fuzz: add fuzzer for DGA detection code (#2042)

ntop · Jul 13, 2023 · 5e6a8c0 · 5e6a8c0
1 parent 669a02c
commit 5e6a8c0
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 1 deletion.
diff --git a/.gitignore b/.gitignore
@@ -72,6 +72,7 @@
 /fuzz/fuzz_ds_ahocorasick
 /fuzz/fuzz_libinjection
 /fuzz/fuzz_tls_certificate
+/fuzz/fuzz_dga
 /fuzz/fuzz_gcrypt_light
 /fuzz/fuzz_ndpi_reader_payload_analyzer
 /fuzz/fuzz_ndpi_reader_alloc_fail_seed_corpus.zip
@@ -94,6 +95,7 @@
 /fuzz/fuzz_ds_ahocorasick_seed_corpus.zip
 /fuzz/fuzz_libinjection_seed_corpus.zip
 /fuzz/fuzz_tls_certificate_seed_corpus.zip
+/fuzz/fuzz_dga_seed_corpus.zip
 /fuzz/fuzz_ndpi_reader_payload_analyzer_seed_corpus.zip
 /fuzz/fuzz_*.dict
 /influxdb/Makefile

diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am
@@ -1,4 +1,4 @@
-bin_PROGRAMS = fuzz_process_packet fuzz_ndpi_reader fuzz_ndpi_reader_alloc_fail fuzz_ndpi_reader_payload_analyzer fuzz_quic_get_crypto_data fuzz_config fuzz_community_id fuzz_serialization fuzz_tls_certificate
+bin_PROGRAMS = fuzz_process_packet fuzz_ndpi_reader fuzz_ndpi_reader_alloc_fail fuzz_ndpi_reader_payload_analyzer fuzz_quic_get_crypto_data fuzz_config fuzz_community_id fuzz_serialization fuzz_tls_certificate fuzz_dga
 #Alghoritms
 bin_PROGRAMS += fuzz_alg_bins fuzz_alg_hll fuzz_alg_hw_rsi_outliers_da fuzz_alg_jitter fuzz_alg_ses_des fuzz_alg_crc32_md5 fuzz_alg_bytestream
 #Data structures
@@ -335,6 +335,19 @@ fuzz_tls_certificate_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
     $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \
     $(fuzz_tls_certificate_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
 
+fuzz_dga_SOURCES = fuzz_dga.c fuzz_common_code.c
+fuzz_dga_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_dga_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
+fuzz_dga_LDFLAGS = $(LIBS)
+if HAS_FUZZLDFLAGS
+fuzz_dga_CFLAGS += $(LIB_FUZZING_ENGINE)
+fuzz_dga_LDFLAGS += $(LIB_FUZZING_ENGINE)
+endif
+# force usage of CXX for linker
+fuzz_dga_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+    $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \
+    $(fuzz_dga_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
+
 fuzz_gcrypt_light_SOURCES = fuzz_gcrypt_light.cpp fuzz_common_code.c
 fuzz_gcrypt_light_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -I ../src/lib/third_party/include/
 fuzz_gcrypt_light_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -I ../src/lib/third_party/include/
@@ -454,6 +467,7 @@ fuzz_tls_certificate_seed_corpus.zip: $(files_corpus_fuzz_tls_certificate)
 	zip -j fuzz_tls_certificate_seed_corpus.zip $(files_corpus_fuzz_tls_certificate)
 
 corpus: fuzz_ndpi_reader_seed_corpus.zip fuzz_ndpi_reader_alloc_fail_seed_corpus.zip fuzz_ndpi_reader_payload_analyzer_seed_corpus.zip fuzz_quic_get_crypto_data_seed_corpus.zip fuzz_config_seed_corpus.zip fuzz_ds_patricia_seed_corpus.zip fuzz_ds_ahocorasick_seed_corpus.zip fuzz_alg_ses_des_seed_corpus.zip fuzz_alg_hw_rsi_outliers_da_seed_corpus.zip fuzz_alg_bins_seed_corpus.zip fuzz_alg_hll_seed_corpus.zip fuzz_alg_jitter_seed_corpus.zip fuzz_ds_libcache_seed_corpus.zip fuzz_community_id_seed_corpus.zip fuzz_ds_tree_seed_corpus.zip fuzz_serialization_seed_corpus.zip fuzz_ds_ptree_seed_corpus.zip fuzz_alg_crc32_md5_seed_corpus.zip fuzz_alg_bytestream_seed_corpus.zip fuzz_libinjection_seed_corpus.zip fuzz_tls_certificate_seed_corpus.zip
+	cp corpus/fuzz_*seed_corpus.zip .
 
 #Create dictionaries exactly as expected by oss-fuzz.
 #This way, if we need to change/update/add something,
@@ -473,6 +487,7 @@ distdir:
 		-o -name '*.cpp' \
 		-o -name '*.dict' \
 		-o -name 'ipv4_addresses.txt' \
+		-o -path './corpus/fuzz_*.zip' \
 		-o -path './corpus/fuzz_quic_get_crypto_data/*' \
 		-o -path './corpus/fuzz_config/*' \
 		-o -path './corpus/fuzz_serialization/*' \

diff --git a/fuzz/corpus/fuzz_dga_seed_corpus.zip b/fuzz/corpus/fuzz_dga_seed_corpus.zip
diff --git a/fuzz/fuzz_dga.c b/fuzz/fuzz_dga.c
@@ -0,0 +1,35 @@
+#include "ndpi_api.h"
+#include "fuzz_common_code.h"
+
+static struct ndpi_detection_module_struct *ndpi_struct = NULL;
+static struct ndpi_flow_struct *ndpi_flow = NULL;
+
+static int ndpi_custom_dga_fn(const char* domain, int domain_length)
+{
+  return ndpi_is_printable_buffer((const u_int8_t *)domain, domain_length);
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  char *name;
+
+  if (ndpi_struct == NULL) {
+    fuzz_init_detection_module(&ndpi_struct);
+    ndpi_flow = ndpi_calloc(1, sizeof(struct ndpi_flow_struct));
+  }
+
+  if (size == 0)
+    return 0;
+
+  if (data[0] % 2 == 0)
+    ndpi_dga_function = ndpi_custom_dga_fn;
+
+  name = ndpi_malloc(size + 1);
+  if (name) {
+    memcpy(name, data, size);
+    name[size] = '\0';
+    ndpi_check_dga_name(ndpi_struct, ndpi_flow, name, 1, 1);
+    ndpi_free(name);
+  }
+
+  return 0;
+}