diff options
Diffstat (limited to 'test')
| -rwxr-xr-x | test/test-basic.sh | 6 | ||||
| -rwxr-xr-x | test/test-custom-mutators.sh | 12 | ||||
| -rw-r--r-- | test/test-dlopen.c | 23 | ||||
| -rwxr-xr-x | test/test-libextensions.sh | 10 | ||||
| -rwxr-xr-x | test/test-llvm.sh | 46 | ||||
| -rwxr-xr-x | test/test-qemu-mode.sh | 19 | ||||
| -rwxr-xr-x | test/test-unicorn-mode.sh | 2 | ||||
| -rw-r--r-- | test/travis/bionic/Dockerfile | 45 | ||||
| -rw-r--r-- | test/travis/focal/Dockerfile | 45 | ||||
| -rw-r--r-- | test/travis/trusty/Dockerfile | 49 | ||||
| -rw-r--r-- | test/travis/xenial/Dockerfile | 46 |
11 files changed, 88 insertions, 215 deletions
diff --git a/test/test-basic.sh b/test/test-basic.sh index 132610c0..b4bb9df2 100755 --- a/test/test-basic.sh +++ b/test/test-basic.sh @@ -7,7 +7,7 @@ AFL_GCC=afl-gcc $ECHO "$BLUE[*] Testing: ${AFL_GCC}, afl-showmap, afl-fuzz, afl-cmin and afl-tmin" test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "i386" && { test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { - ../${AFL_GCC} -o test-instr.plain ../test-instr.c > /dev/null 2>&1 + ../${AFL_GCC} -o test-instr.plain -O0 ../test-instr.c > /dev/null 2>&1 AFL_HARDEN=1 ../${AFL_GCC} -o test-compcov.harden test-compcov.c > /dev/null 2>&1 test -e test-instr.plain && { $ECHO "$GREEN[+] ${AFL_GCC} compilation succeeded" @@ -39,7 +39,7 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc $ECHO "$RED[!] ${AFL_GCC} failed" echo CUT------------------------------------------------------------------CUT uname -a - ../${AFL_GCC} -o test-instr.plain ../test-instr.c + ../${AFL_GCC} -o test-instr.plain -O0 ../test-instr.c echo CUT------------------------------------------------------------------CUT CODE=1 } @@ -128,7 +128,7 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc $ECHO "$BLUE[*] Testing: ${AFL_GCC}, afl-showmap, afl-fuzz, afl-cmin and afl-tmin" SKIP= test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { - ../${AFL_GCC} -o test-instr.plain ../test-instr.c > /dev/null 2>&1 + ../${AFL_GCC} -o test-instr.plain -O0 ../test-instr.c > /dev/null 2>&1 AFL_HARDEN=1 ../${AFL_GCC} -o test-compcov.harden test-compcov.c > /dev/null 2>&1 test -e test-instr.plain && { $ECHO "$GREEN[+] ${AFL_GCC} compilation succeeded" diff --git a/test/test-custom-mutators.sh b/test/test-custom-mutators.sh index 24c95ac7..bae4220f 100755 --- a/test/test-custom-mutators.sh +++ b/test/test-custom-mutators.sh @@ -37,9 +37,9 @@ test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && { echo "00000" > in/in # Run afl-fuzz w/ the C mutator - $ECHO "$GREY[*] running afl-fuzz for the C mutator, this will take approx 5 seconds" + $ECHO "$GREY[*] running afl-fuzz for the C mutator, this will take approx 10 seconds" { - AFL_CUSTOM_MUTATOR_LIBRARY=./libexamplemutator.so AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V1 -m ${MEM_LIMIT} -i in -o out -- ./test-custom-mutator >>errors 2>&1 + AFL_CUSTOM_MUTATOR_LIBRARY=./libexamplemutator.so AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-custom-mutator >>errors 2>&1 } >>errors 2>&1 # Check results @@ -57,9 +57,9 @@ test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && { rm -rf out errors core.* # Run afl-fuzz w/ multiple C mutators - $ECHO "$GREY[*] running afl-fuzz with multiple custom C mutators, this will take approx 5 seconds" + $ECHO "$GREY[*] running afl-fuzz with multiple custom C mutators, this will take approx 10 seconds" { - AFL_CUSTOM_MUTATOR_LIBRARY="./libexamplemutator.so;./libexamplemutator2.so" AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V1 -m ${MEM_LIMIT} -i in -o out -- ./test-multiple-mutators >>errors 2>&1 + AFL_CUSTOM_MUTATOR_LIBRARY="./libexamplemutator.so;./libexamplemutator2.so" AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-multiple-mutators >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/default/crashes/id:000000* 2>/dev/null )" && { # TODO: update here @@ -76,11 +76,11 @@ test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && { rm -rf out errors core.* # Run afl-fuzz w/ the Python mutator - $ECHO "$GREY[*] running afl-fuzz for the Python mutator, this will take approx 5 seconds" + $ECHO "$GREY[*] running afl-fuzz for the Python mutator, this will take approx 10 seconds" { export PYTHONPATH=${CUSTOM_MUTATOR_PATH} export AFL_PYTHON_MODULE=example - AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V5 -m ${MEM_LIMIT} -i in -o out -- ./test-custom-mutator >>errors 2>&1 + AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-custom-mutator >>errors 2>&1 unset PYTHONPATH unset AFL_PYTHON_MODULE } >>errors 2>&1 diff --git a/test/test-dlopen.c b/test/test-dlopen.c new file mode 100644 index 00000000..d08d9092 --- /dev/null +++ b/test/test-dlopen.c @@ -0,0 +1,23 @@ +#include <stdio.h> +#include <errno.h> +#include <dlfcn.h> +#include <stdlib.h> + +int main(int argc, char **argv) { + + if (!getenv("TEST_DLOPEN_TARGET")) return 1; + void *lib = dlopen(getenv("TEST_DLOPEN_TARGET"), RTLD_LAZY); + if (!lib) { + + perror(dlerror()); + return 2; + + } + + int (*func)(int, char **) = dlsym(lib, "main_exported"); + if (!func) return 3; + + return func(argc, argv); + +} + diff --git a/test/test-libextensions.sh b/test/test-libextensions.sh index 905a4cbc..40a898c8 100755 --- a/test/test-libextensions.sh +++ b/test/test-libextensions.sh @@ -38,14 +38,4 @@ test -e ../libdislocator.so && { } rm -f test-compcov -test -z "$AFL_CC" && { - if type gcc >/dev/null; then - export AFL_CC=gcc - else - if type clang >/dev/null; then - export AFL_CC=clang - fi - fi -} - . ./test-post.sh diff --git a/test/test-llvm.sh b/test/test-llvm.sh index 156b8920..3ef36b37 100755 --- a/test/test-llvm.sh +++ b/test/test-llvm.sh @@ -43,6 +43,48 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { $ECHO "$RED[!] llvm_mode failed" CODE=1 } + ../afl-clang-fast -DTEST_SHARED_OBJECT=1 -z defs -fPIC -shared -o test-instr.so ../test-instr.c > /dev/null 2>&1 + test -e test-instr.so && { + $ECHO "$GREEN[+] llvm_mode shared object with -z defs compilation succeeded" + ../afl-clang-fast -o test-dlopen.plain test-dlopen.c -ldl > /dev/null 2>&1 + test -e test-dlopen.plain && { + $ECHO "$GREEN[+] llvm_mode test-dlopen compilation succeeded" + echo 0 | TEST_DLOPEN_TARGET=./test-instr.so AFL_QUIET=1 ./test-dlopen.plain > /dev/null 2>&1 + if [ $? -ne 0 ]; then + $ECHO "$RED[!] llvm_mode test-dlopen exits with an error" + CODE=1 + fi + echo 0 | TEST_DLOPEN_TARGET=./test-instr.so AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o test-dlopen.plain.0 -r -- ./test-dlopen.plain > /dev/null 2>&1 + TEST_DLOPEN_TARGET=./test-instr.so AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o test-dlopen.plain.1 -r -- ./test-dlopen.plain < /dev/null > /dev/null 2>&1 + test -e test-dlopen.plain.0 -a -e test-dlopen.plain.1 && { + diff test-dlopen.plain.0 test-dlopen.plain.1 > /dev/null 2>&1 && { + $ECHO "$RED[!] llvm_mode test-dlopen instrumentation should be different on different input but is not" + CODE=1 + } || { + $ECHO "$GREEN[+] llvm_mode test-dlopen instrumentation present and working correctly" + TUPLES=`echo 0|TEST_DLOPEN_TARGET=./test-instr.so AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o /dev/null -- ./test-dlopen.plain 2>&1 | grep Captur | awk '{print$3}'` + test "$TUPLES" -gt 3 -a "$TUPLES" -lt 12 && { + $ECHO "$GREEN[+] llvm_mode test-dlopen run reported $TUPLES instrumented locations which is fine" + } || { + $ECHO "$RED[!] llvm_mode test-dlopen instrumentation produces weird numbers: $TUPLES" + CODE=1 + } + test "$TUPLES" -lt 3 && SKIP=1 + true + } + } || { + $ECHO "$RED[!] llvm_mode test-dlopen instrumentation failed" + CODE=1 + } + } || { + $ECHO "$RED[!] llvm_mode test-dlopen compilation failed" + CODE=1 + } + rm -f test-dlopen.plain test-dlopen.plain.0 test-dlopen.plain.1 test-instr.so + } || { + $ECHO "$RED[!] llvm_mode shared object with -z defs compilation failed" + CODE=1 + } test -e test-compcov.harden && test_compcov_binary_functionality ./test-compcov.harden && { grep -Eq$GREPAOPTION 'stack_chk_fail|fstack-protector-all|fortified' test-compcov.harden > /dev/null 2>&1 && { $ECHO "$GREEN[+] llvm_mode hardened mode succeeded and is working" @@ -162,9 +204,9 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { test -e test-floatingpoint && { mkdir -p in echo ZZZZ > in/in - $ECHO "$GREY[*] running afl-fuzz with floating point splitting, this will take max. 30 seconds" + $ECHO "$GREY[*] running afl-fuzz with floating point splitting, this will take max. 45 seconds" { - AFL_BENCH_UNTIL_CRASH=1 AFL_NO_UI=1 ../afl-fuzz -s 1 -V30 -m ${MEM_LIMIT} -i in -o out -D -- ./test-floatingpoint >>errors 2>&1 + AFL_BENCH_UNTIL_CRASH=1 AFL_NO_UI=1 ../afl-fuzz -Z -s 123 -V50 -m ${MEM_LIMIT} -i in -o out -D -- ./test-floatingpoint >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/default/crashes/id:* 2>/dev/null )" && { $ECHO "$GREEN[+] llvm_mode laf-intel floatingpoint splitting feature works correctly" diff --git a/test/test-qemu-mode.sh b/test/test-qemu-mode.sh index 73b39a43..85578d55 100755 --- a/test/test-qemu-mode.sh +++ b/test/test-qemu-mode.sh @@ -3,6 +3,16 @@ . ./test-pre.sh $ECHO "$BLUE[*] Testing: qemu_mode" +test -z "$AFL_CC" && { + if type gcc >/dev/null; then + export AFL_CC=gcc + else + if type clang >/dev/null; then + export AFL_CC=clang + fi + fi +} + test -e ../afl-qemu-trace && { cc -pie -fPIE -o test-instr ../test-instr.c cc -o test-compcov test-compcov.c @@ -29,14 +39,7 @@ test -e ../afl-qemu-trace && { $ECHO "$GREY[*] running afl-fuzz for qemu_mode AFL_ENTRYPOINT, this will take approx 6 seconds" { { - if file test-instr | grep -q "32-bit"; then - # for 32-bit reduce 8 nibbles to the lower 7 nibbles - ADDR_LOWER_PART=`nm test-instr | grep "T main" | awk '{print $1}' | sed 's/^.//'` - else - # for 64-bit reduce 16 nibbles to the lower 9 nibbles - ADDR_LOWER_PART=`nm test-instr | grep "T main" | awk '{print $1}' | sed 's/^.......//'` - fi - export AFL_ENTRYPOINT=`expr 0x4${ADDR_LOWER_PART}` + export AFL_ENTRYPOINT=`printf 1 | AFL_DEBUG=1 ../afl-qemu-trace ./test-instr 2>&1 >/dev/null | awk '/forkserver/{print $4; exit}'` $ECHO AFL_ENTRYPOINT=$AFL_ENTRYPOINT - $(nm test-instr | grep "T main") - $(file ./test-instr) ../afl-fuzz -m ${MEM_LIMIT} -V2 -Q -i in -o out -- ./test-instr unset AFL_ENTRYPOINT diff --git a/test/test-unicorn-mode.sh b/test/test-unicorn-mode.sh index b4c6eb3e..e197e226 100755 --- a/test/test-unicorn-mode.sh +++ b/test/test-unicorn-mode.sh @@ -14,7 +14,7 @@ test -d ../unicorn_mode/unicornafl -a -e ../unicorn_mode/unicornafl/samples/shel EASY_INSTALL_FOUND=0 for PYTHON in $PYTHONS ; do - if $PYTHON -c "help('easy_install');" </dev/null | grep -q module ; then + if $PYTHON -c "import setuptools" ; then EASY_INSTALL_FOUND=1 PY=$PYTHON diff --git a/test/travis/bionic/Dockerfile b/test/travis/bionic/Dockerfile deleted file mode 100644 index 00ab96f9..00000000 --- a/test/travis/bionic/Dockerfile +++ /dev/null @@ -1,45 +0,0 @@ -# This is the Dockerfile for testing problems in Travis build -# configuration #1. -# This needs not to be rebuild everytime, most of the time it needs just to -# be build once and then started when debugging issues and execute: -# cd /AFLplusplus/ -# git pull -# make distrib -# -FROM ubuntu:bionic -LABEL "about"="travis image 1" -RUN apt-get update && apt-get -y install \ - automake \ - bison \ - build-essential \ - clang \ - flex \ - git \ - python3.7 python3.7-dev \ - python3-setuptools \ - libtool libtool-bin \ - libglib2.0-dev \ - python-setuptools \ - wget \ - ca-certificates \ - libpixman-1-dev \ - gcc-7 gcc-7-plugin-dev libc++-7-dev \ - findutils \ - libcmocka-dev \ - joe nano vim locate \ - && rm -rf /var/lib/apt/lists/* - -ENV AFL_NO_UI=1 -ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 -ENV LLVM_CONFIG=llvm-config-6.0 - -RUN cd / && \ - git clone https://github.com/AFLplusplus/AFLplusplus && \ - cd AFLplusplus && \ - git checkout dev && \ - cd qemu_mode && wget http://download.qemu-project.org/qemu-3.1.1.tar.xz && \ - cd ../unicorn_mode && git submodule init && git submodule update || true && \ - cd /AFLplusplus && ASAN_BUILD=1 make source-only || true - -WORKDIR /AFLplusplus -CMD ["/bin/bash"] diff --git a/test/travis/focal/Dockerfile b/test/travis/focal/Dockerfile deleted file mode 100644 index 27d994f2..00000000 --- a/test/travis/focal/Dockerfile +++ /dev/null @@ -1,45 +0,0 @@ -# This is the Dockerfile for testing problems in Travis build -# configuration #1. -# This needs not to be rebuild everytime, most of the time it needs just to -# be build once and then started when debugging issues and execute: -# cd /AFLplusplus/ -# git pull -# make distrib -# -FROM ubuntu:focal -LABEL "about"="travis image 4" -ARG DEBIAN_FRONTEND=noninteractive -RUN apt-get update && apt-get -y install \ - automake \ - bison \ - build-essential \ - clang \ - flex \ - git \ - python3 python3-dev \ - python3-setuptools \ - libtool libtool-bin \ - libglib2.0-dev \ - python-setuptools \ - wget \ - ca-certificates \ - libpixman-1-dev \ - gcc-9 gcc-9-plugin-dev libc++-9-dev \ - findutils \ - libcmocka-dev \ - joe nano vim locate \ - && rm -rf /var/lib/apt/lists/* - -ENV AFL_NO_UI=1 -ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 - -RUN cd / && \ - git clone https://github.com/AFLplusplus/AFLplusplus && \ - cd AFLplusplus && \ - git checkout dev && \ - cd qemu_mode && wget http://download.qemu-project.org/qemu-3.1.1.tar.xz && \ - cd ../unicorn_mode && git submodule init && git submodule update || true && \ - cd /AFLplusplus && ASAN_BUILD=1 make source-only || true - -WORKDIR /AFLplusplus -CMD ["/bin/bash"] diff --git a/test/travis/trusty/Dockerfile b/test/travis/trusty/Dockerfile deleted file mode 100644 index 0a6f1804..00000000 --- a/test/travis/trusty/Dockerfile +++ /dev/null @@ -1,49 +0,0 @@ -# This is the Dockerfile for testing problems in Travis builds -# configuration #3. -# This needs not to be rebuild everytime, most of the time it needs just to -# be build once and then started when debugging issues and execute: -# cd /AFLplusplus/ -# git pull -# make distrib -# -FROM ubuntu:trusty -LABEL "about"="travis image 3" -RUN apt-get update && apt-get -y install \ - automake \ - bison \ - build-essential \ - clang \ - flex \ - git \ - python2.7 python2.7-dev \ - python3-setuptools \ - libtool \ - libglib2.0-dev \ - python-setuptools \ - wget \ - ca-certificates \ - libpixman-1-dev \ - gcc-4.8 gcc-4.8-plugin-dev \ - libc++-dev \ - findutils \ - libcmocka-dev \ - joe nano vim locate \ - && rm -rf /var/lib/apt/lists/* - -ENV TERM linux -ENV DEBIAN_FRONTEND noninteractive -ENV LLVM_CONFIG=llvm-config-3.4 -ENV AFL_NO_UI=1 -ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 - -RUN cd / && \ - git clone https://github.com/AFLplusplus/AFLplusplus && \ - cd AFLplusplus && \ - git checkout dev && \ - cd qemu_mode && wget http://download.qemu-project.org/qemu-3.1.1.tar.xz && \ - cd ../unicorn_mode && git submodule init && git submodule update || true && \ - cd /AFLplusplus && ASAN_BUILD=1 make source-only || true - -WORKDIR /AFLplusplus -CMD ["/bin/bash"] - diff --git a/test/travis/xenial/Dockerfile b/test/travis/xenial/Dockerfile deleted file mode 100644 index 6aa4b1d1..00000000 --- a/test/travis/xenial/Dockerfile +++ /dev/null @@ -1,46 +0,0 @@ -# This is the Dockerfile for testing problems in Travis builds -# configuration #2. -# This needs not to be rebuild everytime, most of the time it needs just to -# be build once and then started when debugging issues and execute: -# cd /AFLplusplus/ -# git pull -# make distrib -# -FROM ubuntu:xenial -LABEL "about"="travis image 2" -RUN apt-get update && apt-get -y install \ - automake \ - bison \ - build-essential \ - clang-6.0 \ - flex \ - git \ - python3 python3-dev \ - python3-setuptools \ - libtool libtool-bin \ - libglib2.0-dev \ - python-setuptools \ - wget \ - ca-certificates \ - libpixman-1-dev \ - gcc-5 gcc-5-plugin-dev \ - libc++-dev \ - findutils \ - libcmocka-dev \ - joe nano vim locate \ - && rm -rf /var/lib/apt/lists/* - -ENV LLVM_CONFIG=llvm-config-6.0 -ENV AFL_NO_UI=1 -ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 - -RUN cd / && \ - git clone https://github.com/AFLplusplus/AFLplusplus && \ - cd AFLplusplus && \ - git checkout dev && \ - cd qemu_mode && wget http://download.qemu-project.org/qemu-3.1.1.tar.xz && \ - cd ../unicorn_mode && git submodule init && git submodule update || true && \ - cd /AFLplusplus && ASAN_BUILD=1 make source-only || true - -WORKDIR /AFLplusplus -CMD ["/bin/bash"] |