Merge branch 'release/BFF_2.8'

.externalToolBuilders/dev_builder.launch

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<launchConfiguration type="org.eclipse.ui.externaltools.ProgramBuilderLaunchConfigurationType">
+<booleanAttribute key="org.eclipse.debug.ui.ATTR_LAUNCH_IN_BACKGROUND" value="false"/>
+<stringAttribute key="org.eclipse.ui.externaltools.ATTR_LOCATION" value="/opt/local/bin/python"/>
+<stringAttribute key="org.eclipse.ui.externaltools.ATTR_RUN_BUILD_KINDS" value="full,incremental,"/>
+<stringAttribute key="org.eclipse.ui.externaltools.ATTR_TOOL_ARGUMENTS" value="make_dev.py linux"/>
+<booleanAttribute key="org.eclipse.ui.externaltools.ATTR_TRIGGERS_CONFIGURED" value="true"/>
+<stringAttribute key="org.eclipse.ui.externaltools.ATTR_WORKING_DIRECTORY" value="${project_loc}/build"/>
+</launchConfiguration>

.gitattributes

@@ -0,0 +1 @@
+*.sh text eol=lf

.gitignore

@@ -1,9 +1,27 @@
 .project
 .pydevproject
+dev_builds
 .settings
-build
+*.env
+*.egg-info
+src/dist
+build/dist/osx/installer/Readme.txt
+build/dist/osx/installer/License.txt
+doc/fontconfig
+doc/html
+doc/pdf
+*.bak
+*.pyc
 CERT_Basic_Fuzzing_Framework.egg-info
-dev_builds
-doc
+dist_builds
 setup_env/bff.env
-src/dist
+src/linux/COPYING.txt
+src/windows/COPYING.txt
+build/distmods/osx/installer/bff/
+build/distmods/osx/installer/*.txt
+*.stackdump
+.teeproject
+.externalToolBuilders
+*.pkl
+doc/epydoc/html
+doc/epydoc/fontconfig

LICENSE.md

@@ -3,7 +3,7 @@ subject to the following terms:
 
 # LICENSE #
 
-Copyright © 2013 Carnegie Mellon University. All Rights Reserved.
+Copyright © 2010-2016 Carnegie Mellon University. All Rights Reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met: 
@@ -13,7 +13,7 @@ modification, are permitted provided that the following conditions are met:
 3. Products derived from this software may not include "Carnegie Mellon University," "SEI" and/or "Software Engineering Institute" in the name of such derived product, nor shall "Carnegie Mellon University," "SEI" and/or "Software Engineering Institute" be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected]. 
 
 # ACKNOWLEDGMENTS AND DISCLAIMERS: #
-Copyright © 2013 Carnegie Mellon University
+Copyright © 2010-2016 Carnegie Mellon University
 
 This material is based upon work funded and supported by the Department of
 Homeland Security under Contract No. FA8721-05-C-0003 with Carnegie Mellon

README.md

@@ -1,18 +1,18 @@
 This project contains the source code for the CERT Basic Fuzzing Framework (BFF)
-and the CERT Failure Observation Engine (FOE).
+
+BFF for Windows was formerly known as the CERT Failure Observation Engine (FOE).
 
 If you are looking for runnable code, you should download the latest releases at:
 
 * BFF (linux, OSX) [http://www.cert.org/vulnerability-analysis/tools/bff.cfm](http://www.cert.org/vulnerability-analysis/tools/bff.cfm "BFF")
-* FOE (windows) [http://www.cert.org/vulnerability-analysis/tools/foe.cfm](http://www.cert.org/vulnerability-analysis/tools/foe.cfm "FOE")
 
 # Using this code #
 
 Depending on your preferred level of difficulty and experience points, choose from the options below. 
 
 ## Easy ##
 
-Most of the BFF and FOE code can be found in the certfuzz package `src/certfuzz`. To try out the certfuzz code in an existing installation of BFF or FOE, replace the `certfuzz` directory in your installation with the `certfuzz` directory found in this repository.
+Most of the BFF code can be found in the certfuzz package `src/certfuzz`. To try out the certfuzz code in an existing installation of BFF, replace the `certfuzz` directory in your installation with the `certfuzz` directory found in this repository.
 
 ## Moderate ##
 
@@ -30,16 +30,16 @@ If all that seems more like a challenge than a warning, go for it.
 
 See `src/experimental/README.md` for some dead ends that might be marginally useful.
 
-# About BFF and FOE #
+# About BFF #
 
-The CERT Basic Fuzzing Framework (BFF) is a software testing tool that finds defects in applications that run on the Linux and Mac OS X platforms. The CERT Failure Observation Engine (FOE) does the same on Windows.
+The CERT Basic Fuzzing Framework (BFF) is a software testing tool that finds defects in applications that run on Linux, Mac OS X and Windows.
 
-BFF and FOE perform mutational fuzzing on software that consumes file input.  They automatically collect test cases that cause software to crash in unique ways, as well as debugging information associated with the crashes. The goal of BFF and FOE is to minimize the effort required for software vendors and security researchers to efficiently discover and analyze security vulnerabilities found via fuzzing.
+BFF performs mutational fuzzing on software that consumes file input.  They automatically collect test cases that cause software to crash in unique ways, as well as debugging information associated with the crashes. The goal of BFF is to minimize the effort required for software vendors and security researchers to efficiently discover and analyze security vulnerabilities found via fuzzing.
 
 ## A brief history of BFF and FOE ##
 
 BFF and FOE started out as two separate but related projects within the CERT/CC
-Vulnerability Analysis team. Over time, they have converged in their architecture to the point where they now share much of their code. While this convergence should eventually lead to feature parity (or nearly so), we are not there yet.
+Vulnerability Analysis team. Over time, they converged in their architecture to the point where BFF 2.7 and FOE 2.1 shared much of their code. As of BFF 2.8, this integration is complete and we have retired the name FOE in favor of BFF.
 
 ## For more information 
 

build/README.txt

@@ -0,0 +1,16 @@
+Use make_dev.py to copy files in a dev environment to a different dir for use by 
+your test VM.
+
+Use make_dist2.py to build a distributable package.
+
+usage: make_dist2.py [-h] [-d] [-v] platform srcpath distpath
+
+positional arguments:
+  platform       One of ['windows', 'darwin', 'linux']
+  srcpath        path/to/bff/src
+  distpath       Directory to build into
+
+optional arguments:
+  -h, --help     show this help message and exit
+  -d, --debug    enable debug messages
+  -v, --verbose  enable debug messages

build/dev/build_base.py → build/devmods/build_base.py

@@ -6,14 +6,14 @@
 import os
 
 import logging
-from dev.misc import copydir, copyfile, onerror
 import shutil
+from devmods.misc import copydir, copyfile, onerror, mdtotextfile
 
 logger = logging.getLogger(__name__)
 
 
 class Build(object):
-    _common_dirs = ['certfuzz', 'seedfiles']
+    _common_dirs = ['certfuzz', 'seedfiles', 'tools']
     _blacklist = ['.svn']
     _name = None
     _platform = None
@@ -30,10 +30,18 @@ def __init__(self, name=None, platform=None):
             self.platform = self._platform
 
         self.my_path = os.path.abspath(os.path.dirname(__file__))
-        self.src_path = os.path.abspath(os.path.join(self.my_path, '../../src'))
-        self.dev_builds_path = os.path.abspath(os.path.join(self.src_path, '..', 'dev_builds'))
-        self.target_path = os.path.abspath(os.path.join(self.dev_builds_path, self.name))
+        self.src_path = os.path.abspath(
+            os.path.join(self.my_path, '../../src'))
+        self.dev_builds_path = os.path.abspath(
+            os.path.join(self.src_path, '..', 'dev_builds'))
+
+        target_shortname = '{}-{}'.format(self.name, self.platform)
+
+        self.target_path = os.path.abspath(
+            os.path.join(self.dev_builds_path, target_shortname))
         self.platform_path = os.path.join(self.src_path, self.platform)
+        self.license_md_path = os.path.join(self.src_path, '..', 'LICENSE.md')
+        self.license_txt_path = os.path.join(self.target_path, 'COPYING.txt')
 
     def __enter__(self):
         return self
@@ -48,6 +56,9 @@ def build(self):
         logger.info('Set up build dir')
         self._create_target_path()
 
+        logger.info('Converting markdown files')
+        self._convert_md_files()
+
         logger.info('Copy platform-specific files to build dir')
         self._copy_platform()
 
@@ -60,13 +71,18 @@ def build(self):
         logger.info('Clean up build dir')
         self._clean_up(self.target_path, remove_blacklist=False)
 
+    def _convert_md_files(self):
+        mdtotextfile(self.license_md_path, self.license_txt_path)
+
     def _create_target_path(self):
         # create base build path if it doesn't already exist
         if not os.path.exists(self.target_path):
-            logger.info('Build dir does not exist, creating %s', self.target_path)
+            logger.info(
+                'Build dir does not exist, creating %s', self.target_path)
             os.makedirs(self.target_path)
         else:
-            logger.info('Build dir %s already exists, proceeding', self.target_path)
+            logger.info(
+                'Build dir %s already exists, proceeding', self.target_path)
 
         # base build path exists
         assert os.path.isdir(self.target_path)
@@ -104,7 +120,8 @@ def _create_results_dir(self):
             logger.info('Result path does not exist, creating %s', result_path)
             os.makedirs(result_path)
         else:
-            logger.info('Result path %s already exists, proceeding', result_path)
+            logger.info(
+                'Result path %s already exists, proceeding', result_path)
 
     def _clean_up(self, path, remove_blacklist=True):
         logger.debug("Cleaning up %s", path)

build/dev/misc.py → build/devmods/misc.py

@@ -5,13 +5,10 @@
 '''
 import logging
 import os
-import distutils
+from distutils import dir_util
 import shutil
 
-logger = logging.getLogger()
-logger.setLevel(logging.INFO)
-hdlr = logging.StreamHandler()
-logger.addHandler(hdlr)
+logger = logging.getLogger(__name__)
 
 
 def onerror(func, path, exc_info):
@@ -36,9 +33,28 @@ def onerror(func, path, exc_info):
 
 def copydir(src, dst):
     logger.info('Copy dir  %s -> %s', src, dst)
-    distutils.dir_util.copy_tree(src, dst)
+    dir_util.copy_tree(src, dst)
 
 
 def copyfile(src, dst):
     logger.info('Copy file %s -> %s', src, dst)
     shutil.copy(src, dst)
+
+
+def stripmarkdown(markdown):
+    replacements = {'©': '(C)', '®': '(R)'}
+    for k, v in replacements.iteritems():
+        markdown = markdown.replace(k, v)
+    return markdown
+
+
+def mdtotextfile(markdownfile, plaintextfile):
+    logger.info('Converting markdown file %s to plain text %s' %
+                (markdownfile, plaintextfile))
+    f = open(markdownfile, 'r')
+    markdown = f.read()
+    f.close
+    plaintext = stripmarkdown(markdown)
+    f = open(plaintextfile, 'w')
+    f.write(plaintext)
+    f.close

build/devmods/windows/windows_build.py

@@ -0,0 +1,25 @@
+'''
+Created on Dec 9, 2013
+
+@author: adh
+'''
+from .. import Build
+import os
+import sys
+mydir = os.path.dirname(os.path.abspath(__file__))
+parentdir = os.path.abspath(os.path.join(mydir, '..'))
+sys.path.append(parentdir)
+from devmods.misc import copyfile
+
+
+class WindowsBuild(Build):
+    _name = 'BFF'
+    _platform = 'windows'
+
+    def _copy_platform(self):
+        target_path = self.target_path
+        Build._copy_platform(self)
+        # Copy example bff.yaml file to configs directory
+        f_src = os.path.join(target_path, 'configs', 'examples', 'bff.yaml')
+        f_dst = os.path.join(target_path, 'configs')
+        copyfile(f_src, f_dst)