Github Actions CI/CD#
kAFL can be integrated into your Github Actions CI/CD pipeline, thanks to the IntelLabs/kafl.actions.
It acts as a basic-block to compose your workflows with kAFL.
With this Action you can:
automate the fuzzing process of your target and building a reusable workflow
delegate the kAFL setup from your local machine to a reproducible infrastucture
build a regression test suite, continuously updated with new seeds, to be executed at your convenience (every PR, day, week, …)
Requirements:
A kAFL-compatible server (Intel PT) acting as Github Action Self-Hosted Runner
1 - Deploying the kernel#
This first step will install the kAFL on the server of your choice.
We can leverage kAFL’s Ansible playbook to automate this part.
cd kAFL
# rewrite the Ansible inventory to deploy remotely on a specified server
echo 'kafl-actions-runner.example.com' > deploy/inventory
# only deploy the kernel
make deploy -- --tags kernel
Note
This command will:
install the kernel
update GRUB
reboot the server
➡️ Once this is done, you should find a -nyx tag in your server’s uname
uname -a | grep nyx
... 6.0.0-nyx+ ...
2 - Setting up Docker#
kafl.actions will pull the latest intellabs/kafl Docker image to run the kAFL userspace.
Let’s setup Docker on the runner as well !
3 - Setup the Github Actions Runner#
Finally you can follow Github’s official guide to add a Self-Hosted Runner to your repository.
You should now have a runner available under Settings Actions Runners
4 - Using kafl.actions#
Go check kafl.actions’s README and the example kernel.yml to fuzz the Linux kernel !
It boils down to invoking the action, specifing the subcommand, the workdir (to be mounted in the container), and a few extra_args for the kAFL command line.
- name: Fuzz Linux kernel
uses: IntelLabs/kafl.actions@master
with:
action: fuzz
Build your own workflows, automate and fuzz all the things (continuously) !
Note
The default timeout for a Github Action’s job is limited to 6h.
It’s possible to bypass this limit by specifying a higher value in jobs.<job_id>.timeout-minutes.
For example, you can set it to 2 weeks:
jobs:
fuzz:
# bypass 6h limitation
# set to 2 weeks max job execution time
# 60 * 24 * 7 * 2 = 20160 minutes
timeout-minutes: 20160
And then limit your target fuzzing to any value you want (under that threshold):
- name: Fuzz Linux kernel
uses: IntelLabs/kafl.actions@master
with:
action: fuzz
# 3 days
# 60 * 60 * 24 * 3 = 259200 seconds
timeout: 259200
Warning
kafl.actions’s fuzz timeout is specified in seconds, not minutes.
References#
The kafl.actions Github Action has been introduced to the Tianocore community meeting on May 4th 2023.