def check_s2e_vm(): ''' check whether s2e vm images exists ''' vm_file_list = [ '{}/vm/i386/disk.s2e'.format(S2EDIR), '{}/vm/i386/disk.s2e.saved'.format(S2EDIR), '{}/vm/x86_64/disk.s2e'.format(S2EDIR), '{}/vm/x86_64/disk.s2e.saved'.format(S2EDIR) ] need_get = False for vm_file in vm_file_list: if not os.path.isfile(vm_file): need_get = True if need_get == False: print_sep() print '[C]: s2e guest VM images found!' return need_get # download vm file print_sep() print '[C]: ONE OR MORE S2E VM IMAGE NOT FOUND at dir [{}/vm]'.format( S2EDIR) answer = 'input' while answer.lower() not in ['', 'y', 'n', 'yes', 'no']: answer = raw_input('Do you want the script to set it up? (Y/n): ') if not answer.lower() in ['', 'y', 'yes']: print '[C]: cimfunzz won\'t work without s2e image, Exiting now ...' exit(0) return need_get
def run_watcher(d_s, argv): '''execute the directory watcher for each of the AFL instance ''' setproctitle.setproctitle('cimfuzz file watcher') import watcher launcher_args = dict() db_config = dict() db_config['database'] = argv['database'] db_config['user'] = argv['user'] db_config['password'] = argv['password'] db_config['host'] = argv['host'] db_config['port'] = argv['port'] launcher_args['db_config'] = db_config launcher_args['qemu'] = '{}/qemu-{}'.format(argv['qemu'], argv['arch']) launcher_args['project_id'] = argv['project_id'] launcher_args['max_testcase_size'] = argv['max_testcase_size'] launcher_args['basedir'] = d_s['.'] # watcher related launcher_args['out_afl'] = '{}/{}'.format(d_s['out_afl'], argv['fid']) launcher_args['out_s2e'] = d_s['out_s2e'] launcher_args['seedbox'] = '{}/seedbox/queue'.format( launcher_args['out_afl']) print_sep() print '[C]: args used for launching watcher:' print '' pprint.pprint(launcher_args) print '' watcher.launch(launcher_args)
def run_afl(d_s, argv, queue=None): ''' start afl with its own launcher script ''' import afl_launcher launcher_args = dict() launcher_args['qemu'] = True # qemumode launcher_args['fuzz_lib'] = argv['fuzz_lib'] # fuzz library launcher_args['debug'] = argv['debug'] # debug launcher_args['timeout'] = argv['timeout_afl'] # timeoutofafl launcher_args['fid'] = argv['fid'] # file id: first 8 bytes of md5 launcher_args['uid'] = argv['docker_uid'] # real user id of the container launcher_args['docker_img']= argv['docker_afl'] # container name launcher_args['arch'] = argv['arch'] # binaryarchitecture launcher_args['parallel'] = argv['num_afl'] # numberofaflprocessestorun launcher_args['resume'] = argv['resume'] launcher_args['mode'] = argv['mode_afl'] launcher_args['basedir'] = d_s['.'] launcher_args['cmd_file'] = '{}/command.json'.format(d_s['.']) launcher_args['masters'] = argv.get('num_master') if argv.get('num_master') is not None else argv.get('num_afl') launcher_args['container_name']= argv['docker_afl'] print_sep() print '[C]: args used for launching AFL:' print '' pprint.pprint(launcher_args) print '' # call afl launcher launcher = afl_launcher.AFLLauncher(launcher_args) container = launcher.launch() if queue: queue.put(container) return container
def run_fuzz(argv): ''' run the test ''' # check the requirements of cim_fuzz check_req(argv) # working directory name working_dir = '{}/cb_{}'.format( argv['cbhome'], str(datetime.now().strftime('%Y-%m-%d-%H%M%S.%f'))) check_dir(working_dir) # 1. download from remote or get the file with path file_name = url_get_file(argv['uri'], working_dir) # 2. unzip the file dir_name = unzip(file_name, working_dir) argv['tar_file'] = file_name print_sep() print '[C]: working directory: [{}]'.format(dir_name) # prepare the experiment directory structure dir_struct = prepare_dir(dir_name) # get the architecture of the test binary binary = '{}/cb'.format(dir_struct['binary']) bin_arch = get_file_arch(binary)[0] if bin_arch not in ['32bit', '64bit']: print '[C]: unsupported file arch!, exiting now' exit(0) if bin_arch == '64bit': argv['arch'] = 'x86_64' if bin_arch == '32bit': argv['arch'] = 'i386' # first 8 bytes of md5 as file id argv['md5sum'] = md5sum(binary) argv['fid'] = argv['md5sum'][:8] check_dir('{}/{}'.format(dir_struct['out_afl'], argv['fid'])) print "out_afl:{}/{}".format(dir_struct['out_afl'], argv['fid']) # save command to cimfuzz.cmd file argv.pop('func', None) with open('{}/cimfuzz.cmd'.format(dir_name), 'w') as fuzz_cmd: json.dump(argv, fuzz_cmd) # globals for flask if argv['afl_only']: execute_aflonly(dir_struct, argv) else: execute(dir_struct, argv)
def check_docker_image(image, c_type): ''' check the docker image and prepare the setup ''' # if docker image already exists if check_docker_image_exist(image): return (False, False, False) print_sep() print '[C]: [{}] docker image [{}] not found!'.format( c_type.upper(), image) if c_type == 'afl': root_dir = AFLDIR elif c_type == 's2e': root_dir = S2EDIR else: print '[C]: container type not known, Exiting now ...' exit(0) # check tar file need_import = False need_build = False need_export = False image_tar = '{}/DockerImage/{}.tar'.format(root_dir, image) file_exist = os.path.isfile(image_tar) if file_exist: print '[C]: FOUND local copy of the image at {}'.format(image_tar) imp = 'input' while imp.lower() not in ['', 'y', 'n', 'yes', 'no']: imp = raw_input('Do you want the script to import it? (Y/n): ') if imp.lower() in ['', 'y', 'yes']: need_import = True if need_import == False or not file_exist: build = 'input' while build.lower() not in ['', 'y', 'n', 'yes', 'no']: build = raw_input( 'Do you want the script to build the image? (Y/n): ') if build.lower() in ['', 'y', 'yes']: need_build = True export = 'input' while export.lower() not in ['', 'y', 'n', 'yes', 'no']: export = raw_input( 'Export the image to a tar file after build? (Y/n): ') if export.lower() in ['', 'y', 'yes']: need_export = True return (need_import, need_build, need_export)
def build_or_import(root_dir, image, import_img=True): ''' prepare docker image ''' image_tar = '{}/DockerImage/{}.tar'.format(root_dir, image) if os.path.isfile(image_tar) and import_img: print '[C]: FOUND local copy of the image at {}'.format(image_tar) print '[C]: Importing docker image from file ...' command = 'docker load -i {}'.format(image_tar) else: if import_img: print '[C]: NO local copy of the image found at {}'.format( image_tar) print '[C]: Building a new one with Dockerfile at {}/Dockerfile ...'.format( root_dir) command = 'docker build -t {} {}/Dockerfile'.format(image, root_dir) run_command_noret(command) print_sep() print '[C]: Build finished ...'
def main( agent_to_evaluate: str, opponents: List[str], n_rounds_per_agent: int, n_processes: int, base_path: str, store_results: bool, ): # Load all agents if not agent_to_evaluate.endswith(".py"): agent_to_evaluate = agent_to_evaluate + ".py" opponents = [ opponent + ".py" if not opponent.endswith(".py") else opponent for opponent in opponents ] # Load all opponents all_agents = list(Path(base_path).absolute().iterdir()) agent_path = [ agent_path for agent_path in all_agents if agent_path.name.startswith(agent_to_evaluate) and not agent_path.name == "__pycache__" ] opponent_pool_paths = [ agent_path for agent_path in all_agents if any( agent_path.name.startswith(opponent) for opponent in opponents) and not agent_path.name == "__pycache__" ] if len(agent_path) > 1: raise ValueError( f"You specified the following agent to be evaluated {agent_to_evaluate}, but there are more then one candidate: {', '.join([agent.name for agent in agent_path])}" ) else: agent_path = agent_path.pop() print(print_sep()) print( f"The agent {agent_path.name} will be tested against the following agents: {', '.join([agent.name for agent in opponent_pool_paths])}\n" f"The candidate agent will be tested for {n_rounds_per_agent} rounds against each agent. \nThe process parallelized on {n_processes} processes." ) prints, results = evaluate_against_opponents(agent_path, opponent_pool_paths, n_rounds_per_agent, n_processes) print(prints) if store_results is True: # Store results in data file_name = f'data/results_{datetime.datetime.now().strftime("%Y-%m-%d--%H-%M-%S")}.pickle' with open(file_name, "wb") as file_handler: pickle.dump(results, file_handler) print(f"Store results to {file_name}")
def run_s2e(d_s, argv): ''' start s2e with its own launcher script ''' setproctitle.setproctitle('cimfuzz SYM launcher') import s2e_launcher launcher_args = dict() launcher_args['basedir'] = d_s['.'] # /path/to/the/binary/ launcher_args['process'] = argv[ 'num_s2e'] # number of s2e processes to run launcher_args['timeout'] = argv[ 'timeout_s2e'] # timeout time for a single s2e instance launcher_args['debug'] = argv['debug'] # debug launcher_args['project_id'] = argv['project_id'] # container name launcher_args['arch'] = argv['arch'] # binaryarchitecture launcher_args['interval'] = argv['s2e_check_interval'] launcher_args['threshold'] = argv['s2e_launch_threshold'] launcher_args['mem_limit'] = argv['s2e_mem_limit'] db_config = dict() db_config['database'] = argv['database'] db_config['user'] = argv['user'] db_config['password'] = argv['password'] db_config['host'] = argv['host'] db_config['port'] = argv['port'] launcher_args['db_config'] = db_config print_sep() print '[C]: args used for launching S2E:' print '' pprint.pprint(launcher_args) print '' print_sep() launcher = s2e_launcher.S2ELauncher(launcher_args) launcher.start()
def main( candidate: str, opponent: str, n_rounds_per_agent: int, n_processes: int, base_path: str, ): # Load all agents if not candidate.endswith(".py"): candidate = candidate + ".py" if not opponent.endswith(".py"): opponent = opponent + ".py" all_agents = list(Path(base_path).absolute().iterdir()) agent_path = [ agent_path for agent_path in all_agents if agent_path.name.startswith(candidate) ] opponent_path = [ agent_path for agent_path in all_agents if agent_path.name.startswith(opponent) ] if len(agent_path) == 0: raise ValueError( f"Candidate agent {candidate} could not be found in {base_path}" ) else: agent_path = agent_path.pop() if len(opponent_path) == 0: raise ValueError( f"Candidate agent {opponent} could not be found in {base_path}" ) print(print_sep()) print( f"The agent {agent_path.name} will be tested against the following agent: {opponent_path[0].name}\n" f"The candidate agent will be tested for {n_rounds_per_agent} rounds against each agent. \nThe process parallelized on {n_processes} processes." ) prints, _ = evaluate_against_opponents( agent_path, opponent_path, n_rounds_per_agent, n_processes ) print(prints)
def check_req(argv): ''' check the requirements of cim_fuzz''' # check afl docker image ret = check_docker_image(argv['docker_afl'], 'afl') (import_afl, build_afl, export_afl) = ret # (import_afl, build_afl, export_afl) = (False, False, False) # check s2e docker image # ret = check_docker_image(argv['docker_s2e'], 's2e') # (import_s2e, build_s2e, export_s2e) = ret (import_s2e, build_s2e, export_s2e) = (False, False, False) # check s2e VM images # get_s2e_vm = check_s2e_vm() get_s2e_vm = False # process afl docker image according to check result if import_afl: build_or_import(AFLDIR, argv['docker_afl'], True) if build_afl: build_or_import(AFLDIR, argv['docker_afl'], False) if export_afl: export_docker_image(argv['docker_afl'], 'afl') # process s2e docker image according to check result if import_s2e: build_or_import(S2EDIR, argv['docker_s2e'], True) if build_s2e: build_or_import(S2EDIR, argv['docker_s2e'], False) if export_s2e: export_docker_image(argv['docker_s2e'], 's2e') # process s2e VM images if get_s2e_vm: print_sep() print '[C]: NOW DOWNLOADING S2E VM IMAGE TARBALL' vm_path = '{}/vm'.format(S2EDIR) file_name = url_get_file(IMAGE_URL, vm_path) print_sep() print '[C]: EXTRACTING DOWNLOADED FILE' unzip(file_name, vm_path) # check python packages pip_check('psycopg2') pip_check('watchdog') pip_check('setproctitle') pip_check('docker') pip_check('psutil') pip_check(check='concurrent', install='futures') globals()['docker'] = __import__('docker') globals()['setproctitle'] = __import__('setproctitle') # check for qemu build (for dynamic basic block coverage) curpath = os.path.dirname(os.path.realpath(__file__)) qemu_1 = '{}/coverage/qemu-x86_64'.format(curpath) qemu_2 = '{}/coverage/qemu-i386'.format(curpath) if not os.path.isfile(qemu_1) or not os.path.isfile(qemu_2): cmd = '{}/coverage/setup.sh'.format(curpath) run_command_noret(cmd, debug=True) argv['qemu'] = '{}/coverage'.format(curpath) print_sep() print '[C]: Using docker image [{}] as the afl docker for the test'\ .format(argv['docker_afl']) print '[C]: Using docker image [{}] as the s2e docker for the test'\ .format(argv['docker_s2e'])