-
Notifications
You must be signed in to change notification settings - Fork 1
/
config.defpy
110 lines (90 loc) · 4.3 KB
/
config.defpy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
#############################################################################################
# config.py
# This is the configuration file for diff_fuzz.py
# Add new targets by adding new entries to TARGET_CONFIGS.
#############################################################################################
import dataclasses
import os
from pathlib import PosixPath
# The directory where the seed inputs are
# The seeds are the files from which all the fuzzing inputs are produced,
# so it's important that the seeds are a decently representative sample
# of the inputs accepted by the targets.
SEED_DIR: PosixPath = PosixPath("./seeds")
# The directory where the findings go when the fuzzer run finishes.
RESULTS_DIR: PosixPath = PosixPath("./results")
# The directory where run information will go
REPORTS_DIR: PosixPath = PosixPath("./reports")
# Time in milliseconds given to each process
TIMEOUT_TIME: int = 10000
# Set this to False if you only care about exit status differentials
# (i.e. the programs you're testing aren't expected to have identical output on stdout)
DETECT_OUTPUT_DIFFERENTIALS: bool = False
# Set this to True if you want to use grammar mutations.
# (Requires a grammar.py with the appropriate interface)
USE_GRAMMAR_MUTATIONS: bool = False
# When this is True, a differential is registered if two targets exit with different status codes.
# When it's False, a differential is registered only when one target exits with status 0 and another
# exits with nonzero status.
DIFFERENTIATE_NONZERO_EXIT_STATUSES: bool = False
# Roughly how many processes to allow in a generation (within a factor of 2)
ROUGH_DESIRED_QUEUE_LEN: int = 100
# The number of bytes deleted at a time in the minimization loop
# The default choice was selected because of UTF-8.
DELETION_LENGTHS: list[int] = [1]
# A function which takes a byte and returns the byte it should be replaced by during minimization
# Useful for dealing with character jump-tables that cause duplicate results.
# If the byte doesn't have a replacement candidate, b'' is returned.
def get_replacement_byte(to_replace: int) -> bytes: # pylint: disable=unused-argument
return b""
# This is the parse tree class for your programs' output.
# If DETECT_OUTPUT_DIFFERENTIALS is set to False, then you can leave this as it is.
# Otherwise, our suggestion is that your programs output JSON with field values base64-encoded if need be.
# In that case, this struct should have a single field for each field in that JSON object.
@dataclasses.dataclass(frozen=True)
class ParseTree:
pass
# This is the comparison operation on optional parse trees.
# During minimization, the result of the function is preserved.
# If your programs' output is expected to match completely, then leave this as-is.
# Otherwise, rewrite it to implement an equivalence relation between your parse trees.
def compare_parse_trees(t1: ParseTree | None, t2: ParseTree | None) -> tuple[bool, ...]:
return (t1 == t2,)
# This is the configuration class for each target program.
@dataclasses.dataclass(frozen=True)
class TargetConfig:
# A unique name for this target
name: str
# The path to this target's executable
executable: PosixPath
# The CLI arguments this target needs
cli_args: list[str] = dataclasses.field(default_factory=list)
# Whether this executable should be traced.
# (turning off tracing is useful for untraceable
# targets, such as those written in unsupported
# languages)
needs_tracing: bool = True
# Whether this executable needs to run in QEMU mode
# (should be True when target is not instrumented for AFL)
needs_qemu: bool = False
# Whether this executable needs to run with python-afl (is a python script)
needs_python_afl: bool = False
# The environment variables to pass to the executable
env: dict[str, str] = dataclasses.field(default_factory=lambda: dict(os.environ))
# Configuration for each fuzzing target
TARGET_CONFIGS: list[TargetConfig] = [
TargetConfig(
name="baby-cpp",
executable=PosixPath("./targets/baby-cpp/baby-cpp"),
),
TargetConfig(
name="baby-c",
executable=PosixPath("./targets/baby-c/baby-c"),
needs_qemu=True,
),
TargetConfig(
name="baby-py",
executable=PosixPath("./targets/baby-py/baby.py"),
needs_python_afl=True,
),
]