Add casr-lua (#231)

Author: hkctkuy

.github/workflows/aarch64.yml

@@ -25,7 +25,7 @@ jobs:
         install: |
           export CARGO_TERM_COLOR=always
           export CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse
-          apt-get update && apt-get install -y gdb pip curl python3.12-dev clang llvm build-essential binutils lld
+          apt-get update && apt-get install -y gdb pip curl python3.12-dev clang llvm build-essential binutils lld lua5.4
           curl https://sh.rustup.rs -o rustup.sh && chmod +x rustup.sh && \
           ./rustup.sh -y && rm rustup.sh
         run: |

.github/workflows/amd64.yml

@@ -20,7 +20,7 @@ jobs:
     - name: Run tests
       run: |
         sudo apt update && sudo apt install -y gdb pip curl python3-dev llvm \
-            openjdk-17-jdk ca-certificates gnupg
+            openjdk-17-jdk ca-certificates gnupg lua5.4
         # Atheris fails to install on Ubuntu 24.04, see https://github.com/google/atheris/issues/82
         # pip3 install atheris
         sudo mkdir -p /etc/apt/keyrings

.github/workflows/coverage.yaml

@@ -19,7 +19,7 @@ jobs:
     - name: Install Dependences
       run: |
         sudo apt update && sudo apt install -y gdb pip curl python3-dev llvm \
-            openjdk-17-jdk ca-certificates gnupg
+            openjdk-17-jdk ca-certificates gnupg lua5.4
         pip3 install atheris
         sudo mkdir -p /etc/apt/keyrings
         curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg

.github/workflows/darwin-arm64.yml

@@ -20,7 +20,7 @@ jobs:
         run: |
           arch -x86_64 /usr/local/bin/brew update
           arch -x86_64 /usr/local/bin/brew install gdb curl python llvm \
-              openjdk ca-certificates gnupg nodejs --overwrite
+              openjdk ca-certificates gnupg nodejs lua5.4 --overwrite
       - name: Build
         run: cargo build --all-features --verbose
       - name: NPM packages

.github/workflows/riscv64.yml

@@ -25,8 +25,8 @@ jobs:
         install: |
           export CARGO_TERM_COLOR=always
           export CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse
-          apt-get update \
-            && apt-get install -y gdb pip curl python3-dev clang llvm build-essential
+          apt-get update && apt-get install -y gdb pip curl python3-dev clang llvm \
+              build-essential lua5.4
           curl https://sh.rustup.rs -o rustup.sh && chmod +x rustup.sh && \
           ./rustup.sh -y && rm rustup.sh
         run: |

.gitignore

@@ -5,6 +5,7 @@ Cargo.lock
 */tests/tmp_tests_casr
 */tests/casr_tests/csharp/*/bin
 */tests/casr_tests/csharp/*/obj
+*.swo
 *.swp
 node_modules
 */node_modules/*

README.md

@@ -31,12 +31,12 @@ ASAN reports or `casr-ubsan` to analyze UBSAN reports. Try `casr-gdb` to get
 reports from gdb. Use `casr-python` to analyze python reports and get report
 from [Atheris](https://github.com/google/atheris). Use `casr-java` to analyze
 java reports and get report from
-[Jazzer](https://github.com/CodeIntelligenceTesting/jazzer). Use `casr-js`
-to analyze JavaScript reports and get report from
+[Jazzer](https://github.com/CodeIntelligenceTesting/jazzer). Use `casr-js` to
+analyze JavaScript reports and get report from
 [Jazzer.js](https://github.com/CodeIntelligenceTesting/jazzer.js) or
-[jsfuzz](https://github.com/fuzzitdev/jsfuzz).
-Use `casr-csharp` to analyze C# reports and get report from
-[Sharpfuzz](https://github.com/Metalnem/sharpfuzz).
+[jsfuzz](https://github.com/fuzzitdev/jsfuzz). Use `casr-csharp` to analyze C#
+reports and get report from [Sharpfuzz](https://github.com/Metalnem/sharpfuzz).
+Use `casr-lua` to analyze Lua reports.
 
 Crash report contains many useful information: severity (like [exploitable](https://github.com/jfoote/exploitable))
 for x86, x86\_64, arm32, aarch64, rv32g, rv64g architectures,
@@ -80,12 +80,13 @@ It can analyze crashes from different sources:
 and program languages:
 
 * C/C++
-* Rust
+* C#
 * Go
-* Python
 * Java
 * JavaScript
-* C#
+* Lua
+* Python
+* Rust
 
 It could be built with `exploitable` feature for severity estimation crashes
 collected from gdb. To save crash reports as json use `serde` feature.
@@ -170,6 +171,10 @@ Create report from C#:
 
     $ casr-csharp -o csharp.casrep -- dotnet run --project casr/tests/casr_tests/csharp/test_casr_csharp/test_casr_csharp.csproj
 
+Create report from Lua:
+
+    $ casr-lua -o lua.casrep -- casr/tests/casr_tests/lua/test_casr_lua.lua
+
 View report:
 
     $ casr-cli casr/tests/casr_tests/casrep/test_clustering_san/load_fuzzer_crash-120697a7f5b87c03020f321c8526adf0f4bcc2dc.casrep

casr/src/bin/casr-cli.rs

@@ -429,6 +429,16 @@ fn build_tree_report(
         tree.collapse_item(row);
     }
 
+    if !report.lua_report.is_empty() {
+        row = tree
+            .insert_container_item("LuaReport".to_string(), Placement::After, row)
+            .unwrap();
+        report.lua_report.iter().for_each(|e| {
+            tree.insert_item(e.clone(), Placement::LastChild, row);
+        });
+        tree.collapse_item(row);
+    }
+
     if !report.java_report.is_empty() {
         row = tree
             .insert_container_item("JavaReport".to_string(), Placement::After, row)
@@ -652,6 +662,10 @@ fn build_slider_report(
         select.add_item("PythonReport", report.python_report.join("\n"));
     }
 
+    if !report.lua_report.is_empty() {
+        select.add_item("LuaReport", report.lua_report.join("\n"));
+    }
+
     if !report.java_report.is_empty() {
         select.add_item("JavaReport", report.java_report.join("\n"));
     }

casr/src/bin/casr-lua.rs

@@ -0,0 +1,155 @@
+use casr::util;
+use libcasr::{
+    init_ignored_frames,
+    lua::LuaException,
+    report::CrashReport,
+    severity::Severity,
+    stacktrace::Filter,
+    stacktrace::Stacktrace,
+    stacktrace::{CrashLine, CrashLineExt},
+};
+
+use anyhow::{bail, Result};
+use clap::{Arg, ArgAction, ArgGroup};
+use std::path::{Path, PathBuf};
+use std::process::Command;
+
+fn main() -> Result<()> {
+    let matches = clap::Command::new("casr-lua")
+        .version(clap::crate_version!())
+        .about("Create CASR reports (.casrep) from Lua reports")
+        .term_width(90)
+        .arg(
+            Arg::new("output")
+                .short('o')
+                .long("output")
+                .action(ArgAction::Set)
+                .value_parser(clap::value_parser!(PathBuf))
+                .value_name("REPORT")
+                .help(
+                    "Path to save report. Path can be a directory, then report name is generated",
+                ),
+        )
+        .arg(
+            Arg::new("stdout")
+                .action(ArgAction::SetTrue)
+                .long("stdout")
+                .help("Print CASR report to stdout"),
+        )
+        .group(
+            ArgGroup::new("out")
+                .args(["stdout", "output"])
+                .required(true),
+        )
+        .arg(
+            Arg::new("stdin")
+                .long("stdin")
+                .action(ArgAction::Set)
+                .value_parser(clap::value_parser!(PathBuf))
+                .value_name("FILE")
+                .help("Stdin file for program"),
+        )
+        .arg(
+            Arg::new("timeout")
+                .short('t')
+                .long("timeout")
+                .action(ArgAction::Set)
+                .default_value("0")
+                .value_name("SECONDS")
+                .help("Timeout (in seconds) for target execution, 0 value means that timeout is disabled")
+                .value_parser(clap::value_parser!(u64))
+        )
+        .arg(
+            Arg::new("ignore")
+                .long("ignore")
+                .action(ArgAction::Set)
+                .value_parser(clap::value_parser!(PathBuf))
+                .value_name("FILE")
+                .help("File with regular expressions for functions and file paths that should be ignored"),
+        )
+        .arg(
+            Arg::new("strip-path")
+                .long("strip-path")
+                .env("CASR_STRIP_PATH")
+                .action(ArgAction::Set)
+                .value_name("PREFIX")
+                .help("Path prefix to strip from stacktrace"),
+        )
+        .arg(
+            Arg::new("ARGS")
+                .action(ArgAction::Set)
+                .num_args(1..)
+                .last(true)
+                .required(true)
+                .help("Add \"-- <path> <arguments>\" to run"),
+        )
+        .get_matches();
+
+    init_ignored_frames!("lua");
+    if let Some(path) = matches.get_one::<PathBuf>("ignore") {
+        util::add_custom_ignored_frames(path)?;
+    }
+    // Get program args.
+    let argv: Vec<&str> = if let Some(argvs) = matches.get_many::<String>("ARGS") {
+        argvs.map(|s| s.as_str()).collect()
+    } else {
+        bail!("Wrong arguments for starting program");
+    };
+
+    // Get stdin for target program.
+    let stdin_file = util::stdin_from_matches(&matches)?;
+
+    // Get timeout
+    let timeout = *matches.get_one::<u64>("timeout").unwrap();
+
+    // Run program.
+    let mut cmd = Command::new(argv[0]);
+    if let Some(ref file) = stdin_file {
+        cmd.stdin(std::fs::File::open(file)?);
+    }
+    if argv.len() > 1 {
+        cmd.args(&argv[1..]);
+    }
+    let result = util::get_output(&mut cmd, timeout, true)?;
+    let stderr = String::from_utf8_lossy(&result.stderr);
+
+    // Create report.
+    let mut report = CrashReport::new();
+    report.executable_path = argv[0].to_string();
+    if argv.len() > 1 {
+        if let Some(fname) = Path::new(argv[0]).file_name() {
+            let fname = fname.to_string_lossy();
+            if fname.starts_with("lua") && !fname.ends_with(".lua") && argv[1].ends_with(".lua") {
+                report.executable_path = argv[1].to_string();
+            }
+        }
+    }
+    report.proc_cmdline = argv.join(" ");
+    let _ = report.add_os_info();
+    let _ = report.add_proc_environ();
+
+    // Extract lua exception
+    let Some(exception) = LuaException::new(&stderr) else {
+        bail!("Lua exception is not found!");
+    };
+
+    // Parse exception
+    report.lua_report = exception.lua_report();
+    report.stacktrace = exception.extract_stacktrace()?;
+    report.execution_class = exception.severity()?;
+    if let Ok(crashline) = exception.crash_line() {
+        report.crashline = crashline.to_string();
+        if let CrashLine::Source(debug) = crashline {
+            if let Some(sources) = CrashReport::sources(&debug) {
+                report.source = sources;
+            }
+        }
+    }
+    let stacktrace = exception.parse_stacktrace()?;
+    if let Some(path) = matches.get_one::<String>("strip-path") {
+        util::strip_paths(&mut report, &stacktrace, path);
+    }
+
+    //Output report
+    util::output_report(&report, &matches, &argv)
+}

casr/tests/casr_tests/lua/test_casr_lua.lua

@@ -0,0 +1,23 @@
+#!/bin/env lua
+
+function f(a, b)
+    a = a .. 'qwer'
+    b = b * 123
+    c = a / b
+    return c
+end
+
+function g(a)
+    a = a .. 'qwer'
+    b = 123
+    c = f(a, b)
+    return c
+end
+
+function h()
+    a = 'qwer'
+    c = g(a)
+    return c
+end
+
+print(h())