oss-fuzz
oss-fuzz copied to clipboard
pysan: add pocs
Some foundations for doing Python sanitization. It's achieved by hooking Python functions and attributes on Python objects (see the ReDoS example for this). The Pysan package can be installed with pip3 install ., so it should be easy to start deploying this selectively on projects in OSS-Fuzz. I've included several example targets for code injections, e.g. the pytorch-lightning example from SystemSan, and ReDoS.
It can be extended with a lot more sanitizers, and given it's all in Python code it's also easy to extend with a convenient API for doing custom hooks -- although this is almost essentially possible to do now tbh. I'd be happy not to extend too much prior to experimenting on selected projects on OSS-Fuzz.
To try it out:
python3 infra/helper.py build_fuzzers pysan
python3 infra/helper.py run_fuzzer pysan fuzz_ansible_runner
python3 infra/helper.py run_fuzzer pysan fuzz_libvcs
python3 infra/helper.py run_fuzzer pysan fuzz_ldap
python3 infra/helper.py run_fuzzer pysan fuzz_pytorch_lightning
python3 infra/helper.py run_fuzzer pysan os_command_injection
python3 infra/helper.py run_fuzzer pysan subprocess_popen_injection
wdyt?
Not sure if I missed anything, but after cloning your repo and switch to that branch, I got this error when running python3 infra/helper.py build_fuzzers pysan
:
INFO:root:Running: docker build -t gcr.io/oss-fuzz/pysan --file /path/to/oss-fuzz/projects/pysan/Dockerfile /path/to/oss-fuzz/projects/pysan.
Traceback (most recent call last):
File "/path/to/oss-fuzz/infra/helper.py", line 1205, in <module>
sys.exit(main())
File "/path/to/oss-fuzz/infra/helper.py", line 168, in main
result = build_fuzzers(args)
File "/path/to/oss-fuzz/infra/helper.py", line 729, in build_fuzzers
return all(
File "/path/to/oss-fuzz/infra/helper.py", line 730, in <genexpr>
build_fuzzers_impl(args.project,
File "/path/to/oss-fuzz/infra/helper.py", line 649, in build_fuzzers_impl
if not build_image_impl(project, architecture=architecture):
File "/path/to/oss-fuzz/infra/helper.py", line 514, in build_image_impl
return docker_build(build_args)
File "/path/to/oss-fuzz/infra/helper.py", line 587, in docker_build
subprocess.check_call(command)
File "/usr/lib/python3.10/subprocess.py", line 364, in check_call
retcode = call(*popenargs, **kwargs)
File "/usr/lib/python3.10/subprocess.py", line 345, in call
with Popen(*popenargs, **kwargs) as p:
File "/usr/lib/python3.10/subprocess.py", line 969, in __init__
self._execute_child(args, executable, preexec_fn, close_fds,
File "/usr/lib/python3.10/subprocess.py", line 1845, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'docker'
Looks like python can't find docker? The code is fully integrated as a regular project so you shuludn't expect anything unusual in the oss-fuzz infra.
Looks like python can't find docker? The code is fully integrated as a regular project so you shuludn't expect anything unusual in the oss-fuzz infra.
Never mind, had an issue with the setting. Tested all cases and they all work well, approved.
Awesome! Let me know how you'd prefer to place this. It would work well from my perspective (i.e. for further development) to simply place it somewhere in the Docker images and installing the package by way of pip3 install .
as I currently do, then projects can selectively enable this using
import pysan
pysan.pysan_add_hooks()
CC @jonathanmetzman for review too.
fyi a project is already running with the first version of pysecsan: https://github.com/google/oss-fuzz/blob/d76fb7d57925e4a8bed86c7176354a71de3c1831/projects/pyxdg/fuzz_menu.py#L20-L21
It just uses the packaged version https://pypi.org/project/pysecsan
is this ready for merge?
Yes, let's get this in! Sorry for the delay.