### .NET SDK Installation and IL Disassembler Setup Source: https://github.com/trailofbits/skills/blob/main/plugins/constant-time-analysis/skills/constant-time-analysis/references/vm-compiled.md Details the installation process for .NET SDK 8.0+ on macOS, Ubuntu/Debian, and Windows, along with instructions for installing the `ilspycmd` tool for IL disassembly. It covers PATH configuration and verification steps for both tools. ```bash # macOS (Homebrew) brew install dotnet-sdk # Ubuntu/Debian sudo apt install dotnet-sdk-8.0 # Windows winget install Microsoft.DotNet.SDK.8 # Install IL Disassembler: dotnet tool install -g ilspycmd # PATH Configuration: # Add to ~/.zshrc or ~/.bashrc export PATH="$HOME/.dotnet/tools:$PATH" # Verification: dotnet --version # Should show: 8.x.x or higher ilspycmd --version # Should show: ilspycmd: 9.x.x ``` -------------------------------- ### Install CodeQL with Homebrew Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/codeql/SKILL.md Installs the CodeQL CLI tool using the Homebrew package manager on macOS or Linux. This is a convenient way to get started with CodeQL. ```bash brew install --cask codeql ``` -------------------------------- ### Install CodeQL CLI (Bash) Source: https://github.com/trailofbits/skills/blob/main/plugins/static-analysis/skills/codeql/SKILL.md Provides commands to install the CodeQL CLI using Homebrew on macOS and Linux systems. It also includes a command for upgrading an existing installation. Manual installation instructions are referenced. ```bash # macOS/Linux (Homebrew) brew install --cask codeql # Update brew upgrade codeql ``` -------------------------------- ### SKILL.md Router Structure Example Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/testing-handbook-generator/agent-prompt.md Demonstrates how the main `SKILL.md` file is transformed into a router when content is split. It includes a decision tree to guide users to the appropriate section or file. ```markdown ## Decision Tree **What do you need?** ├─ First time setup? │ └─ Read: [Installation Guide](installation.md) │ ├─ Basic usage? │ └─ See: Quick Reference above │ ├─ Advanced features? │ └─ Read: [Advanced Usage](advanced.md) │ ├─ CI/CD integration? │ └─ Read: [CI Integration](ci-integration.md) │ └─ Something not working? └─ Read: [Troubleshooting](troubleshooting.md) ``` -------------------------------- ### Web Framework Source Pattern Examples Source: https://github.com/trailofbits/skills/blob/main/plugins/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/language-syntax-guide.md Provides examples of how to translate Semgrep patterns for accessing user input from web frameworks across different languages. It shows the specific syntax for retrieving parameters in Python (Flask), Java (Servlet), Go (net/http), and Node.js (Express). ```yaml # Python Flask pattern: request.args.get(...) # Java Servlet pattern: $REQUEST.getParameter(...) # Go net/http pattern: $R.URL.Query().Get(...) pattern: $R.FormValue(...) # Node.js Express pattern: $REQ.query.$PARAM pattern: $REQ.body.$PARAM ``` -------------------------------- ### Setup Web3.js for On-chain Queries Source: https://github.com/trailofbits/skills/blob/main/plugins/building-secure-contracts/skills/development-guidelines/token-integration-analyzer/resources/ASSESSMENT_CATEGORIES.md Initialize Web3.js to interact with the Ethereum blockchain. This setup requires an RPC endpoint URL and allows for querying deployed contract data. ```javascript // I'll use web3.js or ethers.js const Web3 = require('web3'); const web3 = new Web3('RPC_URL'); ``` -------------------------------- ### Install Property-Based Testing Plugin via Marketplace Source: https://github.com/trailofbits/skills/blob/main/plugins/property-based-testing/README.md Instructions for installing the property-based testing plugin using the marketplace command-line interface. This is the recommended installation method. ```bash /plugin marketplace add trailofbits/skills /plugin menu ``` -------------------------------- ### Basic ASan Integration for Fuzzing Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/address-sanitizer/SKILL.md Demonstrates the difference between a standard fuzzing compilation and one with AddressSanitizer enabled. The 'After' example shows the necessary compiler flag and environment variable setup for ASan. ```bash # Before: clang -o fuzz_target fuzz_target.c ./fuzz_target # After: clang -fsanitize=address -g -o fuzz_target fuzz_target.c ASAN_OPTIONS=verbosity=1:abort_on_error=1 ./fuzz_target ``` -------------------------------- ### Verify CodeQL Installation Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/codeql/SKILL.md Checks the installed CodeQL CLI version. This command is useful after installation or upgrade to confirm that CodeQL is set up correctly. ```bash codeql --version ``` -------------------------------- ### Check CodeQL Installation (Bash) Source: https://github.com/trailofbits/skills/blob/main/plugins/static-analysis/skills/codeql/SKILL.md This snippet checks if the CodeQL command-line interface (CLI) is installed and accessible in the system's PATH. It provides immediate feedback on whether CodeQL is ready to use or if installation steps are required. ```bash # Check if CodeQL is installed command -v codeql >/dev/null 2>&1 && echo "CodeQL: installed" || echo "CodeQL: NOT installed (run install steps below)" ``` -------------------------------- ### Install Trail of Bits CodeQL Queries (Bash) Source: https://github.com/trailofbits/skills/blob/main/plugins/static-analysis/skills/codeql/SKILL.md This snippet demonstrates how to download and install the public Trail of Bits security query packs for CodeQL. It includes commands to download specific language query packs and verify their successful installation. ```bash # Download ToB query packs codeql pack download trailofbits/cpp-queries trailofbits/go-queries # Verify installation codeql resolve qlpacks | grep trailofbits ``` -------------------------------- ### Install Property-Based Testing Plugin Manually Source: https://github.com/trailofbits/skills/blob/main/plugins/property-based-testing/README.md Instructions for manually installing the property-based testing plugin using the plugin install command. This method is an alternative to the marketplace installation. ```bash /plugin install trailofbits/skills/plugins/property-based-testing ``` -------------------------------- ### Strategy Design: Match Real-World Constraints (Python) Source: https://github.com/trailofbits/skills/blob/main/plugins/property-based-testing/skills/property-based-testing/references/design.md Illustrates how to design strategies that accurately reflect real-world constraints for data generation. This example shows building a `User` object with specific constraints on name length, age range, and email format. ```python from hypothesis import strategies as st valid_users = st.builds( User, name=st.text(min_size=1, max_size=100), age=st.integers(min_value=0, max_value=150), email=st.emails(), ) ``` -------------------------------- ### Install Kotlin Compiler on Windows Source: https://github.com/trailofbits/skills/blob/main/plugins/constant-time-analysis/skills/constant-time-analysis/references/kotlin.md Provides commands for installing the Kotlin compiler on Windows using Scoop or Chocolatey package managers. ```bash scoop install kotlin # or choco install kotlinc ``` -------------------------------- ### Install Kotlin Compiler on Ubuntu/Debian Source: https://github.com/trailofbits/skills/blob/main/plugins/constant-time-analysis/skills/constant-time-analysis/references/kotlin.md Provides the snap command to install the Kotlin compiler on Ubuntu and Debian-based Linux distributions. ```bash sudo snap install kotlin --classic ``` -------------------------------- ### Pull AFL++ Docker Image (Bash) Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/aflpp/SKILL.md This command pulls the latest stable version of the AFL++ Docker image from Docker Hub. This is a convenient way to get started with AFL++ without manual installation, especially if you need a specific version or support for platforms like Apple Silicon. ```bash docker pull aflplusplus/aflplusplus:stable ``` -------------------------------- ### Install PBT Libraries (Bash) Source: https://github.com/trailofbits/skills/blob/main/plugins/property-based-testing/skills/property-based-testing/references/libraries.md Command-line instructions for installing various Property-Based Testing (PBT) libraries. This covers Python's Hypothesis, JavaScript/TypeScript's fast-check, Go's rapid, and Echidna for smart contract fuzzing. ```bash # Echidna (via crytic toolchain) pip install crytic-compile # Download binary from https://github.com/crytic/echidna # Medusa go install github.com/crytic/medusa@latest # Python pip install hypothesis # JavaScript/TypeScript npm install fast-check # Go go get pgregory.net/rapid # or for gopter: go get github.com/leanovate/gopter # Haskell cabal install QuickCheck # or for Hedgehog: cabal install hedgehog ``` -------------------------------- ### Firebase API Key Format and Example Source: https://github.com/trailofbits/skills/blob/main/plugins/firebase-apk-scanner/skills/firebase-apk-scanner/references/vulnerabilities.md Defines the typical format of a Firebase API key, which starts with 'AIza' followed by a specific character set and length. An example is provided for clarity. ```text AIza[A-Za-z0-9_-]{35} Example: AIzaSyA1B2C3D4E5F6G7H8I9J0K1L2M3N4O5P6Q ``` -------------------------------- ### Fuzzer Template Structure (Markdown) Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/testing-handbook-generator/templates/fuzzer-skill.md This markdown structure defines the metadata and sections for documenting a fuzzer. It includes fields for the fuzzer's name, type, description, and organizes content into logical sections like Quick Start, Installation, Harness Writing, Compilation, Corpus Management, Running Campaigns, Coverage Analysis, Sanitizer Integration, Advanced Usage, Real-World Examples, Troubleshooting, and Related Skills. ```markdown --- name: {fuzzer-name-lowercase} type: fuzzer description: > {Summary from handbook}. Use for fuzzing {language} projects. --- # {Fuzzer Name} {Brief introduction from handbook - what this fuzzer is and its key differentiator} ## When to Use {Comparison with other fuzzers for the same language} | Fuzzer | Best For | Complexity | |--------|----------|------------| | {This fuzzer} | {Use case} | {Level} | | {Alternative 1} | {Use case} | {Level} | | {Alternative 2} | {Use case} | {Level} | **Choose {Fuzzer Name} when:** - {Criterion 1} - {Criterion 2} ## Quick Start {Minimal working example - get fuzzing in <5 minutes} ``` {language} {Minimal harness code} ``` Compile and run: ```bash {Minimal commands to compile and run} ``` ## Installation {Platform-specific installation instructions} ### Prerequisites - {Prerequisite 1} - {Prerequisite 2} ### Linux/macOS ```bash {Installation commands} ``` ### Verification ```bash {Command to verify installation} ``` ## Writing a Harness {How to write a fuzzing harness for this fuzzer} ### Harness Structure ``` {language} {Standard harness template with comments} ``` ### Harness Rules {Key rules from handbook - what to do and avoid in harness} | Do | Don't | |----|-------| | {Good practice 1} | {Bad practice 1} | | {Good practice 2} | {Bad practice 2} | > **See Also:** For detailed harness writing techniques, patterns for handling complex inputs, > and advanced strategies, see the **fuzz-harness-writing** technique skill. ## Compilation {How to compile fuzz targets} ### Basic Compilation ```bash {Basic compile command} ``` ### With Sanitizers ```bash {Compile with ASan/UBSan} ``` > **See Also:** For detailed sanitizer configuration, common issues, and advanced flags, > see the **address-sanitizer** and **undefined-behavior-sanitizer** technique skills. ### Build Flags | Flag | Purpose | |------|---------| | {Flag 1} | {Purpose} | | {Flag 2} | {Purpose} | ## Corpus Management {How to create and manage input corpus} ### Creating Initial Corpus {Where to get seed inputs} ```bash {Commands for corpus setup} ``` ### Corpus Minimization ```bash {Commands to minimize corpus} ``` > **See Also:** For corpus creation strategies, dictionaries, and seed selection, > see the **fuzzing-corpus** technique skill. ## Running Campaigns {How to run fuzzing campaigns} ### Basic Run ```bash {Basic run command} ``` ### Multi-Core Fuzzing ```bash {Parallel fuzzing command if supported} ``` ### Interpreting Output {How to read fuzzer output, coverage, crashes} | Output | Meaning | |--------|---------| | {Output indicator 1} | {What it means} | | {Output indicator 2} | {What it means} | ## Coverage Analysis {How to measure and improve coverage} ### Generating Coverage Reports ```bash {Coverage commands} ``` ### Improving Coverage {Tips for reaching more code paths} > **See Also:** For detailed coverage analysis techniques, identifying coverage gaps, > and systematic coverage improvement, see the **coverage-analysis** technique skill. ## Sanitizer Integration {How to use AddressSanitizer, UndefinedBehaviorSanitizer, etc.} ### AddressSanitizer (ASan) ```bash {ASan compile flags} ``` ### UndefinedBehaviorSanitizer (UBSan) ```bash {UBSan compile flags} ``` ### MemorySanitizer (MSan) ```bash {MSan compile flags - if applicable} ``` ### Common Sanitizer Issues | Issue | Solution | |-------|----------| | {Issue 1} | {Fix} | | {Issue 2} | {Fix} | ## Advanced Usage ### Tips and Tricks | Tip | Why It Helps | |-----|--------------| | {Tip 1} | {Explanation} | | {Tip 2} | {Explanation} | | {Tip 3} | {Explanation} | ### {Advanced Topic 1 - e.g., Structure-Aware Fuzzing} {Details} ### {Advanced Topic 2 - e.g., Custom Mutators} {Details} ### Performance Tuning {How to maximize fuzzing throughput} | Setting | Impact | |---------|--------| | {Setting 1} | {Effect} | | {Setting 2} | {Effect} | ## Real-World Examples {Examples from handbook of fuzzing real projects} ### Example: {Project Name} {Context and what we're fuzzing} ``` {language} {Harness code} ``` ```bash {Commands to fuzz example project} ``` ## Troubleshooting {Common issues and solutions from handbook} | Problem | Cause | Solution | |---------|-------|----------| | {Problem 1} | {Cause} | {Solution} | | {Problem 2} | {Cause} | {Solution} | | {Problem 3} | {Cause} | {Solution} | ## Related Skills {Cross-references to technique skills that complement this fuzzer} ``` -------------------------------- ### Project Build Instructions (Bash) Source: https://github.com/trailofbits/skills/blob/main/plugins/building-secure-contracts/skills/development-guidelines/audit-prep-assistant/SKILL.md These are the build instructions for a project, including cloning the repository, checking out a specific branch, installing dependencies, building the project, and running tests. It assumes the use of Foundry and Git. ```bash git clone https://github.com/project/repo.git cd repo git checkout audit-march-2024 # Frozen branch forge install forge build forge test ``` -------------------------------- ### Minimal Fuzzer Harness Example (Placeholder) Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/testing-handbook-generator/templates/fuzzer-skill.md This is a placeholder for a minimal working example of a fuzzing harness. It demonstrates the basic structure required to get a fuzzer up and running quickly, typically involving a function that accepts input data and processes it. ```placeholder {Minimal harness code} ``` -------------------------------- ### Fuzzing libpng: Setup and Compilation Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/libfuzzer/SKILL.md Steps to download libpng source, install dependencies, and compile it with fuzzing instrumentation using clang and ASan. ```bash curl -L -O https://downloads.sourceforge.net/project/libpng/libpng16/1.6.37/libpng-1.6.37.tar.xz tar xf libpng-1.6.37.tar.xz cd libpng-1.6.37/ apt install zlib1g-dev export CC=clang CFLAGS="-fsanitize=fuzzer-no-link -fsanitize=address" export CXX=clang++ CXXFLAGS="$CFLAGS" ./configure --enable-shared=no make ``` -------------------------------- ### Initialize CodeQL Pack Source: https://github.com/trailofbits/skills/blob/main/plugins/static-analysis/skills/codeql/SKILL.md Command to initialize a new CodeQL query pack. This command creates the necessary directory structure and a basic qlpack.yml file, setting up a project for custom CodeQL queries. ```bash codeql pack init myorg/security-queries ``` -------------------------------- ### Run Static Analysis for Go/Rust/C++ with CodeQL and Semgrep Source: https://github.com/trailofbits/skills/blob/main/plugins/building-secure-contracts/skills/development-guidelines/audit-prep-assistant/SKILL.md This is a placeholder comment indicating the use of CodeQL and Semgrep for static analysis across multiple languages including Go, Rust, and C++. These tools are powerful for finding complex vulnerabilities and enforcing security policies. ```bash # CodeQL and Semgrep checks ``` -------------------------------- ### CodeQL CLI Command to Install Dependencies Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/codeql/SKILL.md This bash command installs all the dependencies declared in the 'qlpack.yml' file for the current CodeQL query pack. It ensures that all necessary libraries and query packs are available for analysis. ```bash codeql pack install ``` -------------------------------- ### Setup VLD Extension Directory for Homebrew PHP (macOS) Source: https://github.com/trailofbits/skills/blob/main/plugins/constant-time-analysis/skills/constant-time-analysis/references/php.md Manually copies the compiled VLD extension to the correct PHP extension directory when using PHP installed via Homebrew on macOS. This is necessary because Homebrew's PHP setup might require explicit placement of extensions. ```bash # Homebrew PHP may need manual extension directory setup PHP_EXT_DIR=$(php -i | grep extension_dir | awk '{print $3}') echo "PHP extension directory: $PHP_EXT_DIR" # After building VLD, copy the extension sudo cp modules/vld.so "$PHP_EXT_DIR/" ``` -------------------------------- ### CodeQL Query Syntax Examples Source: https://github.com/trailofbits/skills/blob/main/plugins/static-analysis/skills/codeql/SKILL.md Demonstrates key CodeQL language features including predicates for defining custom logic, transitive closure operators for data flow analysis, and quantification for expressing conditions over sets of elements. These are fundamental for writing effective security queries. ```ql // Predicates predicate isUserInput(DataFlow::Node node) { exists(Call c | c.getFunc().(Attribute).getName() = "get" and node.asExpr() = c) } // Transitive closure: + (one or more), * (zero or more) node.getASuccessor+() // Quantification exists(Variable v | v.getName() = "password") forall(Call c | c.getTarget().hasName("dangerous") | hasCheck(c)) ``` -------------------------------- ### AST Representation of Database Queries Source: https://github.com/trailofbits/skills/blob/main/plugins/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/language-syntax-guide.md Shows how conceptually similar database query executions are represented in the ASTs of Python and Go. The Python example `cursor.execute(query)` and the Go example `db.Query(query)` may have significantly different AST structures, necessitating careful translation. ```python # Python cursor.execute(query) ``` ```go // Go db.Query(query) ``` -------------------------------- ### File Splitting Structure Example Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/testing-handbook-generator/agent-prompt.md Illustrates the file structure when a large skill file needs to be split into multiple smaller files. It shows how the main `SKILL.md` acts as a router, with extracted sections placed in separate `.md` files. ```bash skills/{name}/ ├── SKILL.md # Core content + decision tree (target: <400 lines) ├── installation.md # If extracted ├── advanced.md # If extracted ├── ci-integration.md # If extracted └── troubleshooting.md # If extracted ``` -------------------------------- ### Avoid Tautological Properties in Python Tests Source: https://github.com/trailofbits/skills/blob/main/plugins/property-based-testing/skills/property-based-testing/references/design.md Demonstrates how to write effective property-based tests in Python by focusing on algebraic properties rather than simple reassertions of function logic. The 'BAD' example shows a tautological test that offers no real value, while the 'GOOD' examples illustrate testing identity and commutativity properties. ```python assert add(a, b) == a + b assert add(a, 0) == a # identity assert add(a, b) == add(b, a) # commutativity ``` -------------------------------- ### Example Self-Improvement Documentation Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/testing-handbook-generator/SKILL.md This example shows how to document self-improvement points after a skill generation run. It follows a simple Issue/Fix format, detailing problems encountered and the specific files or templates updated to address them, aiding future refinement. ```text Issue: libFuzzer skill missing sanitizer flags table Fix: Updated templates/fuzzer-skill.md to include ## Compiler Flags section ``` -------------------------------- ### libFuzzer Quick Start Example (C++) Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/testing-handbook-generator/templates/fuzzer-skill.md A minimal C++ harness for libFuzzer, demonstrating how to integrate a target function with the fuzzer. It expects the fuzzer to provide input data and size. ```c++ #include #include extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { // Call your code with fuzzer-provided data my_function(data, size); return 0; } ``` -------------------------------- ### Setup cargo-fuzz Coverage Prerequisites (Bash) Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/coverage-analysis/SKILL.md Installs the nightly Rust toolchain with LLVM components and necessary Cargo crates (`cargo-binutils`, `rustfilt`) for generating coverage reports with `cargo-fuzz`. ```bash rustup toolchain install nightly --component llvm-tools-preview \ cargo install cargo-binutils rustfilt ``` -------------------------------- ### Run CodeQL Security Analysis (Bash) Source: https://github.com/trailofbits/skills/blob/main/plugins/static-analysis/skills/codeql/SKILL.md Executes CodeQL security queries against a created database. This example shows how to output results in SARIF (recommended) or CSV format, and how to specify query suites or packs. It includes examples for running default security queries and Trail of Bits queries. ```bash # List available query packs codeql resolve qlpacks # Run security queries: # SARIF output (recommended) codeql database analyze codeql.db \ --format=sarif-latest \ --output=results.sarif \ -- codeql/python-queries:codeql-suites/python-security-extended.qls # CSV output codeql database analyze codeql.db \ --format=csv \ --output=results.csv \ -- codeql/javascript-queries # With Trail of Bits queries (if installed): codeql database analyze codeql.db \ --format=sarif-latest \ --output=results.sarif \ -- trailofbits/go-queries ``` -------------------------------- ### Clone Wycheproof Repository for Crypto Testing Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/testing-handbook-generator/templates/domain-skill.md This command clones the Wycheproof repository, a tool used for validating cryptographic implementations against known test vectors. It's a starting point for integrating Wycheproof into a crypto testing setup. ```bash git clone https://github.com/google/wycheproof # See wycheproof skill for integration patterns ``` -------------------------------- ### Scripted DWARF File Searching with Pyelftools Source: https://github.com/trailofbits/skills/blob/main/plugins/dwarf-expert/skills/dwarf-expert/reference/dwarfdump.md This snippet provides an example of using the `pyelftools` Python library to parse and search DWARF files programmatically. This approach is recommended for highly complex search scenarios where command-line filtering becomes insufficient or produces inconsistent results, such as searching for DIE nodes with multiple exact attribute values. Ensure `pyelftools` is installed (`pip install pyelftools`). ```python # Example Python script using pyelftools for DWARF searching # This is a conceptual example and requires specific implementation details # based on the exact search criteria. from elftools.elf.elffile import ELFFile def search_dwarf_die(filepath, search_criteria): with open(filepath, 'rb') as f: elf = ELFFile(f) dwarf_info = elf.get_dwarf_info() if dwarf_info: # Iterate through DIEs and apply search criteria for cu in dwarf_info.iter_CUs(): for die in cu.iter_DIEs(): # Implement your complex search logic here # Example: Check for specific tags and attributes if die.get('DW_AT_name') == search_criteria.get('name') and \ die.get('DW_AT_type') == search_criteria.get('type'): print(f"Found matching DIE: {die.offset}") # Further processing or lookup can be done here else: print("No DWARF information found in the file.") # Example usage: # file_to_analyze = "your_elf_file" # criteria = {"name": "some_variable", "type": "some_type_offset"} # search_dwarf_die(file_to_analyze, criteria) ``` -------------------------------- ### Corpus Setup Commands (Placeholder) Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/testing-handbook-generator/templates/fuzzer-skill.md This section contains placeholder commands for setting up an initial input corpus for fuzzing. A good corpus is essential for effective fuzzing, providing diverse starting points for the fuzzer. ```bash {Commands for corpus setup} ``` -------------------------------- ### CodeQL CLI Command to Initialize a Query Pack Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/codeql/SKILL.md This bash command initializes a new CodeQL query pack. It takes the scope and name of the pack as arguments and creates a basic 'qlpack.yml' file with default settings. This is the first step in creating a new, organized collection of CodeQL queries. ```bash codeql pack init / ``` -------------------------------- ### Standard Harness Template Example (Placeholder) Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/testing-handbook-generator/templates/fuzzer-skill.md This code block represents a standard template for writing a fuzzing harness. It includes comments and structure to guide the developer on how to implement the harness correctly for a given fuzzer. ```placeholder {Standard harness template with comments} ``` -------------------------------- ### User Instructions for Unavailable Google Drive Source: https://github.com/trailofbits/skills/blob/main/plugins/fix-review/skills/fix-review/references/report-parsing.md Provides instructions for users when direct Google Drive access is not possible. It guides users to manually download files or install and configure the 'gdrive' tool for authentication. ```text Unable to access the Google Drive URL directly. Please: 1. Open the URL in your browser 2. Download the file: - For Google Docs: File → Download → Markdown (.md) - For PDFs: Click download button 3. Provide the local file path Alternatively, install and configure gdrive: brew install gdrive gdrive about # Follow auth prompts ``` -------------------------------- ### Strategy Design: Include Edge Cases Explicitly (Python) Source: https://github.com/trailofbits/skills/blob/main/plugins/property-based-testing/skills/property-based-testing/references/design.md Shows how to explicitly include edge cases in property tests using the `@example` decorator. This ensures that specific boundary conditions, such as empty lists or single-element lists, are tested. ```python from hypothesis import given, example, strategies as st @given(valid_lists()) @example([]) # Empty @example([1]) # Single element @example([1, 1, 1]) # Duplicates def test_with_edges(xs): ... ``` -------------------------------- ### Java Development Kit (JDK) Installation on macOS, Ubuntu/Debian, and Windows Source: https://github.com/trailofbits/skills/blob/main/plugins/constant-time-analysis/skills/constant-time-analysis/references/vm-compiled.md Provides installation commands for OpenJDK 21 on macOS using Homebrew, Ubuntu/Debian using apt, and Windows using winget. It also includes instructions for configuring the PATH environment variable on macOS and verifying the installation. ```bash # macOS (Homebrew) brew install openjdk@21 # Ubuntu/Debian sudo apt install openjdk-21-jdk # Windows (via winget) winget install Microsoft.OpenJDK.21 # PATH Configuration (macOS): # Add to ~/.zshrc or ~/.bashrc export PATH="/opt/homebrew/opt/openjdk@21/bin:$PATH" # Apple Silicon # or export PATH="/usr/local/opt/openjdk@21/bin:$PATH" # Intel Mac # Verification: javac --version # Should show: javac 21.x.x javap -version # Should show version info ``` -------------------------------- ### Create CodeQL Database (Bash) Source: https://github.com/trailofbits/skills/blob/main/plugins/static-analysis/skills/codeql/SKILL.md This command creates a CodeQL database for static analysis. It requires specifying the output database name, the programming language, and optionally a build command for compiled languages. The table provides language-specific arguments. ```bash codeql database create codeql.db --language= [--command=''] --source-root=. ``` -------------------------------- ### Atheris Python Fuzzer Harness (Python) Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/ossfuzz/SKILL.md An example Atheris harness for fuzzing Python code, specifically demonstrating the loading of CBOR data. It uses `atheris.instrument_func` to instrument the test function and `atheris.Fuzz()` to start the fuzzing process. ```python import atheris import sys import cbor2 @atheris.instrument_func def TestOneInput(data): fdp = atheris.FuzzedDataProvider(data) try: cbor2.loads(data) except (cbor2.CBORDecodeError, ValueError): pass def main(): atheris.Setup(sys.argv, TestOneInput) atheris.Fuzz() if __name__ == "__main__": main() ``` -------------------------------- ### Applicability Verdict Documentation Example (Text) Source: https://github.com/trailofbits/skills/blob/main/plugins/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/workflow.md Shows how to document the applicability verdict for a target language, including the target language, the verdict (APPLICABLE/NOT_APPLICABLE), reasoning, and equivalent constructs. ```text TARGET: golang VERDICT: APPLICABLE REASONING: SQL injection applies to Go. database/sql package provides Query/Exec functions that can be vulnerable to injection when string concatenation is used instead of parameterized queries. EQUIVALENT_CONSTRUCTS: - Source: request.args.get → r.URL.Query().Get(), r.FormValue() - Sink: cursor.execute → db.Query(), db.Exec() ``` -------------------------------- ### Bash: Download and Prepare libpng Source for Fuzzing Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/libafl/SKILL.md This bash script outlines the steps to download the libpng source code, extract it, and install necessary development dependencies (zlib). This is the initial setup phase for fuzzing libpng using LibAFL. ```bash curl -L -O https://downloads.sourceforge.net/project/libpng/libpng16/1.6.37/libpng-1.6.37.tar.xz tar xf libpng-1.6.37.tar.xz cd libpng-1.6.37/ apt install zlib1g-dev ``` -------------------------------- ### Solidity Code Block Example Source: https://github.com/trailofbits/skills/blob/main/plugins/differential-review/skills/differential-review/reporting.md Demonstrates the correct markdown syntax for including Solidity code blocks with syntax highlighting. This is used for presenting Solidity code snippets within documentation. ```markdown ```solidity // Solidity code ``` ``` -------------------------------- ### Create CodeQL Database for C/C++ Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/codeql/SKILL.md Creates a CodeQL database for C/C++ projects. It requires a build command to compile the code and generate the necessary analysis artifacts. ```bash codeql database create codeql.db --language=cpp --command='make -j8' ``` -------------------------------- ### Add Magic Values to Dictionary Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/coverage-analysis/SKILL.md This is a dictionary file format example used to help fuzzers discover paths guarded by magic value checks. By providing the magic value as a byte sequence, the fuzzer can be guided to generate inputs that match these specific byte patterns, thus increasing code coverage. ```text # magic.dict "\x7F\x45\x4C\x46" ``` -------------------------------- ### Bash: Start libpng Fuzzing with LibAFL Source: https://github.com/trailofbits/skills/blob/main/plugins/testing-handbook-skills/skills/libafl/SKILL.md This bash command initiates the fuzzing process for libpng using the compiled `fuzz` executable. It specifies the input seed directory (`seeds/`), enables multi-core fuzzing (`--cores 0`), and provides the optional PNG dictionary (`-x png.dict`) to guide the fuzzer. ```bash ./fuzz --input seeds/ --cores 0 -x png.dict ``` -------------------------------- ### Identify Entry Functions in Sui Move Source: https://github.com/trailofbits/skills/blob/main/plugins/entry-point-analyzer/skills/entry-point-analyzer/references/move.md Illustrates the syntax for entry functions and public functions in Sui Move, highlighting the `TxContext` parameter commonly used in Sui entry points. ```move // Entry functions in Sui public entry fun transfer(ctx: &mut TxContext) { } // Public functions public fun compute(): u64 { } ```