From 8f16f85ef302164bafa8dd0c8ee6b99630198802 Mon Sep 17 00:00:00 2001
From: Allen-Webb <35739080+Allen-Webb@users.noreply.github.com>
Date: Mon, 30 Jul 2018 09:04:20 -0700
Subject: [PATCH] [USBGuard] Initial Integration. (#1667)

USBGuard is a project that provides policy enforcement for attached
USB device to protect against malicious on unauthorized USB devices.

This adds initial support for the USBGuard project.
---
 projects/usbguard/Dockerfile   | 42 +++++++++++++++++
 projects/usbguard/build.sh     | 83 ++++++++++++++++++++++++++++++++++
 projects/usbguard/project.yaml |  8 ++++
 3 files changed, 133 insertions(+)
 create mode 100644 projects/usbguard/Dockerfile
 create mode 100644 projects/usbguard/build.sh
 create mode 100644 projects/usbguard/project.yaml

diff --git a/projects/usbguard/Dockerfile b/projects/usbguard/Dockerfile
new file mode 100644
index 000000000..b3e362c31
--- /dev/null
+++ b/projects/usbguard/Dockerfile
@@ -0,0 +1,42 @@
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+MAINTAINER allenwebb@google.com
+
+RUN apt-get update && apt-get install -y \
+  make \
+  autoconf \
+  automake \
+  libtool \
+  pkg-config \
+  libxml2-utils \
+  xsltproc \
+  libqb-dev \
+  libprotobuf-dev \
+  protobuf-compiler \
+  libdbus-1-dev \
+  libdbus-glib-1-dev \
+  libgio2.0-cil-dev \
+  libgcrypt20-dev \
+  libpolkit-gobject-1-dev \
+  libseccomp-dev \
+  libcap-ng-dev
+
+RUN git clone --recurse-submodules --depth 1 \
+  https://github.com/USBGuard/usbguard usbguard
+WORKDIR usbguard
+COPY build.sh $SRC
diff --git a/projects/usbguard/build.sh b/projects/usbguard/build.sh
new file mode 100644
index 000000000..5c7daf68e
--- /dev/null
+++ b/projects/usbguard/build.sh
@@ -0,0 +1,83 @@
+#!/bin/bash -eu
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+autoreconf -fi
+
+libqb=`find /usr/lib/ -name libqb.a -print -quit`
+protobuf=`find /usr/lib/ -name libprotobuf.a -print -quit`
+
+qb_LIBS="${libqb}" \
+  protobuf_LIBS="-pthread ${protobuf} -pthread -lpthread" \
+  ./configure --with-bundled-catch --with-bundled-pegtl \
+  --with-crypto-library=gcrypt --disable-shared
+
+fuzzers="$( cd src/Tests/Fuzzers && find -name 'fuzzer-*.cpp' |
+           sed 's/^\.\/\(fuzzer-.*\)\.cpp$/\1/g' )"
+
+make -j`nproc` src/build-config.h libusbguard.la
+make -j`nproc` -C src/Tests/Fuzzers ${fuzzers}
+
+cd src/Tests/Fuzzers
+mv ${fuzzers} "$OUT"
+
+################################################################################
+# Create seed corpora.
+################################################################################
+
+# General case:
+cd "$SRC/usbguard/src/Tests/Fuzzers"
+# fuzzer-usb-descriptor seed corpus.
+for fuzzer_name in ${fuzzers}; do
+  corpus_dir="${fuzzer_name}_corpus"
+  if [[ ! -d "$corpus_dir" ]] ; then
+    continue
+  fi
+  zip_name="$OUT/${fuzzer_name}_seed_corpus.zip"
+  rm -f "${zip_name}"
+  zip -r "${zip_name}" "${corpus_dir}"
+done
+
+# Specific cases:
+cd "$WORK"
+# fuzzer-rules seed corpus.
+fuzzer_name=fuzzer-rules
+corpus_dir="${fuzzer_name}_corpus"
+zip_name="$OUT/${fuzzer_name}_seed_corpus.zip"
+if [[ ! -d "$SRC/usbguard/src/Tests/Fuzzers/$corpus_dir" ]] ; then
+  rm -f "${zip_name}"
+  rm -rf "${corpus_dir}"
+  mkdir -p "${corpus_dir}"
+  pushd "${corpus_dir}"
+  i=1000000
+  while read -r line; do
+    echo "${line}" > "$((i++))"
+  done < <( cat $SRC/usbguard/src/Tests/Rules/test-rules.good \
+            $SRC/usbguard/src/Tests/Rules/test-rules.bad )
+  popd
+  zip -r "${zip_name}" "${corpus_dir}"
+fi
+
+# fuzzer-usb-descriptor seed corpus.
+fuzzer_name=fuzzer-usb-descriptor
+corpus_dir="${fuzzer_name}_corpus"
+zip_name="$OUT/${fuzzer_name}_seed_corpus.zip"
+if [[ ! -d "$SRC/usbguard/src/Tests/Fuzzers/$corpus_dir" ]] ; then
+  rm -rf "${corpus_dir}"
+  rm -f "${zip_name}"
+  cp -R "$SRC/usbguard/src/Tests/USB/data" "${corpus_dir}"
+  zip -r "${zip_name}" "${corpus_dir}"
+fi
diff --git a/projects/usbguard/project.yaml b/projects/usbguard/project.yaml
new file mode 100644
index 000000000..902bd0dc8
--- /dev/null
+++ b/projects/usbguard/project.yaml
@@ -0,0 +1,8 @@
+homepage: "https://usbguard.github.io/"
+primary_contact: "dkopecek@redhat.com"
+sanitizers:
+ - address
+ - undefined
+ - memory
+auto_ccs:
+ - "allenwebb@google.com"