-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathDockerfile.LibAFL
More file actions
92 lines (69 loc) · 3.04 KB
/
Dockerfile.LibAFL
File metadata and controls
92 lines (69 loc) · 3.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# Stage 1: Build LibAFL's libFuzzer compatibility library
ARG RUBY_VERSION=4.0
ARG LLVM_VERSION=21
FROM debian:bookworm-slim AS libafl-builder
ARG LLVM_VERSION
RUN apt update && apt install -y \
ca-certificates \
wget \
git \
build-essential \
&& rm -rf /var/lib/apt/lists/*
# Need libclang-dev for Rust bindgen crate to parse C/C++ headers
RUN echo "deb http://apt.llvm.org/bookworm/ llvm-toolchain-bookworm-$LLVM_VERSION main" > /etc/apt/sources.list.d/llvm.list \
&& echo "deb-src http://apt.llvm.org/bookworm/ llvm-toolchain-bookworm-$LLVM_VERSION main" >> /etc/apt/sources.list.d/llvm.list \
&& wget -qO- https://apt.llvm.org/llvm-snapshot.gpg.key > /etc/apt/trusted.gpg.d/apt.llvm.org.asc \
&& apt update && apt install -y \
libclang-$LLVM_VERSION-dev \
&& rm -rf /var/lib/apt/lists/*
# Install Rust nightly via rustup
RUN wget -qO- https://sh.rustup.rs | sh -s -- \
-y \
--default-toolchain nightly \
--component llvm-tools
ENV PATH="/root/.cargo/bin:${PATH}"
# Clone LibAFL
RUN git clone --depth 1 https://github.com/AFLplusplus/LibAFL /libafl
# Build libFuzzer.a from LibAFL's libfuzzer runtime
WORKDIR /libafl/crates/libafl_libfuzzer_runtime
RUN bash build.sh
# Stage 2: Build ruzzy with LibAFL's libFuzzer
FROM ruby:$RUBY_VERSION-slim-bookworm
RUN apt update && apt install -y \
ca-certificates \
wget \
&& rm -rf /var/lib/apt/lists/*
ARG LLVM_VERSION
RUN echo "deb http://apt.llvm.org/bookworm/ llvm-toolchain-bookworm-$LLVM_VERSION main" > /etc/apt/sources.list.d/llvm.list \
&& echo "deb-src http://apt.llvm.org/bookworm/ llvm-toolchain-bookworm-$LLVM_VERSION main" >> /etc/apt/sources.list.d/llvm.list \
&& wget -qO- https://apt.llvm.org/llvm-snapshot.gpg.key > /etc/apt/trusted.gpg.d/apt.llvm.org.asc
# Install lld alongside clang. LibAFL's libFuzzer.a contains a .preinit_array
# section that the GNU linker rejects in shared objects. lld handles this correctly.
RUN apt update && apt install -y \
build-essential \
clang-$LLVM_VERSION \
lld-$LLVM_VERSION \
&& rm -rf /var/lib/apt/lists/*
ENV APP_DIR="/app"
RUN mkdir $APP_DIR
WORKDIR $APP_DIR
ENV CC="clang-$LLVM_VERSION"
ENV CXX="clang++-$LLVM_VERSION"
ENV LDSHARED="clang-$LLVM_VERSION -shared"
ENV LDSHAREDXX="clang++-$LLVM_VERSION -shared"
ENV ASAN_SYMBOLIZER_PATH="/usr/bin/llvm-symbolizer-$LLVM_VERSION"
# Use lld for linking. LibAFL's libFuzzer.a contains a .preinit_array section
# that the GNU linker rejects in shared objects. lld handles this correctly.
ENV LD="lld-$LLVM_VERSION"
ENV MAKE="make --environment-overrides V=1"
ENV ASAN_OPTIONS="symbolize=1:allocator_may_return_null=1:detect_leaks=0:use_sigaltstack=0"
# Copy LibAFL's libFuzzer.a from builder stage
COPY --from=libafl-builder /libafl/crates/libafl_libfuzzer_runtime/libFuzzer.a /usr/lib/libFuzzer.a
# Point ruzzy at LibAFL's libFuzzer instead of clang's built-in
ENV FUZZER_NO_MAIN_LIB="/usr/lib/libFuzzer.a"
WORKDIR ruzzy/
COPY . .
RUN gem build
RUN RUZZY_DEBUG=1 gem install --development --verbose ruzzy-*.gem
ENTRYPOINT ["./entrypoint.sh"]
CMD ["-help=1"]