I would like to run american fuzzy lop as a part of Travis CI run. How can I do that?
Asked
Active
Viewed 258 times
5
-
Here is the quickstart guide in case it helps answering the question: http://lcamtuf.coredump.cx/afl/QuickStartGuide.txt - with `AFL_EXIT_WHEN_DONE=1` exported, afl runs can be automated. – d33tah Aug 27 '15 at 00:46
-
1What about Travis CI time limits? AFL execution can take a lot of time... – cubuspl42 Nov 24 '15 at 17:11
-
There's no way around that, which is why you need a different model: either add a timeout using `timeout` command or push the AFL output directory to your repo and see if any changes happened. You can also replace `cycles_wo_finds > 20` from 20 to a smaller number here: https://github.com/d33tah/afl-fuzz-releases/blob/ec7f52279fabf39d9a44dd9a256bf5a4cafafe9c/afl-fuzz.c#L3701 – d33tah Nov 24 '15 at 18:54
1 Answers
2
Here are my attempts - I managed to run AFL this way:
https://github.com/d33tah/travis-test-c-app
.travis.yml
language: c
install: wget "http://lcamtuf.coredump.cx/afl/releases/afl-1.88b.tgz" -O- | tar zxf - ; pushd . ; cd afl-*; make PREFIX=/tmp/afl install; echo core | sudo tee /proc/sys/kernel/core_pattern; popd
Makefile
CC=/tmp/afl/bin/afl-gcc
all: app
test: app
./perform_fuzzing
perform_fuzzing
#!/bin/bash
AFL_EXIT_WHEN_DONE=1 /tmp/afl/bin/afl-fuzz -i i -o o ./app >/dev/null
cat o/fuzzer_stats
configure
#!/bin/sh
true
app.c
int main() {
if (getchar() == '1')
abort();
return 0;
}
Note:
As user cubuspl42 pointed out in his comment to this question, Travis CI has time limitations though. This means that you might want to push the output directory to Git and run AFL in resume mode instead. You might also want to wrap the command with timeout program and/or replace cycles_wo_finds > 20 with a smaller number in this line (and possibly some others in the future).
d33tah
- 10,999
- 13
- 68
- 158