Merge branch 'main' into colorize

Cargo.toml

@@ -14,7 +14,7 @@ members = [
 ]
 
 [dependencies]
-clap = { version = "4.4.1", features = ["cargo", "derive"], optional = true }
+clap = { version = "4.4.6", features = ["cargo", "derive", "env"], optional = true }
 console = { version = "0.15.7", optional = true }
 glob = { version = "0.3.1", optional = true }
 toml = { version = "0.7.6", optional = true }

src/bin/cargo-ziggy/add_seeds.rs

@@ -12,6 +12,7 @@ impl AddSeeds {
  .input
  .display()
  .to_string()
+ .replace("{ziggy_output}", &self.ziggy_output.display().to_string())
  .replace("{target_name}", &self.target);
 
  let cargo = env::var("CARGO").unwrap_or_else(|_| String::from("cargo"));
@@ -23,7 +24,7 @@ impl AddSeeds {
  "fuzz",
  "-i",
  &input,
- &format!("-ooutput/{}/afl", self.target),
+ &format!("-o{}/{}/afl", self.ziggy_output.display(), self.target),
  "-V1",
  "-c-",
  &format!("-Sadd{:x}", rng.gen::<u64>()),

src/bin/cargo-ziggy/coverage.rs

@@ -46,48 +46,37 @@ impl Cover {
  let mut shared_corpus = PathBuf::new();
 
  shared_corpus.push(
- self.corpus
+ self.input
  .display()
  .to_string()
+ .replace("{ziggy_output}", &self.ziggy_output.display().to_string())
  .replace("{target_name}", &self.target)
  .as_str(),
  );
 
- let mut afl_dir = PathBuf::new();
- afl_dir.push(
- shared_corpus
- .display()
- .to_string()
- .replace("/shared_corpus", "/afl/mainaflfuzzer/queue")
- .as_str(),
- );
-
- if afl_dir.is_dir() {
- shared_corpus = afl_dir;
- }
-
  info!("Corpus directory is {}", shared_corpus.display());
 
  // We run the target against the corpus
- shared_corpus.canonicalize()?.read_dir()?.for_each(|input| {
- let input = input.unwrap();
- let input_path = input.path();
+ shared_corpus.canonicalize()?.read_dir()?.for_each(|item| {
+ let item = item.unwrap();
+ let item_path = item.path();
 
  let result = process::Command::new(format!("./target/coverage/debug/{}", &self.target))
- .args([input_path.as_os_str()])
+ .args([item_path.as_os_str()])
  .spawn()
  .unwrap()
  .wait_with_output()
  .unwrap();
 
  if !result.status.success() {
- eprintln!("Coverage crashed on {}, continuing.", input_path.display())
+ eprintln!("Coverage crashed on {}, continuing.", item_path.display())
  }
  });
 
  let source_or_workspace_root = match &self.source {
  Some(s) => s.display().to_string(),
  None => {
+ // TODO use cargo_metadata
  let metadata_output = std::process::Command::new("cargo")
  .arg("metadata")
  .output()
@@ -105,14 +94,15 @@ impl Cover {
  }
  };
 
- let output_dir = self
+ let coverage_dir = self
  .output
  .display()
  .to_string()
+ .replace("{ziggy_output}", &self.ziggy_output.display().to_string())
  .replace("{target_name}", &self.target);
 
  // We remove the previous coverage
- if let Err(error) = fs::remove_dir_all(&output_dir) {
+ if let Err(error) = fs::remove_dir_all(&coverage_dir) {
  match error.kind() {
  std::io::ErrorKind::NotFound => {}
  e => return Err(anyhow!(e)),
@@ -129,7 +119,7 @@ impl Cover {
  "--llvm",
  "--branch",
  "--ignore-not-existing",
- &format!("-o={output_dir}"),
+ &format!("-o={coverage_dir}"),
  ])
  .spawn()
  .context("⚠️ cannot find grcov in your path, please install it")?

src/bin/cargo-ziggy/fuzz.rs

@@ -37,15 +37,20 @@ impl Fuzz {
  self.corpus
  .display()
  .to_string()
+ .replace("{ziggy_output}", &self.ziggy_output.display().to_string())
  .replace("{target_name}", &self.target)
  }
 
  pub fn corpus_tmp(&self) -> String {
- format!("./output/{}/corpus_tmp/", self.target)
+ format!("{}/corpus_tmp/", self.output_target())
  }
 
  pub fn corpus_minimized(&self) -> String {
- format!("./output/{}/corpus_minimized/", self.target)
+ format!("{}/corpus_minimized/", self.output_target(),)
+ }
+
+ pub fn output_target(&self) -> String {
+ format!("{}/{}", self.ziggy_output.display(), self.target)
  }
 
  // Manages the continuous running of fuzzers
@@ -62,15 +67,15 @@ impl Fuzz {
 
  let time = SystemTime::now().duration_since(UNIX_EPOCH)?.as_millis();
 
- let crash_dir = format!("./output/{}/crashes/{}/", self.target, time);
+ let crash_dir = format!("{}/crashes/{}/", self.output_target(), time);
  let crash_path = Path::new(&crash_dir);
  fs::create_dir_all(crash_path)?;
 
  let _ = process::Command::new("mkdir")
  .args([
  "-p",
- &format!("./output/{}/logs/", self.target),
- &format!("./output/{}/queue/", self.target),
+ &format!("{}/logs/", self.output_target()),
+ &format!("{}/queue/", self.output_target()),
  ])
  .stderr(process::Stdio::piped())
  .spawn()?
@@ -126,7 +131,7 @@ impl Fuzz {
  self.print_stats();
 
  if let Ok(afl_log) =
- fs::read_to_string(format!("./output/{}/logs/afl.log", self.target))
+ fs::read_to_string(format!("{}/logs/afl.log", self.output_target()))
  {
  if afl_log.contains("echo core >/proc/sys/kernel/core_pattern") {
  stop_fuzzers(&mut processes)?;
@@ -145,12 +150,13 @@ impl Fuzz {
 
  // We check AFL++ and Honggfuzz's outputs for crash files and copy them over to
  // our own crashes directory
- let crash_dirs = glob(&format!("./output/{}/afl/*/crashes", self.target))
+ let crash_dirs = glob(&format!("{}/afl/*/crashes", self.output_target()))
  .map_err(|_| anyhow!("Failed to read crashes glob pattern"))?
  .flatten()
  .chain(vec![format!(
- "./output/{}/honggfuzz/{}",
- self.target, self.target
+ "{}/honggfuzz/{}",
+ self.output_target(),
+ self.target
  )
  .into()]);
 
@@ -178,16 +184,16 @@ impl Fuzz {
  && last_sync_time.elapsed().as_secs() > 10
  {
  let afl_corpus = glob(&format!(
- "./output/{}/afl/mainaflfuzzer/queue/*",
- self.target
+ "{}/afl/mainaflfuzzer/queue/*",
+ self.output_target(),
  ))?
  .flatten();
  for file in afl_corpus {
  if let Some((file_id, file_name)) = extract_file_id(&file) {
  if file_id > last_synced_queue_id {
  let _ = fs::copy(
  &file,
- format!("./output/{}/queue/{file_name}", self.target),
+ format!("{}/queue/{file_name}", self.output_target()),
  );
  last_synced_queue_id = file_id;
  }
@@ -246,7 +252,7 @@ impl Fuzz {
 
  if !self.no_afl && !only_honggfuzz && afl_jobs > 0 {
  let _ = process::Command::new("mkdir")
- .args(["-p", &format!("./output/{}/afl", self.target)])
+ .args(["-p", &format!("{}/afl", self.output_target())])
  .stderr(process::Stdio::piped())
  .spawn()?
  .wait()?;
@@ -316,10 +322,10 @@ impl Fuzz {
  };
  */
  let log_destination = || match job_num {
- 0 => File::create(format!("output/{}/logs/afl.log", self.target))
+ 0 => File::create(format!("{}/logs/afl.log", self.output_target()))
  .unwrap()
  .into(),
- 1 => File::create(format!("output/{}/logs/afl_1.log", self.target))
+ 1 => File::create(format!("{}/logs/afl_1.log", self.output_target()))
  .unwrap()
  .into(),
  _ => process::Stdio::null(),
@@ -338,7 +344,7 @@ impl Fuzz {
  &fuzzer_name,
  &format!("-i{}", self.corpus()),
  &format!("-p{power_schedule}"),
- &format!("-ooutput/{}/afl", self.target),
+ &format!("-o{}/afl", self.output_target()),
  &format!("-g{}", self.min_length),
  &format!("-G{}", self.max_length),
  &use_shared_corpus,
@@ -382,7 +388,7 @@ impl Fuzz {
  .env("CARGO_TARGET_DIR", "./target/honggfuzz")
  .env(
  "HFUZZ_WORKSPACE",
- format!("./output/{}/honggfuzz", self.target),
+ format!("{}/honggfuzz", self.output_target()),
  )
  .env("HFUZZ_RUN_ARGS", "--help")
  .output()
@@ -422,26 +428,26 @@ impl Fuzz {
  .env("CARGO_TARGET_DIR", "./target/honggfuzz")
  .env(
  "HFUZZ_WORKSPACE",
- format!("./output/{}/honggfuzz", self.target),
+ format!("{}/honggfuzz", self.output_target()),
  )
  .env(
  "HFUZZ_RUN_ARGS",
  format!(
- "--input={} -o{} -n{honggfuzz_jobs} -F{} --dynamic_input=output/{}/queue {timeout_option} {dictionary_option}",
+ "--input={} -o{} -n{honggfuzz_jobs} -F{} --dynamic_input={}/queue {timeout_option} {dictionary_option}",
  &self.corpus(),
  &self.corpus(),
  self.max_length,
- self.target,
+ self.output_target(),
  ),
  )
  .stdin(std::process::Stdio::null())
  .stderr(File::create(format!(
- "./output/{}/logs/honggfuzz.log",
- self.target
+ "{}/logs/honggfuzz.log",
+ self.output_target()
  ))?)
  .stdout(File::create(format!(
- "./output/{}/logs/honggfuzz.log",
- self.target
+ "{}/logs/honggfuzz.log",
+ self.output_target()
  ))?)
  .spawn()?,
  );
@@ -455,21 +461,21 @@ impl Fuzz {
  if afl_jobs > 0 {
  eprintln!(
  " {}",
- style(format!("tail -f ./output/{}/logs/afl.log", self.target)).bold()
+ style(format!("tail -f {}/logs/afl.log", self.output_target())).bold()
  );
  }
  if afl_jobs > 1 {
  eprintln!(
  " {}",
- style(format!("tail -f ./output/{}/logs/afl_1.log", self.target)).bold()
+ style(format!("tail -f {}/logs/afl_1.log", self.output_target())).bold()
  );
  }
  if honggfuzz_jobs > 0 {
  eprintln!(
  " {}",
  style(format!(
- "tail -f ./output/{}/logs/honggfuzz.log",
- self.target
+ "tail -f {}/logs/honggfuzz.log",
+ self.output_target()
  ))
  .bold()
  );
@@ -479,7 +485,7 @@ impl Fuzz {
  }
 
  fn all_seeds(&self) -> Result<Vec<PathBuf>> {
- Ok(glob(&format!("./output/{}/afl/*/queue/*", self.target))
+ Ok(glob(&format!("{}/afl/*/queue/*", self.output_target()))
  .map_err(|_| anyhow!("Failed to read AFL++ queue glob pattern"))?
  .chain(
  glob(&format!("{}/*", self.corpus()))
@@ -517,7 +523,7 @@ impl Fuzz {
  ))?;
 
  let input_corpus = &self.corpus_tmp();
- let output_corpus = &self.corpus_minimized();
+ let minimized_corpus = &self.corpus_minimized();
 
  let old_corpus_size = fs::read_dir(input_corpus)
  .map_or(String::from("err"), |corpus| format!("{}", corpus.count()));
@@ -533,13 +539,14 @@ impl Fuzz {
  let mut minimization_args = Minimize {
  target: self.target.clone(),
  input_corpus: PathBuf::from(input_corpus),
- output_corpus: PathBuf::from(output_corpus),
+ output_corpus: PathBuf::from(minimized_corpus),
+ ziggy_output: self.ziggy_output.clone(),
  jobs: self.jobs,
  engine,
  };
  match minimization_args.minimize() {
  Ok(_) => {
- let new_corpus_size = fs::read_dir(output_corpus)
+ let new_corpus_size = fs::read_dir(minimized_corpus)
  .map_or(String::from("err"), |corpus| format!("{}", corpus.count()));
 
  term.move_cursor_up(1)?;
@@ -593,7 +600,7 @@ impl Fuzz {
  "afl",
  "whatsup",
  "-s",
- &format!("output/{}/afl", self.target),
+ &format!("{}/afl", self.output_target()),
  ])
  .output();
 
@@ -648,7 +655,7 @@ impl Fuzz {
  let hf_stats_process = process::Command::new("tail")
  .args([
  "-n300",
- &format!("./output/{}/logs/honggfuzz.log", self.target),
+ &format!("{}/logs/honggfuzz.log", self.output_target()),
  ])
  .output();
  if let Ok(process) = hf_stats_process {