From 3ab5c8057dbaeec5b42f3280eb2dfc89606fa118 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Fri, 11 Nov 2016 10:28:59 -0300 Subject: [PATCH] Updates the fuzzer sub-project --- configure.ac | 2 +- src/operators/begins_with.cc | 2 +- test/fuzzer/Makefile.am | 16 ++-- test/fuzzer/afl_fuzzer.cc | 139 ++++++++++++++++++----------------- 4 files changed, 86 insertions(+), 73 deletions(-) diff --git a/configure.ac b/configure.ac index 47b4cc2a..e7ba58f0 100644 --- a/configure.ac +++ b/configure.ac @@ -276,7 +276,7 @@ if test "$PLATFORM" != "MacOSX"; then fi if test "$aflFuzzer" == "true"; then - FUZZ_CPPCFLAGS="-fsanitize=address -fsanitize-coverage=edge,indirect-calls,8bit-counters " + FUZZ_CPPCFLAGS="-fsanitize=address -fsanitize-coverage=4 " GLOBAL_LDADD="$GLOBAL_LDADD -fsanitize=address " GLOBAL_CPPFLAGS="$GLOBAL_CPPFLAGS $FUZZ_CPPCFLAGS" $buildExamples = false diff --git a/src/operators/begins_with.cc b/src/operators/begins_with.cc index cab5eacc..167e9070 100644 --- a/src/operators/begins_with.cc +++ b/src/operators/begins_with.cc @@ -32,7 +32,7 @@ bool BeginsWith::evaluate(Transaction *transaction, const std::string &str) { if (str.size() < p.size()) { ret = false; } else if (!str.compare(0, p.size(), p)) { - ret = true; + ret = true; } return ret; diff --git a/test/fuzzer/Makefile.am b/test/fuzzer/Makefile.am index 0ff5f057..ac81ec8b 100644 --- a/test/fuzzer/Makefile.am +++ b/test/fuzzer/Makefile.am @@ -15,23 +15,29 @@ afl_fuzzer_SOURCES = \ afl_fuzzer_LDADD = \ $(GLOBAL_LDADD) \ - $(top_builddir)/src/.libs/libmodsecurity.a \ $(CURL_LDADD) \ $(GEOIP_LDFLAGS) $(GEOIP_LDADD) \ $(PCRE_LDADD) \ - $(YAJL_LDFLAGS) $(YAJL_LDADD) + $(YAJL_LDFLAGS) $(YAJL_LDADD) \ + $(LMDB_LDFLAGS) $(LMDB_LDADD) \ + $(LIBXML2_LDADD) \ + $(top_builddir)/src/.libs/libmodsecurity.a \ + $(top_builddir)/others/libinjection.la \ + $(top_builddir)/others/libmbedtls.la afl_fuzzer_CPPFLAGS = \ -std=c++11 \ -Icommon \ -I../ \ + -I../../ \ -O0 \ -g \ -I$(top_builddir)/headers \ - $(CURL_CFLAGS) \ - $(MODSEC_NO_LOGS) \ $(GEOIP_CFLAGS) \ $(GLOBAL_CPPFLAGS) \ + $(MODSEC_NO_LOGS) \ + $(YAJL_CFLAGS) \ + $(LMDB_CFLAGS) \ $(PCRE_CFLAGS) \ - $(YAJL_CFLAGS) + $(LIBXML2_CFLAGS) diff --git a/test/fuzzer/afl_fuzzer.cc b/test/fuzzer/afl_fuzzer.cc index 5aea771e..936a56ac 100644 --- a/test/fuzzer/afl_fuzzer.cc +++ b/test/fuzzer/afl_fuzzer.cc @@ -17,14 +17,16 @@ #include #include "modsecurity/modsecurity.h" +#include "modsecurity/rules.h" #include "src/actions/transformations/transformation.h" /** - * for i in $(ls -l *h | awk {'print $9'}); do echo "#include \"actions/transformations/$i\""; done; + * for i in $(ls -l src/actions/transformations/*.h | awk {'print $9'}); do echo "#include \"$i\""; done; * */ #include "src/actions/transformations/base64_decode_ext.h" #include "src/actions/transformations/base64_decode.h" +#include "src/actions/transformations/base64_encode.h" #include "src/actions/transformations/cmd_line.h" #include "src/actions/transformations/compress_whitespace.h" #include "src/actions/transformations/css_decode.h" @@ -60,8 +62,9 @@ #include "src/actions/transformations/utf8_to_unicode.h" + /** - * for i in $(ls -l *h | awk {'print $9'}); do echo "#include \"operators/$i\""; done; + * for i in $(ls -l src/operators/*.h | awk {'print $9'}); do echo "#include \"$i\""; done; * */ #include "src/operators/begins_with.h" @@ -92,6 +95,7 @@ #include "src/operators/rx.h" #include "src/operators/str_eq.h" #include "src/operators/str_match.h" +#include "src/operators/unconditional_match.h" #include "src/operators/validate_byte_range.h" #include "src/operators/validate_dtd.h" #include "src/operators/validate_hash.h" @@ -132,25 +136,27 @@ int main(int argc, char** argv) { ModSecurity *ms = new ModSecurity(); Rules *rules = new Rules(); - Transaction *transaction = new Transaction(ms, rules, NULL); + // Here it is possible to load a real transaction from a JSON. + // like we do on the regression tests. + Transaction *t = new Transaction(ms, rules, NULL); /** * Transformations, generated by: * - * for i in $(grep "class " -Ri * | grep " :" | grep -v "InstantCache" | awk {'print $2'}); do echo $i *$(echo $i | awk '{print tolower($0)}') = new $i\(\"$i\"\)\; $(echo $i | awk '{print tolower($0)}')-\>evaluate\(s, NULL\)\; delete $(echo $i | awk '{print tolower($0)}')\;; done; + * for i in $(grep "class " -Ri src/actions/transformations/* | grep " :" | grep -v "InstantCache" | awk {'print $2'}); do echo $i *$(echo $i | awk '{print tolower($0)}') = new $i\(\"$i\"\)\; $(echo $i | awk '{print tolower($0)}')-\>evaluate\(s, NULL\)\; delete $(echo $i | awk '{print tolower($0)}')\;; done; * */ -#if 1 Base64DecodeExt *base64decodeext = new Base64DecodeExt("Base64DecodeExt"); base64decodeext->evaluate(s, NULL); delete base64decodeext; Base64Decode *base64decode = new Base64Decode("Base64Decode"); base64decode->evaluate(s, NULL); delete base64decode; +Base64Encode *base64encode = new Base64Encode("Base64Encode"); base64encode->evaluate(s, NULL); delete base64encode; CmdLine *cmdline = new CmdLine("CmdLine"); cmdline->evaluate(s, NULL); delete cmdline; CompressWhitespace *compresswhitespace = new CompressWhitespace("CompressWhitespace"); compresswhitespace->evaluate(s, NULL); delete compresswhitespace; CssDecode *cssdecode = new CssDecode("CssDecode"); cssdecode->evaluate(s, NULL); delete cssdecode; EscapeSeqDecode *escapeseqdecode = new EscapeSeqDecode("EscapeSeqDecode"); escapeseqdecode->evaluate(s, NULL); delete escapeseqdecode; HexDecode *hexdecode = new HexDecode("HexDecode"); hexdecode->evaluate(s, NULL); delete hexdecode; HexEncode *hexencode = new HexEncode("HexEncode"); hexencode->evaluate(s, NULL); delete hexencode; -//HtmlEntityDecode *htmlentitydecode = new HtmlEntityDecode("HtmlEntityDecode"); htmlentitydecode->evaluate(s, NULL); delete htmlentitydecode; +HtmlEntityDecode *htmlentitydecode = new HtmlEntityDecode("HtmlEntityDecode"); htmlentitydecode->evaluate(s, NULL); delete htmlentitydecode; JsDecode *jsdecode = new JsDecode("JsDecode"); jsdecode->evaluate(s, NULL); delete jsdecode; Length *length = new Length("Length"); length->evaluate(s, NULL); delete length; LowerCase *lowercase = new LowerCase("LowerCase"); lowercase->evaluate(s, NULL); delete lowercase; @@ -174,84 +180,85 @@ Trim *trim = new Trim("Trim"); trim->evaluate(s, NULL); delete trim; TrimLeft *trimleft = new TrimLeft("TrimLeft"); trimleft->evaluate(s, NULL); delete trimleft; TrimRight *trimright = new TrimRight("TrimRight"); trimright->evaluate(s, NULL); delete trimright; UrlDecode *urldecode = new UrlDecode("UrlDecode"); urldecode->evaluate(s, NULL); delete urldecode; -//UrlDecodeUni *urldecodeuni = new UrlDecodeUni("UrlDecodeUni"); urldecodeuni->evaluate(s, NULL); delete urldecodeuni; +UrlDecodeUni *urldecodeuni = new UrlDecodeUni("UrlDecodeUni"); urldecodeuni->evaluate(s, NULL); delete urldecodeuni; UrlEncode *urlencode = new UrlEncode("UrlEncode"); urlencode->evaluate(s, NULL); delete urlencode; -Utf8Unicode *utf8unicode = new Utf8Unicode("Utf8Unicode"); utf8unicode->evaluate(s, NULL); delete utf8unicode; -#endif +Utf8ToUnicode *utf8tounicode = new Utf8ToUnicode("Utf8ToUnicode"); utf8tounicode->evaluate(s, NULL); delete utf8tounicode; + /** * Operators, generated by: * - * for i in $(grep "class " -Ri * | grep " :" | grep -v "InstantCache" | awk {'print $2'}); do echo $i *$(echo $i | awk '{print tolower($0)}') = new $i\(\"$i\"\)\; $(echo $i | awk '{print tolower($0)}')-\>evaluate\(s, NULL\)\; delete $(echo $i | awk '{print tolower($0)}')\;; done; + * for i in $(grep "class " -Ri src/operators/* | grep " :" | awk {'print $2'}); do echo $i *$(echo $i | awk '{print tolower($0)}') = new $i\(\"$i\", z, false\)\; $(echo $i | awk '{print tolower($0)}')-\>evaluate\(t, s\)\; delete $(echo $i | awk '{print tolower($0)}')\;; done; * */ -#if 1 -BeginsWith *beginswith = new BeginsWith("@BeginsWith", z, false); beginswith->evaluate(transaction, s); delete beginswith; -Contains *contains = new Contains("@Contains", z, false); contains->evaluate(transaction, s); delete contains; -ContainsWord *containsword = new ContainsWord("@ContainsWord", z, false); containsword->evaluate(transaction, s); delete containsword; -DetectSQLi *detectsqli = new DetectSQLi("@DetectSQLi", z, false); detectsqli->evaluate(transaction, s); delete detectsqli; -DetectXSS *detectxss = new DetectXSS("@DetectXSS", z, false); detectxss->evaluate(transaction, s); delete detectxss; -EndsWith *endswith = new EndsWith("@EndsWith", z, false); endswith->evaluate(transaction, s); delete endswith; -Eq *eq = new Eq("@Eq", z, false); eq->evaluate(transaction, s); delete eq; -FuzzyHash *fuzzyhash = new FuzzyHash("@FuzzyHash", z, false); fuzzyhash->evaluate(transaction, s); delete fuzzyhash; -Ge *ge = new Ge("@Ge", z, false); ge->evaluate(transaction, s); delete ge; -GeoLookup *geolookup = new GeoLookup("@GeoLookup", z, false); geolookup->evaluate(transaction, s); delete geolookup; -GsbLookup *gsblookup = new GsbLookup("@GsbLookup", z, false); gsblookup->evaluate(transaction, s); delete gsblookup; -Gt *gt = new Gt("@Gt", z, false); gt->evaluate(transaction, s); delete gt; -InspectFile *inspectfile = new InspectFile("@InspectFile", z, false); inspectfile->evaluate(transaction, s); delete inspectfile; -IpMatchF *ipmatchf = new IpMatchF("@IpMatchF", z, false); ipmatchf->evaluate(transaction, s); delete ipmatchf; -IpMatchFromFile *ipmatchfromfile = new IpMatchFromFile("@IpMatchFromFile", z, false); ipmatchfromfile->evaluate(transaction, s); delete ipmatchfromfile; -IpMatch *ipmatch = new IpMatch("@IpMatch", z, false); ipmatch->evaluate(transaction, s); delete ipmatch; -Le *le = new Le("@Le", z, false); le->evaluate(transaction, s); delete le; -Lt *lt = new Lt("@Lt", z, false); lt->evaluate(transaction, s); delete lt; -NoMatch *nomatch = new NoMatch("@NoMatch", z, false); nomatch->evaluate(transaction, s); delete nomatch; -PmF *pmf = new PmF("@PmF", z, false); pmf->evaluate(transaction, s); delete pmf; -PmFromFile *pmfromfile = new PmFromFile("@PmFromFile", z, false); pmfromfile->evaluate(transaction, s); delete pmfromfile; -Pm *pm = new Pm("@Pm", z, false); pm->evaluate(transaction, s); delete pm; -Rbl *rbl = new Rbl("@Rbl", z, false); rbl->evaluate(transaction, s); delete rbl; -Rsub *rsub = new Rsub("@Rsub", z, false); rsub->evaluate(transaction, s); delete rsub; -Rx *rx = new Rx("@Rx", z, false); rx->evaluate(transaction, s); delete rx; -StrEq *streq = new StrEq("@StrEq", z, false); streq->evaluate(transaction, s); delete streq; -StrMatch *strmatch = new StrMatch("@StrMatch", z, false); strmatch->evaluate(transaction, s); delete strmatch; -ValidateByteRange *validatebyterange = new ValidateByteRange("@ValidateByteRange", z, false); validatebyterange->evaluate(transaction, s); delete validatebyterange; -ValidateDTD *validatedtd = new ValidateDTD("@ValidateDTD", z, false); validatedtd->evaluate(transaction, s); delete validatedtd; -ValidateHash *validatehash = new ValidateHash("@ValidateHash", z, false); validatehash->evaluate(transaction, s); delete validatehash; -ValidateSchema *validateschema = new ValidateSchema("@ValidateSchema", z, false); validateschema->evaluate(transaction, s); delete validateschema; -ValidateUrlEncoding *validateurlencoding = new ValidateUrlEncoding("@ValidateUrlEncoding", z, false); validateurlencoding->evaluate(transaction, s); delete validateurlencoding; -ValidateUtf8Encoding *validateutf8encoding = new ValidateUtf8Encoding("@ValidateUtf8Encoding", z, false); validateutf8encoding->evaluate(transaction, s); delete validateutf8encoding; -VerifyCC *verifycc = new VerifyCC("@VerifyCC", z, false); verifycc->evaluate(transaction, s); delete verifycc; -VerifyCPF *verifycpf = new VerifyCPF("@VerifyCPF", z, false); verifycpf->evaluate(transaction, s); delete verifycpf; -VerifySSN *verifyssn = new VerifySSN("@VerifySSN", z, false); verifyssn->evaluate(transaction, s); delete verifyssn; -Within *within = new Within("@Within", z, false); within->evaluate(transaction, s); delete within; -#endif +BeginsWith *beginswith = new BeginsWith("BeginsWith", z, false); beginswith->evaluate(t, s); delete beginswith; +Contains *contains = new Contains("Contains", z, false); contains->evaluate(t, s); delete contains; +ContainsWord *containsword = new ContainsWord("ContainsWord", z, false); containsword->evaluate(t, s); delete containsword; +DetectSQLi *detectsqli = new DetectSQLi("DetectSQLi", z, false); detectsqli->evaluate(t, s); delete detectsqli; +DetectXSS *detectxss = new DetectXSS("DetectXSS", z, false); detectxss->evaluate(t, s); delete detectxss; +EndsWith *endswith = new EndsWith("EndsWith", z, false); endswith->evaluate(t, s); delete endswith; +Eq *eq = new Eq("Eq", z, false); eq->evaluate(t, s); delete eq; +FuzzyHash *fuzzyhash = new FuzzyHash("FuzzyHash", z, false); fuzzyhash->evaluate(t, s); delete fuzzyhash; +Ge *ge = new Ge("Ge", z, false); ge->evaluate(t, s); delete ge; +GeoLookup *geolookup = new GeoLookup("GeoLookup", z, false); geolookup->evaluate(t, s); delete geolookup; +GsbLookup *gsblookup = new GsbLookup("GsbLookup", z, false); gsblookup->evaluate(t, s); delete gsblookup; +Gt *gt = new Gt("Gt", z, false); gt->evaluate(t, s); delete gt; +InspectFile *inspectfile = new InspectFile("InspectFile", z, false); inspectfile->evaluate(t, s); delete inspectfile; +IpMatchF *ipmatchf = new IpMatchF("IpMatchF", z, false); ipmatchf->evaluate(t, s); delete ipmatchf; +IpMatchFromFile *ipmatchfromfile = new IpMatchFromFile("IpMatchFromFile", z, false); ipmatchfromfile->evaluate(t, s); delete ipmatchfromfile; +IpMatch *ipmatch = new IpMatch("IpMatch", z, false); ipmatch->evaluate(t, s); delete ipmatch; +Le *le = new Le("Le", z, false); le->evaluate(t, s); delete le; +Lt *lt = new Lt("Lt", z, false); lt->evaluate(t, s); delete lt; +NoMatch *nomatch = new NoMatch("NoMatch", z, false); nomatch->evaluate(t, s); delete nomatch; +PmF *pmf = new PmF("PmF", z, false); pmf->evaluate(t, s); delete pmf; +PmFromFile *pmfromfile = new PmFromFile("PmFromFile", z, false); pmfromfile->evaluate(t, s); delete pmfromfile; +Pm *pm = new Pm("Pm", z, false); pm->evaluate(t, s); delete pm; +// Rbl test is too slow to be tested here. +// Rbl *rbl = new Rbl("Rbl", z, false); rbl->evaluate(t, s); delete rbl; +Rsub *rsub = new Rsub("Rsub", z, false); rsub->evaluate(t, s); delete rsub; +Rx *rx = new Rx("Rx", z, false); rx->evaluate(t, s); delete rx; +StrEq *streq = new StrEq("StrEq", z, false); streq->evaluate(t, s); delete streq; + +StrMatch *strmatch = new StrMatch("StrMatch", z, false); strmatch->evaluate(t, s); delete strmatch; +UnconditionalMatch *unconditionalmatch = new UnconditionalMatch("UnconditionalMatch", z, false); unconditionalmatch->evaluate(t, s); delete unconditionalmatch; +ValidateByteRange *validatebyterange = new ValidateByteRange("ValidateByteRange", z, false); validatebyterange->evaluate(t, s); delete validatebyterange; +ValidateDTD *validatedtd = new ValidateDTD("ValidateDTD", z, false); validatedtd->evaluate(t, s); delete validatedtd; +ValidateHash *validatehash = new ValidateHash("ValidateHash", z, false); validatehash->evaluate(t, s); delete validatehash; +ValidateSchema *validateschema = new ValidateSchema("ValidateSchema", z, false); validateschema->evaluate(t, s); delete validateschema; +ValidateUrlEncoding *validateurlencoding = new ValidateUrlEncoding("ValidateUrlEncoding", z, false); validateurlencoding->evaluate(t, s); delete validateurlencoding; +ValidateUtf8Encoding *validateutf8encoding = new ValidateUtf8Encoding("ValidateUtf8Encoding", z, false); validateutf8encoding->evaluate(t, s); delete validateutf8encoding; +VerifyCC *verifycc = new VerifyCC("VerifyCC", z, false); verifycc->evaluate(t, s); delete verifycc; +VerifyCPF *verifycpf = new VerifyCPF("VerifyCPF", z, false); verifycpf->evaluate(t, s); delete verifycpf; +VerifySSN *verifyssn = new VerifySSN("VerifySSN", z, false); verifyssn->evaluate(t, s); delete verifyssn; +Within *within = new Within("Within", z, false); within->evaluate(t, s); delete within; /** * ModSec API * */ #if 0 - transaction->processConnection(s.c_str(), 123, s.c_str(), 123); - transaction->processURI(s.c_str(), z.c_str(), z.c_str()); - transaction->addRequestHeader(s, z); - transaction->addRequestHeader(s, s); - transaction->addRequestHeader(z, z); - transaction->addRequestHeader(z, s); - transaction->processRequestHeaders(); - transaction->appendRequestBody((const unsigned char *)s.c_str(), s.length()); - transaction->processRequestBody(); - transaction->addResponseHeader(s, z); - transaction->addResponseHeader(s, s); - transaction->addResponseHeader(z, z); - transaction->addResponseHeader(z, s); - transaction->processResponseHeaders(); - transaction->appendResponseBody((const unsigned char *)s.c_str(), s.length()); - transaction->processResponseBody(); + t->processConnection(s.c_str(), 123, s.c_str(), 123); + t->processURI(s.c_str(), z.c_str(), z.c_str()); + t->addRequestHeader(s, z); + t->addRequestHeader(s, s); + t->addRequestHeader(z, z); + t->addRequestHeader(z, s); + t->processRequestHeaders(); + t->appendRequestBody((const unsigned char *)s.c_str(), s.length()); + t->processRequestBody(); + t->addResponseHeader(s, z); + t->addResponseHeader(s, s); + t->addResponseHeader(z, z); + t->addResponseHeader(z, s); + t->processResponseHeaders(); + t->appendResponseBody((const unsigned char *)s.c_str(), s.length()); + t->processResponseBody(); #endif - delete transaction; + delete t; delete rules; delete ms;