search

MozillaSecurity / funfuzz

A collection of fuzzers in a harness for testing the SpiderMonkey JavaScript engine.
Mozilla Public License 2.0
635 stars 115 forks source link

Error involving "Unable to find required entries in FuzzManager." #159

Closed StGlolry closed 6 years ago

StGlolry commented 6 years ago

I may need some help.. as instructions FuzzManager repo suggested but still the error 404 on /crashmanager/files/signature.zip but the signature.zip is indeed in server/server/files/ folder , I wanna know where i set correct?

Unable to find required entries in .fuzzmanagerconf, exiting... Server unexpectedly responded with status code 404:

nth10sd commented 6 years ago

Do you have more information on the stack? Is your ~/.fuzzmanagerconf set properly with the following parameters?

[Main]
serverhost = <some host>
serverport = <some port>
serverproto = <some protocol>
serverauthtoken = <some token>
sigdir = <some sigdir>
tool = jsfunfuzz
nth10sd commented 6 years ago

Closing due to no response for ~3 months.

rc0r commented 6 years ago

Hi,

I have the same problem. When I (re)start funfuzz.loop_bot I get the following warning despite I have a running FuzzManager instance with a signature.zip in the server/files directory and a valid ~/.fuzzmanagerconf:

Unable to find required entries in FuzzManager. Duplicate detection via sigcache will not work...

On the FuzzManager server side which I run in debug mode using python manage.py runserver I see this:

Not Found: /crashmanager/rest/signatures/download/
[11/Jul/2018 05:49:04] "GET /crashmanager/rest/signatures/download/ HTTP/1.1" 404 0

I can browse the crashes/signatures via the web interface but downloading signatures via the Collector class seems to fail. Is that hardcoded url /crashmanager/rest/signatures/download/ in Collector correct?

BTW: The title of this issue should be changed to something more meaningful...

nth10sd commented 6 years ago

Does it happen with FuzzManager that is running on top of Apache/WSGI? (i.e. not via runserver)

rc0r commented 6 years ago

I didn't try that. I just started to play around with it and tried setting things up in debug mode.

rc0r commented 6 years ago

Problem solved. This is a documentation or configuration issue of the FuzzManager project, not funfuzz itself:

The FuzzManager readme somewhere describes a way to update the signatures.zip file using a cron job like this:

# Export all signatures to a zip file for downloading by clients
*/30 * * * * cd /path/to/FuzzManager/server && cronic python manage.py export_signatures files/signatures.new.zip mv files/signatures.new.zip files/signatures.zip

However SIGNATURE_STORAGE which is used in the SignaturesDownloadView is defined as follows in server/server/settings.py:

# This is the directory where signatures.zip will be stored
SIGNATURE_STORAGE = os.path.join(BASE_DIR)

On my setup this equals to server/ and not server/files. The problem was solved after changing the config to:

SIGNATURE_STORAGE = os.path.join(BASE_DIR, 'files')

Putting signatures.zip into BASE_DIR should also fix this w/o the need to update settings.py.

So either way FuzzManager readme should be updated to reflect the actual settings in server/server/settings.py or server/server/settings.py should be updated to reflect the documentation in the readme.

Hope that helps @StGlolry and others! ;)

nth10sd commented 6 years ago

Thanks for filing the issue in FuzzManager, and for the excellent detective work!