Update dependencies to suppress cargo audit and deprecated code warni…

…ngs (#232) * Update dependencies to suppress cargo audit and deprecated code warnings Also, fix CI: Atheris fails to compile with fresh Python on latest Ubuntu 24.04 * Use Ubuntu 22.04 in CI * Skip Atheris tests on Ubuntu 24.04 Atheris fails to install on Ubuntu 24.04, see google/atheris#82 * Fix clippy * Fix tests (#234) * Fix csharp_native on 22.04 & fix test_casr_san_rust_panic with rust 1.81 (#237) --------- Co-authored-by: PaDarochek <69221349+PaDarochek@users.noreply.github.com>
ispras · Jan 29, 2025 · a25433e · a25433e
1 parent af9e9e4
commit a25433e
Show file tree

Hide file tree

Showing 7 changed files with 63 additions and 20 deletions.
diff --git a/.github/workflows/amd64.yml b/.github/workflows/amd64.yml
@@ -19,9 +19,10 @@ jobs:
       run: cargo build --all-features --verbose
     - name: Run tests
       run: |
-        sudo apt update && sudo apt install -y gdb pip curl python3.10-dev llvm \
+        sudo apt update && sudo apt install -y gdb pip curl python3-dev llvm \
             openjdk-17-jdk ca-certificates gnupg
-        pip3 install atheris
+        # Atheris fails to install on Ubuntu 24.04, see https://github.com/google/atheris/issues/82
+        # pip3 install atheris
         sudo mkdir -p /etc/apt/keyrings
         curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
         export NODE_MAJOR=20

diff --git a/.github/workflows/coverage.yaml b/.github/workflows/coverage.yaml
@@ -11,13 +11,14 @@ env:
 jobs:
   ubuntu-latest:
 
-    runs-on: ubuntu-latest
+    # Atheris fails to install on Ubuntu 24.04, thus, this pipeline can test Atheris on 22.04
+    runs-on: ubuntu-22.04
 
     steps:
     - uses: actions/checkout@v4
     - name: Install Dependences
       run: |
-        sudo apt update && sudo apt install -y gdb pip curl python3.10-dev llvm \
+        sudo apt update && sudo apt install -y gdb pip curl python3-dev llvm \
             openjdk-17-jdk ca-certificates gnupg
         pip3 install atheris
         sudo mkdir -p /etc/apt/keyrings
@@ -32,7 +33,7 @@ jobs:
         sudo apt update && sudo apt install -y --no-install-recommends dotnet-sdk-8.0
         curl https://sh.rustup.rs -o rustup.sh && chmod +x rustup.sh && \
         ./rustup.sh -y && rm rustup.sh
-        rustup install nightly
+        rustup install nightly-2024-09-05
         export PATH=/root/.cargo/bin:$PATH
         cargo install cargo-fuzz grcov
     - name: Build and Run Tests
@@ -43,9 +44,9 @@ jobs:
         LLVM_PROFILE_FILE: 'casr-%p-%m.profraw'
       run: |
         rustup component add llvm-tools-preview
-        cargo +nightly build --all-features --verbose
-        cargo +nightly test --verbose --lib -- --test-threads 1
-        cargo +nightly test --verbose --package casr
+        cargo +nightly-2024-09-05 build --all-features --verbose
+        cargo +nightly-2024-09-05 test --verbose --lib -- --test-threads 1
+        cargo +nightly-2024-09-05 test --verbose --package casr
     - name: Collect Coverage
       run: |
         mkdir target/coverage

diff --git a/casr/Cargo.toml b/casr/Cargo.toml
@@ -18,14 +18,14 @@ chrono =  "0.4"
 goblin = "0.8"
 log = "0.4"
 simplelog = "0.12"
-cursive = { version = "0.20", default-features = false, features = ["termion-backend"] }
-cursive_tree_view = "0.8"
+cursive = { version = "0.21", default-features = false, features = ["termion-backend"] }
+cursive_tree_view = "0.9"
 gdb-command = "0.7"
 nix = "0.26"
 rayon = "1.10"
 num_cpus = "1.16"
 is_executable = "1.0"
-linux-personality = "1.0"
+linux-personality = "2.0"
 colored = "2.0"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
@@ -53,3 +53,4 @@ required-features = ["dojo"]
 
 [dev-dependencies]
 lazy_static = "1.4"
+lsb_release = "0.1"
diff --git a/casr/src/bin/casr-cli.rs b/casr/src/bin/casr-cli.rs
@@ -385,7 +385,7 @@ fn build_tree_report(
         }
 
         for line in report.disassembly.iter() {
-            tree.insert_item(line.clone(), Placement::LastChild, row);
+            tree.insert_item(line.replace('\t', "    "), Placement::LastChild, row);
         }
     }
 
@@ -627,7 +627,10 @@ fn build_slider_report(
         });
 
     if !report.disassembly.is_empty() {
-        state.push_str(&format!("\n{}", &report.disassembly.join("\n")));
+        state.push_str(&format!(
+            "\n{}",
+            &report.disassembly.join("\n").replace('\t', "    ")
+        ));
     }
     if !state.is_empty() {
         select.add_item("CrashState", state);

diff --git a/casr/src/bin/casr-san.rs b/casr/src/bin/casr-san.rs
@@ -147,11 +147,11 @@ fn main() -> Result<()> {
     }
     #[cfg(target_os = "linux")]
     {
-        use linux_personality::{personality, ADDR_NO_RANDOMIZE};
+        use linux_personality::{personality, Personality};
 
         unsafe {
             sanitizers_cmd.pre_exec(|| {
-                if personality(ADDR_NO_RANDOMIZE).is_err() {
+                if personality(Personality::ADDR_NO_RANDOMIZE).is_err() {
                     panic!("Cannot set personality");
                 }
                 Ok(())

diff --git a/casr/tests/tests.rs b/casr/tests/tests.rs
@@ -1325,7 +1325,7 @@ fn test_return_av_gdb() {
         );
 
         // Disassembly test
-        assert!(disasm[0].contains("ret "), "Bad disassembly");
+        assert!(disasm[0].contains("ret"), "Bad disassembly");
         assert!(
             disasm[1].contains("nop") && disasm[1].contains("[rax+rax*1+0x0]"),
             "Bad disassembly"
@@ -3055,7 +3055,9 @@ fn test_casr_san() {
             .to_string();
 
         assert_eq!(
-            3 + 2 * (std::env::consts::ARCH == "aarch64") as usize,
+            3 + 2
+                * (std::env::consts::ARCH == "aarch64"
+                    || lsb_release::info().unwrap().version == "24.04") as usize,
             report["Stacktrace"].as_array().unwrap().iter().count()
         );
         assert_eq!(severity_type, "NOT_EXPLOITABLE");
@@ -3496,9 +3498,21 @@ fn test_casr_san_rust_panic() {
         ),
     ];
 
+    let rustup_output = Command::new("rustup")
+        .args(["toolchain", "list"])
+        .output()
+        .expect("failed to execute rustup");
+    let rustup_stdout = String::from_utf8_lossy(&rustup_output.stdout).to_string();
+    let re = Regex::new(r"(?P<toolchain>nightly-\d{4}-\d{2}-\d{2})").unwrap();
+    let toolchain = if let Some(tc) = re.captures(rustup_stdout.as_str()) {
+        tc.name("toolchain").map(|x| x.as_str()).unwrap()
+    } else {
+        "nightly"
+    };
+
     let cargo = Command::new("cargo")
         .args([
-            "+nightly",
+            ("+".to_owned() + toolchain).as_str(),
             "fuzz",
             "build",
             "--target",
@@ -4159,6 +4173,10 @@ fn test_casr_libfuzzer() {
 #[test]
 #[cfg(target_arch = "x86_64")]
 fn test_casr_libfuzzer_atheris() {
+    if lsb_release::info().unwrap().version == "24.04" {
+        // Atheris fails to install, see https://github.com/google/atheris/issues/82
+        return;
+    }
     use std::collections::HashMap;
 
     let paths = [
@@ -4439,6 +4457,10 @@ fn test_casr_java_native_lib() {
 #[test]
 #[cfg(target_arch = "x86_64")]
 fn test_casr_python_atheris() {
+    if lsb_release::info().unwrap().version == "24.04" {
+        // Atheris fails to install, see https://github.com/google/atheris/issues/82
+        return;
+    }
     // Division by zero atheris test
     let paths = [
         abs_path("tests/casr_tests/python/test_casr_python_atheris.py"),
@@ -4480,6 +4502,10 @@ fn test_casr_python_atheris() {
 #[test]
 #[cfg(target_arch = "x86_64")]
 fn test_casr_san_python_df() {
+    if lsb_release::info().unwrap().version == "24.04" {
+        // Atheris fails to install, see https://github.com/google/atheris/issues/82
+        return;
+    }
     // Double free python C extension test
     // Copy files to tmp dir
     let work_dir = abs_path("tests/casr_tests/python");
@@ -4577,6 +4603,10 @@ fn test_casr_san_python_df() {
 #[test]
 #[cfg(target_arch = "x86_64")]
 fn test_casr_san_atheris_df() {
+    if lsb_release::info().unwrap().version == "24.04" {
+        // Atheris fails to install, see https://github.com/google/atheris/issues/82
+        return;
+    }
     // Double free python C extension test
     // Copy files to tmp dir
     let work_dir = abs_path("tests/casr_tests/python");
@@ -4678,6 +4708,10 @@ fn test_casr_san_atheris_df() {
 #[test]
 #[cfg(target_arch = "x86_64")]
 fn test_casr_python_call_san_df() {
+    if lsb_release::info().unwrap().version == "24.04" {
+        // Atheris fails to install, see https://github.com/google/atheris/issues/82
+        return;
+    }
     // Double free python C extension test
     // Copy files to tmp dir
     let work_dir = abs_path("tests/casr_tests/python");
@@ -5898,7 +5932,10 @@ fn test_casr_csharp_native() {
             .unwrap()
             .to_string();
 
-        assert_eq!(19, report["Stacktrace"].as_array().unwrap().iter().count());
+        assert_eq!(
+            19 + (lsb_release::info().unwrap().version == "24.04") as usize,
+            report["Stacktrace"].as_array().unwrap().iter().count()
+        );
         assert_eq!(severity_type, "NOT_EXPLOITABLE");
         assert_eq!(severity_desc, "AccessViolation");
         assert!(report["CrashLine"]

diff --git a/libcasr/src/python.rs b/libcasr/src/python.rs
@@ -70,9 +70,9 @@ impl ParseStacktrace for PythonStacktrace {
     fn parse_stacktrace(entries: &[String]) -> Result<Stacktrace> {
         let mut stacktrace = Stacktrace::new();
 
+        let re = Regex::new(r"\[Previous line repeated (\d+) more times\]").unwrap();
         for entry in entries.iter() {
             if entry.starts_with('[') {
-                let re = Regex::new(r"\[Previous line repeated (\d+) more times\]").unwrap();
                 let Some(rep) = re.captures(entry) else {
                     return Err(Error::Casr(format!(
                         "Couldn't parse stacktrace line: {entry}"