def eval_fuzzing(qemu, parameter, seeds, binary, output_volume, afl_out_file, name, timeout, fuzzer_timeout, package=None): signal.signal(signal.SIGTERM, signal_term_handler) if package: from builders import builder b = builder.Builder(package=package, qemu=qemu) if not b.install(): print("Could not install package, exiting") with_qemu = b.qemu else: with_qemu = qemu try: res = fuzzer_wrapper.prepare_and_start_fuzzer(parameter=parameter, seeds_dir=seeds, binary_path=binary, package=package, volume_path=output_volume, afl_config_file_name=afl_out_file, qemu=with_qemu, name=name, wrapper_function=afl_evaluate_fuzz_wrapper, timeout=timeout, fuzz_duration=fuzzer_timeout) if res == True: if not package: package = "" afl_config_dict = read_afl_config_file_to_dict(os.path.join(output_volume, package, afl_out_file)) afl_out_dir = afl_config_dict["afl_out_dir"] save_dir = os.path.join(os.path.abspath(os.path.join(afl_out_dir, '..')), "eval_data/", os.path.basename(afl_out_dir)) sumresults.create_eval_table_for_run(save_dir, package=package, binary_path=binary, eval_dir=output_volume, rundir="", qemu=with_qemu, parameter=afl_config_dict["parameter"]) except KeyboardInterrupt: signal_term_handler(1, 1) chmod = sh.Command("chmod") chmod("-R", "0777", output_volume) # Hacky fix for the problem that docker stores everything as root
def main(): parser = argparse.ArgumentParser( description='Examine a package or a binary.') subparsers = parser.add_subparsers(help="sub-command help", dest="command") subparsers.required = True # Common arguments for both: parser.add_argument( "-p", "--package", required=True, type=str, help="The package to be examined. Must be a pacman package.") parser.add_argument("-t", "--timeout", required=False, type=float, help="The timeout for afl", default=2000) # Default timeout: 2 hours parser.add_argument("-Q", dest="qemu", action="store_true", default=False, help="Activate qemu mode when inferring file types.") parser.add_argument("-v", "--output_volume", required=True, help="In which volume should the files be stored?") parser_binary = subparsers.add_parser( "binary", help="Examine a binary.") # type:argparse.ArgumentParser parser_package = subparsers.add_parser("package", help="Examine a package") parser_binary.add_argument( "-param", "--parameter", required=False, type=str, help="The parameter to the json file. Use = to pass hyphens(-)", default=None) # Must exists in docker parser_binary.add_argument( "-a", "--afl_dir", required=True, type=str, help="Afl dir, where the seeds should be collected from") parser_binary.add_argument("-b", "--binary", required=False, type=str, help="Path to the binary to fuzz.", default=None) parser_binary.add_argument("-d", "--database", required=True, help="Where should the database be stored?") parser_binary.add_argument("-c", "--collection_dir", required=True, help="Where should the crashes be stored?") arguments = parser.parse_args() fuzz_data = arguments.output_volume package = arguments.package print("Globbing {0}".format(os.path.join(fuzz_data, package) + "/*.json")) # print(os.listdir(os.path.join(fuzz_data))) # print(os.listdir(os.path.join(fuzz_data, package))) json_fuzzer_files = glob.glob(os.path.join(fuzz_data, package) + "/*.json") print(json_fuzzer_files) with open(json_fuzzer_files[0]) as fp: json_dict = json.load(fp) qemu = json_dict[0]["qemu"] b = builder.Builder(package=package, qemu=qemu, overwrite=False) if qemu: b.install() else: if not os.path.exists(json_dict[0]["binary_path"]): b = builder.Builder(package=package, qemu=qemu) b.try_build() else: b.install_deps() b.install_opt_depends_for_pacman() package_analyzer = PackageAnalyzer( package=package, volume=fuzz_data ) # collect_package(package_dir=package, volume=fuzz_data) package_analyzer.collect_package() return True
os.sys.path.insert(0, parentdir) import config_settings from builders import builder import logging if __name__ == "__main__": parser = argparse.ArgumentParser(description='Examine a package.') parser.add_argument("-p", "--package", required=True, type=str, help="The package to be examined. Must be an apt package.") parser.add_argument("-Q", dest="qemu", action="store_true", default=False, help="Activate qemu mode when inferring file types.") parser.add_argument("-l", "--logfile", required=False, help="The logfile path", default=None) # Either fuzz projects or binaries arguments = parser.parse_args() if arguments.logfile: logfile = arguments.logfile logging.basicConfig(filename=logfile, level=logging.INFO, format='%(levelname)s %(asctime)s: %(message)s', filemode='a') package = arguments.package b = builder.Builder(package=arguments.package, qemu=arguments.qemu) if not b.install(): print("Could not install package {0}, exiting".format(package)) exit(config_settings.BUILDER_BUILD_FAILED) qemu = b.qemu if qemu: print("Package {0} installed with qemu".format(package)) exit(config_settings.BUILDER_BUILD_QEMU) else: print("Package {0} build + installed".format(package)) exit(config_settings.BUILDER_BUILD_NORMAL)
args = parser.parse_args() logfilename = os.path.join(args.output_volume, args.package + ".log") logging.basicConfig(filename=logfilename, level=logging.INFO, format='%(levelname)s %(asctime)s: %(message)s', filemode='a') parameter = None if args.parameter: if args.parameter[0] == '"' and args.parameter[ -1] == '"': # Parameter is enclosed by " ", we don't want that parameter = args.parameter[1:-1] else: parameter = args.parameter if args.which == "minimize" or args.which == "fuzz" or args.which == "eval": use_qemu = args.qemu b = builder.Builder(package=args.package, qemu=args.qemu) if not b.install(): print("Could not install package, exiting") sys.exit(-1) use_qemu = b.qemu if args.which == "minimize": import minimzer minimzer.minize(parameter=parameter, seeds_dir=args.seeds, binary_path=args.binary, package=args.package, volume_path=args.output_volume, afl_config_file_name=args.afl_out_file, qemu=use_qemu, name=args.name,
def run_package_eval(self): self.append_to_status("Building package") if not self.user_defined_folder: print("Now doing package {0}".format(self.package)) print("Build package {0}".format(self.package)) b = builder.Builder(package=self.package, qemu=self.qemu, overwrite=True) if not b.install(): print("Could not install package, exiting") self.logger.error("Could not install package, exiting") exit(0) qemu = b.qemu self.package_log_dict["qemu"] = qemu packages_files = b.get_file_list() else: packages_files = helpers.utils.absoluteFilePaths( self.user_defined_folder) volume = self.output_volume self.append_to_status("Searching for fuzzable binaries") fuzzable_binaries = helpers.utils.return_fuzzable_binaries_from_file_list( packages_files, log_dict=self.package_log_dict) self.logger.info("Fuzzable binaries detected: {0}".format( " ".join(fuzzable_binaries))) self.append_to_status("Fuzzable binaries detected: {0}".format( " ".join(fuzzable_binaries))) self.package_log_dict["inference_success"] = [] self.package_log_dict["inference_fail"] = [] self.package_log_dict["fuzzing_success"] = [] self.package_log_dict["fuzzing_fail"] = [] for b in fuzzable_binaries: self.eval_binary(binary_path=b) # else: # logging.info("Skipping binary {0} as non fuzzable".format(b)) self.package_log_dict["num_elf_files"] = len( self.package_log_dict["elf_files"]) self.package_log_dict["num_fuzzable_bins"] = len( self.package_log_dict["fuzzable_bins"]) self.package_log_dict["num_executable_elf_files"] = len( self.package_log_dict["executable_elf_files"]) self.package_log_dict["num_inference_success"] = len( self.package_log_dict["inference_success"]) self.package_log_dict["num_inference_fail"] = len( self.package_log_dict["inference_fail"]) self.package_log_dict["num_fuzzing_success"] = len( self.package_log_dict["fuzzing_success"]) self.package_log_dict["num_fuzzing_fail"] = len( self.package_log_dict["fuzzing_fail"]) print(self.package_log_dict) with open( os.path.join(self.output_volume, "{0}_log.json".format(self.package)), "w") as fp: json.dump(self.package_log_dict, fp) try: chmod( "-R", "0777", os.path.join(volume, self.package) ) # Hacky fix for the problem that docker stores every as root except sh.ErrorReturnCode as e: self.logger.error( "Could not set chmod permissions for package volume. Error: {0}" .format((str(e))))