add casr-ubsan

README.md

@@ -4,8 +4,8 @@
 
 # CASR: Crash Analysis and Severity Report
 
-CASR – collect crash reports, triage, and estimate severity.
-It is based on ideas from [exploitable](https://github.com/jfoote/exploitable) and
+CASR – collect crash reports, triage, and estimate severity. It is based
+on ideas from [exploitable](https://github.com/jfoote/exploitable) and
 [apport](https://github.com/canonical/apport).
 
 CASR is maintained by:
@@ -18,8 +18,10 @@ CASR is maintained by:
 ## Overview
 
 CASR is a set of tools that allows you to collect crash reports in different
-ways. Use `casr-core` binary to deal with coredumps. Use `casr-san` to analyze ASAN
-reports. Try `casr-gdb` to get reports from gdb. Use `casr-python` to analyze python reports and get report from [Atheris](https://github.com/google/atheris).
+ways. Use `casr-core` binary to deal with coredumps. Use `casr-san` to analyze
+ASAN reports or `casr-ubsan` to analyze UBSAN reports. Try `casr-gdb` to get
+reports from gdb. Use `casr-python` to analyze python reports and get report
+from [Atheris](https://github.com/google/atheris).
 
 Crash report contains many useful information: severity (like [exploitable](https://github.com/jfoote/exploitable))
 for x86, x86\_64, arm32, aarch64, rv32g, rv64g architectures,
@@ -52,6 +54,7 @@ crashes.
 It can analyze crashes from different sources:
 
 * AddressSanitizer
+* UndefinedBehaviorSanitizer
 * Gdb output
 
 and program languages:
@@ -95,11 +98,16 @@ Create report from coredump:
 
     $ casr-core -f casr/tests/casr_tests/bin/core.test_destAv -e casr/tests/casr_tests/bin/test_destAv -o destAv.casrep
 
-Create report from sanitizers output:
+Create report from AddressSanitizer output:
 
     $ clang++ -fsanitize=address -O0 -g casr/tests/casr_tests/test_asan_df.cpp -o test_asan_df
     $ casr-san -o asan.casrep -- ./test_asan_df
 
+Create report from UndefinedBehaviorSanitizer output:
+
+    $ clang++ -fsanitize=undefined,fuzzer-no-link -O0 -g test_ubsan.cpp -o test_ubsan
+    $ casr-ubsan -i input -o output -- /test_ubsan @@
+
 Create report from gdb:
 
     $ casr-gdb -o destAv.gdb.casrep -- casr/tests/casr_tests/bin/test_destAv $(printf 'A%.s' {1..200})
@@ -163,18 +171,20 @@ When you have crashes from fuzzing you may do the following steps:
 
 1. Create reports for all crashes via `casr-san`, `casr-gdb` (if no sanitizers
    are present), or `casr-python`.
-2. Deduplicate collected reports via `casr-cluster -d`.
-3. Cluster deduplicated reports via `casr-cluster -c`.
-4. View reports from clusters using `casr-cli` or upload them to
+2. Deduplicate collected crash reports via `casr-cluster -d`.
+3. Cluster deduplicated crash reports via `casr-cluster -c`.
+4. Create reports and deduplicate them for all UBSAN error via `casr-ubsan`.
+5. View reports from clusters using `casr-cli` or upload them to
    [DefectDojo](https://github.com/DefectDojo/django-DefectDojo) with
    `casr-dojo`.
 
 If you use [AFL++](https://github.com/AFLplusplus/AFLplusplus), whole pipeline
-could be done automatically by `casr-afl`.
+(without 4 step and dojo) could be done automatically by `casr-afl`.
 
 If you use [libFuzzer](https://www.llvm.org/docs/LibFuzzer.html) based fuzzer
 (C/C++/[go-fuzz](https://github.com/dvyukov/go-fuzz)/[Atheris](https://github.com/google/atheris)),
-whole pipeline could be done automatically by `casr-libfuzzer`.
+whole pipeline (without 4 step and dojo) could be done automatically by
+`casr-libfuzzer`.
 
 ## Contributing
 

casr/Cargo.toml

@@ -33,6 +33,7 @@ walkdir = "2"
 reqwest = { version = "0.11", features = ["json", "multipart", "rustls-tls"], default_features = false, optional = true }
 tokio = { version = "1", features = ["rt", "macros"], optional = true }
 toml = { version = "0.7", optional = true }
+wait-timeout = "0.1.5"
 
 libcasr = { path = "../libcasr", version = "2.6.0", features = ["serde", "exploitable"] }
 

casr/src/bin/casr-cli.rs

@@ -342,6 +342,16 @@ fn build_tree_report(
         tree.expand_item(row);
     }
 
+    if !report.ubsan_report.is_empty() {
+        row = tree
+            .insert_container_item("UbsanReport".to_string(), Placement::After, row)
+            .unwrap();
+        report.ubsan_report.iter().for_each(|e| {
+            tree.insert_item(e.clone(), Placement::LastChild, row);
+        });
+        tree.expand_item(row);
+    }
+
     if !report.python_report.is_empty() {
         row = tree
             .insert_container_item("PythonReport".to_string(), Placement::After, row)
@@ -522,6 +532,10 @@ fn build_slider_report(
         select.add_item("AsanReport", report.asan_report.join("\n"));
     }
 
+    if !report.ubsan_report.is_empty() {
+        select.add_item("UbsanReport", report.ubsan_report.join("\n"));
+    }
+
     if !report.python_report.is_empty() {
         select.add_item("PythonReport", report.python_report.join("\n"));
     }

casr/src/bin/casr-san.rs

@@ -28,7 +28,7 @@ use std::process::Command;
 fn main() -> Result<()> {
     let matches = clap::Command::new("casr-san")
         .version(clap::crate_version!())
-        .about("Create CASR reports (.casrep) from sanitizer reports")
+        .about("Create CASR reports (.casrep) from AddressSanitizer reports")
         .term_width(90)
         .arg(
             Arg::new("output")