From: Philippe Antoine Date: Thu, 5 Nov 2020 14:46:54 +0000 (+0100) Subject: fuzz: applayer target uses yaml config X-Git-Tag: suricata-6.0.1~72 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c93cbe66c28638bf875e14f3def4d063a16f656c;p=thirdparty%2Fsuricata.git fuzz: applayer target uses yaml config so that every app-layer protocol is enabled --- diff --git a/src/tests/fuzz/confyaml.c b/src/tests/fuzz/confyaml.c new file mode 100644 index 0000000000..c558b3d0c4 --- /dev/null +++ b/src/tests/fuzz/confyaml.c @@ -0,0 +1,102 @@ +const char configNoChecksum[] = "\ +%YAML 1.1\n\ +---\n\ +pcap-file:\n\ +\n\ + checksum-checks: no\n\ +\n\ +stream:\n\ +\n\ + checksum-validation: no\n\ +outputs:\n\ + - fast:\n\ + enabled: yes\n\ + filename: /dev/null\n\ + - eve-log:\n\ + enabled: yes\n\ + filetype: regular\n\ + filename: /dev/null\n\ + xff:\n\ + enabled: yes\n\ + mode: extra-data\n\ + deployment: reverse\n\ + header: X-Forwarded-For\n\ + types:\n\ + - alert:\n\ + payload: yes\n\ + payload-printable: yes\n\ + packet: yes\n\ + metadata: yes\n\ + http-body: yes\n\ + http-body-printable: yes\n\ + tagged-packets: yes\n\ + - anomaly:\n\ + enabled: yes\n\ + types:\n\ + decode: yes\n\ + stream: yes\n\ + applayer: yes\n\ + packethdr: yes\n\ + - http:\n\ + extended: yes\n\ + dump-all-headers: both\n\ + - dns\n\ + - tls:\n\ + extended: yes\n\ + session-resumption: yes\n\ + - files\n\ + - smtp:\n\ + extended: yes\n\ + - dnp3\n\ + - ftp\n\ + - rdp\n\ + - nfs\n\ + - smb\n\ + - tftp\n\ + - ikev2\n\ + - krb5\n\ + - snmp\n\ + - rfb\n\ + - sip\n\ + - dhcp:\n\ + enabled: yes\n\ + extended: yes\n\ + - ssh\n\ + - flow\n\ + - netflow\n\ + - metadata\n\ + - http-log:\n\ + enabled: yes\n\ + filename: /dev/null\n\ + extended: yes\n\ + - tls-log:\n\ + enabled: yes\n\ + filename: /dev/null\n\ + extended: yes\n\ +app-layer:\n\ + protocols:\n\ + rdp:\n\ + enabled: yes\n\ + modbus:\n\ + enabled: yes\n\ + detection-ports:\n\ + dp: 502\n\ + dnp3:\n\ + enabled: yes\n\ + detection-ports:\n\ + dp: 20000\n\ + enip:\n\ + enabled: yes\n\ + detection-ports:\n\ + dp: 44818\n\ + sp: 44818\n\ + sip:\n\ + enabled: yes\n\ + ssh:\n\ + enabled: yes\n\ + hassh: yes\n\ + mqtt:\n\ + enabled: yes\n\ + http2:\n\ + enabled: yes\n\ +"; diff --git a/src/tests/fuzz/fuzz_applayerparserparse.c b/src/tests/fuzz/fuzz_applayerparserparse.c index c319c22223..06a8ad4e8b 100644 --- a/src/tests/fuzz/fuzz_applayerparserparse.c +++ b/src/tests/fuzz/fuzz_applayerparserparse.c @@ -11,6 +11,7 @@ #include "app-layer-parser.h" #include "util-unittest-helper.h" #include "util-byte.h" +#include "conf-yaml-loader.h" #define HEADER_LEN 6 @@ -18,6 +19,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); AppLayerParserThreadCtx *alp_tctx = NULL; +#include "confyaml.c" + /* input buffer is structured this way : * 6 bytes header, * then sequence of buffers separated by magic bytes 01 D5 CA 7A */ @@ -58,6 +61,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) //redirect logs to /tmp ConfigSetLogDirectory("/tmp/"); + // disables checksums validation for fuzzing + if (ConfYamlLoadString(configNoChecksum, strlen(configNoChecksum)) != 0) { + abort(); + } PostConfLoadedSetup(&surifuzz); alp_tctx = AppLayerParserThreadCtxAlloc(); @@ -66,6 +73,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) if (ByteExtractStringUint64(&forceLayer, 10, 0, forceLayerStr) < 0) { forceLayer = 0; printf("Invalid numeric value for FUZZ_APPLAYER environment variable"); + } else { + printf("Forcing %s\n", AppProtoToString(forceLayer)); } } } diff --git a/src/tests/fuzz/fuzz_sigpcap.c b/src/tests/fuzz/fuzz_sigpcap.c index e277ebfbd8..8e2395d102 100644 --- a/src/tests/fuzz/fuzz_sigpcap.c +++ b/src/tests/fuzz/fuzz_sigpcap.c @@ -33,108 +33,7 @@ DecodeThreadVars *dtv; void *fwd; SCInstance surifuzz; -const char configNoChecksum[] = "\ -%YAML 1.1\n\ ----\n\ -pcap-file:\n\ -\n\ - checksum-checks: no\n\ -\n\ -stream:\n\ -\n\ - checksum-validation: no\n\ -outputs:\n\ - - fast:\n\ - enabled: yes\n\ - filename: /dev/null\n\ - - eve-log:\n\ - enabled: yes\n\ - filetype: regular\n\ - filename: /dev/null\n\ - xff:\n\ - enabled: yes\n\ - mode: extra-data\n\ - deployment: reverse\n\ - header: X-Forwarded-For\n\ - types:\n\ - - alert:\n\ - payload: yes\n\ - payload-printable: yes\n\ - packet: yes\n\ - metadata: yes\n\ - http-body: yes\n\ - http-body-printable: yes\n\ - tagged-packets: yes\n\ - - anomaly:\n\ - enabled: yes\n\ - types:\n\ - decode: yes\n\ - stream: yes\n\ - applayer: yes\n\ - packethdr: yes\n\ - - http:\n\ - extended: yes\n\ - dump-all-headers: both\n\ - - dns\n\ - - tls:\n\ - extended: yes\n\ - session-resumption: yes\n\ - - files\n\ - - smtp:\n\ - extended: yes\n\ - - dnp3\n\ - - ftp\n\ - - rdp\n\ - - nfs\n\ - - smb\n\ - - tftp\n\ - - ikev2\n\ - - krb5\n\ - - snmp\n\ - - rfb\n\ - - sip\n\ - - dhcp:\n\ - enabled: yes\n\ - extended: yes\n\ - - ssh\n\ - - flow\n\ - - netflow\n\ - - metadata\n\ - - http-log:\n\ - enabled: yes\n\ - filename: /dev/null\n\ - extended: yes\n\ - - tls-log:\n\ - enabled: yes\n\ - filename: /dev/null\n\ - extended: yes\n\ -app-layer:\n\ - protocols:\n\ - rdp:\n\ - enabled: yes\n\ - modbus:\n\ - enabled: yes\n\ - detection-ports:\n\ - dp: 502\n\ - dnp3:\n\ - enabled: yes\n\ - detection-ports:\n\ - dp: 20000\n\ - enip:\n\ - enabled: yes\n\ - detection-ports:\n\ - dp: 44818\n\ - sp: 44818\n\ - sip:\n\ - enabled: yes\n\ - ssh:\n\ - enabled: yes\n\ - hassh: yes\n\ - mqtt:\n\ - enabled: yes\n\ - http2:\n\ - enabled: yes\n\ -"; +#include "confyaml.c" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {