diff options
| author |  Allen-Webb <35739080+Allen-Webb@users.noreply.github.com> | 2018-07-30 09:04:20 -0700 |
|---|---|---|
| committer |  jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com> | 2018-07-30 09:04:20 -0700 |
| commit | 8f16f85ef302164bafa8dd0c8ee6b99630198802 (patch) | |
| tree | 1dca680fd8fcdd28ddf40b3870595009d3ef1d65 | |
| parent | cecf82749edb6dce4ce22737aa0977e3051b13b9 (diff) | |
[USBGuard] Initial Integration. (#1667)
USBGuard is a project that provides policy enforcement for attached
USB device to protect against malicious on unauthorized USB devices.
This adds initial support for the USBGuard project.
| -rw-r--r-- | projects/usbguard/Dockerfile | 42 | ||||
| -rw-r--r-- | projects/usbguard/build.sh | 83 | ||||
| -rw-r--r-- | projects/usbguard/project.yaml | 8 |
3 files changed, 133 insertions, 0 deletions
diff --git a/projects/usbguard/Dockerfile b/projects/usbguard/Dockerfile new file mode 100644 index 00000000..b3e362c3 --- /dev/null +++ b/projects/usbguard/Dockerfile @@ -0,0 +1,42 @@ +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +MAINTAINER allenwebb@google.com + +RUN apt-get update && apt-get install -y \ + make \ + autoconf \ + automake \ + libtool \ + pkg-config \ + libxml2-utils \ + xsltproc \ + libqb-dev \ + libprotobuf-dev \ + protobuf-compiler \ + libdbus-1-dev \ + libdbus-glib-1-dev \ + libgio2.0-cil-dev \ + libgcrypt20-dev \ + libpolkit-gobject-1-dev \ + libseccomp-dev \ + libcap-ng-dev + +RUN git clone --recurse-submodules --depth 1 \ + https://github.com/USBGuard/usbguard usbguard +WORKDIR usbguard +COPY build.sh $SRC diff --git a/projects/usbguard/build.sh b/projects/usbguard/build.sh new file mode 100644 index 00000000..5c7daf68 --- /dev/null +++ b/projects/usbguard/build.sh @@ -0,0 +1,83 @@ +#!/bin/bash -eu +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +autoreconf -fi + +libqb=`find /usr/lib/ -name libqb.a -print -quit` +protobuf=`find /usr/lib/ -name libprotobuf.a -print -quit` + +qb_LIBS="${libqb}" \ + protobuf_LIBS="-pthread ${protobuf} -pthread -lpthread" \ + ./configure --with-bundled-catch --with-bundled-pegtl \ + --with-crypto-library=gcrypt --disable-shared + +fuzzers="$( cd src/Tests/Fuzzers && find -name 'fuzzer-*.cpp' | + sed 's/^\.\/\(fuzzer-.*\)\.cpp$/\1/g' )" + +make -j`nproc` src/build-config.h libusbguard.la +make -j`nproc` -C src/Tests/Fuzzers ${fuzzers} + +cd src/Tests/Fuzzers +mv ${fuzzers} "$OUT" + +################################################################################ +# Create seed corpora. +################################################################################ + +# General case: +cd "$SRC/usbguard/src/Tests/Fuzzers" +# fuzzer-usb-descriptor seed corpus. +for fuzzer_name in ${fuzzers}; do + corpus_dir="${fuzzer_name}_corpus" + if [[ ! -d "$corpus_dir" ]] ; then + continue + fi + zip_name="$OUT/${fuzzer_name}_seed_corpus.zip" + rm -f "${zip_name}" + zip -r "${zip_name}" "${corpus_dir}" +done + +# Specific cases: +cd "$WORK" +# fuzzer-rules seed corpus. +fuzzer_name=fuzzer-rules +corpus_dir="${fuzzer_name}_corpus" +zip_name="$OUT/${fuzzer_name}_seed_corpus.zip" +if [[ ! -d "$SRC/usbguard/src/Tests/Fuzzers/$corpus_dir" ]] ; then + rm -f "${zip_name}" + rm -rf "${corpus_dir}" + mkdir -p "${corpus_dir}" + pushd "${corpus_dir}" + i=1000000 + while read -r line; do + echo "${line}" > "$((i++))" + done < <( cat $SRC/usbguard/src/Tests/Rules/test-rules.good \ + $SRC/usbguard/src/Tests/Rules/test-rules.bad ) + popd + zip -r "${zip_name}" "${corpus_dir}" +fi + +# fuzzer-usb-descriptor seed corpus. +fuzzer_name=fuzzer-usb-descriptor +corpus_dir="${fuzzer_name}_corpus" +zip_name="$OUT/${fuzzer_name}_seed_corpus.zip" +if [[ ! -d "$SRC/usbguard/src/Tests/Fuzzers/$corpus_dir" ]] ; then + rm -rf "${corpus_dir}" + rm -f "${zip_name}" + cp -R "$SRC/usbguard/src/Tests/USB/data" "${corpus_dir}" + zip -r "${zip_name}" "${corpus_dir}" +fi diff --git a/projects/usbguard/project.yaml b/projects/usbguard/project.yaml new file mode 100644 index 00000000..902bd0dc --- /dev/null +++ b/projects/usbguard/project.yaml @@ -0,0 +1,8 @@ +homepage: "https://usbguard.github.io/" +primary_contact: "dkopecek@redhat.com" +sanitizers: + - address + - undefined + - memory +auto_ccs: + - "allenwebb@google.com" |