suricata
fuzz_siginit.c
Go to the documentation of this file.
1 /**
2  * @file
3  * @author Philippe Antoine <contact@catenacyber.fr>
4  * fuzz target for SigInit
5  */
6 
7 
8 #include "suricata-common.h"
9 #include "util-reference-config.h"
10 #include "util-classification-config.h"
11 #include "detect-engine.h"
12 #include "detect-parse.h"
13 #include "app-layer.h"
14 #include "nallocinc.c"
15 #include "detect-engine-analyzer.h"
16 #include "detect-engine-build.h"
17 #include "util-conf.h"
18 #include "conf-yaml-loader.h"
19 
20 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
21 
22 DetectEngineCtx *de_ctx = NULL;
23 static int initialized = 0;
24 SC_ATOMIC_EXTERN(unsigned int, engine_stage);
25 bool fp_engine_analysis_set;
26 extern bool rule_engine_analysis_set;
27 extern const char *configNoChecksum;
28 SCInstance surifuzz;
29 
30 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
31 {
32  if (initialized == 0) {
33  // Redirects logs to /dev/null
34  setenv("SC_LOG_OP_IFACE", "file", 0);
35  setenv("SC_LOG_FILE", "/dev/null", 0);
36 
37  InitGlobal();
38  rule_engine_analysis_set = true;
39  GlobalsInitPreConfig();
40  SCRunmodeSet(RUNMODE_ENGINE_ANALYSIS);
41  ConfigSetLogDirectory("/tmp/");
42  // disables checksums validation for fuzzing
43  if (SCConfYamlLoadString(configNoChecksum, strlen(configNoChecksum)) != 0) {
44  abort();
45  }
46  SCConfSetFinal("engine-analysis.rules", "true");
47  surifuzz.sig_file_exclusive = 1;
48  // loads rules after init
49  surifuzz.delayed_detect = 1;
50  PostConfLoadedSetup(&surifuzz);
51  PostConfLoadedDetectSetup(&surifuzz);
52 
53  nalloc_init(NULL);
54  nalloc_restrict_file_prefix(3);
55  SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME);
56  initialized = 1;
57  }
58  if (de_ctx == NULL) {
59  de_ctx = DetectEngineCtxInit();
60  BUG_ON(de_ctx == NULL);
61  de_ctx->rule_file = (char *)"fuzzer";
62  SetupEngineAnalysis(de_ctx, &fp_engine_analysis_set, &rule_engine_analysis_set);
63  }
64 
65  char * buffer = malloc(size+1);
66  if (buffer) {
67  memcpy(buffer, data, size);
68  //null terminate string
69  buffer[size] = 0;
70  nalloc_start(data, size);
71  Signature *sig = DetectEngineAppendSig(de_ctx, buffer);
72  if (sig) {
73  SigGroupBuild(de_ctx);
74  }
75  CleanupEngineAnalysis(de_ctx);
76  DetectEngineCtxFree(de_ctx);
77  nalloc_end();
78  de_ctx = NULL;
79  free(buffer);
80  }
81 
82  return 0;
83 }
RUNMODE_ENGINE_ANALYSIS
@ RUNMODE_ENGINE_ANALYSIS
Definition: runmodes.h:58
SCConfYamlLoadString
int SCConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
Definition: conf-yaml-loader.c:536
detect-engine.h
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:386
SetupEngineAnalysis
void SetupEngineAnalysis(DetectEngineCtx *de_ctx, bool *fp_analysis, bool *rule_analysis)
Definition: detect-engine-analyzer.c:477
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:973
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition: detect-engine.c:2715
GlobalsInitPreConfig
void GlobalsInitPreConfig(void)
Definition: suricata.c:404
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition: detect-parse.c:3580
nallocinc.c
SCRunmodeSet
void SCRunmodeSet(SCRunMode run_mode)
Set the current run mode.
Definition: suricata.c:306
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:22
util-reference-config.h
SCInstance_::delayed_detect
int delayed_detect
Definition: suricata.h:166
SC_ATOMIC_EXTERN
SC_ATOMIC_EXTERN(unsigned int, engine_stage)
PostConfLoadedSetup
int PostConfLoadedSetup(SCInstance *suri)
Definition: suricata.c:2805
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:325
PostConfLoadedDetectSetup
void PostConfLoadedDetectSetup(SCInstance *suri)
Definition: suricata.c:2700
detect-engine-build.h
conf-yaml-loader.h
fp_engine_analysis_set
bool fp_engine_analysis_set
Definition: fuzz_siginit.c:25
setenv
void setenv(const char *name, const char *value, int overwrite)
SigGroupBuild
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Definition: detect-engine-build.c:2286
SCConfSetFinal
int SCConfSetFinal(const char *name, const char *val)
Set a final configuration value.
Definition: conf.c:319
detect-engine-analyzer.h
nalloc_init
#define nalloc_init(x)
Definition: nallocinc.c:49
util-conf.h
DetectEngineCtx_::rule_file
const char * rule_file
Definition: detect.h:1071
suricata-common.h
nalloc_start
#define nalloc_start(x, y)
Definition: nallocinc.c:51
CleanupEngineAnalysis
void CleanupEngineAnalysis(DetectEngineCtx *de_ctx)
Definition: detect-engine-analyzer.c:513
util-classification-config.h
nalloc_end
#define nalloc_end()
Definition: nallocinc.c:52
ConfigSetLogDirectory
TmEcode ConfigSetLogDirectory(const char *name)
Definition: util-conf.c:33
LLVMFuzzerTestOneInput
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
Definition: fuzz_siginit.c:30
detect-parse.h
Signature_
Signature container.
Definition: detect.h:675
rule_engine_analysis_set
bool rule_engine_analysis_set
Definition: detect-engine-loader.c:58
SURICATA_RUNTIME
@ SURICATA_RUNTIME
Definition: suricata.h:101
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2676
nalloc_restrict_file_prefix
#define nalloc_restrict_file_prefix(x)
Definition: nallocinc.c:50
SCInstance_
Definition: suricata.h:134
InitGlobal
int InitGlobal(void)
Global initialization common to all runmodes.
Definition: suricata.c:3054
surifuzz
SCInstance surifuzz
Definition: fuzz_siginit.c:28
SCInstance_::sig_file_exclusive
bool sig_file_exclusive
Definition: suricata.h:140
configNoChecksum
const char * configNoChecksum
Definition: confyaml.c:1
app-layer.h