def test_check_strace_for_fopen(self):
strace = 'open("log.log", O_RDONLY) = 4'
self.assertEqual(
HeuristicConfigCreator.check_strace_for_fopen(strace, "log.log"),
True)
strace = 'open("log.log", O_WRONLY) = 4'
self.assertEqual(
HeuristicConfigCreator.check_strace_for_fopen(strace, "log.log"),
False)
strace = 'asfdlajsdf\nopen("log.log", O_RRDONLY) = 4\nalsjsfdlsadjf'
self.assertEqual(
HeuristicConfigCreator.check_strace_for_fopen(strace, "log.log"),
True)
# Test a longer string:
strace = 'stat("../data/getseeds/sample_dataset/dummyfile.txt.ecp", {st_mode = S_IFREG | 0664, st_size = 48, ...}) = 0 \n' \
'open("../data/getseeds/sample_dataset/dummyfile.txt.ecp", O_RDONLY) = 4 \n' \
'lseek(4, 0, SEEK_CUR) = 0'
self.assertEqual(
HeuristicConfigCreator.check_strace_for_fopen(
strace, "../data/getseeds/sample_dataset/dummyfile.txt.ecp"),
True)
strace = 'openat(AT_FDCWD, "seeds/pcap_samples/pcap_aa75722c-a2fe-4e31-a751-15f606b34aa3.pcap", O_RDONLY) = 3'
self.assertEqual(
HeuristicConfigCreator.check_strace_for_fopen(
strace,
"seeds/pcap_samples/pcap_aa75722c-a2fe-4e31-a751-15f606b34aa3.pcap"
), True)
def test_try_filetype_with_coverage_via_afl_fail(
self, subprocess_check_output: unittest.mock.MagicMock):
binary_path = "tshark"
repo_path = ""
max_timeout = 2500
memory_limit = "none"
h = HeuristicConfigCreator(binary_path=binary_path,
repo_path=repo_path,
dummyfiles_path=os.getcwd())
h.MAX_TIMEOUT = max_timeout
h.memory_limit = memory_limit
h.FAILED_INVOCATIONS_THRESHOLD = 2
h.afl_cmin_path = "afl-cmin"
mocked_return_value = "cmin-output"
subprocess_check_output.return_value = bytes(mocked_return_value,
encoding="utf-8")
subprocess_check_output.side_effect = subprocess.CalledProcessError(
returncode=-1, cmd="alja")
h.try_filetype_with_coverage_via_afl("-f",
os.getcwd(),
file_type=".test")
with self.assertRaises(helpers.exceptions.NoCoverageInformation):
h.try_filetype_with_coverage_via_afl("-g",
os.getcwd(),
file_type=".test")
def test_get_best_input_vector(self):
h = HeuristicConfigCreator(
binary_path="test", dummyfiles_path=os.getcwd(
)) # We need to provide valid paths to pass the sanity checks
c1 = CliConfig(invocation="-f", coverage=50, filetype=".test1")
c2 = CliConfig(invocation="-g", coverage=80, filetype=".test2")
h.cli_config_list = [c1, c2]
self.assertEqual(h.get_max_coverage_input_vector(), c2)
def test_stdin_inference(self):
h = HeuristicConfigCreator(binary_path=self.stdin_binary_path,
timeout=1.5,
qemu=False,
results_out_dir=os.getcwd(),
seeds_dir=self.seeds_path)
self.assertTrue(h.try_invocation("", stdin=True))
param_set = h.figure_out_parameters()
self.assertTrue("" in param_set and len(param_set) == 1)
def test_create_bash_in_execution_path(self):
# For now, just test that the method does not raise an exception
binary_path = os.getcwd() + "/" + "tshark"
repo_path = os.getcwd()
filetype = "testfiletype"
h = HeuristicConfigCreator(binary_path=binary_path,
repo_path=repo_path,
dummyfiles_path=os.getcwd())
c1 = CliConfig(invocation="-f", coverage=50, filetype=filetype)
h.cli_config_list = [c1]
with unittest.mock.patch('json.dump',
return_value=True) as json_dump_function:
with unittest.mock.patch("builtins.open") as open_object:
fileobject = unittest.mock.MagicMock()
fileobject.write.return_value = True # Some random return value
open_object.return_value = fileobject
h.create_bash_in_execution_path()
self.assertEqual(json_dump_function.call_count, 1)
def main(binary_path: str,
timeout: float,
seeds_dir: str,
cores: int = 8,
parameter: str = "@@"):
use_qemu = helpers.utils.qemu_required_for_binary(binary_path)
if use_qemu:
print("Using qemu for binary {0}".format(binary_path))
logging.info("Now inferring invocation for {0}".format(binary_path))
h = HeuristicConfigCreator(binary_path=binary_path,
results_out_dir=os.path.basename(binary_path),
timeout=timeout,
qemu=use_qemu,
cores=cores,
seeds_dir=seeds_dir)
h.infer_filetype_via_coverage_for_parameter_parallel(parameter=parameter,
probe=False)
coverage_list = h.coverage_lists[parameter]
import csv
with open('some.csv', 'w') as f:
writer = csv.writer(f)
writer.writerows(coverage_list)
def test_get_routine_dict(self):
binary_path = "bin/bla/test.bin"
repo_path = "bin/"
filetype = "testfiletype"
h = HeuristicConfigCreator(binary_path=binary_path,
repo_path=repo_path,
dummyfiles_path=os.getcwd())
c1 = CliConfig(invocation="-f", coverage=50, filetype=".testfiletype")
h.cli_config_list = [c1]
routine_dict = h.get_routine_dict()
# Test certain key-value pairs in the routine dict
self.assertEqual((routine_dict["job_desc"][0])["seed_dir"],
os.getcwd() + "/.testfiletype_samples")
self.assertEqual(routine_dict["fuzz_cmd"], "bla/test.bin -f @@")
h = HeuristicConfigCreator(binary_path=binary_path,
repo_path=repo_path,
dummyfiles_path=os.getcwd())
c1 = CliConfig(invocation=None, coverage=50, filetype=".testfiletype")
h.cli_config_list = [c1]
routine_dict = h.get_routine_dict()
self.assertEqual(routine_dict["fuzz_cmd"], "bla/test.bin @@")
def test_invoke_afl_cmin(self,
subprocess_check_output: unittest.mock.MagicMock):
binary_path = "tshark"
repo_path = ""
max_timeout = 2500
memory_limit = "none"
h = HeuristicConfigCreator(binary_path=binary_path,
repo_path=repo_path,
dummyfile_path=__file__,
dummyfiles_path=os.getcwd())
h.MAX_TIMEOUT = max_timeout
h.memory_limit = memory_limit
h.afl_cmin_path = "afl-cmin"
mocked_return_value = "cmin-output"
subprocess_check_output.return_value = bytes(mocked_return_value,
encoding="utf-8")
self.assertEqual(h.invoke_afl_cmin("-f", "tmp_dir"),
mocked_return_value)
def test_get_coverage_from_afl_cmin_ouput(self):
afl_cmin_ouput = "[+] Found 964 unique tuples across 1 files.\n[*] Finding best candidates for each tuple..."
self.assertEqual(
HeuristicConfigCreator.get_coverage_from_afl_cmin_ouput(
afl_cmin_ouput), 964)
def test_fuzzer_workflow(self):
log_dict = {}
log_dict["mock_data/input_mock/jpg_binary/main"] = {"fuzz_debug": {}}
volume_path = "test_output_volume"
package_name = ""
shutil.rmtree(volume_path, ignore_errors=True)
os.makedirs(
os.path.join(os.path.join(volume_path, package_name), "main/"))
clangfast = sh.Command("afl-clang-fast")
clangfast([
"mock_data/input_mock/mixed_fbinary/main.c", "-o",
"mock_data/input_mock/mixed_fbinary/main"
])
h = HeuristicConfigCreator(
binary_path="mock_data/input_mock/mixed_fbinary/main",
results_out_dir=os.path.join(volume_path, package_name, "main/"),
qemu=False,
seeds_dir="mock_data/mock_seeds/")
h.infer_input_vectors()
input_vectors = h.get_input_vectors_sorted()
helpers.utils.store_input_vectors_in_volume(package_name, "main",
volume_path, input_vectors)
with open(os.path.join(volume_path, package_name,
"main.json")) as json_filepointer:
configurations = json.load(json_filepointer)
conf = configurations[0]
seeds = helpers.utils.get_seeds_dir_from_input_vector_dict(
conf, package_name, "main")
print(conf)
with mock.patch("uuid.uuid4") as uuidmock:
uuidmock.return_value = "mockuuidmin"
m = minimzer.minize(
parameter=conf["parameter"],
seeds_dir=seeds,
binary_path="mock_data/input_mock/jpg_binary/main",
package=package_name,
volume_path=volume_path,
afl_config_file_name="main.afl_config",
tmin_total_time=1000)
uuidmock.return_value = "mockuuid"
with mock.patch("uuid.uuid4") as uuidmock:
uuidmock.return_value = "mockuuid"
configfinder.fuzzer_wrapper.prepare_and_start_fuzzer(
parameter="@@",
seeds_dir="mock_data/mock_seeds/jpg_samples",
binary_path="mock_data/input_mock/jpg_binary/main",
package=package_name,
volume_path=volume_path,
afl_config_file_name="main.afl_config",
fuzz_duration=15,
timeout=1500.0,
log_dict=log_dict)
with open(
os.path.join(os.path.join(volume_path, "main"),
"main.afl_config")) as testaflfp:
aflconfigdict = json.load(testaflfp)
self.assertEqual(aflconfigdict["afl_out_dir"],
"test_output_volume/main/main/afl_fuzz_mockuuid")
self.assertTrue(os.path.exists(aflconfigdict["afl_out_dir"]))
with mock.patch("uuid.uuid4") as uuidmock:
uuidmock.return_value = "resume"
configfinder.fuzzer_wrapper.resume_fuzzer(
"test_output_volume/main/main/afl_fuzz_mockuuid",
binary_path="mock_data/input_mock/jpg_binary/main",
parameter="@@",
timeout=1500.0,
fuzz_duration=1)
shutil.rmtree(volume_path, ignore_errors=True)