From 1fc1b32db261b27cf14f0d1d7f77a06854b7376c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 27 Dec 2023 13:53:11 +0100 Subject: initial simple injection detection support --- src/afl-cc.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'src/afl-cc.c') diff --git a/src/afl-cc.c b/src/afl-cc.c index 22cce2cd..a46facc7 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1139,6 +1139,26 @@ static void edit_params(u32 argc, char **argv, char **envp) { } + if (getenv("AFL_LLVM_INJECTIONS_ALL") || + getenv("AFL_LLVM_INJECTIONS_SQL") || + getenv("AFL_LLVM_INJECTIONS_LDAP") || + getenv("AFL_LLVM_INJECTIONS_XSS")) { + +#if LLVM_MAJOR >= 11 + #if LLVM_MAJOR < 16 + cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; + #endif + cc_params[cc_par_cnt++] = + alloc_printf("-fpass-plugin=%s/injection-pass.so", obj_path); +#else + cc_params[cc_par_cnt++] = "-Xclang"; + cc_params[cc_par_cnt++] = "-load"; + cc_params[cc_par_cnt++] = "-Xclang"; + cc_params[cc_par_cnt++] = alloc_printf("%s/injection-pass.so", obj_path); +#endif + + } + // cc_params[cc_par_cnt++] = "-Qunused-arguments"; } -- cgit 1.4.1 From 98a2a334de15ed08d82c76bfa97d1f22c81f9a7d Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 27 Dec 2023 13:58:25 +0100 Subject: inject docs --- docs/env_variables.md | 13 +++++++++++++ src/afl-cc.c | 4 ++++ 2 files changed, 17 insertions(+) (limited to 'src/afl-cc.c') diff --git a/docs/env_variables.md b/docs/env_variables.md index a7636511..a972b6da 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -196,6 +196,19 @@ in the specified file. For more information, see [instrumentation/README.instrument_list.md](../instrumentation/README.instrument_list.md). +#### INJECTIONS + +This feature is able to find simple injection vulnerabilities in insecure +calls to mysql/mariadb/nosql/postgresql/ldap and XSS in libxml2. + + - Setting `AFL_LLVM_INJECTIONS_ALL` will enable all injection hooking + + - Setting `AFL_LLVM_INJECTIONS_SQL` will enable SQL injection hooking + + - Setting `AFL_LLVM_INJECTIONS_LDAP` will enable LDAP injection hooking + + - Setting `AFL_LLVM_INJECTIONS_XSS` will enable XSS injection hooking + #### LAF-INTEL This great feature will split compares into series of single byte comparisons to diff --git a/src/afl-cc.c b/src/afl-cc.c index a46facc7..54c733c9 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -2295,6 +2295,10 @@ int main(int argc, char **argv, char **envp) { "comparisons\n" " AFL_LLVM_DICT2FILE_NO_MAIN: skip parsing main() for the " "dictionary\n" + " AFL_LLVM_INJECTIONS_ALL: enables all injections hooking\n" + " AFL_LLVM_INJECTIONS_SQL: enables SQL injections hooking\n" + " AFL_LLVM_INJECTIONS_LDAP: enables LDAP injections hooking\n" + " AFL_LLVM_INJECTIONS_XSS: enables XSS injections hooking\n" " AFL_LLVM_LAF_ALL: enables all LAF splits/transforms\n" " AFL_LLVM_LAF_SPLIT_COMPARES: enable cascaded comparisons\n" " AFL_LLVM_LAF_SPLIT_COMPARES_BITW: size limit (default 8)\n" -- cgit 1.4.1