blob: f8ff41901ba4362ef9a38b155dfa6f9e615b3178 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
#!/bin/sh
. ./test-pre.sh
$ECHO "$BLUE[*] Testing: unicorn_mode"
test -d ../unicorn_mode/unicornafl -a -e ../unicorn_mode/unicornafl/Makefile && {
test -e ../unicorn_mode/samples/python_simple/simple_target.bin -a -e ../unicorn_mode/samples/compcov_x64/compcov_target.bin && {
{
# We want to see python errors etc. in logs, in case something doesn't work
export AFL_DEBUG_CHILD=1
# some python version should be available now
PYTHONS="`command -v python3` `command -v python` `command -v python2`"
EASY_INSTALL_FOUND=0
for PYTHON in $PYTHONS ; do
if $PYTHON -c "import setuptools" ; then
EASY_INSTALL_FOUND=1
PY=$PYTHON
break
fi
done
if [ "0" = $EASY_INSTALL_FOUND ]; then
echo "[-] Error: Python setup-tools not found. Run 'sudo apt-get install python-setuptools'."
PREREQ_NOTFOUND=1
fi
cd ../unicorn_mode/samples/persistent
make >>errors 2>&1
$ECHO "$GREY[*] running afl-fuzz for unicorn_mode (persistent), this will take approx 25 seconds"
AFL_DEBUG_CHILD=1 ../../../afl-fuzz -m none -V25 -U -i sample_inputs -o out -d -- ./harness @@ >>errors 2>&1
test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && {
$ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode (persistent)"
} || {
echo CUT------------------------------------------------------------------CUT
cat errors
echo CUT------------------------------------------------------------------CUT
$ECHO "$RED[!] afl-fuzz is not working correctly with unicorn_mode (persistent)"
CODE=1
}
rm -rf out errors >/dev/null
make clean >/dev/null
cd ../../../test
# travis workaround
test "$PY" = "/opt/pyenv/shims/python" -a -x /usr/bin/python && PY=/usr/bin/python
mkdir -p in
echo 0 > in/in
$ECHO "$GREY[*] Using python binary $PY"
if ! $PY -c 'import unicornafl' 2>/dev/null ; then
$ECHO "$YELLOW[-] we cannot test unicorn_mode for python because it is not present"
INCOMPLETE=1
else
{
$ECHO "$GREY[*] running afl-fuzz for unicorn_mode in python, this will take approx 25 seconds"
{
../afl-fuzz -m ${MEM_LIMIT} -V25 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/python_simple/simple_test_harness.py @@ >>errors 2>&1
} >>errors 2>&1
test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && {
$ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode"
} || {
echo CUT------------------------------------------------------------------CUT
cat errors
echo CUT------------------------------------------------------------------CUT
$ECHO "$RED[!] afl-fuzz is not working correctly with unicorn_mode"
CODE=1
}
rm -f errors
printf '\x01\x01' > in/in
# This seed is close to the first byte of the comparison.
# If CompCov works, a new tuple will appear in the map => new input in queue
$ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 35 seconds"
{
export AFL_COMPCOV_LEVEL=2
../afl-fuzz -m ${MEM_LIMIT} -V35 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1
unset AFL_COMPCOV_LEVEL
} >>errors 2>&1
test -n "$( ls out/default/queue/id:000001* 2>/dev/null )" && {
$ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode compcov"
} || {
echo CUT------------------------------------------------------------------CUT
cat errors
echo CUT------------------------------------------------------------------CUT
$ECHO "$RED[!] afl-fuzz is not working correctly with unicorn_mode compcov"
CODE=1
}
rm -rf in out errors
}
fi
unset AFL_DEBUG_CHILD
}
} || {
$ECHO "$RED[!] missing sample binaries in unicorn_mode/samples/ - what is going on??"
CODE=1
}
} || {
$ECHO "$YELLOW[-] unicorn_mode is not compiled, cannot test"
INCOMPLETE=1
}
. ./test-post.sh
|
