Yevgeny Pats yevgenypats
🎯
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import json | |
| import argparse | |
| from datetime import datetime | |
| def upload_urls(path, limit, api_key=None): | |
| data = json.load(open(path, 'r')) | |
| data = sorted(data, key=lambda x: datetime.strptime(x['submission_time'][:10], '%Y-%m-%d'), reverse=True) | |
| headers = {'Authorization': api_key} if api_key else None |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # install git, cmake, zlib, libexpat | |
| apt update && apt install -y git build-essential cmake zlib1g-dev libexpat1-dev | |
| # install afl | |
| git clone https://github.com/mirrorer/afl | |
| cd afl | |
| make && make install | |
| cd .. | |
| # Download and compile the vulnerable exiv2 version (as it's already fixed in master) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # install git, cmake, zlib, libexpat, clang-8 | |
| apt update && apt install -y git build-essential cmake zlib1g-dev libexpat1-dev clang-8 | |
| # Download the vulnerable code with the libFuzzer targets | |
| git clone https://github.com/fuzzitdev/exiv2 --branch libfuzzer_integration_vanilla exiv2 | |
| cd exiv2 | |
| # Compile the libFuzzer targets | |
| mkdir build | |
| cd build |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // pseudo code | |
| Instrument program for code coverage | |
| for { | |
| Choose random input from corpus | |
| Mutate input | |
| Execute input and collect coverage | |
| If new coverage/paths are hit add it to corpus (corpus - directory with test-cases) | |
| } |
yevgenypats
/ parse_complex.go
Created
October 2, 2019 09:34
simple go function containing off-by-one bug
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package parser | |
| func ParseComplex(data [] byte) bool { | |
| if len(data) == 5 { | |
| if data[0] == 'F' && data[1] == 'U' && data[2] == 'Z' && data[3] == 'Z' && data[4] == 'I' && data[5] == 'T' { | |
| return true | |
| } | |
| } | |
| return false | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // +build gofuzz | |
| package parser | |
| func Fuzz(data []byte) int { | |
| ParseComplex(data) | |
| return 0 | |
| } |
yevgenypats
/ go-fuzz-tutorial.sh
Created
October 2, 2019 09:46
Building and running go-fuzz with libFuzzer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| docker run -it gcr.io/fuzzit-public/buster-golang12:2dc7875 /bin/bash | |
| # Download this example | |
| go get github.com/fuzzitdev/example-go | |
| cd /go/src/github.com/fuzzitdev/example-go | |
| # building instrumented version of the code together with libFuzzer integration | |
| go-fuzz-build -libfuzzer -o parse-complex.a . | |
| clang -fsanitize=fuzzer parse-complex.a -o parse-complex |
yevgenypats
/ continuous-fuzzing-workflows.txt
Last active
October 2, 2019 09:59
Continuous Fuzzing Workflows
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //psuedo code | |
| # fuzzing workflow | |
| for { | |
| * push new code to master/dev | |
| * Build the fuzzers in the CI and upload to a server where you will run them. | |
| * The fuzzer will run either until it finds a crash or until a new version of the fuzzer is uploaded | |
| * Corpus is saved between runs | |
| } |
yevgenypats
/ .travis.yml
Created
October 2, 2019 10:01
.travis.yml for continuous fuzzing via fuzzit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| dist: bionic | |
| language: go | |
| go: | |
| - "1.12.x" | |
| services: | |
| - docker | |
| env: | |
| global: |
yevgenypats
/ parse_complex.rs
Created
October 8, 2019 12:13
simple rust function with off-by-one bug
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pub fn parse_complex(data: &[u8]) -> bool{ | |
| if data.len() == 5 { | |
| if data[0] == b'F' && data[1] == b'U' && data[2] == b'Z' && data[3] == b'Z' && data[4] == b'I' && data[5] == b'T' { | |
| return true | |
| } | |
| } | |
| return true; | |
| } |
OlderNewer