#!/bin/bash -eu # Copyright 2019 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ################################################################################ # build dependencies statically tar -xvzf lz4-1.9.2.tar.gz cd lz4-1.9.2 make liblz4.a cp lib/liblz4.a /usr/local/lib/ cp lib/lz4*.h /usr/local/include/ cd .. tar -xvzf jansson-2.12.tar.gz cd jansson-2.12 ./configure --disable-shared make -j$(nproc) make install cd .. tar -xvzf libpcap-1.9.1.tar.gz cd libpcap-1.9.1 ./configure --disable-shared make -j$(nproc) make install cd .. cd fuzzpcap mkdir build cd build cmake .. make install cd ../.. cd libyaml ./bootstrap ./configure --disable-shared make -j$(nproc) make install cd .. export CARGO_BUILD_TARGET="x86_64-unknown-linux-gnu" #we did not put libhtp there before so that cifuzz does not remove it mv libhtp suricata/ # build project cd suricata sh autogen.sh #run configure with right options if [ "$SANITIZER" = "address" ] then export RUSTFLAGS="$RUSTFLAGS -Cpasses=sancov -Cllvm-args=-sanitizer-coverage-level=4 -Cllvm-args=-sanitizer-coverage-trace-compares -Cllvm-args=-sanitizer-coverage-inline-8bit-counters -Cllvm-args=-sanitizer-coverage-trace-geps -Cllvm-args=-sanitizer-coverage-prune-blocks=0 -Cllvm-args=-sanitizer-coverage-pc-table -Clink-dead-code -Cllvm-args=-sanitizer-coverage-stack-depth" fi ./src/tests/fuzz/oss-fuzz-configure.sh make -j$(nproc) cp src/fuzz_* $OUT/ # dictionaries ./src/suricata --list-keywords | grep "\- " | sed 's/- //' | awk '{print "\""$0"\""}' > $OUT/fuzz_siginit.dict # build corpuses # default configuration file zip -r $OUT/fuzz_confyamlloadstring_seed_corpus.zip suricata.yaml # rebuilds rules corpus with only one rule by file unzip ../emerging.rules.zip cd rules i=0 mkdir corpus # quiet output for commands set +x cat *.rules | while read l; do echo $l > corpus/$i.rule; i=$((i+1)); done set -x zip -q -r $OUT/fuzz_siginit_seed_corpus.zip corpus cd ../../suricata-verify # corpus with single files find . -name "*.pcap" | xargs zip -r $OUT/fuzz_decodepcapfile_seed_corpus.zip find . -name "*.yaml" | xargs zip -r $OUT/fuzz_confyamlloadstring_seed_corpus.zip find . -name "*.rules" | xargs zip -r $OUT/fuzz_siginit_seed_corpus.zip # corpus using both rule and pcap as in suricata-verify cd tests i=0 mkdir corpus set +x ls | grep -v corpus | while read t; do cat $t/*.rules > corpus/$i || true; echo -ne '\0' >> corpus/$i; cat $t/*.pcap >> corpus/$i || true; i=$((i+1)); done set -x zip -q -r $OUT/fuzz_sigpcap_seed_corpus.zip corpus rm -Rf corpus mkdir corpus set +x ls | grep -v corpus | while read t; do cat $t/*.rules > corpus/$i || true; echo -ne '\0' >> corpus/$i; fpc_bin $t/*.pcap >> corpus/$i || rm corpus/$i; i=$((i+1)); echo -ne '\0' >> corpus/$i; python3 $SRC/fuzzpcap/tcptofpc.py $t/*.pcap >> corpus/$i || rm corpus/$i; i=$((i+1)); done set -x zip -q -r $OUT/fuzz_sigpcap_aware_seed_corpus.zip corpus echo "\"FPC0\"" > $OUT/fuzz_sigpcap_aware.dict