c.SCRIPT_DIR}/kolabpopulated".format(c=config)
print("Building tmpcontainer...")
docker.build(settings.dockerCacheString(), "-t", tmpname, "{basedir}/.".format(basedir=basedir))
print("Starting tmpcontainer...")
container = docker.run("-d", "-h", settings.HOSTNAME,
"-v", "/sys/fs/cgroup:/sys/fs/cgroup:ro",
"-v", "{basedir}/{dataset}/:/data/".format(basedir=basedir, dataset=dataset),
'-v', "{c.SCRIPT_DIR}/kolab/populate/:/populate".format(c=config),
tmpname).rstrip()
try:
# Wait for imap to become available on imaps://localhost:993
time.sleep(5)
print "Populate OU..."
docker("exec", container, "python2", "/populate/populate_ou.py", _out=sys.stdout)
print "Populate users..."
docker("exec", container, "python2", "/populate/populate_users.py", _out=sys.stdout)
print "Populate resources..."
docker("exec", container, "python2", "/populate/populate_resources.py", _out=sys.stdout)
print("Running populate.sh...")
docker("exec", container, "/data/populate.sh", _out=sys.stdout)
# Give kolabd some time to create all mailboxes
time.sleep(5)
docker("exec", container, "patch", "-R", "/etc/kolab/kolab.conf", "/data/kolab.conf.diff", _out=sys.stdout)
docker("exec", container, "patch", "-R", "/etc/roundcubemail/calendar.inc.php", "/data/calendar.inc.php.diff", _out=sys.stdout)
docker("exec", container, "patch", "-R", "/etc/roundcubemail/config.inc.php", "/data/config.inc.php.diff", _out=sys.stdout)
docker("exec", container, "patch", "-R", "/etc/roundcubemail/kolab_addressbook.inc.php", "/data/kolab_addressbook.inc.php.diff", _out=sys.stdout)
docker("exec", container, "patch", "-R", "/etc/roundcubemail/kolab_auth.inc.php", "/data/kolab_auth.inc.php.diff", _out=sys.stdout)
docker("exec", container, "patch", "-R", "/etc/roundcubemail/password.inc.php", "/data/password.inc.php.diff", _out=sys.stdout)
print("Comitting results to: {}".format(imagename))
docker.commit(container, imagename)
except:
print("Unexpected error:", sys.exc_info()[0])
traceback.print_exc(file=sys.stdout)
print("Failed to setup container")
docker.stop(container)
docker.rm(container)
def main(dataset):
tmpname="kolab/kolabtestcontainer:tmppopulated"
imagename="kolab/kolabtestcontainer:populated-"+dataset
SCRIPT_DIR = os.path.dirname(os.path.realpath(sys.argv[0]))
print("Building tmpcontainer...")
docker.build("-t", tmpname, SCRIPT_DIR+"/kolabpopulated/.")
print("Starting tmpcontainer...")
container = docker.run("-d", "-h", settings.HOSTNAME, "-v", "/sys/fs/cgroup:/sys/fs/cgroup:ro", "-v", SCRIPT_DIR+"/kolabpopulated/"+dataset+"/:/data/", tmpname).rstrip()
# Wait for imap to become available on imaps://localhost:993
time.sleep(5)
print("Running populate.sh...")
docker("exec", container, "/data/populate.sh", _out=process_output)
print("Comitting results...")
docker.commit(container, imagename)
docker.stop(container)
docker.rm(container)
def main():
tmpname = settings.kolabimagename("tmpbase")
SCRIPT_DIR = os.path.dirname(os.path.realpath(sys.argv[0]))
print("Building tmpcontainer...")
docker("build", "-t", tmpname, SCRIPT_DIR+"/kolab/")
print("Starting tmpcontainer...")
print(SCRIPT_DIR+"/fixRoundcubeT243.sh:/usr/share/roundcubemail/fixRoundcubeT243.sh")
container = docker.run("-d", "-h", settings.HOSTNAME, "-v", "/sys/fs/cgroup:/sys/fs/cgroup:ro", "-v", SCRIPT_DIR+"/kolab/fixRoundcubeT243.sh:/usr/share/roundcubemail/fixRoundcubeT243.sh", tmpname).rstrip()
print("Setting up kolab")
docker("exec", container, "setup-kolab", "--default", "--timezone="+settings.TIMEZONE, "--directory-manager-pwd="+settings.LDAPPW, "--mysqlserver=new", _out=process_output)
print("Fixing roundcube")
docker("exec", container, "bash", "/usr/share/roundcubemail/fixRoundcubeT243.sh", _out=process_output)
docker("exec", container, "systemctl", "restart", "httpd", _out=process_output)
print("Comitting results...")
docker.commit(container, settings.kolabimagename("base"))
docker.stop(container)
docker.rm(container)
def stop_container(container: str, time: int = 10):
""" Stop a Docker Container by ID"""
with sudo:
docker.stop(container, time=time, _fg=True)
def main(dataset):
tmpname = "kolab/kolabtestcontainer:tmppopulated"
imagename = "kolab/kolabtestcontainer:populated-" + dataset
basedir = "{c.SCRIPT_DIR}/kolabpopulated".format(c=config)
print("Building tmpcontainer...")
docker.build("-t", tmpname, "{basedir}/.".format(basedir=basedir))
print("Starting tmpcontainer...")
container = docker.run(
"-d", "-h", settings.HOSTNAME, "-v",
"/sys/fs/cgroup:/sys/fs/cgroup:ro",
"-v", "{basedir}/{dataset}/:/data/".format(basedir=basedir,
dataset=dataset), '-v',
"{c.SCRIPT_DIR}/kolab/populate/:/populate".format(c=config),
tmpname).rstrip()
try:
# Wait for imap to become available on imaps://localhost:993
time.sleep(5)
print "Populate OU..."
docker("exec",
container,
"python2",
"/populate/populate_ou.py",
_out=sys.stdout)
print "Populate users..."
docker("exec",
container,
"python2",
"/populate/populate_users.py",
_out=sys.stdout)
print "Populate resources..."
docker("exec",
container,
"python2",
"/populate/populate_resources.py",
_out=sys.stdout)
print("Running populate.sh...")
docker("exec", container, "/data/populate.sh", _out=sys.stdout)
# Give kolabd some time to create all mailboxes
time.sleep(5)
docker("exec",
container,
"patch",
"-R",
"/etc/kolab/kolab.conf",
"/data/kolab.conf.diff",
_out=sys.stdout)
docker("exec",
container,
"patch",
"-R",
"/etc/roundcubemail/calendar.inc.php",
"/data/calendar.inc.php.diff",
_out=sys.stdout)
docker("exec",
container,
"patch",
"-R",
"/etc/roundcubemail/config.inc.php",
"/data/config.inc.php.diff",
_out=sys.stdout)
docker("exec",
container,
"patch",
"-R",
"/etc/roundcubemail/kolab_addressbook.inc.php",
"/data/kolab_addressbook.inc.php.diff",
_out=sys.stdout)
docker("exec",
container,
"patch",
"-R",
"/etc/roundcubemail/kolab_auth.inc.php",
"/data/kolab_auth.inc.php.diff",
_out=sys.stdout)
docker("exec",
container,
"patch",
"-R",
"/etc/roundcubemail/password.inc.php",
"/data/password.inc.php.diff",
_out=sys.stdout)
print("Comitting results to: {}".format(imagename))
docker.commit(container, imagename)
except:
print("Unexpected error:", sys.exc_info()[0])
traceback.print_exc(file=sys.stdout)
print("Failed to setup container")
docker.stop(container)
docker.rm(container)
def run_fuzzer(self, docker_name, package: str, docker_args: [str],
base_image: str, build_file: str, fuzzer_command_args: [str],
timeout_per_package: float) -> (str, bool):
fuzzer_command = None
from celery.platforms import signals
def int_handler(signum, frame):
print("Int handler!")
if fuzzer_command is not None:
try:
docker_command.stop(
docker_name, _timeout=120
) # It should not take longer than 120 seconds to kill a docker container, right????
except sh.ErrorReturnCode:
return package, True
except sh.TimeoutException: # It took too long too kill the docker container - we are going to ignore that for now, we want to continue fuzzing
return package, True
return package, True
else:
return package, True
signals['INT'] = int_handler
try:
if os.path.exists(build_file):
with open(build_file, "r") as jsonfp:
build_dict = json.load(jsonfp)
package_image_name = build_dict["docker_image_name"]
else:
package_image_name = package + "_" + str(uuid.uuid4())[:8]
# TODO: Limit build process to one cpu
package_image_name = helpers.docker_builder.return_current_package_image(
package=package,
fuzzer_image=base_image,
package_image=package_image_name,
json_output_path=build_file)
if package_image_name is None:
return False
# docker_args.insert(0,'--cpus=0.90')
print("Invoking the fuzzing docker")
# TODO: This throws an exception in the background thread right now, which seems to be a bug in sh:
# https://github.com/amoffat/sh/issues/399. For now, we are ignoring the issue.
fuzzer_command = docker_command.run(docker_args,
package_image_name,
fuzzer_command_args,
_out=sys.stdout,
_bg=True,
_timeout=timeout_per_package)
fuzzer_command.wait()
if fuzzer_command.exit_code != 0:
print("Something went wrong for package {0}", package)
return package, False
print("Done! Returning True")
return package, True
except sh.ErrorReturnCode as e:
print("afl-fuzz error:")
print("STDOUT:\n", e.stdout.decode("utf-8"))
print("STDERR:\n", e.stderr.decode("utf-8"))
print("command line: {0}".format(e.full_cmd))
return package, False
except sh.TimeoutException as e:
print("Fuzzing {0} timed out... Next one!".format(package))
try:
docker_command.stop(docker_name)
except sh.ErrorReturnCode as e: # Container is already removed
pass
return package, True
except sh.SignalException_SIGKILL as e:
print("Killed")
return package, True
return package, True