streamlined grammar mutator submodule

2025-06-07 15:51:32 +00:00 · 2020-12-08 10:09:35 +01:00 · 2020-12-08 10:09:35 +01:00 · eda068751e
commit eda068751e
parent 5d6b1129f0
8 changed files with 201 additions and 3 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -2,7 +2,7 @@
 	path = unicorn_mode/unicornafl
 	url = https://github.com/AFLplusplus/unicornafl
 [submodule "custom_mutators/grammar_mutator"]
-	path = custom_mutators/grammar_mutator
+	path = custom_mutators/grammar_mutator/grammar_mutator
 	url = https://github.com/AFLplusplus/Grammar-Mutator
 [submodule "qemu_mode/qemuafl"]
 	path = qemu_mode/qemuafl
--- a/custom_mutators/grammar_mutator/GRAMMAR_VERSION
+++ b/custom_mutators/grammar_mutator/GRAMMAR_VERSION
@ -0,0 +1 @@
+b3c4fcf
--- a/custom_mutators/grammar_mutator/README.md
+++ b/custom_mutators/grammar_mutator/README.md
@ -0,0 +1,6 @@
+# Grammar-Mutator
+
+This is just a stub directory that will clone the real grammar mutator
+directory.
+
+Execute `./build_grammar_mutator.sh` to set everything up.
--- a/custom_mutators/grammar_mutator/build_grammar_mutator.sh
+++ b/custom_mutators/grammar_mutator/build_grammar_mutator.sh
@ -0,0 +1,141 @@
+#!/bin/sh
+#
+# american fuzzy lop++ - unicorn mode build script
+# ------------------------------------------------
+#
+# Originally written by Nathan Voss <njvoss99@gmail.com>
+#
+# Adapted from code by Andrew Griffiths <agriffiths@google.com> and
+#                      Michal Zalewski
+#
+# Adapted for AFLplusplus by Dominik Maier <mail@dmnk.co>
+#
+# CompareCoverage and NeverZero counters by Andrea Fioraldi
+#                                <andreafioraldi@gmail.com>
+#
+# Copyright 2017 Battelle Memorial Institute. All rights reserved.
+# Copyright 2019-2020 AFLplusplus Project. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# This script downloads, patches, and builds a version of Unicorn with
+# minor tweaks to allow Unicorn-emulated binaries to be run under
+# afl-fuzz.
+#
+# The modifications reside in patches/*. The standalone Unicorn library
+# will be written to /usr/lib/libunicornafl.so, and the Python bindings
+# will be installed system-wide.
+#
+# You must make sure that Unicorn Engine is not already installed before
+# running this script. If it is, please uninstall it first.
+
+GRAMMAR_VERSION="$(cat ./GRAMMAR_VERSION)"
+GRAMMAR_REPO="https://github.com/AFLplusplus/grammar-mutator"
+
+echo "================================================="
+echo "Grammar Mutator build script"
+echo "================================================="
+echo
+
+echo "[*] Performing basic sanity checks..."
+
+PLT=`uname -s`
+
+if [ ! -f "../../config.h" ]; then
+
+  echo "[-] Error: key files not found - wrong working directory?"
+  exit 1
+
+fi
+
+PYTHONBIN=`command -v python3 || command -v python || command -v python2 || echo python3`
+MAKECMD=make
+TARCMD=tar
+
+if [ "$PLT" = "Darwin" ]; then
+  CORES=`sysctl -n hw.ncpu`
+  TARCMD=tar
+fi
+
+if [ "$PLT" = "FreeBSD" ]; then
+  MAKECMD=gmake
+  CORES=`sysctl -n hw.ncpu`
+  TARCMD=gtar
+fi
+
+if [ "$PLT" = "NetBSD" ] || [ "$PLT" = "OpenBSD" ]; then
+  MAKECMD=gmake
+  CORES=`sysctl -n hw.ncpu`
+  TARCMD=gtar
+fi
+
+PREREQ_NOTFOUND=
+for i in git $MAKECMD $TARCMD; do
+
+  T=`command -v "$i" 2>/dev/null`
+
+  if [ "$T" = "" ]; then
+
+    echo "[-] Error: '$i' not found. Run 'sudo apt-get install $i' or similar."
+    PREREQ_NOTFOUND=1
+
+  fi
+
+done
+
+if echo "$CC" | grep -qF /afl-; then
+
+  echo "[-] Error: do not use afl-gcc or afl-clang to compile this tool."
+  PREREQ_NOTFOUND=1
+
+fi
+
+if [ "$PREREQ_NOTFOUND" = "1" ]; then
+  exit 1
+fi
+
+echo "[+] All checks passed!"
+
+echo "[*] Making sure grammar mutator is checked out"
+
+git status 1>/dev/null 2>/dev/null
+if [ $? -eq 0 ]; then
+  echo "[*] initializing grammar mutator submodule"
+  git submodule init || exit 1
+  git submodule update ./grammar_mutator 2>/dev/null # ignore errors
+else
+  echo "[*] cloning grammar mutator"
+  test -d grammar_mutator || {
+    CNT=1
+    while [ '!' -d grammar_mutator -a "$CNT" -lt 4 ]; do
+      echo "Trying to clone grammar_mutator (attempt $CNT/3)"
+      git clone --depth=1 "$GRAMMAR_REPO" 
+      CNT=`expr "$CNT" + 1`
+    done
+  }
+fi
+
+test -d grammar_mutator || { echo "[-] not checked out, please install git or check your internet connection." ; exit 1 ; }
+echo "[+] Got grammar mutator."
+
+cd "grammar_mutator" || exit 1
+echo "[*] Checking out $GRAMMAR_VERSION"
+sh -c 'git stash && git stash drop' 1>/dev/null 2>/dev/null
+git checkout "$GRAMMAR_VERSION" || exit 1
+cd ..
+
+echo "[*] Downloading antlr..."
+wget -c https://www.antlr.org/download/antlr-4.8-complete.jar
+
+echo
+echo
+echo "[+] All successfully prepared!"
+echo "[!] To build for your grammar just do:"
+echo "    `cd grammar_mutator`"
+echo "    `make GRAMMAR_FILE=/path/to/your/grammar`"
+echo "[+] You will find a JSON and RUBY grammar in grammar_mutator/grammars to play with."
+echo
--- a/custom_mutators/grammar_mutator/grammar_mutator
+++ b/custom_mutators/grammar_mutator/grammar_mutator
--- a/custom_mutators/grammar_mutator/update_grammar_ref.sh
+++ b/custom_mutators/grammar_mutator/update_grammar_ref.sh
@ -0,0 +1,50 @@
+#/bin/sh
+
+##################################################
+# AFL++ tool to update a git ref.
+# Usage: ./<script>.sh <new commit hash>
+# If no commit hash was provided, it'll take HEAD.
+##################################################
+
+TOOL="grammar mutator"
+VERSION_FILE='./GRAMMAR_VERSION'
+REPO_FOLDER='./grammar_mutator'
+THIS_SCRIPT=`basename $0`
+BRANCH="stable"
+
+NEW_VERSION="$1"
+
+if [ "$NEW_VERSION" = "-h" ]; then
+  echo "Internal script to update bound $TOOL version."
+  echo
+  echo "Usage: $THIS_SCRIPT <new commit hash>"
+  echo "If no commit hash is provided, will use HEAD."
+  echo "-h to show this help screen."
+  exit 1
+fi
+
+git submodule init && git submodule update ./grammar_mutator || exit 1
+cd "$REPO_FOLDER" || exit 1
+git fetch origin $BRANCH 1>/dev/null || exit 1
+git stash 1>/dev/null 2>/dev/null
+git stash drop 1>/dev/null 2>/dev/null
+git checkout $BRANCH
+
+if [ -z "$NEW_VERSION" ]; then
+  # No version provided, take HEAD.
+  NEW_VERSION=$(git rev-parse --short HEAD)
+fi
+
+if [ -z "$NEW_VERSION" ]; then
+  echo "Error getting version."
+  exit 1
+fi
+
+git checkout "$NEW_VERSION" || exit 1
+
+cd ..
+
+rm "$VERSION_FILE"
+echo "$NEW_VERSION" > "$VERSION_FILE"
+
+echo "Done. New $TOOL version is $NEW_VERSION."
--- a/qemu_mode/build_qemu_support.sh
+++ b/qemu_mode/build_qemu_support.sh
@ -114,7 +114,7 @@ git status 1>/dev/null 2>/dev/null
 if [ $? -eq 0 ]; then
  echo "[*] initializing qemuafl submodule"
  git submodule init || exit 1
-  git submodule update 2>/dev/null # ignore errors
+  git submodule update ./qemuafl 2>/dev/null # ignore errors
 else
  echo "[*] cloning qemuafl"
  test -d qemuafl || {
--- a/unicorn_mode/build_unicorn_support.sh
+++ b/unicorn_mode/build_unicorn_support.sh
@ -156,7 +156,7 @@ else
    CNT=1
    while [ '!' -d unicornafl -a "$CNT" -lt 4 ]; do
      echo "Trying to clone unicornafl (attempt $CNT/3)"
-      git clone https://github.com/AFLplusplus/unicornafl
+      git clone --depth=1 https://github.com/AFLplusplus/unicornafl
      CNT=`expr "$CNT" + 1`
    done
  }