Merge pull request #193 from aaron-suarez/dockerize-this

Dockerize the repository

.travis.yml

@@ -3,6 +3,8 @@ sudo: true
 language: python
 python:
   - 3.6.5
+services:
+- docker
 install:
 - sudo apt-get -y update
 - sudo apt-get -y install build-essential gcc-multilib cmake python3-pip python3-setuptools libffi-dev python3-nose
@@ -42,4 +44,6 @@ script:
 - if [ $TASK = PRIMES ]; then nosetests3 tests/test_primes.py ; fi
 #- if [ $TASK = STREAMINGANDFORMATTING ]; then nosetests3 tests/test_streamingandformatting.py ; fi
 - if [ $TASK = TAKEOVER ]; then nosetests3 tests/test_takeover.py ; fi
+after_success:
+- bash push/run.sh
 

README.md

@@ -131,6 +131,22 @@ argument to see all DeepState options.
 
 If you want to use DeepState in C/C++ code, you will likely want to run `sudo make install` from the `$DEEPSTATE/build` directory as well.  The examples mentioned below (file system, databases) assume this has already been done.
 
+### Docker
+
+You can also try out Deepstate with Docker, which is the easiest way
+to get all the fuzzers and tools up and running on any system.
+
+```bash
+$ docker build -t deepstate . -f docker/Dockerfile
+$ docker run -it deepstate bash
+user@0f7cccd70f7b:~/deepstate/build/examples$ cd deepstate/build/examples
+user@0f7cccd70f7b:~/deepstate/build/examples$ deepstate-angr ./Runlen
+user@0f7cccd70f7b:~/deepstate/build/examples$ deepstate-eclipser ./Runlen --timeout 30
+user@0f7cccd70f7b:~/deepstate/build/examples$ ./Runlen_LF -max_total_time=30
+user@0f7cccd70f7b:~/deepstate/build/examples$ mkdir foo; echo foo > foo/foo
+user@0f7cccd70f7b:~/deepstate/build/examples$ afl-fuzz -i foo -o afl_Runlen -- ./Runlen_AFL --input_test_file @@ --no_fork --abort_on_fail
+```
+
 ## Usage
 
 DeepState consists of a static library, used to write test harnesses,
@@ -486,7 +502,7 @@ with some of the advantages of symbolic execution, but with more scalability.  D
 
 After that, you can use Eclipser like this:
 
-`deepstate-eclisper <binary> --timeout <how long to test> --output_test_dir <where to put generated tests>`
+`deepstate-eclipser <binary> --timeout <how long to test> --output_test_dir <where to put generated tests>`
 
 In our experience, Eclipser is quite effective, often better than
 libFuzzer and sometimes better than AFL, despite having a much slower

bin/setup.py.in

@@ -30,7 +30,7 @@ setuptools.setup(
     author_email="peter@trailofbits.com",
     license="Apache-2.0",
     keywords="tdd testing symbolic execution",
-    install_requires=[], #'claripy==7.8.6.16','angr==7.8.7.1', 'manticore'],
+    install_requires=['angr', 'manticore'],
     entry_points={
         'console_scripts': [
             'deepstate = deepstate.main_manticore:main',

docker/.dockerignore

@@ -0,0 +1,11 @@
+.dockerignore
+Dockerfile
+__pycache__
+*.pyc
+*.pyo
+*.pyd
+.Python
+pip-log.txt
+pip-delete-this-directory.txt
+*.log
+.git

docker/Dockerfile

@@ -0,0 +1,82 @@
+FROM ubuntu:18.04
+
+# Set up the non-root user
+RUN apt-get update \
+    &&  apt-get -y install sudo \
+    && useradd -ms /bin/bash user && echo "user:user" | chpasswd && adduser user sudo
+
+ADD /docker/sudoers.txt /etc/sudoers
+
+ENV ECLIPSER_HOME /home/user/Eclipser
+
+WORKDIR /home/user
+
+COPY . /home/user/deepstate
+
+# Eclipser requires deb-src entries
+RUN echo 'deb-src http://archive.ubuntu.com/ubuntu/ bionic main restricted \n\
+deb-src http://archive.ubuntu.com/ubuntu/ bionic-updates main restricted \n\
+deb-src http://archive.ubuntu.com/ubuntu/ bionic universe \n\
+deb-src http://archive.ubuntu.com/ubuntu/ bionic-updates universe \n\
+deb-src http://archive.ubuntu.com/ubuntu/ bionic multiverse \n\
+deb-src http://archive.ubuntu.com/ubuntu/ bionic-updates multiverse \n\
+deb-src http://archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse \n\
+deb-src http://archive.canonical.com/ubuntu bionic partner \n\
+deb-src http://security.ubuntu.com/ubuntu/ bionic-security main restricted \n\
+deb-src http://security.ubuntu.com/ubuntu/ bionic-security universe \n\
+deb-src http://security.ubuntu.com/ubuntu/ bionic-security multiverse' >> /etc/apt/sources.list
+
+# Install Eclipser dependencies
+RUN apt-get update \
+    && apt-get -y build-dep qemu \
+    && apt-get install -y libtool \
+    libtool-bin wget automake autoconf \
+    bison gdb git \
+    && wget -q https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb \
+    && dpkg -i packages-microsoft-prod.deb \
+    && apt-get install -y apt-transport-https \
+    && apt-get update \
+    && apt-get install -y dotnet-sdk-2.2
+
+# Install DeepState/AFL/libFuzzer dependencies
+RUN apt-get update \
+    && apt-get install -y build-essential \
+    && apt-get install -y clang \
+    gcc-multilib g++-multilib cmake \
+    python3-setuptools libffi-dev z3 python3-pip \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN chown -R user:user /home/user
+
+USER user
+
+# Install AFL
+RUN wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz \
+    && tar -xzvf afl-latest.tgz \
+    && cd afl-2.52b/ \
+    && make \
+    && sudo make install
+
+# Install Eclipser
+RUN git clone https://github.com/SoftSec-KAIST/Eclipser \
+    && cd Eclipser \
+    && make \
+    && cd ../
+
+# Install DeepState using a few different compilers for AFL/libFuzzer/Eclipser+normal
+RUN cd deepstate \
+    && mkdir build \
+    && cd build \
+    && CXX=clang++ CC=clang BUILD_LIBFUZZER=TRUE cmake ../ \
+    && sudo make install \
+    && rm -rf CMakeFiles CMakeCache.txt \
+    && CXX=afl-clang++ CC=afl-clang BUILD_AFL=TRUE cmake ../ \
+    && sudo make install \
+    && rm -rf CMakeFiles CMakeCache.txt \
+    && cmake ../ \
+    && sudo make install \
+    && cd .. \
+    && sudo pip3 install 'z3-solver==4.5.1.0.post2' angr 'manticore==0.2.5' \
+    && sudo python3 ./build/setup.py install
+
+CMD ["/bin/bash"]

docker/sudoers.txt

@@ -0,0 +1,4 @@
+root ALL=(ALL) ALL
+user ALL=(ALL) NOPASSWD: ALL
+Defaults    env_reset
+Defaults    secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

push/build_image

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+set -eu
+
+IMAGE_NAME="deepstate"
+echo "IMAGE_NAME $IMAGE_NAME"
+
+echo "Building Docker image..."
+docker build -t $IMAGE_NAME -f docker/Dockerfile . || exit $?

push/publish

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+# Publishes the most recent web container to docker hubs repo.
+# This script assumes docker push works.
+# You must set up docker push on your own.
+
+set -eu
+
+
+DOCKER_REPO="trailofbits/deepstate"
+IMAGE_NAME="deepstate"
+echo "IMAGE_NAME $IMAGE_NAME"
+
+IMAGE_ID=$(docker images $IMAGE_NAME:latest --format "{{.ID}}")
+
+if [ -n "$DOCKER_USERNAME" ]; then echo "Found username"; fi
+if [ -n "$DOCKER_PASSWORD" ]; then echo "Found password"; fi
+
+if [ -n "$DOCKER_USERNAME" ] && [ -n "$DOCKER_PASSWORD" ]; then
+  echo "Logging in using ENV creds"
+  docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD"
+fi
+
+echo "Pushing image $IMAGE_NAME:$TRAVIS_BRANCH"
+docker tag $IMAGE_ID $DOCKER_REPO
+docker tag $IMAGE_ID ${DOCKER_REPO}:${TRAVIS_BUILD_NUMBER}
+docker push $DOCKER_REPO
+docker push ${DOCKER_REPO}:${TRAVIS_BUILD_NUMBER}

push/run.sh

@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+
+set -eu
+
+IMAGE_NAME="deepstate"
+DEPLOY_BRANCHES="master"
+
+# Only process first job in matrix (TRAVIS_JOB_NUMBER ends with ".1")
+if [[ ! $TRAVIS_JOB_NUMBER =~ \.1$ ]]; then
+  echo "Skipping deploy since it's not the first job in matrix"
+  exit 0
+fi
+
+# Don't process pull requests
+# $TRAVIS_PULL_REQUEST will be the PR number or "false" if not a PR
+if [[ -n "$TRAVIS_PULL_REQUEST" ]] && [[ "$TRAVIS_PULL_REQUEST" != "false" ]]; then
+  echo "Skipping deploy because it's a pull request"
+  exit 0
+fi
+
+# Only process branches listed in DEPLOY_BRANCHES
+BRANCHES_TO_DEPLOY=($DEPLOY_BRANCHES)
+if [[ ! " ${BRANCHES_TO_DEPLOY} " =~ " ${TRAVIS_BRANCH} " ]]; then
+  # whatever you want to do when arr contains value
+  echo "Branches to deploy: ${DEPLOY_BRANCHES}"
+  echo "Travis Branch: ${TRAVIS_BRANCH}"
+
+  echo "Skipping deploy, not a branch to be deployed"
+  exit 0
+fi
+
+if [ $? = 0 ]; then
+
+  # Get absolute path of dir where run.sh is located
+  SOURCE="${BASH_SOURCE[0]}"
+  while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
+    DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+    SOURCE="$(readlink "$SOURCE")"
+    [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
+  done
+  export SCRIPTDIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+
+  bash ${SCRIPTDIR}/build_image &&
+  bash ${SCRIPTDIR}/publish
+
+fi