status-im
/
nim-testutils
mirror of https://github.com/status-im/nim-testutils.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #19 from status-im/fuzzing-enhancements 

[fuzz.nims] Add support for specifying corpus dir; Use afl++/clang by default
This commit is contained in:
andri lim 2020-05-20 10:26:12 +07:00 committed by GitHub
parent 4edb4c9ae4 e508aea59f
commit 6382fdf88a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 33 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
testutils/fuzzing/fuzz.nims
View File

@ -4,7 +4,7 @@ import ./fuzz_helpers
# or if we want to put this in a nim application instead of script
if paramCount() < 3:
echo "Usage: nim fuzz.nims FUZZER TARGET"
echo "Usage: nim fuzz.nims FUZZER TARGET [CORPUS_DIR]"
echo "Fuzzer options are afl or libFuzzer"
quit 1
@ -12,15 +12,22 @@ let
fuzzer = paramStr(2)
targetPath = paramStr(3)
let corpusDir = if paramCount() == 4: paramStr(4)
else: ""
if corpusDir != "" and not dirExists(corpusDir):
echo "Corpus dir does not exist"
quit 1
if not fileExists(targetPath):
echo "Target file does not exist"
quit 1
case fuzzer
of "afl":
runFuzzer(targetPath, afl)
runFuzzer(targetPath, afl, corpusDir)
of "libFuzzer":
runFuzzer(targetPath, libFuzzer)
runFuzzer(targetPath, libFuzzer, corpusDir)
else:
echo "Invalid fuzzer option: ", fuzzer

27
testutils/fuzzing/fuzz_helpers.nim
View File

@ -48,8 +48,10 @@ proc aflCompile*(target: string, c: Compiler) =
let compileCmd = &"nim c {defaultFlags} {aflOptions} {target.quoteShell()}"
exec compileCmd
proc aflExec*(target: string, inputDir: string, resultsDir: string,
cleanStart = false) =
proc aflExec*(target: string,
inputDir: string,
resultsDir: string,
cleanStart = false) =
let exe = target.addFileExt(ExeExt)
if not dirExists(inputDir):
# create a input dir with one 0 file for afl
@ -78,17 +80,24 @@ proc libFuzzerExec*(target: string, corpusDir: string) =
exec &"{exe.quoteShell()} {corpusDir.quoteShell()}"
proc runFuzzer*(targetPath: string, fuzzer: Fuzzer) =
proc runFuzzer*(targetPath: string, fuzzer: Fuzzer, corpusDir: string) =
let (path, target, ext) = splitFile(targetPath)
case fuzzer
of afl:
aflCompile(targetPath, gcc)
aflExec(path / target, path / "input", path / "results")
of libFuzzer:
libFuzzerCompile(targetPath)
# Note: Lets not mix afl input with libFuzzer corpus default. This can have
# consequences on speed for afl. Better to look into merging afl results &
# libFuzzer corpus.
libFuzzerExec(path / target, path / "corpus")
var corpusDir = if corpusDir.len > 0: corpusDir
else: path / "input"
aflCompile(targetPath, clang)
aflExec(path / target, corpusDir, path / "results")
of libFuzzer:
var corpusDir = if corpusDir.len > 0: corpusDir
else: path / "corpus"
libFuzzerCompile(targetPath)
libFuzzerExec(path / target, corpusDir)

7
testutils/fuzzing/readme.md
View File

@ -38,14 +38,17 @@ test:
## Supported Fuzzers
The two templates can prepare the code for both
[afl](http://lcamtuf.coredump.cx/afl/) and
[afl](http://lcamtuf.coredump.cx/afl/),
[afl++](https://github.com/AFLplusplus/AFLplusplus) and
[libFuzzer](http://llvm.org/docs/LibFuzzer.html).
You will need to install first the fuzzer you want to use.
### Install afl
```sh
# Ubuntu / Debian
sudo apt-get install afl
sudo apt-get install afl++
# Fedora
dnf install american-fuzzy-lop