Fusil 1.0beta2

• Display the fuzzing execution progress on session start and on success
• Create examples directory
• Limit the total number (10 by default) of processes for the fusil user. Should protect against a fork bomb.
• Allow child processes to dump core files
• Rename the session using the process exit status (exit code or signal)
• Many fixes because the fuzzer runs under a different user, examples:
  • Use xhost to allow fusil user to run X11 programs
  • Fix HOME environment variable to the fuzzer user home directory
  • Change the owner of the session directory
  • Fix memory limit of child processes
• Create fusil.unicode_generator module with UnicodeGenerator class
• Move IntegerGenerator, UnsignedGenerator and UnixPathGenerator to fusil.unicode_generator module
• fusil.bytes_generator: ASCII7 now includes code 0 and PRINTABLE_ASCII excludes the (not printable!) code 127
• Python fuzzer now uses Unicode strings to generate the script source.py
• Create many more options in Fusil configuration
• Replace Environment.copyX11() by CreateProcess.setupX11()
• Message Transfert Agent (MTA): don't remove duplicate messages
• Network server: close the socket (and client sockets) at exit
• Only create replay scripts on success
• Don't show process exit status if the process is killed by Fusil
• Read the configuration before parsing the command line

Fusil 1.0beta1 (2008-08-23)

Visible changes:

• Run Fusil as an different user and group to avoid arbitrary file remove or process kill
• On success, rename the session directory using strings like "timeout", "abort" or "invalid_write"
• A fuzzer is now a Python executable program: move all projects from projects/<name>.py to fuzzers/fusil-<name>, and remove run_fusil.sh script
• Create a shell script (replay.sh) to replay a session, and another (gdb.sh) to replay it in gdb
• Use debugger feature of python-ptrace to trace child processes: signal are now catched by Fusil and it would be possible to dump process state
• Remove all generated files (use --keep-generated-files to keep them) to avoid creation of session directory even if the session is not a success
• Create a configuration file (~/.config/fusil.conf) to choose some global options like using the CPU probe or disable the debugger
• Improve Python 3.0 support
• AutoMangle: use increment operation for aggressivity >= 0.25

Developer (API) changes:

• Create AttachProcessPID() to watch a running process identified by its identifier (instead of its name)
• Create MangleProcess to simplify the fuzzers using an MangleAgent
• Replace usage of FileWatch.patterns by FileWatch.addRegex()
• NetworkClient: support non-blocking receive (timeout=0)
• Create FileWatch.fromFilename() static method

Bugfixes:

• Fix "Too many files open" bug: CreateProcess waits until process death to avoid creation of process zombi
• NetworkClient: close socket on session stop

Version 0.9.1 (2008-07-25)

• Fix setup.py: install fusil.fuzzer, needed by project python
• fusil.fixpng (used by identify project): Remove dependency to hachoir_core
• Optimize FileWatch (check score before the regex) and BytesGenerator (when charset size is one)
• Remove files generated by unit tests
• Catch errors in AgentList._destroy()
• Don't unregister an Agent's mailbox if it doesn't exist
• Don't use SystemCalm with --fast option
• Catch errors, especially KeyboardInterrupt, in Application.exit()
• Fix ProjectAgent.unregister() when project reference is broken
• Fix SessionFormatter.format() when line doesn't contain "] " string
• Show environment variable if it's short (<= 50 bytes)
• Fix limitMemory() when a memory limit is already set
• Raise a ValueError is the program can't be found
• AttachProcess: use stat("/proc/%s" % pid) (on Linux) instead of kill(0, pid) because of permission problem (trying to attach a root process)
• Fix session_timeout: don't stop project after timeout
• Fix Project.initLog() when it's called more than once
• Use shorter name for project and session directories (eg. "run-1/session-15")

Version 0.9 (2008-07-08)

• Move log from fusil.log to run-xxxx/project.log and keep it only on success
• Create python fuzzing project
• Command line arguments:
  • create "--remove-generated-file": Remove a session directory even if it contains generated files
  • rename --max-session to --session
  • rename --max-success to --success
  • remove --log-filename (was useless)
• Use shorter prefix in log output: don't show the step number, but write the number of success
• [MTA] Drop duplicate messages sent in the same session step (eg. send session_stop twice)
• AttachProcess: use kill(pid,0) instead of testing /proc/pid to support all POSIX OS and not only Linux
• FileWatch: set score for a number of line smaller than a minimum (default: disabled) at session stop
• Support PyPy (Python interpreter)
• Update and improve documentation
• IncrMangle:
  • use O(1) algorithm to detect operations overlap (instead of O(n)): use a set of dirty bits
  • use keep new version if score is the same or bigger (but not smaller)
  • create SpecialValue and Increment operations
  • raise an error if it's no more possible to generator new operation: rollback to an older version in this case
• Even in --fast mode, wait for system calm to avoid false positive (system load under 75%)
• Projects:
  • identify: create options to use convert program, to ignore stdout and to use IncrMangle instead of AutoMangle. For PNG picture, autofix the CRC32 of each chunk
  • gstreamer: create an option to use IncrMangle
  • php: create float type (variable $e), blacklist more functions (socket connection, eg. ftp_connect())

Minor changes:

• BUGFIX: unregister agent mailbox on agent destruction
• BUGFIX: Directory.rmtree() changes file permission on operation error
• Create UnsignedGenerator in fusil.bytes_generator, and IntegerGenerator now avoid generation of number starting with a zero digit
• CreateProcess() constructor accepts stdin="null" argument

Version 0.8 (2008-03-26)

• Gstreamer project: use decodebin with fakesink for faster fuzzing
• Bugfix: fix FileWatch for Mac OS X (save/restore file cursor)
• Create IncrMangle (incremental): new mangle algorithm
• Use locateProgram() to avoid full program path (eg. replace "/usr/bin/mplayer" by "mplayer")
• Don't set MALLOC_CHECK_ environment variable
• Bugfix: truncate aggressivity to 2 digits to avoid comparaison bugs
• Use ptrace python module (but don't use the debugger)

Version 0.7 (2008-01-03)

Visible changes:

• Create Firefox project: HTTP server providing mangled image (or any embedded document, like Flash document)
• Create network server, UNIX socket client, and HTTP server
• Basic support of Windows operating system: write especially functions for process managment on Windows, and MangleFile opens file in binary mode
• EnvironmentVariable has max_count argument to generate multiple variables when name is a list
• Create --aggressivity=VALUE and --version command line options
• session_done() event is replaced by session_stop(), session_done(score) event is now send by Session with the final session score and the event can now by catched by agents.
• mangle_filename() and mangle_files() events are replaced by unique mangle_filenames() event
• Create TerminalEcho(), used by mplayer project to restore terminal echo mode on exit
• Create sendKey() function to send a keystroke to a X11 window
• php project: remove undefined function automatically
• Environement don't copy any variable anymore by default, except on Windows: copy SYSTEMROOT variable

Minor changes:

• libc_env project: generate between 1 and 5 variables
• SystemCalm always display a first and last message with INFO log level
• Write graph.dat in run-0001 directory
• Merge WatchProcessPID class into WatchProcess
• Remove 'pipe' type for StdoutFile, 'file' type is better
• linux.proc functions only send ProcError exceptions
• Fix searchProcessByName() for Linux kernel processes
• Multi agent system is now executed by Univers agent, instead of Project agent
• Environment displays generated variable with WARNING log level

Version 0.6 (2007-12-18)

• Create "aggressivity" factor used for mangle autoconfiguration: use score of previous session to update aggressity factor, and this factor is used to compute the operations types and the number of operations
• Add fusil.os_tools module for Fusil portability: Fusil now works on Linux, NetBSD and Mac OS X (at least)
• New command line options: --max-success (default: 5), --quiet, --fast, --slow, --keep-all-sessions, --profiler
• New probe: process CPU usage and ProcessTimeWatch
• Create function to wait until system load is low (default: under 50% CPU)
• Create UnixPathGenerator() in fusil.bytes_generator module
• FileWatch:
  • Limit live() duration to 250 ms
  • Write documentation,
  • Add more words (pointer, memory, ...),
  • Create addRegex() method,
  • Add maximum number of line probe,
  • Remove tell() and seek() calls,
  • Do not log not matching line anymore (can be changed with log_not_matching option)
• Fix race condition in StdoutFile: re-open stdout in read-only mode for FileWatch, and disable buffering
• Merge MangleFile and MangleMultipleFiles
• Session is only destroyed at the end of a MAS step
• Write more unit tests
• Create new projects: at, gstreamer, libx11
• Environment doesn't copy LANG and LANGUAGE anymore
• SessionDirectory keeps data on application error
• Fix many little bugs and improvment a lot of code

Version 0.5 (2007-11-28)

• First public release