Permalink
Browse files

better output files (+lint fixes)

  • Loading branch information...
dobin committed Sep 17, 2017
1 parent 68b3cc0 commit 7e23eac14a1d082626b4a7987eefe192902f2c28
Showing with 394 additions and 366 deletions.
  1. +0 −1 debugservermanager.py
  2. +0 −1 framework.py
  3. +61 −58 fuzzingiterationdata.py
  4. +12 −14 fuzzingmaster.py
  5. +45 −15 fuzzingslave.py
  6. +89 −88 gui.py
  7. +106 −120 interceptor.py
  8. +7 −5 minimizer.py
  9. +19 −12 mongoose_mqtt_asan/fuzzing.py
  10. +4 −3 networkmanager.py
  11. +7 −3 printpickle.py
  12. +2 −2 replay.py
  13. +1 −1 servermanager.py
  14. +14 −14 serverutils.py
  15. +2 −2 utils.py
  16. +25 −27 verifier.py
@@ -18,7 +18,6 @@
import serverutils
class StdoutQueue():
"""
This is a Queue that behaves like stdout.
@@ -10,7 +10,6 @@
import replay
import minimizer
import gui
import interceptor
import fuzzingmaster
import verifier
@@ -1,13 +1,13 @@
#!/bin/python
#!/usr/bin/env python2
import urllib
import random
import logging
import os
import subprocess
import pickle
import copy
import time
import sys
fuzzers = {
"Dumb":
@@ -27,12 +27,12 @@
class FuzzingIterationData(object):
"""
Contains all the data for a fuzzing iteration
Contains all the data for a fuzzing iteration.
This includes:
- all the original packets
- the fuzzed packet
- seed
This includes:
- all the original packets
- the fuzzed packet
- seed
"""
def __init__(self, config, initialData):
@@ -42,21 +42,35 @@ def __init__(self, config, initialData):
self.fuzzedData = None
self.choice = None
self.fuzzingInFile = None
self.time = time.strftime("%c")
def _generateSeed(self):
def getData(self):
"""
Generate a random seed to pass to the fuzzer
Return all necessary data.
Used by fuzzing slave to export data to pickle file.
"""
data = {
"seed": self.seed,
# "config": self.config,
"initialData": self.initialData,
"fuzzedData": self.fuzzedData,
"time": self.time,
}
return data
def _generateSeed(self):
"""Generate a random seed to pass to the fuzzer."""
self.seed = random.randint(0, 2**64 - 1)
def fuzzData(self):
"""
Creates self.fuzzedData by selecting
a message, and mutate it by calling a
fuzzer
Creates self.fuzzedData.
By selecting a message, and mutate it by calling a fuzzer
returns False if something went wrong
"""
logging.debug("Fuzzing the data")
@@ -80,55 +94,63 @@ def fuzzData(self):
def _writeFuzzingFile(self):
"""Write the data to be fuzzed to a file"""
file = open(self.fuzzingInFile, "w")
file.write(self.choice["data"])
#logging.debug("urllib.quote_plus: " + str(self.choice["data"]))
file.close()
"""Write the data to be fuzzed to a file."""
file = open(self.fuzzingInFile, "w")
file.write(self.choice["data"])
#logging.debug("urllib.quote_plus: " + str(self.choice["data"]))
file.close()
return True
return True
def _readFuzzingFile(self):
"""Read the fuzzed data"""
file = open(self.fuzzingOutFile, "r")
data = file.read()
file.close()
"""Read the fuzzed data"""
file = open(self.fuzzingOutFile, "r")
data = file.read()
file.close()
#m = self.fuzzedData.index(self.choice)
#self.fuzzedData[m]["data"] = data
self.choice["data"] = data
self.choice["isFuzzed"] = True
#m = self.fuzzedData.index(self.choice)
#self.fuzzedData[m]["data"] = data
self.choice["data"] = data
self.choice["isFuzzed"] = True
logging.debug("OUTPUT: " + urllib.quote_plus(self.choice["data"]))
logging.debug("OUTPUT: " + urllib.quote_plus(self.choice["data"]))
try:
os.remove(self.fuzzingInFile)
os.remove(self.fuzzingOutFile)
except:
print "Failed to remove file %s!" % self.fuzzingInFile
print "Failed to remove file %s!" % self.fuzzingOutFile
try:
os.remove(self.fuzzingInFile)
os.remove(self.fuzzingOutFile)
except:
print "Failed to remove file %s!" % self.fuzzingInFile
print "Failed to remove file %s!" % self.fuzzingOutFile
return True
return True
def _runFuzzer(self):
"""Call external fuzzer"""
logging.info("Call fuzzer, seed: " + str(self.seed))
fuzzerData = fuzzers[ self.config["fuzzer"] ]
if not fuzzerData:
print "Could not find fuzzer with name: " + self.config["fuzzer"]
return False
fuzzerBin = self.config["basedir"] + "/" + fuzzerData["file"]
if not os.path.isfile(fuzzerBin):
print "Could not find fuzzer binary: " + fuzzerBin
sys.exit()
args = fuzzerData["args"] % ({
"seed" : self.seed,
"input" : self.fuzzingInFile,
"output" : self.fuzzingOutFile})
subprocess.call(self.config["basedir"] + "/" + fuzzerData["file"] + " " + args, shell=True)
"seed": self.seed,
"input": self.fuzzingInFile,
"output": self.fuzzingOutFile})
subprocess.call(fuzzerBin + " " + args, shell=True)
return True
def _chooseInput(self):
"""Select a message to be fuzzed"""
"""Select a message to be fuzzed."""
#self.fuzzedData = list(self.initialData)
self.fuzzedData = copy.deepcopy(self.initialData)
@@ -140,22 +162,3 @@ def _chooseInput(self):
s = 'selected input: %s from: %s len: %s' % ( str(self.fuzzedData.index(self.choice)), self.choice["from"], str(len(self.choice["data"]) ) )
logging.debug(s)
logging.debug("INPUT: " + urllib.quote_plus(self.choice["data"]))
def export(self, crashData):
logging.info("Export crash data")
with open(os.path.join(self.config["outcome_dir"], str(self.seed)+".pickle"), "w") as f:
# dump data
pickle.dump(self.fuzzedData, f)
# Save a txt log
with open(os.path.join(self.config["outcome_dir"], str(self.seed)+".txt"), "w") as f:
f.write("Seed: %s\n" % self.seed)
f.write("Fuzzer: %s\n" % self.config["fuzzer"])
f.write("Target: %s\n" % self.config["target_bin"])
f.write("Time: %s\n" % time.strftime("%c"))
f.write("Fuzzerpos: %s\n" % crashData["fuzzerPos"])
f.write("Signal: %d\n" % crashData["signum"])
f.write("Exitcode: %d\n" % crashData["exitcode"])
f.write("Asanoutput: %s\n" % crashData["asanOutput"])
@@ -1,25 +1,23 @@
#!/bin/python
import sys
import os
import subprocess
import time
import shutil
import shlex
#!/usr/bin/env python2
import signal
import sys
import pickle
import logging
import random
import gui
from multiprocessing import Process, Queue
import fuzzingslave
# Fuzzing main parent
# this is the main entry point for project fuzzers
# receives data from fuzzing-children via queues
def doFuzz(config, useCurses):
"""
Fuzzing main parent.
this is the main entry point for project fuzzers
receives data from fuzzing-children via queues
"""
q = Queue()
# have to remove sigint handler before forking children
# so ctlr-c works
@@ -32,7 +30,7 @@ def doFuzz(config, useCurses):
n = 0
while n < config["processes"]:
print "Start child: " + str(n)
r = random.randint(0, 2**32-1)
r = random.randint(0, 2**32 - 1)
p = Process(target=fuzzingslave.doActualFuzz, args=(config, n, q, r))
procs.append(p)
p.start()
@@ -48,7 +46,7 @@ def doFuzz(config, useCurses):
def prepareInput(config):
with open(config["inputs"] + "/data_0.pickle",'rb') as f:
with open(config["inputs"] + "/data_0.pickle", 'rb') as f:
config["_inputs"] = pickle.load(f)
@@ -1,11 +1,12 @@
#!/usr/local/bin/python
#!/usr/bin/env python2
import signal
import time
import logging
import queue
import random
import sys
import pickle
import os
import servermanager
import fuzzingiterationdata
@@ -46,11 +47,14 @@ def signal_handler(signal, frame):
sys.exit(0)
# Fuzzer child
# The main fuzzing loop
# all magic is performed here
# sends results via queue to the parent
def doActualFuzz(config, threadId, queue, initialSeed):
"""
The main fuzzing loop.
all magic is performed here
sends results via queue to the parent
Only called once, by the fuzzingmaster
"""
global GLOBAL_SLEEP
random.seed(initialSeed)
@@ -62,9 +66,9 @@ def doActualFuzz(config, threadId, queue, initialSeed):
iterStats = {
"count": 0,
"crashCount": 0, # number of crashes, absolute
"crashCountAnalLast": 0, # when was the last crash analysis
"gcovAnalysisLastIter": 0, # when was gcov analysis last performed (in iterations)
"crashCount": 0, # number of crashes, absolute
"crashCountAnalLast": 0, # when was the last crash analysis
"gcovAnalysisLastIter": 0, # when was gcov analysis last performed (in iterations)
"startTime": time.time(),
"epochCount": 0,
}
@@ -93,7 +97,7 @@ def doActualFuzz(config, threadId, queue, initialSeed):
iterStats["crashCount"] += 1
crashData = serverManager.getCrashData()
crashData["fuzzerPos"] = "A"
previousFuzzingIterationData.export(crashData)
exportFuzzResult(config, crashData, previousFuzzingIterationData)
serverManager.restart()
continue
@@ -108,7 +112,7 @@ def doActualFuzz(config, threadId, queue, initialSeed):
iterStats["crashCount"] += 1
crashData = serverManager.getCrashData()
crashData["fuzzerPos"] = "B"
previousFuzzingIterationData.export(crashData)
exportFuzzResult(config, crashData, previousFuzzingIterationData)
networkManager.closeConnection()
serverManager.restart()
continue
@@ -119,7 +123,7 @@ def doActualFuzz(config, threadId, queue, initialSeed):
iterStats["crashCount"] += 1
crashData = serverManager.getCrashData()
crashData["fuzzerPos"] = "C"
fuzzingIterationData.export(crashData)
exportFuzzResult(config, crashData, fuzzingIterationData)
networkManager.closeConnection()
serverManager.restart()
continue
@@ -145,6 +149,7 @@ def doActualFuzz(config, threadId, queue, initialSeed):
# all done, terminate server
serverManager.stopServer()
def printFuzzData(fuzzData):
for message in fuzzData:
print " MSG: " + str(fuzzData.index(message))
@@ -159,7 +164,7 @@ def sendPreData(networkManager, fuzzingIterationData):
continue
if message == fuzzingIterationData.choice:
break;
break
logging.debug(" Sending pre message: " + str(fuzzingIterationData.fuzzedData.index(message)))
ret = networkManager.sendData(message["data"])
@@ -179,12 +184,37 @@ def sendData(networkManager, fuzzingIterationData):
continue
if message == fuzzingIterationData.choice:
s = True ;
s = True
if s:
logging.debug(" Sending message: " + str(fuzzingIterationData.fuzzedData.index(message)))
res = networkManager.sendData(message["data"])
if res == False:
if res is False:
return False
return True
def exportFuzzResult(config, crashData, fuzzIter):
seed = fuzzIter.seed
data = {
"initialCrashData": crashData,
"fuzzIterData": fuzzIter.getData(),
}
# pickle file with everything
with open(os.path.join(config["outcome_dir"], str(seed) + ".ffw"), "w") as f:
pickle.dump(data, f)
# Save a txt log
with open(os.path.join(config["outcome_dir"], str(seed) + ".txt"), "w") as f:
f.write("Seed: %s\n" % seed)
f.write("Fuzzer: %s\n" % config["fuzzer"])
f.write("Target: %s\n" % config["target_bin"])
f.write("Time: %s\n" % data["fuzzIterData"]["time"])
f.write("Fuzzerpos: %s\n" % crashData["fuzzerPos"])
f.write("Signal: %d\n" % crashData["signum"])
f.write("Exitcode: %d\n" % crashData["exitcode"])
f.write("Asanoutput: %s\n" % crashData["asanOutput"])
Oops, something went wrong.

0 comments on commit 7e23eac

Please sign in to comment.