def eval_fuzzing(qemu, parameter, seeds, binary, output_volume, afl_out_file, name, timeout, fuzzer_timeout,
package=None):
signal.signal(signal.SIGTERM, signal_term_handler)
if package:
from builders import builder
b = builder.Builder(package=package, qemu=qemu)
if not b.install():
print("Could not install package, exiting")
with_qemu = b.qemu
else:
with_qemu = qemu
try:
res = fuzzer_wrapper.prepare_and_start_fuzzer(parameter=parameter, seeds_dir=seeds, binary_path=binary,
package=package, volume_path=output_volume,
afl_config_file_name=afl_out_file, qemu=with_qemu, name=name,
wrapper_function=afl_evaluate_fuzz_wrapper, timeout=timeout,
fuzz_duration=fuzzer_timeout)
if res == True:
if not package:
package = ""
afl_config_dict = read_afl_config_file_to_dict(os.path.join(output_volume, package, afl_out_file))
afl_out_dir = afl_config_dict["afl_out_dir"]
save_dir = os.path.join(os.path.abspath(os.path.join(afl_out_dir, '..')), "eval_data/",
os.path.basename(afl_out_dir))
sumresults.create_eval_table_for_run(save_dir, package=package, binary_path=binary, eval_dir=output_volume,
rundir="", qemu=with_qemu, parameter=afl_config_dict["parameter"])
except KeyboardInterrupt:
signal_term_handler(1, 1)
chmod = sh.Command("chmod")
chmod("-R", "0777", output_volume) # Hacky fix for the problem that docker stores everything as root
def main():
parser = argparse.ArgumentParser(
description='Examine a package or a binary.')
subparsers = parser.add_subparsers(help="sub-command help", dest="command")
subparsers.required = True
# Common arguments for both:
parser.add_argument(
"-p",
"--package",
required=True,
type=str,
help="The package to be examined. Must be a pacman package.")
parser.add_argument("-t",
"--timeout",
required=False,
type=float,
help="The timeout for afl",
default=2000) # Default timeout: 2 hours
parser.add_argument("-Q",
dest="qemu",
action="store_true",
default=False,
help="Activate qemu mode when inferring file types.")
parser.add_argument("-v",
"--output_volume",
required=True,
help="In which volume should the files be stored?")
parser_binary = subparsers.add_parser(
"binary", help="Examine a binary.") # type:argparse.ArgumentParser
parser_package = subparsers.add_parser("package", help="Examine a package")
parser_binary.add_argument(
"-param",
"--parameter",
required=False,
type=str,
help="The parameter to the json file. Use = to pass hyphens(-)",
default=None) # Must exists in docker
parser_binary.add_argument(
"-a",
"--afl_dir",
required=True,
type=str,
help="Afl dir, where the seeds should be collected from")
parser_binary.add_argument("-b",
"--binary",
required=False,
type=str,
help="Path to the binary to fuzz.",
default=None)
parser_binary.add_argument("-d",
"--database",
required=True,
help="Where should the database be stored?")
parser_binary.add_argument("-c",
"--collection_dir",
required=True,
help="Where should the crashes be stored?")
arguments = parser.parse_args()
fuzz_data = arguments.output_volume
package = arguments.package
print("Globbing {0}".format(os.path.join(fuzz_data, package) + "/*.json"))
# print(os.listdir(os.path.join(fuzz_data)))
# print(os.listdir(os.path.join(fuzz_data, package)))
json_fuzzer_files = glob.glob(os.path.join(fuzz_data, package) + "/*.json")
print(json_fuzzer_files)
with open(json_fuzzer_files[0]) as fp:
json_dict = json.load(fp)
qemu = json_dict[0]["qemu"]
b = builder.Builder(package=package, qemu=qemu, overwrite=False)
if qemu:
b.install()
else:
if not os.path.exists(json_dict[0]["binary_path"]):
b = builder.Builder(package=package, qemu=qemu)
b.try_build()
else:
b.install_deps()
b.install_opt_depends_for_pacman()
package_analyzer = PackageAnalyzer(
package=package, volume=fuzz_data
) # collect_package(package_dir=package, volume=fuzz_data)
package_analyzer.collect_package()
return True
os.sys.path.insert(0, parentdir)
import config_settings
from builders import builder
import logging
if __name__ == "__main__":
parser = argparse.ArgumentParser(description='Examine a package.')
parser.add_argument("-p", "--package", required=True, type=str,
help="The package to be examined. Must be an apt package.")
parser.add_argument("-Q", dest="qemu", action="store_true", default=False,
help="Activate qemu mode when inferring file types.")
parser.add_argument("-l", "--logfile", required=False, help="The logfile path", default=None)
# Either fuzz projects or binaries
arguments = parser.parse_args()
if arguments.logfile:
logfile = arguments.logfile
logging.basicConfig(filename=logfile, level=logging.INFO, format='%(levelname)s %(asctime)s: %(message)s',
filemode='a')
package = arguments.package
b = builder.Builder(package=arguments.package, qemu=arguments.qemu)
if not b.install():
print("Could not install package {0}, exiting".format(package))
exit(config_settings.BUILDER_BUILD_FAILED)
qemu = b.qemu
if qemu:
print("Package {0} installed with qemu".format(package))
exit(config_settings.BUILDER_BUILD_QEMU)
else:
print("Package {0} build + installed".format(package))
exit(config_settings.BUILDER_BUILD_NORMAL)
args = parser.parse_args()
logfilename = os.path.join(args.output_volume, args.package + ".log")
logging.basicConfig(filename=logfilename,
level=logging.INFO,
format='%(levelname)s %(asctime)s: %(message)s',
filemode='a')
parameter = None
if args.parameter:
if args.parameter[0] == '"' and args.parameter[
-1] == '"': # Parameter is enclosed by " ", we don't want that
parameter = args.parameter[1:-1]
else:
parameter = args.parameter
if args.which == "minimize" or args.which == "fuzz" or args.which == "eval":
use_qemu = args.qemu
b = builder.Builder(package=args.package, qemu=args.qemu)
if not b.install():
print("Could not install package, exiting")
sys.exit(-1)
use_qemu = b.qemu
if args.which == "minimize":
import minimzer
minimzer.minize(parameter=parameter,
seeds_dir=args.seeds,
binary_path=args.binary,
package=args.package,
volume_path=args.output_volume,
afl_config_file_name=args.afl_out_file,
qemu=use_qemu,
name=args.name,
def run_package_eval(self):
self.append_to_status("Building package")
if not self.user_defined_folder:
print("Now doing package {0}".format(self.package))
print("Build package {0}".format(self.package))
b = builder.Builder(package=self.package,
qemu=self.qemu,
overwrite=True)
if not b.install():
print("Could not install package, exiting")
self.logger.error("Could not install package, exiting")
exit(0)
qemu = b.qemu
self.package_log_dict["qemu"] = qemu
packages_files = b.get_file_list()
else:
packages_files = helpers.utils.absoluteFilePaths(
self.user_defined_folder)
volume = self.output_volume
self.append_to_status("Searching for fuzzable binaries")
fuzzable_binaries = helpers.utils.return_fuzzable_binaries_from_file_list(
packages_files, log_dict=self.package_log_dict)
self.logger.info("Fuzzable binaries detected: {0}".format(
" ".join(fuzzable_binaries)))
self.append_to_status("Fuzzable binaries detected: {0}".format(
" ".join(fuzzable_binaries)))
self.package_log_dict["inference_success"] = []
self.package_log_dict["inference_fail"] = []
self.package_log_dict["fuzzing_success"] = []
self.package_log_dict["fuzzing_fail"] = []
for b in fuzzable_binaries:
self.eval_binary(binary_path=b)
# else:
# logging.info("Skipping binary {0} as non fuzzable".format(b))
self.package_log_dict["num_elf_files"] = len(
self.package_log_dict["elf_files"])
self.package_log_dict["num_fuzzable_bins"] = len(
self.package_log_dict["fuzzable_bins"])
self.package_log_dict["num_executable_elf_files"] = len(
self.package_log_dict["executable_elf_files"])
self.package_log_dict["num_inference_success"] = len(
self.package_log_dict["inference_success"])
self.package_log_dict["num_inference_fail"] = len(
self.package_log_dict["inference_fail"])
self.package_log_dict["num_fuzzing_success"] = len(
self.package_log_dict["fuzzing_success"])
self.package_log_dict["num_fuzzing_fail"] = len(
self.package_log_dict["fuzzing_fail"])
print(self.package_log_dict)
with open(
os.path.join(self.output_volume,
"{0}_log.json".format(self.package)), "w") as fp:
json.dump(self.package_log_dict, fp)
try:
chmod(
"-R", "0777", os.path.join(volume, self.package)
) # Hacky fix for the problem that docker stores every as root
except sh.ErrorReturnCode as e:
self.logger.error(
"Could not set chmod permissions for package volume. Error: {0}"
.format((str(e))))