Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,236 Commits 195 Branches 0 Tags 125 MiB
Commit Graph

17 Commits

Author SHA1 Message Date
Oliver Chang 5675ec6958
Rename execSan to SystemSan. (#8369) 
* Rename execSan to SystemSan.

All of the bug detectors we've built (or plan to build) relate to system
state.

* fix documentation

* fix more documentation
 2022-08-30 08:40:46 +10:00
Catena cyber 2964ab1af5
execscan: detect arbitrary file open (#8009) 
* execscan: detect arbitrary file open

* Checks for unknown top dir

* move the file open test to its own fuzz target

* Fixups from PR review
 2022-08-03 13:09:32 +10:00
Oliver Chang 70dd8b4c95
execSan: Send SIGABRT signal to initial (main thread). (#7988) 2022-07-11 06:03:51 +00:00
Oliver Chang 9665b2e1b8
execSan: Don't exit on reporting a bug. (#7947) 
This causes race conditions with stacktrace printing and does not return
the same exit code as the child process.

Just send the SIGABRT and let our tracing handle the exit.
 2022-07-05 05:38:21 +00:00
Oliver Chang a2eaeebecb
execSan: Return same exit status as the child. (#7924) 
* execSan: Return same exit status as the child.

* format
 2022-06-29 02:05:17 +00:00
Dongge Liu dead89aa00
A PoC of `execSan` with `node-shell-quote` v1.7.3 (#7843) 
* A PoC with `node-shell-quote` v1.7.3.

* A description of the shell injection bug in the prev version of shell-quote and how to reproduce it with `execSan`.

* Amend the instructions to run `execSan` on `node-shell-quote` and `pytorch-lightning`.
 2022-06-14 09:58:21 +10:00
Dongge Liu 605122c506
Allow searching for the binary to execute in `$PATH` (#7832) 
Allow searching for the binary to execute in $PATH
 2022-06-09 19:25:57 +10:00
Dongge Liu ddf48c9a74
A PoC of `execSan` with `pytorch-lightning-1.5.10` (#7827) 
* A PoC of `execSan` with `pytorch-lightning-1.5.10`
 2022-06-09 14:22:41 +10:00
Dongge Liu 639cc9588e
Execsan syntax error (minor fixes) (#7806) 
* Removes the `: ` prefix in our previous pattern to capture case ii and reduce false negatives:
   1. Our previous pattern (i.e. `: Syntax error`) is designed to reduce false positives, but it relies on `dash` to print out an error message within one `write` syscall. E.g. `sh: 1: Syntax error: "invalid_command" unexpected`.
   2. In some cases, `dash` breaks the message into multiple `write` syscalls. E.g. it invokes 2 `writes` whose buffers respectively contain `sh: 1:`, ` Syntax error: "invalid_command" unexpected`.

* Fix outdated wording

* A TODO about using more specific patterns of error messages
 2022-06-07 11:50:30 +10:00
Dongge Liu 62f034e81d
Detect shell injection based on syntax errors (#7795) 
* Remove redundant tripwire from Makefile

* Detect shell corruption based on syntax errors

* Type, name, format, typo, etc.

* Error pattern matching logic

* clang-format

* Code structure fix

* Extend the pathname length of shell to be safe

* Remove redundant operations on memory read from regs

* More specific patterns

* Identify sh

* Remove redudant substr

* Document shell corruption in README.md

* Clang-format

* Organise printf/debug_log/cerr

* Remove a completed TODO

* Use readlink instead of `file`

* Clang-format
 2022-06-06 14:14:01 +10:00
Alan32Liu 5c56efe1c2 Revert "Remove redundant tripwire from Makefile" 
This reverts commit 514d2928bd.
 2022-06-02 11:10:41 +10:00
Alan32Liu 3cb7bae824 Revert "Detect shell corruption based on syntax errors" 
This reverts commit 5bb187777b.
 2022-06-02 11:10:32 +10:00
Alan32Liu 5bb187777b Detect shell corruption based on syntax errors 2022-06-02 11:05:03 +10:00
Alan32Liu 514d2928bd Remove redundant tripwire from Makefile 2022-06-02 10:44:40 +10:00
Oliver Chang 2af5e25a48
Print sanitizer stacktrace for execSan bugs. (#7782) 
Send SIGABRT to the root process being fuzzed to generate a stacktrace.

Also distinguish between syscall enter and exit.
 2022-06-01 08:57:27 +10:00
Oliver Chang a5d3ab8cb0
execSan: Follow forks. (#7771) 
* execSan: Follow forks.

- ptrace all child processes.
- Look for execve() calls with /tmp/tripwire as the first argument.
  There's no need for it to actually run.
- Convert to C++.

* remove ununused tripwire code

* comments
 2022-05-30 10:31:12 +10:00
Dongge Liu e249bcc669
An attempt to detect shell injection with `ptrace` (#7757) 
* An attempt to detect shell injection with ptrace

* Relocate sanitizer files

* Add headers and file descriptions

* Better cleanup

* Name and analogy

* TODOs

* safer cleanup

* More descriptive name

* More descriptive README.md

* More descriptive file names

* One more TODOs
 2022-05-26 15:37:04 +10:00