feat: optimized script files, added bug seed directory parameters, and fixed an…

feat: optimized script files, added bug seed directory parameters, and fixed an incomplete bug in valgrind script

feat: optimized script files, added bug seed directory parameters, and fixed an…
feat: optimized script files, added bug seed directory parameters, and fixed an incomplete bug in valgrind script
0bc309c6 · 文周繁 · 2883d264 · 0bc309c6 · 0bc309c6 · 0bc309c6
Commit 0bc309c6 authored Dec 31, 2024 by 文周繁
Show whitespace changes
Inline Side-by-side

Showing with 41 additions and 27 deletions

README.md README.md +9 -7

asan.py asan.py +13 -8

valgrind.py valgrind.py +19 -12

No files found.
--- a/README.md
+++ b/README.md
@@ -9,10 +9,11 @@ python2.7
 ```sh
 # 在python2.7环境下执行valgrind.py，脚本共接收四个参数
 # 第一个参数为可执行程序，也就是被测目标程序
-# 第二个参数为种子目录
-# 第三个参数为标准输出文件路径，用于存储标准输入信息
-# 第四个参数为错误信息文件路径，用于存储错误信息
-# 例：python valgrind.py /path/to/jhead /path/to/seeds /path/to/stdout /path/to/stderr
+# 第二个参数为产生crashs的种子目录
+# 第三个参数用于存储vargrind检测后疑似漏洞的seeds文件夹目录
+# 第四个参数为标准输出文件路径，用于存储标准输入信息
+# 第五个参数为错误信息文件路径，用于存储错误信息
+# 例：python valgrind.py /path/to/jhead /path/to/crash-seeds /path/to/bug-seeds /path/to/stdout /path/to/stderr
 ```

 # asan.py用法
@@ -21,8 +22,9 @@ python2.7
 # 在python2.7环境下执行asan.py，脚本共接收四个参数
 # 第一个参数为可执行程序，也就是被测目标程序
 # 第二个参数为种子目录
-# 第三个参数为标准输出文件路径，用于存储标准输入信息
-# 第四个参数为错误信息文件路径，用于存储错误信息
-# 例：python asan.py /path/to/jhead /path/to/seeds /path/to/stdout /path/to/stderr
+# 第三个参数用于存储asan检测后疑似漏洞的seeds文件夹目录
+# 第四个参数为标准输出文件路径，用于存储标准输入信息
+# 第五个参数为错误信息文件路径，用于存储错误信息
+# 例：python asan.py /path/to/jhead /path/to/crash-seeds /path/to/bug-seeds  /path/to/stdout /path/to/stderr
 ```

--- a/asan.py
+++ b/asan.py
@@ -2,6 +2,7 @@ import sys
 import subprocess
 import os
 import re
+import shutil

 pattern_asan_head = re.compile(r'==\d+==ERROR: AddressSanitizer:')
 pattern_asan = re.compile(r' {4}#\d+ 0x\w+ in ')
@@ -23,7 +24,7 @@ def search_file(dirname):
    return paths


-def TIMEOUT_COMMAND(command, stdout, stderr):
+def TIMEOUT_COMMAND(command, path, output_seeds_dirname, stdout, stderr):
    """call shell-command and either return its output or kill it
    if it doesn't normally exit within timeout seconds and return None"""
    process = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
@@ -46,26 +47,30 @@ def TIMEOUT_COMMAND(command, stdout, stderr):
            stderr.write(errs)
            # TODO write to mangodb
            invalid_cause_dict[error_cause] = 1
+            if not os.path.exists(output_seeds_dirname):
+                os.makedirs(output_seeds_dirname)
+            shutil.copy2(path, output_seeds_dirname)


-def generation_command(target, parameter, paths, stdout_outputfile, stderr_outputfile):
+def generation_command(target, parameter, paths, output_seeds_dirname, stdout_outputfile, stderr_outputfile):
    stdout_output = open(stdout_outputfile, "w+")
    stderr_output = open(stderr_outputfile, "w+")
    for path in paths:
        command = target + " " + parameter.replace("@@", path, 1) + " "
        print(command)
-        TIMEOUT_COMMAND(command, stdout_output, stderr_output)
+        TIMEOUT_COMMAND(command, path, output_seeds_dirname, stdout_output, stderr_output)


 def main(argv):
    target = argv[0]
    cmd = "@@"
-    dirname = argv[1]
-    stdout_outputfile = argv[2]
-    stderr_outputfile = argv[3]
+    input_seeds_dirname = argv[1]  # input_seeds dir
+    output_seeds_dirname = argv[2]  # output_seeds dir
+    stdout_outputfile = argv[3]
+    stderr_outputfile = argv[4]
    print("Searching files\n")
-    paths = search_file(dirname)
-    generation_command(target, cmd, paths, stdout_outputfile, stderr_outputfile)
+    paths = search_file(input_seeds_dirname)
+    generation_command(target, cmd, paths, output_seeds_dirname, stdout_outputfile, stderr_outputfile)


 if __name__ == "__main__":

--- a/valgrind.py
+++ b/valgrind.py
@@ -2,6 +2,7 @@ import sys
 import subprocess
 import os
 import re
+import shutil

 pattern_valgrind_head = re.compile(r'==\d+==')
 pattern_valgrind_tail = re.compile(r'==\d+== ERROR SUMMARY: [1-9]+')
@@ -24,23 +25,25 @@ def search_file(dirname):
    return paths


-def TIMEOUT_COMMAND(command, stdout, stderr):
+def TIMEOUT_COMMAND(command, path, output_seeds_dirname, stdout, stderr):
    """call shell-command and either return its output or kill it
    if it doesn't normally exit within timeout seconds and return None"""
    process = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
    outs, errs = process.communicate()
    stdout.write(outs)
    err_data = ''
-    is_search_at = False
+    search_at_count = 0
    search_by_count = 0
    error_cause = ''
+    if pattern_valgrind_tail.search(errs):
        for i in errs.splitlines():
-        if pattern_valgrind_at.match(i) is not None and not is_search_at:
-            is_search_at = True
+            if pattern_valgrind_at.match(i) is not None and search_at_count < 2:
+                search_at_count += 1
+                if search_at_count <= 1:
                    err_data = err_data + i + "\n"
                    _, end = pattern_valgrind_at.search(i).span()
                    error_cause += i[end:]
-        elif pattern_valgrind_by.match(i) is not None and search_by_count <= 10:
+            elif pattern_valgrind_by.match(i) is not None and search_by_count <= 10 and search_at_count <= 1:
                search_by_count += 1
                err_data = err_data + i + "\n"
                _, end = pattern_valgrind_by.search(i).span()
@@ -51,30 +54,34 @@ def TIMEOUT_COMMAND(command, stdout, stderr):
                    stderr.write(err_data)
                    # TODO write to mangodb
                    invalid_cause_dict[error_cause] = 1
+                    if not os.path.exists(output_seeds_dirname):
+                        os.makedirs(output_seeds_dirname)
+                    shutil.copy2(path, output_seeds_dirname)
            elif pattern_valgrind_head.match(i) is not None:
                err_data = err_data + i + "\n"
            else:
                pass


-def generation_command(target, parameter, paths, stdout_outputfile, stderr_outputfile):
+def generation_command(target, parameter, paths, output_seeds_dirname, stdout_outputfile, stderr_outputfile):
    stdout_output = open(stdout_outputfile, "w+")
    stderr_output = open(stderr_outputfile, "w+")
    for path in paths:
        command = "valgrind " + target + " " + parameter.replace("@@", path, 1) + " "
        print(command)
-        TIMEOUT_COMMAND(command, stdout_output, stderr_output)
+        TIMEOUT_COMMAND(command, path, output_seeds_dirname, stdout_output, stderr_output)


 def main(argv):
    target = argv[0]  # target program
    cmd = "@@"
-    dirname = argv[1]  # seeds dir
-    stdout_outputfile = argv[2]
-    stderr_outputfile = argv[3]
+    input_seeds_dirname = argv[1]  # input_seeds dir
+    output_seeds_dirname = argv[2]  # output_seeds dir
+    stdout_outputfile = argv[3]
+    stderr_outputfile = argv[4]
    print("Searching files\n")
-    paths = search_file(dirname)
-    generation_command(target, cmd, paths, stdout_outputfile, stderr_outputfile)
+    paths = search_file(input_seeds_dirname)
+    generation_command(target, cmd, paths, output_seeds_dirname, stdout_outputfile, stderr_outputfile)


 if __name__ == "__main__":