Add casr-lua

.github/workflows/aarch64.yml

@@ -25,7 +25,8 @@ jobs:
         install: |
           export CARGO_TERM_COLOR=always
           export CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse
-          apt-get update && apt-get install -y gdb pip curl python3.12-dev clang llvm build-essential
+          apt-get update && apt-get install -y gdb pip curl python3.12-dev clang \
+              llvm build-essential lua5.4
           curl https://sh.rustup.rs -o rustup.sh && chmod +x rustup.sh && \
           ./rustup.sh -y && rm rustup.sh
         run: |

.github/workflows/amd64.yml

@@ -20,7 +20,7 @@ jobs:
     - name: Run tests
       run: |
         sudo apt update && sudo apt install -y gdb pip curl python3.10-dev llvm \
-            openjdk-17-jdk ca-certificates gnupg
+            openjdk-17-jdk ca-certificates gnupg lua5.4
         pip3 install atheris
         sudo mkdir -p /etc/apt/keyrings
         curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg

.github/workflows/coverage.yaml

@@ -18,7 +18,7 @@ jobs:
     - name: Install Dependences
       run: |
         sudo apt update && sudo apt install -y gdb pip curl python3.10-dev llvm \
-            openjdk-17-jdk ca-certificates gnupg
+            openjdk-17-jdk ca-certificates gnupg lua5.4
         pip3 install atheris
         sudo mkdir -p /etc/apt/keyrings
         curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg

.github/workflows/darwin-arm64.yml

@@ -20,7 +20,7 @@ jobs:
         run: |
           arch -x86_64 /usr/local/bin/brew update
           arch -x86_64 /usr/local/bin/brew install gdb curl python llvm \
-              openjdk ca-certificates gnupg nodejs --overwrite
+              openjdk ca-certificates gnupg nodejs lua5.4 --overwrite
       - name: Build
         run: cargo build --all-features --verbose
       - name: NPM packages

.github/workflows/riscv64.yml

@@ -25,8 +25,8 @@ jobs:
         install: |
           export CARGO_TERM_COLOR=always
           export CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse
-          apt-get update \
-            && apt-get install -y gdb pip curl python3-dev clang llvm build-essential
+          apt-get update && apt-get install -y gdb pip curl python3-dev clang llvm \
+              build-essential lua5.4
           curl https://sh.rustup.rs -o rustup.sh && chmod +x rustup.sh && \
           ./rustup.sh -y && rm rustup.sh
         run: |

.gitignore

@@ -5,6 +5,7 @@ Cargo.lock
 */tests/tmp_tests_casr
 */tests/casr_tests/csharp/*/bin
 */tests/casr_tests/csharp/*/obj
+*.swo
 *.swp
 node_modules
 */node_modules/*

README.md

@@ -31,12 +31,12 @@ ASAN reports or `casr-ubsan` to analyze UBSAN reports. Try `casr-gdb` to get
 reports from gdb. Use `casr-python` to analyze python reports and get report
 from [Atheris](https://github.com/google/atheris). Use `casr-java` to analyze
 java reports and get report from
-[Jazzer](https://github.com/CodeIntelligenceTesting/jazzer). Use `casr-js`
-to analyze JavaScript reports and get report from
+[Jazzer](https://github.com/CodeIntelligenceTesting/jazzer). Use `casr-js` to
+analyze JavaScript reports and get report from
 [Jazzer.js](https://github.com/CodeIntelligenceTesting/jazzer.js) or
-[jsfuzz](https://github.com/fuzzitdev/jsfuzz).
-Use `casr-csharp` to analyze C# reports and get report from
-[Sharpfuzz](https://github.com/Metalnem/sharpfuzz).
+[jsfuzz](https://github.com/fuzzitdev/jsfuzz). Use `casr-csharp` to analyze C#
+reports and get report from [Sharpfuzz](https://github.com/Metalnem/sharpfuzz).
+Use `casr-lua` to analyze Lua reports.
 
 Crash report contains many useful information: severity (like [exploitable](https://github.com/jfoote/exploitable))
 for x86, x86\_64, arm32, aarch64, rv32g, rv64g architectures,
@@ -79,12 +79,13 @@ It can analyze crashes from different sources:
 and program languages:
 
 * C/C++
-* Rust
+* C#
 * Go
-* Python
 * Java
 * JavaScript
-* C#
+* Lua
+* Python
+* Rust
 
 It could be built with `exploitable` feature for severity estimation crashes
 collected from gdb. To save crash reports as json use `serde` feature.
@@ -169,6 +170,10 @@ Create report from C#:
 
     $ casr-csharp -o csharp.casrep -- dotnet run --project casr/tests/casr_tests/csharp/test_casr_csharp/test_casr_csharp.csproj
 
+Create report from Lua:
+
+    $ casr-lua -o lua.casrep -- casr/tests/casr_tests/lua/test_casr_lua.lua
+
 View report:
 
     $ casr-cli casr/tests/casr_tests/casrep/test_clustering_san/load_fuzzer_crash-120697a7f5b87c03020f321c8526adf0f4bcc2dc.casrep

casr/src/bin/casr-cli.rs

@@ -429,6 +429,16 @@
         tree.collapse_item(row);
     }
 
+    if !report.lua_report.is_empty() {
+        row = tree
+            .insert_container_item("LuaReport".to_string(), Placement::After, row)
+            .unwrap();
+        report.lua_report.iter().for_each(|e| {
+            tree.insert_item(e.clone(), Placement::LastChild, row);
+        });
+        tree.collapse_item(row);
+    }
+
     if !report.java_report.is_empty() {
         row = tree
             .insert_container_item("JavaReport".to_string(), Placement::After, row)
@@ -649,6 +659,10 @@
         select.add_item("PythonReport", report.python_report.join("\n"));
     }
 
+    if !report.lua_report.is_empty() {
+        select.add_item("LuaReport", report.lua_report.join("\n"));
+    }
+
     if !report.java_report.is_empty() {
         select.add_item("JavaReport", report.java_report.join("\n"));
     }

casr/src/bin/casr-lua.rs

@@ -0,0 +1,155 @@
+use casr::util;
+use libcasr::{
+    init_ignored_frames,
+    lua::LuaException,
+    report::CrashReport,
+    severity::Severity,
+    stacktrace::Filter,
+    stacktrace::Stacktrace,
+    stacktrace::{CrashLine, CrashLineExt},
+};
+
+use anyhow::{bail, Result};
+use clap::{Arg, ArgAction, ArgGroup};
+use std::path::{Path, PathBuf};
+use std::process::Command;
+
+fn main() -> Result<()> {
+    let matches = clap::Command::new("casr-lua")
+        .version(clap::crate_version!())
+        .about("Create CASR reports (.casrep) from Lua reports")
+        .term_width(90)
+        .arg(
+            Arg::new("output")
+                .short('o')
+                .long("output")
+                .action(ArgAction::Set)
+                .value_parser(clap::value_parser!(PathBuf))
+                .value_name("REPORT")
+                .help(
+                    "Path to save report. Path can be a directory, then report name is generated",
+                ),
+        )
+        .arg(
+            Arg::new("stdout")
+                .action(ArgAction::SetTrue)
+                .long("stdout")
+                .help("Print CASR report to stdout"),
+        )
+        .group(
+            ArgGroup::new("out")
+                .args(["stdout", "output"])
+                .required(true),
+        )
+        .arg(
+            Arg::new("stdin")
+                .long("stdin")
+                .action(ArgAction::Set)
+                .value_parser(clap::value_parser!(PathBuf))
+                .value_name("FILE")
+                .help("Stdin file for program"),
+        )
+        .arg(
+            Arg::new("timeout")
+                .short('t')
+                .long("timeout")
+                .action(ArgAction::Set)
+                .default_value("0")
+                .value_name("SECONDS")
+                .help("Timeout (in seconds) for target execution, 0 value means that timeout is disabled")
+                .value_parser(clap::value_parser!(u64))
+        )
+        .arg(
+            Arg::new("ignore")
+                .long("ignore")
+                .action(ArgAction::Set)
+                .value_parser(clap::value_parser!(PathBuf))
+                .value_name("FILE")
+                .help("File with regular expressions for functions and file paths that should be ignored"),
+        )
+        .arg(
+            Arg::new("strip-path")
+                .long("strip-path")
+                .env("CASR_STRIP_PATH")
+                .action(ArgAction::Set)
+                .value_name("PREFIX")
+                .help("Path prefix to strip from stacktrace"),
+        )
+        .arg(
+            Arg::new("ARGS")
+                .action(ArgAction::Set)
+                .num_args(1..)
+                .last(true)
+                .required(true)
+                .help("Add \"-- <path> <arguments>\" to run"),
+        )
+        .get_matches();
+
+    init_ignored_frames!("lua");
+    if let Some(path) = matches.get_one::<PathBuf>("ignore") {
+        util::add_custom_ignored_frames(path)?;
+    }
+    // Get program args.
+    let argv: Vec<&str> = if let Some(argvs) = matches.get_many::<String>("ARGS") {
+        argvs.map(|s| s.as_str()).collect()
+    } else {
+        bail!("Wrong arguments for starting program");
+    };
+
+    // Get stdin for target program.
+    let stdin_file = util::stdin_from_matches(&matches)?;
+
+    // Get timeout
+    let timeout = *matches.get_one::<u64>("timeout").unwrap();
+
+    // Run program.
+    let mut cmd = Command::new(argv[0]);
+    if let Some(ref file) = stdin_file {
+        cmd.stdin(std::fs::File::open(file)?);
+    }
+    if argv.len() > 1 {
+        cmd.args(&argv[1..]);
+    }
+    let result = util::get_output(&mut cmd, timeout, true)?;
+    let stderr = String::from_utf8_lossy(&result.stderr);
+
+    // Create report.
+    let mut report = CrashReport::new();
+    report.executable_path = argv[0].to_string();
+    if argv.len() > 1 {
+        if let Some(fname) = Path::new(argv[0]).file_name() {
+            let fname = fname.to_string_lossy();
+            if fname.starts_with("lua") && !fname.ends_with(".lua") && argv[1].ends_with(".lua") {
+                report.executable_path = argv[1].to_string();
+            }
+        }
+    }
+    report.proc_cmdline = argv.join(" ");
+    let _ = report.add_os_info();
+    let _ = report.add_proc_environ();
+
+    // Extract lua exception
+    let Some(exception) = LuaException::new(&stderr) else {
+        bail!("Lua exception is not found!");
+    };
+
+    // Parse exception
+    report.lua_report = exception.lua_report();
+    report.stacktrace = exception.extract_stacktrace()?;
+    report.execution_class = exception.severity()?;
+    if let Ok(crashline) = exception.crash_line() {
+        report.crashline = crashline.to_string();
+        if let CrashLine::Source(debug) = crashline {
+            if let Some(sources) = CrashReport::sources(&debug) {
+                report.source = sources;
+            }
+        }
+    }
+    let stacktrace = exception.parse_stacktrace()?;
+    if let Some(path) = matches.get_one::<String>("strip-path") {
+        util::strip_paths(&mut report, &stacktrace, path);
+    }
+
+    //Output report
+    util::output_report(&report, &matches, &argv)
+}

casr/tests/casr_tests/lua/test_casr_lua.lua

@@ -0,0 +1,23 @@
+#!/bin/env lua
+
+function f(a, b)
+    a = a .. 'qwer'
+    b = b * 123
+    c = a / b
+    return c
+end
+
+function g(a)
+    a = a .. 'qwer'
+    b = 123
+    c = f(a, b)
+    return c
+end
+
+function h()
+    a = 'qwer'
+    c = g(a)
+    return c
+end
+
+print(h())

casr/tests/tests.rs

@@ -22,6 +22,7 @@ lazy_static::lazy_static! {
     static ref EXE_CASR_SAN: RwLock<&'static str> = RwLock::new(env!("CARGO_BIN_EXE_casr-san"));
     static ref EXE_CASR_UBSAN: RwLock<&'static str> = RwLock::new(env!("CARGO_BIN_EXE_casr-ubsan"));
     static ref EXE_CASR_PYTHON: RwLock<&'static str> = RwLock::new(env!("CARGO_BIN_EXE_casr-python"));
+    static ref EXE_CASR_LUA: RwLock<&'static str> = RwLock::new(env!("CARGO_BIN_EXE_casr-lua"));
     static ref EXE_CASR_JAVA: RwLock<&'static str> = RwLock::new(env!("CARGO_BIN_EXE_casr-java"));
     static ref EXE_CASR_JS: RwLock<&'static str> = RwLock::new(env!("CARGO_BIN_EXE_casr-js"));
     static ref EXE_CASR_CSHARP: RwLock<&'static str> = RwLock::new(env!("CARGO_BIN_EXE_casr-csharp"));
@@ -4856,6 +4857,45 @@ fn test_casr_cluster_d_python() {
     let _ = std::fs::remove_dir_all(&paths[1]);
 }
 
+#[test]
+#[cfg(target_arch = "x86_64")]
+fn test_casr_lua() {
+    let test_dir = abs_path("tests/tmp_tests_casr/test_casr_lua");
+    let test_path = abs_path("tests/casr_tests/lua/test_casr_lua.lua");
+    let _ = std::fs::remove_dir_all(test_dir);
+
+    let output = Command::new(*EXE_CASR_LUA.read().unwrap())
+        .args(["--stdout", "--", &test_path])
+        .output()
+        .expect("failed to start casr-lua");
+
+    assert!(
+        output.status.success(),
+        "Stdout {}.\n Stderr: {}",
+        String::from_utf8_lossy(&output.stdout),
+        String::from_utf8_lossy(&output.stderr)
+    );
+
+    let report: Result<Value, _> = serde_json::from_slice(&output.stdout);
+    if let Ok(report) = report {
+        let severity_type = report["CrashSeverity"]["Type"].as_str().unwrap();
+        let severity_desc = report["CrashSeverity"]["ShortDescription"]
+            .as_str()
+            .unwrap()
+            .to_string();
+
+        assert_eq!(6, report["Stacktrace"].as_array().unwrap().iter().count());
+        assert_eq!(severity_type, "NOT_EXPLOITABLE");
+        assert_eq!(severity_desc, "attempt to div a 'string' with a 'number'");
+        assert!(report["CrashLine"]
+            .as_str()
+            .unwrap()
+            .contains("test_casr_lua.lua:6"));
+    } else {
+        panic!("Couldn't parse json report file.");
+    }
+}
+
 #[test]
 #[cfg(target_arch = "x86_64")]
 fn test_casr_js() {