aboutsummaryrefslogtreecommitdiff
path: root/utils/custom_mutators
diff options
context:
space:
mode:
Diffstat (limited to 'utils/custom_mutators')
-rw-r--r--utils/custom_mutators/XmlMutatorMin.py110
-rw-r--r--utils/custom_mutators/common.py12
-rw-r--r--utils/custom_mutators/example.py13
-rw-r--r--utils/custom_mutators/simple-chunk-replace.py16
-rw-r--r--utils/custom_mutators/wrapper_afl_min.py13
5 files changed, 94 insertions, 70 deletions
diff --git a/utils/custom_mutators/XmlMutatorMin.py b/utils/custom_mutators/XmlMutatorMin.py
index 4c80a2ba..3e6cd0ff 100644
--- a/utils/custom_mutators/XmlMutatorMin.py
+++ b/utils/custom_mutators/XmlMutatorMin.py
@@ -12,12 +12,13 @@ import random, re, io
# The XmlMutatorMin class #
###########################
+
class XmlMutatorMin:
"""
- Optionals parameters:
- seed Seed used by the PRNG (default: "RANDOM")
- verbose Verbosity (default: False)
+ Optionals parameters:
+ seed Seed used by the PRNG (default: "RANDOM")
+ verbose Verbosity (default: False)
"""
def __init__(self, seed="RANDOM", verbose=False):
@@ -41,7 +42,12 @@ class XmlMutatorMin:
self.tree = None
# High-level mutators (no database needed)
- hl_mutators_delete = ["del_node_and_children", "del_node_but_children", "del_attribute", "del_content"] # Delete items
+ hl_mutators_delete = [
+ "del_node_and_children",
+ "del_node_but_children",
+ "del_attribute",
+ "del_content",
+ ] # Delete items
hl_mutators_fuzz = ["fuzz_attribute"] # Randomly change attribute values
# Exposed mutators
@@ -74,7 +80,9 @@ class XmlMutatorMin:
""" Serialize a XML document. Basic wrapper around lxml.tostring() """
- return ET.tostring(tree, with_tail=False, xml_declaration=True, encoding=tree.docinfo.encoding)
+ return ET.tostring(
+ tree, with_tail=False, xml_declaration=True, encoding=tree.docinfo.encoding
+ )
def __ver(self, version):
@@ -161,7 +169,7 @@ class XmlMutatorMin:
# Randomly pick one the function calls
(func, args) = random.choice(l)
# Split by "," and randomly pick one of the arguments
- value = random.choice(args.split(','))
+ value = random.choice(args.split(","))
# Remove superfluous characters
unclean_value = value
value = value.strip(" ").strip("'")
@@ -170,49 +178,49 @@ class XmlMutatorMin:
value = attrib_value
# For each type, define some possible replacement values
- choices_number = ( \
- "0", \
- "11111", \
- "-128", \
- "2", \
- "-1", \
- "1/3", \
- "42/0", \
- "1094861636 idiv 1.0", \
- "-1123329771506872 idiv 3.8", \
- "17=$numericRTF", \
- str(3 + random.randrange(0, 100)), \
- )
-
- choices_letter = ( \
- "P" * (25 * random.randrange(1, 100)), \
- "%s%s%s%s%s%s", \
- "foobar", \
- )
-
- choices_alnum = ( \
- "Abc123", \
- "020F0302020204030204", \
- "020F0302020204030204" * (random.randrange(5, 20)), \
- )
+ choices_number = (
+ "0",
+ "11111",
+ "-128",
+ "2",
+ "-1",
+ "1/3",
+ "42/0",
+ "1094861636 idiv 1.0",
+ "-1123329771506872 idiv 3.8",
+ "17=$numericRTF",
+ str(3 + random.randrange(0, 100)),
+ )
+
+ choices_letter = (
+ "P" * (25 * random.randrange(1, 100)),
+ "%s%s%s%s%s%s",
+ "foobar",
+ )
+
+ choices_alnum = (
+ "Abc123",
+ "020F0302020204030204",
+ "020F0302020204030204" * (random.randrange(5, 20)),
+ )
# Fuzz the value
- if random.choice((True,False)) and value == "":
+ if random.choice((True, False)) and value == "":
# Empty
new_value = value
- elif random.choice((True,False)) and value.isdigit():
+ elif random.choice((True, False)) and value.isdigit():
# Numbers
new_value = random.choice(choices_number)
- elif random.choice((True,False)) and value.isalpha():
+ elif random.choice((True, False)) and value.isalpha():
# Letters
new_value = random.choice(choices_letter)
- elif random.choice((True,False)) and value.isalnum():
+ elif random.choice((True, False)) and value.isalnum():
# Alphanumeric
new_value = random.choice(choices_alnum)
@@ -232,22 +240,25 @@ class XmlMutatorMin:
# Log something
if self.verbose:
- print("Fuzzing attribute #%i '%s' of tag #%i '%s'" % (rand_attrib_id, rand_attrib, rand_elem_id, rand_elem.tag))
+ print(
+ "Fuzzing attribute #%i '%s' of tag #%i '%s'"
+ % (rand_attrib_id, rand_attrib, rand_elem_id, rand_elem.tag)
+ )
# Modify the attribute
rand_elem.set(rand_attrib, new_value.decode("utf-8"))
def __del_node_and_children(self):
- """ High-level minimizing mutator
- Delete a random node and its children (i.e. delete a random tree) """
+ """High-level minimizing mutator
+ Delete a random node and its children (i.e. delete a random tree)"""
self.__del_node(True)
def __del_node_but_children(self):
- """ High-level minimizing mutator
- Delete a random node but its children (i.e. link them to the parent of the deleted node) """
+ """High-level minimizing mutator
+ Delete a random node but its children (i.e. link them to the parent of the deleted node)"""
self.__del_node(False)
@@ -270,7 +281,10 @@ class XmlMutatorMin:
# Log something
if self.verbose:
but_or_and = "and" if delete_children else "but"
- print("Deleting tag #%i '%s' %s its children" % (rand_elem_id, rand_elem.tag, but_or_and))
+ print(
+ "Deleting tag #%i '%s' %s its children"
+ % (rand_elem_id, rand_elem.tag, but_or_and)
+ )
if delete_children is False:
# Link children of the random (soon to be deleted) node to its parent
@@ -282,8 +296,8 @@ class XmlMutatorMin:
def __del_content(self):
- """ High-level minimizing mutator
- Delete the attributes and children of a random node """
+ """High-level minimizing mutator
+ Delete the attributes and children of a random node"""
# Select a node to modify
(rand_elem_id, rand_elem) = self.__pick_element()
@@ -297,8 +311,8 @@ class XmlMutatorMin:
def __del_attribute(self):
- """ High-level minimizing mutator
- Delete a random attribute from a random node """
+ """High-level minimizing mutator
+ Delete a random attribute from a random node"""
# Select a node to modify
(rand_elem_id, rand_elem) = self.__pick_element()
@@ -318,7 +332,10 @@ class XmlMutatorMin:
# Log something
if self.verbose:
- print("Deleting attribute #%i '%s' of tag #%i '%s'" % (rand_attrib_id, rand_attrib, rand_elem_id, rand_elem.tag))
+ print(
+ "Deleting attribute #%i '%s' of tag #%i '%s'"
+ % (rand_attrib_id, rand_attrib, rand_elem_id, rand_elem.tag)
+ )
# Delete the attribute
rand_elem.attrib.pop(rand_attrib)
@@ -329,4 +346,3 @@ class XmlMutatorMin:
# High-level mutation
self.__exec_among(self, self.hl_mutators_all, min, max)
-
diff --git a/utils/custom_mutators/common.py b/utils/custom_mutators/common.py
index 9a1ef0a3..44a5056a 100644
--- a/utils/custom_mutators/common.py
+++ b/utils/custom_mutators/common.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python
# encoding: utf-8
-'''
+"""
Module containing functions shared between multiple AFL modules
@author: Christian Holler (:decoder)
@@ -12,7 +12,7 @@ License, v. 2.0. If a copy of the MPL was not distributed with this
file, You can obtain one at http://mozilla.org/MPL/2.0/.
@contact: choller@mozilla.com
-'''
+"""
from __future__ import print_function
import random
@@ -23,18 +23,18 @@ import re
def randel(l):
if not l:
return None
- return l[random.randint(0, len(l)-1)]
+ return l[random.randint(0, len(l) - 1)]
def randel_pop(l):
if not l:
return None
- return l.pop(random.randint(0, len(l)-1))
+ return l.pop(random.randint(0, len(l) - 1))
def write_exc_example(data, exc):
- exc_name = re.sub(r'[^a-zA-Z0-9]', '_', repr(exc))
+ exc_name = re.sub(r"[^a-zA-Z0-9]", "_", repr(exc))
if not os.path.exists(exc_name):
- with open(exc_name, 'w') as f:
+ with open(exc_name, "w") as f:
f.write(data)
diff --git a/utils/custom_mutators/example.py b/utils/custom_mutators/example.py
index cf659e5a..3a6d22e4 100644
--- a/utils/custom_mutators/example.py
+++ b/utils/custom_mutators/example.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python
# encoding: utf-8
-'''
+"""
Example Python Module for AFLFuzz
@author: Christian Holler (:decoder)
@@ -12,7 +12,7 @@ License, v. 2.0. If a copy of the MPL was not distributed with this
file, You can obtain one at http://mozilla.org/MPL/2.0/.
@contact: choller@mozilla.com
-'''
+"""
import random
@@ -26,12 +26,12 @@ COMMANDS = [
def init(seed):
- '''
+ """
Called once when AFLFuzz starts up. Used to seed our RNG.
@type seed: int
@param seed: A 32-bit random value
- '''
+ """
random.seed(seed)
@@ -40,7 +40,7 @@ def deinit():
def fuzz(buf, add_buf, max_size):
- '''
+ """
Called per fuzzing iteration.
@type buf: bytearray
@@ -55,13 +55,14 @@ def fuzz(buf, add_buf, max_size):
@rtype: bytearray
@return: A new bytearray containing the mutated data
- '''
+ """
ret = bytearray(100)
ret[:3] = random.choice(COMMANDS)
return ret
+
# Uncomment and implement the following methods if you want to use a custom
# trimming algorithm. See also the documentation for a better API description.
diff --git a/utils/custom_mutators/simple-chunk-replace.py b/utils/custom_mutators/simple-chunk-replace.py
index df2f4ca7..c57218dd 100644
--- a/utils/custom_mutators/simple-chunk-replace.py
+++ b/utils/custom_mutators/simple-chunk-replace.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python
# encoding: utf-8
-'''
+"""
Simple Chunk Cross-Over Replacement Module for AFLFuzz
@author: Christian Holler (:decoder)
@@ -12,24 +12,24 @@ License, v. 2.0. If a copy of the MPL was not distributed with this
file, You can obtain one at http://mozilla.org/MPL/2.0/.
@contact: choller@mozilla.com
-'''
+"""
import random
def init(seed):
- '''
+ """
Called once when AFLFuzz starts up. Used to seed our RNG.
@type seed: int
@param seed: A 32-bit random value
- '''
+ """
# Seed our RNG
random.seed(seed)
def fuzz(buf, add_buf, max_size):
- '''
+ """
Called per fuzzing iteration.
@type buf: bytearray
@@ -44,7 +44,7 @@ def fuzz(buf, add_buf, max_size):
@rtype: bytearray
@return: A new bytearray containing the mutated data
- '''
+ """
# Make a copy of our input buffer for returning
ret = bytearray(buf)
@@ -58,7 +58,9 @@ def fuzz(buf, add_buf, max_size):
rand_dst_idx = random.randint(0, len(buf))
# Make the chunk replacement
- ret[rand_dst_idx:rand_dst_idx + fragment_len] = add_buf[rand_src_idx:rand_src_idx + fragment_len]
+ ret[rand_dst_idx : rand_dst_idx + fragment_len] = add_buf[
+ rand_src_idx : rand_src_idx + fragment_len
+ ]
# Return data
return ret
diff --git a/utils/custom_mutators/wrapper_afl_min.py b/utils/custom_mutators/wrapper_afl_min.py
index ecb03b55..5cd60031 100644
--- a/utils/custom_mutators/wrapper_afl_min.py
+++ b/utils/custom_mutators/wrapper_afl_min.py
@@ -27,7 +27,7 @@ def log(text):
def init(seed):
"""
- Called once when AFL starts up. Seed is used to identify the AFL instance in log files
+ Called once when AFL starts up. Seed is used to identify the AFL instance in log files
"""
global __mutator__
@@ -72,7 +72,10 @@ def fuzz(buf, add_buf, max_size):
if via_buffer:
try:
__mutator__.init_from_string(buf_str)
- log("fuzz(): Mutator successfully initialized with AFL buffer (%d bytes)" % len(buf_str))
+ log(
+ "fuzz(): Mutator successfully initialized with AFL buffer (%d bytes)"
+ % len(buf_str)
+ )
except Exception:
via_buffer = False
log("fuzz(): Can't initialize mutator with AFL buffer")
@@ -104,7 +107,7 @@ def fuzz(buf, add_buf, max_size):
# Main (for debug)
-if __name__ == '__main__':
+if __name__ == "__main__":
__log__ = True
__log_file__ = "/dev/stdout"
@@ -112,7 +115,9 @@ if __name__ == '__main__':
init(__seed__)
- in_1 = bytearray("<foo ddd='eeee'>ffff<a b='c' d='456' eee='ffffff'>zzzzzzzzzzzz</a><b yyy='YYY' zzz='ZZZ'></b></foo>")
+ in_1 = bytearray(
+ "<foo ddd='eeee'>ffff<a b='c' d='456' eee='ffffff'>zzzzzzzzzzzz</a><b yyy='YYY' zzz='ZZZ'></b></foo>"
+ )
in_2 = bytearray("<abc abc123='456' abcCBA='ppppppppppppppppppppppppppppp'/>")
out = fuzz(in_1, in_2)
print(out)
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-14 22:33:59 +0000