Scripts/fuzzmon.sh at master · yami/Scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
#!/bin/bash

#
# This script tries to monitor Wireshark fuzz testing, when it finds there's a failure,
#   - moves the problematic capture file to a tmp directory, and
#   - restart fuzz testing
# It supports several fuzz testing suite so that multiple fuzz testing can run simutaneously.
#

PROGRAM_NAME=`basename $0`

test_dir="/home/yami/test"
tmp_dir="/home/yami/tmp"
bin_dir="/home/yami/project/wsclean/wireshark/tools"

FUZZ_MAX=1
FUZZ_TEST_SH=("$bin_dir/fuzz-test.sh")
FUZZ_SUITE=(all)
FUZZ_CAPDIR=("$test_dir/all")
FUZZ_TMPDIR=("$tmp_dir/all")

# in seconds
FUZZ_CHECK_INTERVAL=30

function fuzz_log () {
    echo "[`date`] $*"
}

function get_fuzzcap () {
    local logfile=$1

    local capfile=`grep "Output file: " $logfile | awk -F ':' '{print $2;}'`

    if [ -z "$capfile" ]; then
        echo "ERROR: $logfile has not fuzzed capture file!"
        exit 2
    fi

    echo "$capfile"
}

function get_origcap () {
    local logfile=$1
    local origcap=`grep "Original file: " $logfile | awk -F ':' '{print $2;}'`

    if [ -z "$origcap" ]; then
        echo "ERROR: $logfile has not original capture file!"
        exit 2
    fi
    echo "$origcap"
}

function fuzz_index () {
    local fuzz="$1"
    local idx="0"

    for f in "${FUZZ_SUITE[@]}"; do
        if [ "$f" == "fuzz" ]; then
            echo "$idx"
            return 0
        fi

        (( idx++ ))
    done

    return 1
}

function start_fuzz () {
    local i=$1

    touch ${FUZZ_SUITE[$i]}.log
    ${FUZZ_TEST_SH[$i]} -d ${FUZZ_TMPDIR[$i]} -c ${FUZZ_CAPDIR[$i]} >& ${FUZZ_SUITE[$i]}.log &
}

function start_all () {
    for ((i=0; i<FUZZ_MAX; i++)); do
        fuzz_log "start fuzz: ${FUZZ_SUITE[$i]}"
        start_fuzz $i
    done
}

function restart_fuzz () {
    local fuzz="$1"
    local i=`fuzz_index "$fuzz"`

    local gout=`ps aux | grep -v "grep" | grep "${FUZZ_TEST_SH[$i]}.*${fuzz}"`

    if [ -z "$gout" ]; then
        start_fuzz $i
    fi
}

# main #

fuzz_log "start main"
start_all

while true; do
    sleep $FUZZ_CHECK_INTERVAL
    for fuzz in "${FUZZ_SUITE[@]}"; do
        if grep "^Processing failed\.  Capture info follows" ${fuzz}.log; then
            fuzz_log "bug found: $fuzz"
            stamp=`date +%Y_%m_%d_%H_%M_%S`
            idx=`fuzz_index ${fuzz}`
            tmp="${FUZZ_TMPDIR[$idx]}"
            cp -p ${fuzz}.log $tmp/${fuzz}.log."$stamp"
            mv `get_origcap "${fuzz}.log"` $tmp/
            restart_fuzz "$fuzz"
        fi
    done
done