Compiling with AFL Fuzzer
10 views
Skip to first unread message
Jerald Cheong
Apr 22, 2019, 5:33:05 AM4/22/19
to ModSecurity Core Rule Set project
I've been trying to compile ModSecurity with afl-fuzz but been having no luck after my nginx got upgraded.
Tried both ModSecurity, tag 3.0.3 and ModSecurity Master from github.
Environment:
CentOS Linux release 7.6.1810 (Core)
SCL devtoolset-7 llvm-toolset-7 -->> For clang 5.0.1
afl compiled from source: https://github.com/mirrorer/afl/
Configure options: ./configure --with-lmdb --enable-parser-generation --enable-afl-fuzz
This is the final error:
afl-clang-fast 2.52b by <lszekeres@******.com>
clang-5.0: warning: argument '-fsanitize-coverage=4' is deprecated, use '-fsanitize-coverage=trace-pc-guard' instead [-Wdeprecated]
afl_fuzzer.cc:24:48: warning: '/*' within block comment [-Wcomment]
* for i in $(ls -l src/actions/transformations/*.h | awk {'print $9'})...
^
afl_fuzzer.cc:67:34: warning: '/*' within block comment [-Wcomment]
* for i in $(ls -l src/operators/*.h | awk {'print $9'}); do echo "#inc...
^
afl_fuzzer.cc:147:67: warning: '/*' within block comment [-Wcomment]
* for i in $(grep "class " -Ri src/actions/transformations/* | grep " :...
^
afl_fuzzer.cc:192:53: warning: '/*' within block comment [-Wcomment]
* for i in $(grep "class " -Ri src/operators/* | grep " :" | aw...
^
afl_fuzzer.cc:195:30: error: no matching constructor for initialization of
'modsecurity::operators::BeginsWith'
BeginsWith *beginswith = new BeginsWith("BeginsWith", z, false); beginsw...
^ ~~~~~~~~~~~~~~~~~~~~~~
../../src/operators/begins_with.h:32:14: note: candidate constructor not viable:
requires single argument 'param', but 3 arguments were provided
explicit BeginsWith(std::unique_ptr<RunTimeString> param)
^
../../src/operators/begins_with.h:29:7: note: candidate constructor (the
implicit copy constructor) not viable: requires 1 argument, but 3 were
provided
class BeginsWith : public Operator {
^
afl_fuzzer.cc:195:91: error: too few arguments to function call, expected 4,
have 2
...new BeginsWith("BeginsWith", z, false); beginswith->evaluate(t, s); dele...
~~~~~~~~~~~~~~~~~~~~ ^
../../src/operators/begins_with.h:35:5: note: 'evaluate' declared here
bool evaluate(Transaction *transaction, Rule *rule, const std::string &str,
^
afl_fuzzer.cc:196:26: error: no matching constructor for initialization of
'modsecurity::operators::Contains'
Contains *contains = new Contains("Contains", z, false); contains->evalu...
^ ~~~~~~~~~~~~~~~~~~~~
../../src/operators/contains.h:35:14: note: candidate constructor not viable:
requires single argument 'param', but 3 arguments were provided
explicit Contains(std::unique_ptr<RunTimeString> param)
^
../../src/operators/contains.h:32:7: note: candidate constructor (the implicit
copy constructor) not viable: requires 1 argument, but 3 were provided
class Contains : public Operator {
^
afl_fuzzer.cc:196:81: error: too few arguments to function call, expected 4,
have 2
...= new Contains("Contains", z, false); contains->evaluate(t, s); delete c...
~~~~~~~~~~~~~~~~~~ ^
../../src/operators/contains.h:37:5: note: 'evaluate' declared here
bool evaluate(Transaction *transaction, Rule *rule,
^
afl_fuzzer.cc:197:34: error: no matching constructor for initialization of
'modsecurity::operators::ContainsWord'
...*containsword = new ContainsWord("ContainsWord", z, false); containsword...
^ ~~~~~~~~~~~~~~~~~~~~~~~~
../../src/operators/contains_word.h:32:14: note: candidate constructor not
viable: requires single argument 'param', but 3 arguments were provided
explicit ContainsWord(std::unique_ptr<RunTimeString> param)
^
../../src/operators/contains_word.h:29:7: note: candidate constructor (the
implicit copy constructor) not viable: requires 1 argument, but 3 were
provided
class ContainsWord : public Operator {
^
afl_fuzzer.cc:197:101: error: too few arguments to function call, expected 4,
have 2
...ContainsWord("ContainsWord", z, false); containsword->evaluate(t, s); de...
~~~~~~~~~~~~~~~~~~~~~~ ^
../../src/operators/contains_word.h:35:5: note: 'evaluate' declared here
bool evaluate(Transaction *transaction, Rule *rule,
^
afl_fuzzer.cc:198:30: error: no matching constructor for initialization of
'modsecurity::operators::DetectSQLi'
DetectSQLi *detectsqli = new DetectSQLi("DetectSQLi", z, false); detects...
^ ~~~~~~~~~~~~~~~~~~~~~~
../../src/operators/detect_sqli.h:27:7: note: candidate constructor (the
implicit copy constructor) not viable: requires 1 argument, but 3 were
provided
class DetectSQLi : public Operator {
^
../../src/operators/detect_sqli.h:30:5: note: candidate constructor not viable:
requires 0 arguments, but 3 were provided
DetectSQLi()
^
afl_fuzzer.cc:198:91: error: too few arguments to function call, expected 4,
have 2
...new DetectSQLi("DetectSQLi", z, false); detectsqli->evaluate(t, s); dele...
~~~~~~~~~~~~~~~~~~~~ ^
../../src/operators/detect_sqli.h:35:5: note: 'evaluate' declared here
bool evaluate(Transaction *t, Rule *rule,
^
afl_fuzzer.cc:199:28: error: no matching constructor for initialization of
'modsecurity::operators::DetectXSS'
DetectXSS *detectxss = new DetectXSS("DetectXSS", z, false); detectxss->...
^ ~~~~~~~~~~~~~~~~~~~~~
../../src/operators/detect_xss.h:26:7: note: candidate constructor (the implicit
copy constructor) not viable: requires 1 argument, but 3 were provided
class DetectXSS : public Operator {
^
../../src/operators/detect_xss.h:29:5: note: candidate constructor not viable:
requires 0 arguments, but 3 were provided
DetectXSS()
^
afl_fuzzer.cc:199:86: error: too few arguments to function call, expected 4,
have 2
...= new DetectXSS("DetectXSS", z, false); detectxss->evaluate(t, s); delet...
~~~~~~~~~~~~~~~~~~~ ^
../../src/operators/detect_xss.h:34:5: note: 'evaluate' declared here
bool evaluate(Transaction *t, Rule *rule,
^
afl_fuzzer.cc:200:26: error: no matching constructor for initialization of
'modsecurity::operators::EndsWith'
EndsWith *endswith = new EndsWith("EndsWith", z, false); endswith->evalu...
^ ~~~~~~~~~~~~~~~~~~~~
../../src/operators/ends_with.h:32:14: note: candidate constructor not viable:
requires single argument 'param', but 3 arguments were provided
explicit EndsWith(std::unique_ptr<RunTimeString> param)
^
../../src/operators/ends_with.h:29:7: note: candidate constructor (the implicit
copy constructor) not viable: requires 1 argument, but 3 were provided
class EndsWith : public Operator {
^
afl_fuzzer.cc:200:81: error: too few arguments to function call, expected 4,
have 2
...= new EndsWith("EndsWith", z, false); endswith->evaluate(t, s); delete e...
~~~~~~~~~~~~~~~~~~ ^
../../src/operators/ends_with.h:36:5: note: 'evaluate' declared here
bool evaluate(Transaction *transaction, Rule *rule,
^
afl_fuzzer.cc:201:14: error: no matching constructor for initialization of
'modsecurity::operators::Eq'
Eq *eq = new Eq("Eq", z, false); eq->evaluate(t, s); delete eq;
^ ~~~~~~~~~~~~~~
../../src/operators/eq.h:32:14: note: candidate constructor not viable: requires
single argument 'param', but 3 arguments were provided
explicit Eq(std::unique_ptr<RunTimeString> param)
^
../../src/operators/eq.h:29:7: note: candidate constructor (the implicit copy
constructor) not viable: requires 1 argument, but 3 were provided
class Eq : public Operator {
^
afl_fuzzer.cc:202:28: error: no matching constructor for initialization of
'modsecurity::operators::FuzzyHash'
FuzzyHash *fuzzyhash = new FuzzyHash("FuzzyHash", z, false); fuzzyhash->...
^ ~~~~~~~~~~~~~~~~~~~~~
../../src/operators/fuzzy_hash.h:41:14: note: candidate constructor not viable:
requires single argument 'param', but 3 arguments were provided
explicit FuzzyHash(std::unique_ptr<RunTimeString> param)
^
../../src/operators/fuzzy_hash.h:38:7: note: candidate constructor (the implicit
copy constructor) not viable: requires 1 argument, but 3 were provided
class FuzzyHash : public Operator {
^
afl_fuzzer.cc:203:14: error: no matching constructor for initialization of
'modsecurity::operators::Ge'
Ge *ge = new Ge("Ge", z, false); ge->evaluate(t, s); delete ge;
^ ~~~~~~~~~~~~~~
../../src/operators/ge.h:31:14: note: candidate constructor not viable: requires
single argument 'param', but 3 arguments were provided
explicit Ge(std::unique_ptr<RunTimeString> param)
^
../../src/operators/ge.h:28:7: note: candidate constructor (the implicit copy
constructor) not viable: requires 1 argument, but 3 were provided
class Ge : public Operator {
^
afl_fuzzer.cc:204:28: error: no matching constructor for initialization of
'modsecurity::operators::GeoLookup'
GeoLookup *geolookup = new GeoLookup("GeoLookup", z, false); geolookup->...
^ ~~~~~~~~~~~~~~~~~~~~~
../../src/operators/geo_lookup.h:27:7: note: candidate constructor (the implicit
copy constructor) not viable: requires 1 argument, but 3 were provided
class GeoLookup : public Operator {
^
../../src/operators/geo_lookup.h:30:5: note: candidate constructor not viable:
requires 0 arguments, but 3 were provided
GeoLookup()
^
afl_fuzzer.cc:205:28: error: no matching constructor for initialization of
'modsecurity::operators::GsbLookup'
GsbLookup *gsblookup = new GsbLookup("GsbLookup", z, false); gsblookup->...
^ ~~~~~~~~~~~~~~~~~~~~~
../../src/operators/gsblookup.h:31:14: note: candidate constructor not viable:
requires single argument 'param', but 3 arguments were provided
explicit GsbLookup(std::unique_ptr<RunTimeString> param)
^
../../src/operators/gsblookup.h:28:7: note: candidate constructor (the implicit
copy constructor) not viable: requires 1 argument, but 3 were provided
class GsbLookup : public Operator {
^
afl_fuzzer.cc:206:14: error: no matching constructor for initialization of
'modsecurity::operators::Gt'
Gt *gt = new Gt("Gt", z, false); gt->evaluate(t, s); delete gt;
^ ~~~~~~~~~~~~~~
../../src/operators/gt.h:32:14: note: candidate constructor not viable: requires
single argument 'param', but 3 arguments were provided
explicit Gt(std::unique_ptr<RunTimeString> param)
^
../../src/operators/gt.h:29:7: note: candidate constructor (the implicit copy
constructor) not viable: requires 1 argument, but 3 were provided
class Gt : public Operator {
^
afl_fuzzer.cc:207:32: error: no matching constructor for initialization of
'modsecurity::operators::InspectFile'
InspectFile *inspectfile = new InspectFile("InspectFile", z, false); ins...
^ ~~~~~~~~~~~~~~~~~~~~~~~
../../src/operators/inspect_file.h:33:14: note: candidate constructor not
viable: requires single argument 'param', but 3 arguments were provided
explicit InspectFile(std::unique_ptr<RunTimeString> param)
^
../../src/operators/inspect_file.h:30:7: note: candidate constructor (the
implicit copy constructor) not viable: requires 1 argument, but 3 were
provided
class InspectFile : public Operator {
^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
4 warnings and 20 errors generated.
Ervin Hegedüs
Apr 22, 2019, 6:15:56 AM4/22/19
to Jerald Cheong, ModSecurity Core Rule Set project
Hi Jerald,
first, may be you aren't using a right list :). This is the
mailing list of Core Rule Set project, especially for
ModSecurity.
You should use the
https://sourceforge.net/p/mod-security/mailman/mod-security-users/
list instead, or this:
https://sourceforge.net/p/mod-security/mailman/mod-security-developers/
On Mon, Apr 22, 2019 at 02:33:05AM -0700, Jerald Cheong wrote:
> BeginsWith *beginswith = new BeginsWith("BeginsWith", z, false); beginsw...
> ^ ~~~~~~~~~~~~~~~~~~~~~~
> ../../src/operators/begins_with.h:32:14: note: candidate constructor not viable:
> requires single argument 'param', but 3 arguments were provided explicit BeginsWith(std::unique_ptr<RunTimeString> param)
> ^
> ../../src/operators/begins_with.h:29:7: note: candidate constructor (the implicit copy constructor) not viable: requires 1 argument, but 3 were provided
> class BeginsWith : public Operator {
> ^
> afl_fuzzer.cc:195:91: error: too few arguments to function call, expected 4, have 2
> ...new BeginsWith("BeginsWith", z, false); beginswith->evaluate(t, s); dele...
> ~~~~~~~~~~~~~~~~~~~~ ^
> ../../src/operators/begins_with.h:35:5: note: 'evaluate' declared here bool evaluate(Transaction *transaction, Rule *rule, const std::string &str,
as the error message shows the constructor call is wrong. It
expects only one argument, see:
https://github.com/SpiderLabs/ModSecurity/blob/b5744183866042ea9a451858a843de3c012f63ef/src/operators/begins_with.h#L29-L33
but the test calls it with 3.
As you can see in the source tree, the header file(s) above is
(are) about 1 year old, and they changed with this commit:
https://github.com/SpiderLabs/ModSecurity/commit/a299997e02ab266d527db1da99e4b8c261fa9842#diff-cfa68a2ebad3046bfad1778d48f2e2ac
from 3 argument constructor to only one.
And looks like the afl_fuzzer.cc doesn't follow this change:
https://github.com/SpiderLabs/ModSecurity/commits/v3/master/test/fuzzer/afl_fuzzer.cc
And this issue could stay hidden, because the CI doesn't use this
configure option, and - perhaps - nobody use it.
https://github.com/SpiderLabs/ModSecurity/blob/v3/master/.travis.yml
Write to the developers list, or open an ticket for this issue on
the Github page, if it's important for you. But I think if
another users can ignore it, you can leave it too.
HTH,
a.
first, may be you aren't using a right list :). This is the
mailing list of Core Rule Set project, especially for
ModSecurity.
You should use the
https://sourceforge.net/p/mod-security/mailman/mod-security-users/
list instead, or this:
https://sourceforge.net/p/mod-security/mailman/mod-security-developers/
On Mon, Apr 22, 2019 at 02:33:05AM -0700, Jerald Cheong wrote:
> BeginsWith *beginswith = new BeginsWith("BeginsWith", z, false); beginsw...
> ^ ~~~~~~~~~~~~~~~~~~~~~~
> ../../src/operators/begins_with.h:32:14: note: candidate constructor not viable:
> requires single argument 'param', but 3 arguments were provided explicit BeginsWith(std::unique_ptr<RunTimeString> param)
> ^
> ../../src/operators/begins_with.h:29:7: note: candidate constructor (the implicit copy constructor) not viable: requires 1 argument, but 3 were provided
> class BeginsWith : public Operator {
> ^
> afl_fuzzer.cc:195:91: error: too few arguments to function call, expected 4, have 2
> ...new BeginsWith("BeginsWith", z, false); beginswith->evaluate(t, s); dele...
> ~~~~~~~~~~~~~~~~~~~~ ^
> ../../src/operators/begins_with.h:35:5: note: 'evaluate' declared here bool evaluate(Transaction *transaction, Rule *rule, const std::string &str,
expects only one argument, see:
https://github.com/SpiderLabs/ModSecurity/blob/b5744183866042ea9a451858a843de3c012f63ef/src/operators/begins_with.h#L29-L33
but the test calls it with 3.
As you can see in the source tree, the header file(s) above is
(are) about 1 year old, and they changed with this commit:
https://github.com/SpiderLabs/ModSecurity/commit/a299997e02ab266d527db1da99e4b8c261fa9842#diff-cfa68a2ebad3046bfad1778d48f2e2ac
from 3 argument constructor to only one.
And looks like the afl_fuzzer.cc doesn't follow this change:
https://github.com/SpiderLabs/ModSecurity/commits/v3/master/test/fuzzer/afl_fuzzer.cc
And this issue could stay hidden, because the CI doesn't use this
configure option, and - perhaps - nobody use it.
https://github.com/SpiderLabs/ModSecurity/blob/v3/master/.travis.yml
Write to the developers list, or open an ticket for this issue on
the Github page, if it's important for you. But I think if
another users can ignore it, you can leave it too.
HTH,
a.
Jerald Cheong
Apr 22, 2019, 6:25:53 AM4/22/19
to ModSecurity Core Rule Set project, jerald...@gmail.com
Oops!! Thanks Ervin for pointing this out.
I should just post this in the right mailing list then.
I was thinking of trying it and see the difference. But let's see where this takes me all the same.
Reply all
Reply to author
Forward
0 new messages