Skip to content

Commit

Permalink
🔥 Disable afl commands
Browse files Browse the repository at this point in the history
  • Loading branch information
lukacan committed Oct 21, 2024
1 parent fb37072 commit 99cdeb5
Show file tree
Hide file tree
Showing 10 changed files with 80 additions and 128 deletions.
92 changes: 45 additions & 47 deletions crates/cli/src/command/fuzz.rs
Original file line number Diff line number Diff line change
Expand Up @@ -15,20 +15,20 @@ pub const TRIDENT_TOML: &str = "Trident.toml";
pub enum FuzzCommand {
#[command(about = "Generate new Fuzz Test template.")]
Add,
#[command(
about = "Run the AFL on desired fuzz test.",
override_usage = "Specify the desired fuzz \x1b[92m<TARGET>\x1b[0m.\
\n \x1b[1m\x1b[4m<TARGET>:\x1b[0m Name of the desired fuzz template to execute (for example fuzz_0).\
\n\n\x1b[1m\x1b[4mEXAMPLE:\x1b[0m\
\n trident fuzz run-afl fuzz_0"
)]
Run_Afl {
#[arg(
required = true,
help = "Name of the desired fuzz template to execute (for example fuzz_0)."
)]
target: String,
},
// #[command(
// about = "Run the AFL on desired fuzz test.",
// override_usage = "Specify the desired fuzz \x1b[92m<TARGET>\x1b[0m.\
// \n \x1b[1m\x1b[4m<TARGET>:\x1b[0m Name of the desired fuzz template to execute (for example fuzz_0).\
// \n\n\x1b[1m\x1b[4mEXAMPLE:\x1b[0m\
// \n trident fuzz run-afl fuzz_0"
// )]
// Run_Afl {
// #[arg(
// required = true,
// help = "Name of the desired fuzz template to execute (for example fuzz_0)."
// )]
// target: String,
// },
#[command(
about = "Run the Honggfuzz on desired fuzz test.",
override_usage = "Specify the desired fuzz \x1b[92m<TARGET>\x1b[0m.\
Expand All @@ -51,37 +51,35 @@ pub enum FuzzCommand {
with_exit_code: bool,
},

#[command(
about = "Debug found crash using the AFL on desired fuzz test.",
override_usage = "Specify the desired fuzz \x1b[92m<TARGET>\x1b[0m and \x1b[92m<PATH_TO_CRASHFILE>\x1b[0m.\
\n \x1b[1m\x1b[4m<TARGET>:\x1b[0m Name of the desired fuzz template to debug (for example fuzz_0).\
\n \x1b[1m\x1b[4m<PATH_TO_CRASHFILE>:\x1b[0m Path to the crash found during fuzzing.\
\n\n\x1b[1m\x1b[4mHINT:\x1b[0m By default crashfiles will be stored in the following folders:\
\n \x1b[1m\x1b[4mHonggfuzz:\x1b[0m trident-tests/fuzz_tests/fuzzing/honggfuzz/hfuzz_workspace/<TARGET>\
\n \x1b[1m\x1b[4mAFL:\x1b[0m trident-tests/fuzz_tests/fuzzing/afl/afl_workspace/out/default/crashes\
\n\n\x1b[1m\x1b[4mEXAMPLE:\x1b[0m\
\n trident fuzz debug-afl fuzz_0 trident-tests/fuzz_tests/fuzzing/afl/afl_workspace/out/default/crashes/id...\
\n\n\x1b[1m\x1b[33mWarning\x1b[0m:\
\n Do not mix fuzz templates and crashfiles. If the crash was found with fuzz_0, then debug it with fuzz_0."
)]
Debug_Afl {
#[arg(
required = true,
help = "Name of the desired fuzz template to execute (for example fuzz_0)"
)]
target: String,
#[arg(required = true, help = "Path to the crash found during fuzzing")]
crash_file_path: String,
},

// #[command(
// about = "Debug found crash using the AFL on desired fuzz test.",
// override_usage = "Specify the desired fuzz \x1b[92m<TARGET>\x1b[0m and \x1b[92m<PATH_TO_CRASHFILE>\x1b[0m.\
// \n \x1b[1m\x1b[4m<TARGET>:\x1b[0m Name of the desired fuzz template to debug (for example fuzz_0).\
// \n \x1b[1m\x1b[4m<PATH_TO_CRASHFILE>:\x1b[0m Path to the crash found during fuzzing.\
// \n\n\x1b[1m\x1b[4mHINT:\x1b[0m By default crashfiles will be stored in the following folders:\
// \n \x1b[1m\x1b[4mHonggfuzz:\x1b[0m trident-tests/fuzz_tests/fuzzing/honggfuzz/hfuzz_workspace/<TARGET>\
// \n \x1b[1m\x1b[4mAFL:\x1b[0m trident-tests/fuzz_tests/fuzzing/afl/afl_workspace/out/default/crashes\
// \n\n\x1b[1m\x1b[4mEXAMPLE:\x1b[0m\
// \n trident fuzz debug-afl fuzz_0 trident-tests/fuzz_tests/fuzzing/afl/afl_workspace/out/default/crashes/id...\
// \n\n\x1b[1m\x1b[33mWarning\x1b[0m:\
// \n Do not mix fuzz templates and crashfiles. If the crash was found with fuzz_0, then debug it with fuzz_0."
// )]
// Debug_Afl {
// #[arg(
// required = true,
// help = "Name of the desired fuzz template to execute (for example fuzz_0)"
// )]
// target: String,
// #[arg(required = true, help = "Path to the crash found during fuzzing")]
// crash_file_path: String,
// },
#[command(
about = "Debug found crash using the Honggfuzz on desired fuzz test.",
override_usage = "Specify the desired fuzz \x1b[92m<TARGET>\x1b[0m and \x1b[92m<PATH_TO_CRASHFILE>\x1b[0m.\
\n \x1b[1m\x1b[4m<TARGET>:\x1b[0m Name of the desired fuzz template to debug (for example fuzz_0).\
\n \x1b[1m\x1b[4m<PATH_TO_CRASHFILE>:\x1b[0m Path to the crash found during fuzzing.\
\n\n\x1b[1m\x1b[4mHINT:\x1b[0m By default crashfiles will be stored in the following folders:\
\n \x1b[1m\x1b[4mHonggfuzz:\x1b[0m trident-tests/fuzz_tests/fuzzing/honggfuzz/hfuzz_workspace/<TARGET>\
\n \x1b[1m\x1b[4mAFL:\x1b[0m trident-tests/fuzz_tests/fuzzing/afl/afl_workspace/out/default/crashes\
\n\n\x1b[1m\x1b[4mEXAMPLE:\x1b[0m\
\n trident fuzz debug-hfuzz fuzz_0 trident-tests/fuzz_tests/fuzzing/honggfuzz/hfuzz_workspace/fuzz_0/SIGAR...\
\n\n\x1b[1m\x1b[33mWarning\x1b[0m:\
Expand Down Expand Up @@ -110,9 +108,9 @@ pub async fn fuzz(subcmd: FuzzCommand) {
let commander = Commander::with_root(&Path::new(&root).to_path_buf());

match subcmd {
FuzzCommand::Run_Afl { target } => {
commander.run_afl(target).await?;
}
// FuzzCommand::Run_Afl { target } => {
// commander.run_afl(target).await?;
// }
FuzzCommand::Run_Hfuzz {
target,
with_exit_code,
Expand All @@ -123,12 +121,12 @@ pub async fn fuzz(subcmd: FuzzCommand) {
commander.run_honggfuzz(target).await?;
}
}
FuzzCommand::Debug_Afl {
target,
crash_file_path,
} => {
commander.run_afl_debug(target, crash_file_path).await?;
}
// FuzzCommand::Debug_Afl {
// target,
// crash_file_path,
// } => {
// commander.run_afl_debug(target, crash_file_path).await?;
// }
FuzzCommand::Debug_Hfuzz {
target,
crash_file_path,
Expand Down
6 changes: 1 addition & 5 deletions crates/cli/src/howto.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,14 +40,10 @@ type InitializeFnSnapshot<'info> = InitializeContextAlias<'info>;

- Implement the ***todo!*** placeholders in ***fuzz_instructions.rs*** based on the provided descriptions.

- Run fuzzing with ***Honggfuzz*** or ***AFL***
- Run fuzzing with ***Honggfuzz***

```bash
trident fuzz run-hfuzz <FUZZ_TARGET>
```

```bash
trident fuzz run-afl <FUZZ_TARGET>
```

### For more details, refer to the Trident documentation: https://ackee.xyz/trident/docs/dev/
8 changes: 2 additions & 6 deletions crates/cli/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -49,18 +49,14 @@ enum Command {
template or you can run fuzz test on already initialzied one.\
\n\n\x1b[1m\x1b[4mEXAMPLE:\x1b[0m\
\n trident add\
\n trident fuzz run-afl fuzz_0\
\n trident fuzz run-hfuzz fuzz_0\
\n trident fuzz debug-hfuzz fuzz_0 \x1b[92m<PATH_TO_CRASHFILE>\x1b[0m\
\n trident fuzz debug-afl fuzz_0 \x1b[92m<PATH_TO_CRASHFILE>\x1b[0m"
\n trident fuzz debug-hfuzz \x1b[92m<FUZZ_TARGET>\x1b[0m \x1b[92m<PATH_TO_CRASHFILE>\x1b[0m"
)]
Fuzz {
#[clap(subcommand)]
subcmd: FuzzCommand,
},
#[command(
about = "Clean build targets of AFL and Honggfuzz, additionally perform `anchor clean`"
)]
#[command(about = "Clean Honggfuzz build targets ,additionally perform `anchor clean`")]
Clean,
}

Expand Down
3 changes: 2 additions & 1 deletion crates/client/src/cleaner.rs
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ impl Cleaner {
};
self.clean_anchor_target().await?;
self.clean_hfuzz_target(&root).await?;
self.clean_afl_target(&root).await?;
// self.clean_afl_target(&root).await?;
}

#[throws]
Expand All @@ -60,6 +60,7 @@ impl Cleaner {
}

#[throws]
#[allow(dead_code)]
async fn clean_afl_target(&self, root: &PathBuf) {
let afl_target_path = Path::new(root).join(CARGO_TARGET_DIR_DEFAULT_AFL);
if afl_target_path.exists() {
Expand Down
36 changes: 0 additions & 36 deletions crates/client/src/templates/Trident.toml.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -29,42 +29,6 @@ max_file_size = 1048576
# Save all test-cases (not only the unique ones) by appending the current time-stamp to the filenames (default: false)
save_all = false

[afl]
# Target compilation directory,
# (default: "" ["trident-tests/fuzz_tests/fuzzing/afl/afl_target"]).
# To not clash with cargo build's default target directory.
cargo_target_dir = ""
# AFL working input directory,
# (default: "" ["trident-tests/fuzz_tests/fuzzing/afl/afl_workspace/in"]).
afl_workspace_in = ""
# AFL working output directory,
# (default: "" ["trident-tests/fuzz_tests/fuzzing/afl/afl_workspace/out"]).
afl_workspace_out = ""
# fuzz for an approx. no. of total executions then terminate
# Note: not precise and can have several more executions.
# (default: 0 [no limit]).
execs = 0
# fuzz for a specified time then terminate (fuzz time only!)
# (default: 0 [no limit]).
seconds = 0

[[afl.seeds]]
# Filename under which the test input is generated.
# The location of file is afl_workspace_in directory.
# (default: "" ["trident-seed"]).
file_name = "trident-seed"
# String used as seed.
# (default: "" ["0"]).
seed = ""
# If the file already exists at specific location,
# select if override.
# (default: false).
override_file = false
# Number of randomly generated bytes.
# (default: 0).
bytes_count = 20


[fuzz]
# Allow processing of duplicate transactions. Setting to true might speed up fuzzing but can cause false positive crashes (default: false)
allow_duplicate_txs = false
Expand Down
2 changes: 1 addition & 1 deletion crates/client/src/test_generator.rs
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ impl TestGenerator {
self.initialize_new_fuzz_test().await?;

update_gitignore(&self.root, CARGO_TARGET_DIR_DEFAULT_HFUZZ)?;
update_gitignore(&self.root, CARGO_TARGET_DIR_DEFAULT_AFL)?;
// update_gitignore(&self.root, CARGO_TARGET_DIR_DEFAULT_AFL)?;
initialize_package_metadata(&self.program_packages, &self.versions_config).await?;
}

Expand Down
14 changes: 7 additions & 7 deletions documentation/docs/commands/commands.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,13 +38,13 @@ project-root

- Behavior depends on the subcommands.

### trident fuzz run-afl
<!-- ### trident fuzz run-afl
- Run AFL on the specified Fuzz Target (i.e. the Fuzz Template, for example fuzz_0).
- Run AFL on the specified Fuzz Target (i.e. the Fuzz Template, for example fuzz_0). -->

#### Output
<!-- #### Output
TBD
TBD -->

### trident fuzz run-hfuzz

Expand Down Expand Up @@ -77,13 +77,13 @@ TBD
---------------------------------- [ LOGS ] ------------------/ honggfuzz 2.6 /-
```

### trident fuzz debug-afl
<!-- ### trident fuzz debug-afl
- Run AFL debug on the specified Fuzz Target (i.e. the Fuzz Template, for example fuzz_0), with specified crash file, to see where the crash file found an issue.
#### Output
TBD
TBD -->

### trident fuzz debug-hfuzz

Expand Down Expand Up @@ -112,4 +112,4 @@ TBD

## trident clean

- Calls `anchor clean` and cleans targets created by the underlying Honggfuzz and AFL. Crashfiles and Fuzzing Inputs are preserved.
- Calls `anchor clean` and cleans targets created by the underlying Honggfuzz. Crashfiles and Fuzzing Inputs are preserved.
6 changes: 2 additions & 4 deletions documentation/docs/features/trident-manifest.md
Original file line number Diff line number Diff line change
Expand Up @@ -216,9 +216,7 @@ max_file_size = 1048576
save_all = false
```

---

## [afl]
<!-- ## [afl]
#### cargo_target_dir
- Target compilation directory, (default: "" ["trident-tests/fuzz_tests/fuzzing/afl/afl_target"]).
Expand Down Expand Up @@ -286,7 +284,7 @@ override_file = true
bytes_count = 20
```
---
--- -->

!!! tip

Expand Down
25 changes: 12 additions & 13 deletions documentation/docs/installation/installation.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,18 +42,17 @@ sudo apt-get install -y \
lldb
```

## Install Hongfuzz and AFL
## Install Hongfuzz

Install honggfuzz

```bash
cargo install honggfuzz

```
Install AFL
```bash
<!-- ```bash
cargo install cargo-afl
```
``` -->


## Install Trident
Expand All @@ -65,15 +64,15 @@ cargo install trident-cli

## Supported versions

| ***{{ config.site_name }} CLI*** | ***Anchor*** | ***Solana*** | ***Rust*** | ***Honggfuzz*** | ***AFL*** |
|-:|-:|-:|-:|-:|-:|
| :material-developer-board: ***`develop`*** | `0.30.1` | `^1.17.4` | `nightly` | `0.5.56` | `0.15.10` |
| :material-tag: ***`0.7.0`*** | `>=0.29.*`<sup>1</sup> | `^1.17.4` | `nightly` | `0.5.56` | - |
| :material-tag: ***`0.6.0`*** | `>=0.29.*`<sup>1</sup> | `^1.17` | `nightly` | `0.5.55` | - |
| :material-tag: ***`0.5.0`*** | `~0.28.*` | `=1.16.6` | - | - | - |
| :material-tag: ***`0.4.0`*** | `~0.27.*` | `>=1.15` | - | - | - |
| :material-tag: ***`0.3.0`*** | `~0.25.*` | `>=1.10` | - | - | - |
| :material-tag: ***`0.2.0`*** | `~0.24.*` | `>=1.9` | - | - | - |
| ***{{ config.site_name }} CLI*** | ***Anchor*** | ***Solana*** | ***Rust*** | ***Honggfuzz*** |
|-:|-:|-:|-:|-:|
| :material-developer-board: ***`develop`*** | `0.30.1` | `^1.17.4` | `nightly` | `0.5.56` |
| :material-tag: ***`0.7.0`*** | `>=0.29.*`<sup>1</sup> | `^1.17.4` | `nightly` | `0.5.56` |
| :material-tag: ***`0.6.0`*** | `>=0.29.*`<sup>1</sup> | `^1.17` | `nightly` | `0.5.55` |
| :material-tag: ***`0.5.0`*** | `~0.28.*` | `=1.16.6` | - | - |
| :material-tag: ***`0.4.0`*** | `~0.27.*` | `>=1.15` | - | - |
| :material-tag: ***`0.3.0`*** | `~0.25.*` | `>=1.10` | - | - |
| :material-tag: ***`0.2.0`*** | `~0.24.*` | `>=1.9` | - | - |

1. To use Trident with Anchor 0.29.0, run the following commands from your project's root directory after Trident initialization:
```bash
Expand Down
16 changes: 8 additions & 8 deletions documentation/docs/writing-fuzz-test/writing-fuzz-test.md
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ Each Instruction in the Fuzz Test has to have defined the following functions:

### Run Fuzz Test

In principle there are two possible fuzzing engines that the Trident supports, [Honggfuzz](https://github.com/google/honggfuzz) and [AFL](https://aflplus.plus/).
<!-- In principle there are two possible fuzzing engines that the Trident supports, [Honggfuzz](https://github.com/google/honggfuzz) and [AFL](https://aflplus.plus/). -->

To execute the desired fuzz test using the Honggfuzz, run:

Expand All @@ -142,13 +142,13 @@ To execute the desired fuzz test using the Honggfuzz, run:
trident fuzz run-hfuzz <TARGET_NAME>
```

To execute the desired fuzz test using the AFL, run:
<!-- To execute the desired fuzz test using the AFL, run: -->

```bash
<!-- ```bash
# Replace <TARGET_NAME> with the name of particular
# fuzz test (for example: "fuzz_0")
trident fuzz run-afl <TARGET_NAME>
```
``` -->



Expand All @@ -161,19 +161,19 @@ To debug your program using Honggfuzz with values from a crash file:
trident fuzz debug-hfuzz <TARGET_NAME> <CRASH_FILE_PATH>
```

To debug your program using AFL with values from a crash file:
<!-- To debug your program using AFL with values from a crash file: -->

```bash
<!-- ```bash
# fuzzer will run the <TARGET_NAME> with the specified <CRASH_FILE_PATH>
trident fuzz debug-afl <TARGET_NAME> <CRASH_FILE_PATH>
```
``` -->

!!! tip

By default, the crashfiles are stored in the

- `trident-tests/fuzz_tests/fuzzing/honggfuzz/hfuzz_workspace/<FUZZ_TARGET>` for Hongfuzz and
- `trident-tests/fuzz_tests/fuzzing/afl/afl_workspace/out/default/crashes` for the AFL.
<!-- - `trident-tests/fuzz_tests/fuzzing/afl/afl_workspace/out/default/crashes` for the AFL. -->


!!! tip
Expand Down

0 comments on commit 99cdeb5

Please sign in to comment.