Adds project suricata

[catenacyber]

Asked in #624

The code is not yet merged in suricata main repository cf OISF/suricata#3914

MSAN is not yet enabled because of Rust and C interactions cf #2145 (comment)

@victorjulien could you ack ?

cc @kcc as you seemed interested in rust targets

[catenacyber]

Travis seems to fail because my corpus building bash magic is too verbose...

For instance, we have a corpus of about 50 000 rules and it gets computed with
cat *.rules | while read l; do echo $l > corpus/$i.rule; i=$((i+1)); done
https://github.com/google/oss-fuzz/pull/2533/files#diff-7507477856b797ccae1de19abe792c2bR64

What should we do about it ?

[inferno-chromium]

Can you redirect that output to >/dev/null. Log output is good to be readable. For future build breaks, it will make debugging harder with such big logs.

[catenacyber]

Just like that ?

[inferno-chromium]

Just like that ?

You can verify locally with infra/helper.py.

[catenacyber]

You can verify locally with infra/helper.py.

Yes, it is running...

[catenacyber]

This does not seem to work.
Actually, the command cat *.rules | while read l; do echo $l > corpus/$i.rule; i=$((i+1)); done does not print any output.
But it executes many subcommands that get logged :

+ echo alert tcp '$HOME_NET' any '->' '$EXTERNAL_NET' 23 '(msg:"ET' EXPLOIT Zollard PHP Exploit Telnet 'Outbound";' 'flow:to_server,established;' 'content:"/var/run/.zollard/";' 'reference:url,deependresearch.org/2013/12/hey-zollard-leave-my-internet-of-things.html;' 'classtype:attempted-user;' 'sid:2017800;' 'rev:2;' metadata:created_at 2013_12_04, updated_at '2013_12_04;)'
+ i=15343
+ read l
+ echo
+ i=15344
+ read l
+ echo alert tcp '$EXTERNAL_NET' any '->' '$HOME_NET' 23 '(msg:"ET' EXPLOIT Zollard PHP Exploit Telnet 'Inbound";' 'flow:to_server,established;' 'content:"/var/run/.zollard/";' 'reference:url,deependresearch.org/2013/12/hey-zollard-leave-my-internet-of-things.html;' 'classtype:attempted-user;' 'sid:2017799;' 'rev:2;' metadata:created_at 2013_12_04, updated_at '2013_12_04;)'
+ i=15345
+ read l
+ echo
+ i=15346
+ read l

So, I am trying something else

[Dor1s]

The change looks good, but I don't see @victorjulien on the upstream contributors page: https://github.com/OISF/suricata/graphs/contributors

I do see Victor at this page though: https://github.com/orgs/OISF/people

So awaiting on the confirmation :)

[Dor1s]

nit: 2019

[Dor1s]

in the other files as well :)

[catenacyber]

ok

[Dor1s]

is suricata.yaml a directory? If not, are there any other potential seed inputs?

[catenacyber]

is suricata.yaml a directory?

No this is a single file (the default configuration)
I do not think of other available inputs...

[catenacyber]

I don't see @victorjulien on the upstream contributors page: https://github.com/OISF/suricata/graphs/contributors

He is the main contributor but as his profile says https://github.com/inliniac moved to https://github.com/victorjulien

[victorjulien]

Please hold on this. I would like to make sure we have the necessary support merged in our git repo first. Also, due to team availability over the summer, it would work a lot better for us to start this in the fall.

[TravisBuddy]

Hey @catenacyber,
Your changes look good to me!

View build log

TravisBuddy Request Identifier: ecffb3d0-53b8-11ea-b4ca-9b1f8367601b

[catenacyber]

@victorjulien could you approve this now that we merged the fuzz targets in upstream Suricata repository ? Thanks :-)

[catenacyber]

Still needs OISF/suricata#4732 before merging

[victorjulien]

I have just merged OISF/suricata#4732, so upstream is ready.

Approved from the Suricata project.

[TravisBuddy]

Travis tests have failed

Hey @catenacyber,
Please read the following log in order to understand the failure reason.
It'll be awesome if you fix what's wrong and commit the changes.

TravisBuddy Request Identifier: 96181f70-6ff7-11ea-8e1c-9749656638a8

[TravisBuddy]

Hey @catenacyber,
Your changes look good to me!

View build log

TravisBuddy Request Identifier: c76e4060-6ffa-11ea-8e1c-9749656638a8

[catenacyber]

Thanks @Dor1s

The language is actually C and Rust
How does this new attribute matter ?

[Dor1s]

C or C++ doesn't matter, we use C++ by default as libFuzzer is C++ and is linked in :) I think fuzz targets are written in C, so Rust value is not really applicable here?

[Dor1s]

How does this new attribute matter ?

As of now it just skips coverage job for non C/C++ projects, but in future it will guide other pieces of OSS-Fuzz such as bad build checks, srcmap generation, and others. See #3297 and #3477 if you're curious to learn more :)

[catenacyber]

I think fuzz targets are written in C, so Rust value is not really applicable here?

I do not know. The C fuzz targets call Rust code at some points

As of now it just skips coverage job for non C/C++ projects

Hope you have time to review #3142 soon ;-)