diff --git a/Dockerfile b/Dockerfile index e161619..4021769 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,97 +1,118 @@ # # This Dockerfile for AFLplusplus uses Ubuntu 22.04 jammy and -# installs LLVM 14 for afl-clang-lto support. -# -# GCC 11 is used instead of 12 because genhtml for afl-cov doesn't like it. +# installs LLVM 14 for afl-clang-lto support :-) # -FROM ubuntu:22.04 AS aflplusplus -LABEL "maintainer"="AFL++ team " -LABEL "about"="AFLplusplus container image" +FROM ubuntu:focal +# If we want to use jammy and correspondingly gcc-12, llvm-14, we need to +# update docker version to 20.x +# FROM ubuntu:jammy -### Comment out to enable these features -# Only available on specific ARM64 boards -ENV NO_CORESIGHT=1 -# Possible but unlikely in a docker container -ENV NO_NYX=1 +ARG DEBIAN_FRONTEND=noninteractive + +ENV NO_ARCH_OPT=1 -### Only change these if you know what you are doing: -# LLVM 15 does not look good so we stay at 14 to still have LTO -ENV LLVM_VERSION=14 -# GCC 12 is producing compile errors for some targets so we stay at GCC 11 -ENV GCC_VERSION=11 +RUN apt-get update && \ + apt-get -y install --no-install-suggests --no-install-recommends \ + # AFL++ dependencies + automake \ + cmake \ + meson \ + ninja-build \ + bison flex \ + build-essential \ + git \ + python3 python3-dev python3-setuptools python-is-python3 \ + libtool libtool-bin \ + libglib2.0-dev \ + libcairo2-dev \ + wget vim jupp nano bash-completion less \ + apt-utils apt-transport-https ca-certificates gnupg dialog \ + libpixman-1-dev \ + gnuplot-nox \ + # Unzip seeds + unzip \ + # QoL + Eval pipeline dependencies + sudo screen beanstalkd python3-pip python3.8-venv \ + && rm -rf /var/lib/apt/lists/* -### No changes beyond the point unless you know what you are doing :) -ARG DEBIAN_FRONTEND=noninteractive +RUN apt-get update && \ + apt-get -y install --no-install-suggests --no-install-recommends \ + lsb-release wget software-properties-common gnupg + +RUN wget https://apt.llvm.org/llvm.sh +RUN chmod +x llvm.sh +RUN sudo ./llvm.sh 15 + +RUN update-alternatives --install /usr/bin/clang clang /usr/bin/clang-15 10 \ + --slave /usr/bin/clang++ clang++ /usr/bin/clang++-15 \ + --slave /usr/bin/opt opt /usr/bin/opt-15 +RUN update-alternatives --install /usr/lib/llvm llvm /usr/lib/llvm-15 20 \ + --slave /usr/bin/llvm-config llvm-config /usr/bin/llvm-config-15 \ + --slave /usr/bin/llvm-link llvm-link /usr/bin/llvm-link-15 + +# Setup a new user + +# Make the user reflect the host user +ARG USER_NAME=docker +ARG UID=1000 +ARG GID=1000 + +RUN groupadd -g $GID -o $USER_NAME +RUN useradd -m -u $UID -g $GID -G sudo -o -s /bin/bash -d /home/$USER_NAME $USER_NAME +RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers + +# Move into userland +USER $USER_NAME + +# Prepare the user's workspace +RUN sudo mkdir -p /workspace && \ + sudo chown $USER_NAME:$USER_NAME /workspace +WORKDIR /workspace + +# Add ~/.local/bin and /usr/local/go/bin to the PATH +RUN mkdir -p /home/$USER_NAME/.local/bin +ENV PATH="/home/$USER_NAME/.local/bin:/usr/local/go/bin:/workspace/gllvm_bins:${PATH}" +RUN echo "export PATH=$PATH" >> ~/.bashrc +# +# # AFL++ env variables ENV NO_ARCH_OPT=1 ENV IS_DOCKER=1 -RUN apt-get update && apt-get full-upgrade -y && \ - apt-get install -y --no-install-recommends wget ca-certificates apt-utils && \ - rm -rf /var/lib/apt/lists/* - -RUN echo "deb [signed-by=/etc/apt/keyrings/llvm-snapshot.gpg.key] http://apt.llvm.org/jammy/ llvm-toolchain-jammy-${LLVM_VERSION} main" > /etc/apt/sources.list.d/llvm.list && \ - wget -qO /etc/apt/keyrings/llvm-snapshot.gpg.key https://apt.llvm.org/llvm-snapshot.gpg.key +ENV NO_CORESIGHT=1 +ENV NO_NYX=1 -RUN apt-get update && \ - apt-get -y install --no-install-recommends \ - make cmake automake meson ninja-build bison flex \ - git xz-utils bzip2 wget jupp nano bash-completion less vim joe ssh psmisc \ - python3 python3-dev python3-pip python-is-python3 \ - libtool libtool-bin libglib2.0-dev \ - apt-transport-https gnupg dialog \ - gnuplot-nox libpixman-1-dev bc \ - gcc-${GCC_VERSION} g++-${GCC_VERSION} gcc-${GCC_VERSION}-plugin-dev gdb lcov \ - clang-${LLVM_VERSION} clang-tools-${LLVM_VERSION} libc++1-${LLVM_VERSION} \ - libc++-${LLVM_VERSION}-dev libc++abi1-${LLVM_VERSION} libc++abi-${LLVM_VERSION}-dev \ - libclang1-${LLVM_VERSION} libclang-${LLVM_VERSION}-dev \ - libclang-common-${LLVM_VERSION}-dev libclang-rt-${LLVM_VERSION}-dev libclang-cpp${LLVM_VERSION} \ - libclang-cpp${LLVM_VERSION}-dev liblld-${LLVM_VERSION} \ - liblld-${LLVM_VERSION}-dev liblldb-${LLVM_VERSION} liblldb-${LLVM_VERSION}-dev \ - libllvm${LLVM_VERSION} libomp-${LLVM_VERSION}-dev libomp5-${LLVM_VERSION} \ - lld-${LLVM_VERSION} lldb-${LLVM_VERSION} llvm-${LLVM_VERSION} \ - llvm-${LLVM_VERSION}-dev llvm-${LLVM_VERSION}-runtime llvm-${LLVM_VERSION}-tools \ - $([ "$(dpkg --print-architecture)" = "amd64" ] && echo gcc-${GCC_VERSION}-multilib gcc-multilib) \ - $([ "$(dpkg --print-architecture)" = "arm64" ] && echo libcapstone-dev) && \ - rm -rf /var/lib/apt/lists/* - # gcc-multilib is only used for -m32 support on x86 - # libcapstone-dev is used for coresight_mode on arm64 - -RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-${GCC_VERSION} 0 && \ - update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-${GCC_VERSION} 0 && \ - update-alternatives --install /usr/bin/clang clang /usr/bin/clang-${LLVM_VERSION} 0 && \ - update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang++-${LLVM_VERSION} 0 - -RUN wget -qO- https://sh.rustup.rs | CARGO_HOME=/etc/cargo sh -s -- -y -q --no-modify-path -ENV PATH=$PATH:/etc/cargo/bin - -RUN apt clean -y - -ENV LLVM_CONFIG=llvm-config-${LLVM_VERSION} +ENV LLVM_CONFIG=llvm-config-15 ENV AFL_SKIP_CPUFREQ=1 ENV AFL_TRY_AFFINITY=1 ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 -RUN git clone --depth=1 https://github.com/vanhauser-thc/afl-cov && \ - (cd afl-cov && make install) && rm -rf afl-cov +# Import and setup OptFuzz +RUN git clone https://github.com/FOX-Fuzz/FOX.git OptFuzzer + +WORKDIR /workspace/OptFuzzer +RUN export CC=clang-15 && export CXX=clang++-15 && make clean && \ + make -WORKDIR /AFLplusplus -COPY . . +RUN sudo ln -s /usr/bin/llvm-nm-15 /usr/local/bin/llvm-nm -ARG CC=gcc-$GCC_VERSION -ARG CXX=g++-$GCC_VERSION +# Add evaluation pipeline +WORKDIR /workspace +RUN mkdir -p /workspace/fuzzopt-eval +WORKDIR /workspace/fuzzopt-eval +COPY --chown=$UID:$GID . /workspace/fuzzopt-eval/fuzzdeployment -# Used in CI to prevent a 'make clean' which would remove the binaries to be tested -ARG TEST_BUILD +# Fix python dependencies +WORKDIR /workspace/fuzzopt-eval/fuzzdeployment/scripts +RUN pip install "cython<3.0.0" wheel +RUN pip install "pyyaml==5.4.1" --no-build-isolation +RUN pip install pyelftools +RUN pip install -r requirements.txt -RUN sed -i.bak 's/^ -/ /g' GNUmakefile && \ - make clean && make distrib && \ - ([ "${TEST_BUILD}" ] || (make install && make clean)) && \ - mv GNUmakefile.bak GNUmakefile +# Clean up unnecessary directories +RUN rm -r /workspace/fuzzopt-eval/fuzzdeployment/docker +RUN rm -r /workspace/fuzzopt-eval/fuzzdeployment/magma_artifact -RUN echo "set encoding=utf-8" > /root/.vimrc && \ - echo ". /etc/bash_completion" >> ~/.bashrc && \ - echo 'alias joe="joe --wordwrap --joe_state -nobackup"' >> ~/.bashrc && \ - echo "export PS1='"'[AFL++ \h] \w \$ '"'" >> ~/.bashrc +WORKDIR /workspace/fuzzopt-eval/fuzzdeployment diff --git a/Dockerfile_README.md b/Dockerfile_README.md new file mode 100644 index 0000000..9a98492 --- /dev/null +++ b/Dockerfile_README.md @@ -0,0 +1,78 @@ +# Prerequisites +Install [Oracle Virtual Box](https://www.virtualbox.org/) +Install Virtual Box Image \- Lubuntu 24.04 + +# Docker Installation +[Install using the apt respository](https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository) +Follow Steps 1-3 + +# Image Procurement +*Build FOX image from Dockerfile (replace Dockerfile ../ with file path)* + +*When building, make sure to build inside ../fuzzing-analysis/fuzzdeployment* + +``` +docker build --build-arg USER_NAME=$USER --build-arg UID=$(id -u) --build-arg GID=$(id -u) -t "adamstorek/fox:latest" -f Dockerfile ../ . +``` + +*Run* + +``` +docker run --privileged --network='host' -d --name="optfuzz_eval" -it adamstorek/fox:latest + +docker exec -it optfuzz_eval /bin/bash +``` + +# Compiling and Running Target +### Step 1: +cd targets +![Step1](https://github.com/clz2116/FOX/blob/fc525afa75dc2d6276b7066a76b7a1956c681372/README_StandAlone%20Images/Step%201.png) + +### Step 2: +run: ./unzip\_seeds.sh +![Step2](https://github.com/clz2116/FOX/blob/fc525afa75dc2d6276b7066a76b7a1956c681372/README_StandAlone%20Images/Step%202.png) + +### Step 3: +cd zlibunc +![Step3](https://github.com/clz2116/FOX/blob/fc525afa75dc2d6276b7066a76b7a1956c681372/README_StandAlone%20Images/Step%203.png) + +### Step 4: +run: ./preinstall.sh +![Step4](https://github.com/clz2116/FOX/blob/fc525afa75dc2d6276b7066a76b7a1956c681372/README_StandAlone%20Images/Step%204.png) + +### Step 5: +run: ./build\_aflpp.sh optfuzz\_nogllvm +![Step5](https://github.com/clz2116/FOX/blob/fc525afa75dc2d6276b7066a76b7a1956c681372/README_StandAlone%20Images/Step%205.png) + +### Step 6: +cd binaries/optfuzz\_build +![Step6](https://github.com/clz2116/FOX/blob/fc525afa75dc2d6276b7066a76b7a1956c681372/README_StandAlone%20Images/Step%206.png) + +### Step 7: +Go to File \-\> New Tab + +* This should open a new main terminal window +* Note: the terminal should NOT be within the FOX terminal/image + +![Step7](https://github.com/clz2116/FOX/blob/fc525afa75dc2d6276b7066a76b7a1956c681372/README_StandAlone%20Images/Step%207.png) + +### Step 8: +Run command: sudo bash \-c "echo core \>/proc/sys/kernel/core\_pattern" +Enter password if necessary +Run command: sudo vim /proc/sys/kernel/core\_pattern +![Step8](https://github.com/clz2116/FOX/blob/fc525afa75dc2d6276b7066a76b7a1956c681372/README_StandAlone%20Images/Step%208.png) + +### Step 9: +Confirm that file core\_pattern has ONLY the word "core" inside +![Step9](https://github.com/clz2116/FOX/blob/fc525afa75dc2d6276b7066a76b7a1956c681372/README_StandAlone%20Images/Step%209.png) + +then esc, :q to exit the vim file + +### Step 10: +Return to FOX terminal/image + +run: /workspace/OptFuzzer/afl-fuzz \-k \-p wd\_scheduler \-i ../../seeds\_fuzzbench \-o out \-- ./zlib\_uncompress\_fuzzer +![Step10](https://github.com/clz2116/FOX/blob/fc525afa75dc2d6276b7066a76b7a1956c681372/README_StandAlone%20Images/Step%2010.png) + +### Finished: +![Finished](https://github.com/clz2116/FOX/blob/b398526a6119c4d2df93528e4e13d7ba9a2ab199/README_StandAlone%20Images/Finished.png)