def _save_stats(self):
statsp = os.path.join(os.getcwd(), "stats")
create_directory(statsp)
with open(os.path.join(statsp, str(self.start)[:-4] + "_" + get_basename(self.lpath_mfs)) + ".txt", "w",) as s:
s.write("> Start date: {}\n".format(str(self.start)))
s.write("> End date: {}\n".format(str(datetime.datetime.now())))
s.write("> Engine: {}\n".format(str(get_basename(self.lpath_mfs)).split("_"))[-5].strip())
s.write("> Runtime: {}\n".format(str(self.runtime)))
s.write("> File system name: {}\n".format(str(self.lpath_mfs)))
s.write("> File system type: {}\n".format(str(self.mfs_type)))
s.write("> File system size: {}MB\n".format(str(self.mfs_size)))
s.write("> #Files in initial file system: {}\n".format(str(self.mfs_files)))
s.write("> #Max_size of files: {}KB\n".format(str(self.mfs_max_file_size)))
s.write("> Iterations: {}\n".format(str(self.iter)))
s.write("> Avg Iteration time: {}s\n".format(str(self.avg_iter_time)))
s.write("> #Crashes: {}\n".format(str(self.crashes)))
s.write("> #Unique_Crashes: {}\n".format(str(self.ucrashes)))
s.write(
"> #Successful_Mounts: {}({}%)\n".format(
str(self.success_mounts), str(self._get_percentage(self.success_mounts, self.iter)),
)
)
s.write("> #Unsuccessful_Mounts {}\n".format(str(int(self.iter) - int(self.success_mounts))))
s.write(
"> {}/{} ({}%) Commands executed\n".format(
str(self.actual_exec), str(self.max_exec), str(self._get_percentage(self.actual_exec, self.max_exec)),
)
)
def fuzz(self, fuzzy_vm, fs_maker_vm):
create_directory(os.getcwd() + "/file_system_storage")
while True:
if self.dyn_scaling:
self._change_fs_parameters()
try:
self.start_iter = time.time()
self.runtime = str(datetime.datetime.now() - self.start)[:-4]
self._iter_reset()
fs_name = "{}_{}_{}MB".format(self.name, self.mfs_type, self.mfs_size)
cmd = (
"python3 /tmp/makeFS2.py -fs {} -m 1"
' -n "{}"'
" -s {}"
" -p {}"
" -ps {}"
" -o {}".format(self.mfs_type, fs_name, self.mfs_size, self.mfs_files, self.mfs_max_file_size, "/tmp/",)
)
if fs_maker_vm.silent_vm_state():
self.fs_log = fs_maker_vm.exec_cmd_quiet(cmd)
if "ERROR" in self.fs_log:
print("Failed FS creation: {}".format(self.fs_log))
sys.exit(1)
else:
fs_maker_vm.restore_snapshot(fs_maker_vm.get_current_snapshot())
fs_maker_vm.quick_boot(vm_name=fs_maker_vm.name)
self.fs_log = fs_maker_vm.exec_cmd_quiet(cmd)
if not self.fs_log:
logging.error("Failed to fetch fs sample log.. Exiting..!\n")
sys.exit(1)
self.copy_generated_file_system_to_host(fs_maker_vm, fs_name)
self._make_mutation(fs_name)
if not self.lpath_mfs:
continue
fuzzy_vm.cp_to_guest(
get_files_from="file_system_storage/",
list_of_files_to_copy=get_basename(self.lpath_mfs),
save_files_at="/tmp",
)
if "zfs" in self.mfs_type:
mnt_path = "pool_" + "_".join(x for x in get_basename(self.lpath_mfs).split("_")[1:])
else:
mnt_path = get_basename(self.lpath_mfs)
self.automate(
rpath_mfs="/tmp/{}".format(get_basename(self.lpath_mfs)), mount_at="/mnt/{}".format(mnt_path),
)
self.vm_object.exec_cmd_quiet("rm -rf {}".format(os.path.join("/tmp", self.lpath_mfs)))
except (paramiko.ssh_exception.SSHException, paramiko.ssh_exception.NoValidConnectionsError, socket.timeout,) as e:
logging.error("SSH/socket exception: {}. Resetting VM".format(e))
self.check_if_crash_sample()
except (ValueError, OSError) as e:
logging.error("Ran into a problem during fuzzing: {}".format(e))
except (EOFError, AttributeError) as e:
logging.error(e)
logging.error("VM may be down..? Resetting")
self.vm_object.restore_snapshot(snap_name=self.vm_object.get_current_snapshot())
self.vm_object.reset_vm()
def _backup_samples(self):
files = [
self.lpath_mfs,
self.syscall_log,
os.path.join(
str(get_parent_path(self.lpath_mfs)), "_".join(x for x in str(get_basename(self.lpath_mfs)).split("_")[1:]),
),
]
logging.debug("BACKUP FILES: {}".format(files))
archive = os.path.join(self.new_crash_dir, "sample.zip")
with zipfile.ZipFile(archive, "w", compression=zipfile.ZIP_DEFLATED) as myzip:
for f in list(filter(None, files)):
myzip.write(f, pathlib.Path(f).name)
myzip.close()
def _check_if_crash_is_yet_unknown(self):
core_txt = [os.path.join(self.new_crash_dir, f) for f in os.listdir(self.new_crash_dir) if f.startswith("core.txt")][0]
sanitized_bt = self._get_core_details(core_txt)
if len(self.last_panic) <= 2:
return 0
self.crashes += 1
sha256_trace = extract_core_features.get_sha256_sum(sanitized_bt)
self._write_sha256sum_txt(core_txt, sha256_trace)
crashdb = os.path.join(os.getcwd(), "crash_dumps/crash.db")
pathlib.Path(self.new_crash_dir).rename(self.new_crash_dir + "_" + str(self.last_panic))
self.new_crash_dir = self.new_crash_dir + "_" + self.last_panic
with open(crashdb, "a+") as f:
f.seek(0)
db_contents = f.read()
if sha256_trace not in db_contents:
self.ucrashes += 1
self.last_unique = self.iter
print(clr.Fore.CYAN + "[+] New unseen crash found: {}!".format(sha256_trace) + clr.Fore.RESET)
mfs_meta = str(get_basename(self.lpath_mfs)).split("_")
engine = mfs_meta[0].strip()
if "radamsa" in engine and self.radamsa_seed:
engine = engine + " (seed: {})".format(self.radamsa_seed)
else:
engine = "None"
fs = mfs_meta[-2].strip()
size = mfs_meta[-1].strip()
entry = (
str(self.name)
+ "; "
+ str(self.vm_name)
+ "; "
+ fs
+ "; "
+ size
+ "; "
+ engine
+ "; "
+ str(self.last_panic)
+ "; "
+ sha256_trace
+ "; "
+ str(self.new_crash_dir)
+ "; "
+ str(self.runtime)
+ "; "
+ str(self.iter)
+ "\n"
)
f.write(entry)
f.close()
def _compress_vmcore(self):
vmcore = [os.path.join(self.new_crash_dir, f) for f in os.listdir(self.new_crash_dir) if f.startswith("vmcore")][0]
zip_path = os.path.join(self.new_crash_dir, get_basename(vmcore))
with zipfile.ZipFile(zip_path + ".zip", "w", compression=zipfile.ZIP_DEFLATED) as myzip:
myzip.write(vmcore, arcname=get_basename(vmcore))
os.remove(vmcore)