• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/sh
2
3. ./test-pre.sh
4
5$ECHO "$BLUE[*] Testing: custom mutator"
6test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && {
7  # normalize path
8  CUSTOM_MUTATOR_PATH=$(cd $(pwd)/../custom_mutators/examples;pwd)
9  test -e test-custom-mutator.c -a -e ${CUSTOM_MUTATOR_PATH}/example.c -a -e ${CUSTOM_MUTATOR_PATH}/example.py && {
10    unset AFL_CC
11    # Compile the vulnerable program for single mutator
12    test -e ../afl-clang-fast && {
13      ../afl-clang-fast -o test-custom-mutator test-custom-mutator.c > /dev/null 2>&1
14    } || {
15      test -e ../afl-gcc-fast && {
16        ../afl-gcc-fast -o test-custom-mutator test-custom-mutator.c > /dev/null 2>&1
17      } || {
18        ../afl-gcc -o test-custom-mutator test-custom-mutator.c > /dev/null 2>&1
19      }
20    }
21    # Compile the vulnerable program for multiple mutators
22    test -e ../afl-clang-fast && {
23      ../afl-clang-fast -o test-multiple-mutators test-multiple-mutators.c > /dev/null 2>&1
24    } || {
25      test -e ../afl-gcc-fast && {
26        ../afl-gcc-fast -o test-multiple-mutators test-multiple-mutators.c > /dev/null 2>&1
27      } || {
28        ../afl-gcc -o test-multiple-mutators test-multiple-mutators.c > /dev/null 2>&1
29      }
30    }
31    # Compile the custom mutator
32    cc -D_FIXED_CHAR=0x41 -g -fPIC -shared -I../include ../custom_mutators/examples/simple_example.c -o libexamplemutator.so > /dev/null 2>&1
33    cc -D_FIXED_CHAR=0x42 -g -fPIC -shared -I../include ../custom_mutators/examples/simple_example.c -o libexamplemutator2.so > /dev/null 2>&1
34    test -e test-custom-mutator -a -e ./libexamplemutator.so && {
35      # Create input directory
36      mkdir -p in
37      echo "00000" > in/in
38
39      # Run afl-fuzz w/ the C mutator
40      $ECHO "$GREY[*] running afl-fuzz for the C mutator, this will take approx 10 seconds"
41      {
42        AFL_CUSTOM_MUTATOR_LIBRARY=./libexamplemutator.so AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-custom-mutator >>errors 2>&1
43      } >>errors 2>&1
44
45      # Check results
46      test -n "$( ls out/default/crashes/id:000000* 2>/dev/null )" && {  # TODO: update here
47        $ECHO "$GREEN[+] afl-fuzz is working correctly with the C mutator"
48      } || {
49        echo CUT------------------------------------------------------------------CUT
50        cat errors
51        echo CUT------------------------------------------------------------------CUT
52        $ECHO "$RED[!] afl-fuzz is not working correctly with the C mutator"
53        CODE=1
54      }
55
56      # Clean
57      rm -rf out errors core.*
58
59      # Run afl-fuzz w/ multiple C mutators
60      $ECHO "$GREY[*] running afl-fuzz with multiple custom C mutators, this will take approx 10 seconds"
61      {
62        AFL_CUSTOM_MUTATOR_LIBRARY="./libexamplemutator.so;./libexamplemutator2.so" AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-multiple-mutators >>errors 2>&1
63      } >>errors 2>&1
64
65      test -n "$( ls out/default/crashes/id:000000* 2>/dev/null )" && {  # TODO: update here
66        $ECHO "$GREEN[+] afl-fuzz is working correctly with multiple C mutators"
67      } || {
68        echo CUT------------------------------------------------------------------CUT
69        cat errors
70        echo CUT------------------------------------------------------------------CUT
71        $ECHO "$RED[!] afl-fuzz is not working correctly with multiple C mutators"
72        CODE=1
73      }
74
75      # Clean
76      rm -rf out errors core.*
77
78      # Run afl-fuzz w/ the Python mutator
79      $ECHO "$GREY[*] running afl-fuzz for the Python mutator, this will take approx 10 seconds"
80      {
81        export PYTHONPATH=${CUSTOM_MUTATOR_PATH}
82        export AFL_PYTHON_MODULE=example
83        AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-custom-mutator >>errors 2>&1
84        unset PYTHONPATH
85        unset AFL_PYTHON_MODULE
86      } >>errors 2>&1
87
88      # Check results
89      test -n "$( ls out/default/crashes/id:000000* 2>/dev/null )" && {  # TODO: update here
90        $ECHO "$GREEN[+] afl-fuzz is working correctly with the Python mutator"
91      } || {
92        echo CUT------------------------------------------------------------------CUT
93        cat errors
94        echo CUT------------------------------------------------------------------CUT
95        $ECHO "$RED[!] afl-fuzz is not working correctly with the Python mutator"
96        CODE=1
97      }
98
99      # Clean
100      rm -rf in out errors core.*
101      rm -rf ${CUSTOM_MUTATOR_PATH}/__pycache__/
102      rm -f test-multiple-mutators test-custom-mutator libexamplemutator.so libexamplemutator2.so
103    } || {
104      ls .
105      ls ${CUSTOM_MUTATOR_PATH}
106      $ECHO "$RED[!] cannot compile the test program or the custom mutator"
107      CODE=1
108    }
109
110    #test "$CODE" = 1 && { $ECHO "$YELLOW[!] custom mutator tests currently will not fail travis" ; CODE=0 ; }
111
112    make -C ../utils/custom_mutators clean > /dev/null 2>&1
113    rm -f test-custom-mutator
114    rm -f test-custom-mutators
115  } || {
116    $ECHO "$YELLOW[-] no custom mutators in $CUSTOM_MUTATOR_PATH, cannot test"
117    INCOMPLETE=1
118  }
119  unset CUSTOM_MUTATOR_PATH
120} || {
121  $ECHO "$YELLOW[-] no python support in afl-fuzz, cannot test"
122  INCOMPLETE=1
123}
124
125. ./test-post.sh
126