ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-15 03:18:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #571 from Edznux/statsd_implem

Browse Source 
Statsd support implementation
This commit is contained in:
van Hauser
2020-10-10 10:36:48 +02:00
committed by GitHub
parent 1ab83d7d89 4cb4772e2a
commit c075003bd2
7 changed files with 348 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
include/afl-fuzz.h
View File

@ -65,6 +65,8 @@
#include <dlfcn.h>
#include <sched.h>
#include <netdb.h>
#include <sys/wait.h>
#include <sys/time.h>
#ifndef USEMMAP
@ -76,6 +78,7 @@
#include <sys/mman.h>
#include <sys/ioctl.h>
#include <sys/file.h>
#include <sys/types.h>
#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || \
defined(__NetBSD__) || defined(__DragonFly__)
@ -352,11 +355,12 @@ typedef struct afl_env_vars {
afl_dumb_forksrv, afl_import_first, afl_custom_mutator_only, afl_no_ui,
afl_force_ui, afl_i_dont_care_about_missing_crashes, afl_bench_just_one,
afl_bench_until_crash, afl_debug_child_output, afl_autoresume,
afl_cal_fast, afl_cycle_schedules, afl_expand_havoc;
afl_cal_fast, afl_cycle_schedules, afl_expand_havoc, afl_statsd;
u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path,
*afl_hang_tmout, *afl_forksrv_init_tmout, *afl_skip_crashes, *afl_preload,
*afl_max_det_extras;
*afl_max_det_extras, *afl_statsd_host, *afl_statsd_port,
*afl_statsd_tags_flavor;
} afl_env_vars_t;
@ -634,6 +638,16 @@ typedef struct afl_state {
u64 plot_prev_qc, plot_prev_uc, plot_prev_uh, plot_prev_ed;
u64 stats_last_stats_ms, stats_last_plot_ms, stats_last_ms, stats_last_execs;
/* StatsD */
u64 statsd_last_send_ms;
struct sockaddr_in statsd_server;
int statsd_sock;
char * statsd_tags_flavor;
char * statsd_tags_format;
char * statsd_metric_format;
int statsd_metric_format_type;
double stats_avg_exec;
u8 *clean_trace;
@ -957,6 +971,13 @@ void maybe_update_plot_file(afl_state_t *, double, double);
void show_stats(afl_state_t *);
void show_init_stats(afl_state_t *);
/* StatsD */
void statsd_setup_format(afl_state_t *afl);
int statsd_socket_init(afl_state_t *afl);
int statsd_send_metric(afl_state_t *afl);
int statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen);
/* Run */
fsrv_run_result_t fuzz_run_target(afl_state_t *, afl_forkserver_t *fsrv, u32);

8
include/config.h
View File

@ -41,6 +41,14 @@
#define USE_COLOR
/* StatsD config
Config can be adjusted via AFL_STATSD_HOST and AFL_STATSD_PORT environment
variable.
*/
#define STATSD_UPDATE_SEC 1
#define STATSD_DEFAULT_PORT 8125
#define STATSD_DEFAULT_HOST "127.0.0.1"
/* If you want to have the original afl internal memory corruption checks.
Disabled by default for speed. it is better to use "make ASAN_BUILD=1". */

4
include/envs.h
View File

@ -135,6 +135,10 @@ static char *afl_environment_variables[] = {
"AFL_SKIP_BIN_CHECK",
"AFL_SKIP_CPUFREQ",
"AFL_SKIP_CRASHES",
"AFL_STATSD",
"AFL_STATSD_HOST",
"AFL_STATSD_PORT",
"AFL_STATSD_TAGS_FLAVOR",
"AFL_TMIN_EXACT",
"AFL_TMPDIR",
"AFL_TOKEN_FILE",

28
src/afl-fuzz-state.c
View File

@ -297,6 +297,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) {
afl->afl_env.afl_cal_fast =
get_afl_env(afl_environment_variables[i]) ? 1 : 0;
} else if (!strncmp(env, "AFL_STATSD",
afl_environment_variable_len)) {
afl->afl_env.afl_statsd =
get_afl_env(afl_environment_variables[i]) ? 1 : 0;
} else if (!strncmp(env, "AFL_TMPDIR",
afl_environment_variable_len)) {
@ -344,6 +351,27 @@ void read_afl_environment(afl_state_t *afl, char **envp) {
afl->afl_env.afl_forksrv_init_tmout =
(u8 *)get_afl_env(afl_environment_variables[i]);
} else if (!strncmp(env, "AFL_STATSD_HOST",
afl_environment_variable_len)) {
afl->afl_env.afl_statsd_host =
(u8 *)get_afl_env(afl_environment_variables[i]);
} else if (!strncmp(env, "AFL_STATSD_PORT",
afl_environment_variable_len)) {
afl->afl_env.afl_statsd_port =
(u8 *)get_afl_env(afl_environment_variables[i]);
} else if (!strncmp(env, "AFL_STATSD_TAGS_FLAVOR",
afl_environment_variable_len)) {
afl->afl_env.afl_statsd_tags_flavor =
(u8 *)get_afl_env(afl_environment_variables[i]);
}
} else {

12
src/afl-fuzz-stats.c
View File

@ -423,6 +423,18 @@ void show_stats(afl_state_t *afl) {
}
if (unlikely(afl->afl_env.afl_statsd)) {
if (cur_ms - afl->statsd_last_send_ms > STATSD_UPDATE_SEC * 1000) {
/* reset counter, even if send failed. */
afl->statsd_last_send_ms = cur_ms;
if (statsd_send_metric(afl)) { WARNF("coundln't send statsd metric."); }
}
}
/* Every now and then, write plot data. */
if (cur_ms - afl->stats_last_plot_ms > PLOT_UPDATE_SEC * 1000) {

266
src/afl-fuzz-statsd.c Normal file
View File

@ -0,0 +1,266 @@
#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <string.h>
#include <sys/types.h>
#include <netdb.h>
#include <unistd.h>
#include "afl-fuzz.h"
#define MAX_STATSD_PACKET_SIZE 4096
#define MAX_TAG_LEN 200
#define METRIC_PREFIX "fuzzing"
/* Tags format for metrics
DogStatsD:
metric.name:<value>|<type>|#key:value,key2:value2
InfluxDB
metric.name,key=value,key2=value2:<value>|<type>
Librato
metric.name#key=value,key2=value2:<value>|<type>
SignalFX
metric.name[key=value,key2=value2]:<value>|<type>
*/
// after the whole metric.
#define DOGSTATSD_TAGS_FORMAT "|#banner:%s,afl_version:%s"
// just after the metric name.
#define LIBRATO_TAGS_FORMAT "#banner=%s,afl_version=%s"
#define INFLUXDB_TAGS_FORMAT ",banner=%s,afl_version=%s"
#define SIGNALFX_TAGS_FORMAT "[banner=%s,afl_version=%s]"
// For DogstatsD
#define STATSD_TAGS_TYPE_SUFFIX 1
#define STATSD_TAGS_SUFFIX_METRICS \
METRIC_PREFIX \
".cycle_done:%llu|g%s\n" METRIC_PREFIX \
".cycles_wo_finds:%llu|g%s\n" METRIC_PREFIX \
".execs_done:%llu|g%s\n" METRIC_PREFIX \
".execs_per_sec:%0.02f|g%s\n" METRIC_PREFIX \
".paths_total:%u|g%s\n" METRIC_PREFIX \
".paths_favored:%u|g%s\n" METRIC_PREFIX \
".paths_found:%u|g%s\n" METRIC_PREFIX \
".paths_imported:%u|g%s\n" METRIC_PREFIX ".max_depth:%u|g%s\n" METRIC_PREFIX \
".cur_path:%u|g%s\n" METRIC_PREFIX ".pending_favs:%u|g%s\n" METRIC_PREFIX \
".pending_total:%u|g%s\n" METRIC_PREFIX \
".variable_paths:%u|g%s\n" METRIC_PREFIX \
".unique_crashes:%llu|g%s\n" METRIC_PREFIX \
".unique_hangs:%llu|g%s\n" METRIC_PREFIX \
".total_crashes:%llu|g%s\n" METRIC_PREFIX \
".slowest_exec_ms:%u|g%s\n" METRIC_PREFIX \
".edges_found:%u|g%s\n" METRIC_PREFIX \
".var_byte_count:%u|g%s\n" METRIC_PREFIX ".havoc_expansion:%u|g%s\n"
// For Librato, InfluxDB, SignalFX
#define STATSD_TAGS_TYPE_MID 2
#define STATSD_TAGS_MID_METRICS \
METRIC_PREFIX \
".cycle_done%s:%llu|g\n" METRIC_PREFIX \
".cycles_wo_finds%s:%llu|g\n" METRIC_PREFIX \
".execs_done%s:%llu|g\n" METRIC_PREFIX \
".execs_per_sec%s:%0.02f|g\n" METRIC_PREFIX \
".paths_total%s:%u|g\n" METRIC_PREFIX \
".paths_favored%s:%u|g\n" METRIC_PREFIX \
".paths_found%s:%u|g\n" METRIC_PREFIX \
".paths_imported%s:%u|g\n" METRIC_PREFIX ".max_depth%s:%u|g\n" METRIC_PREFIX \
".cur_path%s:%u|g\n" METRIC_PREFIX ".pending_favs%s:%u|g\n" METRIC_PREFIX \
".pending_total%s:%u|g\n" METRIC_PREFIX \
".variable_paths%s:%u|g\n" METRIC_PREFIX \
".unique_crashes%s:%llu|g\n" METRIC_PREFIX \
".unique_hangs%s:%llu|g\n" METRIC_PREFIX \
".total_crashes%s:%llu|g\n" METRIC_PREFIX \
".slowest_exec_ms%s:%u|g\n" METRIC_PREFIX \
".edges_found%s:%u|g\n" METRIC_PREFIX \
".var_byte_count%s:%u|g\n" METRIC_PREFIX ".havoc_expansion%s:%u|g\n"
void statsd_setup_format(afl_state_t *afl) {
if (afl->afl_env.afl_statsd_tags_flavor &&
strcmp(afl->afl_env.afl_statsd_tags_flavor, "dogstatsd") == 0) {
afl->statsd_tags_format = DOGSTATSD_TAGS_FORMAT;
afl->statsd_metric_format = STATSD_TAGS_SUFFIX_METRICS;
afl->statsd_metric_format_type = STATSD_TAGS_TYPE_SUFFIX;
} else if (afl->afl_env.afl_statsd_tags_flavor &&
strcmp(afl->afl_env.afl_statsd_tags_flavor, "librato") == 0) {
afl->statsd_tags_format = LIBRATO_TAGS_FORMAT;
afl->statsd_metric_format = STATSD_TAGS_MID_METRICS;
afl->statsd_metric_format_type = STATSD_TAGS_TYPE_MID;
} else if (afl->afl_env.afl_statsd_tags_flavor &&
strcmp(afl->afl_env.afl_statsd_tags_flavor, "influxdb") == 0) {
afl->statsd_tags_format = INFLUXDB_TAGS_FORMAT;
afl->statsd_metric_format = STATSD_TAGS_MID_METRICS;
afl->statsd_metric_format_type = STATSD_TAGS_TYPE_MID;
} else if (afl->afl_env.afl_statsd_tags_flavor &&
strcmp(afl->afl_env.afl_statsd_tags_flavor, "signalfx") == 0) {
afl->statsd_tags_format = SIGNALFX_TAGS_FORMAT;
afl->statsd_metric_format = STATSD_TAGS_MID_METRICS;
afl->statsd_metric_format_type = STATSD_TAGS_TYPE_MID;
} else {
// No tags at all.
afl->statsd_tags_format = "";
// Still need to pick a format. Doesn't change anything since if will be
// replaced by the empty string anyway.
afl->statsd_metric_format = STATSD_TAGS_MID_METRICS;
afl->statsd_metric_format_type = STATSD_TAGS_TYPE_MID;
}
}
int statsd_socket_init(afl_state_t *afl) {
/* Default port and host.
Will be overwritten by AFL_STATSD_PORT and AFL_STATSD_HOST environment
variable, if they exists.
*/
u16 port = STATSD_DEFAULT_PORT;
char *host = STATSD_DEFAULT_HOST;
if (afl->afl_env.afl_statsd_port) {
port = atoi(afl->afl_env.afl_statsd_port);
}
if (afl->afl_env.afl_statsd_host) { host = afl->afl_env.afl_statsd_host; }
int sock;
if ((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) {
FATAL("Failed to create socket");
}
memset(&afl->statsd_server, 0, sizeof(afl->statsd_server));
afl->statsd_server.sin_family = AF_INET;
afl->statsd_server.sin_port = htons(port);
struct addrinfo *result;
struct addrinfo hints;
memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_DGRAM;
if ((getaddrinfo(host, NULL, &hints, &result))) {
FATAL("Fail to getaddrinfo");
}
memcpy(&(afl->statsd_server.sin_addr),
&((struct sockaddr_in *)result->ai_addr)->sin_addr,
sizeof(struct in_addr));
freeaddrinfo(result);
return sock;
}
int statsd_send_metric(afl_state_t *afl) {
char buff[MAX_STATSD_PACKET_SIZE] = {0};
/* afl->statsd_sock is set once in the initialisation of afl-fuzz and reused
each time If the sendto later fail, we reset it to 0 to be able to recreates
it.
*/
if (!afl->statsd_sock) {
afl->statsd_sock = statsd_socket_init(afl);
if (!afl->statsd_sock) {
WARNF("Cannot create socket");
return -1;
}
}
statsd_format_metric(afl, buff, MAX_STATSD_PACKET_SIZE);
if (sendto(afl->statsd_sock, buff, strlen(buff), 0,
(struct sockaddr *)&afl->statsd_server,
sizeof(afl->statsd_server)) == -1) {
if (!close(afl->statsd_sock)) { PFATAL("Cannot close socket"); }
afl->statsd_sock = 0;
WARNF("Cannot sendto");
return -1;
}
return 0;
}
int statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen) {
char tags[MAX_TAG_LEN * 2] = {0};
if (afl->statsd_tags_format) {
snprintf(tags, MAX_TAG_LEN * 2, afl->statsd_tags_format, afl->use_banner,
VERSION);
}
/* Sends multiple metrics with one UDP Packet.
bufflen will limit to the max safe size.
*/
if (afl->statsd_metric_format_type == STATSD_TAGS_TYPE_SUFFIX) {
snprintf(buff, bufflen, afl->statsd_metric_format,
afl->queue_cycle ? (afl->queue_cycle - 1) : 0, tags,
afl->cycles_wo_finds, tags, afl->fsrv.total_execs, tags,
afl->fsrv.total_execs /
((double)(get_cur_time() - afl->start_time) / 1000),
tags, afl->queued_paths, tags, afl->queued_favored, tags,
afl->queued_discovered, tags, afl->queued_imported, tags,
afl->max_depth, tags, afl->current_entry, tags,
afl->pending_favored, tags, afl->pending_not_fuzzed, tags,
afl->queued_variable, tags, afl->unique_crashes, tags,
afl->unique_hangs, tags, afl->total_crashes, tags,
afl->slowest_exec_ms, tags,
count_non_255_bytes(afl, afl->virgin_bits), tags,
afl->var_byte_count, tags, afl->expand_havoc, tags);
} else if (afl->statsd_metric_format_type == STATSD_TAGS_TYPE_MID) {
snprintf(buff, bufflen, afl->statsd_metric_format, tags,
afl->queue_cycle ? (afl->queue_cycle - 1) : 0, tags,
afl->cycles_wo_finds, tags, afl->fsrv.total_execs, tags,
afl->fsrv.total_execs /
((double)(get_cur_time() - afl->start_time) / 1000),
tags, afl->queued_paths, tags, afl->queued_favored, tags,
afl->queued_discovered, tags, afl->queued_imported, tags,
afl->max_depth, tags, afl->current_entry, tags,
afl->pending_favored, tags, afl->pending_not_fuzzed, tags,
afl->queued_variable, tags, afl->unique_crashes, tags,
afl->unique_hangs, tags, afl->total_crashes, tags,
afl->slowest_exec_ms, tags,
count_non_255_bytes(afl, afl->virgin_bits), tags,
afl->var_byte_count, tags, afl->expand_havoc);
}
return 0;
}

7
src/afl-fuzz.c
View File

@ -194,6 +194,11 @@ static void usage(u8 *argv0, int more_help) {
"AFL_SKIP_BIN_CHECK: skip the check, if the target is an executable\n"
"AFL_SKIP_CPUFREQ: do not warn about variable cpu clocking\n"
"AFL_SKIP_CRASHES: during initial dry run do not terminate for crashing inputs\n"
"AFL_STATSD: enables StatsD metrics collection"
"AFL_STATSD_HOST: change default statsd host (default 127.0.0.1)"
"AFL_STATSD_PORT: change default statsd port (default: 8125)"
"AFL_STATSD_TAGS_FLAVOR: change default statsd tags format (default will disable tags)."
" Supported formats are: 'dogstatsd', 'librato', 'signalfx' and 'influxdb'"
"AFL_TMPDIR: directory to use for input file generation (ramdisk recommended)\n"
//"AFL_PERSISTENT: not supported anymore -> no effect, just a warning\n"
//"AFL_DEFER_FORKSRV: not supported anymore -> no effect, just a warning\n"
@ -890,6 +895,8 @@ int main(int argc, char **argv_orig, char **envp) {
}
if (unlikely(afl->afl_env.afl_statsd)) { statsd_setup_format(afl); }
if (strchr(argv[optind], '/') == NULL && !afl->unicorn_mode) {
WARNF(cLRD