1*08b48e0bSAndroid Build Coastguard Worker#!/bin/sh 2*08b48e0bSAndroid Build Coastguard Worker 3*08b48e0bSAndroid Build Coastguard Worker. ./test-pre.sh 4*08b48e0bSAndroid Build Coastguard Worker 5*08b48e0bSAndroid Build Coastguard Worker$ECHO "$BLUE[*] Testing: custom mutator" 6*08b48e0bSAndroid Build Coastguard Worker# normalize path 7*08b48e0bSAndroid Build Coastguard WorkerCUSTOM_MUTATOR_PATH=$(cd $(pwd)/../custom_mutators/examples;pwd) 8*08b48e0bSAndroid Build Coastguard Workertest -e test-custom-mutator.c -a -e ${CUSTOM_MUTATOR_PATH}/example.c -a -e ${CUSTOM_MUTATOR_PATH}/example.py && { 9*08b48e0bSAndroid Build Coastguard Worker unset AFL_CC 10*08b48e0bSAndroid Build Coastguard Worker # Compile the vulnerable program for single mutator 11*08b48e0bSAndroid Build Coastguard Worker test -e ../afl-clang-fast && { 12*08b48e0bSAndroid Build Coastguard Worker ../afl-clang-fast -o test-custom-mutator test-custom-mutator.c > /dev/null 2>&1 13*08b48e0bSAndroid Build Coastguard Worker } || { 14*08b48e0bSAndroid Build Coastguard Worker test -e ../afl-gcc-fast && { 15*08b48e0bSAndroid Build Coastguard Worker ../afl-gcc-fast -o test-custom-mutator test-custom-mutator.c > /dev/null 2>&1 16*08b48e0bSAndroid Build Coastguard Worker } || { 17*08b48e0bSAndroid Build Coastguard Worker ../afl-gcc -o test-custom-mutator test-custom-mutator.c > /dev/null 2>&1 18*08b48e0bSAndroid Build Coastguard Worker } 19*08b48e0bSAndroid Build Coastguard Worker } 20*08b48e0bSAndroid Build Coastguard Worker # Compile the vulnerable program for multiple mutators 21*08b48e0bSAndroid Build Coastguard Worker test -e ../afl-clang-fast && { 22*08b48e0bSAndroid Build Coastguard Worker ../afl-clang-fast -o test-multiple-mutators test-multiple-mutators.c > /dev/null 2>&1 23*08b48e0bSAndroid Build Coastguard Worker } || { 24*08b48e0bSAndroid Build Coastguard Worker test -e ../afl-gcc-fast && { 25*08b48e0bSAndroid Build Coastguard Worker ../afl-gcc-fast -o test-multiple-mutators test-multiple-mutators.c > /dev/null 2>&1 26*08b48e0bSAndroid Build Coastguard Worker } || { 27*08b48e0bSAndroid Build Coastguard Worker ../afl-gcc -o test-multiple-mutators test-multiple-mutators.c > /dev/null 2>&1 28*08b48e0bSAndroid Build Coastguard Worker } 29*08b48e0bSAndroid Build Coastguard Worker } 30*08b48e0bSAndroid Build Coastguard Worker # Compile the custom mutator 31*08b48e0bSAndroid Build Coastguard Worker cc -D_FIXED_CHAR=0x41 -g -fPIC -shared -I../include ../custom_mutators/examples/simple_example.c -o libexamplemutator.so > /dev/null 2>&1 32*08b48e0bSAndroid Build Coastguard Worker cc -D_FIXED_CHAR=0x42 -g -fPIC -shared -I../include ../custom_mutators/examples/simple_example.c -o libexamplemutator2.so > /dev/null 2>&1 33*08b48e0bSAndroid Build Coastguard Worker test -e test-custom-mutator -a -e ./libexamplemutator.so && { 34*08b48e0bSAndroid Build Coastguard Worker # Create input directory 35*08b48e0bSAndroid Build Coastguard Worker mkdir -p in 36*08b48e0bSAndroid Build Coastguard Worker echo "00000" > in/in 37*08b48e0bSAndroid Build Coastguard Worker 38*08b48e0bSAndroid Build Coastguard Worker # Run afl-fuzz w/ the C mutator 39*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREY[*] running afl-fuzz for the C mutator, this will take approx 10 seconds" 40*08b48e0bSAndroid Build Coastguard Worker { 41*08b48e0bSAndroid Build Coastguard Worker AFL_CUSTOM_MUTATOR_LIBRARY=./libexamplemutator.so AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V07 -m ${MEM_LIMIT} -i in -o out -d -- ./test-custom-mutator >>errors 2>&1 42*08b48e0bSAndroid Build Coastguard Worker } >>errors 2>&1 43*08b48e0bSAndroid Build Coastguard Worker 44*08b48e0bSAndroid Build Coastguard Worker # Check results 45*08b48e0bSAndroid Build Coastguard Worker test -n "$( ls out/default/crashes/id:000000* 2>/dev/null )" && { # TODO: update here 46*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] afl-fuzz is working correctly with the C mutator" 47*08b48e0bSAndroid Build Coastguard Worker } || { 48*08b48e0bSAndroid Build Coastguard Worker echo CUT------------------------------------------------------------------CUT 49*08b48e0bSAndroid Build Coastguard Worker cat errors 50*08b48e0bSAndroid Build Coastguard Worker echo CUT------------------------------------------------------------------CUT 51*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] afl-fuzz is not working correctly with the C mutator" 52*08b48e0bSAndroid Build Coastguard Worker CODE=1 53*08b48e0bSAndroid Build Coastguard Worker } 54*08b48e0bSAndroid Build Coastguard Worker 55*08b48e0bSAndroid Build Coastguard Worker # Clean 56*08b48e0bSAndroid Build Coastguard Worker rm -rf out errors core.* 57*08b48e0bSAndroid Build Coastguard Worker 58*08b48e0bSAndroid Build Coastguard Worker # Run afl-fuzz w/ multiple C mutators 59*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREY[*] running afl-fuzz with multiple custom C mutators, this will take approx 10 seconds" 60*08b48e0bSAndroid Build Coastguard Worker { 61*08b48e0bSAndroid Build Coastguard Worker AFL_CUSTOM_MUTATOR_LIBRARY="./libexamplemutator.so;./libexamplemutator2.so" AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V07 -m ${MEM_LIMIT} -i in -o out -d -- ./test-multiple-mutators >>errors 2>&1 62*08b48e0bSAndroid Build Coastguard Worker } >>errors 2>&1 63*08b48e0bSAndroid Build Coastguard Worker 64*08b48e0bSAndroid Build Coastguard Worker test -n "$( ls out/default/crashes/id:000000* 2>/dev/null )" && { # TODO: update here 65*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] afl-fuzz is working correctly with multiple C mutators" 66*08b48e0bSAndroid Build Coastguard Worker } || { 67*08b48e0bSAndroid Build Coastguard Worker echo CUT------------------------------------------------------------------CUT 68*08b48e0bSAndroid Build Coastguard Worker cat errors 69*08b48e0bSAndroid Build Coastguard Worker echo CUT------------------------------------------------------------------CUT 70*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] afl-fuzz is not working correctly with multiple C mutators" 71*08b48e0bSAndroid Build Coastguard Worker CODE=1 72*08b48e0bSAndroid Build Coastguard Worker } 73*08b48e0bSAndroid Build Coastguard Worker 74*08b48e0bSAndroid Build Coastguard Worker # Clean 75*08b48e0bSAndroid Build Coastguard Worker rm -rf out errors core.* 76*08b48e0bSAndroid Build Coastguard Worker } || { 77*08b48e0bSAndroid Build Coastguard Worker ls . 78*08b48e0bSAndroid Build Coastguard Worker ls ${CUSTOM_MUTATOR_PATH} 79*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] cannot compile the test program or the custom mutator" 80*08b48e0bSAndroid Build Coastguard Worker CODE=1 81*08b48e0bSAndroid Build Coastguard Worker } 82*08b48e0bSAndroid Build Coastguard Worker} 83*08b48e0bSAndroid Build Coastguard Worker 84*08b48e0bSAndroid Build Coastguard Workertest "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && { 85*08b48e0bSAndroid Build Coastguard Worker test -e test-custom-mutator && { 86*08b48e0bSAndroid Build Coastguard Worker # Run afl-fuzz w/ the Python mutator 87*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREY[*] running afl-fuzz for the Python mutator, this will take approx 10 seconds" 88*08b48e0bSAndroid Build Coastguard Worker { 89*08b48e0bSAndroid Build Coastguard Worker export PYTHONPATH=${CUSTOM_MUTATOR_PATH} 90*08b48e0bSAndroid Build Coastguard Worker export AFL_PYTHON_MODULE=example 91*08b48e0bSAndroid Build Coastguard Worker AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V07 -m ${MEM_LIMIT} -i in -o out -- ./test-custom-mutator >>errors 2>&1 92*08b48e0bSAndroid Build Coastguard Worker unset PYTHONPATH 93*08b48e0bSAndroid Build Coastguard Worker unset AFL_PYTHON_MODULE 94*08b48e0bSAndroid Build Coastguard Worker } >>errors 2>&1 95*08b48e0bSAndroid Build Coastguard Worker 96*08b48e0bSAndroid Build Coastguard Worker # Check results 97*08b48e0bSAndroid Build Coastguard Worker test -n "$( ls out/default/crashes/id:000000* 2>/dev/null )" && { # TODO: update here 98*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] afl-fuzz is working correctly with the Python mutator" 99*08b48e0bSAndroid Build Coastguard Worker } || { 100*08b48e0bSAndroid Build Coastguard Worker echo CUT------------------------------------------------------------------CUT 101*08b48e0bSAndroid Build Coastguard Worker cat errors 102*08b48e0bSAndroid Build Coastguard Worker echo CUT------------------------------------------------------------------CUT 103*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] afl-fuzz is not working correctly with the Python mutator" 104*08b48e0bSAndroid Build Coastguard Worker CODE=1 105*08b48e0bSAndroid Build Coastguard Worker } 106*08b48e0bSAndroid Build Coastguard Worker 107*08b48e0bSAndroid Build Coastguard Worker # Clean 108*08b48e0bSAndroid Build Coastguard Worker rm -rf in out errors core.* 109*08b48e0bSAndroid Build Coastguard Worker rm -rf ${CUSTOM_MUTATOR_PATH}/__pycache__/ 110*08b48e0bSAndroid Build Coastguard Worker rm -f test-multiple-mutators test-custom-mutator libexamplemutator.so libexamplemutator2.so 111*08b48e0bSAndroid Build Coastguard Worker } || { 112*08b48e0bSAndroid Build Coastguard Worker ls . 113*08b48e0bSAndroid Build Coastguard Worker ls ${CUSTOM_MUTATOR_PATH} 114*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] cannot compile the test program or the custom mutator" 115*08b48e0bSAndroid Build Coastguard Worker CODE=1 116*08b48e0bSAndroid Build Coastguard Worker } 117*08b48e0bSAndroid Build Coastguard Worker} || { 118*08b48e0bSAndroid Build Coastguard Worker $ECHO "$YELLOW[-] no python support in afl-fuzz, cannot test" 119*08b48e0bSAndroid Build Coastguard Worker INCOMPLETE=1 120*08b48e0bSAndroid Build Coastguard Worker} 121*08b48e0bSAndroid Build Coastguard Worker 122*08b48e0bSAndroid Build Coastguard Workermake -C ../utils/custom_mutators clean > /dev/null 2>&1 123*08b48e0bSAndroid Build Coastguard Workerrm -f test-custom-mutator test-custom-mutators 124*08b48e0bSAndroid Build Coastguard Worker 125*08b48e0bSAndroid Build Coastguard Worker. ./test-post.sh 126