Merge pull request #1 from intel/Initial_Commit

Initial commit of code, merge to main

.github/workflows/build_testcases.yml

@@ -0,0 +1,54 @@
+---
+name: Build Testcases
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+jobs:
+  build_test_artifacts:
+    name: Build Testcases
+    runs-on: ubuntu-22.04
+    container:
+      image: ghcr.io/tianocore/containers/ubuntu-22-build
+    defaults:
+      run:
+        shell: bash
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Install Dependencies
+        run: |
+          sudo apt-get -y update && \
+          sudo apt-get -y install \
+            clang libclang-dev llvm
+      - name: Retrieve and build EDK2
+        run: |
+          git clone https://github.com/tianocore/edk2.git --recursive && \
+          pushd edk2 && make -C BaseTools && \
+          source edksetup.sh && popd && \
+          export -p > envsave
+      - name: Setting up HBFA-FL and Build Environment
+        run: |
+          source envsave && \
+          export WORKSPACE=$(pwd)/ && \
+          export PACKAGES_PATH=$WORKSPACE/edk2:$WORKSPACE/HBFA/ && \
+          python3 HBFA/UefiHostTestTools/HBFAEnvSetup.py && \
+          export -p > envsave
+      - name: Install AFL-2.52b
+        run: |
+          source envsave && \
+          wget -q http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz && \
+          tar xf afl-latest.tgz && rm afl-latest.tgz && \
+          export AFL_PATH=$WORKSPACE/afl-2.52b && \
+          export PATH=$PATH:$AFL_PATH && \
+          export -p > envsave && \
+          cd afl-2.52b && make && cd .. 
+      - name: Build Fuzzing Harnesses
+        run: |
+          source envsave && \
+          cp HBFA/UefiHostFuzzTestPkg/Conf/build_rule.txt edk2/Conf/build_rule.txt && \
+          cp HBFA/UefiHostFuzzTestPkg/Conf/tools_def.txt edk2/Conf/tools_def.txt && \
+          build -p HBFA/UefiHostFuzzTestCasePkg/UefiHostFuzzTestCasePkg.dsc -a X64 -t AFL && \
+          build -p HBFA/UefiHostFuzzTestCasePkg/UefiHostFuzzTestCasePkg.dsc -a X64 -t LIBFUZZER

CITATION.cff

@@ -0,0 +1,17 @@
+cff-version: 1.2.0
+message: "If you use this software, please cite it as below."
+authors:
+- family-names: "Tipton"
+  given-names: "Earl Lynn"
+  orcid: "https://orcid.org/0000-0003-0763-173X"
+- family-names: "Delgado"
+  given-names: "Brian"
+- family-names: "Bjorge"
+  given-names: "Erik C."
+- family-names: "Gomez-Iglesias"
+  given-names: "Antonio"
+title: "Host Based Firmware Analyzer - Fuzzing Lite (HBFA-FL)"
+version: 0.11
+doi: ""
+date-released: 2024-02-19
+url: "https://github.com/intel/HBFA-FL"

CONTRIBUTING.md

@@ -2,7 +2,7 @@
 
 ### License
 
-<PROJECT NAME> is licensed under the terms in [LICENSE]<link to license file in repo>. By contributing to the project, you agree to the license and copyright terms therein and release your contribution under these terms.
+HBFA-FL is licensed under the terms in [LICENSE](LICENSE.md). By contributing to the project, you agree to the license and copyright terms therein and release your contribution under these terms.
 
 ### Sign your work
 

HBFA/UefiHostFuzzTestCasePkg/Seed/Include/Uefi.py

@@ -0,0 +1,41 @@
+# @file
+#
+# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+
+import ctypes
+
+
+class EFI_GUID(ctypes.Structure):
+    _fields_ = [
+        ('Guid1',            ctypes.c_uint32),
+        ('Guid2',            ctypes.c_uint16),
+        ('Guid3',            ctypes.c_uint16),
+        ('Guid4',            ctypes.ARRAY(ctypes.c_uint8, 8)),
+        ]
+
+
+class EFI_TIME(ctypes.Structure):
+    _fields_ = [
+        ('Year',             ctypes.c_uint16),
+        ('Month',            ctypes.c_uint8),
+        ('Day',              ctypes.c_uint8),
+        ('Hour',             ctypes.c_uint8),
+        ('Minute',           ctypes.c_uint8),
+        ('Second',           ctypes.c_uint8),
+        ('Pad1',             ctypes.c_uint8),
+        ('Nanosecond',       ctypes.c_uint32),
+        ('TimeZone',         ctypes.c_int16),
+        ('Daylight',         ctypes.c_uint8),
+        ('Pad2',             ctypes.c_uint8),
+        ]
+
+
+EFI_VARIABLE_NON_VOLATILE = 0x00000001
+EFI_VARIABLE_BOOTSERVICE_ACCESS = 0x00000002
+EFI_VARIABLE_RUNTIME_ACCESS = 0x00000004
+EFI_VARIABLE_HARDWARE_ERROR_RECORD = 0x00000008
+EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS = 0x00000020
+EFI_VARIABLE_APPEND_WRITE = 0x00000040
+EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS = 0x00000010

HBFA/UefiHostFuzzTestCasePkg/Seed/Instruction/instruction000.bin

@@ -0,0 +1 @@
+�

HBFA/UefiHostFuzzTestCasePkg/Seed/Instruction/instruction001.bin

@@ -0,0 +1 @@
+f�

HBFA/UefiHostFuzzTestCasePkg/Seed/Instruction/instruction002.bin

@@ -0,0 +1 @@
+�

HBFA/UefiHostFuzzTestCasePkg/Seed/Instruction/instruction003.bin

@@ -0,0 +1 @@
+H�

HBFA/UefiHostFuzzTestCasePkg/Seed/Instruction/instruction008.bin

@@ -0,0 +1 @@
+�

HBFA/UefiHostFuzzTestCasePkg/Seed/Instruction/instruction009.bin

@@ -0,0 +1 @@
+f�

HBFA/UefiHostFuzzTestCasePkg/Seed/Instruction/instruction010.bin

@@ -0,0 +1 @@
+�

HBFA/UefiHostFuzzTestCasePkg/Seed/Instruction/instruction011.bin

@@ -0,0 +1 @@
+H�

HBFA/UefiHostFuzzTestCasePkg/Seed/Instruction/instruction012.bin

@@ -0,0 +1 @@
+f�

HBFA/UefiHostFuzzTestCasePkg/Seed/Instruction/instruction013.bin

@@ -0,0 +1 @@
+�

HBFA/UefiHostFuzzTestCasePkg/Seed/Instruction/instruction014.bin

@@ -0,0 +1 @@
+H�

HBFA/UefiHostFuzzTestCasePkg/Seed/Instruction/instruction015.bin

@@ -0,0 +1 @@
+�

HBFA/UefiHostFuzzTestCasePkg/Seed/Instruction/instruction016.bin

@@ -0,0 +1 @@
+H�

HBFA/UefiHostFuzzTestCasePkg/Seed/Instruction/instruction017.bin

@@ -0,0 +1 @@
+f�

HBFA/UefiHostFuzzTestCasePkg/Seed/Instruction/instruction018.bin

@@ -0,0 +1 @@
+�

HBFA/UefiHostFuzzTestCasePkg/Seed/Instruction/instruction019.bin

@@ -0,0 +1 @@
+H�

HBFA/UefiHostFuzzTestCasePkg/Seed/Instruction/instruction020.bin

@@ -0,0 +1 @@
+�

HBFA/UefiHostFuzzTestCasePkg/Seed/Instruction/instruction021.bin

@@ -0,0 +1 @@
+H�

HBFA/UefiHostFuzzTestCasePkg/Seed/Mutator/MutatorSimple.py

@@ -0,0 +1,219 @@
+# @file
+#
+# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+
+'''
+MutatorSimple
+'''
+
+import os
+import argparse
+import subprocess
+import random
+
+#
+# Globals for help information
+#
+__prog__ = 'MutatorSimple'
+__version__ = '%s Version %s' % (__prog__, '0.11 ')
+__copyright__ = 'Copyright (c) 2018, Intel Corporation. All rights reserved.'
+__usage__ = '%s [options] -e <exec_file>' % (__prog__)
+
+
+def WriteFile():
+    args.OutputFile = open(args.OutputFileName, 'wb')
+    args.OutputFile.write(args.InputBuffer)
+    args.OutputFile.close()
+
+
+def GenerateCommand(Command, InputFile):
+    Template = "<Command> <InputFile>"
+    CommandLine = Template.replace("<Command>",
+                                   Command).replace("<InputFile>", InputFile)
+    return CommandLine
+
+
+def CallCommand(CommandLine):
+    subprocess.Popen(CommandLine,
+                     stdin=subprocess.PIPE,
+                     stdout=subprocess.PIPE,
+                     stderr=subprocess.PIPE,
+                     shell=False)
+
+
+def RunCase():
+    CallCommand(GenerateCommand(args.Executable, args.OutputFileName))
+
+
+def DelCase():
+    os.remove(args.OutputFileName)
+
+
+if __name__ == '__main__':
+    #
+    # Create command line argument parser object
+    #
+    parser = argparse.ArgumentParser(prog=__prog__,
+                                     usage=__usage__,
+                                     description=__copyright__,
+                                     conflict_handler='resolve')
+    parser.add_argument('--version', action='version', version=__version__)
+    parser.add_argument("-v", "--verbose", dest='Verbose',
+                        action="store_true",
+                        help="increase output messages")
+    parser.add_argument("-q", "--quiet", dest='Quiet', action="store_true",
+                        help="reduce output messages")
+    parser.add_argument(metavar="input_file", dest='InputFile',
+                        type=argparse.FileType('rb'),
+                        help="specify the input file")
+    parser.add_argument("--Offset", dest='Offset_Str', type=str,
+                        help="specify the offset of buffer to be mutated.")
+    parser.add_argument("--Size", dest='Size_Str', type=str,
+                        help="specify the size of buffer to be mutated.")
+    parser.add_argument("-e", "--exec", dest='Executable', type=str,
+                        metavar='filename',
+                        help="specify the executable filename",
+                        required=True)
+
+    #
+    # Parse command line arguments
+    #
+    args = parser.parse_args()
+
+    #
+    # Read input file into a buffer and save input filename
+    #
+    args.InputFileName = args.InputFile.name
+    args.InputFileBuffer = args.InputFile.read()
+    args.InputFile.seek(0, 2)
+    InputFileSize = args.InputFile.tell()
+    args.InputFile.close()
+
+    print("file size - 0x%x (%d)" % (InputFileSize, InputFileSize))
+
+    args.Offset = 0x0
+    if args.Offset_Str:
+        try:
+            if args.Offset_Str.upper().startswith('0X'):
+                args.Offset = (int)(args.Offset_Str, 16)
+            else:
+                args.Offset = (int)(args.Offset_Str)
+        except Exception as error:
+            print("Unexpected format for Offset: %s" % (error))
+            pass
+
+    args.Size = InputFileSize
+    if args.Size_Str:
+        try:
+            if args.Size_Str.upper().startswith('0X'):
+                args.Size = (int)(args.Size_Str, 16)
+            else:
+                args.Size = (int)(args.Size_Str)
+        except Exception as error:
+            print("Unexpected format for input file size: %s" % (error))
+            pass
+
+    print("fuzz offset - 0x%x (%d)" % (args.Offset, args.Offset))
+    print("fuzz size - 0x%x (%d)" % (args.Size, args.Size))
+
+    #
+    # mutation
+    #
+    args.InputBuffer = bytearray(args.InputFileBuffer)
+
+    # UINT8 based mutation
+    for Index in range(args.Offset, args.Offset + args.Size):
+        OrgData = args.InputBuffer[Index:Index+1]
+
+        #
+        # mutate
+        #
+        RandomData = random.randint(0, 0xFF)
+        args.InputBuffer[Index:Index+1] = [RandomData]
+
+        #
+        # Write output file
+        #
+        args.OutputFileName = args.InputFileName + "_b_" + str(Index) + ".bin"
+        WriteFile()
+        RunCase()
+        DelCase()
+
+        args.InputBuffer[Index:Index+1] = OrgData
+
+    # UINT16 based mutation
+    for Index in range(args.Offset, args.Offset + args.Size - 1):
+        OrgData = args.InputBuffer[Index:Index+2]
+
+        #
+        # mutate
+        #
+        RandomData = random.randint(0, 0xFF)
+        RandomData2 = random.randint(0, 0xFF)
+        args.InputBuffer[Index:Index+2] = [RandomData, RandomData2]
+
+        #
+        # Write output file
+        #
+        args.OutputFileName = args.InputFileName + "_w_" + str(Index) + ".bin"
+        WriteFile()
+        RunCase()
+        DelCase()
+
+        args.InputBuffer[Index:Index+2] = OrgData
+
+    # UINT32 based mutation
+    for Index in range(args.Offset, args.Offset + args.Size - 3):
+        OrgData = args.InputBuffer[Index:Index+4]
+
+        #
+        # mutate
+        #
+        RandomData = random.randint(0, 0xFF)
+        RandomData2 = random.randint(0, 0xFF)
+        RandomData3 = random.randint(0, 0xFF)
+        RandomData4 = random.randint(0, 0xFF)
+        args.InputBuffer[Index:Index+4] = [RandomData, RandomData2,
+                                           RandomData3, RandomData4]
+
+        #
+        # Write output file
+        #
+        args.OutputFileName = args.InputFileName + "_d_" + str(Index) + ".bin"
+        WriteFile()
+        RunCase()
+        DelCase()
+
+        args.InputBuffer[Index:Index+4] = OrgData
+
+    # UINT64 based mutation
+    for Index in range(args.Offset, args.Offset + args.Size - 7):
+        OrgData = args.InputBuffer[Index:Index+8]
+
+        #
+        # mutate
+        #
+        RandomData = random.randint(0, 0xFF)
+        RandomData2 = random.randint(0, 0xFF)
+        RandomData3 = random.randint(0, 0xFF)
+        RandomData4 = random.randint(0, 0xFF)
+        RandomData5 = random.randint(0, 0xFF)
+        RandomData6 = random.randint(0, 0xFF)
+        RandomData7 = random.randint(0, 0xFF)
+        RandomData8 = random.randint(0, 0xFF)
+        args.InputBuffer[Index:Index+8] = [RandomData, RandomData2,
+                                           RandomData3, RandomData4,
+                                           RandomData5, RandomData6,
+                                           RandomData7, RandomData8]
+
+        #
+        # Write output file
+        #
+        args.OutputFileName = args.InputFileName + "_q_" + str(Index) + ".bin"
+        WriteFile()
+        RunCase()
+        DelCase()
+
+        args.InputBuffer[Index:Index+8] = OrgData