tools/ipc_fuzzer/scripts/ipc_fuzzer_mut.py

   1 #!/usr/bin/env python
   2 # Copyright 2014 The Chromium Authors. All rights reserved.
   3 # Use of this source code is governed by a BSD-style license that can be
   4 # found in the LICENSE file.
   5
   6 """Mutational ClusterFuzz fuzzer. A pre-built corpus of ipcdump files has
   7 to be uploaded to ClusterFuzz along with this script. As chrome is being
   8 developed, the corpus will become out-of-date and needs to be updated.
   9
  10 This fuzzer will pick some ipcdumps from the corpus, concatenate them with
  11 ipc_message_util and mutate the result with ipc_fuzzer_mutate.
  12 """
  13
  14 import os
  15 import random
  16 import subprocess
  17 import sys
  18 import utils
  19
  20 FUZZER_NAME_OPTION = '--fuzzer-name=mutate'
  21 IPC_MESSAGE_UTIL_APPLICATION = 'ipc_message_util'
  22 IPCDUMP_MERGE_LIMIT = 50
  23
  24 class MutationalFuzzer:
  25   def parse_arguments(self):
  26     self.args = utils.parse_arguments()
  27
  28   def set_application_paths(self):
  29     chrome_application_path = utils.get_application_path()
  30     chrome_application_directory = os.path.dirname(chrome_application_path)
  31
  32     self.ipc_message_util_binary = utils.application_name_for_platform(
  33         IPC_MESSAGE_UTIL_APPLICATION)
  34     self.ipc_fuzzer_binary = utils.get_fuzzer_application_name()
  35     self.ipc_replay_binary = utils.get_replay_application_name()
  36     self.ipc_message_util_binary_path = os.path.join(
  37         chrome_application_directory, self.ipc_message_util_binary)
  38     self.ipc_fuzzer_binary_path = os.path.join(
  39         chrome_application_directory, self.ipc_fuzzer_binary)
  40     self.ipc_replay_binary_path = os.path.join(
  41         chrome_application_directory, self.ipc_replay_binary)
  42
  43   def set_corpus(self):
  44     input_directory = self.args.input_dir
  45     entries = os.listdir(input_directory)
  46     entries = [i for i in entries if i.endswith(utils.IPCDUMP_EXTENSION)]
  47     self.corpus = [os.path.join(input_directory, entry) for entry in entries]
  48
  49   def create_mutated_ipcdump_testcase(self):
  50     ipcdumps = ','.join(random.sample(self.corpus, IPCDUMP_MERGE_LIMIT))
  51     tmp_ipcdump_testcase = utils.create_temp_file()
  52     mutated_ipcdump_testcase = (
  53         utils.random_ipcdump_testcase_path(self.args.output_dir))
  54
  55     # Concatenate ipcdumps -> tmp_ipcdump.
  56     cmd = [
  57       self.ipc_message_util_binary_path,
  58       ipcdumps,
  59       tmp_ipcdump_testcase,
  60     ]
  61     if subprocess.call(cmd):
  62       sys.exit('%s failed.' % self.ipc_message_util_binary)
  63
  64     # Mutate tmp_ipcdump -> mutated_ipcdump.
  65     cmd = [
  66       self.ipc_fuzzer_binary_path,
  67       FUZZER_NAME_OPTION,
  68       tmp_ipcdump_testcase,
  69       mutated_ipcdump_testcase,
  70     ]
  71     if subprocess.call(cmd):
  72       sys.exit('%s failed.' % self.ipc_fuzzer_binary)
  73
  74     utils.create_flags_file(
  75         mutated_ipcdump_testcase, self.ipc_replay_binary_path)
  76     os.remove(tmp_ipcdump_testcase)
  77
  78   def main(self):
  79     self.parse_arguments()
  80     self.set_application_paths()
  81     self.set_corpus()
  82     for _ in xrange(self.args.no_of_files):
  83       self.create_mutated_ipcdump_testcase()
  84
  85     return 0
  86
  87 if __name__ == "__main__":
  88   fuzzer = MutationalFuzzer()
  89   sys.exit(fuzzer.main())