[suricata] Adds project suricata (#2533)

* Adds project suricata * Updates lz4 to latest version * remove sanitizers section -- harmless change to trigger Travis * add language attribute Co-authored-by: Max Moroz <[email protected]>
google · Mar 27, 2020 · 522e7dc · 522e7dc
1 parent c5b149a
commit 522e7dc
Show file tree

Hide file tree

Showing 3 changed files with 121 additions and 0 deletions.
diff --git a/projects/suricata/Dockerfile b/projects/suricata/Dockerfile
@@ -0,0 +1,34 @@
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y build-essential autoconf automake libtool make pkg-config rustc cargo python flex bison zlib1g-dev libpcre3-dev
+
+#TODO libmagic, liblzma, pcre and other optional libraries
+ADD https://www.tcpdump.org/release/libpcap-1.9.1.tar.gz libpcap-1.9.1.tar.gz
+ADD http://www.digip.org/jansson/releases/jansson-2.12.tar.gz jansson-2.12.tar.gz
+RUN git clone --depth=1 https://github.com/yaml/libyaml
+ADD https://github.com/lz4/lz4/archive/v1.9.2.tar.gz lz4-1.9.2.tar.gz
+
+ADD https://rules.emergingthreats.net/open/suricata/emerging.rules.zip emerging.rules.zip
+
+RUN cargo install --force cbindgen
+
+RUN git clone --depth 1 https://github.com/OISF/suricata.git suricata
+RUN git clone --depth 1 https://github.com/OISF/libhtp.git suricata/libhtp
+RUN git clone --depth 1 https://github.com/OISF/suricata-verify suricata-verify
+WORKDIR $SRC
+COPY build.sh $SRC/
diff --git a/projects/suricata/build.sh b/projects/suricata/build.sh
@@ -0,0 +1,82 @@
+#!/bin/bash -eu
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# build dependencies statically
+tar -xvzf lz4-1.9.2.tar.gz
+cd lz4-1.9.2
+make liblz4.a
+cp lib/liblz4.a /usr/local/lib/
+cp lib/lz4*.h /usr/local/include/
+cd ..
+
+tar -xvzf jansson-2.12.tar.gz
+cd jansson-2.12
+./configure --disable-shared
+make -j$(nproc)
+make install
+cd ..
+
+tar -xvzf libpcap-1.9.1.tar.gz
+cd libpcap-1.9.1
+./configure --disable-shared
+make -j$(nproc)
+make install
+cd ..
+
+cd libyaml
+./bootstrap
+./configure --disable-shared
+make -j$(nproc)
+make install
+cd ..
+
+
+# build project
+cd suricata
+export PATH=$PATH:/root/.cargo/bin
+sh autogen.sh
+./configure --disable-shared --enable-fuzztargets
+make
+
+cp src/fuzz_* $OUT/
+
+# build corpuses
+# default configuration file
+zip -r $OUT/fuzz_confyamlloadstring_seed_corpus.zip suricata.yaml
+# rebuilds rules corpus with only one rule by file
+unzip ../emerging.rules.zip
+cd rules
+i=0
+mkdir corpus
+# quiet output for commands
+set +x
+cat *.rules | while read l; do echo $l > corpus/$i.rule; i=$((i+1)); done
+set -x
+zip -q -r $OUT/fuzz_siginit_seed_corpus.zip corpus
+cd ../../suricata-verify
+
+# corpus with pcap files
+find . -name "*.pcap" | xargs zip -r $OUT/fuzz_decodepcapfile_seed_corpus.zip
+
+# corpus using both rule and pcap as in suricata-verify
+cd tests
+i=0
+mkdir corpus
+ls | grep -v corpus | while read t; do
+cat $t/*.rules > corpus/$i || true; echo -ne '\0' >> corpus/$i; cat $t/*.pcap >> corpus/$i || true; i=$((i+1));
+done
+zip -q -r $OUT/fuzz_sigyamlpcap_seed_corpus.zip corpus
diff --git a/projects/suricata/project.yaml b/projects/suricata/project.yaml
@@ -0,0 +1,5 @@
+homepage: "https://suricata-ids.org"
+language: c++
+primary_contact: "[email protected]"
+auto_ccs:
+- "[email protected]"