all: add /addcandidate rest api to upload new prog as candidate

jiangenj · jiangenj · commit 67908b697485 · 2024-12-04T06:11:19.000+05:30
ex to upload prog to syzkaller: curl -s --noproxy 0.0.0.0 -F "file=@prog" http://0.0.0.0:8888/addcandidate
diff --git a/pkg/manager/http.go b/pkg/manager/http.go
@@ -24,6 +24,7 @@ import (
 
 	"github.com/google/syzkaller/pkg/corpus"
 	"github.com/google/syzkaller/pkg/cover"
+	"github.com/google/syzkaller/pkg/db"
 	"github.com/google/syzkaller/pkg/fuzzer"
 	"github.com/google/syzkaller/pkg/html/pages"
 	"github.com/google/syzkaller/pkg/log"
@@ -55,6 +56,7 @@ type HTTPServer struct {
 	Pool        *vm.Dispatcher
 	Pools       map[string]*vm.Dispatcher
 	TogglePause func(paused bool)
+	CorpusDB    *db.DB
 
 	// Can be set dynamically after calling Serve.
 	Corpus          atomic.Pointer[corpus.Corpus]
@@ -81,6 +83,7 @@ func (serv *HTTPServer) Serve() {
 	handle("/vms", serv.httpVMs)
 	handle("/vm", serv.httpVM)
 	handle("/metrics", promhttp.HandlerFor(prometheus.DefaultGatherer, promhttp.HandlerOpts{}).ServeHTTP)
+	handle("/addcandidate", serv.httpAddCandidate)
 	handle("/syscalls", serv.httpSyscalls)
 	handle("/corpus", serv.httpCorpus)
 	handle("/corpus.db", serv.httpDownloadCorpus)
@@ -734,6 +737,46 @@ func (serv *HTTPServer) modulesInfo(w http.ResponseWriter, r *http.Request) {
 	serv.jsonPage(w, r, "modules", cover.Modules)
 }
 
+func (serv *HTTPServer) httpAddCandidate(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Error(w, "only POST method supported", http.StatusMethodNotAllowed)
+		return
+	}
+	err := r.ParseMultipartForm(20 << 20)
+	if err != nil {
+		http.Error(w, fmt.Sprintf("failed to parse form: %v", err), http.StatusBadRequest)
+		return
+	}
+	file, _, err := r.FormFile("file")
+	if err != nil {
+		http.Error(w, fmt.Sprintf("failed to retrieve file from form-data: %v", err), http.StatusBadRequest)
+		return
+	}
+	defer file.Close()
+	data, err := io.ReadAll(file)
+	if err != nil {
+		http.Error(w, fmt.Sprintf("failed to read file: %v", err), http.StatusBadRequest)
+		return
+	}
+	prog, err := ParseSeed(serv.Cfg.Target, data)
+	if err != nil {
+		http.Error(w, fmt.Sprintf("failed to parse seed: %v", err), http.StatusBadRequest)
+		return
+	}
+	if !prog.OnlyContains(serv.Fuzzer.Load().Config.EnabledCalls) {
+		http.Error(w, "contains disabled syscall", http.StatusBadRequest)
+		return
+	}
+	var flags fuzzer.ProgFlags
+	flags |= fuzzer.ProgMinimized
+	flags |= fuzzer.ProgSmashed
+	candidates := []fuzzer.Candidate{{
+		Prog:  prog,
+		Flags: flags,
+	}}
+	serv.Fuzzer.Load().AddCandidates(candidates)
+}
+
 var alphaNumRegExp = regexp.MustCompile(`^[a-zA-Z0-9]*$`)
 
 func isAlphanumeric(s string) bool {
diff --git a/syz-manager/manager.go b/syz-manager/manager.go
@@ -283,6 +283,7 @@ func RunManager(mode *Mode, cfg *mgrconfig.Config) {
 	mgr.http = &manager.HTTPServer{
 		Cfg:        cfg,
 		StartTime:  time.Now(),
+		CorpusDB:   mgr.corpusDB,
 		CrashStore: mgr.crashStore,
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -283,6 +283,7 @@ func RunManager(mode Mode, cfg mgrconfig.Config) {`
`283`	`283`	`mgr.http = &manager.HTTPServer{`
`284`	`284`	`Cfg: cfg,`
`285`	`285`	`StartTime: time.Now(),`
	`286`	`+ CorpusDB: mgr.corpusDB,`
`286`	`287`	`CrashStore: mgr.crashStore,`
`287`	`288`	`}`
`288`	`289`