-
Notifications
You must be signed in to change notification settings - Fork 60
/
Copy pathutils.py
603 lines (500 loc) · 21.2 KB
/
utils.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
# Copyright 2021 Fuzz Introspector Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
""" Utility functions """
import cxxfilt
import rust_demangler
import logging
import json
import os
import re
import shutil
import yaml
import pathlib
from bs4 import BeautifulSoup
from typing import Any, Optional
from fuzz_introspector import constants
logger = logging.getLogger(name=__name__)
def longest_common_prefix(strs: list[str]) -> str:
"""
Dummy wrapper function for os.path.commonpath(paths: list[str]) -> str
Keeping for backward compactibility
"""
try:
return os.path.commonpath(strs)
except ValueError:
return '/'
def normalise_str(s1: str) -> str:
return s1.replace('\t', '').replace('\r', '').replace('\n',
'').replace(' ', '')
def safe_decode(data) -> Optional[str]:
"""Safe decode of binary data."""
try:
return data.decode()
except Exception:
pass
try:
return data.decode('unicode-escape')
except Exception:
pass
return None
def get_all_files_in_tree_with_regex(basedir: str,
regex_str: str) -> list[str]:
"""
Returns a list of paths such that each path is to a file with
the provided suffix. Walks the entire tree of basedir.
"""
r = re.compile(regex_str)
data_files = []
for root, _, files in os.walk(basedir):
for f in files:
if r.match(f):
data_files.append(os.path.join(root, f))
return data_files
def data_file_read_yaml(filename: str) -> Optional[dict[Any, Any]]:
"""
Reads a file as a yaml file. This is used to load data
from fuzz-introspectors compiler plugin output.
"""
if filename == '':
return None
if not os.path.isfile(filename):
return None
try:
yaml.SafeLoader = yaml.CSafeLoader # type: ignore[assignment, misc]
logger.info('Set base loader to use CSafeLoader')
except Exception:
logger.info('Could not set CSafeLoader as base loader')
try:
with open(filename, 'r') as stream:
data_dict: dict[Any, Any] = yaml.safe_load(stream)
logger.info('Loaded single yaml module')
return data_dict
except Exception:
# YAML library does not completely wrap exceptions, so unless
# we catch all exceptions here we might end up in a crashing state.
# This likely fails as the LLVM frontend now is putting multiple docs in
# same yaml file. See commit 737ba72.
pass
# Try loading multiple yaml files in the fuzz introspector format
# We need this because we have different formats for each language.
logger.info('Trying to load multiple file formats together.')
try:
with open(filename, 'r') as yaml_f:
data = yaml_f.read()
docs = yaml.safe_load_all(data)
except Exception as e:
# YAML library does not completely wrap exceptions, so unless
# we catch all exceptions here we might end up in a crashing state.
logger.info('Failed loading YAML: %s', str(e))
return None
content = {}
try:
for doc in docs:
if not doc or not isinstance(doc, dict):
return None
if 'Fuzzer filename' in doc and 'Fuzzer filename' not in content:
content['Fuzzer filename'] = doc['Fuzzer filename']
if 'All functions' in doc:
if 'All functions' not in content:
content['All functions'] = doc['All functions']
else:
content['All functions']['Elements'].extend(
doc['All functions']['Elements'])
except Exception as e:
# YAML library does not completely wrap exceptions, so unless
# we catch all exceptions here we might end up in a crashing state.
logger.info('Failed loading YAML: %s', str(e))
return None
if 'Fuzzer filename' not in content:
return None
if 'All functions' not in content:
return None
return content
def demangle_cpp_func(funcname: str) -> str:
try:
demangled: str = cxxfilt.demangle(funcname.replace(' ', ''))
return demangled
except Exception:
return funcname
def demangle_rust_func(funcname: str) -> str:
"""Demangle the mangled rust function names."""
# Ignore all non-mangled rust function names
# All mangled rust function names started with _R
if not funcname.startswith('_R'):
return funcname
try:
demangled: str = rust_demangler.demangle(funcname.replace(' ', ''))
demangled = demangled.replace('<', '').replace('>', '')
return demangled
except Exception:
return funcname
def demangle_jvm_func(package: str, funcname: str) -> str:
"""Add package class name to uniquly identify jvm functons"""
if funcname.startswith('['):
return funcname
return f'[{package}].{funcname}'
def remove_jvm_generics(funcname: str) -> str:
"""Remove generic arguments from the full jvm method name."""
pattern = r'<[\s.,a-zA-Z0-9]+>|\\u003C[\s.,a-zA-Z0-9]+\\u003E'
return re.sub(pattern, '', funcname)
def scan_executables_for_fuzz_introspector_logs(
exec_dir: str) -> list[dict[str, str]]:
"""Finds all executables containing fuzzerLogFile string
Args:
exec_dir: Directory in which to search for executables.
Returns:
A list of dictionaries where each dictionary contains data about
an executable that contains fuzzerLogFile string.
"""
if not os.path.isdir(exec_dir):
return []
# Find all executables
executable_files = []
for f in os.listdir(exec_dir):
full_path = os.path.join(exec_dir, f)
if os.access(full_path, os.X_OK) and os.path.isfile(full_path):
logger.info('File: %s is executable', full_path)
executable_files.append(full_path)
# Filter all executables containing "fuzzerLogFile" string
executable_to_fuzz_reports = []
text_pattern = re.compile('[A-Za-z0-9_-]{10,}')
for executable_path in executable_files:
with open(executable_path, 'rb') as fp:
all_ascii_data = fp.read().decode('ascii', 'ignore')
# Check if file contains fuzzerLogFile string
for re_match in text_pattern.finditer(all_ascii_data):
found_str = re_match.group(0)
if 'fuzzerLogFile' not in found_str:
continue
logger.info('Found match %s', found_str)
executable_to_fuzz_reports.append({
'executable_path': executable_path,
'fuzzer_log_file': found_str
})
# Break when a string is found to avoid scanning the whole binary.
break
return executable_to_fuzz_reports
def approximate_python_coverage_files_list(
src1: str,
possible_targets: list[tuple[str, str]],
resolve_inits=False) -> Optional[str]:
"""Approximate python coverage file list from source."""
# Remove prefixed .....
src1 = src1.lstrip('.')
# Generate list of potential candidates
possible_candidates = []
possible_init_candidates = []
splits = src1.split('.')
curr_str = ''
for s2 in splits:
curr_str = curr_str + s2
possible_candidates.append(curr_str + '.py')
possible_init_candidates.append(curr_str + '/__init__.py')
curr_str = curr_str + '/'
logger.debug('[%s] -- Created init candidates: %s', src1,
str(possible_init_candidates))
# Start from backwards to find te longest possible candidate
for candidate in reversed(possible_candidates):
for fl, src2 in possible_targets:
if src2.endswith(candidate):
# Ensure the entire filename is matched in the event
# of not slashes
if '/' not in candidate and src2.split('/')[-1] != candidate:
continue
logger.debug('Found target: %s', candidate)
return fl
# Will only get to hear if none of the above candidates matched. This
# means the match is either in an __init__.py file or there is no match.
if resolve_inits:
for init_candidate in reversed(possible_init_candidates):
for fl, src2 in possible_targets:
if src2.endswith(init_candidate):
# Ensure the entire filename is matched in the event
# of not slashes
split = src2.split('/')[-1]
if '/' not in init_candidate and split != init_candidate:
continue
logger.debug('Found target: %s', init_candidate)
return fl
logger.debug('Could not find target')
return None
def get_target_coverage_url(coverage_url: str, target_name: str,
target_lang: str) -> str:
"""
This function changes overall coverage URL to per-target coverage URL. Like:
https://storage.googleapis.com/oss-fuzz-coverage/<project>/reports/<report-date>/linux
to
https://storage.googleapis.com/oss-fuzz-coverage/<project>/reports-by-target/<report-date>/<target-name>/linux
"""
logger.info('Extracting coverage for %s -- %s', coverage_url, target_name)
if os.environ.get('FUZZ_INTROSPECTOR'):
if target_lang == 'c-cpp':
return coverage_url.replace('reports',
'reports-by-target').replace(
'/linux', f'/{target_name}/linux')
if target_lang == 'python':
# TODO ADD python coverage link
return coverage_url
if target_lang == 'jvm':
# TODO Add jvm coverage link
return coverage_url
# (TODO) This is temporary for local runs.
return coverage_url
def load_func_names(input_list: list[str],
check_for_blocking: bool = True) -> list[str]:
"""
Takes a list of function names (typically from llvm profile)
and makes sure the output names are demangled.
"""
loaded = []
for reached in input_list:
if (check_for_blocking
and constants.BLOCKLISTED_FUNCTION_NAMES.match(reached)):
continue
loaded.append(demangle_rust_func(demangle_cpp_func(reached)))
return loaded
def resolve_coverage_link(cov_url: str, source_file: str, lineno: int,
function_name: str, target_lang: str) -> str:
"""Resolves link to HTML coverage report for different languages"""
result = '#'
if target_lang in ['c-cpp', 'rust']:
result = source_file + '.html#L' + str(lineno)
elif target_lang == 'python':
# Temporarily for debugging purposes. TODO: David remove this later
# Find the html_status.json file. This is a file generated by the Python
# coverate utility and contains mappings from source to html file. We
# need this mapping in order to create links from the data extracted
# during AST analysis, as there we only have the source code.
html_summaries = get_all_files_in_tree_with_regex(
'.', '.*html_status.json$')
logger.debug(str(html_summaries))
if len(html_summaries) > 0:
html_idx = html_summaries[0]
with open(html_idx, 'r') as jf:
data = json.load(jf)
possible_targets = []
for fl in data['files']:
possible_targets.append(
(fl, data['files'][fl]['index']['relative_filename']))
found_target = approximate_python_coverage_files_list(
function_name, possible_targets, True)
if found_target is not None:
result = found_target + '.html' + '#t' + str(lineno)
else:
logger.info('Could not find any html_status.json file')
elif target_lang == 'jvm':
# Retrieve class name for jvm function
match = re.search(r'\[(.*?)\]\.', function_name)
source_file = match.group(1) if match else source_file
# Handle source class for jvm
if '.' in source_file:
# Source file has package, change package.class to package/class
source_file = os.sep.join(source_file.rsplit('.', 1))
else:
# Source file has no package, add in default package
source_file = os.path.join('default', source_file)
# Handle subclass definition in the same source file
source_file = source_file.split('$')[0]
result = source_file + '.java.html#L' + str(lineno)
elif target_lang == 'go':
# Go coverage report only have a single page with no line index
result = 'index.html'
# Read the single coverage report html for processing
report_html = ''
report_path = os.path.join(os.environ.get('OUT', ''), 'report',
'linux', 'index.html')
if os.path.isfile(report_path):
with open(report_path, 'r') as f:
report_html = f.read()
# Obtain the correct file value for the needed source code file
if report_html:
soup = BeautifulSoup(report_html, 'html.parser')
select_element = soup.find('select', id='files')
for option in select_element.find_all('option'):
key = option['value']
file = option.text.strip().split(' ')[0]
if file.endswith(source_file):
result = f'{result}#{key}'
break
else:
logger.info('Unsupported language for coverage link resolve')
if result != '#':
result = cov_url.rstrip('/') + '/' + result.lstrip('/')
return result
def group_path_list_by_target(
path_list: list[list[Any]]) -> dict[Any, list[Any]]:
"""
Group path list items by path target which is
the last itme of each list.
"""
result_dict: dict[Any, list[Any]] = {}
for item in path_list:
if len(item) == 0:
continue
if item[-1] in result_dict:
item_list = result_dict[item[-1]]
else:
item_list = []
item_list.append(item)
result_dict[item[-1]] = item_list
return result_dict
def check_coverage_link_existence(link: str) -> bool:
link = link.split('#')[0]
if link.startswith('/'):
link = link[1:]
return os.path.exists(link) and os.path.isfile(link)
def _find_all_source_path(extension: str) -> set[str]:
"""Search the $OUT/$SRC directory to find paths of all Java source files."""
# Use set to avoid duplication
source_path_list = set()
# Retrieve $OUT and $SRC from environment variables
out_dir = os.environ.get('OUT', None)
src_dir = os.environ.get('SRC', None)
logger.info('%s/%s', out_dir, src_dir)
if out_dir and src_dir:
# OSS-Fuzz store the source code in $OUT/$SRC directory
path_to_search = os.path.join(out_dir, src_dir)
if os.path.isdir(path_to_search):
# Confirm that the source directory does exist
for root, _, files in os.walk(path_to_search):
if '/.' in root:
# Skipping hidden directory
continue
for file in files:
if file.endswith(extension):
source_path_list.add(os.path.join(root, file))
return source_path_list
def _copy_java_source_files(required_class_list: list[str], out_dir):
"""Copy the needed java source files."""
logger.info('Copying java source files to %s',
constants.SAVED_SOURCE_FOLDER)
count = 0
java_source_path_set = _find_all_source_path('.java')
copied_source_path_list = []
for required_class in set(required_class_list):
# Remove inner class name
required_file = required_class.split('$', 1)[0]
# Transform class name to java source file name
if not required_file.endswith('.java'):
required_file = f'{required_file.replace(".", "/")}.java'
for java_source_path in java_source_path_set:
if java_source_path.endswith(required_file):
# Source file for the target class found. Copy it to the
# SAVED_SOURCE_FOLDER while preserving package directories
# of the target source file.
dst = os.path.join(out_dir, constants.SAVED_SOURCE_FOLDER,
required_file)
if os.path.isfile(dst):
# Skip duplicate files
continue
os.makedirs(os.path.join(out_dir, os.path.dirname(dst)),
exist_ok=True)
shutil.copy(java_source_path, dst)
count += 1
copied_source_path_list.append(required_file)
break
# Store a list of existing source file paths for reference
with open(
os.path.join(out_dir, constants.SAVED_SOURCE_FOLDER, 'index.json'),
'w') as f:
f.write(json.dumps(copied_source_path_list))
logger.info('Copied %d java source files to %s', count,
constants.SAVED_SOURCE_FOLDER)
def _copy_python_source_files(out_dir):
"""Copy the needed python source files."""
logger.info('Copying python source files to %s',
constants.SAVED_SOURCE_FOLDER)
count = 0
python_source_path_set = _find_all_source_path('.py')
os.makedirs(os.path.join(out_dir, constants.SAVED_SOURCE_FOLDER),
exist_ok=True)
copied_source_path_list = []
for python_source_path in python_source_path_set:
filename = os.path.basename(python_source_path)
dst = os.path.join(out_dir, constants.SAVED_SOURCE_FOLDER, filename)
if os.path.isfile(dst):
# Skip duplicate files
continue
shutil.copy(python_source_path, dst)
count += 1
copied_source_path_list.append(filename)
# Store a list of existing source file paths for reference
with open(
os.path.join(out_dir, constants.SAVED_SOURCE_FOLDER, 'index.json'),
'w') as f:
f.write(json.dumps(copied_source_path_list))
logger.info('Copied %d python source files to %s', count,
constants.SAVED_SOURCE_FOLDER)
def copy_source_files(required_class_list: list[str],
language: str,
out_dir: str = ''):
"""Copy the needed source files for different project.
Currently only support Python and Java projects."""
if language == 'jvm':
_copy_java_source_files(required_class_list, out_dir)
elif language == 'python':
_copy_python_source_files(out_dir)
else:
logger.warning('Language: %s not support. Skipping source file copy.',
language)
def locate_rust_fuzz_key(funcname: str, fuzz_map: dict[str,
Any]) -> Optional[str]:
"""Helper method for locating rust fuzz key with missing crate
information."""
while funcname:
match = next((key for key in fuzz_map if key.endswith(funcname)), None)
# Ensure the matched key contains crate information which is
# unique for rust
if match and '::' in match:
return match
if '::' in funcname:
funcname = funcname.split('::', 1)[1]
else:
break
return None
def locate_rust_fuzz_item(funcname: str, item_list: list[str]) -> str:
"""Helper method for locating str item with missing crate information."""
if funcname in item_list:
return funcname
while funcname:
for item in item_list:
if item.endswith(funcname) and '::' in item:
return item
if '::' in funcname:
funcname = funcname.split('::', 1)[1]
else:
break
return ''
def detect_language(directory) -> str:
"""Given a folder finds the likely programming language of the project"""
paths_to_avoid = [
'/src/aflplusplus', '/src/honggfuzz', '/src/libfuzzer', '/src/fuzztest'
]
language_counts: dict[str, int] = {}
for dirpath, _, filenames in os.walk(directory):
if any([x for x in paths_to_avoid if dirpath.startswith(x)]):
continue
for filename in filenames:
# pylint: disable-next=no-member
for language, extensions in constants.LANGUAGE_EXTENSIONS.items():
if pathlib.Path(filename).suffix in extensions:
curr_count = language_counts.get(language, 0)
language_counts[language] = curr_count + 1
max_lang = ''
max_count = -1
for language, count in language_counts.items():
if count >= max_count:
max_count = count
max_lang = language
return max_lang