DeforaNetworks/deepstate
3
0
Fork 0
Code Releases Activity

Merge pull request #193 from aaron-suarez/dockerize-this

Browse Source 
Dockerize the repository
This commit is contained in:
Alex Groce 2019-05-30 12:16:09 -07:00 committed by GitHub
commit d525674d8a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 206 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.travis.yml
View File

@ -3,6 +3,8 @@ sudo: true
language: python language: python
python: python:
- 3.6.5 - 3.6.5
services:
- docker
install: install:
- sudo apt-get -y update - sudo apt-get -y update
- sudo apt-get -y install build-essential gcc-multilib cmake python3-pip python3-setuptools libffi-dev python3-nose - sudo apt-get -y install build-essential gcc-multilib cmake python3-pip python3-setuptools libffi-dev python3-nose
@ -42,4 +44,6 @@ script:
- if [ $TASK = PRIMES ]; then nosetests3 tests/test_primes.py ; fi - if [ $TASK = PRIMES ]; then nosetests3 tests/test_primes.py ; fi
#- if [ $TASK = STREAMINGANDFORMATTING ]; then nosetests3 tests/test_streamingandformatting.py ; fi #- if [ $TASK = STREAMINGANDFORMATTING ]; then nosetests3 tests/test_streamingandformatting.py ; fi
- if [ $TASK = TAKEOVER ]; then nosetests3 tests/test_takeover.py ; fi - if [ $TASK = TAKEOVER ]; then nosetests3 tests/test_takeover.py ; fi
after_success:
- bash push/run.sh

18
README.md
View File

@ -131,6 +131,22 @@ argument to see all DeepState options.
If you want to use DeepState in C/C++ code, you will likely want to run `sudo make install` from the `$DEEPSTATE/build` directory as well. The examples mentioned below (file system, databases) assume this has already been done. If you want to use DeepState in C/C++ code, you will likely want to run `sudo make install` from the `$DEEPSTATE/build` directory as well. The examples mentioned below (file system, databases) assume this has already been done.
### Docker
You can also try out Deepstate with Docker, which is the easiest way
to get all the fuzzers and tools up and running on any system.
```bash
$ docker build -t deepstate . -f docker/Dockerfile
$ docker run -it deepstate bash
user@0f7cccd70f7b:~/deepstate/build/examples$ cd deepstate/build/examples
user@0f7cccd70f7b:~/deepstate/build/examples$ deepstate-angr ./Runlen
user@0f7cccd70f7b:~/deepstate/build/examples$ deepstate-eclipser ./Runlen --timeout 30
user@0f7cccd70f7b:~/deepstate/build/examples$ ./Runlen_LF -max_total_time=30
user@0f7cccd70f7b:~/deepstate/build/examples$ mkdir foo; echo foo > foo/foo
user@0f7cccd70f7b:~/deepstate/build/examples$ afl-fuzz -i foo -o afl_Runlen -- ./Runlen_AFL --input_test_file @@ --no_fork --abort_on_fail
```
## Usage ## Usage
DeepState consists of a static library, used to write test harnesses, DeepState consists of a static library, used to write test harnesses,
@ -486,7 +502,7 @@ with some of the advantages of symbolic execution, but with more scalability. D
After that, you can use Eclipser like this: After that, you can use Eclipser like this:
`deepstate-eclisper <binary> --timeout <how long to test> --output_test_dir <where to put generated tests>` `deepstate-eclipser <binary> --timeout <how long to test> --output_test_dir <where to put generated tests>`
In our experience, Eclipser is quite effective, often better than In our experience, Eclipser is quite effective, often better than
libFuzzer and sometimes better than AFL, despite having a much slower libFuzzer and sometimes better than AFL, despite having a much slower

2
bin/setup.py.in
View File

@ -30,7 +30,7 @@ setuptools.setup(
author_email="peter@trailofbits.com", author_email="peter@trailofbits.com",
license="Apache-2.0", license="Apache-2.0",
keywords="tdd testing symbolic execution", keywords="tdd testing symbolic execution",
install_requires=[], #'claripy==7.8.6.16','angr==7.8.7.1', 'manticore'], install_requires=['angr', 'manticore'],
entry_points={ entry_points={
'console_scripts': [ 'console_scripts': [
'deepstate = deepstate.main_manticore:main', 'deepstate = deepstate.main_manticore:main',

11
docker/.dockerignore Normal file
View File

@ -0,0 +1,11 @@
.dockerignore
Dockerfile
__pycache__
*.pyc
*.pyo
*.pyd
.Python
pip-log.txt
pip-delete-this-directory.txt
*.log
.git

82
docker/Dockerfile Normal file
View File

@ -0,0 +1,82 @@
FROM ubuntu:18.04
# Set up the non-root user
RUN apt-get update \
&& apt-get -y install sudo \
&& useradd -ms /bin/bash user && echo "user:user" | chpasswd && adduser user sudo
ADD /docker/sudoers.txt /etc/sudoers
ENV ECLIPSER_HOME /home/user/Eclipser
WORKDIR /home/user
COPY . /home/user/deepstate
# Eclipser requires deb-src entries
RUN echo 'deb-src http://archive.ubuntu.com/ubuntu/ bionic main restricted \n\
deb-src http://archive.ubuntu.com/ubuntu/ bionic-updates main restricted \n\
deb-src http://archive.ubuntu.com/ubuntu/ bionic universe \n\
deb-src http://archive.ubuntu.com/ubuntu/ bionic-updates universe \n\
deb-src http://archive.ubuntu.com/ubuntu/ bionic multiverse \n\
deb-src http://archive.ubuntu.com/ubuntu/ bionic-updates multiverse \n\
deb-src http://archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse \n\
deb-src http://archive.canonical.com/ubuntu bionic partner \n\
deb-src http://security.ubuntu.com/ubuntu/ bionic-security main restricted \n\
deb-src http://security.ubuntu.com/ubuntu/ bionic-security universe \n\
deb-src http://security.ubuntu.com/ubuntu/ bionic-security multiverse' >> /etc/apt/sources.list
# Install Eclipser dependencies
RUN apt-get update \
&& apt-get -y build-dep qemu \
&& apt-get install -y libtool \
libtool-bin wget automake autoconf \
bison gdb git \
&& wget -q https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb \
&& dpkg -i packages-microsoft-prod.deb \
&& apt-get install -y apt-transport-https \
&& apt-get update \
&& apt-get install -y dotnet-sdk-2.2
# Install DeepState/AFL/libFuzzer dependencies
RUN apt-get update \
&& apt-get install -y build-essential \
&& apt-get install -y clang \
gcc-multilib g++-multilib cmake \
python3-setuptools libffi-dev z3 python3-pip \
&& rm -rf /var/lib/apt/lists/*
RUN chown -R user:user /home/user
USER user
# Install AFL
RUN wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz \
&& tar -xzvf afl-latest.tgz \
&& cd afl-2.52b/ \
&& make \
&& sudo make install
# Install Eclipser
RUN git clone https://github.com/SoftSec-KAIST/Eclipser \
&& cd Eclipser \
&& make \
&& cd ../
# Install DeepState using a few different compilers for AFL/libFuzzer/Eclipser+normal
RUN cd deepstate \
&& mkdir build \
&& cd build \
&& CXX=clang++ CC=clang BUILD_LIBFUZZER=TRUE cmake ../ \
&& sudo make install \
&& rm -rf CMakeFiles CMakeCache.txt \
&& CXX=afl-clang++ CC=afl-clang BUILD_AFL=TRUE cmake ../ \
&& sudo make install \
&& rm -rf CMakeFiles CMakeCache.txt \
&& cmake ../ \
&& sudo make install \
&& cd .. \
&& sudo pip3 install 'z3-solver==4.5.1.0.post2' angr 'manticore==0.2.5' \
&& sudo python3 ./build/setup.py install
CMD ["/bin/bash"]

4
docker/sudoers.txt Normal file
View File

@ -0,0 +1,4 @@
root ALL=(ALL) ALL
user ALL=(ALL) NOPASSWD: ALL
Defaults env_reset
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

9
push/build_image Normal file
View File

@ -0,0 +1,9 @@
#!/usr/bin/env bash
set -eu
IMAGE_NAME="deepstate"
echo "IMAGE_NAME $IMAGE_NAME"
echo "Building Docker image..."
docker build -t $IMAGE_NAME -f docker/Dockerfile . || exit $?

28
push/publish Normal file
View File

@ -0,0 +1,28 @@
#!/usr/bin/env bash
# Publishes the most recent web container to docker hubs repo.
# This script assumes docker push works.
# You must set up docker push on your own.
set -eu
DOCKER_REPO="trailofbits/deepstate"
IMAGE_NAME="deepstate"
echo "IMAGE_NAME $IMAGE_NAME"
IMAGE_ID=$(docker images $IMAGE_NAME:latest --format "{{.ID}}")
if [ -n "$DOCKER_USERNAME" ]; then echo "Found username"; fi
if [ -n "$DOCKER_PASSWORD" ]; then echo "Found password"; fi
if [ -n "$DOCKER_USERNAME" ] && [ -n "$DOCKER_PASSWORD" ]; then
echo "Logging in using ENV creds"
docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD"
fi
echo "Pushing image $IMAGE_NAME:$TRAVIS_BRANCH"
docker tag $IMAGE_ID $DOCKER_REPO
docker tag $IMAGE_ID ${DOCKER_REPO}:${TRAVIS_BUILD_NUMBER}
docker push $DOCKER_REPO
docker push ${DOCKER_REPO}:${TRAVIS_BUILD_NUMBER}

46
push/run.sh Normal file
View File

@ -0,0 +1,46 @@
#!/usr/bin/env bash
set -eu
IMAGE_NAME="deepstate"
DEPLOY_BRANCHES="master"
# Only process first job in matrix (TRAVIS_JOB_NUMBER ends with ".1")
if [[ ! $TRAVIS_JOB_NUMBER =~ \.1$ ]]; then
echo "Skipping deploy since it's not the first job in matrix"
exit 0
fi
# Don't process pull requests
# $TRAVIS_PULL_REQUEST will be the PR number or "false" if not a PR
if [[ -n "$TRAVIS_PULL_REQUEST" ]] && [[ "$TRAVIS_PULL_REQUEST" != "false" ]]; then
echo "Skipping deploy because it's a pull request"
exit 0
fi
# Only process branches listed in DEPLOY_BRANCHES
BRANCHES_TO_DEPLOY=($DEPLOY_BRANCHES)
if [[ ! " ${BRANCHES_TO_DEPLOY} " =~ " ${TRAVIS_BRANCH} " ]]; then
# whatever you want to do when arr contains value
echo "Branches to deploy: ${DEPLOY_BRANCHES}"
echo "Travis Branch: ${TRAVIS_BRANCH}"
echo "Skipping deploy, not a branch to be deployed"
exit 0
fi
if [ $? = 0 ]; then
# Get absolute path of dir where run.sh is located
SOURCE="${BASH_SOURCE[0]}"
while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
SOURCE="$(readlink "$SOURCE")"
[[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
done
export SCRIPTDIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
bash ${SCRIPTDIR}/build_image &&
bash ${SCRIPTDIR}/publish
fi