-
Notifications
You must be signed in to change notification settings - Fork 5
Run SyzBridge
ETenal edited this page Mar 11, 2024
·
2 revisions
SyzBridge utilizes a configuration file to enable/disable features and add/delete testing kernels.
Each value in kernel is an instance of the Vendor() class. For a comprehensive list of keywords, please refer to the API reference.
Each value in plugin indicates a separate plugin configuration. This can be customized by different plugins.
We prepare a template config.
{
"kernel": {
"Upstream":{
# The upstream image and key are generated by syzkaller create-image.sh
# https://github.com/google/syzkaller/blob/master/tools/create-image.sh
"ssh_key":"/projects/SyzBridge/tools/img/stretch.img.key",
"distro_name":"upstream",
"distro_image":"/projects/SyzBridge/tools/img/stretch.img",
"type": "upstream",
"normal_user": "etenal",
"root_user": "root"
},
"Ubuntu-Jammy-22.04":{
# Refer to "Deploy Distro Image" in the wiki
"distro_image":"/vendors/ubuntu/kernel-jammy-22.04-Apr_21_2022/ubuntu-snapshot.img",
"ssh_key":"/.ssh/syzbridge",
"distro_src":"/vendors/ubuntu/kernel-jammy-22.04-Apr_21_2022/ubuntu-jammy",
"distro_name":"ubuntu-22.04",
"distro_code_name": "jammy",
"distro_version": "5.15.25",
# Effective cycle use to pick Syzbot bugs based on their reported date
"effective_cycle_start": "Apr 21 2022",
"effective_cycle_end": "",
"type": "distro",
"normal_user": "etenal",
"root_user": "root"
}
},
"plugin": {
"GoogleSheets": {
"credential": "/tmp/google_sheet.json",
"private_sheet": "ndss_experiment-ubuntu",
"main_sheet": "ndss_experiment"
},
"Syzscope": {
"timeout": 14400,
"max_round": 3,
"repro_mode": "c"
},
"TraceAnalysis": {
"timeout": 600
},
"RawBugReproduce": {
"timeout": 300
},
"BugReproduce": {
"timeout": 300,
"skip_regular_reproduce": false
},
"SyzFeatureMinimize": {
"timeout": 300,
"attempt": 3
}
}
}
python3 syzbridge syzbot --proj test --config ./template.cfg --get 380acd1f7d59c28809f18bb577d645aab34d23b0
python3 syzbridge syzbot --proj test --config ./template.cfg --filter-by-kernel=upstream --key=KASAN --filter-by-c-prog
python3 syzbridge syzbot --proj test --config ./template.cfg --filter-by-distro-cycle-end
Enable certain plugins (SyzFeatureMinimize, RawBugReproduce, TraceAnalysis, ModulesAnalysis, BugReproducer)
python3 syzbridge run --proj test --config ./template.cfg --syz-feature-minimize --raw-bug-reproduce --trace-analysis --modules-analysis --bug-reproduce
usage: syzbridge [-h]
{test,empty,run,image,bitcode,build,poc,syzbot,case,service,fuzz}
...
positional arguments:
{test,empty,run,image,bitcode,build,poc,syzbot,case,service,validateTrace,fuzz}
sub-command help
test Modular test (Debug only)
empty Create an empty project
run Run the analysis
image Build distro image [ubuntu|fedora|debian]
bitcode Build kernel bitcode for static analysis
build Build essential components
poc Build PoC
syzbot Get a case by hash or a file contains multiple hashs.
case Get cases information
service Run syzbridge as non-stop service.
fuzz Fuzz for new crashes
optional arguments:
-h, --help show this help message and exit
Commands bitcode, fuzz, poc may not work as intended, avoid using them in this version.