From 54bd706197afed7e26e821e227131ae583d14dfe Mon Sep 17 00:00:00 2001 From: Arthur Chan Date: Wed, 3 Aug 2022 00:31:11 +0100 Subject: [PATCH] ntlm2-request: initial integration (#7800) * ntlm2-request: initial integration --- projects/ntlm2/Dockerfile | 22 ++++++++++++ projects/ntlm2/build.sh | 24 +++++++++++++ projects/ntlm2/fuzz_auth.py | 71 +++++++++++++++++++++++++++++++++++++ projects/ntlm2/fuzz_core.py | 33 +++++++++++++++++ projects/ntlm2/project.yaml | 12 +++++++ 5 files changed, 162 insertions(+) create mode 100644 projects/ntlm2/Dockerfile create mode 100644 projects/ntlm2/build.sh create mode 100644 projects/ntlm2/fuzz_auth.py create mode 100644 projects/ntlm2/fuzz_core.py create mode 100644 projects/ntlm2/project.yaml diff --git a/projects/ntlm2/Dockerfile b/projects/ntlm2/Dockerfile new file mode 100644 index 000000000..5aaea784b --- /dev/null +++ b/projects/ntlm2/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder-python + +RUN git clone https://github.com/dopstar/requests-ntlm2 +WORKDIR requests-ntlm2 + +COPY build.sh fuzz_*.py $SRC/ diff --git a/projects/ntlm2/build.sh b/projects/ntlm2/build.sh new file mode 100644 index 000000000..6da18d63c --- /dev/null +++ b/projects/ntlm2/build.sh @@ -0,0 +1,24 @@ +#!/bin/bash -eu +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Build and install project (using current CFLAGS, CXXFLAGS). +pip3 install --upgrade pip +pip3 install . + +for fuzzer in $(find $SRC -name 'fuzz_*.py'); do + compile_python_fuzzer $fuzzer +done diff --git a/projects/ntlm2/fuzz_auth.py b/projects/ntlm2/fuzz_auth.py new file mode 100644 index 000000000..057bef0b3 --- /dev/null +++ b/projects/ntlm2/fuzz_auth.py @@ -0,0 +1,71 @@ +#!/usr/bin/python3 +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import atheris +import sys +import socket +import time +from threading import Thread +with atheris.instrument_imports(): + import requests + from requests.exceptions import InvalidURL,ConnectionError + from requests_ntlm2 import HttpNtlmAuth + +class ServerThread(Thread): + def __init__(self, fdp): + self.fdp = fdp + + self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + self.s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + self.s.bind(("127.0.0.1", 8001)) + self.s.listen(1) + + Thread.__init__(self) + + def run(self): + conn, addr = self.s.accept() + conn.recv(self.fdp.ConsumeIntInRange(1024,2048)) + conn.send(self.fdp.ConsumeBytes(2048)) + time.sleep(0.005) + conn.close() + self.s.shutdown(1) + self.s.close() + time.sleep(0.01) + +def TestInput(data): + fdp = atheris.FuzzedDataProvider(data) + + t1 = ServerThread(fdp) + t1.start() + + session = requests.Session() + auth = HttpNtlmAuth(fdp.ConsumeString(50),fdp.ConsumeString(10)) + session.auth = HttpNtlmAuth(fdp.ConsumeString(50),fdp.ConsumeString(10)) + + try: + requests.get('http://localhost:8001/%s'%fdp.ConsumeString(20),auth=auth) + session.get('http://localhost:8001/%s'%fdp.ConsumeString(20)) + except (InvalidURL,ConnectionError) as e: + pass + + t1.join() + +def main(): + atheris.Setup(sys.argv, TestInput, enable_python_coverage=True) + atheris.instrument_all() + atheris.Fuzz() + +if __name__ == "__main__": + main() diff --git a/projects/ntlm2/fuzz_core.py b/projects/ntlm2/fuzz_core.py new file mode 100644 index 000000000..eb44067bf --- /dev/null +++ b/projects/ntlm2/fuzz_core.py @@ -0,0 +1,33 @@ +#!/usr/bin/python3 +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import atheris +import sys +with atheris.instrument_imports(): + import requests_ntlm2.core as core + +def TestInput(data): + fdp = atheris.FuzzedDataProvider(data) + + core.get_ntlm_credentials(fdp.ConsumeString(50),fdp.ConsumeString(50)) + core.fix_target_info(fdp.ConsumeBytes(100)) + +def main(): + atheris.Setup(sys.argv, TestInput, enable_python_coverage=True) + atheris.instrument_all() + atheris.Fuzz() + +if __name__ == "__main__": + main() diff --git a/projects/ntlm2/project.yaml b/projects/ntlm2/project.yaml new file mode 100644 index 000000000..76a235421 --- /dev/null +++ b/projects/ntlm2/project.yaml @@ -0,0 +1,12 @@ +fuzzing_engines: +- libfuzzer +homepage: https://github.com/dopstar/requests-ntlm2 +language: python +main_repo: https://github.com/dopstar/requests-ntlm2 +sanitizers: +- address +- undefined +vendor_ccs: +- david@adalogics.com +- adam@adalogics.com +- arthur.chan@adalogics.com