[suricata] Adds project suricata (#2533)

* Adds project suricata

* Updates lz4 to latest version

* remove sanitizers section -- harmless change to trigger Travis

* add language attribute

Co-authored-by: Max Moroz <mmoroz@chromium.org>

3 files changed, 121 insertions, 0 deletions

diff --git a/projects/suricata/Dockerfile b/projects/suricata/Dockerfile
new file mode 100644
index 00000000..1c85c341
--- /dev/null
+++ b/projects/suricata/Dockerfile
@@ -0,0 +1,34 @@
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y build-essential autoconf automake libtool make pkg-config rustc cargo python flex bison zlib1g-dev libpcre3-dev
+
+#TODO libmagic, liblzma, pcre and other optional libraries
+ADD https://www.tcpdump.org/release/libpcap-1.9.1.tar.gz libpcap-1.9.1.tar.gz
+ADD http://www.digip.org/jansson/releases/jansson-2.12.tar.gz jansson-2.12.tar.gz
+RUN git clone --depth=1 https://github.com/yaml/libyaml
+ADD https://github.com/lz4/lz4/archive/v1.9.2.tar.gz lz4-1.9.2.tar.gz
+
+ADD https://rules.emergingthreats.net/open/suricata/emerging.rules.zip emerging.rules.zip
+
+RUN cargo install --force cbindgen
+
+RUN git clone --depth 1 https://github.com/OISF/suricata.git suricata
+RUN git clone --depth 1 https://github.com/OISF/libhtp.git suricata/libhtp
+RUN git clone --depth 1 https://github.com/OISF/suricata-verify suricata-verify
+WORKDIR $SRC
+COPY build.sh $SRC/
diff --git a/projects/suricata/build.sh b/projects/suricata/build.sh
new file mode 100755
index 00000000..d2ebfc57
--- /dev/null
+++ b/projects/suricata/build.sh
@@ -0,0 +1,82 @@
+#!/bin/bash -eu
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# build dependencies statically
+tar -xvzf lz4-1.9.2.tar.gz
+cd lz4-1.9.2
+make liblz4.a
+cp lib/liblz4.a /usr/local/lib/
+cp lib/lz4*.h /usr/local/include/
+cd ..
+
+tar -xvzf jansson-2.12.tar.gz
+cd jansson-2.12
+./configure --disable-shared
+make -j$(nproc)
+make install
+cd ..
+
+tar -xvzf libpcap-1.9.1.tar.gz
+cd libpcap-1.9.1
+./configure --disable-shared
+make -j$(nproc)
+make install
+cd ..
+
+cd libyaml
+./bootstrap
+./configure --disable-shared
+make -j$(nproc)
+make install
+cd ..
+
+
+# build project
+cd suricata
+export PATH=$PATH:/root/.cargo/bin
+sh autogen.sh
+./configure --disable-shared --enable-fuzztargets
+make
+
+cp src/fuzz_* $OUT/
+
+# build corpuses
+# default configuration file
+zip -r $OUT/fuzz_confyamlloadstring_seed_corpus.zip suricata.yaml
+# rebuilds rules corpus with only one rule by file
+unzip ../emerging.rules.zip
+cd rules
+i=0
+mkdir corpus
+# quiet output for commands
+set +x
+cat *.rules | while read l; do echo $l > corpus/$i.rule; i=$((i+1)); done
+set -x
+zip -q -r $OUT/fuzz_siginit_seed_corpus.zip corpus
+cd ../../suricata-verify
+
+# corpus with pcap files
+find . -name "*.pcap" | xargs zip -r $OUT/fuzz_decodepcapfile_seed_corpus.zip
+
+# corpus using both rule and pcap as in suricata-verify
+cd tests
+i=0
+mkdir corpus
+ls | grep -v corpus | while read t; do
+cat $t/*.rules > corpus/$i || true; echo -ne '\0' >> corpus/$i; cat $t/*.pcap >> corpus/$i || true; i=$((i+1));
+done
+zip -q -r $OUT/fuzz_sigyamlpcap_seed_corpus.zip corpus
diff --git a/projects/suricata/project.yaml b/projects/suricata/project.yaml
new file mode 100644
index 00000000..b559ee65
--- /dev/null
+++ b/projects/suricata/project.yaml
@@ -0,0 +1,5 @@
+homepage: "https://suricata-ids.org"
+language: c++
+primary_contact: "vjulien@oisf.net"
+auto_ccs:
+- "p.antoine@catenacyber.fr"