def test_check_strace_for_fopen(self): strace = 'open("log.log", O_RDONLY) = 4' self.assertEqual( HeuristicConfigCreator.check_strace_for_fopen(strace, "log.log"), True) strace = 'open("log.log", O_WRONLY) = 4' self.assertEqual( HeuristicConfigCreator.check_strace_for_fopen(strace, "log.log"), False) strace = 'asfdlajsdf\nopen("log.log", O_RRDONLY) = 4\nalsjsfdlsadjf' self.assertEqual( HeuristicConfigCreator.check_strace_for_fopen(strace, "log.log"), True) # Test a longer string: strace = 'stat("../data/getseeds/sample_dataset/dummyfile.txt.ecp", {st_mode = S_IFREG | 0664, st_size = 48, ...}) = 0 \n' \ 'open("../data/getseeds/sample_dataset/dummyfile.txt.ecp", O_RDONLY) = 4 \n' \ 'lseek(4, 0, SEEK_CUR) = 0' self.assertEqual( HeuristicConfigCreator.check_strace_for_fopen( strace, "../data/getseeds/sample_dataset/dummyfile.txt.ecp"), True) strace = 'openat(AT_FDCWD, "seeds/pcap_samples/pcap_aa75722c-a2fe-4e31-a751-15f606b34aa3.pcap", O_RDONLY) = 3' self.assertEqual( HeuristicConfigCreator.check_strace_for_fopen( strace, "seeds/pcap_samples/pcap_aa75722c-a2fe-4e31-a751-15f606b34aa3.pcap" ), True)
def test_try_filetype_with_coverage_via_afl_fail( self, subprocess_check_output: unittest.mock.MagicMock): binary_path = "tshark" repo_path = "" max_timeout = 2500 memory_limit = "none" h = HeuristicConfigCreator(binary_path=binary_path, repo_path=repo_path, dummyfiles_path=os.getcwd()) h.MAX_TIMEOUT = max_timeout h.memory_limit = memory_limit h.FAILED_INVOCATIONS_THRESHOLD = 2 h.afl_cmin_path = "afl-cmin" mocked_return_value = "cmin-output" subprocess_check_output.return_value = bytes(mocked_return_value, encoding="utf-8") subprocess_check_output.side_effect = subprocess.CalledProcessError( returncode=-1, cmd="alja") h.try_filetype_with_coverage_via_afl("-f", os.getcwd(), file_type=".test") with self.assertRaises(helpers.exceptions.NoCoverageInformation): h.try_filetype_with_coverage_via_afl("-g", os.getcwd(), file_type=".test")
def test_get_best_input_vector(self): h = HeuristicConfigCreator( binary_path="test", dummyfiles_path=os.getcwd( )) # We need to provide valid paths to pass the sanity checks c1 = CliConfig(invocation="-f", coverage=50, filetype=".test1") c2 = CliConfig(invocation="-g", coverage=80, filetype=".test2") h.cli_config_list = [c1, c2] self.assertEqual(h.get_max_coverage_input_vector(), c2)
def test_stdin_inference(self): h = HeuristicConfigCreator(binary_path=self.stdin_binary_path, timeout=1.5, qemu=False, results_out_dir=os.getcwd(), seeds_dir=self.seeds_path) self.assertTrue(h.try_invocation("", stdin=True)) param_set = h.figure_out_parameters() self.assertTrue("" in param_set and len(param_set) == 1)
def test_create_bash_in_execution_path(self): # For now, just test that the method does not raise an exception binary_path = os.getcwd() + "/" + "tshark" repo_path = os.getcwd() filetype = "testfiletype" h = HeuristicConfigCreator(binary_path=binary_path, repo_path=repo_path, dummyfiles_path=os.getcwd()) c1 = CliConfig(invocation="-f", coverage=50, filetype=filetype) h.cli_config_list = [c1] with unittest.mock.patch('json.dump', return_value=True) as json_dump_function: with unittest.mock.patch("builtins.open") as open_object: fileobject = unittest.mock.MagicMock() fileobject.write.return_value = True # Some random return value open_object.return_value = fileobject h.create_bash_in_execution_path() self.assertEqual(json_dump_function.call_count, 1)
def main(binary_path: str, timeout: float, seeds_dir: str, cores: int = 8, parameter: str = "@@"): use_qemu = helpers.utils.qemu_required_for_binary(binary_path) if use_qemu: print("Using qemu for binary {0}".format(binary_path)) logging.info("Now inferring invocation for {0}".format(binary_path)) h = HeuristicConfigCreator(binary_path=binary_path, results_out_dir=os.path.basename(binary_path), timeout=timeout, qemu=use_qemu, cores=cores, seeds_dir=seeds_dir) h.infer_filetype_via_coverage_for_parameter_parallel(parameter=parameter, probe=False) coverage_list = h.coverage_lists[parameter] import csv with open('some.csv', 'w') as f: writer = csv.writer(f) writer.writerows(coverage_list)
def test_get_routine_dict(self): binary_path = "bin/bla/test.bin" repo_path = "bin/" filetype = "testfiletype" h = HeuristicConfigCreator(binary_path=binary_path, repo_path=repo_path, dummyfiles_path=os.getcwd()) c1 = CliConfig(invocation="-f", coverage=50, filetype=".testfiletype") h.cli_config_list = [c1] routine_dict = h.get_routine_dict() # Test certain key-value pairs in the routine dict self.assertEqual((routine_dict["job_desc"][0])["seed_dir"], os.getcwd() + "/.testfiletype_samples") self.assertEqual(routine_dict["fuzz_cmd"], "bla/test.bin -f @@") h = HeuristicConfigCreator(binary_path=binary_path, repo_path=repo_path, dummyfiles_path=os.getcwd()) c1 = CliConfig(invocation=None, coverage=50, filetype=".testfiletype") h.cli_config_list = [c1] routine_dict = h.get_routine_dict() self.assertEqual(routine_dict["fuzz_cmd"], "bla/test.bin @@")
def test_invoke_afl_cmin(self, subprocess_check_output: unittest.mock.MagicMock): binary_path = "tshark" repo_path = "" max_timeout = 2500 memory_limit = "none" h = HeuristicConfigCreator(binary_path=binary_path, repo_path=repo_path, dummyfile_path=__file__, dummyfiles_path=os.getcwd()) h.MAX_TIMEOUT = max_timeout h.memory_limit = memory_limit h.afl_cmin_path = "afl-cmin" mocked_return_value = "cmin-output" subprocess_check_output.return_value = bytes(mocked_return_value, encoding="utf-8") self.assertEqual(h.invoke_afl_cmin("-f", "tmp_dir"), mocked_return_value)
def test_get_coverage_from_afl_cmin_ouput(self): afl_cmin_ouput = "[+] Found 964 unique tuples across 1 files.\n[*] Finding best candidates for each tuple..." self.assertEqual( HeuristicConfigCreator.get_coverage_from_afl_cmin_ouput( afl_cmin_ouput), 964)
def test_fuzzer_workflow(self): log_dict = {} log_dict["mock_data/input_mock/jpg_binary/main"] = {"fuzz_debug": {}} volume_path = "test_output_volume" package_name = "" shutil.rmtree(volume_path, ignore_errors=True) os.makedirs( os.path.join(os.path.join(volume_path, package_name), "main/")) clangfast = sh.Command("afl-clang-fast") clangfast([ "mock_data/input_mock/mixed_fbinary/main.c", "-o", "mock_data/input_mock/mixed_fbinary/main" ]) h = HeuristicConfigCreator( binary_path="mock_data/input_mock/mixed_fbinary/main", results_out_dir=os.path.join(volume_path, package_name, "main/"), qemu=False, seeds_dir="mock_data/mock_seeds/") h.infer_input_vectors() input_vectors = h.get_input_vectors_sorted() helpers.utils.store_input_vectors_in_volume(package_name, "main", volume_path, input_vectors) with open(os.path.join(volume_path, package_name, "main.json")) as json_filepointer: configurations = json.load(json_filepointer) conf = configurations[0] seeds = helpers.utils.get_seeds_dir_from_input_vector_dict( conf, package_name, "main") print(conf) with mock.patch("uuid.uuid4") as uuidmock: uuidmock.return_value = "mockuuidmin" m = minimzer.minize( parameter=conf["parameter"], seeds_dir=seeds, binary_path="mock_data/input_mock/jpg_binary/main", package=package_name, volume_path=volume_path, afl_config_file_name="main.afl_config", tmin_total_time=1000) uuidmock.return_value = "mockuuid" with mock.patch("uuid.uuid4") as uuidmock: uuidmock.return_value = "mockuuid" configfinder.fuzzer_wrapper.prepare_and_start_fuzzer( parameter="@@", seeds_dir="mock_data/mock_seeds/jpg_samples", binary_path="mock_data/input_mock/jpg_binary/main", package=package_name, volume_path=volume_path, afl_config_file_name="main.afl_config", fuzz_duration=15, timeout=1500.0, log_dict=log_dict) with open( os.path.join(os.path.join(volume_path, "main"), "main.afl_config")) as testaflfp: aflconfigdict = json.load(testaflfp) self.assertEqual(aflconfigdict["afl_out_dir"], "test_output_volume/main/main/afl_fuzz_mockuuid") self.assertTrue(os.path.exists(aflconfigdict["afl_out_dir"])) with mock.patch("uuid.uuid4") as uuidmock: uuidmock.return_value = "resume" configfinder.fuzzer_wrapper.resume_fuzzer( "test_output_volume/main/main/afl_fuzz_mockuuid", binary_path="mock_data/input_mock/jpg_binary/main", parameter="@@", timeout=1500.0, fuzz_duration=1) shutil.rmtree(volume_path, ignore_errors=True)