diff options
author | 2020-03-27 08:33:24 +0100 | |
---|---|---|
committer | 2020-03-27 00:33:24 -0700 | |
commit | 522e7dc73469878ad74983da8196662bc3396cc8 (patch) | |
tree | 78b8096cef738b0ed5ce0891c2c8245fe0a98265 | |
parent | c5b149af2899bd5a654b46e0c424ca217b2d1c48 (diff) |
[suricata] Adds project suricata (#2533)
* Adds project suricata
* Updates lz4 to latest version
* remove sanitizers section -- harmless change to trigger Travis
* add language attribute
Co-authored-by: Max Moroz <mmoroz@chromium.org>
-rw-r--r-- | projects/suricata/Dockerfile | 34 | ||||
-rwxr-xr-x | projects/suricata/build.sh | 82 | ||||
-rw-r--r-- | projects/suricata/project.yaml | 5 |
3 files changed, 121 insertions, 0 deletions
diff --git a/projects/suricata/Dockerfile b/projects/suricata/Dockerfile new file mode 100644 index 00000000..1c85c341 --- /dev/null +++ b/projects/suricata/Dockerfile @@ -0,0 +1,34 @@ +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +RUN apt-get update && apt-get install -y build-essential autoconf automake libtool make pkg-config rustc cargo python flex bison zlib1g-dev libpcre3-dev + +#TODO libmagic, liblzma, pcre and other optional libraries +ADD https://www.tcpdump.org/release/libpcap-1.9.1.tar.gz libpcap-1.9.1.tar.gz +ADD http://www.digip.org/jansson/releases/jansson-2.12.tar.gz jansson-2.12.tar.gz +RUN git clone --depth=1 https://github.com/yaml/libyaml +ADD https://github.com/lz4/lz4/archive/v1.9.2.tar.gz lz4-1.9.2.tar.gz + +ADD https://rules.emergingthreats.net/open/suricata/emerging.rules.zip emerging.rules.zip + +RUN cargo install --force cbindgen + +RUN git clone --depth 1 https://github.com/OISF/suricata.git suricata +RUN git clone --depth 1 https://github.com/OISF/libhtp.git suricata/libhtp +RUN git clone --depth 1 https://github.com/OISF/suricata-verify suricata-verify +WORKDIR $SRC +COPY build.sh $SRC/ diff --git a/projects/suricata/build.sh b/projects/suricata/build.sh new file mode 100755 index 00000000..d2ebfc57 --- /dev/null +++ b/projects/suricata/build.sh @@ -0,0 +1,82 @@ +#!/bin/bash -eu +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# build dependencies statically +tar -xvzf lz4-1.9.2.tar.gz +cd lz4-1.9.2 +make liblz4.a +cp lib/liblz4.a /usr/local/lib/ +cp lib/lz4*.h /usr/local/include/ +cd .. + +tar -xvzf jansson-2.12.tar.gz +cd jansson-2.12 +./configure --disable-shared +make -j$(nproc) +make install +cd .. + +tar -xvzf libpcap-1.9.1.tar.gz +cd libpcap-1.9.1 +./configure --disable-shared +make -j$(nproc) +make install +cd .. + +cd libyaml +./bootstrap +./configure --disable-shared +make -j$(nproc) +make install +cd .. + + +# build project +cd suricata +export PATH=$PATH:/root/.cargo/bin +sh autogen.sh +./configure --disable-shared --enable-fuzztargets +make + +cp src/fuzz_* $OUT/ + +# build corpuses +# default configuration file +zip -r $OUT/fuzz_confyamlloadstring_seed_corpus.zip suricata.yaml +# rebuilds rules corpus with only one rule by file +unzip ../emerging.rules.zip +cd rules +i=0 +mkdir corpus +# quiet output for commands +set +x +cat *.rules | while read l; do echo $l > corpus/$i.rule; i=$((i+1)); done +set -x +zip -q -r $OUT/fuzz_siginit_seed_corpus.zip corpus +cd ../../suricata-verify + +# corpus with pcap files +find . -name "*.pcap" | xargs zip -r $OUT/fuzz_decodepcapfile_seed_corpus.zip + +# corpus using both rule and pcap as in suricata-verify +cd tests +i=0 +mkdir corpus +ls | grep -v corpus | while read t; do +cat $t/*.rules > corpus/$i || true; echo -ne '\0' >> corpus/$i; cat $t/*.pcap >> corpus/$i || true; i=$((i+1)); +done +zip -q -r $OUT/fuzz_sigyamlpcap_seed_corpus.zip corpus diff --git a/projects/suricata/project.yaml b/projects/suricata/project.yaml new file mode 100644 index 00000000..b559ee65 --- /dev/null +++ b/projects/suricata/project.yaml @@ -0,0 +1,5 @@ +homepage: "https://suricata-ids.org" +language: c++ +primary_contact: "vjulien@oisf.net" +auto_ccs: +- "p.antoine@catenacyber.fr" |