ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 19:08:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add a test case for the custom mutator

Browse Source 
- Update the Makefile in examples/custom_mutators
- Add a test program for testing the custom mutator
- Update test.sh for testing the custom mutator
- [TODO] Update the result checking criterias of the custom mutator in
test.sh
This commit is contained in:
h1994st
2020-03-27 02:03:20 -04:00
committed by Dominik Maier
parent c624831717
commit ff14dfc0fc
3 changed files with 127 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
examples/custom_mutators/Makefile
View File

@ -1,2 +1,7 @@
all: all: libexamplemutator.so
libexamplemutator.so:
$(CC) $(CFLAGS) -fPIC -shared -g -I ../../include example.c -o libexamplemutator.so $(CC) $(CFLAGS) -fPIC -shared -g -I ../../include example.c -o libexamplemutator.so
clean:
rm -rf libexamplemutator.so

20
test/test-custom-mutator.c Normal file
View File

@ -0,0 +1,20 @@
/**
* Reference: https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning/blob/master/4_libprotobuf_aflpp_custom_mutator/vuln.c
*/
#include <stdio.h>
#include <string.h>
#include <math.h>
#include <stdlib.h>
#include <unistd.h>
int main(int argc, char *argv[])
{
char str[100]={ };
read(0, str, 100);
int *ptr = NULL;
if( str[0] == 'P') {
*ptr = 123;
}
return 0;
}

78
test/test.sh
View File

@ -60,8 +60,8 @@ unset AFL_QEMU_PERSISTENT_GPR
unset AFL_QEMU_PERSISTENT_RET unset AFL_QEMU_PERSISTENT_RET
unset AFL_QEMU_PERSISTENT_HOOK unset AFL_QEMU_PERSISTENT_HOOK
unset AFL_QEMU_PERSISTENT_CNT unset AFL_QEMU_PERSISTENT_CNT
unset AFL_POST_LIBRARY
unset AFL_CUSTOM_MUTATOR_LIBRARY export unset AFL_CUSTOM_MUTATOR_LIBRARY=unset AFL_POST_LIBRARY
unset AFL_PYTHON_MODULE unset AFL_PYTHON_MODULE
unset AFL_PRELOAD unset AFL_PRELOAD
unset LD_PRELOAD unset LD_PRELOAD
@ -893,6 +893,80 @@ test -d ../unicorn_mode/unicornafl && {
INCOMPLETE=1 INCOMPLETE=1
} }
$ECHO "$BLUE[*] Testing: custom mutator"
unset AFL_CC # Line 474 sets AFL_CC to "gcc". We reset it to use the default compiler
CUSTOM_MUTATOR_PATH=../examples/custom_mutators
test -e test-custom-mutator.c -a -e ${CUSTOM_MUTATOR_PATH}/example.c -a -e ${CUSTOM_MUTATOR_PATH}/example.c && {
# Compile the vulnerable program
../afl-clang-fast -o test-custom-mutator test-custom-mutator.c
# Compile the custom mutator
make -C ../examples/custom_mutators libexamplemutator.so
test -e test-custom-mutator -a -e ${CUSTOM_MUTATOR_PATH}/libexamplemutator.so && {
# Create input directory
mkdir -p in
echo 00000 > in/in
# Run afl-fuzz w/ the C mutator
$ECHO "$GREY[*] running afl-fuzz for the C mutator, this will take approx 10 seconds"
{
export AFL_CUSTOM_MUTATOR_LIBRARY=${CUSTOM_MUTATOR_PATH}/libexamplemutator.so
../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-custom-mutator
unset AFL_CUSTOM_MUTATOR_LIBRARY
} >>errors 2>&1
# Check results
test -n "$( ls out/queue/id:000001* 2>/dev/null )" && { # TODO: update here
$ECHO "$GREEN[+] afl-fuzz is working correctly with the C mutator"
} || {
echo CUT------------------------------------------------------------------CUT
cat errors
echo CUT------------------------------------------------------------------CUT
$ECHO "$RED[!] afl-fuzz is not working correctly with the C mutator"
CODE=1
}
# Clean
rm -rf out errors
# Run afl-fuzz w/ the Python mutator
$ECHO "$GREY[*] running afl-fuzz for the Python mutator, this will take approx 10 seconds"
{
export PYTHONPATH=${CUSTOM_MUTATOR_PATH}
export AFL_PYTHON_MODULE=example
../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-custom-mutator
unset PYTHONPATH
unset AFL_PYTHON_MODULE
} >>errors 2>&1
# Check results
test -n "$( ls out/queue/id:000001* 2>/dev/null )" && { # TODO: update here
$ECHO "$GREEN[+] afl-fuzz is working correctly with the Python mutator"
} || {
echo CUT------------------------------------------------------------------CUT
cat errors
echo CUT------------------------------------------------------------------CUT
$ECHO "$RED[!] afl-fuzz is not working correctly with the Python mutator"
CODE=1
}
# Clean
rm -rf in out errors
rm -rf ${CUSTOM_MUTATOR_PATH}/__pycache__/
} || {
ls .
ls ${CUSTOM_MUTATOR_PATH}
$ECHO "$RED[!] cannot compile the test program or the custom mutator"
CODE=1
}
make -C ../examples/custom_mutators clean > /dev/null 2>&1
rm -f test-custom-mutator
} || {
$ECHO "$YELLOW[-] no custom mutators in $CUSTOM_MUTATOR_PATH, cannot test"
INCOMPLETE=1
}
unset CUSTOM_MUTATOR_PATH
$ECHO "$GREY[*] all test cases completed.$RESET" $ECHO "$GREY[*] all test cases completed.$RESET"
test "$INCOMPLETE" = "0" && $ECHO "$GREEN[+] all test cases executed" test "$INCOMPLETE" = "0" && $ECHO "$GREEN[+] all test cases executed"
test "$INCOMPLETE" = "1" && $ECHO "$YELLOW[-] not all test cases were executed" test "$INCOMPLETE" = "1" && $ECHO "$YELLOW[-] not all test cases were executed"