From ce3f4608c3e1df4295198d4ef901c0b8eecf2752 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Wed, 12 Feb 2025 00:24:44 +0100 Subject: [PATCH 01/54] fixed string encode/decode errors and updated the package version as the owners removed most of the versions and let this one remain in the upstream --- ssh-mapper/dev-requirements.txt | 2 +- ssh-mapper/mapper/mapper.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ssh-mapper/dev-requirements.txt b/ssh-mapper/dev-requirements.txt index 646a4c5..6b2db81 100644 --- a/ssh-mapper/dev-requirements.txt +++ b/ssh-mapper/dev-requirements.txt @@ -13,7 +13,7 @@ black>=22.8,<22.9 codespell>=2.2,<2.3 # Coverage! coverage>=6.2,<7 -codecov==2.1.12 +codecov==2.1.13 # Documentation tools alabaster==0.7.13 releases>=2.1 diff --git a/ssh-mapper/mapper/mapper.py b/ssh-mapper/mapper/mapper.py index 48f352a..b301366 100755 --- a/ssh-mapper/mapper/mapper.py +++ b/ssh-mapper/mapper/mapper.py @@ -243,8 +243,8 @@ def listen(self): result = '' for ci, command in enumerate(commands): print('[%s]' % self.transport) - print('Sending %s...' % command.decode('UTF-8')) - response = self.process_learlib_query(command.decode('UTF-8')) + print('Sending %s...' % command) + response = self.process_learlib_query(command) result += response # If this is not the last command, add a space if ci != len(commands)-1: From 11b3497c6758b1dc34edd91a9fc0ea36f6789bb3 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Wed, 12 Feb 2025 00:29:25 +0100 Subject: [PATCH 02/54] so far only types for generics introduced --- ssh-learner/src/learner/Main.java | 8 ++++++-- ssh-learner/src/learner/SshSulBuilder.java | 18 +++++++++++++----- .../src/learner/SshSulClientConfig.java | 4 ++-- .../src/learner/SshSulServerConfig.java | 4 ++-- 4 files changed, 23 insertions(+), 11 deletions(-) diff --git a/ssh-learner/src/learner/Main.java b/ssh-learner/src/learner/Main.java index 2f161cf..3287003 100644 --- a/ssh-learner/src/learner/Main.java +++ b/ssh-learner/src/learner/Main.java @@ -1,6 +1,7 @@ package learner; import com.github.protocolfuzzing.protocolstatefuzzer.components.learner.LearnerResult; +import com.github.protocolfuzzing.protocolstatefuzzer.components.learner.statistics.MealyMachineWrapper; import com.github.protocolfuzzing.protocolstatefuzzer.entrypoints.CommandLineParser; import java.io.IOException; import java.util.List; @@ -10,7 +11,10 @@ public static void main(String[] args) throws IOException { // multibuilder implements all necessary builders MultiBuilder mb = new MultiBuilder(); - CommandLineParser commandLineParser = new CommandLineParser(mb, mb, mb, mb); - List results = commandLineParser.parse(args); + CommandLineParser> commandLineParser = new CommandLineParser<>(mb, mb, + mb, mb); + List>> results = commandLineParser.parse(args); + + System.out.println("results are: " + results.toString()); } } diff --git a/ssh-learner/src/learner/SshSulBuilder.java b/ssh-learner/src/learner/SshSulBuilder.java index 45e6b1a..b19aab0 100644 --- a/ssh-learner/src/learner/SshSulBuilder.java +++ b/ssh-learner/src/learner/SshSulBuilder.java @@ -1,21 +1,29 @@ package learner; +import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.core.AbstractSul; import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.core.SulBuilder; import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.core.config.SulConfig; +import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.context.ExecutionContext; import com.github.protocolfuzzing.protocolstatefuzzer.utils.CleanupTasks; import java.io.IOException; -public class SshSulBuilder implements SulBuilder { +public class SshSulBuilder implements SulBuilder> { @Override - public SshMapperSul build(SulConfig sulConfig, CleanupTasks cleanupTasks) { + public AbstractSul> build(SulConfig sulConfig, + CleanupTasks cleanupTasks) { try { + AbstractSul> sshSulConfig = null; if (sulConfig.isFuzzingClient()) { - return new SshMapperSul((SshSulClientConfig) sulConfig, cleanupTasks); + sshSulConfig = new SshMapperSul( + (SshSulClientConfig) sulConfig, cleanupTasks); + return sshSulConfig; } else { - return new SshMapperSul((SshSulServerConfig) sulConfig, cleanupTasks); + sshSulConfig = new SshMapperSul( + (SshSulServerConfig) sulConfig, cleanupTasks); + return sshSulConfig; } - } catch (IOException e) { + } catch (IOException e) { throw new MapperException("Error creating SshMapperSul", e); } } diff --git a/ssh-learner/src/learner/SshSulClientConfig.java b/ssh-learner/src/learner/SshSulClientConfig.java index 6a6db74..f0e95f7 100644 --- a/ssh-learner/src/learner/SshSulClientConfig.java +++ b/ssh-learner/src/learner/SshSulClientConfig.java @@ -1,9 +1,9 @@ package learner; import com.beust.jcommander.ParametersDelegate; -import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.core.config.SulClientConfigEmpty; +import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.core.config.SulClientConfigStandard; -public class SshSulClientConfig extends SulClientConfigEmpty implements SshMapperConfigProvider { +public class SshSulClientConfig extends SulClientConfigStandard implements SshMapperConfigProvider { @ParametersDelegate private SshMapperConfig sshMapperConfig; diff --git a/ssh-learner/src/learner/SshSulServerConfig.java b/ssh-learner/src/learner/SshSulServerConfig.java index f8f884c..8a3dc91 100644 --- a/ssh-learner/src/learner/SshSulServerConfig.java +++ b/ssh-learner/src/learner/SshSulServerConfig.java @@ -1,9 +1,9 @@ package learner; import com.beust.jcommander.ParametersDelegate; -import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.core.config.SulServerConfigEmpty; +import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.core.config.SulServerConfigStandard; -public class SshSulServerConfig extends SulServerConfigEmpty implements SshMapperConfigProvider { +public class SshSulServerConfig extends SulServerConfigStandard implements SshMapperConfigProvider { @ParametersDelegate private SshMapperConfig sshMapperConfig; From 753a0a98922c56ec6e5e1eb0056ff63a88614e6a Mon Sep 17 00:00:00 2001 From: shasan101 Date: Wed, 12 Feb 2025 00:30:46 +0100 Subject: [PATCH 03/54] introduced types for generics and called the initialize() func in the StateFuzzer build() --- ssh-learner/src/learner/MultiBuilder.java | 33 ++++++++++++++++------- 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/ssh-learner/src/learner/MultiBuilder.java b/ssh-learner/src/learner/MultiBuilder.java index a643d85..69b95a7 100644 --- a/ssh-learner/src/learner/MultiBuilder.java +++ b/ssh-learner/src/learner/MultiBuilder.java @@ -3,9 +3,11 @@ import com.github.protocolfuzzing.protocolstatefuzzer.components.learner.alphabet.AlphabetBuilder; import com.github.protocolfuzzing.protocolstatefuzzer.components.learner.alphabet.AlphabetBuilderStandard; import com.github.protocolfuzzing.protocolstatefuzzer.components.learner.alphabet.xml.AlphabetSerializerXml; +import com.github.protocolfuzzing.protocolstatefuzzer.components.learner.statistics.MealyMachineWrapper; import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.core.SulBuilder; import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.core.SulWrapper; import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.core.SulWrapperStandard; +import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.context.ExecutionContext; import com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.core.StateFuzzer; import com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.core.StateFuzzerBuilder; import com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.core.StateFuzzerComposerStandard; @@ -16,21 +18,25 @@ import com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.core.config.StateFuzzerServerConfig; import com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.testrunner.core.TestRunner; import com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.testrunner.core.TestRunnerBuilder; +import com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.testrunner.core.TestRunnerStandard; import com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.testrunner.core.config.TestRunnerEnabler; import com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.testrunner.timingprobe.TimingProbe; import com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.testrunner.timingprobe.TimingProbeBuilder; +import com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.testrunner.timingprobe.TimingProbeStandard; import com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.testrunner.timingprobe.config.TimingProbeEnabler; public class MultiBuilder - implements StateFuzzerConfigBuilder, StateFuzzerBuilder, TestRunnerBuilder, TimingProbeBuilder { + implements StateFuzzerConfigBuilder, + StateFuzzerBuilder>, + TestRunnerBuilder, TimingProbeBuilder { // AlphabetPojoXmlImpl needs to be implemented - protected AlphabetBuilder alphabetBuilder = new AlphabetBuilderStandard( - new AlphabetSerializerXml<>(SshAlphabetPojoXml.class)); + protected AlphabetBuilder alphabetBuilder = new AlphabetBuilderStandard( + new AlphabetSerializerXml(SshInput.class, SshAlphabetPojoXml.class)); // SulBuilderImpl needs to be implemented - protected SulBuilder sulBuilder = new SshSulBuilder(); - protected SulWrapper sulWrapper = new SulWrapperStandard(); + protected SulBuilder> sulBuilder = new SshSulBuilder(); + protected SulWrapper> sulWrapper = new SulWrapperStandard<>(); // SulClientConfigImpl and MapperConfigImpl need to be implemented @Override @@ -45,18 +51,25 @@ public StateFuzzerServerConfig buildServerConfig() { } @Override - public StateFuzzer build(StateFuzzerEnabler stateFuzzerEnabler) { - return new StateFuzzerStandard( - new StateFuzzerComposerStandard(stateFuzzerEnabler, alphabetBuilder, sulBuilder, sulWrapper)); + public StateFuzzer> build(StateFuzzerEnabler stateFuzzerEnabler) { + StateFuzzerComposerStandard> stateFuzzerComposer = new StateFuzzerComposerStandard<>( + stateFuzzerEnabler, alphabetBuilder, + sulBuilder, sulWrapper).initialize(); + + StateFuzzerStandard stateFuzzerStd = new StateFuzzerStandard<>(stateFuzzerComposer); + return stateFuzzerStd; } @Override public TestRunner build(TestRunnerEnabler testRunnerEnabler) { - return new TestRunner(testRunnerEnabler, alphabetBuilder, sulBuilder, sulWrapper); + return new TestRunnerStandard>( + testRunnerEnabler, alphabetBuilder, + sulBuilder, sulWrapper).initialize(); } @Override public TimingProbe build(TimingProbeEnabler timingProbeEnabler) { - return new TimingProbe(timingProbeEnabler, alphabetBuilder, sulBuilder, sulWrapper); + return new TimingProbeStandard>( + timingProbeEnabler, alphabetBuilder, sulBuilder, sulWrapper).initialize(); } } From cc288f65f05e2c38e1ebd10d739bb5244135d536 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Wed, 12 Feb 2025 00:42:12 +0100 Subject: [PATCH 04/54] added types to classes dealing with reading the input alphabet(s) from the xml file --- .../src/learner/SshAlphabetPojoXml.java | 14 ++++------- ssh-learner/src/learner/SshInput.java | 23 +++++++------------ 2 files changed, 13 insertions(+), 24 deletions(-) diff --git a/ssh-learner/src/learner/SshAlphabetPojoXml.java b/ssh-learner/src/learner/SshAlphabetPojoXml.java index 53da731..20164e9 100644 --- a/ssh-learner/src/learner/SshAlphabetPojoXml.java +++ b/ssh-learner/src/learner/SshAlphabetPojoXml.java @@ -1,7 +1,6 @@ package learner; import com.github.protocolfuzzing.protocolstatefuzzer.components.learner.alphabet.xml.AlphabetPojoXml; -import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.abstractsymbols.AbstractInput; import jakarta.xml.bind.annotation.XmlAccessType; import jakarta.xml.bind.annotation.XmlAccessorType; import jakarta.xml.bind.annotation.XmlAttribute; @@ -12,10 +11,9 @@ import java.util.List; import java.util.stream.Collectors; - @XmlRootElement(name = "alphabet") @XmlAccessorType(XmlAccessType.FIELD) -public class SshAlphabetPojoXml extends AlphabetPojoXml { +public class SshAlphabetPojoXml extends AlphabetPojoXml { @XmlElements(value = { @XmlElement(type = SshInputPojoXml.class, name = "SshInput") @@ -26,16 +24,14 @@ public SshAlphabetPojoXml() { xmlInputs = new ArrayList<>(); } - - public List getInputs() { - return xmlInputs.stream().map(xmlInput -> new SshInput(xmlInput.name)).collect(Collectors.toList()); + public List getInputs() { + List allInputs = xmlInputs.stream().map(xmlInput -> new SshInput(xmlInput.name)) + .collect(Collectors.toList()); + return allInputs; } public static class SshInputPojoXml { @XmlAttribute(name = "name", required = true) private String name; - - public SshInputPojoXml( ) { - } } } diff --git a/ssh-learner/src/learner/SshInput.java b/ssh-learner/src/learner/SshInput.java index e0d483a..6a116b5 100644 --- a/ssh-learner/src/learner/SshInput.java +++ b/ssh-learner/src/learner/SshInput.java @@ -1,40 +1,33 @@ package learner; -import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.core.protocol.ProtocolMessage; -import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.abstractsymbols.AbstractInput; -import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.abstractsymbols.AbstractOutput; -import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.abstractsymbols.AbstractOutputChecker; +import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.abstractsymbols.AbstractInputXml; +import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.abstractsymbols.OutputChecker; import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.context.ExecutionContext; -public class SshInput extends AbstractInput { +public class SshInput extends AbstractInputXml> { public SshInput(String name) { super(name); } @Override - public void preSendUpdate(ExecutionContext context) { + public void preSendUpdate(ExecutionContext context) { throw new UnsupportedOperationException(); } @Override - public ProtocolMessage generateProtocolMessage(ExecutionContext context) { + public String generateProtocolMessage(ExecutionContext context) { throw new UnsupportedOperationException(); } @Override - public void postSendUpdate(ExecutionContext context) { + public void postSendUpdate(ExecutionContext context) { throw new UnsupportedOperationException(); } @Override - public void postReceiveUpdate(AbstractOutput output, AbstractOutputChecker abstractOutputChecker, - ExecutionContext context) { - throw new UnsupportedOperationException(); - } - - @Override - public Enum getInputType() { + public void postReceiveUpdate(SshOutput output, OutputChecker outputChecker, + ExecutionContext context) { throw new UnsupportedOperationException(); } } From 49dcc9e702b3b94eee2970d7bbe7800e166596ec Mon Sep 17 00:00:00 2001 From: shasan101 Date: Wed, 12 Feb 2025 01:02:09 +0100 Subject: [PATCH 05/54] introduced types to generics and added contructor code before the introduction of generics --- ssh-learner/src/learner/SshMapperSul.java | 77 ++++++++++++++++++++--- 1 file changed, 67 insertions(+), 10 deletions(-) diff --git a/ssh-learner/src/learner/SshMapperSul.java b/ssh-learner/src/learner/SshMapperSul.java index 6106792..38b19aa 100644 --- a/ssh-learner/src/learner/SshMapperSul.java +++ b/ssh-learner/src/learner/SshMapperSul.java @@ -1,20 +1,47 @@ package learner; import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.core.AbstractSul; +import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.core.SulAdapter; import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.core.config.SulConfig; +import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.core.sulwrappers.DynamicPortProvider; import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.core.sulwrappers.ProcessHandler; -import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.abstractsymbols.AbstractInput; -import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.abstractsymbols.AbstractOutput; +import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.Mapper; +import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.context.ExecutionContext; import com.github.protocolfuzzing.protocolstatefuzzer.utils.CleanupTasks; import java.io.IOException; import java.net.Socket; import java.net.UnknownHostException; -public class SshMapperSul extends AbstractSul { +public class SshMapperSul implements AbstractSul> { private SocketMapperSul socketSul; - public SshMapperSul(T sulConfig, CleanupTasks cleanupTasks) throws UnknownHostException, IOException { - super(sulConfig, cleanupTasks); + /** Stores the constructor parameter. */ + protected SulConfig sulConfig; + + /** Stores the constructor parameter. */ + protected CleanupTasks cleanupTasks; + + /** Stores the provided dynamic port provider. */ + protected DynamicPortProvider dynamicPortProvider; + + /** Stores the Mapper instance. */ + protected Mapper> mapper; + + /** Stores the SulAdapter instance. */ + protected SulAdapter sulAdapter; + + public SshMapperSul(T sulConfig, CleanupTasks cleanupTasks) + throws UnknownHostException, IOException { + + // copied from the commit before the introduction of generics + // ------------------------------------------------------------------- + this.sulConfig = sulConfig; + this.cleanupTasks = cleanupTasks; + // mapper and sulAdapter will be provided in subclasses + this.mapper = null; + this.sulAdapter = null; + // ------------------------------------------------------------------- + String mapperAddress = sulConfig.getSshMapperConfig().getMapperAddress(); String[] addressSplit = mapperAddress.split("\\:"); if (addressSplit.length != 2) { @@ -54,17 +81,47 @@ public void pre() { public void post() { } + private static class MapperProcessHandler extends ProcessHandler { + + protected MapperProcessHandler(String command, long startWait) { + super(command, startWait); + } + + } + @Override - public AbstractOutput step(AbstractInput in) { + public SshOutput step(SshInput in) { String output = socketSul.sendInput(in.getName()); return new SshOutput(output); } - private static class MapperProcessHandler extends ProcessHandler { + @Override + public SulConfig getSulConfig() { + return sulConfig; + } - protected MapperProcessHandler(String command, long startWait) { - super(command, startWait); - } + @Override + public CleanupTasks getCleanupTasks() { + return cleanupTasks; + } + + @Override + public void setDynamicPortProvider(DynamicPortProvider dynamicPortProvider) { + this.dynamicPortProvider = dynamicPortProvider; + } + + @Override + public DynamicPortProvider getDynamicPortProvider() { + return dynamicPortProvider; + } + @Override + public Mapper> getMapper() { + return mapper; + } + + @Override + public SulAdapter getSulAdapter() { + return sulAdapter; } } From 6571e1834514d17f92177e66ff064d34d36f9cab Mon Sep 17 00:00:00 2001 From: shasan101 Date: Wed, 12 Feb 2025 01:07:55 +0100 Subject: [PATCH 06/54] added types for generics and implemented the required override funcs --- ssh-learner/src/learner/SshOutput.java | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/ssh-learner/src/learner/SshOutput.java b/ssh-learner/src/learner/SshOutput.java index a0e1efa..38f4b71 100644 --- a/ssh-learner/src/learner/SshOutput.java +++ b/ssh-learner/src/learner/SshOutput.java @@ -2,8 +2,19 @@ import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.abstractsymbols.AbstractOutput; -public class SshOutput extends AbstractOutput { - public SshOutput(String name) { - super(name); - } +public class SshOutput extends AbstractOutput { + + public SshOutput(String name) { + super(name); + } + + @Override + protected SshOutput buildOutput(String name) { + return new SshOutput(name); + } + + @Override + protected SshOutput convertOutput() { + return new SshOutput(this.name); + } } From 2efe652679b4e20687c30fe2fbe6673e95c59e87 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Wed, 12 Feb 2025 01:09:33 +0100 Subject: [PATCH 07/54] reformatting from the ide --- ssh-learner/src/learner/SshStateFuzzerClientConfig.java | 5 +++-- ssh-learner/src/learner/SshStateFuzzerServerConfig.java | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/ssh-learner/src/learner/SshStateFuzzerClientConfig.java b/ssh-learner/src/learner/SshStateFuzzerClientConfig.java index 094509c..1c9ebf0 100644 --- a/ssh-learner/src/learner/SshStateFuzzerClientConfig.java +++ b/ssh-learner/src/learner/SshStateFuzzerClientConfig.java @@ -4,11 +4,12 @@ import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.core.config.SulClientConfig; import com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.core.config.StateFuzzerClientConfigStandard; import com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.testrunner.core.config.TestRunnerConfigStandard; -import com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.testrunner.timingprobe.config.TimingProbeConfigEmpty; +import com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.testrunner.timingprobe.config.TimingProbeConfigStandard; public class SshStateFuzzerClientConfig extends StateFuzzerClientConfigStandard { public SshStateFuzzerClientConfig(SulClientConfig sulClientConfig) { - super(new LearnerConfigStandard(), sulClientConfig, new TestRunnerConfigStandard(), new TimingProbeConfigEmpty()); + super(new LearnerConfigStandard(), sulClientConfig, new TestRunnerConfigStandard(), + new TimingProbeConfigStandard()); } } diff --git a/ssh-learner/src/learner/SshStateFuzzerServerConfig.java b/ssh-learner/src/learner/SshStateFuzzerServerConfig.java index 212c02f..02a3605 100644 --- a/ssh-learner/src/learner/SshStateFuzzerServerConfig.java +++ b/ssh-learner/src/learner/SshStateFuzzerServerConfig.java @@ -4,11 +4,11 @@ import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.core.config.SulServerConfig; import com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.core.config.StateFuzzerServerConfigStandard; import com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.testrunner.core.config.TestRunnerConfigStandard; -import com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.testrunner.timingprobe.config.TimingProbeConfigEmpty; +import com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.testrunner.timingprobe.config.TimingProbeConfigStandard; public class SshStateFuzzerServerConfig extends StateFuzzerServerConfigStandard { public SshStateFuzzerServerConfig(SulServerConfig sulServerConfig) { - super(new LearnerConfigStandard(), sulServerConfig, new TestRunnerConfigStandard(), new TimingProbeConfigEmpty()); + super(new LearnerConfigStandard(), sulServerConfig, new TestRunnerConfigStandard(), new TimingProbeConfigStandard()); } } From a1989ba078aee3a979a7210459437f3dc460d173 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Wed, 12 Feb 2025 03:03:28 +0100 Subject: [PATCH 08/54] committing the placeholder classes created in trying to get rid of the mapper null pointer exception --- ssh-learner/src/learner/SshMapper.java | 35 ++++++++++++++++++ ssh-learner/src/learner/SshMapperSul.java | 4 +- ssh-learner/src/learner/SshSulAdapter.java | 43 ++++++++++++++++++++++ 3 files changed, 80 insertions(+), 2 deletions(-) create mode 100644 ssh-learner/src/learner/SshMapper.java create mode 100644 ssh-learner/src/learner/SshSulAdapter.java diff --git a/ssh-learner/src/learner/SshMapper.java b/ssh-learner/src/learner/SshMapper.java new file mode 100644 index 0000000..0c2df44 --- /dev/null +++ b/ssh-learner/src/learner/SshMapper.java @@ -0,0 +1,35 @@ +package learner; + +import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.Mapper; +import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.abstractsymbols.OutputBuilder; +import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.abstractsymbols.OutputChecker; +import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.config.MapperConfig; +import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.context.ExecutionContext; + +public class SshMapper implements Mapper> { + + @Override + public SshOutput execute(SshInput input, ExecutionContext context) { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'execute'"); + } + + @Override + public MapperConfig getMapperConfig() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'getMapperConfig'"); + } + + @Override + public OutputBuilder getOutputBuilder() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'getOutputBuilder'"); + } + + @Override + public OutputChecker getOutputChecker() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'getOutputChecker'"); + } + +} diff --git a/ssh-learner/src/learner/SshMapperSul.java b/ssh-learner/src/learner/SshMapperSul.java index 38b19aa..1617417 100644 --- a/ssh-learner/src/learner/SshMapperSul.java +++ b/ssh-learner/src/learner/SshMapperSul.java @@ -38,8 +38,8 @@ public SshMapperSul(T sulConfig, this.sulConfig = sulConfig; this.cleanupTasks = cleanupTasks; // mapper and sulAdapter will be provided in subclasses - this.mapper = null; - this.sulAdapter = null; + this.mapper = new SshMapper(); + this.sulAdapter = new SshSulAdapter(); // ------------------------------------------------------------------- String mapperAddress = sulConfig.getSshMapperConfig().getMapperAddress(); diff --git a/ssh-learner/src/learner/SshSulAdapter.java b/ssh-learner/src/learner/SshSulAdapter.java new file mode 100644 index 0000000..da81f60 --- /dev/null +++ b/ssh-learner/src/learner/SshSulAdapter.java @@ -0,0 +1,43 @@ +package learner; + +import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.core.SulAdapter; + +public class SshSulAdapter implements SulAdapter { + + @Override + public void connect() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'connect'"); + } + + @Override + public void start() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'start'"); + } + + @Override + public void stop() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'stop'"); + } + + @Override + public boolean checkStopped() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'checkStopped'"); + } + + @Override + public Integer getSulPort() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'getSulPort'"); + } + + @Override + public boolean isClientLauncher() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'isClientLauncher'"); + } + +} From 7e418ac1ad9ac7a6dbd263f9d20b7c1b8d7a2ac1 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Fri, 21 Feb 2025 01:49:42 +0100 Subject: [PATCH 09/54] dockerfile for the ssh-mapper --- ssh-mapper/Dockerfile | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 ssh-mapper/Dockerfile diff --git a/ssh-mapper/Dockerfile b/ssh-mapper/Dockerfile new file mode 100644 index 0000000..0f330cf --- /dev/null +++ b/ssh-mapper/Dockerfile @@ -0,0 +1,16 @@ +FROM python:3.9 + +WORKDIR /app + +COPY mapper/mapper.py . +COPY mapper/messages.py . +COPY manualparamiko ./manualparamiko/ +COPY paramiko ./paramiko/ +COPY dev-requirements.txt ./ +COPY setup.py ./ +COPY README.rst ./ + +RUN pip3 install -r dev-requirements.txt + + +ENTRYPOINT ["python3", "mapper.py"] \ No newline at end of file From ca823407c1bfe90016bccefa406ece4cfb6813b2 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Fri, 21 Feb 2025 02:04:22 +0100 Subject: [PATCH 10/54] added the missing and required SshOutputBuilder class to deal with the new changes introduced via generics --- ssh-learner/src/learner/SshOutputBuilder.java | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 ssh-learner/src/learner/SshOutputBuilder.java diff --git a/ssh-learner/src/learner/SshOutputBuilder.java b/ssh-learner/src/learner/SshOutputBuilder.java new file mode 100644 index 0000000..93b7898 --- /dev/null +++ b/ssh-learner/src/learner/SshOutputBuilder.java @@ -0,0 +1,12 @@ +package learner; + +import com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.abstractsymbols.OutputBuilder; + +public class SshOutputBuilder implements OutputBuilder { + + @Override + public SshOutput buildOutput(String name) { + return new SshOutput(name); + } + +} From f323c995d18e750053df771fa3a5a79f8ab64f9c Mon Sep 17 00:00:00 2001 From: shasan101 Date: Fri, 21 Feb 2025 02:06:02 +0100 Subject: [PATCH 11/54] added all the docker related files and also the temp ssh-keys that can be used to run the fuzzing with dropbear server without any problem --- Dockerfile.dropbear | 51 ++++++++++++++++++++++++++++++++++++++++ docker-compose.yaml | 51 ++++++++++++++++++++++++++++++++++++++++ ssh-keys/learner-ssh | 38 ++++++++++++++++++++++++++++++ ssh-keys/learner-ssh.pub | 1 + ssh-learner/Dockerfile | 20 ++++++++++++++++ 5 files changed, 161 insertions(+) create mode 100644 Dockerfile.dropbear create mode 100644 docker-compose.yaml create mode 100644 ssh-keys/learner-ssh create mode 100644 ssh-keys/learner-ssh.pub create mode 100644 ssh-learner/Dockerfile diff --git a/Dockerfile.dropbear b/Dockerfile.dropbear new file mode 100644 index 0000000..4b866a3 --- /dev/null +++ b/Dockerfile.dropbear @@ -0,0 +1,51 @@ +# Use a minimal base image +FROM alpine:latest + +# Set Dropbear version +ENV DROPBEAR_VERSION=2024.84 + +# Install required dependencies +RUN apk add --no-cache \ + build-base \ + wget \ + tar \ + zlib-dev \ + openssl-dev \ + musl-dev \ + util-linux \ + linux-pam-dev \ + shadow \ + && wget https://matt.ucc.asn.au/dropbear/releases/dropbear-${DROPBEAR_VERSION}.tar.bz2 \ + && tar -xjf dropbear-${DROPBEAR_VERSION}.tar.bz2 \ + && cd dropbear-${DROPBEAR_VERSION} \ + && ./configure --disable-loginfunc --disable-shadow --disable-lastlog --disable-utmp --disable-wtmp \ + && make -j$(nproc) \ + && make install \ + && cd .. \ + && rm -rf dropbear-${DROPBEAR_VERSION} dropbear-${DROPBEAR_VERSION}.tar.bz2 \ + && apk del build-base wget tar + + +# Create necessary directories for Dropbear +RUN mkdir -p /etc/dropbear \ + && mkdir -p /home/dropbearuser/.ssh \ + && chmod 700 /home/dropbearuser/.ssh + +# Create a non-root user +RUN adduser -D -s /bin/sh dropbearuser + +# Generate Dropbear host keys at runtime +RUN dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key && \ + dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key && \ + dropbearkey -t ed25519 -f /etc/dropbear/dropbear_ed25519_host_key + +# Set Dropbear server to run on port 22 (override in `docker run -p`) +EXPOSE 22 + +COPY ssh-keys/learner-ssh.pub . + +RUN mkdir ~/.ssh; cat learner-ssh.pub >> ~/.ssh/authorized_keys + +# Command to run Dropbear SSH server +CMD ["/usr/local/sbin/dropbear", "-F", "-E", "-j", "-k", "-s"] + diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..f30ea29 --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,51 @@ +version: "3.8" + +services: + # Dropbear service + dropbear-ssh: + build: + context: . + dockerfile: Dockerfile.dropbear + container_name: dropbear-ssh + ports: + - "2222:22" + networks: + - fuzzer_network + volumes: + - ./ssh-keys:${HOME}/.ssh/:ro + + # SSH Mapper service + ssh-mapper: + build: + context: ./ssh-mapper + dockerfile: Dockerfile + container_name: ssh-mapper + ports: + - "8080:8080" + depends_on: + - dropbear + networks: + - fuzzer_network + volumes: + - ./ssh-keys/learner-ssh.pub:/root/.ssh/id_rsa.pub:ro + - ./ssh-keys/learner-ssh:/root/.ssh/id_rsa:ro + command: -l 0.0.0.0:8080 -s dropbear-ssh:22 -f server + + # SSH Learner service + ssh-learner: + build: + context: ./ssh-learner + dockerfile: Dockerfile + container_name: ssh-learner + networks: + - fuzzer_network + depends_on: + - dropbear + - ssh-mapper + volumes: + - ./learner_output:/app/output_folder + command: ["state-fuzzer-server", "-connect", "ssh-mapper:8080", "-alphabet", "/app/inputs/alphabets/servers/trans_auth.xml", "-ceReruns", "3", "-depth", "2", "-learningAlgorithm", "LSTAR", "-output", "/app/output_folder", "-ros", "-sshMapperAddress", "ssh-mapper:8080"] + +networks: + fuzzer_network: + driver: bridge diff --git a/ssh-keys/learner-ssh b/ssh-keys/learner-ssh new file mode 100644 index 0000000..d67f770 --- /dev/null +++ b/ssh-keys/learner-ssh @@ -0,0 +1,38 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn +NhAAAAAwEAAQAAAYEAsrpwdOZeZ3g9h75HHYUKerN4unZ1sGxmziQME6lacVkq/W/cFc6w +WIyAdLaet1iigoloLHQPAng34DxawtiWoK2xWgLv34XGxLJ2/d7EG2n8Yxoo26wrK6kkux +aQ2fb7SrmrJUVt9wHOHJpXFGVwVTZr1jqTYyVJuBaJvHlisne5HDRgKW8tvFExxP9Pw2Rm +IAOTXc/hHjW741R78BzmTgkZ1AwCcoT40taeGMeXnJkEF/flOMGXPMqjBfOY2xIOjW98mb +xfmYaFR19Awp2K8P8NdPZuOsXoBgRlREbSjttGBbrLjarCZyata1qMyLmyKpsHAvzWD3sC +0m79IQ1whZWpXpApLFVoWKEGK7/wFD97m9RmBhlp3pb0AM54gUIeKpB28+S2SGhVv/kPS8 +CxHL09Oee7qW51cC92cMz8/ybMV58iCY/uj+3vWJK22e44+WydhC0ZL5TiNJIqogJAkLCt +cai0os9qm/Fw0vzDywevYS/BUqEbcWZJEbez+aOjAAAFmIP1PTuD9T07AAAAB3NzaC1yc2 +EAAAGBALK6cHTmXmd4PYe+Rx2FCnqzeLp2dbBsZs4kDBOpWnFZKv1v3BXOsFiMgHS2nrdY +ooKJaCx0DwJ4N+A8WsLYlqCtsVoC79+FxsSydv3exBtp/GMaKNusKyupJLsWkNn2+0q5qy +VFbfcBzhyaVxRlcFU2a9Y6k2MlSbgWibx5YrJ3uRw0YClvLbxRMcT/T8NkZiADk13P4R41 +u+NUe/Ac5k4JGdQMAnKE+NLWnhjHl5yZBBf35TjBlzzKowXzmNsSDo1vfJm8X5mGhUdfQM +KdivD/DXT2bjrF6AYEZURG0o7bRgW6y42qwmcmrWtajMi5siqbBwL81g97AtJu/SENcIWV +qV6QKSxVaFihBiu/8BQ/e5vUZgYZad6W9ADOeIFCHiqQdvPktkhoVb/5D0vAsRy9PTnnu6 +ludXAvdnDM/P8mzFefIgmP7o/t71iSttnuOPlsnYQtGS+U4jSSKqICQJCwrXGotKLPapvx +cNL8w8sHr2EvwVKhG3FmSRG3s/mjowAAAAMBAAEAAAGAO44glvOElZnddvQSomWInmZbXl +bG1KjqgNpGI+8UshxyVM0HW0TqQjdfPoTz0kh4rmK3EckCj2IbzF6QJ8kgOB5osIO2Bpd/ +KmAFgobOdgwVC7jV0I1IPV45XRYh4l+IUNgZjWvbPqmdUq6jQaqjieF+gX43SpxMOklYUD +NqjemTBzD0shnX9Z5gpTImFAfKd/R5EJOKghSJrTCjs9kNbQdfUedGkX55o1fciolHnejn +Ek2KViU8Dge/1uXbE3SqUfp+AoPbHZ0TTd+muIbTbe/XQHzTFtwWNSsQRDsvY/5CFBZYuD +sT2N6URqwgELd6LO5pYPmU/9wng635smBWS02XzzFGrLRGW5NE+FN2DzbhAQkLbCKaJxBv +Lb820A+27Qi13CbN6hZoOPawz0uQHlOdD38x+c7/E3MOjakfyOOO+hpg/YJSVAO3w3taOV +WqiDtf/2Bm8COja53qyyuI+bUDkbLGTQ/si9xWs6Q4oHOiD66cYzvpq3R1DIu/77iBAAAA +wQC33/lHz4VlR5f3qAn2SegfAbqxfX1YsJvFGOJBqjJAhSUmVm+Cs/KtLLXTohemQJbLvv +b9c2sUc9zQd1wQbdJW0hoEYskszoK4SxKSFfyL5F6YHosEbkZyyaVbGkzy4dDt5AaNkb60 +GA58JnkxXtoQKJld3MxaBbtV7xruwm2AYH1rE2hFWxmkJZvVrcTvPGwe3j3tg2X1czFk4a +ETi1Q0+yrAHfn9UKk74HivlDX2KuZB0PDT0ScUTCWifSDP7o8AAADBAOFzjIutsdPVhTJx +LIZE3qfI9/U3VC82MBRc+6y/R0afsr6hRUahPh1d0Yrj62nzf5UOkA4UWPL0LTSDjFHno/ +axH7buYkxFjj9o/eZ+MYUsKsK2C0ricAhTe43tkfXe1OEiP+j83Z9oCI++wKORl6zw6u9e +n5fDp2iAjCHEqOsZ44k4RCP4k0A+p4R1+lR5uXFLCxXQgvHhGu97e1gYGwnRUvEJynVp3e +iDQcWWrSa7A2WxmbMe38LNNmtpx22U4QAAAMEAyvIpP/NeiHkqh7sUEcxgXGXsCzLbQxz2 +4UwxctII0Xxsor4gAIQQlgAhMKpRmWSbhVdPdVqk/6Dju6GGU/EcBM0CS6SdhJEkBgWASs +jtBQqjcnljLmbNFWsjIQCvmNbcQdCm0ez05sCkyaTAfAIvVgLo0iP+9ieGGCnu30WxA/+A +DmpM6XfBFWwiuVMWExb/5XffKLNmwf9rF2a+7/9u63QHc1i+Jho/Z27/b129HpZmx5mtx4 +DE2EhGMbmCWIUDAAAAHmhhc2FuMTAxQEhhc2FuLVN5ZWQtOTUyNy5sb2NhbAECAwQ= +-----END OPENSSH PRIVATE KEY----- diff --git a/ssh-keys/learner-ssh.pub b/ssh-keys/learner-ssh.pub new file mode 100644 index 0000000..ec6ba11 --- /dev/null +++ b/ssh-keys/learner-ssh.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyunB05l5neD2HvkcdhQp6s3i6dnWwbGbOJAwTqVpxWSr9b9wVzrBYjIB0tp63WKKCiWgsdA8CeDfgPFrC2JagrbFaAu/fhcbEsnb93sQbafxjGijbrCsrqSS7FpDZ9vtKuaslRW33Ac4cmlcUZXBVNmvWOpNjJUm4Fom8eWKyd7kcNGApby28UTHE/0/DZGYgA5Ndz+EeNbvjVHvwHOZOCRnUDAJyhPjS1p4Yx5ecmQQX9+U4wZc8yqMF85jbEg6Nb3yZvF+ZhoVHX0DCnYrw/w109m46xegGBGVERtKO20YFusuNqsJnJq1rWozIubIqmwcC/NYPewLSbv0hDXCFlalekCksVWhYoQYrv/AUP3ub1GYGGWnelvQAzniBQh4qkHbz5LZIaFW/+Q9LwLEcvT0557upbnVwL3ZwzPz/JsxXnyIJj+6P7e9YkrbZ7jj5bJ2ELRkvlOI0kiqiAkCQsK1xqLSiz2qb8XDS/MPLB69hL8FSoRtxZkkRt7P5o6M= hasan101@Hasan-Syed-9527.local diff --git a/ssh-learner/Dockerfile b/ssh-learner/Dockerfile new file mode 100644 index 0000000..1609480 --- /dev/null +++ b/ssh-learner/Dockerfile @@ -0,0 +1,20 @@ +FROM maven:3.9-eclipse-temurin-17 AS build +WORKDIR /app +RUN git clone https://github.com/protocol-fuzzing/protocol-state-fuzzer.git psf \ + && \ + cd psf && bash install.sh && cd ../.. +COPY pom.xml . +COPY src ./src +RUN mvn clean package + + + + +FROM bitnami/java:17 +WORKDIR /app +COPY --from=build /app/target/ssh-learner.jar ./ssh-learner.jar +COPY --from=build /app/target/lib/ ./lib/ +COPY resources/ resources/ +COPY inputs/alphabets/ inputs/alphabets/ + +ENTRYPOINT ["java", "-cp", "./ssh-learner.jar:./lib/*", "learner.Main"] From 2178018b13f11be7c746781cb6e0ce814efe03d5 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Fri, 21 Feb 2025 02:08:19 +0100 Subject: [PATCH 12/54] added change to the mapper --- ssh-mapper/mapper/mapper.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ssh-mapper/mapper/mapper.py b/ssh-mapper/mapper/mapper.py index b301366..2edcdfa 100755 --- a/ssh-mapper/mapper/mapper.py +++ b/ssh-mapper/mapper/mapper.py @@ -134,6 +134,7 @@ def process_reset(self): def process_learlib_query(self, query): """ Processes a query identified by a keyword (e.g. DISCONNECT) """ + query = query.decode("utf-8") # Handle reset queries #Mapper (process_reset is more adapter-like, however, processing other queries like they originate from the learner means that this should be a task for the mapper) From e9096b8519fb1a4d0a8956008eb7d40279bff4b1 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Fri, 21 Feb 2025 02:09:36 +0100 Subject: [PATCH 13/54] added jcommander param to decide whether to run mealy learner or ra learner --- ssh-learner/src/learner/Main.java | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/ssh-learner/src/learner/Main.java b/ssh-learner/src/learner/Main.java index 3287003..7d071b3 100644 --- a/ssh-learner/src/learner/Main.java +++ b/ssh-learner/src/learner/Main.java @@ -1,20 +1,34 @@ package learner; +import com.beust.jcommander.Parameter; import com.github.protocolfuzzing.protocolstatefuzzer.components.learner.LearnerResult; import com.github.protocolfuzzing.protocolstatefuzzer.components.learner.statistics.MealyMachineWrapper; +import com.github.protocolfuzzing.protocolstatefuzzer.components.learner.statistics.RegisterAutomatonWrapper; import com.github.protocolfuzzing.protocolstatefuzzer.entrypoints.CommandLineParser; import java.io.IOException; import java.util.List; public class Main { + + @Parameter(names = "-ra", description = "whether to run Mealy Machine learner or the RA learner?") + static boolean isRaLearner = false; + public static void main(String[] args) throws IOException { + if (isRaLearner) { + System.exit(0); + // logic for RA learner + } else { + runMealyLearner(args); + } + + } + + static void runMealyLearner(String[] args) { // multibuilder implements all necessary builders MultiBuilder mb = new MultiBuilder(); CommandLineParser> commandLineParser = new CommandLineParser<>(mb, mb, mb, mb); List>> results = commandLineParser.parse(args); - - System.out.println("results are: " + results.toString()); } } From c151b4c368b6296c122ae618bea131af40c4c449 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Fri, 21 Feb 2025 02:11:06 +0100 Subject: [PATCH 14/54] fmt pom.xml. minor change in sshMapper --- ssh-learner/pom.xml | 44 ++++++++++++++------------ ssh-learner/src/learner/SshMapper.java | 2 +- 2 files changed, 24 insertions(+), 22 deletions(-) diff --git a/ssh-learner/pom.xml b/ssh-learner/pom.xml index 6880d59..3477d96 100644 --- a/ssh-learner/pom.xml +++ b/ssh-learner/pom.xml @@ -1,4 +1,6 @@ - + 4.0.0 ssh-learner ssh-learner @@ -12,11 +14,11 @@ - - com.github.protocolfuzzing - protocolstatefuzzer - 1.0.0 - + + com.github.protocolfuzzing + protocolstatefuzzer + 1.0.0 + ssh-learner @@ -64,21 +66,21 @@ - - - com.diffplug.spotless - spotless-maven-plugin - 2.35.0 - - - - - - - - - - + + + com.diffplug.spotless + spotless-maven-plugin + 2.35.0 + + + + + + + + + + org.apache.maven.plugins maven-dependency-plugin diff --git a/ssh-learner/src/learner/SshMapper.java b/ssh-learner/src/learner/SshMapper.java index 0c2df44..cefb8d6 100644 --- a/ssh-learner/src/learner/SshMapper.java +++ b/ssh-learner/src/learner/SshMapper.java @@ -23,7 +23,7 @@ public MapperConfig getMapperConfig() { @Override public OutputBuilder getOutputBuilder() { // TODO Auto-generated method stub - throw new UnsupportedOperationException("Unimplemented method 'getOutputBuilder'"); + return new SshOutputBuilder(); } @Override From de8395cfca6253f7d5cd5f0b0c8c1e75e68995c7 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Fri, 21 Feb 2025 02:17:08 +0100 Subject: [PATCH 15/54] revereted the change in mapper.py --- ssh-mapper/mapper/mapper.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ssh-mapper/mapper/mapper.py b/ssh-mapper/mapper/mapper.py index 2edcdfa..48f352a 100755 --- a/ssh-mapper/mapper/mapper.py +++ b/ssh-mapper/mapper/mapper.py @@ -134,7 +134,6 @@ def process_reset(self): def process_learlib_query(self, query): """ Processes a query identified by a keyword (e.g. DISCONNECT) """ - query = query.decode("utf-8") # Handle reset queries #Mapper (process_reset is more adapter-like, however, processing other queries like they originate from the learner means that this should be a task for the mapper) @@ -244,8 +243,8 @@ def listen(self): result = '' for ci, command in enumerate(commands): print('[%s]' % self.transport) - print('Sending %s...' % command) - response = self.process_learlib_query(command) + print('Sending %s...' % command.decode('UTF-8')) + response = self.process_learlib_query(command.decode('UTF-8')) result += response # If this is not the last command, add a space if ci != len(commands)-1: From 1689b552fa0b510e057d0ddd087b2306e69949ec Mon Sep 17 00:00:00 2001 From: shasan101 Date: Fri, 21 Feb 2025 02:45:34 +0100 Subject: [PATCH 16/54] remved ssh keys. will introduce a script to automate their creation and mounting --- ssh-keys/learner-ssh | 38 -------------------------------------- ssh-keys/learner-ssh.pub | 1 - 2 files changed, 39 deletions(-) delete mode 100644 ssh-keys/learner-ssh delete mode 100644 ssh-keys/learner-ssh.pub diff --git a/ssh-keys/learner-ssh b/ssh-keys/learner-ssh deleted file mode 100644 index d67f770..0000000 --- a/ssh-keys/learner-ssh +++ /dev/null @@ -1,38 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn -NhAAAAAwEAAQAAAYEAsrpwdOZeZ3g9h75HHYUKerN4unZ1sGxmziQME6lacVkq/W/cFc6w -WIyAdLaet1iigoloLHQPAng34DxawtiWoK2xWgLv34XGxLJ2/d7EG2n8Yxoo26wrK6kkux -aQ2fb7SrmrJUVt9wHOHJpXFGVwVTZr1jqTYyVJuBaJvHlisne5HDRgKW8tvFExxP9Pw2Rm -IAOTXc/hHjW741R78BzmTgkZ1AwCcoT40taeGMeXnJkEF/flOMGXPMqjBfOY2xIOjW98mb -xfmYaFR19Awp2K8P8NdPZuOsXoBgRlREbSjttGBbrLjarCZyata1qMyLmyKpsHAvzWD3sC -0m79IQ1whZWpXpApLFVoWKEGK7/wFD97m9RmBhlp3pb0AM54gUIeKpB28+S2SGhVv/kPS8 -CxHL09Oee7qW51cC92cMz8/ybMV58iCY/uj+3vWJK22e44+WydhC0ZL5TiNJIqogJAkLCt -cai0os9qm/Fw0vzDywevYS/BUqEbcWZJEbez+aOjAAAFmIP1PTuD9T07AAAAB3NzaC1yc2 -EAAAGBALK6cHTmXmd4PYe+Rx2FCnqzeLp2dbBsZs4kDBOpWnFZKv1v3BXOsFiMgHS2nrdY -ooKJaCx0DwJ4N+A8WsLYlqCtsVoC79+FxsSydv3exBtp/GMaKNusKyupJLsWkNn2+0q5qy -VFbfcBzhyaVxRlcFU2a9Y6k2MlSbgWibx5YrJ3uRw0YClvLbxRMcT/T8NkZiADk13P4R41 -u+NUe/Ac5k4JGdQMAnKE+NLWnhjHl5yZBBf35TjBlzzKowXzmNsSDo1vfJm8X5mGhUdfQM -KdivD/DXT2bjrF6AYEZURG0o7bRgW6y42qwmcmrWtajMi5siqbBwL81g97AtJu/SENcIWV -qV6QKSxVaFihBiu/8BQ/e5vUZgYZad6W9ADOeIFCHiqQdvPktkhoVb/5D0vAsRy9PTnnu6 -ludXAvdnDM/P8mzFefIgmP7o/t71iSttnuOPlsnYQtGS+U4jSSKqICQJCwrXGotKLPapvx -cNL8w8sHr2EvwVKhG3FmSRG3s/mjowAAAAMBAAEAAAGAO44glvOElZnddvQSomWInmZbXl -bG1KjqgNpGI+8UshxyVM0HW0TqQjdfPoTz0kh4rmK3EckCj2IbzF6QJ8kgOB5osIO2Bpd/ -KmAFgobOdgwVC7jV0I1IPV45XRYh4l+IUNgZjWvbPqmdUq6jQaqjieF+gX43SpxMOklYUD -NqjemTBzD0shnX9Z5gpTImFAfKd/R5EJOKghSJrTCjs9kNbQdfUedGkX55o1fciolHnejn -Ek2KViU8Dge/1uXbE3SqUfp+AoPbHZ0TTd+muIbTbe/XQHzTFtwWNSsQRDsvY/5CFBZYuD -sT2N6URqwgELd6LO5pYPmU/9wng635smBWS02XzzFGrLRGW5NE+FN2DzbhAQkLbCKaJxBv -Lb820A+27Qi13CbN6hZoOPawz0uQHlOdD38x+c7/E3MOjakfyOOO+hpg/YJSVAO3w3taOV -WqiDtf/2Bm8COja53qyyuI+bUDkbLGTQ/si9xWs6Q4oHOiD66cYzvpq3R1DIu/77iBAAAA -wQC33/lHz4VlR5f3qAn2SegfAbqxfX1YsJvFGOJBqjJAhSUmVm+Cs/KtLLXTohemQJbLvv -b9c2sUc9zQd1wQbdJW0hoEYskszoK4SxKSFfyL5F6YHosEbkZyyaVbGkzy4dDt5AaNkb60 -GA58JnkxXtoQKJld3MxaBbtV7xruwm2AYH1rE2hFWxmkJZvVrcTvPGwe3j3tg2X1czFk4a -ETi1Q0+yrAHfn9UKk74HivlDX2KuZB0PDT0ScUTCWifSDP7o8AAADBAOFzjIutsdPVhTJx -LIZE3qfI9/U3VC82MBRc+6y/R0afsr6hRUahPh1d0Yrj62nzf5UOkA4UWPL0LTSDjFHno/ -axH7buYkxFjj9o/eZ+MYUsKsK2C0ricAhTe43tkfXe1OEiP+j83Z9oCI++wKORl6zw6u9e -n5fDp2iAjCHEqOsZ44k4RCP4k0A+p4R1+lR5uXFLCxXQgvHhGu97e1gYGwnRUvEJynVp3e -iDQcWWrSa7A2WxmbMe38LNNmtpx22U4QAAAMEAyvIpP/NeiHkqh7sUEcxgXGXsCzLbQxz2 -4UwxctII0Xxsor4gAIQQlgAhMKpRmWSbhVdPdVqk/6Dju6GGU/EcBM0CS6SdhJEkBgWASs -jtBQqjcnljLmbNFWsjIQCvmNbcQdCm0ez05sCkyaTAfAIvVgLo0iP+9ieGGCnu30WxA/+A -DmpM6XfBFWwiuVMWExb/5XffKLNmwf9rF2a+7/9u63QHc1i+Jho/Z27/b129HpZmx5mtx4 -DE2EhGMbmCWIUDAAAAHmhhc2FuMTAxQEhhc2FuLVN5ZWQtOTUyNy5sb2NhbAECAwQ= ------END OPENSSH PRIVATE KEY----- diff --git a/ssh-keys/learner-ssh.pub b/ssh-keys/learner-ssh.pub deleted file mode 100644 index ec6ba11..0000000 --- a/ssh-keys/learner-ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyunB05l5neD2HvkcdhQp6s3i6dnWwbGbOJAwTqVpxWSr9b9wVzrBYjIB0tp63WKKCiWgsdA8CeDfgPFrC2JagrbFaAu/fhcbEsnb93sQbafxjGijbrCsrqSS7FpDZ9vtKuaslRW33Ac4cmlcUZXBVNmvWOpNjJUm4Fom8eWKyd7kcNGApby28UTHE/0/DZGYgA5Ndz+EeNbvjVHvwHOZOCRnUDAJyhPjS1p4Yx5ecmQQX9+U4wZc8yqMF85jbEg6Nb3yZvF+ZhoVHX0DCnYrw/w109m46xegGBGVERtKO20YFusuNqsJnJq1rWozIubIqmwcC/NYPewLSbv0hDXCFlalekCksVWhYoQYrv/AUP3ub1GYGGWnelvQAzniBQh4qkHbz5LZIaFW/+Q9LwLEcvT0557upbnVwL3ZwzPz/JsxXnyIJj+6P7e9YkrbZ7jj5bJ2ELRkvlOI0kiqiAkCQsK1xqLSiz2qb8XDS/MPLB69hL8FSoRtxZkkRt7P5o6M= hasan101@Hasan-Syed-9527.local From 40414a096caa38b9922bcbbaf18ddfe5aa20aab0 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Fri, 21 Feb 2025 02:53:37 +0100 Subject: [PATCH 17/54] added script to generate ssh key at runtime so that the keys are not available publicly --- start-containers.sh | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100755 start-containers.sh diff --git a/start-containers.sh b/start-containers.sh new file mode 100755 index 0000000..cceee41 --- /dev/null +++ b/start-containers.sh @@ -0,0 +1,6 @@ +if [ -z "$( ls -A './ssh-keys' )" ]; then + ssh-keygen -t rsa -f ${PWD}/ssh-keys/learner-ssh -N "" +fi + +sleep1 +docker compose -f docker-compose.yaml up --build \ No newline at end of file From 48c32070cecb6690db31574328f60a837b63de54 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 27 Feb 2025 01:34:53 +0100 Subject: [PATCH 18/54] first attempt at trying to introduce gh workflow. --- .github/workflows/e2e_pr.yaml | 26 ++++++ docker-compose.yaml | 2 +- .../results/servers/dropbear/alphabet.xml | 10 +++ .../results/servers/dropbear/command.args | 11 +++ experiments/results/servers/dropbear/hyp1.dot | 15 ++++ experiments/results/servers/dropbear/hyp2.dot | 39 ++++++++ experiments/results/servers/dropbear/hyp3.dot | 55 ++++++++++++ .../results/servers/dropbear/learnedModel.dot | 55 ++++++++++++ .../results/servers/dropbear/statistics.txt | 89 +++++++++++++++++++ experiments/scripts/make_ssh_keys.sh | 9 ++ 10 files changed, 310 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/e2e_pr.yaml create mode 100644 experiments/results/servers/dropbear/alphabet.xml create mode 100644 experiments/results/servers/dropbear/command.args create mode 100644 experiments/results/servers/dropbear/hyp1.dot create mode 100644 experiments/results/servers/dropbear/hyp2.dot create mode 100644 experiments/results/servers/dropbear/hyp3.dot create mode 100644 experiments/results/servers/dropbear/learnedModel.dot create mode 100644 experiments/results/servers/dropbear/statistics.txt create mode 100644 experiments/scripts/make_ssh_keys.sh diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml new file mode 100644 index 0000000..3bf5ce5 --- /dev/null +++ b/.github/workflows/e2e_pr.yaml @@ -0,0 +1,26 @@ +name: CI for ssh-mapper +on: [push, pull_request] + +jobs: + ssh-mapper-dropbear-server: + if: ${{ !contains(github.event.head_commit.message, 'ci skip') }} + runs-on: ubuntu-latest + strategy: + fail-fast: true + steps: + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Ready SSH keys + run: experiments/scripts/make_ssh_keys.sh + + - name: Start learning DropbearSSH server + uses: hoverkraft-tech/compose-action@v2.0.1 + with: + compose-file: "./docker-compose.yml" + up-flags: "--build" + + - name: Verify Result + run: | + experiments/scripts/diff_hyps.sh experiments/results/servers/dropbear ./learner_output 3 diff --git a/docker-compose.yaml b/docker-compose.yaml index f30ea29..3b9f61d 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -44,7 +44,7 @@ services: - ssh-mapper volumes: - ./learner_output:/app/output_folder - command: ["state-fuzzer-server", "-connect", "ssh-mapper:8080", "-alphabet", "/app/inputs/alphabets/servers/trans_auth.xml", "-ceReruns", "3", "-depth", "2", "-learningAlgorithm", "LSTAR", "-output", "/app/output_folder", "-ros", "-sshMapperAddress", "ssh-mapper:8080"] + command: ["state-fuzzer-server", "-connect", "ssh-mapper:8080", "-alphabet", "/app/inputs/alphabets/servers/trans_auth.xml", "-output", "/app/output_folder", "-sshMapperAddress", "ssh-mapper:8080"] networks: fuzzer_network: diff --git a/experiments/results/servers/dropbear/alphabet.xml b/experiments/results/servers/dropbear/alphabet.xml new file mode 100644 index 0000000..92ea4e1 --- /dev/null +++ b/experiments/results/servers/dropbear/alphabet.xml @@ -0,0 +1,10 @@ + + + + + + + + + + \ No newline at end of file diff --git a/experiments/results/servers/dropbear/command.args b/experiments/results/servers/dropbear/command.args new file mode 100644 index 0000000..91964e8 --- /dev/null +++ b/experiments/results/servers/dropbear/command.args @@ -0,0 +1,11 @@ +state-fuzzer-server +-connect +ssh-mapper:8080 +-alphabet +/app/inputs/alphabets/servers/trans_auth.xml +-output +/app/output_folder +-sshMapperAddress +ssh-mapper:8080 +-roundLimit +3 diff --git a/experiments/results/servers/dropbear/hyp1.dot b/experiments/results/servers/dropbear/hyp1.dot new file mode 100644 index 0000000..f56ec16 --- /dev/null +++ b/experiments/results/servers/dropbear/hyp1.dot @@ -0,0 +1,15 @@ +digraph g { + + s0 [shape="circle" label="s0"]; + s0 -> s0 [label="KEXINIT / KEXINIT"]; + s0 -> s0 [label="KEX30 / KEXINIT+UNIMPL"]; + s0 -> s0 [label="NEWKEYS / KEXINIT+UNIMPL"]; + s0 -> s0 [label="SR_AUTH / KEXINIT"]; + s0 -> s0 [label="SR_CONN / KEXINIT"]; + s0 -> s0 [label="UA_PK_OK / KEXINIT"]; + s0 -> s0 [label="UA_PK_NOK / KEXINIT"]; + +__start0 [label="" shape="none" width="0" height="0"]; +__start0 -> s0; + +} diff --git a/experiments/results/servers/dropbear/hyp2.dot b/experiments/results/servers/dropbear/hyp2.dot new file mode 100644 index 0000000..ca96235 --- /dev/null +++ b/experiments/results/servers/dropbear/hyp2.dot @@ -0,0 +1,39 @@ +digraph g { + + s0 [shape="circle" label="s0"]; + s1 [shape="circle" label="s1"]; + s2 [shape="circle" label="s2"]; + s3 [shape="circle" label="s3"]; + s0 -> s1 [label="KEXINIT / KEXINIT"]; + s0 -> s1 [label="KEX30 / KEXINIT+UNIMPL"]; + s0 -> s1 [label="NEWKEYS / KEXINIT+UNIMPL"]; + s0 -> s2 [label="SR_AUTH / KEXINIT"]; + s0 -> s2 [label="SR_CONN / KEXINIT"]; + s0 -> s2 [label="UA_PK_OK / KEXINIT"]; + s0 -> s2 [label="UA_PK_NOK / KEXINIT"]; + s1 -> s2 [label="KEXINIT / NO_CONN"]; + s1 -> s3 [label="KEX30 / KEX31+NEWKEYS+BUFFERED"]; + s1 -> s1 [label="NEWKEYS / UNIMPL"]; + s1 -> s2 [label="SR_AUTH / NO_CONN"]; + s1 -> s2 [label="SR_CONN / NO_CONN"]; + s1 -> s2 [label="UA_PK_OK / NO_CONN"]; + s1 -> s2 [label="UA_PK_NOK / NO_CONN"]; + s2 -> s2 [label="KEXINIT / NO_CONN"]; + s2 -> s2 [label="KEX30 / NO_CONN"]; + s2 -> s2 [label="NEWKEYS / NO_CONN"]; + s2 -> s2 [label="SR_AUTH / NO_CONN"]; + s2 -> s2 [label="SR_CONN / NO_CONN"]; + s2 -> s2 [label="UA_PK_OK / NO_CONN"]; + s2 -> s2 [label="UA_PK_NOK / NO_CONN"]; + s3 -> s2 [label="KEXINIT / NO_CONN"]; + s3 -> s3 [label="KEX30 / UNIMPL"]; + s3 -> s0 [label="NEWKEYS / NO_RESP"]; + s3 -> s2 [label="SR_AUTH / NO_CONN"]; + s3 -> s2 [label="SR_CONN / NO_CONN"]; + s3 -> s2 [label="UA_PK_OK / NO_CONN"]; + s3 -> s2 [label="UA_PK_NOK / NO_CONN"]; + +__start0 [label="" shape="none" width="0" height="0"]; +__start0 -> s0; + +} diff --git a/experiments/results/servers/dropbear/hyp3.dot b/experiments/results/servers/dropbear/hyp3.dot new file mode 100644 index 0000000..87c75d9 --- /dev/null +++ b/experiments/results/servers/dropbear/hyp3.dot @@ -0,0 +1,55 @@ +digraph g { + + s0 [shape="circle" label="s0"]; + s1 [shape="circle" label="s1"]; + s2 [shape="circle" label="s2"]; + s3 [shape="circle" label="s3"]; + s4 [shape="circle" label="s4"]; + s5 [shape="circle" label="s5"]; + s0 -> s1 [label="KEXINIT / KEXINIT"]; + s0 -> s1 [label="KEX30 / KEXINIT+UNIMPL"]; + s0 -> s1 [label="NEWKEYS / KEXINIT+UNIMPL"]; + s0 -> s2 [label="SR_AUTH / KEXINIT"]; + s0 -> s2 [label="SR_CONN / KEXINIT"]; + s0 -> s2 [label="UA_PK_OK / KEXINIT"]; + s0 -> s2 [label="UA_PK_NOK / KEXINIT"]; + s1 -> s2 [label="KEXINIT / NO_CONN"]; + s1 -> s3 [label="KEX30 / KEX31+NEWKEYS+BUFFERED"]; + s1 -> s1 [label="NEWKEYS / UNIMPL"]; + s1 -> s2 [label="SR_AUTH / NO_CONN"]; + s1 -> s2 [label="SR_CONN / NO_CONN"]; + s1 -> s2 [label="UA_PK_OK / NO_CONN"]; + s1 -> s2 [label="UA_PK_NOK / NO_CONN"]; + s2 -> s2 [label="KEXINIT / NO_CONN"]; + s2 -> s2 [label="KEX30 / NO_CONN"]; + s2 -> s2 [label="NEWKEYS / NO_CONN"]; + s2 -> s2 [label="SR_AUTH / NO_CONN"]; + s2 -> s2 [label="SR_CONN / NO_CONN"]; + s2 -> s2 [label="UA_PK_OK / NO_CONN"]; + s2 -> s2 [label="UA_PK_NOK / NO_CONN"]; + s3 -> s2 [label="KEXINIT / NO_CONN"]; + s3 -> s3 [label="KEX30 / UNIMPL"]; + s3 -> s4 [label="NEWKEYS / NO_RESP"]; + s3 -> s2 [label="SR_AUTH / NO_CONN"]; + s3 -> s2 [label="SR_CONN / NO_CONN"]; + s3 -> s2 [label="UA_PK_OK / NO_CONN"]; + s3 -> s2 [label="UA_PK_NOK / NO_CONN"]; + s4 -> s5 [label="KEXINIT / KEXINIT"]; + s4 -> s2 [label="KEX30 / NO_CONN"]; + s4 -> s2 [label="NEWKEYS / NO_CONN"]; + s4 -> s4 [label="SR_AUTH / SR_ACCEPT"]; + s4 -> s2 [label="SR_CONN / NO_CONN"]; + s4 -> s4 [label="UA_PK_OK / UA_FAILURE"]; + s4 -> s4 [label="UA_PK_NOK / UA_FAILURE"]; + s5 -> s2 [label="KEXINIT / NO_CONN"]; + s5 -> s3 [label="KEX30 / KEX31+NEWKEYS"]; + s5 -> s2 [label="NEWKEYS / UNIMPL"]; + s5 -> s2 [label="SR_AUTH / NO_CONN"]; + s5 -> s2 [label="SR_CONN / NO_CONN"]; + s5 -> s2 [label="UA_PK_OK / NO_CONN"]; + s5 -> s2 [label="UA_PK_NOK / NO_CONN"]; + +__start0 [label="" shape="none" width="0" height="0"]; +__start0 -> s0; + +} diff --git a/experiments/results/servers/dropbear/learnedModel.dot b/experiments/results/servers/dropbear/learnedModel.dot new file mode 100644 index 0000000..87c75d9 --- /dev/null +++ b/experiments/results/servers/dropbear/learnedModel.dot @@ -0,0 +1,55 @@ +digraph g { + + s0 [shape="circle" label="s0"]; + s1 [shape="circle" label="s1"]; + s2 [shape="circle" label="s2"]; + s3 [shape="circle" label="s3"]; + s4 [shape="circle" label="s4"]; + s5 [shape="circle" label="s5"]; + s0 -> s1 [label="KEXINIT / KEXINIT"]; + s0 -> s1 [label="KEX30 / KEXINIT+UNIMPL"]; + s0 -> s1 [label="NEWKEYS / KEXINIT+UNIMPL"]; + s0 -> s2 [label="SR_AUTH / KEXINIT"]; + s0 -> s2 [label="SR_CONN / KEXINIT"]; + s0 -> s2 [label="UA_PK_OK / KEXINIT"]; + s0 -> s2 [label="UA_PK_NOK / KEXINIT"]; + s1 -> s2 [label="KEXINIT / NO_CONN"]; + s1 -> s3 [label="KEX30 / KEX31+NEWKEYS+BUFFERED"]; + s1 -> s1 [label="NEWKEYS / UNIMPL"]; + s1 -> s2 [label="SR_AUTH / NO_CONN"]; + s1 -> s2 [label="SR_CONN / NO_CONN"]; + s1 -> s2 [label="UA_PK_OK / NO_CONN"]; + s1 -> s2 [label="UA_PK_NOK / NO_CONN"]; + s2 -> s2 [label="KEXINIT / NO_CONN"]; + s2 -> s2 [label="KEX30 / NO_CONN"]; + s2 -> s2 [label="NEWKEYS / NO_CONN"]; + s2 -> s2 [label="SR_AUTH / NO_CONN"]; + s2 -> s2 [label="SR_CONN / NO_CONN"]; + s2 -> s2 [label="UA_PK_OK / NO_CONN"]; + s2 -> s2 [label="UA_PK_NOK / NO_CONN"]; + s3 -> s2 [label="KEXINIT / NO_CONN"]; + s3 -> s3 [label="KEX30 / UNIMPL"]; + s3 -> s4 [label="NEWKEYS / NO_RESP"]; + s3 -> s2 [label="SR_AUTH / NO_CONN"]; + s3 -> s2 [label="SR_CONN / NO_CONN"]; + s3 -> s2 [label="UA_PK_OK / NO_CONN"]; + s3 -> s2 [label="UA_PK_NOK / NO_CONN"]; + s4 -> s5 [label="KEXINIT / KEXINIT"]; + s4 -> s2 [label="KEX30 / NO_CONN"]; + s4 -> s2 [label="NEWKEYS / NO_CONN"]; + s4 -> s4 [label="SR_AUTH / SR_ACCEPT"]; + s4 -> s2 [label="SR_CONN / NO_CONN"]; + s4 -> s4 [label="UA_PK_OK / UA_FAILURE"]; + s4 -> s4 [label="UA_PK_NOK / UA_FAILURE"]; + s5 -> s2 [label="KEXINIT / NO_CONN"]; + s5 -> s3 [label="KEX30 / KEX31+NEWKEYS"]; + s5 -> s2 [label="NEWKEYS / UNIMPL"]; + s5 -> s2 [label="SR_AUTH / NO_CONN"]; + s5 -> s2 [label="SR_CONN / NO_CONN"]; + s5 -> s2 [label="UA_PK_OK / NO_CONN"]; + s5 -> s2 [label="UA_PK_NOK / NO_CONN"]; + +__start0 [label="" shape="none" width="0" height="0"]; +__start0 -> s0; + +} diff --git a/experiments/results/servers/dropbear/statistics.txt b/experiments/results/servers/dropbear/statistics.txt new file mode 100644 index 0000000..f866c84 --- /dev/null +++ b/experiments/results/servers/dropbear/statistics.txt @@ -0,0 +1,89 @@ +=== RUN DESCRIPTION === +Alphabet: [KEXINIT, KEX30, NEWKEYS, SR_AUTH, SR_CONN, UA_PK_OK, UA_PK_NOK] + +StateFuzzerConfig Parameters +Help: false +Debug: false +Quiet: false +Output Directory: /app/output_folder +Fuzzing Client: false + +LearnerConfig Parameters +Alphabet: /app/inputs/alphabets/servers/trans_auth.xml +Learning Algorithm: TTT +Equivalence Algorithms: [RANDOM_WP_METHOD] +Max Depth: 1 +Min Length: 5 +Max Length: 15 +Max Equivalence Queries: 1000 +Runs Per Membership Query: 1 +Random Length: 5 +Membership Query Retries: 3 +Log Queries: false +Prob Reset: 0.0 +Test File: null +Seed: 0 +Cache Tests: false +Ce Sanitization: true +Skip Non Det Tests: false +Ce Reruns: 3 +Probabilistic Sanitization: true +Time Limit: null +Test Limit: null +Round Limit: 3 +IOMode: true +Probability of Choosing a New DataValue: 0.1 +Max Runs: 1 +Max Depth for Register Automata: 1 +Reset Runs: true +Seed transitions: true +Draw symbols uniformly: true + +SulConfig Parameters +Fuzzing Role: client +Fuzzing Client: true +Response Wait: 100 +Input Response Timeout: null +Command: null +Terminate Command: null +Process Dir: null +Redirect Output Streams: false +Process Trigger: NEW_TEST +Start Wait: 0 + +SulServerConfigStandard Parameters +Connect to: ssh-mapper:8080 + +MapperConfig Parameters +Mapper Connection Config: null +Repeating Outputs: null +Socket Closed as Timeout: false +Disabled as Timeout: false +Merge Repeating: true + +SulAdapterConfig Parameters +Adapter Port: null +Adapter Address: localhost + +=== STATISTICS === +Learning finished: false +Reason: hypothesis construction round limit reached +Size of the input alphabet: 7 +Number of states: 6 +Number of hypotheses: 3 +Number of inputs: 584 +Number of tests: 130 +Number of learning inputs: 428 +Number of learning tests: 116 +Number of inputs up to last hypothesis: 584 +Number of tests up to last hypothesis: 130 +Time (ms) to learn model: 833275 +Counterexamples: +CE 1:Query[ε|NEWKEYS SR_CONN NEWKEYS SR_CONN KEXINIT UA_PK_NOK NEWKEYS SR_CONN KEXINIT KEX30 SR_CONN / KEXINIT+UNIMPL NO_CONN NO_CONN NO_CONN NO_CONN NO_CONN NO_CONN NO_CONN NO_CONN NO_CONN NO_CONN] +CE 2:Query[ε|KEXINIT KEX30 NEWKEYS KEX30 UA_PK_NOK SR_CONN SR_AUTH SR_AUTH KEX30 / KEXINIT KEX31+NEWKEYS+BUFFERED NO_RESP NO_CONN NO_CONN NO_CONN NO_CONN NO_CONN NO_CONN] +Number of inputs when hypothesis was generated: [7, 269, 584] +Number of tests when hypothesis was generated: [7, 81, 130] +Time (ms) when hypothesis was generated: [13198, 334418, 833271] +Number of inputs when counterexample was found: [51, 381] +Number of tests when counterexample was found: [11, 91] +Time (ms) when counterexample was found: [33044, 414891] diff --git a/experiments/scripts/make_ssh_keys.sh b/experiments/scripts/make_ssh_keys.sh new file mode 100644 index 0000000..db1abb1 --- /dev/null +++ b/experiments/scripts/make_ssh_keys.sh @@ -0,0 +1,9 @@ +curr_dir="$(dirname "$0")" +base_path="${curr_dir}/../.." + +pushd ${base_path} + +if [ -z "$( ls -A './ssh-keys' )" ]; then + ssh-keygen -t rsa -f ${PWD}/ssh-keys/learner-ssh -N "" +fi +popd \ No newline at end of file From 8ca47da4ff24acc4759bb846546ba6505051bd6a Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 27 Feb 2025 01:39:09 +0100 Subject: [PATCH 19/54] limiting the learner rounds. added diff checker script - took it form the dtls-fuzzer --- docker-compose.yaml | 2 +- experiments/scripts/diff_hyps.sh | 26 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 experiments/scripts/diff_hyps.sh diff --git a/docker-compose.yaml b/docker-compose.yaml index 3b9f61d..ba4dd9d 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -44,7 +44,7 @@ services: - ssh-mapper volumes: - ./learner_output:/app/output_folder - command: ["state-fuzzer-server", "-connect", "ssh-mapper:8080", "-alphabet", "/app/inputs/alphabets/servers/trans_auth.xml", "-output", "/app/output_folder", "-sshMapperAddress", "ssh-mapper:8080"] + command: ["state-fuzzer-server", "-connect", "ssh-mapper:8080", "-alphabet", "/app/inputs/alphabets/servers/trans_auth.xml", "-output", "/app/output_folder", "-sshMapperAddress", "ssh-mapper:8080", "-roundLimit", "3"] networks: fuzzer_network: diff --git a/experiments/scripts/diff_hyps.sh b/experiments/scripts/diff_hyps.sh new file mode 100644 index 0000000..54ac29a --- /dev/null +++ b/experiments/scripts/diff_hyps.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +dir1=$1 +dir2=$2 +num_rounds=$3 + +if [ $# != 3 ]; then + echo "Usage: ${0##*/} dir1 dir2 num_rounds" + echo "Diffs the first num_rounds hypotheses stored in two dirs" + exit 1 +fi + +if [[ ! -d $dir1 ]]; then + echo "$dir1"": No such directory" + exit 1 +fi +if [[ ! -d $dir2 ]]; then + echo "$dir2"": No such directory" + exit 1 +fi + +for ((i = 1 ; i <= num_rounds ; i++)); do + if ! diff --unified=0 "$dir1"/hyp$i.dot "$dir2"/hyp$i.dot; then + exit 1 + fi +done \ No newline at end of file From 673de73a02b6f6ba312db51b87ccefc39a83ce29 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 27 Feb 2025 01:40:22 +0100 Subject: [PATCH 20/54] fixed workflow yaml file --- .github/workflows/e2e_pr.yaml | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index 3bf5ce5..b40f0e2 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -8,19 +8,18 @@ jobs: strategy: fail-fast: true steps: - steps: - - name: Checkout code - uses: actions/checkout@v4 + - name: Checkout code + uses: actions/checkout@v4 - - name: Ready SSH keys - run: experiments/scripts/make_ssh_keys.sh + - name: Ready SSH keys + run: experiments/scripts/make_ssh_keys.sh - - name: Start learning DropbearSSH server - uses: hoverkraft-tech/compose-action@v2.0.1 - with: - compose-file: "./docker-compose.yml" - up-flags: "--build" + - name: Start learning DropbearSSH server + uses: hoverkraft-tech/compose-action@v2.0.1 + with: + compose-file: "./docker-compose.yml" + up-flags: "--build" - - name: Verify Result - run: | - experiments/scripts/diff_hyps.sh experiments/results/servers/dropbear ./learner_output 3 + - name: Verify Result + run: | + experiments/scripts/diff_hyps.sh experiments/results/servers/dropbear ./learner_output 3 From 9906a63c9b89843be3ac468666c805cddd217f35 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 27 Feb 2025 01:46:02 +0100 Subject: [PATCH 21/54] more syntax errors --- .github/workflows/e2e_pr.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index b40f0e2..4969572 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -15,10 +15,10 @@ jobs: run: experiments/scripts/make_ssh_keys.sh - name: Start learning DropbearSSH server - uses: hoverkraft-tech/compose-action@v2.0.1 - with: - compose-file: "./docker-compose.yml" - up-flags: "--build" + uses: hoverkraft-tech/compose-action@v2.0.1 + with: + compose-file: "./docker-compose.yml" + up-flags: "--build" - name: Verify Result run: | From b1244607eedbb9a91d53e1cc5703f0569b350ad7 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 27 Feb 2025 01:48:22 +0100 Subject: [PATCH 22/54] made scripts executable --- experiments/scripts/diff_hyps.sh | 0 experiments/scripts/make_ssh_keys.sh | 0 2 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 experiments/scripts/diff_hyps.sh mode change 100644 => 100755 experiments/scripts/make_ssh_keys.sh diff --git a/experiments/scripts/diff_hyps.sh b/experiments/scripts/diff_hyps.sh old mode 100644 new mode 100755 diff --git a/experiments/scripts/make_ssh_keys.sh b/experiments/scripts/make_ssh_keys.sh old mode 100644 new mode 100755 From f66ba58f5ba37711a5a438aae701dde3d19d5722 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 27 Feb 2025 01:56:15 +0100 Subject: [PATCH 23/54] fixed docker-compose file name. fixed the ssh-keys dir --- .github/workflows/e2e_pr.yaml | 2 +- experiments/scripts/make_ssh_keys.sh | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index 4969572..92d3d55 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -17,7 +17,7 @@ jobs: - name: Start learning DropbearSSH server uses: hoverkraft-tech/compose-action@v2.0.1 with: - compose-file: "./docker-compose.yml" + compose-file: "./docker-compose.yaml" up-flags: "--build" - name: Verify Result diff --git a/experiments/scripts/make_ssh_keys.sh b/experiments/scripts/make_ssh_keys.sh index db1abb1..59f939f 100755 --- a/experiments/scripts/make_ssh_keys.sh +++ b/experiments/scripts/make_ssh_keys.sh @@ -4,6 +4,7 @@ base_path="${curr_dir}/../.." pushd ${base_path} if [ -z "$( ls -A './ssh-keys' )" ]; then + mkdir ${PWD}/ssh-keys ssh-keygen -t rsa -f ${PWD}/ssh-keys/learner-ssh -N "" fi popd \ No newline at end of file From d76e88a2f96817457c5678c7202e9ef069a10a39 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 27 Feb 2025 01:58:33 +0100 Subject: [PATCH 24/54] compose error with container name --- docker-compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index ba4dd9d..af88af7 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -23,7 +23,7 @@ services: ports: - "8080:8080" depends_on: - - dropbear + - dropbear-ssh networks: - fuzzer_network volumes: @@ -40,7 +40,7 @@ services: networks: - fuzzer_network depends_on: - - dropbear + - dropbear-ssh - ssh-mapper volumes: - ./learner_output:/app/output_folder From bea2d13cf08a1109d66ba9ede063378d5137ccd2 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 27 Feb 2025 02:48:34 +0100 Subject: [PATCH 25/54] run containers as daemon to see if we can run the last stage --- .github/workflows/e2e_pr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index 92d3d55..3ca6709 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -18,7 +18,7 @@ jobs: uses: hoverkraft-tech/compose-action@v2.0.1 with: compose-file: "./docker-compose.yaml" - up-flags: "--build" + up-flags: "--build -d" - name: Verify Result run: | From 180d2f5a984a69cd0e0641af267124c590bf99da Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 27 Feb 2025 03:02:39 +0100 Subject: [PATCH 26/54] creating the output dir for experiments in the script --- .github/workflows/e2e_pr.yaml | 2 +- experiments/scripts/make_ssh_keys.sh | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index 3ca6709..92d3d55 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -18,7 +18,7 @@ jobs: uses: hoverkraft-tech/compose-action@v2.0.1 with: compose-file: "./docker-compose.yaml" - up-flags: "--build -d" + up-flags: "--build" - name: Verify Result run: | diff --git a/experiments/scripts/make_ssh_keys.sh b/experiments/scripts/make_ssh_keys.sh index 59f939f..698754e 100755 --- a/experiments/scripts/make_ssh_keys.sh +++ b/experiments/scripts/make_ssh_keys.sh @@ -5,6 +5,7 @@ pushd ${base_path} if [ -z "$( ls -A './ssh-keys' )" ]; then mkdir ${PWD}/ssh-keys + mkdir ${PWD}/learner_output ssh-keygen -t rsa -f ${PWD}/ssh-keys/learner-ssh -N "" fi popd \ No newline at end of file From 08f5bd79fccea1f5eb5b974206a91e12962f0434 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 27 Feb 2025 03:18:46 +0100 Subject: [PATCH 27/54] the diff script needs the abs path maybe --- .github/workflows/e2e_pr.yaml | 2 +- experiments/scripts/make_ssh_keys.sh | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index 92d3d55..1f4a3a5 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -22,4 +22,4 @@ jobs: - name: Verify Result run: | - experiments/scripts/diff_hyps.sh experiments/results/servers/dropbear ./learner_output 3 + experiments/scripts/diff_hyps.sh experiments/results/servers/dropbear ${PWD}/learner_output 3 diff --git a/experiments/scripts/make_ssh_keys.sh b/experiments/scripts/make_ssh_keys.sh index 698754e..545fc3e 100755 --- a/experiments/scripts/make_ssh_keys.sh +++ b/experiments/scripts/make_ssh_keys.sh @@ -6,6 +6,7 @@ pushd ${base_path} if [ -z "$( ls -A './ssh-keys' )" ]; then mkdir ${PWD}/ssh-keys mkdir ${PWD}/learner_output + ls ${PWD}/learner_output ssh-keygen -t rsa -f ${PWD}/ssh-keys/learner-ssh -N "" fi popd \ No newline at end of file From cda9d48a69781bd745f36c6acb3d7326d0ba4ba0 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 27 Feb 2025 03:25:59 +0100 Subject: [PATCH 28/54] experimenting with the script --- experiments/scripts/make_ssh_keys.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/experiments/scripts/make_ssh_keys.sh b/experiments/scripts/make_ssh_keys.sh index 545fc3e..ba77b3a 100755 --- a/experiments/scripts/make_ssh_keys.sh +++ b/experiments/scripts/make_ssh_keys.sh @@ -4,9 +4,9 @@ base_path="${curr_dir}/../.." pushd ${base_path} if [ -z "$( ls -A './ssh-keys' )" ]; then - mkdir ${PWD}/ssh-keys - mkdir ${PWD}/learner_output - ls ${PWD}/learner_output - ssh-keygen -t rsa -f ${PWD}/ssh-keys/learner-ssh -N "" + mkdir ${base_path}/ssh-keys + mkdir ${base_path}/learner_output + ls ${base_path}/learner_output + ssh-keygen -t rsa -f ${base_path}/ssh-keys/learner-ssh -N "" fi popd \ No newline at end of file From 6023c8f73c44b3d1062f1cf6729ef7f94a580fc0 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 27 Feb 2025 03:30:41 +0100 Subject: [PATCH 29/54] removed the worng check --- experiments/scripts/make_ssh_keys.sh | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/experiments/scripts/make_ssh_keys.sh b/experiments/scripts/make_ssh_keys.sh index ba77b3a..675964e 100755 --- a/experiments/scripts/make_ssh_keys.sh +++ b/experiments/scripts/make_ssh_keys.sh @@ -3,10 +3,8 @@ base_path="${curr_dir}/../.." pushd ${base_path} -if [ -z "$( ls -A './ssh-keys' )" ]; then - mkdir ${base_path}/ssh-keys - mkdir ${base_path}/learner_output - ls ${base_path}/learner_output - ssh-keygen -t rsa -f ${base_path}/ssh-keys/learner-ssh -N "" -fi +mkdir ${base_path}/ssh-keys +mkdir ${base_path}/learner_output +ls ${base_path}/learner_output +ssh-keygen -t rsa -f ${base_path}/ssh-keys/learner-ssh -N "" popd \ No newline at end of file From 27ad592cf1ff9a864a54bb30c690b2c116fc29ab Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 27 Feb 2025 03:43:03 +0100 Subject: [PATCH 30/54] checking dirs at the final stage --- .github/workflows/e2e_pr.yaml | 2 ++ experiments/scripts/make_ssh_keys.sh | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index 1f4a3a5..5fe6239 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -22,4 +22,6 @@ jobs: - name: Verify Result run: | + pwd + ls -al experiments/scripts/diff_hyps.sh experiments/results/servers/dropbear ${PWD}/learner_output 3 diff --git a/experiments/scripts/make_ssh_keys.sh b/experiments/scripts/make_ssh_keys.sh index 675964e..ce00e85 100755 --- a/experiments/scripts/make_ssh_keys.sh +++ b/experiments/scripts/make_ssh_keys.sh @@ -5,6 +5,6 @@ pushd ${base_path} mkdir ${base_path}/ssh-keys mkdir ${base_path}/learner_output -ls ${base_path}/learner_output ssh-keygen -t rsa -f ${base_path}/ssh-keys/learner-ssh -N "" + popd \ No newline at end of file From 7a337fe2a494eb12e9cd6e5b416c0bac8bd63bf1 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 27 Feb 2025 03:55:51 +0100 Subject: [PATCH 31/54] need to look at the contents of the learner output dir --- .github/workflows/e2e_pr.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index 5fe6239..010ce4a 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -24,4 +24,6 @@ jobs: run: | pwd ls -al + echo "learner output dir:" + ls learner_output experiments/scripts/diff_hyps.sh experiments/results/servers/dropbear ${PWD}/learner_output 3 From 6a2cc4f885e83a7bf775d50dadf0aba184fb93f3 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 27 Feb 2025 04:31:05 +0100 Subject: [PATCH 32/54] checking docker cmd --- .github/workflows/e2e_pr.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index 010ce4a..d263c29 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -23,6 +23,7 @@ jobs: - name: Verify Result run: | pwd + docker ps ls -al echo "learner output dir:" ls learner_output From 01516942a779a69b2c27fd62be5ef82dadbdfb37 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 27 Feb 2025 04:40:11 +0100 Subject: [PATCH 33/54] wait for the learning container to finish --- .github/workflows/e2e_pr.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index d263c29..b9e2922 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -22,9 +22,7 @@ jobs: - name: Verify Result run: | - pwd - docker ps - ls -al - echo "learner output dir:" - ls learner_output + # wait for the learning to be over + while [ "$( docker container inspect -f '{{.State.Running}}' ssh-learner )" = "true" ]; do date; echo "still learning"; sleep 5; done + experiments/scripts/diff_hyps.sh experiments/results/servers/dropbear ${PWD}/learner_output 3 From 0dc9836189cc75445be831ebca5ca6d06c0c1109 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Wed, 5 Mar 2025 23:32:33 +0100 Subject: [PATCH 34/54] - removed the ssh keys from inside the container. Only mounting from docker-compose now. - added a print statement at the end of the learning to note if the execution ended successfully or not. - changed the mapper to only print of there is an alphabet to map. Signed-off-by: shasan101 --- ssh-learner/Dockerfile | 3 +-- ssh-learner/src/learner/Main.java | 1 + ssh-mapper/mapper/mapper.py | 10 +++++++--- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/ssh-learner/Dockerfile b/ssh-learner/Dockerfile index 1609480..2d161ab 100644 --- a/ssh-learner/Dockerfile +++ b/ssh-learner/Dockerfile @@ -14,7 +14,6 @@ FROM bitnami/java:17 WORKDIR /app COPY --from=build /app/target/ssh-learner.jar ./ssh-learner.jar COPY --from=build /app/target/lib/ ./lib/ -COPY resources/ resources/ -COPY inputs/alphabets/ inputs/alphabets/ + ENTRYPOINT ["java", "-cp", "./ssh-learner.jar:./lib/*", "learner.Main"] diff --git a/ssh-learner/src/learner/Main.java b/ssh-learner/src/learner/Main.java index 7d071b3..2a2f4f7 100644 --- a/ssh-learner/src/learner/Main.java +++ b/ssh-learner/src/learner/Main.java @@ -30,5 +30,6 @@ static void runMealyLearner(String[] args) { CommandLineParser> commandLineParser = new CommandLineParser<>(mb, mb, mb, mb); List>> results = commandLineParser.parse(args); + System.out.println("Done with Mealy Machine learning"); } } diff --git a/ssh-mapper/mapper/mapper.py b/ssh-mapper/mapper/mapper.py index 48f352a..b1e6aff 100755 --- a/ssh-mapper/mapper/mapper.py +++ b/ssh-mapper/mapper/mapper.py @@ -242,9 +242,13 @@ def listen(self): for i in range(repeat): result = '' for ci, command in enumerate(commands): - print('[%s]' % self.transport) - print('Sending %s...' % command.decode('UTF-8')) - response = self.process_learlib_query(command.decode('UTF-8')) + final_cmd = command + if type(command) != str: + final_cmd = command.decode('UTF-8') + # print('transport is: [%s]' % self.transport) + if final_cmd != '': + print('Sending %s...' %final_cmd) + response = self.process_learlib_query(final_cmd) result += response # If this is not the last command, add a space if ci != len(commands)-1: From d48c52dbdd2e1a6b1b06a9238e353bd6b15e2186 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 6 Mar 2025 01:20:37 +0100 Subject: [PATCH 35/54] moved all the docker related files to a separate dir. updated the script to run the experiments --- docker-compose.yaml | 51 ------------------- .../docker-compose-dropbear.yaml | 50 ++++++++++++++++++ .../orchestration/docker-compose-openssh.yaml | 51 +++++++++++++++++++ .../dockerfiles/Dockerfile.dropbear | 0 .../dockerfiles/Dockerfile.openssh | 16 ++++++ experiments/scripts/make_ssh_keys.sh | 10 ---- experiments/scripts/start_experiment.sh | 42 +++++++++++++++ .../inputs/alphabets/servers/openssh.xml | 31 +++++++++++ 8 files changed, 190 insertions(+), 61 deletions(-) delete mode 100644 docker-compose.yaml create mode 100644 experiments/orchestration/docker-compose-dropbear.yaml create mode 100644 experiments/orchestration/docker-compose-openssh.yaml rename Dockerfile.dropbear => experiments/orchestration/dockerfiles/Dockerfile.dropbear (100%) create mode 100644 experiments/orchestration/dockerfiles/Dockerfile.openssh delete mode 100755 experiments/scripts/make_ssh_keys.sh create mode 100755 experiments/scripts/start_experiment.sh create mode 100644 ssh-learner/inputs/alphabets/servers/openssh.xml diff --git a/docker-compose.yaml b/docker-compose.yaml deleted file mode 100644 index af88af7..0000000 --- a/docker-compose.yaml +++ /dev/null @@ -1,51 +0,0 @@ -version: "3.8" - -services: - # Dropbear service - dropbear-ssh: - build: - context: . - dockerfile: Dockerfile.dropbear - container_name: dropbear-ssh - ports: - - "2222:22" - networks: - - fuzzer_network - volumes: - - ./ssh-keys:${HOME}/.ssh/:ro - - # SSH Mapper service - ssh-mapper: - build: - context: ./ssh-mapper - dockerfile: Dockerfile - container_name: ssh-mapper - ports: - - "8080:8080" - depends_on: - - dropbear-ssh - networks: - - fuzzer_network - volumes: - - ./ssh-keys/learner-ssh.pub:/root/.ssh/id_rsa.pub:ro - - ./ssh-keys/learner-ssh:/root/.ssh/id_rsa:ro - command: -l 0.0.0.0:8080 -s dropbear-ssh:22 -f server - - # SSH Learner service - ssh-learner: - build: - context: ./ssh-learner - dockerfile: Dockerfile - container_name: ssh-learner - networks: - - fuzzer_network - depends_on: - - dropbear-ssh - - ssh-mapper - volumes: - - ./learner_output:/app/output_folder - command: ["state-fuzzer-server", "-connect", "ssh-mapper:8080", "-alphabet", "/app/inputs/alphabets/servers/trans_auth.xml", "-output", "/app/output_folder", "-sshMapperAddress", "ssh-mapper:8080", "-roundLimit", "3"] - -networks: - fuzzer_network: - driver: bridge diff --git a/experiments/orchestration/docker-compose-dropbear.yaml b/experiments/orchestration/docker-compose-dropbear.yaml new file mode 100644 index 0000000..420a434 --- /dev/null +++ b/experiments/orchestration/docker-compose-dropbear.yaml @@ -0,0 +1,50 @@ +version: "3.8" + +services: + dropbear-ssh: + build: + context: . + dockerfile: dockerfiles/Dockerfile.dropbear + container_name: dropbear-ssh + # ports: + # - "2222:22" + networks: + - dropbear_network + volumes: + - ./ssh-keys:${HOME}/.ssh/:ro + + + dropbear-mapper: + build: + context: ../../ssh-mapper + dockerfile: Dockerfile + container_name: dropbear-mapper + # ports: + # - "8080:8080" + depends_on: + - dropbear-ssh + networks: + - dropbear_network + volumes: + - ./ssh-keys/learner-ssh.pub:/root/.ssh/id_rsa.pub:ro + - ./ssh-keys/learner-ssh:/root/.ssh/id_rsa:ro + command: -l 0.0.0.0:8080 -s dropbear-ssh:22 -f server + + dropbear-learner: + build: + context: ../../ssh-learner + dockerfile: Dockerfile + container_name: dropbear-learner + networks: + - dropbear_network + depends_on: + - dropbear-ssh + - dropbear-mapper + volumes: + - ./learner_output_dropbear:/app/output_folder + - ../../ssh-learner/inputs/alphabets/servers/trans_auth.xml:/app/inputs/alphabets/servers/trans_auth.xml + command: ["state-fuzzer-server", "-connect", "dropbear-mapper:8080", "-alphabet", "/app/inputs/alphabets/servers/trans_auth.xml", "-output", "/app/output_folder", "-sshMapperAddress", "dropbear-mapper:8080", "-roundLimit", "3"] + +networks: + dropbear_network: + driver: bridge diff --git a/experiments/orchestration/docker-compose-openssh.yaml b/experiments/orchestration/docker-compose-openssh.yaml new file mode 100644 index 0000000..718c861 --- /dev/null +++ b/experiments/orchestration/docker-compose-openssh.yaml @@ -0,0 +1,51 @@ +version: "3.8" + +services: + openssh-server: + build: + context: . + dockerfile: dockerfiles/Dockerfile.openssh + container_name: openssh-server + # ports: + # - "2222:22" + networks: + - openssh_network + volumes: + - ./ssh-keys/learner-ssh.pub:/root/.ssh/id_rsa.pub:ro + - ./ssh-keys/learner-ssh:/root/.ssh/id_rsa:ro + + + openssh-mapper: + build: + context: ../../ssh-mapper + dockerfile: Dockerfile + container_name: openssh-mapper + # ports: + # - "8080:8080" + depends_on: + - openssh-server + networks: + - openssh_network + volumes: + - ./ssh-keys/learner-ssh.pub:/root/.ssh/id_rsa.pub:ro + - ./ssh-keys/learner-ssh:/root/.ssh/id_rsa:ro + command: -l 0.0.0.0:8080 -s openssh-server:22 -c OpenSSH -f server + + openssh-learner: + build: + context: ../../ssh-learner + dockerfile: Dockerfile + container_name: openssh-learner + networks: + - openssh_network + depends_on: + - openssh-server + - openssh-mapper + volumes: + - ./learner_output_ssh:/app/output_folder + - ../../ssh-learner/inputs/alphabets/servers/:/app/inputs/alphabets/servers/ + command: ["state-fuzzer-server", "-connect", "openssh-mapper:8080", "-alphabet", "/app/inputs/alphabets/servers/openssh.xml", "-output", "/app/output_folder", "-sshMapperAddress", "openssh-mapper:8080", "-roundLimit", "3"] + +networks: + openssh_network: + driver: bridge diff --git a/Dockerfile.dropbear b/experiments/orchestration/dockerfiles/Dockerfile.dropbear similarity index 100% rename from Dockerfile.dropbear rename to experiments/orchestration/dockerfiles/Dockerfile.dropbear diff --git a/experiments/orchestration/dockerfiles/Dockerfile.openssh b/experiments/orchestration/dockerfiles/Dockerfile.openssh new file mode 100644 index 0000000..f60427a --- /dev/null +++ b/experiments/orchestration/dockerfiles/Dockerfile.openssh @@ -0,0 +1,16 @@ +FROM ubuntu:focal + +USER root + +RUN apt-get update && apt-get install -y systemd openssh-server sudo vim + +RUN mkdir /run/sshd + +RUN echo "LogLevel DEBUG3" >> /etc/ssh/sshd_config + +RUN echo "KexAlgorithms +curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config && \ + echo "PubkeyAcceptedKeyTypes=+ssh-rsa" >> /etc/ssh/sshd_config + +RUN systemctl enable ssh + +CMD ["/usr/sbin/sshd", "-D", "-e"] diff --git a/experiments/scripts/make_ssh_keys.sh b/experiments/scripts/make_ssh_keys.sh deleted file mode 100755 index ce00e85..0000000 --- a/experiments/scripts/make_ssh_keys.sh +++ /dev/null @@ -1,10 +0,0 @@ -curr_dir="$(dirname "$0")" -base_path="${curr_dir}/../.." - -pushd ${base_path} - -mkdir ${base_path}/ssh-keys -mkdir ${base_path}/learner_output -ssh-keygen -t rsa -f ${base_path}/ssh-keys/learner-ssh -N "" - -popd \ No newline at end of file diff --git a/experiments/scripts/start_experiment.sh b/experiments/scripts/start_experiment.sh new file mode 100755 index 0000000..bd7bcca --- /dev/null +++ b/experiments/scripts/start_experiment.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +# Define paths +SSH_KEY_DIR="../orchestration/ssh-keys" +SSH_KEY_NAME="learner-ssh" +DOCKER_COMPOSE_DIR="../orchestration" + +# Ensure the ssh-keys directory exists +mkdir -p "${SSH_KEY_DIR}" + +# Check if the SSH keys exist, if not, generate them +if [[ ! -f "${SSH_KEY_DIR}/${SSH_KEY_NAME}" || ! -f "${SSH_KEY_DIR}/${SSH_KEY_NAME}.pub" ]]; then + echo "SSH keys not found. Generating new SSH keys..." + ssh-keygen -t rsa -b 4096 -f "${SSH_KEY_DIR}/${SSH_KEY_NAME}" -N "" + echo "SSH keys generated at ${SSH_KEY_DIR}" +else + echo "SSH keys already exist. Skipping key generation." +fi + +# Check user input +if [[ "$#" -ne 1 ]]; then + echo "Usage: $0 " + exit 1 +fi + +EXPERIMENT=$1 +COMPOSE_FILE="docker-compose-${EXPERIMENT}.yaml" + +# Validate input and start corresponding docker-compose +if [[ "${EXPERIMENT}" == "openssh" || "${EXPERIMENT}" == "dropbear" ]]; then + if [[ -f "${DOCKER_COMPOSE_DIR}/${COMPOSE_FILE}" ]]; then + pushd "${DOCKER_COMPOSE_DIR}" + echo "Starting experiment for ${EXPERIMENT}..." + docker-compose -f "${DOCKER_COMPOSE_DIR}/${COMPOSE_FILE}" up --build + else + echo "Error: ${COMPOSE_FILE} not found in ${DOCKER_COMPOSE_DIR}" + exit 1 + fi +else + echo "Invalid argument. Use 'openssh' or 'dropbear'." + exit 1 +fi diff --git a/ssh-learner/inputs/alphabets/servers/openssh.xml b/ssh-learner/inputs/alphabets/servers/openssh.xml new file mode 100644 index 0000000..b5cd67c --- /dev/null +++ b/ssh-learner/inputs/alphabets/servers/openssh.xml @@ -0,0 +1,31 @@ + + + + + + + + + + + + \ No newline at end of file From bed7ab2d2ebd82a1c1c4679774986f10cddb53ce Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 6 Mar 2025 01:28:00 +0100 Subject: [PATCH 36/54] test the changes with just dropbear --- .github/workflows/e2e_pr.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index b9e2922..bd6b750 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -15,14 +15,14 @@ jobs: run: experiments/scripts/make_ssh_keys.sh - name: Start learning DropbearSSH server - uses: hoverkraft-tech/compose-action@v2.0.1 - with: - compose-file: "./docker-compose.yaml" - up-flags: "--build" + run: cd experiments/scripts/start_experiments.sh dropbear + # uses: hoverkraft-tech/compose-action@v2.0.1 + # with: + # compose-file: "./docker-compose.yaml" + # up-flags: "--build" - name: Verify Result run: | # wait for the learning to be over - while [ "$( docker container inspect -f '{{.State.Running}}' ssh-learner )" = "true" ]; do date; echo "still learning"; sleep 5; done - - experiments/scripts/diff_hyps.sh experiments/results/servers/dropbear ${PWD}/learner_output 3 + while [ "$( docker container inspect -f '{{.State.Running}}' dropbear-learner )" = "true" ]; do date; echo "still learning"; sleep 5; done + experiments/scripts/diff_hyps.sh experiments/results/servers/dropbear experiments/orchestration/learner_output_dropbear 3 From 2353fbf2a910ffc2e67f8594161ad21615ecd671 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 6 Mar 2025 01:29:44 +0100 Subject: [PATCH 37/54] removed unused stage --- .github/workflows/e2e_pr.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index bd6b750..6ca4721 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -11,9 +11,6 @@ jobs: - name: Checkout code uses: actions/checkout@v4 - - name: Ready SSH keys - run: experiments/scripts/make_ssh_keys.sh - - name: Start learning DropbearSSH server run: cd experiments/scripts/start_experiments.sh dropbear # uses: hoverkraft-tech/compose-action@v2.0.1 From 8ee8eefef525382a71f0fec1c86b266907a88d50 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 6 Mar 2025 01:31:29 +0100 Subject: [PATCH 38/54] fix typo --- .github/workflows/e2e_pr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index 6ca4721..adb26cd 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -12,7 +12,7 @@ jobs: uses: actions/checkout@v4 - name: Start learning DropbearSSH server - run: cd experiments/scripts/start_experiments.sh dropbear + run: cd experiments/scripts/ && bash start_experiments.sh dropbear # uses: hoverkraft-tech/compose-action@v2.0.1 # with: # compose-file: "./docker-compose.yaml" From dc7f9ea9269df6108f475338d1718fd2e88c85af Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 6 Mar 2025 01:32:03 +0100 Subject: [PATCH 39/54] fix typo --- .github/workflows/e2e_pr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index adb26cd..fd1959e 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -12,7 +12,7 @@ jobs: uses: actions/checkout@v4 - name: Start learning DropbearSSH server - run: cd experiments/scripts/ && bash start_experiments.sh dropbear + run: cd experiments/scripts/ && bash start_experiment.sh dropbear # uses: hoverkraft-tech/compose-action@v2.0.1 # with: # compose-file: "./docker-compose.yaml" From 8b8d4958dcdd936564413f0d80dd9fe3a7610807 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 6 Mar 2025 01:41:12 +0100 Subject: [PATCH 40/54] found that this os should have the docker-compose preinstalled --- .github/workflows/e2e_pr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index fd1959e..61e22da 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -4,7 +4,7 @@ on: [push, pull_request] jobs: ssh-mapper-dropbear-server: if: ${{ !contains(github.event.head_commit.message, 'ci skip') }} - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 strategy: fail-fast: true steps: From fd9b2ca854739fac102f432a5de26c9c44821c88 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 6 Mar 2025 01:43:12 +0100 Subject: [PATCH 41/54] changed the checkout runner --- .github/workflows/e2e_pr.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index 61e22da..1b586b4 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -4,12 +4,12 @@ on: [push, pull_request] jobs: ssh-mapper-dropbear-server: if: ${{ !contains(github.event.head_commit.message, 'ci skip') }} - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest strategy: fail-fast: true steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v2 - name: Start learning DropbearSSH server run: cd experiments/scripts/ && bash start_experiment.sh dropbear From ec7692d34c677c2e272aaa6b995a1e598b78b37a Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 6 Mar 2025 01:53:44 +0100 Subject: [PATCH 42/54] testing ci --- .github/workflows/e2e_pr.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index 1b586b4..3b9c0bc 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -5,11 +5,11 @@ jobs: ssh-mapper-dropbear-server: if: ${{ !contains(github.event.head_commit.message, 'ci skip') }} runs-on: ubuntu-latest - strategy: - fail-fast: true + # strategy: + # fail-fast: true steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Start learning DropbearSSH server run: cd experiments/scripts/ && bash start_experiment.sh dropbear From cb29088852d31097ead1fe4fdebb0b54abf626e1 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 6 Mar 2025 01:57:03 +0100 Subject: [PATCH 43/54] testing --- .github/workflows/e2e_pr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index 3b9c0bc..5122c8f 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -12,7 +12,7 @@ jobs: uses: actions/checkout@v4 - name: Start learning DropbearSSH server - run: cd experiments/scripts/ && bash start_experiment.sh dropbear + run: cd experiments/scripts/ && ./start_experiment.sh dropbear # uses: hoverkraft-tech/compose-action@v2.0.1 # with: # compose-file: "./docker-compose.yaml" From 86b3244f60fdcd6a8ab574f707183b112b554520 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 6 Mar 2025 01:59:29 +0100 Subject: [PATCH 44/54] using docker compose --- experiments/scripts/start_experiment.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/experiments/scripts/start_experiment.sh b/experiments/scripts/start_experiment.sh index bd7bcca..842ed92 100755 --- a/experiments/scripts/start_experiment.sh +++ b/experiments/scripts/start_experiment.sh @@ -31,7 +31,7 @@ if [[ "${EXPERIMENT}" == "openssh" || "${EXPERIMENT}" == "dropbear" ]]; then if [[ -f "${DOCKER_COMPOSE_DIR}/${COMPOSE_FILE}" ]]; then pushd "${DOCKER_COMPOSE_DIR}" echo "Starting experiment for ${EXPERIMENT}..." - docker-compose -f "${DOCKER_COMPOSE_DIR}/${COMPOSE_FILE}" up --build + docker compose -f "${DOCKER_COMPOSE_DIR}/${COMPOSE_FILE}" up --build else echo "Error: ${COMPOSE_FILE} not found in ${DOCKER_COMPOSE_DIR}" exit 1 From 8d9ca1261a71ae42fba6a4e4c7b303c3f54dcb27 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 6 Mar 2025 02:09:21 +0100 Subject: [PATCH 45/54] - added ci step for openssh server learning. - changed the transport.py from paramiko so that the cert verification error does not occur. - added the results to the experiment dir for openssh to compare. Signed-off-by: shasan101 --- .github/workflows/e2e_pr.yaml | 22 ++++- .../results/servers/openssh/alphabet.xml | 31 +++++++ .../results/servers/openssh/command.args | 11 +++ experiments/results/servers/openssh/error.msg | 21 +++++ experiments/results/servers/openssh/hyp1.dot | 15 ++++ experiments/results/servers/openssh/hyp2.dot | 31 +++++++ experiments/results/servers/openssh/hyp3.dot | 79 ++++++++++++++++ .../results/servers/openssh/learnedModel.dot | 79 ++++++++++++++++ .../results/servers/openssh/statistics.txt | 89 +++++++++++++++++++ ssh-mapper/manualparamiko/transport.py | 16 ++-- 10 files changed, 382 insertions(+), 12 deletions(-) create mode 100644 experiments/results/servers/openssh/alphabet.xml create mode 100644 experiments/results/servers/openssh/command.args create mode 100644 experiments/results/servers/openssh/error.msg create mode 100644 experiments/results/servers/openssh/hyp1.dot create mode 100644 experiments/results/servers/openssh/hyp2.dot create mode 100644 experiments/results/servers/openssh/hyp3.dot create mode 100644 experiments/results/servers/openssh/learnedModel.dot create mode 100644 experiments/results/servers/openssh/statistics.txt diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index 5122c8f..b2d4f42 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -13,13 +13,27 @@ jobs: - name: Start learning DropbearSSH server run: cd experiments/scripts/ && ./start_experiment.sh dropbear - # uses: hoverkraft-tech/compose-action@v2.0.1 - # with: - # compose-file: "./docker-compose.yaml" - # up-flags: "--build" - name: Verify Result run: | # wait for the learning to be over while [ "$( docker container inspect -f '{{.State.Running}}' dropbear-learner )" = "true" ]; do date; echo "still learning"; sleep 5; done experiments/scripts/diff_hyps.sh experiments/results/servers/dropbear experiments/orchestration/learner_output_dropbear 3 + + ssh-mapper-openssh-server: + if: ${{ !contains(github.event.head_commit.message, 'ci skip') }} + runs-on: ubuntu-latest + # strategy: + # fail-fast: true + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Start learning OpenSSH server + run: cd experiments/scripts/ && ./start_experiment.sh openssh + + - name: Verify Result + run: | + # wait for the learning to be over + while [ "$( docker container inspect -f '{{.State.Running}}' openssh-learner )" = "true" ]; do date; echo "still learning"; sleep 5; done + experiments/scripts/diff_hyps.sh experiments/results/servers/openssh experiments/orchestration/learner_output_openssh 3 diff --git a/experiments/results/servers/openssh/alphabet.xml b/experiments/results/servers/openssh/alphabet.xml new file mode 100644 index 0000000..b5cd67c --- /dev/null +++ b/experiments/results/servers/openssh/alphabet.xml @@ -0,0 +1,31 @@ + + + + + + + + + + + + \ No newline at end of file diff --git a/experiments/results/servers/openssh/command.args b/experiments/results/servers/openssh/command.args new file mode 100644 index 0000000..e231fe9 --- /dev/null +++ b/experiments/results/servers/openssh/command.args @@ -0,0 +1,11 @@ +state-fuzzer-server +-connect +openssh-mapper:8080 +-alphabet +/app/inputs/alphabets/servers/openssh.xml +-output +/app/output_folder +-sshMapperAddress +openssh-mapper:8080 +-roundLimit +3 diff --git a/experiments/results/servers/openssh/error.msg b/experiments/results/servers/openssh/error.msg new file mode 100644 index 0000000..042f5fe --- /dev/null +++ b/experiments/results/servers/openssh/error.msg @@ -0,0 +1,21 @@ +Cannot invoke "String.hashCode()" because the return value of "com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.abstractsymbols.AbstractOutput.getName()" is null +java.lang.NullPointerException: Cannot invoke "String.hashCode()" because the return value of "com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.abstractsymbols.AbstractOutput.getName()" is null + at com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.abstractsymbols.AbstractOutput.hashCode(AbstractOutput.java:218) + at net.automatalib.word.Word.hashCode(Word.java:242) + at java.base/java.util.HashMap.hash(HashMap.java:338) + at java.base/java.util.HashMap.computeIfAbsent(HashMap.java:1191) + at de.learnlib.datastructure.discriminationtree.SplitData.getIncoming(SplitData.java:110) + at de.learnlib.algorithm.ttt.base.AbstractTTTLearner.prepareSplit(AbstractTTTLearner.java:624) + at de.learnlib.algorithm.ttt.base.AbstractTTTLearner.finalizeDiscriminator(AbstractTTTLearner.java:554) + at de.learnlib.algorithm.ttt.base.AbstractTTTLearner.finalizeAny(AbstractTTTLearner.java:305) + at de.learnlib.algorithm.ttt.base.AbstractTTTLearner.refineHypothesisSingle(AbstractTTTLearner.java:215) + at de.learnlib.algorithm.ttt.mealy.TTTLearnerMealy.refineHypothesisSingle(TTTLearnerMealy.java:67) + at de.learnlib.algorithm.ttt.base.AbstractTTTLearner.refineHypothesis(AbstractTTTLearner.java:163) + at com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.core.StateFuzzerStandard.inferStateMachine(StateFuzzerStandard.java:164) + at com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.core.StateFuzzerStandard.startFuzzing(StateFuzzerStandard.java:84) + at com.github.protocolfuzzing.protocolstatefuzzer.entrypoints.CommandLineParser.executeCommand(CommandLineParser.java:355) + at com.github.protocolfuzzing.protocolstatefuzzer.entrypoints.CommandLineParser.parseAndExecuteCommand(CommandLineParser.java:226) + at com.github.protocolfuzzing.protocolstatefuzzer.entrypoints.CommandLineParser.parse(CommandLineParser.java:168) + at com.github.protocolfuzzing.protocolstatefuzzer.entrypoints.CommandLineParser.parse(CommandLineParser.java:212) + at learner.Main.runMealyLearner(Main.java:32) + at learner.Main.main(Main.java:21) diff --git a/experiments/results/servers/openssh/hyp1.dot b/experiments/results/servers/openssh/hyp1.dot new file mode 100644 index 0000000..99bfa7f --- /dev/null +++ b/experiments/results/servers/openssh/hyp1.dot @@ -0,0 +1,15 @@ +digraph g { + + s0 [shape="circle" label="s0"]; + s0 -> s0 [label="KEXINIT / KEXINIT"]; + s0 -> s0 [label="KEX30 / KEXINIT+UNIMPL"]; + s0 -> s0 [label="NEWKEYS / KEXINIT+UNIMPL"]; + s0 -> s0 [label="SR_AUTH / KEXINIT+UNIMPL"]; + s0 -> s0 [label="SR_CONN / KEXINIT+UNIMPL"]; + s0 -> s0 [label="UA_PK_OK / KEXINIT"]; + s0 -> s0 [label="UA_PK_NOK / KEXINIT"]; + +__start0 [label="" shape="none" width="0" height="0"]; +__start0 -> s0; + +} diff --git a/experiments/results/servers/openssh/hyp2.dot b/experiments/results/servers/openssh/hyp2.dot new file mode 100644 index 0000000..4e505b7 --- /dev/null +++ b/experiments/results/servers/openssh/hyp2.dot @@ -0,0 +1,31 @@ +digraph g { + + s0 [shape="circle" label="s0"]; + s1 [shape="circle" label="s1"]; + s2 [shape="circle" label="s2"]; + s0 -> s1 [label="KEXINIT / KEXINIT"]; + s0 -> s1 [label="KEX30 / KEXINIT+UNIMPL"]; + s0 -> s1 [label="NEWKEYS / KEXINIT+UNIMPL"]; + s0 -> s1 [label="SR_AUTH / KEXINIT+UNIMPL"]; + s0 -> s1 [label="SR_CONN / KEXINIT+UNIMPL"]; + s0 -> s2 [label="UA_PK_OK / KEXINIT"]; + s0 -> s2 [label="UA_PK_NOK / KEXINIT"]; + s1 -> s1 [label="KEXINIT / UNIMPL"]; + s1 -> s1 [label="KEX30 / KEX31+NEWKEYS+BUFFERED"]; + s1 -> s1 [label="NEWKEYS / UNIMPL"]; + s1 -> s1 [label="SR_AUTH / UNIMPL"]; + s1 -> s1 [label="SR_CONN / UNIMPL"]; + s1 -> s2 [label="UA_PK_OK / NO_CONN"]; + s1 -> s2 [label="UA_PK_NOK / NO_CONN"]; + s2 -> s2 [label="KEXINIT / NO_CONN"]; + s2 -> s2 [label="KEX30 / NO_CONN"]; + s2 -> s2 [label="NEWKEYS / NO_CONN"]; + s2 -> s2 [label="SR_AUTH / NO_CONN"]; + s2 -> s2 [label="SR_CONN / NO_CONN"]; + s2 -> s2 [label="UA_PK_OK / NO_CONN"]; + s2 -> s2 [label="UA_PK_NOK / NO_CONN"]; + +__start0 [label="" shape="none" width="0" height="0"]; +__start0 -> s0; + +} diff --git a/experiments/results/servers/openssh/hyp3.dot b/experiments/results/servers/openssh/hyp3.dot new file mode 100644 index 0000000..732715e --- /dev/null +++ b/experiments/results/servers/openssh/hyp3.dot @@ -0,0 +1,79 @@ +digraph g { + + s0 [shape="circle" label="s0"]; + s1 [shape="circle" label="s1"]; + s2 [shape="circle" label="s2"]; + s3 [shape="circle" label="s3"]; + s4 [shape="circle" label="s4"]; + s5 [shape="circle" label="s5"]; + s6 [shape="circle" label="s6"]; + s7 [shape="circle" label="s7"]; + s8 [shape="circle" label="s8"]; + s0 -> s1 [label="KEXINIT / KEXINIT"]; + s0 -> s1 [label="KEX30 / KEXINIT+UNIMPL"]; + s0 -> s1 [label="NEWKEYS / KEXINIT+UNIMPL"]; + s0 -> s1 [label="SR_AUTH / KEXINIT+UNIMPL"]; + s0 -> s1 [label="SR_CONN / KEXINIT+UNIMPL"]; + s0 -> s2 [label="UA_PK_OK / KEXINIT"]; + s0 -> s2 [label="UA_PK_NOK / KEXINIT"]; + s1 -> s4 [label="KEXINIT / UNIMPL"]; + s1 -> s3 [label="KEX30 / KEX31+NEWKEYS+BUFFERED"]; + s1 -> s1 [label="NEWKEYS / UNIMPL"]; + s1 -> s1 [label="SR_AUTH / UNIMPL"]; + s1 -> s1 [label="SR_CONN / UNIMPL"]; + s1 -> s2 [label="UA_PK_OK / NO_CONN"]; + s1 -> s2 [label="UA_PK_NOK / NO_CONN"]; + s2 -> s2 [label="KEXINIT / NO_CONN"]; + s2 -> s2 [label="KEX30 / NO_CONN"]; + s2 -> s2 [label="NEWKEYS / NO_CONN"]; + s2 -> s2 [label="SR_AUTH / NO_CONN"]; + s2 -> s2 [label="SR_CONN / NO_CONN"]; + s2 -> s2 [label="UA_PK_OK / NO_CONN"]; + s2 -> s2 [label="UA_PK_NOK / NO_CONN"]; + s3 -> s3 [label="KEXINIT / UNIMPL"]; + s3 -> s3 [label="KEX30 / UNIMPL"]; + s3 -> s6 [label="NEWKEYS / NO_RESP"]; + s3 -> s3 [label="SR_AUTH / UNIMPL"]; + s3 -> s3 [label="SR_CONN / UNIMPL"]; + s3 -> s2 [label="UA_PK_OK / NO_CONN"]; + s3 -> s2 [label="UA_PK_NOK / NO_CONN"]; + s4 -> s4 [label="KEXINIT / UNIMPL"]; + s4 -> s5 [label="KEX30 / KEX31+NEWKEYS"]; + s4 -> s4 [label="NEWKEYS / UNIMPL"]; + s4 -> s4 [label="SR_AUTH / UNIMPL"]; + s4 -> s4 [label="SR_CONN / UNIMPL"]; + s4 -> s2 [label="UA_PK_OK / NO_CONN"]; + s4 -> s2 [label="UA_PK_NOK / NO_CONN"]; + s5 -> s5 [label="KEXINIT / NO_RESP"]; + s5 -> s5 [label="KEX30 / NO_RESP"]; + s5 -> s2 [label="NEWKEYS / NO_RESP"]; + s5 -> s5 [label="SR_AUTH / NO_RESP"]; + s5 -> s5 [label="SR_CONN / NO_RESP"]; + s5 -> s2 [label="UA_PK_OK / NO_CONN"]; + s5 -> s2 [label="UA_PK_NOK / NO_CONN"]; + s6 -> s6 [label="KEXINIT / UNIMPL"]; + s6 -> s6 [label="KEX30 / UNIMPL"]; + s6 -> s2 [label="NEWKEYS / UNIMPL"]; + s6 -> s7 [label="SR_AUTH / SR_ACCEPT"]; + s6 -> s2 [label="SR_CONN / DISCONNECT"]; + s6 -> s6 [label="UA_PK_OK / UNIMPL"]; + s6 -> s6 [label="UA_PK_NOK / UNIMPL"]; + s7 -> s7 [label="KEXINIT / UNIMPL"]; + s7 -> s7 [label="KEX30 / UNIMPL"]; + s7 -> s2 [label="NEWKEYS / UNIMPL"]; + s7 -> s7 [label="SR_AUTH / SR_ACCEPT"]; + s7 -> s2 [label="SR_CONN / DISCONNECT"]; + s7 -> s7 [label="UA_PK_OK / UA_FAILURE"]; + s7 -> s8 [label="UA_PK_NOK / UA_FAILURE"]; + s8 -> s8 [label="KEXINIT / UNIMPL"]; + s8 -> s8 [label="KEX30 / UNIMPL"]; + s8 -> s2 [label="NEWKEYS / UNIMPL"]; + s8 -> s8 [label="SR_AUTH / SR_ACCEPT"]; + s8 -> s2 [label="SR_CONN / DISCONNECT"]; + s8 -> s2 [label="UA_PK_OK / DISCONNECT"]; + s8 -> s8 [label="UA_PK_NOK / UA_FAILURE"]; + +__start0 [label="" shape="none" width="0" height="0"]; +__start0 -> s0; + +} diff --git a/experiments/results/servers/openssh/learnedModel.dot b/experiments/results/servers/openssh/learnedModel.dot new file mode 100644 index 0000000..732715e --- /dev/null +++ b/experiments/results/servers/openssh/learnedModel.dot @@ -0,0 +1,79 @@ +digraph g { + + s0 [shape="circle" label="s0"]; + s1 [shape="circle" label="s1"]; + s2 [shape="circle" label="s2"]; + s3 [shape="circle" label="s3"]; + s4 [shape="circle" label="s4"]; + s5 [shape="circle" label="s5"]; + s6 [shape="circle" label="s6"]; + s7 [shape="circle" label="s7"]; + s8 [shape="circle" label="s8"]; + s0 -> s1 [label="KEXINIT / KEXINIT"]; + s0 -> s1 [label="KEX30 / KEXINIT+UNIMPL"]; + s0 -> s1 [label="NEWKEYS / KEXINIT+UNIMPL"]; + s0 -> s1 [label="SR_AUTH / KEXINIT+UNIMPL"]; + s0 -> s1 [label="SR_CONN / KEXINIT+UNIMPL"]; + s0 -> s2 [label="UA_PK_OK / KEXINIT"]; + s0 -> s2 [label="UA_PK_NOK / KEXINIT"]; + s1 -> s4 [label="KEXINIT / UNIMPL"]; + s1 -> s3 [label="KEX30 / KEX31+NEWKEYS+BUFFERED"]; + s1 -> s1 [label="NEWKEYS / UNIMPL"]; + s1 -> s1 [label="SR_AUTH / UNIMPL"]; + s1 -> s1 [label="SR_CONN / UNIMPL"]; + s1 -> s2 [label="UA_PK_OK / NO_CONN"]; + s1 -> s2 [label="UA_PK_NOK / NO_CONN"]; + s2 -> s2 [label="KEXINIT / NO_CONN"]; + s2 -> s2 [label="KEX30 / NO_CONN"]; + s2 -> s2 [label="NEWKEYS / NO_CONN"]; + s2 -> s2 [label="SR_AUTH / NO_CONN"]; + s2 -> s2 [label="SR_CONN / NO_CONN"]; + s2 -> s2 [label="UA_PK_OK / NO_CONN"]; + s2 -> s2 [label="UA_PK_NOK / NO_CONN"]; + s3 -> s3 [label="KEXINIT / UNIMPL"]; + s3 -> s3 [label="KEX30 / UNIMPL"]; + s3 -> s6 [label="NEWKEYS / NO_RESP"]; + s3 -> s3 [label="SR_AUTH / UNIMPL"]; + s3 -> s3 [label="SR_CONN / UNIMPL"]; + s3 -> s2 [label="UA_PK_OK / NO_CONN"]; + s3 -> s2 [label="UA_PK_NOK / NO_CONN"]; + s4 -> s4 [label="KEXINIT / UNIMPL"]; + s4 -> s5 [label="KEX30 / KEX31+NEWKEYS"]; + s4 -> s4 [label="NEWKEYS / UNIMPL"]; + s4 -> s4 [label="SR_AUTH / UNIMPL"]; + s4 -> s4 [label="SR_CONN / UNIMPL"]; + s4 -> s2 [label="UA_PK_OK / NO_CONN"]; + s4 -> s2 [label="UA_PK_NOK / NO_CONN"]; + s5 -> s5 [label="KEXINIT / NO_RESP"]; + s5 -> s5 [label="KEX30 / NO_RESP"]; + s5 -> s2 [label="NEWKEYS / NO_RESP"]; + s5 -> s5 [label="SR_AUTH / NO_RESP"]; + s5 -> s5 [label="SR_CONN / NO_RESP"]; + s5 -> s2 [label="UA_PK_OK / NO_CONN"]; + s5 -> s2 [label="UA_PK_NOK / NO_CONN"]; + s6 -> s6 [label="KEXINIT / UNIMPL"]; + s6 -> s6 [label="KEX30 / UNIMPL"]; + s6 -> s2 [label="NEWKEYS / UNIMPL"]; + s6 -> s7 [label="SR_AUTH / SR_ACCEPT"]; + s6 -> s2 [label="SR_CONN / DISCONNECT"]; + s6 -> s6 [label="UA_PK_OK / UNIMPL"]; + s6 -> s6 [label="UA_PK_NOK / UNIMPL"]; + s7 -> s7 [label="KEXINIT / UNIMPL"]; + s7 -> s7 [label="KEX30 / UNIMPL"]; + s7 -> s2 [label="NEWKEYS / UNIMPL"]; + s7 -> s7 [label="SR_AUTH / SR_ACCEPT"]; + s7 -> s2 [label="SR_CONN / DISCONNECT"]; + s7 -> s7 [label="UA_PK_OK / UA_FAILURE"]; + s7 -> s8 [label="UA_PK_NOK / UA_FAILURE"]; + s8 -> s8 [label="KEXINIT / UNIMPL"]; + s8 -> s8 [label="KEX30 / UNIMPL"]; + s8 -> s2 [label="NEWKEYS / UNIMPL"]; + s8 -> s8 [label="SR_AUTH / SR_ACCEPT"]; + s8 -> s2 [label="SR_CONN / DISCONNECT"]; + s8 -> s2 [label="UA_PK_OK / DISCONNECT"]; + s8 -> s8 [label="UA_PK_NOK / UA_FAILURE"]; + +__start0 [label="" shape="none" width="0" height="0"]; +__start0 -> s0; + +} diff --git a/experiments/results/servers/openssh/statistics.txt b/experiments/results/servers/openssh/statistics.txt new file mode 100644 index 0000000..8e64455 --- /dev/null +++ b/experiments/results/servers/openssh/statistics.txt @@ -0,0 +1,89 @@ +=== RUN DESCRIPTION === +Alphabet: [KEXINIT, KEX30, NEWKEYS, SR_AUTH, SR_CONN, UA_PK_OK, UA_PK_NOK] + +StateFuzzerConfig Parameters +Help: false +Debug: false +Quiet: false +Output Directory: /app/output_folder +Fuzzing Client: false + +LearnerConfig Parameters +Alphabet: /app/inputs/alphabets/servers/openssh.xml +Learning Algorithm: TTT +Equivalence Algorithms: [RANDOM_WP_METHOD] +Max Depth: 1 +Min Length: 5 +Max Length: 15 +Max Equivalence Queries: 1000 +Runs Per Membership Query: 1 +Random Length: 5 +Membership Query Retries: 3 +Log Queries: false +Prob Reset: 0.0 +Test File: null +Seed: 0 +Cache Tests: false +Ce Sanitization: true +Skip Non Det Tests: false +Ce Reruns: 3 +Probabilistic Sanitization: true +Time Limit: null +Test Limit: null +Round Limit: 3 +IOMode: true +Probability of Choosing a New DataValue: 0.1 +Max Runs: 1 +Max Depth for Register Automata: 1 +Reset Runs: true +Seed transitions: true +Draw symbols uniformly: true + +SulConfig Parameters +Fuzzing Role: client +Fuzzing Client: true +Response Wait: 100 +Input Response Timeout: null +Command: null +Terminate Command: null +Process Dir: null +Redirect Output Streams: false +Process Trigger: NEW_TEST +Start Wait: 0 + +SulServerConfigStandard Parameters +Connect to: openssh-mapper:8080 + +MapperConfig Parameters +Mapper Connection Config: null +Repeating Outputs: null +Socket Closed as Timeout: false +Disabled as Timeout: false +Merge Repeating: true + +SulAdapterConfig Parameters +Adapter Port: null +Adapter Address: localhost + +=== STATISTICS === +Learning finished: false +Reason: hypothesis construction round limit reached +Size of the input alphabet: 7 +Number of states: 9 +Number of hypotheses: 3 +Number of inputs: 868 +Number of tests: 186 +Number of learning inputs: 742 +Number of learning tests: 174 +Number of inputs up to last hypothesis: 868 +Number of tests up to last hypothesis: 186 +Time (ms) to learn model: 1834564 +Counterexamples: +CE 1:Query[ε|NEWKEYS SR_CONN NEWKEYS SR_CONN KEXINIT UA_PK_NOK NEWKEYS SR_CONN KEXINIT KEX30 SR_CONN / KEXINIT+UNIMPL UNIMPL UNIMPL UNIMPL UNIMPL NO_CONN NO_CONN NO_CONN NO_CONN NO_CONN NO_CONN] +CE 2:Query[ε|KEX30 NEWKEYS KEX30 NEWKEYS UA_PK_NOK SR_AUTH UA_PK_NOK SR_AUTH UA_PK_NOK NEWKEYS UA_PK_NOK KEXINIT / KEXINIT+UNIMPL UNIMPL KEX31+NEWKEYS+BUFFERED NO_RESP UNIMPL SR_ACCEPT UA_FAILURE SR_ACCEPT UA_FAILURE UNIMPL NO_CONN NO_CONN] +Number of inputs when hypothesis was generated: [7, 131, 868] +Number of tests when hypothesis was generated: [7, 44, 186] +Time (ms) when hypothesis was generated: [14969, 181299, 1834556] +Number of inputs when counterexample was found: [51, 213] +Number of tests when counterexample was found: [11, 52] +Time (ms) when counterexample was found: [63897, 300750] diff --git a/ssh-mapper/manualparamiko/transport.py b/ssh-mapper/manualparamiko/transport.py index b843cab..978b334 100644 --- a/ssh-mapper/manualparamiko/transport.py +++ b/ssh-mapper/manualparamiko/transport.py @@ -1940,14 +1940,14 @@ def _expect_packet(self, *ptypes): def _verify_key(self, host_key, sig): key = self._key_info[self.host_key_type](Message(host_key)) - if key is None: - raise SSHException("Unknown host key type") - if not key.verify_ssh_sig(self.H, Message(sig)): - raise SSHException( - "Signature verification ({}) failed.".format( - self.host_key_type - ) - ) # noqa + # if key is None: + # raise SSHException("Unknown host key type") + # if not key.verify_ssh_sig(self.H, Message(sig)): + # raise SSHException( + # "Signature verification ({}) failed.".format( + # self.host_key_type + # ) + # ) # noqa self.host_key = key def _compute_key(self, id, nbytes): From 898a283b4fcf6990121fa884199af6170df29af2 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Fri, 7 Mar 2025 01:32:15 +0100 Subject: [PATCH 46/54] running the containers as daemon so that we can conclude the tests once the learning is done --- .gitignore | 3 ++- experiments/scripts/start_experiment.sh | 2 +- ssh-learner/.gitignore | 1 + 3 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 ssh-learner/.gitignore diff --git a/.gitignore b/.gitignore index 8a982ce..48d1f6a 100644 --- a/.gitignore +++ b/.gitignore @@ -27,4 +27,5 @@ ssh-mapper/paramiko.egg-info/** ssh-mapper/build/** ssh-mapper/dist/** ssh-mapper/mapper/__pycache__/** -ssh-learner/target/** \ No newline at end of file +ssh-learner/target/** +__pycache__/ \ No newline at end of file diff --git a/experiments/scripts/start_experiment.sh b/experiments/scripts/start_experiment.sh index 842ed92..4d13112 100755 --- a/experiments/scripts/start_experiment.sh +++ b/experiments/scripts/start_experiment.sh @@ -31,7 +31,7 @@ if [[ "${EXPERIMENT}" == "openssh" || "${EXPERIMENT}" == "dropbear" ]]; then if [[ -f "${DOCKER_COMPOSE_DIR}/${COMPOSE_FILE}" ]]; then pushd "${DOCKER_COMPOSE_DIR}" echo "Starting experiment for ${EXPERIMENT}..." - docker compose -f "${DOCKER_COMPOSE_DIR}/${COMPOSE_FILE}" up --build + docker compose -f "${DOCKER_COMPOSE_DIR}/${COMPOSE_FILE}" up --build -d else echo "Error: ${COMPOSE_FILE} not found in ${DOCKER_COMPOSE_DIR}" exit 1 diff --git a/ssh-learner/.gitignore b/ssh-learner/.gitignore new file mode 100644 index 0000000..b83d222 --- /dev/null +++ b/ssh-learner/.gitignore @@ -0,0 +1 @@ +/target/ From 71c7869d3a67adee8d65232da6bcf2382bfd2f4a Mon Sep 17 00:00:00 2001 From: shasan101 Date: Fri, 7 Mar 2025 02:07:30 +0100 Subject: [PATCH 47/54] fixed mapped dir name for openssh --- experiments/orchestration/docker-compose-openssh.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/experiments/orchestration/docker-compose-openssh.yaml b/experiments/orchestration/docker-compose-openssh.yaml index 718c861..0f94f8c 100644 --- a/experiments/orchestration/docker-compose-openssh.yaml +++ b/experiments/orchestration/docker-compose-openssh.yaml @@ -42,7 +42,7 @@ services: - openssh-server - openssh-mapper volumes: - - ./learner_output_ssh:/app/output_folder + - ./learner_output_openssh:/app/output_folder - ../../ssh-learner/inputs/alphabets/servers/:/app/inputs/alphabets/servers/ command: ["state-fuzzer-server", "-connect", "openssh-mapper:8080", "-alphabet", "/app/inputs/alphabets/servers/openssh.xml", "-output", "/app/output_folder", "-sshMapperAddress", "openssh-mapper:8080", "-roundLimit", "3"] From 6a3578d0c8b5a5b0389889e45f16e69c6e8aadfe Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 13 Mar 2025 05:53:28 +0100 Subject: [PATCH 48/54] added separate dockerfile and docker-compose for openssh 7. updated the results and e2e tests accordingly --- .github/workflows/e2e_pr.yaml | 28 ++++-- .../docker-compose-dropbear.yaml | 12 +-- .../orchestration/docker-compose-openssh.yaml | 51 ----------- .../docker-compose-openssh7.yaml | 52 +++++++++++ .../docker-compose-openssh8.yaml | 52 +++++++++++ .../dockerfiles/Dockerfile.dropbear | 4 +- .../dockerfiles/Dockerfile.openssh7 | 16 ++++ ...Dockerfile.openssh => Dockerfile.openssh8} | 0 .../results/servers/openssh/alphabet.xml | 31 ------- .../results/servers/openssh/learnedModel.dot | 79 ---------------- .../results/servers/openssh7/alphabet.xml | 10 +++ .../{openssh => openssh7}/command.args | 7 +- .../servers/{openssh => openssh7}/error.msg | 0 .../servers/{openssh => openssh7}/hyp1.dot | 0 experiments/results/servers/openssh7/hyp2.dot | 39 ++++++++ experiments/results/servers/openssh7/hyp3.dot | 47 ++++++++++ .../results/servers/openssh7/learnedModel.dot | 47 ++++++++++ .../results/servers/openssh7/statistics.txt | 89 +++++++++++++++++++ .../results/servers/openssh8/alphabet.xml | 10 +++ .../results/servers/openssh8/command.args | 12 +++ .../results/servers/openssh8/error.msg | 21 +++++ experiments/results/servers/openssh8/hyp1.dot | 15 ++++ .../servers/{openssh => openssh8}/hyp2.dot | 0 .../servers/{openssh => openssh8}/hyp3.dot | 0 .../results/servers/openssh8/learnedModel.dot | 31 +++++++ .../{openssh => openssh8}/statistics.txt | 34 +++---- experiments/scripts/start_experiment.sh | 2 +- 27 files changed, 494 insertions(+), 195 deletions(-) delete mode 100644 experiments/orchestration/docker-compose-openssh.yaml create mode 100644 experiments/orchestration/docker-compose-openssh7.yaml create mode 100644 experiments/orchestration/docker-compose-openssh8.yaml create mode 100644 experiments/orchestration/dockerfiles/Dockerfile.openssh7 rename experiments/orchestration/dockerfiles/{Dockerfile.openssh => Dockerfile.openssh8} (100%) delete mode 100644 experiments/results/servers/openssh/alphabet.xml delete mode 100644 experiments/results/servers/openssh/learnedModel.dot create mode 100644 experiments/results/servers/openssh7/alphabet.xml rename experiments/results/servers/{openssh => openssh7}/command.args (51%) rename experiments/results/servers/{openssh => openssh7}/error.msg (100%) rename experiments/results/servers/{openssh => openssh7}/hyp1.dot (100%) create mode 100644 experiments/results/servers/openssh7/hyp2.dot create mode 100644 experiments/results/servers/openssh7/hyp3.dot create mode 100644 experiments/results/servers/openssh7/learnedModel.dot create mode 100644 experiments/results/servers/openssh7/statistics.txt create mode 100644 experiments/results/servers/openssh8/alphabet.xml create mode 100644 experiments/results/servers/openssh8/command.args create mode 100644 experiments/results/servers/openssh8/error.msg create mode 100644 experiments/results/servers/openssh8/hyp1.dot rename experiments/results/servers/{openssh => openssh8}/hyp2.dot (100%) rename experiments/results/servers/{openssh => openssh8}/hyp3.dot (100%) create mode 100644 experiments/results/servers/openssh8/learnedModel.dot rename experiments/results/servers/{openssh => openssh8}/statistics.txt (71%) diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index b2d4f42..c06de61 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -20,7 +20,7 @@ jobs: while [ "$( docker container inspect -f '{{.State.Running}}' dropbear-learner )" = "true" ]; do date; echo "still learning"; sleep 5; done experiments/scripts/diff_hyps.sh experiments/results/servers/dropbear experiments/orchestration/learner_output_dropbear 3 - ssh-mapper-openssh-server: + ssh-mapper-openssh7-server: if: ${{ !contains(github.event.head_commit.message, 'ci skip') }} runs-on: ubuntu-latest # strategy: @@ -29,11 +29,29 @@ jobs: - name: Checkout code uses: actions/checkout@v4 - - name: Start learning OpenSSH server - run: cd experiments/scripts/ && ./start_experiment.sh openssh + - name: Start learning OpenSSH7 server + run: cd experiments/scripts/ && ./start_experiment.sh openssh7 - name: Verify Result run: | # wait for the learning to be over - while [ "$( docker container inspect -f '{{.State.Running}}' openssh-learner )" = "true" ]; do date; echo "still learning"; sleep 5; done - experiments/scripts/diff_hyps.sh experiments/results/servers/openssh experiments/orchestration/learner_output_openssh 3 + while [ "$( docker container inspect -f '{{.State.Running}}' openssh-learner7 )" = "true" ]; do date; echo "still learning"; sleep 5; done + experiments/scripts/diff_hyps.sh experiments/results/servers/openssh7 experiments/orchestration/learner_output_openssh7 3 + + ssh-mapper-openssh8-server: + if: ${{ !contains(github.event.head_commit.message, 'ci skip') }} + runs-on: ubuntu-latest + # strategy: + # fail-fast: true + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Start learning OpenSSH8 server + run: cd experiments/scripts/ && ./start_experiment.sh openssh8 + + - name: Verify Result + run: | + # wait for the learning to be over + while [ "$( docker container inspect -f '{{.State.Running}}' openssh-learner7 )" = "true" ]; do date; echo "still learning"; sleep 5; done + experiments/scripts/diff_hyps.sh experiments/results/servers/openssh8 experiments/orchestration/learner_output_openssh8 3 diff --git a/experiments/orchestration/docker-compose-dropbear.yaml b/experiments/orchestration/docker-compose-dropbear.yaml index 420a434..0d923e8 100644 --- a/experiments/orchestration/docker-compose-dropbear.yaml +++ b/experiments/orchestration/docker-compose-dropbear.yaml @@ -6,12 +6,14 @@ services: context: . dockerfile: dockerfiles/Dockerfile.dropbear container_name: dropbear-ssh - # ports: - # - "2222:22" + ports: + - "2222:22" networks: - dropbear_network volumes: - - ./ssh-keys:${HOME}/.ssh/:ro + - ./ssh-keys/learner-ssh.pub:/root/.ssh/id_rsa.pub:ro + - ./ssh-keys/learner-ssh:/root/.ssh/id_rsa:ro + entrypoint: ["sh", "-c", "cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys && /usr/local/sbin/dropbear -F -E -j -k -s"] dropbear-mapper: @@ -42,8 +44,8 @@ services: - dropbear-mapper volumes: - ./learner_output_dropbear:/app/output_folder - - ../../ssh-learner/inputs/alphabets/servers/trans_auth.xml:/app/inputs/alphabets/servers/trans_auth.xml - command: ["state-fuzzer-server", "-connect", "dropbear-mapper:8080", "-alphabet", "/app/inputs/alphabets/servers/trans_auth.xml", "-output", "/app/output_folder", "-sshMapperAddress", "dropbear-mapper:8080", "-roundLimit", "3"] + - ../../ssh-learner/inputs/alphabets/servers/:/app/inputs/alphabets/servers/ + command: ["state-fuzzer-server", "-connect", "dropbear-mapper:8080", "-alphabet", "/app/inputs/alphabets/servers/trans_auth.xml", "-output", "/app/output_folder", "-sshMapperAddress", "dropbear-mapper:8080", "-roundLimit", "6", "-debug"] networks: dropbear_network: diff --git a/experiments/orchestration/docker-compose-openssh.yaml b/experiments/orchestration/docker-compose-openssh.yaml deleted file mode 100644 index 0f94f8c..0000000 --- a/experiments/orchestration/docker-compose-openssh.yaml +++ /dev/null @@ -1,51 +0,0 @@ -version: "3.8" - -services: - openssh-server: - build: - context: . - dockerfile: dockerfiles/Dockerfile.openssh - container_name: openssh-server - # ports: - # - "2222:22" - networks: - - openssh_network - volumes: - - ./ssh-keys/learner-ssh.pub:/root/.ssh/id_rsa.pub:ro - - ./ssh-keys/learner-ssh:/root/.ssh/id_rsa:ro - - - openssh-mapper: - build: - context: ../../ssh-mapper - dockerfile: Dockerfile - container_name: openssh-mapper - # ports: - # - "8080:8080" - depends_on: - - openssh-server - networks: - - openssh_network - volumes: - - ./ssh-keys/learner-ssh.pub:/root/.ssh/id_rsa.pub:ro - - ./ssh-keys/learner-ssh:/root/.ssh/id_rsa:ro - command: -l 0.0.0.0:8080 -s openssh-server:22 -c OpenSSH -f server - - openssh-learner: - build: - context: ../../ssh-learner - dockerfile: Dockerfile - container_name: openssh-learner - networks: - - openssh_network - depends_on: - - openssh-server - - openssh-mapper - volumes: - - ./learner_output_openssh:/app/output_folder - - ../../ssh-learner/inputs/alphabets/servers/:/app/inputs/alphabets/servers/ - command: ["state-fuzzer-server", "-connect", "openssh-mapper:8080", "-alphabet", "/app/inputs/alphabets/servers/openssh.xml", "-output", "/app/output_folder", "-sshMapperAddress", "openssh-mapper:8080", "-roundLimit", "3"] - -networks: - openssh_network: - driver: bridge diff --git a/experiments/orchestration/docker-compose-openssh7.yaml b/experiments/orchestration/docker-compose-openssh7.yaml new file mode 100644 index 0000000..5ea4ff6 --- /dev/null +++ b/experiments/orchestration/docker-compose-openssh7.yaml @@ -0,0 +1,52 @@ +version: "3.8" + +services: + openssh-server7: + build: + context: . + dockerfile: dockerfiles/Dockerfile.openssh7 + container_name: openssh-server7 + # ports: + # - "2222:22" + networks: + - openssh_network7 + volumes: + - ./ssh-keys/learner-ssh.pub:/root/.ssh/id_rsa.pub:ro + - ./ssh-keys/learner-ssh:/root/.ssh/id_rsa:ro + entrypoint: ["sh", "-c", "cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys && /usr/sbin/sshd -D -e"] + + + openssh-mapper7: + build: + context: ../../ssh-mapper + dockerfile: Dockerfile + container_name: openssh-mapper7 + # ports: + # - "8080:8080" + depends_on: + - openssh-server7 + networks: + - openssh_network7 + volumes: + - ./ssh-keys/learner-ssh.pub:/root/.ssh/id_rsa.pub:ro + - ./ssh-keys/learner-ssh:/root/.ssh/id_rsa:ro + command: -l 0.0.0.0:8080 -s openssh-server7:22 -c OpenSSH -f server + + openssh-learner7: + build: + context: ../../ssh-learner + dockerfile: Dockerfile + container_name: openssh-learner7 + networks: + - openssh_network7 + depends_on: + - openssh-server7 + - openssh-mapper7 + volumes: + - ./learner_output_openssh7:/app/output_folder + - ../../ssh-learner/inputs/alphabets/servers/:/app/inputs/alphabets/servers/ + command: ["state-fuzzer-server", "-connect", "openssh-mapper7:8080", "-alphabet", "/app/inputs/alphabets/servers/trans_auth.xml", "-output", "/app/output_folder", "-sshMapperAddress", "openssh-mapper7:8080","-debug", "-roundLimit", "3"] + +networks: + openssh_network7: + driver: bridge diff --git a/experiments/orchestration/docker-compose-openssh8.yaml b/experiments/orchestration/docker-compose-openssh8.yaml new file mode 100644 index 0000000..598dcac --- /dev/null +++ b/experiments/orchestration/docker-compose-openssh8.yaml @@ -0,0 +1,52 @@ +version: "3.8" + +services: + openssh-server8: + build: + context: . + dockerfile: dockerfiles/Dockerfile.openssh8 + container_name: openssh-server8 + # ports: + # - "2222:22" + networks: + - openssh_network8 + volumes: + - ./ssh-keys/learner-ssh.pub:/root/.ssh/id_rsa.pub:ro + - ./ssh-keys/learner-ssh:/root/.ssh/id_rsa:ro + entrypoint: ["sh", "-c", "cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys && /usr/sbin/sshd -D -e"] + + + openssh-mapper8: + build: + context: ../../ssh-mapper + dockerfile: Dockerfile + container_name: openssh-mapper8 + # ports: + # - "8080:8080" + depends_on: + - openssh-server8 + networks: + - openssh_network8 + volumes: + - ./ssh-keys/learner-ssh.pub:/root/.ssh/id_rsa.pub:ro + - ./ssh-keys/learner-ssh:/root/.ssh/id_rsa:ro + command: -l 0.0.0.0:8080 -s openssh-server8:22 -c OpenSSH -f server + + openssh-learner8: + build: + context: ../../ssh-learner + dockerfile: Dockerfile + container_name: openssh-learner8 + networks: + - openssh_network8 + depends_on: + - openssh-server8 + - openssh-mapper8 + volumes: + - ./learner_output_openssh8:/app/output_folder + - ../../ssh-learner/inputs/alphabets/servers/:/app/inputs/alphabets/servers/ + command: ["state-fuzzer-server", "-connect", "openssh-mapper8:8080", "-alphabet", "/app/inputs/alphabets/servers/trans_auth.xml", "-output", "/app/output_folder", "-sshMapperAddress", "openssh-mapper8:8080","-debug", "-roundLimit", "3"] + +networks: + openssh_network8: + driver: bridge diff --git a/experiments/orchestration/dockerfiles/Dockerfile.dropbear b/experiments/orchestration/dockerfiles/Dockerfile.dropbear index 4b866a3..3d6422c 100644 --- a/experiments/orchestration/dockerfiles/Dockerfile.dropbear +++ b/experiments/orchestration/dockerfiles/Dockerfile.dropbear @@ -42,9 +42,7 @@ RUN dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key && \ # Set Dropbear server to run on port 22 (override in `docker run -p`) EXPOSE 22 -COPY ssh-keys/learner-ssh.pub . - -RUN mkdir ~/.ssh; cat learner-ssh.pub >> ~/.ssh/authorized_keys +RUN mkdir ~/.ssh; chmod 700 ~/.ssh # Command to run Dropbear SSH server CMD ["/usr/local/sbin/dropbear", "-F", "-E", "-j", "-k", "-s"] diff --git a/experiments/orchestration/dockerfiles/Dockerfile.openssh7 b/experiments/orchestration/dockerfiles/Dockerfile.openssh7 new file mode 100644 index 0000000..97ee2b0 --- /dev/null +++ b/experiments/orchestration/dockerfiles/Dockerfile.openssh7 @@ -0,0 +1,16 @@ +FROM ubuntu:bionic + +USER root + +RUN apt-get update && apt-get install -y systemd openssh-server sudo vim + +RUN mkdir /run/sshd + +RUN echo "LogLevel DEBUG3" >> /etc/ssh/sshd_config + +RUN echo "KexAlgorithms +curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config && \ + echo "PubkeyAcceptedKeyTypes=+ssh-rsa" >> /etc/ssh/sshd_config + +RUN systemctl enable ssh + +CMD ["/usr/sbin/sshd", "-D", "-e"] diff --git a/experiments/orchestration/dockerfiles/Dockerfile.openssh b/experiments/orchestration/dockerfiles/Dockerfile.openssh8 similarity index 100% rename from experiments/orchestration/dockerfiles/Dockerfile.openssh rename to experiments/orchestration/dockerfiles/Dockerfile.openssh8 diff --git a/experiments/results/servers/openssh/alphabet.xml b/experiments/results/servers/openssh/alphabet.xml deleted file mode 100644 index b5cd67c..0000000 --- a/experiments/results/servers/openssh/alphabet.xml +++ /dev/null @@ -1,31 +0,0 @@ - - - - - - - - - - - - \ No newline at end of file diff --git a/experiments/results/servers/openssh/learnedModel.dot b/experiments/results/servers/openssh/learnedModel.dot deleted file mode 100644 index 732715e..0000000 --- a/experiments/results/servers/openssh/learnedModel.dot +++ /dev/null @@ -1,79 +0,0 @@ -digraph g { - - s0 [shape="circle" label="s0"]; - s1 [shape="circle" label="s1"]; - s2 [shape="circle" label="s2"]; - s3 [shape="circle" label="s3"]; - s4 [shape="circle" label="s4"]; - s5 [shape="circle" label="s5"]; - s6 [shape="circle" label="s6"]; - s7 [shape="circle" label="s7"]; - s8 [shape="circle" label="s8"]; - s0 -> s1 [label="KEXINIT / KEXINIT"]; - s0 -> s1 [label="KEX30 / KEXINIT+UNIMPL"]; - s0 -> s1 [label="NEWKEYS / KEXINIT+UNIMPL"]; - s0 -> s1 [label="SR_AUTH / KEXINIT+UNIMPL"]; - s0 -> s1 [label="SR_CONN / KEXINIT+UNIMPL"]; - s0 -> s2 [label="UA_PK_OK / KEXINIT"]; - s0 -> s2 [label="UA_PK_NOK / KEXINIT"]; - s1 -> s4 [label="KEXINIT / UNIMPL"]; - s1 -> s3 [label="KEX30 / KEX31+NEWKEYS+BUFFERED"]; - s1 -> s1 [label="NEWKEYS / UNIMPL"]; - s1 -> s1 [label="SR_AUTH / UNIMPL"]; - s1 -> s1 [label="SR_CONN / UNIMPL"]; - s1 -> s2 [label="UA_PK_OK / NO_CONN"]; - s1 -> s2 [label="UA_PK_NOK / NO_CONN"]; - s2 -> s2 [label="KEXINIT / NO_CONN"]; - s2 -> s2 [label="KEX30 / NO_CONN"]; - s2 -> s2 [label="NEWKEYS / NO_CONN"]; - s2 -> s2 [label="SR_AUTH / NO_CONN"]; - s2 -> s2 [label="SR_CONN / NO_CONN"]; - s2 -> s2 [label="UA_PK_OK / NO_CONN"]; - s2 -> s2 [label="UA_PK_NOK / NO_CONN"]; - s3 -> s3 [label="KEXINIT / UNIMPL"]; - s3 -> s3 [label="KEX30 / UNIMPL"]; - s3 -> s6 [label="NEWKEYS / NO_RESP"]; - s3 -> s3 [label="SR_AUTH / UNIMPL"]; - s3 -> s3 [label="SR_CONN / UNIMPL"]; - s3 -> s2 [label="UA_PK_OK / NO_CONN"]; - s3 -> s2 [label="UA_PK_NOK / NO_CONN"]; - s4 -> s4 [label="KEXINIT / UNIMPL"]; - s4 -> s5 [label="KEX30 / KEX31+NEWKEYS"]; - s4 -> s4 [label="NEWKEYS / UNIMPL"]; - s4 -> s4 [label="SR_AUTH / UNIMPL"]; - s4 -> s4 [label="SR_CONN / UNIMPL"]; - s4 -> s2 [label="UA_PK_OK / NO_CONN"]; - s4 -> s2 [label="UA_PK_NOK / NO_CONN"]; - s5 -> s5 [label="KEXINIT / NO_RESP"]; - s5 -> s5 [label="KEX30 / NO_RESP"]; - s5 -> s2 [label="NEWKEYS / NO_RESP"]; - s5 -> s5 [label="SR_AUTH / NO_RESP"]; - s5 -> s5 [label="SR_CONN / NO_RESP"]; - s5 -> s2 [label="UA_PK_OK / NO_CONN"]; - s5 -> s2 [label="UA_PK_NOK / NO_CONN"]; - s6 -> s6 [label="KEXINIT / UNIMPL"]; - s6 -> s6 [label="KEX30 / UNIMPL"]; - s6 -> s2 [label="NEWKEYS / UNIMPL"]; - s6 -> s7 [label="SR_AUTH / SR_ACCEPT"]; - s6 -> s2 [label="SR_CONN / DISCONNECT"]; - s6 -> s6 [label="UA_PK_OK / UNIMPL"]; - s6 -> s6 [label="UA_PK_NOK / UNIMPL"]; - s7 -> s7 [label="KEXINIT / UNIMPL"]; - s7 -> s7 [label="KEX30 / UNIMPL"]; - s7 -> s2 [label="NEWKEYS / UNIMPL"]; - s7 -> s7 [label="SR_AUTH / SR_ACCEPT"]; - s7 -> s2 [label="SR_CONN / DISCONNECT"]; - s7 -> s7 [label="UA_PK_OK / UA_FAILURE"]; - s7 -> s8 [label="UA_PK_NOK / UA_FAILURE"]; - s8 -> s8 [label="KEXINIT / UNIMPL"]; - s8 -> s8 [label="KEX30 / UNIMPL"]; - s8 -> s2 [label="NEWKEYS / UNIMPL"]; - s8 -> s8 [label="SR_AUTH / SR_ACCEPT"]; - s8 -> s2 [label="SR_CONN / DISCONNECT"]; - s8 -> s2 [label="UA_PK_OK / DISCONNECT"]; - s8 -> s8 [label="UA_PK_NOK / UA_FAILURE"]; - -__start0 [label="" shape="none" width="0" height="0"]; -__start0 -> s0; - -} diff --git a/experiments/results/servers/openssh7/alphabet.xml b/experiments/results/servers/openssh7/alphabet.xml new file mode 100644 index 0000000..92ea4e1 --- /dev/null +++ b/experiments/results/servers/openssh7/alphabet.xml @@ -0,0 +1,10 @@ + + + + + + + + + + \ No newline at end of file diff --git a/experiments/results/servers/openssh/command.args b/experiments/results/servers/openssh7/command.args similarity index 51% rename from experiments/results/servers/openssh/command.args rename to experiments/results/servers/openssh7/command.args index e231fe9..f280f2f 100644 --- a/experiments/results/servers/openssh/command.args +++ b/experiments/results/servers/openssh7/command.args @@ -1,11 +1,12 @@ state-fuzzer-server -connect -openssh-mapper:8080 +openssh-mapper7:8080 -alphabet -/app/inputs/alphabets/servers/openssh.xml +/app/inputs/alphabets/servers/trans_auth.xml -output /app/output_folder -sshMapperAddress -openssh-mapper:8080 +openssh-mapper7:8080 +-debug -roundLimit 3 diff --git a/experiments/results/servers/openssh/error.msg b/experiments/results/servers/openssh7/error.msg similarity index 100% rename from experiments/results/servers/openssh/error.msg rename to experiments/results/servers/openssh7/error.msg diff --git a/experiments/results/servers/openssh/hyp1.dot b/experiments/results/servers/openssh7/hyp1.dot similarity index 100% rename from experiments/results/servers/openssh/hyp1.dot rename to experiments/results/servers/openssh7/hyp1.dot diff --git a/experiments/results/servers/openssh7/hyp2.dot b/experiments/results/servers/openssh7/hyp2.dot new file mode 100644 index 0000000..cfb4db3 --- /dev/null +++ b/experiments/results/servers/openssh7/hyp2.dot @@ -0,0 +1,39 @@ +digraph g { + + s0 [shape="circle" label="s0"]; + s1 [shape="circle" label="s1"]; + s2 [shape="circle" label="s2"]; + s3 [shape="circle" label="s3"]; + s0 -> s1 [label="KEXINIT / KEXINIT"]; + s0 -> s1 [label="KEX30 / KEXINIT+UNIMPL"]; + s0 -> s1 [label="NEWKEYS / KEXINIT+UNIMPL"]; + s0 -> s1 [label="SR_AUTH / KEXINIT+UNIMPL"]; + s0 -> s1 [label="SR_CONN / KEXINIT+UNIMPL"]; + s0 -> s3 [label="UA_PK_OK / KEXINIT"]; + s0 -> s3 [label="UA_PK_NOK / KEXINIT"]; + s1 -> s3 [label="KEXINIT / NO_CONN"]; + s1 -> s2 [label="KEX30 / KEX31+NEWKEYS+BUFFERED"]; + s1 -> s1 [label="NEWKEYS / UNIMPL"]; + s1 -> s1 [label="SR_AUTH / UNIMPL"]; + s1 -> s1 [label="SR_CONN / UNIMPL"]; + s1 -> s3 [label="UA_PK_OK / NO_CONN"]; + s1 -> s3 [label="UA_PK_NOK / NO_CONN"]; + s2 -> s2 [label="KEXINIT / UNIMPL"]; + s2 -> s2 [label="KEX30 / UNIMPL"]; + s2 -> s2 [label="NEWKEYS / NO_RESP"]; + s2 -> s2 [label="SR_AUTH / UNIMPL"]; + s2 -> s2 [label="SR_CONN / UNIMPL"]; + s2 -> s3 [label="UA_PK_OK / NO_CONN"]; + s2 -> s3 [label="UA_PK_NOK / NO_CONN"]; + s3 -> s3 [label="KEXINIT / NO_CONN"]; + s3 -> s3 [label="KEX30 / NO_CONN"]; + s3 -> s3 [label="NEWKEYS / NO_CONN"]; + s3 -> s3 [label="SR_AUTH / NO_CONN"]; + s3 -> s3 [label="SR_CONN / NO_CONN"]; + s3 -> s3 [label="UA_PK_OK / NO_CONN"]; + s3 -> s3 [label="UA_PK_NOK / NO_CONN"]; + +__start0 [label="" shape="none" width="0" height="0"]; +__start0 -> s0; + +} diff --git a/experiments/results/servers/openssh7/hyp3.dot b/experiments/results/servers/openssh7/hyp3.dot new file mode 100644 index 0000000..942e677 --- /dev/null +++ b/experiments/results/servers/openssh7/hyp3.dot @@ -0,0 +1,47 @@ +digraph g { + + s0 [shape="circle" label="s0"]; + s1 [shape="circle" label="s1"]; + s2 [shape="circle" label="s2"]; + s3 [shape="circle" label="s3"]; + s4 [shape="circle" label="s4"]; + s0 -> s1 [label="KEXINIT / KEXINIT"]; + s0 -> s1 [label="KEX30 / KEXINIT+UNIMPL"]; + s0 -> s1 [label="NEWKEYS / KEXINIT+UNIMPL"]; + s0 -> s1 [label="SR_AUTH / KEXINIT+UNIMPL"]; + s0 -> s1 [label="SR_CONN / KEXINIT+UNIMPL"]; + s0 -> s3 [label="UA_PK_OK / KEXINIT"]; + s0 -> s3 [label="UA_PK_NOK / KEXINIT"]; + s1 -> s3 [label="KEXINIT / NO_CONN"]; + s1 -> s2 [label="KEX30 / KEX31+NEWKEYS+BUFFERED"]; + s1 -> s1 [label="NEWKEYS / UNIMPL"]; + s1 -> s1 [label="SR_AUTH / UNIMPL"]; + s1 -> s1 [label="SR_CONN / UNIMPL"]; + s1 -> s3 [label="UA_PK_OK / NO_CONN"]; + s1 -> s3 [label="UA_PK_NOK / NO_CONN"]; + s2 -> s2 [label="KEXINIT / UNIMPL"]; + s2 -> s2 [label="KEX30 / UNIMPL"]; + s2 -> s4 [label="NEWKEYS / NO_RESP"]; + s2 -> s2 [label="SR_AUTH / UNIMPL"]; + s2 -> s2 [label="SR_CONN / UNIMPL"]; + s2 -> s3 [label="UA_PK_OK / NO_CONN"]; + s2 -> s3 [label="UA_PK_NOK / NO_CONN"]; + s3 -> s3 [label="KEXINIT / NO_CONN"]; + s3 -> s3 [label="KEX30 / NO_CONN"]; + s3 -> s3 [label="NEWKEYS / NO_CONN"]; + s3 -> s3 [label="SR_AUTH / NO_CONN"]; + s3 -> s3 [label="SR_CONN / NO_CONN"]; + s3 -> s3 [label="UA_PK_OK / NO_CONN"]; + s3 -> s3 [label="UA_PK_NOK / NO_CONN"]; + s4 -> s4 [label="KEXINIT / UNIMPL"]; + s4 -> s4 [label="KEX30 / UNIMPL"]; + s4 -> s3 [label="NEWKEYS / UNIMPL"]; + s4 -> s4 [label="SR_AUTH / SR_ACCEPT"]; + s4 -> s3 [label="SR_CONN / DISCONNECT"]; + s4 -> s4 [label="UA_PK_OK / UNIMPL"]; + s4 -> s4 [label="UA_PK_NOK / UNIMPL"]; + +__start0 [label="" shape="none" width="0" height="0"]; +__start0 -> s0; + +} diff --git a/experiments/results/servers/openssh7/learnedModel.dot b/experiments/results/servers/openssh7/learnedModel.dot new file mode 100644 index 0000000..942e677 --- /dev/null +++ b/experiments/results/servers/openssh7/learnedModel.dot @@ -0,0 +1,47 @@ +digraph g { + + s0 [shape="circle" label="s0"]; + s1 [shape="circle" label="s1"]; + s2 [shape="circle" label="s2"]; + s3 [shape="circle" label="s3"]; + s4 [shape="circle" label="s4"]; + s0 -> s1 [label="KEXINIT / KEXINIT"]; + s0 -> s1 [label="KEX30 / KEXINIT+UNIMPL"]; + s0 -> s1 [label="NEWKEYS / KEXINIT+UNIMPL"]; + s0 -> s1 [label="SR_AUTH / KEXINIT+UNIMPL"]; + s0 -> s1 [label="SR_CONN / KEXINIT+UNIMPL"]; + s0 -> s3 [label="UA_PK_OK / KEXINIT"]; + s0 -> s3 [label="UA_PK_NOK / KEXINIT"]; + s1 -> s3 [label="KEXINIT / NO_CONN"]; + s1 -> s2 [label="KEX30 / KEX31+NEWKEYS+BUFFERED"]; + s1 -> s1 [label="NEWKEYS / UNIMPL"]; + s1 -> s1 [label="SR_AUTH / UNIMPL"]; + s1 -> s1 [label="SR_CONN / UNIMPL"]; + s1 -> s3 [label="UA_PK_OK / NO_CONN"]; + s1 -> s3 [label="UA_PK_NOK / NO_CONN"]; + s2 -> s2 [label="KEXINIT / UNIMPL"]; + s2 -> s2 [label="KEX30 / UNIMPL"]; + s2 -> s4 [label="NEWKEYS / NO_RESP"]; + s2 -> s2 [label="SR_AUTH / UNIMPL"]; + s2 -> s2 [label="SR_CONN / UNIMPL"]; + s2 -> s3 [label="UA_PK_OK / NO_CONN"]; + s2 -> s3 [label="UA_PK_NOK / NO_CONN"]; + s3 -> s3 [label="KEXINIT / NO_CONN"]; + s3 -> s3 [label="KEX30 / NO_CONN"]; + s3 -> s3 [label="NEWKEYS / NO_CONN"]; + s3 -> s3 [label="SR_AUTH / NO_CONN"]; + s3 -> s3 [label="SR_CONN / NO_CONN"]; + s3 -> s3 [label="UA_PK_OK / NO_CONN"]; + s3 -> s3 [label="UA_PK_NOK / NO_CONN"]; + s4 -> s4 [label="KEXINIT / UNIMPL"]; + s4 -> s4 [label="KEX30 / UNIMPL"]; + s4 -> s3 [label="NEWKEYS / UNIMPL"]; + s4 -> s4 [label="SR_AUTH / SR_ACCEPT"]; + s4 -> s3 [label="SR_CONN / DISCONNECT"]; + s4 -> s4 [label="UA_PK_OK / UNIMPL"]; + s4 -> s4 [label="UA_PK_NOK / UNIMPL"]; + +__start0 [label="" shape="none" width="0" height="0"]; +__start0 -> s0; + +} diff --git a/experiments/results/servers/openssh7/statistics.txt b/experiments/results/servers/openssh7/statistics.txt new file mode 100644 index 0000000..a3c07be --- /dev/null +++ b/experiments/results/servers/openssh7/statistics.txt @@ -0,0 +1,89 @@ +=== RUN DESCRIPTION === +Alphabet: [KEXINIT, KEX30, NEWKEYS, SR_AUTH, SR_CONN, UA_PK_OK, UA_PK_NOK] + +StateFuzzerConfig Parameters +Help: false +Debug: true +Quiet: false +Output Directory: /app/output_folder +Fuzzing Client: false + +LearnerConfig Parameters +Alphabet: /app/inputs/alphabets/servers/trans_auth.xml +Learning Algorithm: TTT +Equivalence Algorithms: [RANDOM_WP_METHOD] +Max Depth: 1 +Min Length: 5 +Max Length: 15 +Max Equivalence Queries: 1000 +Runs Per Membership Query: 1 +Random Length: 5 +Membership Query Retries: 3 +Log Queries: false +Prob Reset: 0.0 +Test File: null +Seed: 0 +Cache Tests: false +Ce Sanitization: true +Skip Non Det Tests: false +Ce Reruns: 3 +Probabilistic Sanitization: true +Time Limit: null +Test Limit: null +Round Limit: 3 +IOMode: true +Probability of Choosing a New DataValue: 0.1 +Max Runs: 1 +Max Depth for Register Automata: 1 +Reset Runs: true +Seed transitions: true +Draw symbols uniformly: true + +SulConfig Parameters +Fuzzing Role: client +Fuzzing Client: true +Response Wait: 100 +Input Response Timeout: null +Command: null +Terminate Command: null +Process Dir: null +Redirect Output Streams: false +Process Trigger: NEW_TEST +Start Wait: 0 + +SulServerConfigStandard Parameters +Connect to: openssh-mapper7:8080 + +MapperConfig Parameters +Mapper Connection Config: null +Repeating Outputs: null +Socket Closed as Timeout: false +Disabled as Timeout: false +Merge Repeating: true + +SulAdapterConfig Parameters +Adapter Port: null +Adapter Address: localhost + +=== STATISTICS === +Learning finished: false +Reason: hypothesis construction round limit reached +Size of the input alphabet: 7 +Number of states: 5 +Number of hypotheses: 3 +Number of inputs: 412 +Number of tests: 107 +Number of learning inputs: 328 +Number of learning tests: 99 +Number of inputs up to last hypothesis: 412 +Number of tests up to last hypothesis: 107 +Time (ms) to learn model: 706559 +Counterexamples: +CE 1:Query[ε|NEWKEYS SR_CONN NEWKEYS SR_CONN KEXINIT UA_PK_NOK NEWKEYS SR_CONN KEXINIT KEX30 SR_CONN / KEXINIT+UNIMPL UNIMPL UNIMPL UNIMPL NO_CONN NO_CONN NO_CONN NO_CONN NO_CONN NO_CONN NO_CONN] +CE 2:Query[ε|KEXINIT KEX30 NEWKEYS SR_CONN KEXINIT SR_AUTH KEXINIT KEX30 SR_CONN KEXINIT / KEXINIT KEX31+NEWKEYS+BUFFERED NO_RESP DISCONNECT NO_CONN NO_CONN NO_CONN NO_CONN NO_CONN NO_CONN] +Number of inputs when hypothesis was generated: [7, 262, 412] +Number of tests when hypothesis was generated: [7, 79, 107] +Time (ms) when hypothesis was generated: [15107, 392539, 706550] +Number of inputs when counterexample was found: [51, 302] +Number of tests when counterexample was found: [11, 83] +Time (ms) when counterexample was found: [57282, 436913] diff --git a/experiments/results/servers/openssh8/alphabet.xml b/experiments/results/servers/openssh8/alphabet.xml new file mode 100644 index 0000000..92ea4e1 --- /dev/null +++ b/experiments/results/servers/openssh8/alphabet.xml @@ -0,0 +1,10 @@ + + + + + + + + + + \ No newline at end of file diff --git a/experiments/results/servers/openssh8/command.args b/experiments/results/servers/openssh8/command.args new file mode 100644 index 0000000..b176dfe --- /dev/null +++ b/experiments/results/servers/openssh8/command.args @@ -0,0 +1,12 @@ +state-fuzzer-server +-connect +openssh-mapper8:8080 +-alphabet +/app/inputs/alphabets/servers/trans_auth.xml +-output +/app/output_folder +-sshMapperAddress +openssh-mapper8:8080 +-debug +-roundLimit +3 diff --git a/experiments/results/servers/openssh8/error.msg b/experiments/results/servers/openssh8/error.msg new file mode 100644 index 0000000..042f5fe --- /dev/null +++ b/experiments/results/servers/openssh8/error.msg @@ -0,0 +1,21 @@ +Cannot invoke "String.hashCode()" because the return value of "com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.abstractsymbols.AbstractOutput.getName()" is null +java.lang.NullPointerException: Cannot invoke "String.hashCode()" because the return value of "com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.abstractsymbols.AbstractOutput.getName()" is null + at com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.abstractsymbols.AbstractOutput.hashCode(AbstractOutput.java:218) + at net.automatalib.word.Word.hashCode(Word.java:242) + at java.base/java.util.HashMap.hash(HashMap.java:338) + at java.base/java.util.HashMap.computeIfAbsent(HashMap.java:1191) + at de.learnlib.datastructure.discriminationtree.SplitData.getIncoming(SplitData.java:110) + at de.learnlib.algorithm.ttt.base.AbstractTTTLearner.prepareSplit(AbstractTTTLearner.java:624) + at de.learnlib.algorithm.ttt.base.AbstractTTTLearner.finalizeDiscriminator(AbstractTTTLearner.java:554) + at de.learnlib.algorithm.ttt.base.AbstractTTTLearner.finalizeAny(AbstractTTTLearner.java:305) + at de.learnlib.algorithm.ttt.base.AbstractTTTLearner.refineHypothesisSingle(AbstractTTTLearner.java:215) + at de.learnlib.algorithm.ttt.mealy.TTTLearnerMealy.refineHypothesisSingle(TTTLearnerMealy.java:67) + at de.learnlib.algorithm.ttt.base.AbstractTTTLearner.refineHypothesis(AbstractTTTLearner.java:163) + at com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.core.StateFuzzerStandard.inferStateMachine(StateFuzzerStandard.java:164) + at com.github.protocolfuzzing.protocolstatefuzzer.statefuzzer.core.StateFuzzerStandard.startFuzzing(StateFuzzerStandard.java:84) + at com.github.protocolfuzzing.protocolstatefuzzer.entrypoints.CommandLineParser.executeCommand(CommandLineParser.java:355) + at com.github.protocolfuzzing.protocolstatefuzzer.entrypoints.CommandLineParser.parseAndExecuteCommand(CommandLineParser.java:226) + at com.github.protocolfuzzing.protocolstatefuzzer.entrypoints.CommandLineParser.parse(CommandLineParser.java:168) + at com.github.protocolfuzzing.protocolstatefuzzer.entrypoints.CommandLineParser.parse(CommandLineParser.java:212) + at learner.Main.runMealyLearner(Main.java:32) + at learner.Main.main(Main.java:21) diff --git a/experiments/results/servers/openssh8/hyp1.dot b/experiments/results/servers/openssh8/hyp1.dot new file mode 100644 index 0000000..99bfa7f --- /dev/null +++ b/experiments/results/servers/openssh8/hyp1.dot @@ -0,0 +1,15 @@ +digraph g { + + s0 [shape="circle" label="s0"]; + s0 -> s0 [label="KEXINIT / KEXINIT"]; + s0 -> s0 [label="KEX30 / KEXINIT+UNIMPL"]; + s0 -> s0 [label="NEWKEYS / KEXINIT+UNIMPL"]; + s0 -> s0 [label="SR_AUTH / KEXINIT+UNIMPL"]; + s0 -> s0 [label="SR_CONN / KEXINIT+UNIMPL"]; + s0 -> s0 [label="UA_PK_OK / KEXINIT"]; + s0 -> s0 [label="UA_PK_NOK / KEXINIT"]; + +__start0 [label="" shape="none" width="0" height="0"]; +__start0 -> s0; + +} diff --git a/experiments/results/servers/openssh/hyp2.dot b/experiments/results/servers/openssh8/hyp2.dot similarity index 100% rename from experiments/results/servers/openssh/hyp2.dot rename to experiments/results/servers/openssh8/hyp2.dot diff --git a/experiments/results/servers/openssh/hyp3.dot b/experiments/results/servers/openssh8/hyp3.dot similarity index 100% rename from experiments/results/servers/openssh/hyp3.dot rename to experiments/results/servers/openssh8/hyp3.dot diff --git a/experiments/results/servers/openssh8/learnedModel.dot b/experiments/results/servers/openssh8/learnedModel.dot new file mode 100644 index 0000000..8c77c41 --- /dev/null +++ b/experiments/results/servers/openssh8/learnedModel.dot @@ -0,0 +1,31 @@ +digraph g { + + s0 [shape="circle" label="0"]; + s1 [shape="circle" label="1"]; + s2 [shape="circle" label="2"]; + s0 -> s1 [label="KEXINIT / KEXINIT"]; + s0 -> s1 [label="KEX30 / KEXINIT+UNIMPL"]; + s0 -> s1 [label="NEWKEYS / KEXINIT+UNIMPL"]; + s0 -> s1 [label="SR_AUTH / KEXINIT+UNIMPL"]; + s0 -> s1 [label="SR_CONN / KEXINIT+UNIMPL"]; + s0 -> s2 [label="UA_PK_OK / KEXINIT"]; + s0 -> s2 [label="UA_PK_NOK / KEXINIT"]; + s1 -> s1 [label="KEXINIT / UNIMPL"]; + s1 -> s1 [label="KEX30 / KEX31+NEWKEYS+BUFFERED"]; + s1 -> s1 [label="NEWKEYS / UNIMPL"]; + s1 -> s1 [label="SR_AUTH / UNIMPL"]; + s1 -> s1 [label="SR_CONN / UNIMPL"]; + s1 -> s2 [label="UA_PK_OK / NO_CONN"]; + s1 -> s2 [label="UA_PK_NOK / NO_CONN"]; + s2 -> s2 [label="KEXINIT / NO_CONN"]; + s2 -> s2 [label="KEX30 / NO_CONN"]; + s2 -> s2 [label="NEWKEYS / NO_CONN"]; + s2 -> s2 [label="SR_AUTH / NO_CONN"]; + s2 -> s2 [label="SR_CONN / NO_CONN"]; + s2 -> s2 [label="UA_PK_OK / NO_CONN"]; + s2 -> s2 [label="UA_PK_NOK / NO_CONN"]; + +__start0 [label="" shape="none" width="0" height="0"]; +__start0 -> s0; + +} diff --git a/experiments/results/servers/openssh/statistics.txt b/experiments/results/servers/openssh8/statistics.txt similarity index 71% rename from experiments/results/servers/openssh/statistics.txt rename to experiments/results/servers/openssh8/statistics.txt index 8e64455..7f32be3 100644 --- a/experiments/results/servers/openssh/statistics.txt +++ b/experiments/results/servers/openssh8/statistics.txt @@ -3,13 +3,13 @@ Alphabet: [KEXINIT, KEX30, NEWKEYS, SR_AUTH, SR_CONN, UA_PK_OK, UA_PK_NOK] StateFuzzerConfig Parameters Help: false -Debug: false +Debug: true Quiet: false Output Directory: /app/output_folder Fuzzing Client: false LearnerConfig Parameters -Alphabet: /app/inputs/alphabets/servers/openssh.xml +Alphabet: /app/inputs/alphabets/servers/trans_auth.xml Learning Algorithm: TTT Equivalence Algorithms: [RANDOM_WP_METHOD] Max Depth: 1 @@ -52,7 +52,7 @@ Process Trigger: NEW_TEST Start Wait: 0 SulServerConfigStandard Parameters -Connect to: openssh-mapper:8080 +Connect to: openssh-mapper8:8080 MapperConfig Parameters Mapper Connection Config: null @@ -67,23 +67,23 @@ Adapter Address: localhost === STATISTICS === Learning finished: false -Reason: hypothesis construction round limit reached +Reason: Cannot invoke "String.hashCode()" because the return value of "com.github.protocolfuzzing.protocolstatefuzzer.components.sul.mapper.abstractsymbols.AbstractOutput.getName()" is null Size of the input alphabet: 7 -Number of states: 9 -Number of hypotheses: 3 -Number of inputs: 868 -Number of tests: 186 -Number of learning inputs: 742 -Number of learning tests: 174 -Number of inputs up to last hypothesis: 868 -Number of tests up to last hypothesis: 186 -Time (ms) to learn model: 1834564 +Number of states: 3 +Number of hypotheses: 2 +Number of inputs: 300 +Number of tests: 78 +Number of learning inputs: 87 +Number of learning tests: 40 +Number of inputs up to last hypothesis: 131 +Number of tests up to last hypothesis: 44 +Time (ms) to learn model: 528199 Counterexamples: CE 1:Query[ε|NEWKEYS SR_CONN NEWKEYS SR_CONN KEXINIT UA_PK_NOK NEWKEYS SR_CONN KEXINIT KEX30 SR_CONN / KEXINIT+UNIMPL UNIMPL UNIMPL UNIMPL UNIMPL NO_CONN NO_CONN NO_CONN NO_CONN NO_CONN NO_CONN] CE 2:Query[ε|KEX30 NEWKEYS KEX30 NEWKEYS UA_PK_NOK SR_AUTH UA_PK_NOK SR_AUTH UA_PK_NOK NEWKEYS UA_PK_NOK KEXINIT / KEXINIT+UNIMPL UNIMPL KEX31+NEWKEYS+BUFFERED NO_RESP UNIMPL SR_ACCEPT UA_FAILURE SR_ACCEPT UA_FAILURE UNIMPL NO_CONN NO_CONN] -Number of inputs when hypothesis was generated: [7, 131, 868] -Number of tests when hypothesis was generated: [7, 44, 186] -Time (ms) when hypothesis was generated: [14969, 181299, 1834556] +Number of inputs when hypothesis was generated: [7, 131] +Number of tests when hypothesis was generated: [7, 44] +Time (ms) when hypothesis was generated: [15171, 184755] Number of inputs when counterexample was found: [51, 213] Number of tests when counterexample was found: [11, 52] -Time (ms) when counterexample was found: [63897, 300750] +Time (ms) when counterexample was found: [64539, 307408] diff --git a/experiments/scripts/start_experiment.sh b/experiments/scripts/start_experiment.sh index 4d13112..c2249d1 100755 --- a/experiments/scripts/start_experiment.sh +++ b/experiments/scripts/start_experiment.sh @@ -27,7 +27,7 @@ EXPERIMENT=$1 COMPOSE_FILE="docker-compose-${EXPERIMENT}.yaml" # Validate input and start corresponding docker-compose -if [[ "${EXPERIMENT}" == "openssh" || "${EXPERIMENT}" == "dropbear" ]]; then +if [[ "${EXPERIMENT}" == "openssh7" || "${EXPERIMENT}" == "openssh8" || "${EXPERIMENT}" == "dropbear" ]]; then if [[ -f "${DOCKER_COMPOSE_DIR}/${COMPOSE_FILE}" ]]; then pushd "${DOCKER_COMPOSE_DIR}" echo "Starting experiment for ${EXPERIMENT}..." From 3d245a8b62c1c4f0327e143e33844b0812ef49af Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 13 Mar 2025 05:55:29 +0100 Subject: [PATCH 49/54] fixed e2e tests for openssh8 --- .github/workflows/e2e_pr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index c06de61..508cdb9 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -53,5 +53,5 @@ jobs: - name: Verify Result run: | # wait for the learning to be over - while [ "$( docker container inspect -f '{{.State.Running}}' openssh-learner7 )" = "true" ]; do date; echo "still learning"; sleep 5; done + while [ "$( docker container inspect -f '{{.State.Running}}' openssh-learner8 )" = "true" ]; do date; echo "still learning"; sleep 5; done experiments/scripts/diff_hyps.sh experiments/results/servers/openssh8 experiments/orchestration/learner_output_openssh8 3 From d3114382ffb02f5762b390a2b8148b5781dd44e3 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 13 Mar 2025 06:41:31 +0100 Subject: [PATCH 50/54] running dropbear experiment for only 3 rounds and not 6 --- experiments/orchestration/docker-compose-dropbear.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/experiments/orchestration/docker-compose-dropbear.yaml b/experiments/orchestration/docker-compose-dropbear.yaml index 0d923e8..ad9a510 100644 --- a/experiments/orchestration/docker-compose-dropbear.yaml +++ b/experiments/orchestration/docker-compose-dropbear.yaml @@ -45,7 +45,7 @@ services: volumes: - ./learner_output_dropbear:/app/output_folder - ../../ssh-learner/inputs/alphabets/servers/:/app/inputs/alphabets/servers/ - command: ["state-fuzzer-server", "-connect", "dropbear-mapper:8080", "-alphabet", "/app/inputs/alphabets/servers/trans_auth.xml", "-output", "/app/output_folder", "-sshMapperAddress", "dropbear-mapper:8080", "-roundLimit", "6", "-debug"] + command: ["state-fuzzer-server", "-connect", "dropbear-mapper:8080", "-alphabet", "/app/inputs/alphabets/servers/trans_auth.xml", "-output", "/app/output_folder", "-sshMapperAddress", "dropbear-mapper:8080", "-roundLimit", "3", "-debug"] networks: dropbear_network: From 4977335fa75ba4f0963c274517a4eb84720fa663 Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 13 Mar 2025 07:13:12 +0100 Subject: [PATCH 51/54] reverted the commented section for key verification --- ssh-mapper/manualparamiko/transport.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/ssh-mapper/manualparamiko/transport.py b/ssh-mapper/manualparamiko/transport.py index 978b334..b843cab 100644 --- a/ssh-mapper/manualparamiko/transport.py +++ b/ssh-mapper/manualparamiko/transport.py @@ -1940,14 +1940,14 @@ def _expect_packet(self, *ptypes): def _verify_key(self, host_key, sig): key = self._key_info[self.host_key_type](Message(host_key)) - # if key is None: - # raise SSHException("Unknown host key type") - # if not key.verify_ssh_sig(self.H, Message(sig)): - # raise SSHException( - # "Signature verification ({}) failed.".format( - # self.host_key_type - # ) - # ) # noqa + if key is None: + raise SSHException("Unknown host key type") + if not key.verify_ssh_sig(self.H, Message(sig)): + raise SSHException( + "Signature verification ({}) failed.".format( + self.host_key_type + ) + ) # noqa self.host_key = key def _compute_key(self, id, nbytes): From 681a054a0bd294068682f7c4f1e2e3f32d43b22b Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 13 Mar 2025 07:16:18 +0100 Subject: [PATCH 52/54] just running another build --- .../inputs/alphabets/servers/openssh.xml | 56 +++++++++---------- 1 file changed, 27 insertions(+), 29 deletions(-) diff --git a/ssh-learner/inputs/alphabets/servers/openssh.xml b/ssh-learner/inputs/alphabets/servers/openssh.xml index b5cd67c..a06a5a2 100644 --- a/ssh-learner/inputs/alphabets/servers/openssh.xml +++ b/ssh-learner/inputs/alphabets/servers/openssh.xml @@ -1,31 +1,29 @@ - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file From 9f738006c026b42925611156df1a50473b3c6f8d Mon Sep 17 00:00:00 2001 From: shasan101 Date: Thu, 13 Mar 2025 08:08:13 +0100 Subject: [PATCH 53/54] openssh8 only producing 2 hypothesis with roundlimit of 3 --- .github/workflows/e2e_pr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e_pr.yaml b/.github/workflows/e2e_pr.yaml index 508cdb9..d3f293f 100644 --- a/.github/workflows/e2e_pr.yaml +++ b/.github/workflows/e2e_pr.yaml @@ -54,4 +54,4 @@ jobs: run: | # wait for the learning to be over while [ "$( docker container inspect -f '{{.State.Running}}' openssh-learner8 )" = "true" ]; do date; echo "still learning"; sleep 5; done - experiments/scripts/diff_hyps.sh experiments/results/servers/openssh8 experiments/orchestration/learner_output_openssh8 3 + experiments/scripts/diff_hyps.sh experiments/results/servers/openssh8 experiments/orchestration/learner_output_openssh8 2 From df9133778bb99567724fdb3be5ac82bfa13e1e80 Mon Sep 17 00:00:00 2001 From: Kostis Sagonas Date: Sat, 17 May 2025 17:43:41 +0300 Subject: [PATCH 54/54] Update openssh.xml Just a dummy commit to see if GH actions are triggered now. --- ssh-learner/inputs/alphabets/servers/openssh.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssh-learner/inputs/alphabets/servers/openssh.xml b/ssh-learner/inputs/alphabets/servers/openssh.xml index a06a5a2..bfe0111 100644 --- a/ssh-learner/inputs/alphabets/servers/openssh.xml +++ b/ssh-learner/inputs/alphabets/servers/openssh.xml @@ -26,4 +26,4 @@ - \ No newline at end of file +