QA: --afl-rules for faster rule fuzzing

10 years ago · 1c8775b340
parent c3efc4e072
commit 1c8775b340
4 changed files with 55 additions and 0 deletions
--- a/configure.ac
+++ b/configure.ac
@ -272,6 +272,7 @@
        AC_DEFINE([AFLFUZZ_MIME], [1], [Enable --afl-mime commandline option])
        AC_DEFINE([AFLFUZZ_DECODER], [1], [Enable --afl-decoder-$proto commandline option])
        AC_DEFINE([AFLFUZZ_DER], [1], [Enable --afl-der commandline option])
+        AC_DEFINE([AFLFUZZ_RULES], [1], [Enable --afl-rules commandline option])

        # test for AFL PERSISTANT_MODE support
        CFLAGS_ORIG=$CFLAGS
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@ -2019,6 +2019,51 @@ void DetectSetupParseRegexes(const char *parse_str,
    return;
 }

+#ifdef AFLFUZZ_RULES
+#include "util-reference-config.h"
+int RuleParseDataFromFile(char *filename)
+{
+    char buffer[65536];
+
+    SigTableSetup();
+    SigParsePrepare();
+    SCReferenceConfInit();
+    SCClassConfInit();
+
+    DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+    if (de_ctx == NULL)
+        return 0;
+
+#ifdef AFLFUZZ_PERSISTANT_MODE
+    while (__AFL_LOOP(10000)) {
+        /* reset state */
+        memset(buffer, 0, sizeof(buffer));
+#endif /* AFLFUZZ_PERSISTANT_MODE */
+
+        FILE *fp = fopen(filename, "r");
+        BUG_ON(fp == NULL);
+
+        size_t result = fread(&buffer, 1, sizeof(buffer), fp);
+        if (result < sizeof(buffer)) {
+            buffer[result] = '\0';
+            Signature *s = SigInit(de_ctx, buffer);
+            if (s != NULL) {
+                SigFree(s);
+            }
+        }
+        fclose(fp);
+
+#ifdef AFLFUZZ_PERSISTANT_MODE
+    }
+#endif /* AFLFUZZ_PERSISTANT_MODE */
+
+    DetectEngineCtxFree(de_ctx);
+    SCClassConfDeinit();
+    SCReferenceConfDeinit();
+    return 0;
+}
+#endif /* AFLFUZZ_RULES */
+
 /*
 * TESTS
 */
--- a/src/detect-parse.h
+++ b/src/detect-parse.h
@ -75,5 +75,9 @@ void DetectSetupParseRegexes(const char *parse_str,
 void DetectParseRegexAddToFreeList(pcre *regex, pcre_extra *study);
 void DetectParseFreeRegexes(void);

+#ifdef AFLFUZZ_RULES
+int RuleParseDataFromFile(char *filename);
+#endif
+
 #endif /* __DETECT_PARSE_H__ */

--- a/src/suricata.c
+++ b/src/suricata.c
@ -1223,6 +1223,7 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri)
        {"netmap", optional_argument, 0, 0},
        {"pcap", optional_argument, 0, 0},
        {"simulate-ips", 0, 0 , 0},
+        {"afl-rules", required_argument, 0 , 0},
        {"afl-http-request", required_argument, 0 , 0},
        {"afl-http", required_argument, 0 , 0},
        {"afl-tls-request", required_argument, 0 , 0},
@ -1382,6 +1383,10 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri)
                if (ParseCommandLinePcapLive(suri, optarg) != TM_ECODE_OK) {
                    return TM_ECODE_FAILED;
                }
+#ifdef AFLFUZZ_RULES
+            } else if(strcmp((long_opts[option_index]).name, "afl-rules") == 0) {
+                exit(RuleParseDataFromFile(optarg));
+#endif
 #ifdef AFLFUZZ_APPLAYER
            } else if(strcmp((long_opts[option_index]).name, "afl-http-request") == 0) {
                //printf("arg: //%s\n", optarg);