Changes to build test corpus for Sleuthkit fuzz targets (#5682)

This commit is contained in:
Joachim Metz 2021-04-28 11:26:56 +02:00 committed by GitHub
parent 4295227ccb
commit 80d39ec418
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 89 additions and 6 deletions

View File

@ -18,4 +18,4 @@ FROM gcr.io/oss-fuzz-base/base-builder
RUN apt-get update && apt-get install -y make autoconf automake libtool RUN apt-get update && apt-get install -y make autoconf automake libtool
RUN git clone --depth 1 https://github.com/sleuthkit/sleuthkit sleuthkit RUN git clone --depth 1 https://github.com/sleuthkit/sleuthkit sleuthkit
WORKDIR sleuthkit WORKDIR sleuthkit
COPY build.sh sleuthkit_mem_img.h *_fuzzer.cc $SRC/ COPY build.sh buildcorpus.sh sleuthkit_mem_img.h *_fuzzer.cc $SRC/

View File

@ -18,6 +18,8 @@
export CFLAGS="$CFLAGS -Wno-error=non-c-typedef-for-linkage" export CFLAGS="$CFLAGS -Wno-error=non-c-typedef-for-linkage"
export CXXFLAGS="$CXXFLAGS -Wno-error=non-c-typedef-for-linkage" export CXXFLAGS="$CXXFLAGS -Wno-error=non-c-typedef-for-linkage"
${SRC}/buildcorpus.sh
./bootstrap ./bootstrap
./configure --enable-static --disable-shared --disable-java --without-afflib --without-libewf --without-libvhdi --without-libvmdk ./configure --enable-static --disable-shared --disable-java --without-afflib --without-libewf --without-libvhdi --without-libvmdk
make -j$(nproc) make -j$(nproc)
@ -37,16 +39,18 @@ declare -A TSK_VS_TYPES=(
["sun"]="TSK_VS_TYPE_SUN" ["sun"]="TSK_VS_TYPE_SUN"
) )
# The fls APFS fuzz target has a seperate source file since it uses the libtsk
# pool layer.
$CXX $CXXFLAGS -std=c++14 -I.. -I. -Itsk \
$SRC/sleuthkit_fls_apfs_fuzzer.cc -o $OUT/sleuthkit_fls_apfs_fuzzer \
$LIB_FUZZING_ENGINE $SRC/sleuthkit/tsk/.libs/libtsk.a
for type in ${!TSK_FS_TYPES[@]}; do for type in ${!TSK_FS_TYPES[@]}; do
$CXX $CXXFLAGS -std=c++14 -I.. -I. -Itsk -DFSTYPE=${TSK_FS_TYPES[$type]} \ $CXX $CXXFLAGS -std=c++14 -I.. -I. -Itsk -DFSTYPE=${TSK_FS_TYPES[$type]} \
$SRC/sleuthkit_fls_fuzzer.cc -o $OUT/sleuthkit_fls_${type}_fuzzer \ $SRC/sleuthkit_fls_fuzzer.cc -o $OUT/sleuthkit_fls_${type}_fuzzer \
$LIB_FUZZING_ENGINE $SRC/sleuthkit/tsk/.libs/libtsk.a $LIB_FUZZING_ENGINE $SRC/sleuthkit/tsk/.libs/libtsk.a
done done
$CXX $CXXFLAGS -std=c++14 -I.. -I. -Itsk \
$SRC/sleuthkit_apfs_fuzzer.cc -o $OUT/sleuthkit_apfs_${type}_fuzzer \
$LIB_FUZZING_ENGINE $SRC/sleuthkit/tsk/.libs/libtsk.a
for type in ${!TSK_VS_TYPES[@]}; do for type in ${!TSK_VS_TYPES[@]}; do
$CXX $CXXFLAGS -std=c++14 -I.. -I. -Itsk -DVSTYPE=${TSK_VS_TYPES[$type]} \ $CXX $CXXFLAGS -std=c++14 -I.. -I. -Itsk -DVSTYPE=${TSK_VS_TYPES[$type]} \
$SRC/sleuthkit_mmls_fuzzer.cc -o $OUT/sleuthkit_mmls_${type}_fuzzer \ $SRC/sleuthkit_mmls_fuzzer.cc -o $OUT/sleuthkit_mmls_${type}_fuzzer \

View File

@ -0,0 +1,79 @@
#!/bin/bash -eu
#
# Script to downloads test data and build the corpus
#
# Copyright 2021 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################
# Test data provided by:
#
# The Fuzzing Project: https://fuzzing-project.org/resources.html
# As CC0 1.0 Universal (CC0 1.0) Public Domain Dedication
# https://creativecommons.org/publicdomain/zero/1.0/
#
# The dfVFS project: https://github.com/log2timeline/dfvfs
# As Apache 2 https://github.com/log2timeline/dfvfs/blob/main/LICENSE
OUT="."
# Files to use for fls fuzz targets
declare -A FLS_TEST_FILES=(
["apfs"]="https://github.com/log2timeline/dfvfs/blob/main/test_data/apfs.raw?raw=true"
["ext"]="https://files.fuzzing-project.org/filesystems/ext2.img"
["fat"]="https://files.fuzzing-project.org/filesystems/exfat.img https://files.fuzzing-project.org/filesystems/fat12.img https://files.fuzzing-project.org/filesystems/fat16.img https://files.fuzzing-project.org/filesystems/fat32.img"
["hfs"]="https://files.fuzzing-project.org/filesystems/hfsplus.img"
["iso9660"]="https://files.fuzzing-project.org/discimages/iso9660.iso"
["ntfs"]="https://files.fuzzing-project.org/filesystems/ntfs.img"
)
# Files to use for mmls fuzz targets
declare -A MMLS_TEST_FILES=(
["dos"]="https://files.fuzzing-project.org/discimages/partition-dos"
["gpt"]="https://files.fuzzing-project.org/discimages/partition-gpt"
["mac"]="https://files.fuzzing-project.org/discimages/partition-mac"
)
for type in ${!FLS_TEST_FILES[@]}; do
fuzz_target="sleuthkit_fls_${type}_fuzzer"
mkdir -p "test_data/${fuzz_target}"
IFS=" "; for url in ${FLS_TEST_FILES[$type]}; do
filename=$( echo ${url} | sed 's/?[^?]*$//' )
filename=$( basename ${filename} )
curl -L -o "test_data/${fuzz_target}/${filename}" "${url}"
done
(cd "test_data/${fuzz_target}" && zip ${OUT}/${fuzz_target}_seed_corpus.zip *)
done
for type in ${!MMLS_TEST_FILES[@]}; do
fuzz_target="sleuthkit_mmls_${type}_fuzzer"
mkdir -p "test_data/${fuzz_target}"
IFS=" "; for url in ${MMLS_TEST_FILES[$type]}; do
filename=$( echo ${url} | sed 's/?[^?]*$//' )
filename=$( basename ${filename} )
curl -L -o "test_data/${fuzz_target}/${filename}" "${url}"
done
(cd "test_data/${fuzz_target}" && zip ${OUT}/${fuzz_target}_seed_corpus.zip *)
done

View File

@ -36,7 +36,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
goto out_img; goto out_img;
} }
// Pool start block is APFS container specific and is hard coded for now // Pool start block is APFS container specific and is hard coded for now
pool_img = pool->get_img_info(pool, (TSK_DADDR_T) 103); pool_img = pool->get_img_info(pool, (TSK_DADDR_T) 106);
if (pool_img == nullptr) { if (pool_img == nullptr) {
goto out_pool; goto out_pool;