Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Front-ends to new fuzzers #192
We currently have a dedicated front-end to Eclipser (https://github.com/trailofbits/deepstate/blob/master/bin/deepstate/eclipser.py), which makes it easy to use Eclipser with DeepState. However, even using AFL (for example) requires a bit more typing and user suffering. In the case of AFL, it's not urgent, but there are likely other fuzzers (esp. file-based ones) where figuring out the right command line, or putting the tests generated in a useful location, is more difficult.
It seems like a lot of fuzzers work similarly, and that a lot of the front-ends would end up looking almost the same. Would it be a good idea to implement a base
Not entirely sure how the whole front-end base API would work, but here would be a rough example for writing a front-end for Angora:
class Angora(DeepStateFrontend): def __init__(self, fuzzer_envvar): """ the base object would determine path to fuzzer binary based on envvar, and perform other checks """ super().__init__(fuzzer_envvar) def make_command(self, args_dict): """ maps dict() of deepstate-angora cli args to cli command for fuzzer. Implementer can override if arg flags differ from default """ super(Angora, self).make_command(args_dict) def execute(self): """ takes fuzzer and command from make_command() and executes with subprocess call """ super(Angora, self).execute()
One feature that I think this could also introduce would be the ability to interface compile-time instrumentation through the front-end (for the fuzzers that support it).
For example, maybe something like this:
The front-end finds the path to
class Angora(DeepStateFrontend): ... def compile_and_instrument(self, test_file): self.compiler_path = self.fuzzer_path + "/bin/angora_clang" # ... subprocess.call to perform compilation and instrumentation # with the appropriate flags
This goes back to the idea of using DeepState to interface a lot of the steps needed to perform fuzzing, so a user would just need to use a