types

package
v0.0.0-...-6eb8e6c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 4, 2022 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var Crashes string = "crashes"
View Source 
var Hangs string = "hangs"
View Source 
var Queue string = "queue"

Functions

func RandInt 

func RandInt() (r uint64)

func SubmitMetricCount 

func SubmitMetricCount(name string, value float32, tags map[string]string)

func SubmitMetricGauge 

func SubmitMetricGauge(name string, value float32, tags map[string]string)

func WriteInputCorpusToFile 

func WriteInputCorpusToFile(inputCorpus *InputCorpus, dir string) error

WriteInputCorpusToFile writes each Input in the given InputCorpus to a separate file.

func WriteInputToFile 

func WriteInputToFile(i *Input, dir string) error

WriteInputToFile writes a single Input to a single file. The filename is given by the name of the Input.

Types

type AflFileManager 

type AflFileManager struct {
	// contains filtered or unexported fields
}

AflFileManager is your one-stop shop for interacting with files written to the filesystem by AFL. Once you give it the base input and output directories, it knows where to find all of AFL's outputs and inputs, including the Queue, Crashes, and Hangs.

It also knows how to read this data into golang structs, and how to write these structs back to the filesystem.

You should never find yourself interacting with AFL's files directly yourself. If you do, please update AflFileManager to support your usecase!

For an ASCII sketch of the directory structure used by roving, see fleet_file_manager.go.

func NewAflFileManager 

func NewAflFileManager(basedir string) *AflFileManager

func NewAflFileManagerWithFuzzerId 

func NewAflFileManagerWithFuzzerId(basedir, fuzzerId string) *AflFileManager

AFL uses a different directory structure for fuzzers that have an ID. The input directory stays the same, but output is stored in `./output/$ID/[queue]`, instead of `./output/[queue]`.

func (AflFileManager) CrashesDir 

func (m AflFileManager) CrashesDir() string

func (AflFileManager) FuzzerStatsPath 

func (m AflFileManager) FuzzerStatsPath() string

func (AflFileManager) HangsDir 

func (m AflFileManager) HangsDir() string

func (AflFileManager) InputDir 

func (m AflFileManager) InputDir() string

func (AflFileManager) InputPath 

func (m AflFileManager) InputPath(inputType, inputName string) (string, error)

func (AflFileManager) MkAllOutputDirs 

func (m AflFileManager) MkAllOutputDirs() error

func (AflFileManager) MkCrashesDir 

func (m AflFileManager) MkCrashesDir() error

func (AflFileManager) MkHangsDir 

func (m AflFileManager) MkHangsDir() error

func (AflFileManager) MkInputDir 

func (m AflFileManager) MkInputDir() error

func (AflFileManager) MkQueueDir 

func (m AflFileManager) MkQueueDir() error

func (AflFileManager) OutputDir 

func (m AflFileManager) OutputDir() string

AFL accepts a -o option that tels it the directory to which it should write its output. If it has been passed a fuzzer ID then it writes the output to `./$OUTPUT_DIR/$FUZZER_ID/...`. If it has not then it writes it to `./$OUTPUT_DIR/...`. We should therefore take care to *read* data from `OutputDir()`, but pass `OutputDirToPassIntoAfl()` into AFL's -o option.

func (AflFileManager) OutputDirToPassIntoAfl 

func (m AflFileManager) OutputDirToPassIntoAfl() string

func (AflFileManager) QueueDir 

func (m AflFileManager) QueueDir() string

func (AflFileManager) ReadCrashes 

func (m AflFileManager) ReadCrashes() (*InputCorpus, error)

func (AflFileManager) ReadFuzzerStats 

func (m AflFileManager) ReadFuzzerStats() (*FuzzerStats, error)

func (AflFileManager) ReadHangs 

func (m AflFileManager) ReadHangs() (*InputCorpus, error)

func (AflFileManager) ReadInput 

func (m AflFileManager) ReadInput(inputType, inputName string) (*Input, error)

func (AflFileManager) ReadInputs 

func (m AflFileManager) ReadInputs() (*InputCorpus, error)

func (AflFileManager) ReadOutput 

func (m AflFileManager) ReadOutput() (AflOutput, error)

ReadOutput reads all of AFL's corpuses and returns them in an AflOutput.

func (AflFileManager) ReadQueue 

func (m AflFileManager) ReadQueue() (*InputCorpus, error)

func (AflFileManager) WriteCrashes 

func (m AflFileManager) WriteCrashes(crashes *InputCorpus) error

func (AflFileManager) WriteHangs 

func (m AflFileManager) WriteHangs(hangs *InputCorpus) error

func (AflFileManager) WriteInputs 

func (m AflFileManager) WriteInputs(inputs *InputCorpus) error

func (AflFileManager) WriteOutput 

func (m AflFileManager) WriteOutput(output *AflOutput) error

WriteOutput writes all of the corpuses in AflOutput to the correct location on disk.

func (AflFileManager) WriteQueue 

func (m AflFileManager) WriteQueue(queue *InputCorpus) error

type AflOutput 

type AflOutput struct {
	Queue   *InputCorpus
	Crashes *InputCorpus
	Hangs   *InputCorpus
}

AflOutput is a struct representing the output dir of a fuzzer

type ArchiveConfig 

type ArchiveConfig struct {
	Type     string            `yaml:"type"`
	Interval time.Duration     `yaml:"interval"`
	Disk     DiskArchiveConfig `yaml:"disk"`
	S3       S3ArchiveConfig   `yaml:"s3"`
}

type ClientConfig 

type ClientConfig struct {
	ServerAddress string `yaml:"server_address"`
	Parallelism   int    `yaml:"parallelism"`
}

A ClientConfig is loaded from a config file on the client itself, unlike FuzzerConfig.

func (*ClientConfig) ValidateConfig 

func (r *ClientConfig) ValidateConfig() error

type DiskArchiveConfig 

type DiskArchiveConfig struct {
	DstRoot string `yaml:"dst_root"`
}

type FleetFileManager 

type FleetFileManager struct {
	Basedir string
}

FleetFileManager manages files for a fleet of parallel AFL fuzzers. It manages a few top-level directories, but routes most of its responsibilities for individual fuzzers to the relevant AflFileManager.

It can be run on either a roving client or a roving server, since both have the same directory structure. We follow the AFL directory convention, and add some conventions of our own:

├── output/ │ ├── FUZZER_ID_123 │ │ ├── crashes/ │ │ │ ├── crash1 │ │ │ ├── crash2 │ │ │ └── crash3 │ │ ├── hangs/ │ │ │ ├── hang1 │ │ │ ├── hang2 │ │ │ └── hang3 │ │ ├── queue/ │ │ │ ├── queue1 │ │ │ ├── queue2 │ │ │ └── queue3 │ │ └── fuzzer_stats │ └── FUZZER_ID_456 │ ├── crashes/ │ ├── hangs/ │ ├── queue/ │ └── fuzzer_stats ├── input/ │ ├── input1 │ ├── input2 │ └── input999 └── dict.txt

func (FleetFileManager) CrashPath 

func (m FleetFileManager) CrashPath(fuzzerId, name string) (string, error)

CrashPath returns the path for the given crash from the given fuzzer

func (FleetFileManager) DictPath 

func (m FleetFileManager) DictPath() string

DictPath returns the path of the AFL seed dict. AFL allows dicts to be stored anywhere, but we use the convention that it should be stored at the top-level, alongside the `input/` and `output/` dirs.

func (FleetFileManager) FuzzerIds 

func (m FleetFileManager) FuzzerIds() ([]string, error)

FuzzerIds returns the IDs of all of the fuzzers in the fleet with output saved to disk.

func (FleetFileManager) InputPath 

func (m FleetFileManager) InputPath(fuzzerId, inputType, inputName string) (string, error)

InputPath returns the path for the given input from the given fuzzer

func (FleetFileManager) MkAllOutputDirs 

func (m FleetFileManager) MkAllOutputDirs(fuzzerId string) error

MkAllOutputDirs makes all Afl output directories for the given fuzzer

func (FleetFileManager) MkCrashesDir 

func (m FleetFileManager) MkCrashesDir(fuzzerId string) error

MkCrashesDir makes the crashes directory for the given fuzzer

func (FleetFileManager) MkQueueDir 

func (m FleetFileManager) MkQueueDir(fuzzerId string) error

MkQueueDir makes the queue directory for the given fuzzer

func (FleetFileManager) MkTopLevelInputDir 

func (m FleetFileManager) MkTopLevelInputDir() error

MkTopLevelInputDir creates the top-level input dir for the fleet. If this dir already exists, it is a no-op

func (FleetFileManager) MkTopLevelOutputDir 

func (m FleetFileManager) MkTopLevelOutputDir() error

MkTopLevelOutputDir creates the top-level output dir for the fleet. If this dir already exists, it is a no-op

func (FleetFileManager) ReadDict 

func (m FleetFileManager) ReadDict() ([]byte, error)

ReadDict reads the contents of the AFL seed dict (if any)

func (FleetFileManager) ReadInput 

func (m FleetFileManager) ReadInput(fuzzerId, inputType, inputName string) (*Input, error)

ReadInput reads the given input from the given fuzzer

func (FleetFileManager) ReadInputs 

func (m FleetFileManager) ReadInputs() (*InputCorpus, error)

ReadInputs reads the inputs for the fleet from disk.

AFL's "inputs" are example test cases to give fuzzers somewhere to start from. We therefore only need to save one, top-level copy of them.

func (FleetFileManager) ReadOutputs 

func (m FleetFileManager) ReadOutputs() (map[string]*AflOutput, error)

ReadOutputs reads all outputs for all fuzzers in the fleet that have output saved to disk.

It returns this data as a map from fuzzerId => *AflOutput.

func (FleetFileManager) ReadQueues 

func (m FleetFileManager) ReadQueues() (map[string]*InputCorpus, error)

ReadQueues reads all queues for all fuzzers with output saved to disk. It returns this data as a map from fuzzerId => *InputCorpus.

func (FleetFileManager) TopLevelInputDir 

func (m FleetFileManager) TopLevelInputDir() string

TopLevelInputDir returns the path of the top-level input dir for the fleet

func (FleetFileManager) TopLevelOutputDir 

func (m FleetFileManager) TopLevelOutputDir() string

TopLevelOutputDir returns the path of the top-level output dir for the fleet

func (FleetFileManager) WriteDict 

func (m FleetFileManager) WriteDict(dict []byte) error

WriteDict writes an AFL seed dict to disk. This is used by the clients when they receive the dict from the server.

func (FleetFileManager) WriteOutput 

func (m FleetFileManager) WriteOutput(fuzzerId string, output *AflOutput) error

WriteOutput writes the given AflOutput for the given fuzzerId to the appropriate location

func (FleetFileManager) WriteQueues 

func (m FleetFileManager) WriteQueues(queues *map[string]*InputCorpus) error

WriteQueues writes all queues in the given `queues` map to disk. `queues` is of the form fuzzerId => *InputCorpus. This method is used by the server to persist to disk queues that are reported to it by clients.

func (FleetFileManager) WriteTopLevelInput 

func (m FleetFileManager) WriteTopLevelInput(input *Input) error

WriteTopLevelInput writes the given input to the fleet's input dir

type FuzzerConfig 

type FuzzerConfig struct {
	UseBinary    bool          `yaml:"use_binary"`
	UseDict      bool          `yaml:"use_dict"`
	SyncInterval time.Duration `yaml:"sync_interval"`

	Command    []string `yaml:"command"`
	MemLimitMb int      `yaml:"mem_limit_mb"`
	TimeoutMs  int      `yaml:"timeout_ms"`
}

A FuzzerConfig is initially constructed from a config file by roving-srv. roving-client retrieves it from roving-srv over HTTP.

type FuzzerStats 

type FuzzerStats struct {
	StartTime     uint64
	LastUpdate    uint64
	FuzzerPid     uint64
	CyclesDone    uint64
	ExecsDone     uint64
	ExecsPerSec   float64
	PathsTotal    uint64
	PathsFavored  uint64
	PathsFound    uint64
	PathsImported uint64
	MaxDepth      uint64
	CurPath       uint64
	PendingFavs   uint64
	PendingTotal  uint64
	VariablePaths uint64
	BitmapCvg     float64
	UniqueCrashes uint64
	UniqueHangs   uint64
	LastPath      uint64
	LastCrash     uint64
	LastHang      uint64
	ExecTimeout   uint64
	AflBanner     string
	AflVersion    string
	CommandLine   string
}

FuzzerStats is a struct of the stats that a that an AFL fuzzer writes to disk at `./fuzzer_stats`

func ParseStats 

func ParseStats(stats string) (*FuzzerStats, error)

ParseStats parses an AFL fuzzer_stats file. It returns a FuzzerStats struct.

type Input 

type Input struct {
	Name string
	Body []byte
}

Input is an AFL test case. This can be a test case from anywhere - `output/crashes`, `output/queue`, `output/hangs`, or `input/`.

type InputCorpus 

type InputCorpus struct {
	Inputs []Input
}

InputCorpus is a collection of Inputs. It is used to represent the crashes, queue and hangs AFL output directories, as well as the input directory.

func ReadInputCorpus 

func ReadInputCorpus(dir string) (*InputCorpus, error)

ReadInputCorpus reads all files in the given dir and returns them as an InputCorpus.

func (*InputCorpus) Add 

func (i *InputCorpus) Add(other Input)

type S3ArchiveConfig 

type S3ArchiveConfig struct {
	RootKey    string `yaml:"root_key"`
	BucketName string `yaml:"bucket_name"`
	AwsRegion  string `yaml:"aws_region"`
	IsLocal    bool   `yaml:"is_local"`
}

type ServerConfig 

type ServerConfig struct {
	Port                  int           `yaml:"port"`
	Workdir               string        `yaml:"workdir"`
	BinaryPath            string        `yaml:"binary_path"`
	MetricsReportInterval time.Duration `yaml:"metrics_report_interval"`

	Fuzzer  FuzzerConfig  `yaml:"fuzzer"`
	Archive ArchiveConfig `yaml:"archive"`
}

func (*ServerConfig) ValidateConfig 

func (r *ServerConfig) ValidateConfig() error

type State 

type State struct {
	Id        string
	Stats     FuzzerStats
	AflOutput AflOutput
}

State is a struct representing the current state of a fuzzer

type TargetBinary 

type TargetBinary = []byte

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.