forked from profuzzbench/profuzzbench
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile-env-sgfuzz
136 lines (111 loc) · 5.1 KB
/
Dockerfile-env-sgfuzz
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
FROM ubuntu:23.04
ARG HTTP_PROXY
ARG HTTPS_PROXY
ENV HTTP_PROXY=${HTTP_PROXY}
ENV HTTPS_PROXY=${HTTPS_PROXY}
ENV http_proxy=${HTTP_PROXY}
ENV https_proxy=${HTTP_PROXY}
ARG MAKE_OPT="-j"
ENV MAKE_OPT=${MAKE_OPT}
# Change the Ubuntu package mirror
RUN apt update && apt install -y apt-transport-https ca-certificates
RUN sed -i 's@//.*archive.ubuntu.com@//mirrors.ustc.edu.cn@g' /etc/apt/sources.list && apt clean
# LLVM-17
RUN apt update && apt install -y --no-install-recommends wget gnupg2 && rm -rf /var/lib/apt/lists
RUN echo deb http://apt.llvm.org/lunar/ llvm-toolchain-lunar-17 main >> /etc/apt/sources.list
RUN echo deb-src http://apt.llvm.org/lunar/ llvm-toolchain-lunar-17 main >> /etc/apt/sources.list
RUN wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -
# Install common dependencies
ENV DEBIAN_FRONTEND=noninteractive
RUN apt update -y && yes | unminimize && apt upgrade -y && \
apt install -y \
clang-17 llvm-17 llvm-17-dev lldb-17 lld-17 \
apt-utils git build-essential mold curl libc++-dev sudo libtool libtool-bin libz-dev libglib2.0-dev graphviz-dev bison flex automake libpixman-1-dev cgroup-tools \
cmake bear autoconf pkg-config gdb strace \
openssh-server openssl libssl-dev libgnutls28-dev \
libcap-dev libpcap-dev tcpdump \
rsync autopoint gperf texinfo gettext \
vim nano screen htop man wget httpie bash-completion ripgrep iputils-ping iproute2 telnet net-tools ncat netcat-traditional \
zsh autojump fzf \
&& rm -rf /var/lib/apt/lists
RUN ln -sf /usr/bin/clang-17 /usr/bin/clang && \
ln -sf /usr/bin/clang++-17 /usr/bin/clang++ && \
ln -sf /usr/bin/llvm-config-17 /usr/bin/llvm-config
RUN pip3 install --break-system-packages -i https://mirrors.aliyun.com/pypi/simple gcovr
RUN chmod 777 /tmp
RUN echo "Acquire::http::Proxy \"${HTTP_PROXY}\";" > /etc/apt/apt.conf.d/99proxy && \
echo "Acquire::ftp::Proxy \"${HTTP_PROXY}\";" >> /etc/apt/apt.conf.d/99proxy && \
echo "Acquire::https::Proxy \"${HTTP_PROXY}\";" >> /etc/apt/apt.conf.d/99proxy
# Users
##############
# Add a new user
ARG USER_ID=1000
ARG GROUP_ID=1000
ENV USER_ID=${USER_ID}
ENV GROUP_ID=${GROUP_ID}
# ubuntu:23.04 has an 'ubuntu' user and group
# so we use the 'user' as the default
# to avoid the conflict between ${USER_ID} and the id of 'ubuntu'
# here we remove the existed user 'ubuntu'
RUN userdel $(getent passwd ${USER_ID} | cut -d: -f1) || true
RUN groupdel $(getent group ${GROUP_ID} | cut -d: -f1) || true
RUN groupadd -g ${GROUP_ID} user && \
useradd -u ${USER_ID} -rm -d /home/user -s /usr/bin/zsh -g user -G sudo user -p "$(openssl passwd -1 user)" && \
echo "user ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
# Use user as default username
USER user
WORKDIR /home/user
ENV HOME=/home/user
RUN git config --global http.version HTTP/1.1 && \
git config --global user.name Kherrisan && \
git config --global user.email zdkscope@outlook.com
COPY patches /tmp/patches
COPY --chown=user:user scripts/.zshrc ${HOME}/.zshrc
COPY --chown=user:user scripts/.p10k.zsh ${HOME}/.p10k.zsh
RUN zsh -c ". ~/.zshrc"
##############
# End of user setup
# Code
##############
# Environments and fuzzer tools
##############
# AFLNet
# We need aflnet-replay to replay all the testcases
RUN git clone https://gitee.com/skyworld123/aflnet.git && \
cd aflnet && \
git checkout 62d63a59230bb5f5c6e54cddd381b9425dba3726 && \
git apply /tmp/patches/aflnet.patch && \
make clean all ${MAKE_OPT} && \
cd llvm_mode && make ${MAKE_OPT}
# SGFuzz
RUN git clone https://gitee.com/pine404/SGFuzz.git --depth=2 sgfuzz && \
cd sgfuzz && \
git checkout 00dbbd70ba79f1bcff3f7dfdb4fda0645cf91225 && \
git apply /tmp/patches/sgfuzz.patch && \
./build.sh && \
sudo cp libsfuzzer.a /usr/lib/libsFuzzer.a
# Install hongfuzz netdrive that is used by SGFuzz
RUN git clone https://gitee.com/kherrisan/honggfuzz.git --depth=1 && \
cd honggfuzz && \
git apply /tmp/patches/hf.patch && \
CC=clang CFLAGS="-fsanitize=fuzzer-no-link -fsanitize=address" make libhfcommon/libhfcommon.a && \
CC=clang CFLAGS="-fsanitize=fuzzer-no-link -fsanitize=address -DHFND_RECVTIME=1 -Wno-error=unused-function" make libhfnetdriver/libhfnetdriver.a && \
sudo mv libhfcommon/libhfcommon.a /usr/lib/libhfcommon.a && \
sudo mv libhfnetdriver/libhfnetdriver.a /usr/lib/libhfnetdriver.a
COPY --chown=user:user . ${HOME}/profuzzbench
RUN sudo chmod +x ${HOME}/profuzzbench/scripts/*.sh
# Build libgcov_preload.so
COPY scripts/gcov_preload.c gcov_preload.c
RUN gcc -shared -fpic gcov_preload.c -g -o libgcov_preload.so && \
sudo touch "/etc/ld.so.conf.d/gcov.conf" && \
echo "${HOME}" | sudo tee "/etc/ld.so.conf.d/gcov.conf" && \
sudo ldconfig
# Build libfake_random.so
COPY scripts/fake_random.c fake_random.c
RUN gcc -shared -fpic fake_random.c -g -o libfake_random.so && \
sudo touch "/etc/ld.so.conf.d/fake_random.conf" && \
echo "${HOME}" | sudo tee "/etc/ld.so.conf.d/fake_random.conf" && \
sudo ldconfig
# Disable ASLR fowever
RUN echo "kernel.randomize_va_space = 0" | sudo tee -a /etc/sysctl.d/01-disable-aslr.conf && \
sudo sysctl -p /etc/sysctl.d/01-disable-aslr.conf