Changes to build test corpus for Sleuthkit fuzz targets (#5682)

2021-04-28 11:26:56 +02:00 · 2021-04-28 11:26:56 +02:00 · 80d39ec418
parent 4295227ccb
commit 80d39ec418
4 changed files with 89 additions and 6 deletions
--- a/projects/sleuthkit/Dockerfile
+++ b/projects/sleuthkit/Dockerfile
@ -18,4 +18,4 @@ FROM gcr.io/oss-fuzz-base/base-builder
 RUN apt-get update && apt-get install -y make autoconf automake libtool
 RUN git clone --depth 1 https://github.com/sleuthkit/sleuthkit sleuthkit
 WORKDIR sleuthkit
-COPY build.sh sleuthkit_mem_img.h *_fuzzer.cc $SRC/
+COPY build.sh buildcorpus.sh sleuthkit_mem_img.h *_fuzzer.cc $SRC/
--- a/projects/sleuthkit/build.sh
+++ b/projects/sleuthkit/build.sh
@ -18,6 +18,8 @@
 export CFLAGS="$CFLAGS -Wno-error=non-c-typedef-for-linkage"
 export CXXFLAGS="$CXXFLAGS -Wno-error=non-c-typedef-for-linkage"

+${SRC}/buildcorpus.sh
+
 ./bootstrap
 ./configure --enable-static --disable-shared --disable-java --without-afflib --without-libewf --without-libvhdi --without-libvmdk
 make -j$(nproc)
@ -37,16 +39,18 @@ declare -A TSK_VS_TYPES=(
  ["sun"]="TSK_VS_TYPE_SUN"
 )

+# The fls APFS fuzz target has a seperate source file since it uses the libtsk
+# pool layer.
+$CXX $CXXFLAGS -std=c++14 -I.. -I. -Itsk \
+    $SRC/sleuthkit_fls_apfs_fuzzer.cc -o $OUT/sleuthkit_fls_apfs_fuzzer \
+    $LIB_FUZZING_ENGINE $SRC/sleuthkit/tsk/.libs/libtsk.a
+
 for type in ${!TSK_FS_TYPES[@]}; do
  $CXX $CXXFLAGS -std=c++14 -I.. -I. -Itsk -DFSTYPE=${TSK_FS_TYPES[$type]} \
      $SRC/sleuthkit_fls_fuzzer.cc -o $OUT/sleuthkit_fls_${type}_fuzzer \
      $LIB_FUZZING_ENGINE $SRC/sleuthkit/tsk/.libs/libtsk.a
 done

-$CXX $CXXFLAGS -std=c++14 -I.. -I. -Itsk \
-    $SRC/sleuthkit_apfs_fuzzer.cc -o $OUT/sleuthkit_apfs_${type}_fuzzer \
-    $LIB_FUZZING_ENGINE $SRC/sleuthkit/tsk/.libs/libtsk.a
-
 for type in ${!TSK_VS_TYPES[@]}; do
  $CXX $CXXFLAGS -std=c++14 -I.. -I. -Itsk -DVSTYPE=${TSK_VS_TYPES[$type]} \
      $SRC/sleuthkit_mmls_fuzzer.cc -o $OUT/sleuthkit_mmls_${type}_fuzzer \
--- a/projects/sleuthkit/buildcorpus.sh
+++ b/projects/sleuthkit/buildcorpus.sh
@ -0,0 +1,79 @@
+#!/bin/bash -eu
+#
+# Script to downloads test data and build the corpus
+#
+# Copyright 2021 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# Test data provided by:
+#
+# The Fuzzing Project: https://fuzzing-project.org/resources.html
+#   As CC0 1.0 Universal (CC0 1.0) Public Domain Dedication
+#   https://creativecommons.org/publicdomain/zero/1.0/
+#
+# The dfVFS project: https://github.com/log2timeline/dfvfs
+#   As Apache 2 https://github.com/log2timeline/dfvfs/blob/main/LICENSE
+
+OUT="."
+
+# Files to use for fls fuzz targets
+declare -A FLS_TEST_FILES=(
+  ["apfs"]="https://github.com/log2timeline/dfvfs/blob/main/test_data/apfs.raw?raw=true"
+  ["ext"]="https://files.fuzzing-project.org/filesystems/ext2.img"
+  ["fat"]="https://files.fuzzing-project.org/filesystems/exfat.img https://files.fuzzing-project.org/filesystems/fat12.img https://files.fuzzing-project.org/filesystems/fat16.img https://files.fuzzing-project.org/filesystems/fat32.img"
+  ["hfs"]="https://files.fuzzing-project.org/filesystems/hfsplus.img"
+  ["iso9660"]="https://files.fuzzing-project.org/discimages/iso9660.iso"
+  ["ntfs"]="https://files.fuzzing-project.org/filesystems/ntfs.img"
+)
+
+# Files to use for mmls fuzz targets
+declare -A MMLS_TEST_FILES=(
+  ["dos"]="https://files.fuzzing-project.org/discimages/partition-dos"
+  ["gpt"]="https://files.fuzzing-project.org/discimages/partition-gpt"
+  ["mac"]="https://files.fuzzing-project.org/discimages/partition-mac"
+)
+
+
+for type in ${!FLS_TEST_FILES[@]}; do
+  fuzz_target="sleuthkit_fls_${type}_fuzzer"
+
+  mkdir -p "test_data/${fuzz_target}"
+
+  IFS=" "; for url in ${FLS_TEST_FILES[$type]}; do
+    filename=$( echo ${url} | sed 's/?[^?]*$//' )
+    filename=$( basename ${filename} )
+
+    curl -L -o "test_data/${fuzz_target}/${filename}" "${url}"
+  done
+
+  (cd "test_data/${fuzz_target}" && zip ${OUT}/${fuzz_target}_seed_corpus.zip *)
+done
+
+
+for type in ${!MMLS_TEST_FILES[@]}; do
+  fuzz_target="sleuthkit_mmls_${type}_fuzzer"
+
+  mkdir -p "test_data/${fuzz_target}"
+
+  IFS=" "; for url in ${MMLS_TEST_FILES[$type]}; do
+    filename=$( echo ${url} | sed 's/?[^?]*$//' )
+    filename=$( basename ${filename} )
+
+    curl -L -o "test_data/${fuzz_target}/${filename}" "${url}"
+  done
+
+  (cd "test_data/${fuzz_target}" && zip ${OUT}/${fuzz_target}_seed_corpus.zip *)
+done
--- a/projects/sleuthkit/sleuthkit_fls_apfs_fuzzer.cc
+++ b/projects/sleuthkit/sleuthkit_fls_apfs_fuzzer.cc
@ -36,7 +36,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
    goto out_img;
  }
  // Pool start block is APFS container specific and is hard coded for now
-  pool_img = pool->get_img_info(pool, (TSK_DADDR_T) 103);
+  pool_img = pool->get_img_info(pool, (TSK_DADDR_T) 106);

  if (pool_img == nullptr) {
    goto out_pool;