[Mod-security-developers] ModSecurity with afl - fuzz
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[Mod-security-developers] ModSecurity with afl - fuzz
|
From: Jerald C. <jer...@gm...> - 2019-04-22 10:33:45
|
I've been trying to compile ModSecurity with afl-fuzz but been having no luck after my nginx got upgraded. Any guidance would be most appreciated. I wanted to see what is the difference with afl-fuzz. Tried both ModSecurity, tag 3.0.3 and ModSecurity Master from github. Environment: CentOS Linux release 7.6.1810 (Core) SCL devtoolset-7 llvm-toolset-7 -->> For clang 5.0.1 afl compiled from source: https://github.com/mirrorer/afl/ Configure options: ./configure --with-lmdb --enable-parser-generation --enable-afl-fuzz This is the final error: afl-clang-fast 2.52b by <lszekeres@******.com> clang-5.0: warning: argument '-fsanitize-coverage=4' is deprecated, use '-fsanitize-coverage=trace-pc-guard' instead [-Wdeprecated] afl_fuzzer.cc:24:48: warning: '/*' within block comment [-Wcomment] * for i in $(ls -l src/actions/transformations/*.h | awk {'print $9'})... ^ afl_fuzzer.cc:67:34: warning: '/*' within block comment [-Wcomment] * for i in $(ls -l src/operators/*.h | awk {'print $9'}); do echo "#inc... ^ afl_fuzzer.cc:147:67: warning: '/*' within block comment [-Wcomment] * for i in $(grep "class " -Ri src/actions/transformations/* | grep " :... ^ afl_fuzzer.cc:192:53: warning: '/*' within block comment [-Wcomment] * for i in $(grep "class " -Ri src/operators/* | grep " :" | aw... ^ afl_fuzzer.cc:195:30: error: no matching constructor for initialization of 'modsecurity::operators::BeginsWith' BeginsWith *beginswith = new BeginsWith("BeginsWith", z, false); beginsw... ^ ~~~~~~~~~~~~~~~~~~~~~~ ../../src/operators/begins_with.h:32:14: note: candidate constructor not viable: requires single argument 'param', but 3 arguments were provided explicit BeginsWith(std::unique_ptr<RunTimeString> param) ^ ../../src/operators/begins_with.h:29:7: note: candidate constructor (the implicit copy constructor) not viable: requires 1 argument, but 3 were provided class BeginsWith : public Operator { ^ afl_fuzzer.cc:195:91: error: too few arguments to function call, expected 4, have 2 ...new BeginsWith("BeginsWith", z, false); beginswith->evaluate(t, s); dele... ~~~~~~~~~~~~~~~~~~~~ ^ ../../src/operators/begins_with.h:35:5: note: 'evaluate' declared here bool evaluate(Transaction *transaction, Rule *rule, const std::string &str, ^ afl_fuzzer.cc:196:26: error: no matching constructor for initialization of 'modsecurity::operators::Contains' Contains *contains = new Contains("Contains", z, false); contains->evalu... ^ ~~~~~~~~~~~~~~~~~~~~ ../../src/operators/contains.h:35:14: note: candidate constructor not viable: requires single argument 'param', but 3 arguments were provided explicit Contains(std::unique_ptr<RunTimeString> param) ^ ../../src/operators/contains.h:32:7: note: candidate constructor (the implicit copy constructor) not viable: requires 1 argument, but 3 were provided class Contains : public Operator { ^ afl_fuzzer.cc:196:81: error: too few arguments to function call, expected 4, have 2 ...= new Contains("Contains", z, false); contains->evaluate(t, s); delete c... ~~~~~~~~~~~~~~~~~~ ^ ../../src/operators/contains.h:37:5: note: 'evaluate' declared here bool evaluate(Transaction *transaction, Rule *rule, ^ afl_fuzzer.cc:197:34: error: no matching constructor for initialization of 'modsecurity::operators::ContainsWord' ...*containsword = new ContainsWord("ContainsWord", z, false); containsword... ^ ~~~~~~~~~~~~~~~~~~~~~~~~ ../../src/operators/contains_word.h:32:14: note: candidate constructor not viable: requires single argument 'param', but 3 arguments were provided explicit ContainsWord(std::unique_ptr<RunTimeString> param) ^ ../../src/operators/contains_word.h:29:7: note: candidate constructor (the implicit copy constructor) not viable: requires 1 argument, but 3 were provided class ContainsWord : public Operator { ^ afl_fuzzer.cc:197:101: error: too few arguments to function call, expected 4, have 2 ...ContainsWord("ContainsWord", z, false); containsword->evaluate(t, s); de... ~~~~~~~~~~~~~~~~~~~~~~ ^ ../../src/operators/contains_word.h:35:5: note: 'evaluate' declared here bool evaluate(Transaction *transaction, Rule *rule, ^ afl_fuzzer.cc:198:30: error: no matching constructor for initialization of 'modsecurity::operators::DetectSQLi' DetectSQLi *detectsqli = new DetectSQLi("DetectSQLi", z, false); detects... ^ ~~~~~~~~~~~~~~~~~~~~~~ ../../src/operators/detect_sqli.h:27:7: note: candidate constructor (the implicit copy constructor) not viable: requires 1 argument, but 3 were provided class DetectSQLi : public Operator { ^ ../../src/operators/detect_sqli.h:30:5: note: candidate constructor not viable: requires 0 arguments, but 3 were provided DetectSQLi() ^ afl_fuzzer.cc:198:91: error: too few arguments to function call, expected 4, have 2 ...new DetectSQLi("DetectSQLi", z, false); detectsqli->evaluate(t, s); dele... ~~~~~~~~~~~~~~~~~~~~ ^ ../../src/operators/detect_sqli.h:35:5: note: 'evaluate' declared here bool evaluate(Transaction *t, Rule *rule, ^ afl_fuzzer.cc:199:28: error: no matching constructor for initialization of 'modsecurity::operators::DetectXSS' DetectXSS *detectxss = new DetectXSS("DetectXSS", z, false); detectxss->... ^ ~~~~~~~~~~~~~~~~~~~~~ ../../src/operators/detect_xss.h:26:7: note: candidate constructor (the implicit copy constructor) not viable: requires 1 argument, but 3 were provided class DetectXSS : public Operator { ^ ../../src/operators/detect_xss.h:29:5: note: candidate constructor not viable: requires 0 arguments, but 3 were provided DetectXSS() ^ afl_fuzzer.cc:199:86: error: too few arguments to function call, expected 4, have 2 ...= new DetectXSS("DetectXSS", z, false); detectxss->evaluate(t, s); delet... ~~~~~~~~~~~~~~~~~~~ ^ ../../src/operators/detect_xss.h:34:5: note: 'evaluate' declared here bool evaluate(Transaction *t, Rule *rule, ^ afl_fuzzer.cc:200:26: error: no matching constructor for initialization of 'modsecurity::operators::EndsWith' EndsWith *endswith = new EndsWith("EndsWith", z, false); endswith->evalu... ^ ~~~~~~~~~~~~~~~~~~~~ ../../src/operators/ends_with.h:32:14: note: candidate constructor not viable: requires single argument 'param', but 3 arguments were provided explicit EndsWith(std::unique_ptr<RunTimeString> param) ^ ../../src/operators/ends_with.h:29:7: note: candidate constructor (the implicit copy constructor) not viable: requires 1 argument, but 3 were provided class EndsWith : public Operator { ^ afl_fuzzer.cc:200:81: error: too few arguments to function call, expected 4, have 2 ...= new EndsWith("EndsWith", z, false); endswith->evaluate(t, s); delete e... ~~~~~~~~~~~~~~~~~~ ^ ../../src/operators/ends_with.h:36:5: note: 'evaluate' declared here bool evaluate(Transaction *transaction, Rule *rule, ^ afl_fuzzer.cc:201:14: error: no matching constructor for initialization of 'modsecurity::operators::Eq' Eq *eq = new Eq("Eq", z, false); eq->evaluate(t, s); delete eq; ^ ~~~~~~~~~~~~~~ ../../src/operators/eq.h:32:14: note: candidate constructor not viable: requires single argument 'param', but 3 arguments were provided explicit Eq(std::unique_ptr<RunTimeString> param) ^ ../../src/operators/eq.h:29:7: note: candidate constructor (the implicit copy constructor) not viable: requires 1 argument, but 3 were provided class Eq : public Operator { ^ afl_fuzzer.cc:202:28: error: no matching constructor for initialization of 'modsecurity::operators::FuzzyHash' FuzzyHash *fuzzyhash = new FuzzyHash("FuzzyHash", z, false); fuzzyhash->... ^ ~~~~~~~~~~~~~~~~~~~~~ ../../src/operators/fuzzy_hash.h:41:14: note: candidate constructor not viable: requires single argument 'param', but 3 arguments were provided explicit FuzzyHash(std::unique_ptr<RunTimeString> param) ^ ../../src/operators/fuzzy_hash.h:38:7: note: candidate constructor (the implicit copy constructor) not viable: requires 1 argument, but 3 were provided class FuzzyHash : public Operator { ^ afl_fuzzer.cc:203:14: error: no matching constructor for initialization of 'modsecurity::operators::Ge' Ge *ge = new Ge("Ge", z, false); ge->evaluate(t, s); delete ge; ^ ~~~~~~~~~~~~~~ ../../src/operators/ge.h:31:14: note: candidate constructor not viable: requires single argument 'param', but 3 arguments were provided explicit Ge(std::unique_ptr<RunTimeString> param) ^ ../../src/operators/ge.h:28:7: note: candidate constructor (the implicit copy constructor) not viable: requires 1 argument, but 3 were provided class Ge : public Operator { ^ afl_fuzzer.cc:204:28: error: no matching constructor for initialization of 'modsecurity::operators::GeoLookup' GeoLookup *geolookup = new GeoLookup("GeoLookup", z, false); geolookup->... ^ ~~~~~~~~~~~~~~~~~~~~~ ../../src/operators/geo_lookup.h:27:7: note: candidate constructor (the implicit copy constructor) not viable: requires 1 argument, but 3 were provided class GeoLookup : public Operator { ^ ../../src/operators/geo_lookup.h:30:5: note: candidate constructor not viable: requires 0 arguments, but 3 were provided GeoLookup() ^ afl_fuzzer.cc:205:28: error: no matching constructor for initialization of 'modsecurity::operators::GsbLookup' GsbLookup *gsblookup = new GsbLookup("GsbLookup", z, false); gsblookup->... ^ ~~~~~~~~~~~~~~~~~~~~~ ../../src/operators/gsblookup.h:31:14: note: candidate constructor not viable: requires single argument 'param', but 3 arguments were provided explicit GsbLookup(std::unique_ptr<RunTimeString> param) ^ ../../src/operators/gsblookup.h:28:7: note: candidate constructor (the implicit copy constructor) not viable: requires 1 argument, but 3 were provided class GsbLookup : public Operator { ^ afl_fuzzer.cc:206:14: error: no matching constructor for initialization of 'modsecurity::operators::Gt' Gt *gt = new Gt("Gt", z, false); gt->evaluate(t, s); delete gt; ^ ~~~~~~~~~~~~~~ ../../src/operators/gt.h:32:14: note: candidate constructor not viable: requires single argument 'param', but 3 arguments were provided explicit Gt(std::unique_ptr<RunTimeString> param) ^ ../../src/operators/gt.h:29:7: note: candidate constructor (the implicit copy constructor) not viable: requires 1 argument, but 3 were provided class Gt : public Operator { ^ afl_fuzzer.cc:207:32: error: no matching constructor for initialization of 'modsecurity::operators::InspectFile' InspectFile *inspectfile = new InspectFile("InspectFile", z, false); ins... ^ ~~~~~~~~~~~~~~~~~~~~~~~ ../../src/operators/inspect_file.h:33:14: note: candidate constructor not viable: requires single argument 'param', but 3 arguments were provided explicit InspectFile(std::unique_ptr<RunTimeString> param) ^ ../../src/operators/inspect_file.h:30:7: note: candidate constructor (the implicit copy constructor) not viable: requires 1 argument, but 3 were provided class InspectFile : public Operator { ^ fatal error: too many errors emitted, stopping now [-ferror-limit=] 4 warnings and 20 errors generated. |
