Collect crash reports, triage, and estimate severity.

Overview

CI Crates.io

CASR: Crash Analysis and Severity Report

CASR – collect crash reports, triage, and estimate severity. It is based on ideas from exploitable and apport.

CASR is maintained by:

Overview

CASR is a set of tools that allows you to collect crash reports in different ways. Use casr-core binary to deal with coredumps. Use casr-san to analyze ASAN reports. Try casr-gdb to get reports from gdb. Use casr-python to analyze python reports and get report from atheris.

Crash report contains many useful information: severity (like exploitable), OS and package versions, command line, stack trace, register values, disassembly, and even source code fragment where crash appeared. Reports are stored in JSON format. casr-cli is meant to provide TUI for viewing reports. Reports triage (deduplication, clustering) is done by casr-cluster. Triage is based on stack trace comparison from gdb-command. casr-afl is used to triage crashes found by AFL++.

Explanation of severity classes could be found here. You could take a closer look at usage details here.

casr_report

Getting started

  1. Install Rust. Instructions can be found here.
  2. Clone CASR repository:
$ git clone https://github.com/ispras/casr
  1. Build CASR:
$ cargo build --release
  1. Install runtime dependencies:
$ sudo apt install gdb python3 python3-pip lsb-release
$ sudo -H python3 -m pip install numpy scipy

Instead of steps 2-3 you may just install Casr from crates.io:

$ cargo install casr

Usage

Create report from coredump:

$ casr-core -f tests/casr_tests/bin/core.test_destAv -e tests/casr_tests/bin/test_destAv -o destAv.casrep

Create report from sanitizers output:

$ clang++ -fsanitize=address -O0 -g tests/casr_tests/test_asan_df.cpp -o test_asan_df
$ casr-san -o asan.casrep -- ./test_asan_df

Create report from gdb:

$ casr-gdb -o destAv.gdb.casrep -- tests/casr_tests/bin/test_destAv $(printf 'A%.s' {1..200})

Create report from python:

$ casr-python -o python.casrep -- tests/casr_tests/python/test_casr_python.py

View report:

$ casr-cli tests/casr_tests/casrep/test_clustering_san/load_fuzzer_crash-120697a7f5b87c03020f321c8526adf0f4bcc2dc.casrep

Create report for program that reads stdin:

$ casr-san --stdin seed -o san_bin.casrep -- ./san_bin

Deduplicate reports:

$ casr-cluster -d tests/casr_tests/casrep/test_clustering_gdb out-dedup

Cluster reports:

$ casr-cluster -c out-dedup out-cluster

Triage crashes after AFL++ fuzzing with casr-afl:

$ cp tests/casr_tests/bin/load_afl /tmp/load_afl
$ cp tests/casr_tests/bin/load_sydr /tmp/load_sydr
$ casr-afl -i tests/casr_tests/bin/afl-out-xlnt -o tests/tmp_tests_casr/casr_afl_out

Fuzzing Crash Triage Pipeline

When you have crashes from fuzzing you may do the following steps:

  1. Create reports for all crashes via casr-san or casr-gdb (if no sanitizers are present).
  2. Deduplicate collected reports via casr-cluster -d.
  3. Cluster deduplicated reports via casr-cluster -c.
  4. View reports from clusters using casr-cli.

If you use AFL++ steps from 1 to 3 could be done automatically by casr-afl.

Contributing

Feel free to open issues or PRs! We appreciate your support!

Please follow the next recommendations for your pull requests:

  • compile with stable rust
  • use cargo fmt
  • check the output of cargo clippy --all
  • run tests cargo test

Cite Us

Savidov G., Fedotov A. Casr-Cluster: Crash Clustering for Linux Applications. 2021 Ivannikov ISPRAS Open Conference (ISPRAS), IEEE, 2021, pp. 47-51. DOI: 10.1109/ISPRAS53967.2021.00012 [paper] [slides]

@inproceedings{savidov2021casr,
  title = {{{Casr-Cluster}}: Crash Clustering for Linux Applications},
  author = {Savidov, Georgy and Fedotov, Andrey},
  booktitle = {2021 Ivannikov ISPRAS Open Conference (ISPRAS)},
  pages = {47--51},
  year = {2021},
  organization = {IEEE},
  doi = {10.1109/ISPRAS53967.2021.00012},
}

License

Licensed under Apache-2.0.

You might also like...
A simple CLI for creating and managing Solana Lookup Tables.

LUT - A simple CLI for creating and managing Solana Lookup Tables Commands lut create Creates a new LUT using the default keypair in the Solana config

Easy-to-use grammar-based black-box fuzzer. Has found dozens of bugs in important targets like Clang, Deno, and rustc.

tree-crasher tree-crasher is an easy-to-use grammar-based black-box fuzzer. It parses a number of input files using tree-sitter grammars, and produces

Componentize.js on node and wasmtime

This is a test implementation of bytecodealliance/componentize-js Pre-requisites Node.js and npm are required to build and run this project. Cargo mus

AFLTriage is a tool to triage crashing input files using a debugger.

AFLTriage AFLTriage is a tool to triage crashing input files using a debugger. It is designed to be portable and not require any run-time dependencies

miette is a diagnostic library for Rust. It includes a series of traits/protocols that allow you to hook into its error reporting facilities, and even write your own error reports!
miette is a diagnostic library for Rust. It includes a series of traits/protocols that allow you to hook into its error reporting facilities, and even write your own error reports!

miette is a diagnostic library for Rust. It includes a series of traits/protocols that allow you to hook into its error reporting facilities, and even write your own error reports!

command line tools for coprolite research (paleontology and archaeology): estimate the producer's body mass based on coprolite diameter by the use of regression models
command line tools for coprolite research (paleontology and archaeology): estimate the producer's body mass based on coprolite diameter by the use of regression models

OVERVIEW OF COPROSIZE coprosize employs power, exponential and cubic regression models allowing to estimate the producer's body mass based on coprolit

Crash recovery for Darktide. There's heresy to be smote and no time to waste.
Crash recovery for Darktide. There's heresy to be smote and no time to waste.

Darktide Rebooter 🥾 ↪️ 🥾 Automatically boot the game up again (and bypass the launcher) immediately after a crash. There's heresy to be smote and no

Estimate the amount of time spent working on a Git repository

jikyuu (時給) A tool to estimate the amount of time spent working on a Git repository. It is a direct port of git-hours, written in Node.js, because the

A few demos showing how to estimate projects using Monte Carlo simulations.

Agile Monte Carlo Simulations Demos This is the repository which accompanies the blog post "How to replace estimations and guesses with a Monte Carlo

Rust Crash Course, by BPB Publications

Rust Crash Course Grasp the fundamentals of programming in Rust and put your knowledge to use. This is the repository for Rust Crash Course ,published

Convert rust coverage data to HTML reports, LCOV files or terminal tables

Coverage Prepare Convert coverage data to HTML reports, LCOV files or terminal tables. coverage-prepare --help: Convert "profraw" coverage data to: *

More beautiful HTML reports for llvm-cov/cargo-llvm-cov

💄 llvm-cov-pretty More beautiful HTML reports for llvm-cov (cargo-llvm-cov specifically). Dark theme support (switches automatically based on your br

A KISS Rust crate to parse Windows kernel crash-dumps created by Windows & its debugger.
A KISS Rust crate to parse Windows kernel crash-dumps created by Windows & its debugger.

kdmp-parser A KISS Rust crate to parse Windows kernel crash-dumps created by Windows & its debugger. This is a cross-platform crate that parses Window

Collect libraries and packages about cryptography in Rust.

Awesome Cryptography Rust Collect libraries and packages about cryptography in Rust. Collection Library Symmetric Public-key / Asymmetric One-way Hash

App to collect ram/cpu usage from OS and show it in pretty graphs
App to collect ram/cpu usage from OS and show it in pretty graphs

System info collector This is simple app to collect data about system cpu and memory usage over time. After collecting results into csv file, html fil

tracing - a framework for instrumenting Rust programs to collect structured, event-based diagnostic information

tracing-appender Writers for logging events and spans Documentation | Chat Overview tracing is a framework for instrumenting Rust programs to collect

📊 Collect cloud usage data, so that it can be combined with impact data of Boavizta API.
📊 Collect cloud usage data, so that it can be combined with impact data of Boavizta API.

cloud-scanner Collect aws cloud usage data, so that it can be combined with impact data of Boavizta API. ⚠ Very early Work in progress ! At the moment

Travis CI and AppVeyor template to test your Rust crate on 5 architectures and publish binary releases of it for Linux, macOS and Windows

trust Travis CI and AppVeyor template to test your Rust crate on 5 architectures and publish binary releases of it for Linux, macOS and Windows Featur

A crate to convert bytes to something more useable and the other way around in a way Compatible with the Confluent Schema Registry. Supporting Avro, Protobuf, Json schema, and both async and blocking.
A crate to convert bytes to something more useable and the other way around in a way Compatible with the Confluent Schema Registry. Supporting Avro, Protobuf, Json schema, and both async and blocking.

#schema_registry_converter This library provides a way of using the Confluent Schema Registry in a way that is compliant with the Java client. The rel

Releases(v2.4.0)
  • v2.4.0(Feb 3, 2023)

    • user specified regular expression to filter functions in stacktrace
    • casr-cli: joint statistics about reports
    • casr-afl: copying crashes next to reports, parallel reports producing, joint statistics from casr-cli
    Source code(tar.gz)
    Source code(zip)
  • v2.3.0(Dec 24, 2022)

    • rust panic support in casr-san/casr-gdb
    • c++ exceptions support in casr-san/casr-gdb
    • casr-python for creating CASR reports from python crashes
    Source code(tar.gz)
    Source code(zip)
  • v2.2.0(Nov 21, 2022)

  • v2.1.1(Nov 10, 2022)

    • Fix reporting error with setting personality in casr-san
    • Add Stdin file field to CASR report
    • Support AccessViolationNearNull in casr-san
    • Improve READ/WRITE parsing for SEGV in casr-san
    • Support processing of SIGTRAP, SIGSYS, SIGBUS
    • Filter out corrupted stack trace parts in casr-san and casr-gdb
    Source code(tar.gz)
    Source code(zip)
  • v2.1.0(Oct 21, 2022)

Owner
Ivannikov Institute for System Programming of the Russian Academy of Sciences
Ivannikov Institute for System Programming of the Russian Academy of Sciences
Playwright is a rust library to automate Chromium, Firefox and WebKit built on top of Node.js library.

?? Playwright for Rust Playwright is a rust library to automate Chromium, Firefox and WebKit built on top of Node.js library. Installation [dependenci

octaltree 132 Jan 6, 2023
Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...

LibAFL, the fuzzer library. Advanced Fuzzing Library - Slot your own fuzzers together and extend their features using Rust. LibAFL is written and main

Advanced Fuzzing League ++ 1.2k Dec 29, 2022
A fast Rust-based safe and thead-friendly grammar-based fuzz generator

Intro fzero is a grammar-based fuzzer that generates a Rust application inspired by the paper "Building Fast Fuzzers" by Rahul Gopinath and Andreas Ze

null 203 Nov 9, 2022
Breaking your Rust code for fun and profit

Breaking your Rust code for fun & profit this is an architecture-preview, not all components are there This is a mutation testing framework for Rust c

null 533 Dec 18, 2022
TestDrive automatically scrapes input/output data from BOJ(Baekjoon Online Judge) and runs tests for your executable binary file!

?? TestDrive What does it do? TestDrive automatically scrapes input/output data from BOJ(Baekjoon Online Judge) and runs tests for your executable bin

Hyeonseok Jung 3 Mar 5, 2022
A series of test cases to evaluate async Rust on the nrf52840 in terms of power usage and ergonomics.

A series of test cases to evaluate async Rust on the nrf52840 in terms of power usage and ergonomics. This is an experiment that uses unstable features only available on nightly rust.

Tweede golf 1 Oct 15, 2021
A tiny, super simple and portable benchmarking library.

benchmark-simple A tiny benchmarking library for Rust. Trivial to use Works pretty much everywhere, including WebAssembly (WASI, but also in-browser)

Frank Denis 3 Dec 26, 2022
Very minimalist tmux status bar that displays used memory and CPU usage.

woot-bar Ultra minimalist status bar that displays used memory and CPU usage woot-bar is made for tmux but it is compatible with anything that eats st

Nicolas Gryman 3 Dec 27, 2022
Notes and whatnot!

Noted CLI & TUI application to take and track notes. Generate Coverage (with cargo-llvm-cov): LCOV: cargo llvm-cov --all-features --workspace --lcov -

Tony B 2 May 3, 2022
Otto: a unified approach to CRDTs and OT

Otto: a unified approach to CRDTs and OT This repo contains tests for otto. otto enables any boring Rust data structure (without Rc, RefCell etc.) to

Tably 15 Dec 23, 2022