Merge pull request #2 from ForAllSecure/add-package

Add package

.github/workflows/bazel_test.yml

@@ -17,9 +17,17 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
+
       - name: Build Mayhemfiles
         run: |
-          bazel build //examples:all
+          bazel build //examples:factor_mayhemfile
+          bazel build //examples:base64_mayhemfile
+          bazel build //examples:lighttpd_mayhemfile
+          bazel build //examples:package_mayhemit
+
       - name: Run tests
         run: |
-          bazel test --test_output=all //examples:all
+          bazel test --test_output=all //examples:validate_factor
+          bazel test --test_output=all //examples:validate_base64
+          bazel test --test_output=all //examples:validate_lighttpd
+          bazel test --test_output=all //examples:validate_mayhemit

.gitignore

@@ -2,3 +2,4 @@ bazel-bin
 bazel-out
 bazel-rules_mayhem
 bazel-testlogs
+pkg

mayhem/mayhemfile.template → Mayhemfile

@@ -1,49 +1,45 @@
 # Mayhem by https://forallsecure.com
 # Mayhemfile: configuration file for testing your target with Mayhem
 # Format: YAML 1.1
-{VERSION}
 
 # Project name that the target belongs to
-project: {PROJECT}
+project: xansec/ubuntu
 
 # Target name (should be unique within the project)
-target: {TARGET}
+target: ubuntu-latest
 
 # Base image to run the binary in.
-image: {IMAGE}
+image: ubuntu
 
 # Turns on extra test case processing (completing a run will take longer)
-{ADV_TRIAGE}
-{DURATION}
-{TASKS}
-{TESTSUITE}
-{UID}
-{GID}
+advanced_triage: false
 
 # List of commands used to test the target
 cmds:
 
   # Command used to start the target, "@@" is the input file
   # (when "@@" is omitted Mayhem defaults to stdin inputs)
-  - cmd: {COMMAND}
-    env: {ENV}
-    {LIBFUZZER}
-    {AFL}
-    {HONGGFUZZ}
-    {SANITIZER}
-    {CWD}
-    {FILEPATH}
-  {SECOND_COMMAND}
-
+  - cmd: /bin/bash
+    env: {}
+    libfuzzer: true
+extensions: {}
+
+    ## Uncomment to change default dir (/) from which the target is invoked
+    #cwd: /
+
+    ## If this is a network target, uncomment the block below and remove
+    ## the @@ input file reference in the cmd (you can either test network or
+    ## file inputs, not both).
+    #network:
     ## Use "127.0.0.1" instead of "localhost" below if you want to test only
     ## for IPv4. For IPv6, use "[::1]". By leaving as "localhost", Mayhem will
     ## attempt to autodetect the one used by the target.
-    {NETWORK}
+    #  url: tcp://localhost:8080  # protocol, host and port to analyze
+    #  client: False           # target is a client-side program
+    #  timeout: 2.0               # max seconds for sending data
 
     ## Max test case length (in bytes) to be taken into account. Test cases over
     ## that length will be truncated. Be very careful about increasing this
     ## limit as it can severely affect your fuzzer performance.
-    {MAX_LENGTH}
-    {CMD_TIMEOUT}
-    {MEMORY_LIMIT}
-    {DICTIONARY}
+    # max_length: 8192
+

examples/BUILD

@@ -1,83 +1,95 @@
-load("//mayhem:mayhem.bzl", "mayhem")
+load("//mayhem:mayhem.bzl", "mayhemfile", "mayhem_run", "mayhem_package")
 
 # Generates a minimal Mayhemfile
-mayhem(
-    name = "factor",
-    run = False,
+mayhemfile(
+    name = "factor_mayhemfile",
     project = "bazel-rules",
     target = "factor",
-    command = "/bin/factor",
+    cmd = "/bin/factor",
     image = "photon:latest",
 )
 
 # Generates a complete Mayhemfile
-mayhem(
-    name = "base64",
-    run = False,
+mayhemfile(
+    name = "base64_mayhemfile",
     project = "bazel-rules",
+    owner = "forallsecure-demo",
     target = "base64",
-    command = "/bin/base64 @@",
-    second_command = "/bin/base64 -d @@", # just a duplicate in this example; in real life, you want to provide both an instrumented and uninstrumented target to take advantage of SE
+    cmd = "/bin/base64 @@",
     image = "photon:latest",
     duration = "90",
-    tasks = [
-      "exploitability_factors",
-      "regression_testing",
-      "behavior_testing"
-    ],
-    testsuite = [
-      "file://testsuite" # or https://<server>/<owner>/<project_name>/<target_name>/testsuite.tar
-    ],
+    advanced_triage = "false",
     uid = "0",
     gid = "0",
     max_length = "8192",
     cwd = "/bin",
     filepath = "/tmp/customfile",
     env = {"FOO": "foo", "BAR": "bar"},
-    cmd_timeout = "3",
     memory_limit = "8192",
     sanitizer = "false",
     libfuzzer = "false",
-    afl = "false",
     honggfuzz = "false",
-    dictionary = ""
 )
 
 # Generates a network target Mayhemfile
-mayhem(
-    name = "lighttpd",
-    run = False,
-    version = "2.0",
+mayhemfile(
+    name = "lighttpd_mayhemfile",
     project = "bazel-rules",
     target = "lighttpd",
-    command = "/usr/local/sbin/lighttpd -D -f /usr/local/etc/lighttpd.conf",
+    cmd = "/usr/local/sbin/lighttpd -D -f /usr/local/etc/lighttpd.conf",
     image = "forallsecure/lighttpd:vulnerable",
-    network = [
-      "url: tcp://localhost:80",
-      "timeout: 2",
-      "client: false"
-    ],
-    tasks = [
-      "exploitability_factors",
-      "regression_testing",
-      "behavior_testing",
-      "coverage_analysis"
-    ],
+    network_url = "tcp://localhost:80",
+    network_timeout = "2",
+    network_client = "false",
     duration = "120"
 )
 
+cc_binary(
+    name = "mayhemit",
+    srcs = ["mayhemit.c"],
+)
+
+# `mayhem_package` automatically generates a Mayhemfile; a separate mayhemfile rule is not needed
+mayhem_package(
+    name = "package_mayhemit",
+    binary = ":mayhemit",
+)
+
+mayhem_run(
+    name = "run_factor",
+    target_path = ".",
+    mayhemfile = ":factor_mayhemfile",
+)
+
+mayhem_run(
+    name = "run_base64",
+    target_path = ".",
+    mayhemfile = ":base64_mayhemfile",
+)
+
+mayhem_run(
+    name = "run_lighttpd",
+    target_path = ".",
+    mayhemfile = ":lighttpd_mayhemfile",
+)
+
+mayhem_run(
+    name = "run_mayhemit",
+    image = "ubuntu:latest",
+    target_path = ":package_mayhemit"
+)
+
+
 sh_test(
     name = "validate_factor",
     srcs = ["//tests:mayhem_validator.sh"],
     args = [
         "$(location //:yq)",
-        "$(location //:mayhem)",
-        "$(location :factor.mayhemfile)"
+        "$(location :factor_mayhemfile)"
     ],
     data = [
         "//:yq",
-        "//:mayhem",
-        ":factor.mayhemfile"
+        ":factor_mayhemfile"
     ],
 )
 
@@ -86,13 +98,11 @@ sh_test(
     srcs = ["//tests:mayhem_validator.sh"],
     args = [
         "$(location //:yq)",
-        "$(location //:mayhem)",
-        "$(location :base64.mayhemfile)"
+        "$(location :base64_mayhemfile)"
     ],
     data = [
         "//:yq",
-        "//:mayhem",
-        ":base64.mayhemfile"
+        ":base64_mayhemfile"
     ],
 )
 
@@ -101,12 +111,23 @@ sh_test(
     srcs = ["//tests:mayhem_validator.sh"],
     args = [
         "$(location //:yq)",
-        "$(location //:mayhem)",
-        "$(location :lighttpd.mayhemfile)"
+        "$(location :lighttpd_mayhemfile)"
     ],
     data = [
         "//:yq",
-        "//:mayhem",
-        ":lighttpd.mayhemfile"
+        ":lighttpd_mayhemfile"
     ],
 )
+
+sh_test(
+    name = "validate_mayhemit",
+    srcs = ["//tests:mayhem_validator.sh"],
+    args = [
+        "$(location //:yq)",
+        "$(location :package_mayhemit)"
+    ],
+    data = [
+        "//:yq",
+        ":package_mayhemit"
+    ],
+)

examples/mayhemit.c

@@ -0,0 +1,37 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+int mayhemit(char *buf)
+{
+  if(strlen(buf) >= 3)
+    if(buf[0] == 'b')
+      if(buf[1] == 'u')
+        if(buf[2] == 'g') {
+          printf("You've got it!");
+          abort();
+        }
+  return 0;
+}
+
+int main(int argc, char *argv[])
+{
+  FILE *f;
+  char buf[12];
+
+  if(argc != 2){
+    fprintf(stderr, "Must supply a text file\n");
+    return -1;
+  }
+  f = fopen(argv[1], "r");
+  if(f == NULL){
+    fprintf(stderr, "Could not open %s\n", argv[1]);
+    return -1;
+  }
+  if(fgets(buf, sizeof(buf), f) == NULL){
+    fprintf(stderr, "Could not read from %s\n", argv[1]);
+    return -1;
+  }
+  mayhemit(buf);
+  return 0;
+}

mayhem/BUILD

@@ -8,5 +8,3 @@ bzl_library(
     name = "mayhem",
     srcs = ["mayhem.bzl"],
 )
-
-exports_files(["mayhemfile.template"])