A self-hosted Fuzzing-As-A-Service platform

Overview

OneFuzz

A self-hosted Fuzzing-As-A-Service platform

Project OneFuzz enables continuous developer-driven fuzzing to proactively harden software prior to release. With a single command, which can be baked into CICD, developers can launch fuzz jobs from a few virtual machines to thousands of cores.

Build Status

Build Onefuzz

Features

  • Composable fuzzing workflows: Open source allows users to onboard their own fuzzers, swap instrumentation, and manage seed inputs.
  • Built-in ensemble fuzzing: By default, fuzzers work as a team to share strengths, swapping inputs of interest between fuzzing technologies.
  • Programmatic triage and result de-duplication: It provides unique flaw cases that always reproduce.
  • On-demand live-debugging of found crashes: It lets you summon a live debugging session on-demand or from your build system.
  • Observable and Debug-able: Transparent design allows introspection into every stage.
  • Fuzz on Windows and Linux: Multi-platform by design. Fuzz using your own OS build, kernel, or nested hypervisor.
  • Crash reporting notification callbacks: Including Azure DevOps Work Items and Microsoft Teams messages

For information, check out some of our guides:

Are you a Microsoft employee interested in fuzzing? Join us on Teams at Fuzzing @ Microsoft.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repositories using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

Data Collection

The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft's privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkID=824704. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.

For more information:

Reporting Security Issues

Security issues and bugs should be reported privately to the Microsoft Security Response Center (MSRC). For more information, please see SECURITY.md.

Comments
  • Radamsa fuzzing in windows- task generic_crash_report

    Radamsa fuzzing in windows- task generic_crash_report

    Information

    • Onefuzz version: 4.0.0
    • OS:Windows 10

    Provide detailed reproduction steps (if any)

    input directory contains files which causes crashes. (manually tested)

    1. onefuzz template redamsa basic --setup_dir <<>> --target_exe <<>> --inputs <<>> --target_timeout <<>> --reboot_after_setup --duration 72 <> <> <> <>
    2. onefuzz debug task rdp <<generic_analysis taskid>>

    Expected result

    generic_crash_report in running state with crashes

    Actual result

    generic_crash_report in running state no crashes found.

    bug 
    opened by prasanthbalaji 31
  • Nodes not appearing in the pool to take on jobs even though they are running

    Nodes not appearing in the pool to take on jobs even though they are running

    Information

    • Onefuzz version: 1.3.1
    • OS: Windows client, Windows VMs

    Provide detailed reproduction steps (if any)

    Follow the getting started guide, with these changes:

    • I'm using a trial subscription
    • Use Windows as pool OS
    • I create a scaleset with size 1
    • I use the simple-libfuzzer example

    Expected result

    When invoking onefuzz status top I should see the singular node and the pool and it should take on the libfuzzer tasks.

    Actual result

    There are no nodes in the pool, and jobs remain scheduled and waiting, even after hours of waiting (see below for onefuzz status top).

    nodes_not_there_to_take_jobs

    onefuzz nodes list also returns empty [].

    I can see the node as "running" both in the azure portal and also when I check onefuzz scalesets get <scaleset id here> (see attached txt for the output to a bunch of list and get commands of the pool and the scaleset).

    onefuzz_pools_scalesets_list_and_get.txt

    bug Needs: author feedback Status: no recent activity 
    opened by maxnoka 20
  • Multiple onefuzz deployments under single subscription

    Multiple onefuzz deployments under single subscription

    I have been trying to deploy different versions of onefuzz (3.0.0 and 2.16.0) under a single subscription. The deployment succeeds (I do change the client app registration name i.e: instead of onefuzz-cli, I name it version specific eg: onefuzz-cli-3-0-0). When I install the cli and configure it, i am not able to use the cli to create pools, create vms and schedule jobs. I get the below error:

    ERROR:cli:command failed: error: invalid_client 'AADSTS7000215: Invalid client secret is provided. Trace ID: Correlation ID: Timestamp: 2021-09-28 20:43:14Z'

    Can I have multiple instances of onefuzz running under the single subscription ? If yes, could you let me know why my cli is failing to connect with the instance ?

    bug Needs: author feedback Status: no recent activity backlog question 
    opened by uday-infosec 14
  • CLI unable to interact with deployed OneFuzz

    CLI unable to interact with deployed OneFuzz

    Information

    • Onefuzz version: 1.3.1
    • OS: Ubuntu 20.04 docker container on macOS

    Provide detailed reproduction steps (if any)

    1. Deploy onefuzz by using deploy.py, following https://github.com/microsoft/onefuzz/blob/main/docs/getting-started.md
    2. Config onefuzz cli with the endpoint, authority, and client id returned by deploy.py
    3. Check the version using the following command
    $ onefuzz versions check --exact -v
    
    1. Open https://microsoft.com/devicelogin and enter the code to login

    Expected result

    Authenticated and be able to interact with onefuzz using the CLI.

    Actual result

    After logging in successfully, I received the following message from the login portal and the CLI doesn't return.

    AADSTS500113: No reply address is registered for the application.
    
    opened by Sinderella 14
  • Optimize the output side of `srcview`

    Optimize the output side of `srcview`

    Summary of the Pull Request

    This PR contains performance improvements for the srcview crate.

    PR Checklist

    • [ ] Applies to work item: #xxx
    • [x] CLA signed. If not, go over here and sign the CLI.
    • [x] Tests added/passed
    • [ ] Requires documentation to be updated
    • [x] I've discussed this with core contributors already. If not checked, I'm ready to accept this work might be rejected in favor of a different grand plan. Issue number where discussion took place: #xxx

    Info on Pull Request

    1. Comparing PathBuf is more expensive than comparing raw strings, so we should strive to use strings while building the PdbCache.
    2. It's more expensive to allocate temporary backing memory for the XML cobertura file than it is to simply write directly to a handle provided by the caller.
    3. Swap to quick-xml and try to avoid allocating any memory in the hot path when outputting cobertura XML output.

    Validation Steps Performed

    srcview binary with a large PDB (ntoskrnl) and modoff file.

    passed-integration-tests 
    opened by DrChat 10
  • Permissions issue setting up OneFuzz on Azure

    Permissions issue setting up OneFuzz on Azure

    I'm working on setting up OneFuzz on my company's Azure subscription and I'm facing permissions issue with the deployment script. I have satisfied all the prerequisites needed before running the deployment script

    The Getting Started guide currently doesn't capture all the permissions needed to deploy OneFuzz. According to this PR discussion, AppRoleAssignment.ReadWrite.All permission is required to deploy OneFuzz. My deployment script currently fails with the error, Insufficient privileges to complete the operation, at the Application Registration step. Here's the stack trace of the error:

    INFO:deploy:checking if RBAC already exists
    INFO:deploy:creating Application registration
    Traceback (most recent call last):
      File ".\deploy.py", line 1049, in <module>
        main()
      File ".\deploy.py", line 1043, in main
        state[1](client)
      File ".\deploy.py", line 320, in setup_rbac
        app = client.applications.create(params)
      File "C:\Python38\lib\site-packages\azure\graphrbac\operations\applications_operations.py", line 86, in create
        raise models.GraphErrorException(self._deserialize, response)
    azure.graphrbac.models.graph_error_py3.GraphErrorException: Insufficient privileges to complete the operation.
    

    Looks like the deployment script is trying to create a "Client App" under Azure Active Directory and currently my AD account doesn't have permissions to create a new registration. Our AD team is reluctant to add the AppRoleAssignment.ReadWrite.All permission as it is too permissive. Is there a least privilege approach that we can take here to satisfy the requirement for client app registration and proceed with the deployment? If you can provide additional guidance on how to deploy OneFuzz in a corporate setting where full permissions can't be assumed by the deployer, that would be great.

    Let me know if you need more information from me? Thanks!

    documentation 
    opened by shambho 10
  • Issue with upgrading onefuzz to latest version

    Issue with upgrading onefuzz to latest version

    I having been working on upgrading onefuzz instances to latest versions 2.16 -> 4.0.0. During the deployment, I have been getting the below error:

    Exception Details:	(BadRequest) {
    	  "error": {
    	    "code": "RoleAssignmentUpdateNotPermitted",
    	    "message": "Tenant ID, application ID, principal ID, and scope are not allowed to be updated."
    	  }
    	}
    	Code: BadRequest
    	Message: {
    	  "error": {
    	    "code": "RoleAssignmentUpdateNotPermitted",
    	    "message": "Tenant ID, application ID, principal ID, and scope are not allowed to be updated."
    	  }
    	}
    
    

    I looked at the known issues and tried removing all non existing service principals from the resource group by navigating to the resource group > Access Control (IAM) > Role Assignments and removing all entries marked as "Identity not found". I still face the same issue. The deployment breaks with the above error

    Is there any other way that I could get over this error and get my deployment successful ? The above deletion was done through the Azure portal and I assume it lists all the non existing service principals, is there a way to validate it with az cli ?

    bug Needs: attention 
    opened by uday-infosec 9
  • Add app id as Owner to resource group during deployment

    Add app id as Owner to resource group during deployment

    Add app id as Owner to resource group during deployment. Otherwise, I need to manually add it when using deploy-onefuzz-via-azure-devops. The file deploy-onefuzz.yml executes a login using the '--service-principal' option (command below) and it does not work unless I add the app id as an Owner to the RG, which is displayed only when deploying with the option --log_service_principal.

    az login --service-principal -u $(ONEFUZZ_SERVICE_URL) -p $(AZURE_CLIENT_SECRET) --tenant $(AZURE_TENANT_ID)

    I can make the change but wanted feedback before implementing and creating a pull request. I thought I would implement the change in deploy::setup_rbac() but since the RG isn't created yet I think it needs be done during/after the azuredeploy.json template is deployed in deploy::deploy_template(). If adding a parameter to azuredeploy.json would work then I'd also like to point out there is already a parameter named 'clientId' but I think that's a different app id than we need.

    If this is not a good idea for deployments by default, for what ever reason we could make it an additional option on the command line. E.g. we add '--add-app-owners' with a description "Add the client id as an Owner to the Resource Group"

    Needs: author feedback Status: no recent activity 
    opened by andrew-slutsky 9
  • Package version conflict encountered in requirements.txt.

    Package version conflict encountered in requirements.txt.

    Information

    • Onefuzz version: 4.0.0
    • OS: Ubuntu 20.04
    • Python version: 3.8.10
    • pip version: 20.0.2

    Provide detailed reproduction steps (if any)

    Issues encountered while setting up requirements to build onefuzz cli locally. (onefuzz-4.0.0/src/cli/requirements.txt)

    1. pip3 install -r requirements.txt

    Expected result

    Successfully install all pre-requisites utils mentioned in requirements.txt

    Actual result

    Collecting msal~=1.14.0 Downloading msal-1.14.0-py2.py3-none-any.whl (75 kB) |████████████████████████████████| 75 kB 1.9 MB/s Collecting requests~=2.25.1 Downloading requests-2.25.1-py2.py3-none-any.whl (61 kB) |████████████████████████████████| 61 kB 3.3 MB/s Collecting jmespath~=0.10.0 Downloading jmespath-0.10.0-py2.py3-none-any.whl (24 kB) Collecting semver~=2.13.0 Downloading semver-2.13.0-py2.py3-none-any.whl (12 kB) Collecting signalrcore==0.9.2 Downloading signalrcore-0.9.2-py3-none-any.whl (34 kB) Collecting asciimatics~=1.13.0 Downloading asciimatics-1.13.0-py2.py3-none-any.whl (158 kB) |████████████████████████████████| 158 kB 2.8 MB/s Collecting pydantic~=1.8.1 Downloading pydantic-1.8.2.tar.gz (263 kB) |████████████████████████████████| 263 kB 2.7 MB/s Collecting memoization~=0.4.0 Downloading memoization-0.4.0.tar.gz (41 kB) |████████████████████████████████| 41 kB 473 kB/s Collecting msrestazure==0.6.4 Downloading msrestazure-0.6.4-py2.py3-none-any.whl (40 kB) |████████████████████████████████| 40 kB 3.0 MB/s Collecting azure-storage-blob~=12.8 Downloading azure_storage_blob-12.9.0-py2.py3-none-any.whl (356 kB) |████████████████████████████████| 356 kB 2.6 MB/s Collecting azure-applicationinsights==0.1.0 Downloading azure_applicationinsights-0.1.0-py2.py3-none-any.whl (104 kB) |████████████████████████████████| 104 kB 4.6 MB/s Collecting tenacity==8.0.1 Downloading tenacity-8.0.1-py3-none-any.whl (24 kB) Collecting docstring_parser==0.8.1 Downloading docstring_parser-0.8.1.tar.gz (14 kB) Installing build dependencies ... done Getting requirements to build wheel ... done Preparing wheel metadata ... done Collecting azure-cli-core==2.27.2 Downloading azure_cli_core-2.27.2-py3-none-any.whl (179 kB) |████████████████████████████████| 179 kB 2.2 MB/s Collecting packaging==20.9 Downloading packaging-20.9-py2.py3-none-any.whl (40 kB) |████████████████████████████████| 40 kB 3.7 MB/s Collecting urllib3[secure]>=1.26.5 Downloading urllib3-1.26.8-py2.py3-none-any.whl (138 kB) |████████████████████████████████| 138 kB 4.2 MB/s Requirement already satisfied: idna<3,>=2.5 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 20)) (2.8) Collecting cryptography<3.4,>=3.2 Downloading cryptography-3.3.2-cp36-abi3-manylinux2010_x86_64.whl (2.6 MB) |████████████████████████████████| 2.6 MB 2.6 MB/s Collecting PyJWT>=2.1.0 Downloading PyJWT-2.3.0-py3-none-any.whl (16 kB) Collecting onefuzztypes==4.0.0 Downloading onefuzztypes-4.0.0-py3-none-any.whl (23 kB) Requirement already satisfied: certifi>=2017.4.17 in /usr/lib/python3/dist-packages (from requests~=2.25.1->-r requirements.txt (line 2)) (2019.11.28) Requirement already satisfied: chardet<5,>=3.0.2 in /usr/lib/python3/dist-packages (from requests~=2.25.1->-r requirements.txt (line 2)) (3.0.4) Collecting websocket-client==0.54.0 Downloading websocket_client-0.54.0-py2.py3-none-any.whl (200 kB) |████████████████████████████████| 200 kB 3.9 MB/s Collecting msgpack==1.0.2 Downloading msgpack-1.0.2-cp38-cp38-manylinux1_x86_64.whl (302 kB) |████████████████████████████████| 302 kB 4.0 MB/s Collecting future Downloading future-0.18.2.tar.gz (829 kB) |████████████████████████████████| 829 kB 3.0 MB/s Collecting Pillow>=2.7.0 Downloading Pillow-9.0.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (4.3 MB) |████████████████████████████████| 4.3 MB 2.8 MB/s Collecting pyfiglet>=0.7.2 Downloading pyfiglet-0.8.post1-py2.py3-none-any.whl (865 kB) |████████████████████████████████| 865 kB 3.7 MB/s Collecting wcwidth Downloading wcwidth-0.2.5-py2.py3-none-any.whl (30 kB) Collecting typing-extensions>=3.7.4.3 Downloading typing_extensions-4.0.1-py3-none-any.whl (22 kB) Collecting adal<2.0.0,>=0.6.0 Downloading adal-1.2.7-py2.py3-none-any.whl (55 kB) |████████████████████████████████| 55 kB 2.6 MB/s Collecting msrest<2.0.0,>=0.6.0 Downloading msrest-0.6.21-py2.py3-none-any.whl (85 kB) |████████████████████████████████| 85 kB 3.1 MB/s Requirement already satisfied: six in /usr/lib/python3/dist-packages (from msrestazure==0.6.4->-r requirements.txt (line 9)) (1.14.0) Collecting azure-core<2.0.0,>=1.10.0 Downloading azure_core-1.22.0-py3-none-any.whl (178 kB) |████████████████████████████████| 178 kB 4.1 MB/s Collecting azure-common~=1.1 Downloading azure_common-1.1.28-py2.py3-none-any.whl (14 kB) Collecting azure-nspkg>=2.0.0 Downloading azure_nspkg-3.0.2-py3-none-any.whl (1.5 kB) Collecting argcomplete~=1.8 Downloading argcomplete-1.12.3-py2.py3-none-any.whl (38 kB) Collecting azure-mgmt-core<1.3.0,>=1.2.0 Downloading azure_mgmt_core-1.2.2-py2.py3-none-any.whl (21 kB) Collecting pkginfo>=1.5.0.1 Downloading pkginfo-1.8.2-py2.py3-none-any.whl (26 kB) Collecting azure-cli-telemetry==1.0.6.* Downloading azure_cli_telemetry-1.0.6-py3-none-any.whl (10 kB) Collecting psutil~=5.8 Downloading psutil-5.9.0-cp38-cp38-manylinux_2_12_x86_64.manylinux2010_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl (283 kB) |████████████████████████████████| 283 kB 3.6 MB/s Collecting knack~=0.8.2 Downloading knack-0.8.2-py3-none-any.whl (59 kB) |████████████████████████████████| 59 kB 2.9 MB/s Collecting pyopenssl>=17.1.0 Downloading pyOpenSSL-22.0.0-py2.py3-none-any.whl (55 kB) |████████████████████████████████| 55 kB 1.6 MB/s Collecting paramiko<3.0.0,>=2.0.8 Downloading paramiko-2.9.2-py2.py3-none-any.whl (210 kB) |████████████████████████████████| 210 kB 3.3 MB/s Collecting humanfriendly<10.0,>=4.7 Downloading humanfriendly-9.2-py2.py3-none-any.whl (86 kB) |████████████████████████████████| 86 kB 3.5 MB/s Collecting pyparsing>=2.0.2 Downloading pyparsing-3.0.7-py3-none-any.whl (98 kB) |████████████████████████████████| 98 kB 4.1 MB/s Collecting cffi>=1.12 Downloading cffi-1.15.0-cp38-cp38-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (446 kB) |████████████████████████████████| 446 kB 2.5 MB/s Collecting python-dateutil<3,>=2.1.0 Downloading python_dateutil-2.8.2-py2.py3-none-any.whl (247 kB) |████████████████████████████████| 247 kB 3.6 MB/s Collecting isodate>=0.6.0 Downloading isodate-0.6.1-py2.py3-none-any.whl (41 kB) |████████████████████████████████| 41 kB 1.0 MB/s Collecting requests-oauthlib>=0.5.0 Downloading requests_oauthlib-1.3.1-py2.py3-none-any.whl (23 kB) Collecting portalocker~=1.2 Downloading portalocker-1.7.1-py2.py3-none-any.whl (10 kB) Collecting applicationinsights<0.12,>=0.11.1 Downloading applicationinsights-0.11.10-py2.py3-none-any.whl (55 kB) |████████████████████████████████| 55 kB 1.5 MB/s Collecting tabulate Downloading tabulate-0.8.9-py3-none-any.whl (25 kB) Collecting pygments Downloading Pygments-2.11.2-py3-none-any.whl (1.1 MB) |████████████████████████████████| 1.1 MB 3.3 MB/s Collecting colorama Downloading colorama-0.4.4-py2.py3-none-any.whl (16 kB) Collecting pyyaml Downloading PyYAML-6.0-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (701 kB) |████████████████████████████████| 701 kB 4.2 MB/s Collecting pynacl>=1.0.1 Downloading PyNaCl-1.5.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl (856 kB) |████████████████████████████████| 856 kB 2.2 MB/s Collecting bcrypt>=3.1.3 Downloading bcrypt-3.2.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl (61 kB) |████████████████████████████████| 61 kB 789 kB/s Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) |████████████████████████████████| 118 kB 3.1 MB/s Collecting oauthlib>=3.0.0 Downloading oauthlib-3.2.0-py3-none-any.whl (151 kB) |████████████████████████████████| 151 kB 3.2 MB/s Skipping wheel build for pydantic, due to binaries being disabled for it. Building wheels for collected packages: memoization, docstring-parser, future Building wheel for memoization (setup.py) ... done Created wheel for memoization: filename=memoization-0.4.0-py3-none-any.whl size=50455 sha256=50028efe77514fd172d25d07438041cd50a19abfceb2e44bf802db79d5ad1bdb Stored in directory: /root/.cache/pip/wheels/9f/bc/ae/e76d5ea088be013f58051186f0f397398a98c5ca8342d35a4f Building wheel for docstring-parser (PEP 517) ... done Created wheel for docstring-parser: filename=docstring_parser-0.8.1-py3-none-any.whl size=19679 sha256=183a4093d6da4af50a33d5fa659c0b8a2e62559ab384ea89a5573a27fe7c3f84 Stored in directory: /root/.cache/pip/wheels/7a/06/c4/9b2f0146899e8d1e7748897e42ad5412b6a025513f89cc4a0f Building wheel for future (setup.py) ... done Created wheel for future: filename=future-0.18.2-py3-none-any.whl size=491058 sha256=1b6bfddeb2ba52d859304c71b04ea46b905330cd50e773833c7998829d9c2d31 Stored in directory: /root/.cache/pip/wheels/8e/70/28/3d6ccd6e315f65f245da085482a2e1c7d14b90b30f239e2cf4 Successfully built memoization docstring-parser future ERROR: pyopenssl 22.0.0 has requirement cryptography>=35.0, but you'll have cryptography 3.3.2 which is incompatible. Installing collected packages: pycparser, cffi, cryptography, PyJWT, pyopenssl, urllib3, requests, msal, jmespath, semver, websocket-client, msgpack, signalrcore, future, Pillow, pyfiglet, wcwidth, asciimatics, typing-extensions, pydantic, memoization, python-dateutil, adal, isodate, oauthlib, requests-oauthlib, msrest, msrestazure, azure-core, azure-storage-blob, azure-common, azure-nspkg, azure-applicationinsights, tenacity, docstring-parser, argcomplete, azure-mgmt-core, pkginfo, portalocker, applicationinsights, azure-cli-telemetry, psutil, tabulate, pygments, colorama, pyyaml, knack, pynacl, bcrypt, paramiko, humanfriendly, azure-cli-core, pyparsing, packaging, onefuzztypes Attempting uninstall: urllib3 Found existing installation: urllib3 1.25.8 Not uninstalling urllib3 at /usr/lib/python3/dist-packages, outside environment /usr Can't uninstall 'urllib3'. No files were found to uninstall. Attempting uninstall: requests Found existing installation: requests 2.22.0 Not uninstalling requests at /usr/lib/python3/dist-packages, outside environment /usr Can't uninstall 'requests'. No files were found to uninstall. Running setup.py install for pydantic ... done Successfully installed Pillow-9.0.1 PyJWT-2.3.0 adal-1.2.7 applicationinsights-0.11.10 argcomplete-1.12.3 asciimatics-1.13.0 azure-applicationinsights-0.1.0 azure-cli-core-2.27.2 azure-cli-telemetry-1.0.6 azure-common-1.1.28 azure-core-1.22.0 azure-mgmt-core-1.2.2 azure-nspkg-3.0.2 azure-storage-blob-12.9.0 bcrypt-3.2.0 cffi-1.15.0 colorama-0.4.4 cryptography-3.3.2 docstring-parser-0.8.1 future-0.18.2 humanfriendly-9.2 isodate-0.6.1 jmespath-0.10.0 knack-0.8.2 memoization-0.4.0 msal-1.14.0 msgpack-1.0.2 msrest-0.6.21 msrestazure-0.6.4 oauthlib-3.2.0 onefuzztypes-4.0.0 packaging-20.9 paramiko-2.9.2 pkginfo-1.8.2 portalocker-1.7.1 psutil-5.9.0 pycparser-2.21 pydantic-1.8.2 pyfiglet-0.8.post1 pygments-2.11.2 pynacl-1.5.0 pyopenssl-22.0.0 pyparsing-3.0.7 python-dateutil-2.8.2 pyyaml-6.0 requests-2.25.1 requests-oauthlib-1.3.1 semver-2.13.0 signalrcore-0.9.2 tabulate-0.8.9 tenacity-8.0.1 typing-extensions-4.0.1 urllib3-1.26.8 wcwidth-0.2.5 websocket-client-0.54.0

    bug Needs: author feedback Status: no recent activity 
    opened by prasanthbalaji 8
  • issue in installing or deploying onefuzz

    issue in installing or deploying onefuzz

    Information

    • Onefuzz version:1.6.0
    • OS:Ubuntu 18.04

    Facing below issue can anyone suggests how to resolve this as i am getting one fuzz:command not found . image

    duplicate Needs: author feedback 
    opened by nchandna 8
  • afl++ addition

    afl++ addition

    Summary of the Pull Request

    Adding afl++ as a default fuzzer, see #3

    Info on Pull Request

    adding afl++, basically just copying afl.* files to aflpp.* and making a few changes plus updating documentation

    Validation Steps Performed

    I am unsure if this is all that is needed. if so, sweet :)

    opened by vanhauser-thc 8
  • There is a vulnerability in azure-storage-queue:12.1.6,upgrade recommended

    There is a vulnerability in azure-storage-queue:12.1.6,upgrade recommended

    https://github.com/microsoft/onefuzz/blob/df40c99cb9e436cd82c3f7af4834dcde64a1a8e0/src/api-service/app/requirements.txt#L20

    CVE-2022-30187

    Recommended upgrade version:12.4.0

    AB#42724605

    Needs: triage 
    opened by QiAnXinCodeSafe 0
  • There is a vulnerability in  azure-storage-blob:12.8.1,upgrade recommended

    There is a vulnerability in azure-storage-blob:12.8.1,upgrade recommended

    https://github.com/microsoft/onefuzz/blob/df40c99cb9e436cd82c3f7af4834dcde64a1a8e0/src/api-service/app/requirements.txt#L18

    CVE-2022-30187

    Recommended upgrade version:12.13.0

    Needs: triage 
    opened by QiAnXinCodeSafe 0
  • Add more into-JSON coverage conversions

    Add more into-JSON coverage conversions

    Add additional coverage conversions from in-memory structures directly into JSON-serializable formats. Note that we can now convert directly from coverage data into the JSON container enum (via conversion into the latest versioned format).

    opened by ranweiler 1
  • Support custom domain names used as OneFuzz endpoints in deployment

    Support custom domain names used as OneFuzz endpoints in deployment

    Summary of the Pull Request

    This PR adds support for custom domain names used as OneFuzz endpoints through an optional argument to deploy.py for --custom_domain. Using this argument will include the custom domain passed in the Allowed token audiences setting of the Azure Function App authentication settings.

    Fixes #2695

    opened by AdamL-Microsoft 1
  • Bump num_cpus from 1.13.1 to 1.15.0 in /src/agent

    Bump num_cpus from 1.13.1 to 1.15.0 in /src/agent

    Bumps num_cpus from 1.13.1 to 1.15.0.

    Release notes

    Sourced from num_cpus's releases.

    v1.15.0

    Fixes

    • update hermit-abi

    New Contributors

    v1.14.0

    Features

    New Contributors

    Changelog

    Sourced from num_cpus's changelog.

    v1.15.0

    Fixes

    • update hermit-abi

    v1.14.0

    Features

    • add support for cgroups v2
    • Skip reading files in Miri
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 1
Releases(6.1.0)
Owner
Microsoft
Open source projects and samples from Microsoft
Microsoft
Modular, structure-aware, and feedback-driven fuzzing engine for Rust functions

Fuzzcheck Fuzzcheck is a modular, structure-aware, and feedback-driven fuzzing engine for Rust functions. Given a function test: (T) -> bool, you can

Loïc Lecrenier 397 Jan 6, 2023
Multi-threaded Padding Oracle attacks against any service. Written in Rust.

rustpad is a multi-threaded successor to the classic padbuster, written in Rust. It abuses a Padding Oracle vulnerability to decrypt any cypher text or encrypt arbitrary plain text without knowing the encryption key!

Kibouo 76 Dec 16, 2022
Rslide - A web service that allows you to move through multiple html pages in the browser like a slide, even without focusing on the app console or the browser. Currently only supports Windows.

rslide rslide is a web service that allows you to move through multiple html pages in the browser like a slide, even without focusing on the app conso

Jason Dongheng Lee 3 Jan 1, 2022
Verdict-as-a-Service SDKs: Analyze files for malicious content

Verdict-as-a-Service Verdict-as-a-Service (VaaS) is a service that provides a platform for scanning files for malware and other threats. It allows eas

G DATA CyberDefense AG 31 Dec 9, 2022
Cross-platform Secure TUI Secret Locker

SafeCloset keeps your secrets in password protected files. SafeCloset is designed to be convenient and avoid common weaknesses like external editing or temporary files written on disk.

Canop 63 Dec 26, 2022
An impish, cross-platform binary parsing crate, written in Rust

libgoblin Documentation https://docs.rs/goblin/ changelog Usage Goblin requires rustc 1.40.0. Add to your Cargo.toml [dependencies] goblin = "0.4" Fea

null 891 Dec 29, 2022
Cross-platform async library for system information fetching 🦀

heim Cross-platform library for system information fetching heim is an ongoing attempt to create the best tool for system information fetching (ex., C

null 782 Jan 2, 2023
A self-hosted Fuzzing-As-A-Service platform

OneFuzz A self-hosted Fuzzing-As-A-Service platform Project OneFuzz enables continuous developer-driven fuzzing to proactively harden software prior t

Microsoft 2.6k Jan 8, 2023
Temporary elevated access management as a self-hosted service

????☁️ S A T O U N K I Temporary elevated access management as a self-hosted service Overview Satounki is a self-hosted service which brings visibilit

جاد 31 Dec 17, 2023
Hopper is a tool for generating fuzzing test cases for libraries automatically using interpretative fuzzing.

Hopper Hopper is an tool for generating fuzzing test cases for libraries automatically using interpretative fuzzing. It transforms the problem of libr

FuzzAnything 118 Nov 15, 2023
Hopper is a tool for generating fuzzing test cases for libraries automatically using interpretative fuzzing.

Hopper Hopper is an tool for generating fuzzing test cases for libraries automatically using interpretative fuzzing. It transforms the problem of libr

FuzzAnything 124 Nov 24, 2023
A (self hosted) pastebin for easily sharing text right from the terminal

termpad termpad allows you to easily host a pastebin server for saving and viewing text right from the terminal, or the browser. Client Usage Assuming

Spyros Roum 28 Aug 29, 2022
Rustpad is an efficient and minimal collaborative code editor, self-hosted, no database required

Rustpad is an efficient and minimal open-source collaborative text editor based on the operational transformation algorithm

Eric Zhang 2.5k Dec 31, 2022
🎧 a self-hosted Spotify → Discord music bot

Aoede is a Discord music bot that directly streams from Spotify to Discord. The only interface is Spotify itself. Note: a Spotify Premium account is c

Max Isom 159 Dec 29, 2022
Octopus Linguistics for self-hosted runners

octoling Octopus Linguistics for self-hosted runners. Early PoC Allows to create self-hosted ephemeral runners on various providers. (currently only s

Mary 5 Nov 1, 2021
Jotsy is a self-hosted, free and open-source note taking app with a goal of simplicity in mind

Jotsy: Just your notes Jotsy is a self-hosted, free and open-source note taking app with a goal of simplicity in mind. It is powered by Skytable. Read

Sayan 433 Dec 30, 2022
Self-Hosted alternative to GitHub Gists

Gists Self-Hosted GitHub Gists Features Upload code snippets Syntax Highlighting Comments Versioning through Git Fork gists Gist privacy: public, unli

Aravinth Manivannan 52 Dec 22, 2022
Self-Hosted alternative to GitHub Gists

GitPad Self-Hosted GitHub Gists Features Upload code snippets(✓ REST API) Syntax Highlighting Comments Versioning through Git Fork gists Gist privacy:

Aravinth Manivannan 52 Dec 22, 2022
Manage self-hosted Supabase instances with an easy to use API & Web Portal (soon)

SupaManager A project by Harry Bairstow; Manage self-hosted Supabase instances with an easy to use API & Web Portal (soon) ⚠️ Note: The project is in

Harry Bairstow 11 Sep 15, 2022
Self-hosted, fast, and efficient replacement for ngrok, built with Rust

reverse-proxy reverse-proxy is a self-hosted, fast, and efficient replacement for ngrok, built with Rust. The project leverages the power of Tokio and

null 4 May 22, 2023