Radamsa Mutators#1
Open
GabeClark99 wants to merge 40 commits into
Open
Conversation
* Rand refactoring for 4.1.0 * DecrementByte Length Test * TestByteDecremented * DropByte TestBufferSize * DropByte TestByteDropped * FlipByte TestBufferSize * FlibByte TestByteFlipped * IncrementByte tests * InsertByte tests * fixed test name * PermuteByte tests TestPermuteTwoBytes currently failing due to buff having the same values as modBuff. Need to discuss if this is intended behavior for mutators in general. * RandomizeByte TestRandomize * RepeatByte * misc cleanup Added license header, removed superfluous comments, combined buffer length test cases * buff_len, equality check simplified buff length check by calling it once and storing the result; asserting buff != modBuff for buff_len where buff_len+1 == modBuff_len * migrated to separate gtest binary can now run our tests without piggybacking off of stock vmf * DeleteLine * the rest * DeleteLine Exception Cases tests for buffer size and buffer exists * LineMutatorBase stub class for LineMutatorBase and telling mutators to inherit * ByteMutatorBase stub class for ByteMutatorBase and telling mutators to inherit * moved byte-specific helper function GetRandomByteRepetitionLength is specific to byte mutators, so it should live in the new ByteMutatorBase instead * Squashed commit of the following: commit 95bdd87 Merge: 7b5d68d f3b3834 Author: GabeClark99 <54868591+GabeClark99@users.noreply.github.com> Date: Fri Jan 24 17:14:18 2025 -0600 Merge pull request #2 from crusoe112/mutator-bases Mutator bases commit f3b3834 Author: GabeClark99 <54868591+GabeClark99@users.noreply.github.com> Date: Fri Jan 24 15:27:20 2025 -0500 moved byte-specific helper function GetRandomByteRepetitionLength is specific to byte mutators, so it should live in the new ByteMutatorBase instead commit 9030be9 Author: GabeClark99 <54868591+GabeClark99@users.noreply.github.com> Date: Fri Jan 24 15:22:54 2025 -0500 ByteMutatorBase stub class for ByteMutatorBase and telling mutators to inherit commit 86f1f26 Author: GabeClark99 <54868591+GabeClark99@users.noreply.github.com> Date: Fri Jan 24 15:15:46 2025 -0500 LineMutatorBase stub class for LineMutatorBase and telling mutators to inherit * implemented Line struct * implemented LineVector struct * implemented LineList struct * fixed typo * DeleteLine typical usage tests Intentionally excluding testing the code under the IsBinarish conditional because it doesn't appear to be correctly implemented in the original and may not be carried over into the new refactoring * OneLine content test * fixed DeleteLine buff tests DeleteLine will append a null terminator, which was not accounted for previously. * DeleteSequentialLines exception tests * DeleteSequentialLines typical usage tests * DuplicateLine exception tests * Fixed testing buffer equality also added buffer equality test to cases that needed it * DuplicateLine OneLine * DuplicateLine TwoLines and ThreeLines * CopyLineCloseBy tests * DuplicateLineMutatorTest fixes - previous version assumed DuplicateLine operated like RepeatLine; this has been corrected - simplified buffer content tests - various cosmetic changes to improve readability * RepeatLine Tests * SwapLine tests * Merge pull request #4 from crusoe112/Radamsa-Mutator-Refactoring Splitting each mutator off into its own class --------- Signed-off-by: GabeClark99 <54868591+GabeClark99@users.noreply.github.com> Co-authored-by: Marc Bohler <jbohler7@gatech.edu> Co-authored-by: crusoe112 <marcbohler112@gmail.com>
* Rand refactoring for 4.1.0 * DecrementByte Length Test * TestByteDecremented * DropByte TestBufferSize * DropByte TestByteDropped * FlipByte TestBufferSize * FlibByte TestByteFlipped * IncrementByte tests * InsertByte tests * fixed test name * PermuteByte tests TestPermuteTwoBytes currently failing due to buff having the same values as modBuff. Need to discuss if this is intended behavior for mutators in general. * RandomizeByte TestRandomize * RepeatByte * misc cleanup Added license header, removed superfluous comments, combined buffer length test cases * buff_len, equality check simplified buff length check by calling it once and storing the result; asserting buff != modBuff for buff_len where buff_len+1 == modBuff_len * migrated to separate gtest binary can now run our tests without piggybacking off of stock vmf * DeleteLine * the rest * DeleteLine Exception Cases tests for buffer size and buffer exists * LineMutatorBase stub class for LineMutatorBase and telling mutators to inherit * ByteMutatorBase stub class for ByteMutatorBase and telling mutators to inherit * moved byte-specific helper function GetRandomByteRepetitionLength is specific to byte mutators, so it should live in the new ByteMutatorBase instead * Squashed commit of the following: commit 95bdd87 Merge: 7b5d68d f3b3834 Author: GabeClark99 <54868591+GabeClark99@users.noreply.github.com> Date: Fri Jan 24 17:14:18 2025 -0600 Merge pull request #2 from crusoe112/mutator-bases Mutator bases commit f3b3834 Author: GabeClark99 <54868591+GabeClark99@users.noreply.github.com> Date: Fri Jan 24 15:27:20 2025 -0500 moved byte-specific helper function GetRandomByteRepetitionLength is specific to byte mutators, so it should live in the new ByteMutatorBase instead commit 9030be9 Author: GabeClark99 <54868591+GabeClark99@users.noreply.github.com> Date: Fri Jan 24 15:22:54 2025 -0500 ByteMutatorBase stub class for ByteMutatorBase and telling mutators to inherit commit 86f1f26 Author: GabeClark99 <54868591+GabeClark99@users.noreply.github.com> Date: Fri Jan 24 15:15:46 2025 -0500 LineMutatorBase stub class for LineMutatorBase and telling mutators to inherit * implemented Line struct * implemented LineVector struct * implemented LineList struct * fixed typo * DeleteLine typical usage tests Intentionally excluding testing the code under the IsBinarish conditional because it doesn't appear to be correctly implemented in the original and may not be carried over into the new refactoring * OneLine content test * fixed DeleteLine buff tests DeleteLine will append a null terminator, which was not accounted for previously. * DeleteSequentialLines exception tests * DeleteSequentialLines typical usage tests * DuplicateLine exception tests * Fixed testing buffer equality also added buffer equality test to cases that needed it * DuplicateLine OneLine * DuplicateLine TwoLines and ThreeLines * CopyLineCloseBy tests * DuplicateLineMutatorTest fixes - previous version assumed DuplicateLine operated like RepeatLine; this has been corrected - simplified buffer content tests - various cosmetic changes to improve readability * RepeatLine Tests * SwapLine tests * VMF v4.0.0 compatibility * Add Determinism module set AFLDeterministicFeedback: removes testcase execution time from fitness, and ignores hangs which alleviates some determinism issues DeterministicTesterOutput: computes a running checksum of all generated testcase contents and IDs * Merge pull request #4 from crusoe112/Radamsa-Mutator-Refactoring Splitting each mutator off into its own class * Mutator stubs mutator names are subject to change once I figure out what each one is actually doing * Renamed GetRandomByteRepetitionLength to be more generic * RepeatByteSequence exception tests * Added RepeatByteSequence and its tests. also added missing exception tests to RepeatByte * Fix RepeatByteMutator exception tests copy-paste error * Added DeleteByteSequence * Renamed SwapLineOrder to PermuteLines * Implemented PermuteLines * minor cleanup * Implemented InsertLine renamed from InsertLineFromElsewhere * Adjusted InsertLine minimum bytes requirement * Dockerfile update * VMF 5.0.0 Release * Install location fix Because we're dependent on both the installation of VMF as well as its test suite dependencies, we need to know where both are located. Ensuring that VMF installs to the default location allows us to know both without having to specify a path to the dependencies. * VMF version fix Temp fix until we update for 5.0.0. Clone with all version commits, not just latest, and checkout the 4.1.0 release commit. * Minor changes comment cleanup and fix error message * Some 5.0.0 fixes * ReplaceLine renamed from ReplaceLineFromElsewhere * working commit compiles. OneNode segfault-ing, TwoNodes passes * TreeMutatorBase and DeleteNode the segfault disappeared on its own; I'm sure it's fine... * working commit segfault when referencing n->children in deleteNode. n->value is uninitialized? * Generalized TreeMutatorBase Switched to using 1:N trees instead of BSTs. * Separated some TreeMutator logic into two functions split finding node by index into its own function. split node creation into its own function. * Implemented DuplicateNode * Implemented ReplaceNode renamed from SwapNodes * SwapNodes renamed from SwapNodesPairwise * RepeatPath also moved GetRandomRepetitionLength from LineMutatorBase to MutatorBase, as Tree mutators also need it * WidenCodePointMutator * InsertUnicode TODO: add tests for RadamsaByteMutatorBase::encode_utf8() * ModifyTextNumber * Remove XmlMutator has no definition in the original rust * working commit pick up with findJumpPoints * working commit * FuseThis * FuseNext also moved Fuse helpers into their own file for easy reuse * FuseOld * working commit pick up with testing * AsciiBad * Merge fix * Squashed commit of the following: commit 8762bf6 Author: GabeClark99 <54868591+GabeClark99@users.noreply.github.com> Date: Tue Jun 17 09:09:39 2025 -0500 4.1.0 release (#5) * Rand refactoring for 4.1.0 * DecrementByte Length Test * TestByteDecremented * DropByte TestBufferSize * DropByte TestByteDropped * FlipByte TestBufferSize * FlibByte TestByteFlipped * IncrementByte tests * InsertByte tests * fixed test name * PermuteByte tests TestPermuteTwoBytes currently failing due to buff having the same values as modBuff. Need to discuss if this is intended behavior for mutators in general. * RandomizeByte TestRandomize * RepeatByte * misc cleanup Added license header, removed superfluous comments, combined buffer length test cases * buff_len, equality check simplified buff length check by calling it once and storing the result; asserting buff != modBuff for buff_len where buff_len+1 == modBuff_len * migrated to separate gtest binary can now run our tests without piggybacking off of stock vmf * DeleteLine * the rest * DeleteLine Exception Cases tests for buffer size and buffer exists * LineMutatorBase stub class for LineMutatorBase and telling mutators to inherit * ByteMutatorBase stub class for ByteMutatorBase and telling mutators to inherit * moved byte-specific helper function GetRandomByteRepetitionLength is specific to byte mutators, so it should live in the new ByteMutatorBase instead * Squashed commit of the following: commit 95bdd87 Merge: 7b5d68d f3b3834 Author: GabeClark99 <54868591+GabeClark99@users.noreply.github.com> Date: Fri Jan 24 17:14:18 2025 -0600 Merge pull request #2 from crusoe112/mutator-bases Mutator bases commit f3b3834 Author: GabeClark99 <54868591+GabeClark99@users.noreply.github.com> Date: Fri Jan 24 15:27:20 2025 -0500 moved byte-specific helper function GetRandomByteRepetitionLength is specific to byte mutators, so it should live in the new ByteMutatorBase instead commit 9030be9 Author: GabeClark99 <54868591+GabeClark99@users.noreply.github.com> Date: Fri Jan 24 15:22:54 2025 -0500 ByteMutatorBase stub class for ByteMutatorBase and telling mutators to inherit commit 86f1f26 Author: GabeClark99 <54868591+GabeClark99@users.noreply.github.com> Date: Fri Jan 24 15:15:46 2025 -0500 LineMutatorBase stub class for LineMutatorBase and telling mutators to inherit * implemented Line struct * implemented LineVector struct * implemented LineList struct * fixed typo * DeleteLine typical usage tests Intentionally excluding testing the code under the IsBinarish conditional because it doesn't appear to be correctly implemented in the original and may not be carried over into the new refactoring * OneLine content test * fixed DeleteLine buff tests DeleteLine will append a null terminator, which was not accounted for previously. * DeleteSequentialLines exception tests * DeleteSequentialLines typical usage tests * DuplicateLine exception tests * Fixed testing buffer equality also added buffer equality test to cases that needed it * DuplicateLine OneLine * DuplicateLine TwoLines and ThreeLines * CopyLineCloseBy tests * DuplicateLineMutatorTest fixes - previous version assumed DuplicateLine operated like RepeatLine; this has been corrected - simplified buffer content tests - various cosmetic changes to improve readability * RepeatLine Tests * SwapLine tests * Merge pull request #4 from crusoe112/Radamsa-Mutator-Refactoring Splitting each mutator off into its own class --------- Signed-off-by: GabeClark99 <54868591+GabeClark99@users.noreply.github.com> Co-authored-by: Marc Bohler <jbohler7@gatech.edu> Co-authored-by: crusoe112 <marcbohler112@gmail.com> --------- Signed-off-by: GabeClark99 <54868591+GabeClark99@users.noreply.github.com> Co-authored-by: Marc Bohler <jbohler7@gatech.edu> Co-authored-by: crusoe112 <marcbohler112@gmail.com> Co-authored-by: Joshua Weader <jweader@draper.com> Co-authored-by: Dharsee, Komail <kdharsee@draper.com>
* VMF v4.0.0 compatibility * Add Determinism module set AFLDeterministicFeedback: removes testcase execution time from fitness, and ignores hangs which alleviates some determinism issues DeterministicTesterOutput: computes a running checksum of all generated testcase contents and IDs * VMF 5.0.0 Release * VMF 5 Fixes Use latest VMF version Fixes for latest VMF version - explicit casts for VmfRand::randBetween(int, int) - add yaml-cpp --------- Co-authored-by: Joshua Weader <jweader@draper.com> Co-authored-by: Dharsee, Komail <kdharsee@draper.com>
minor changes to kali dockerfile
* Added AFLPlusPlus Mutators * Fixed CMakeLists format * Fixed CMakeLists * Fixed CMakeLists * Added AFL dependencies * Fixed CMakeLists * Added LibAFL-legacy dependency * LibAFL-legacy dependency * Adjusted LibAFL-legacy dependency * LibAFL-legacy * external dependencies * include external * vmf dependency * Testing rand.h * rand.h test * test rand.h * rand.h test * Include LibAFL-legacy * LibAFL-legacy test * LibAFL-legacy test * LibAFL-legacy test * LibAFL-legacy test * Include AFL-legacy * Test LibAFL-legacy * LibAFL-legacy * Updated for modern releases --------- Co-authored-by: mbohler <mbohler@vigilantsys.com>
* Use early returns for invalid inputs in mutators Replace thrown RuntimeException errors with safe early returns across Radamsa VMF mutator implementations. Added input validation checks (minimum buffer size, seed/index bounds, null buffer pointers, parsing failures, minimum lines/nodes, etc.) and brief comments explaining them so mutators become no-ops on invalid inputs instead of throwing. Also changed a WidenCodePoint attempt failure to return rather than throw. Changes apply to multiple files under Radamsa/vmf/src/modules/common/mutator/. * Updated dockerfile for latest afl++ still working on getting vmf to build * Updated dockerfile for VMF * Enabled remainder of the mutators * Updated VMF Experimental section of dockerfile * Added mutator validation for uninitialized buffer Mutators now get the buffer pointer and buffer size inside of a try-catch block * Fixed error with uninitialized modified buffer If input was detected as invalid, the mutator returned immediately. The runner would then error when trying to read the modified buffer, because it was never initialized. This commit initializes the modified buffer and copies over the initial buffer before returning when invalid input is detected. * Updated tests for mutator default behavior * Clean up dockerfile
Co-authored-by: Joshua Weader <jweader@draper.com>
Removed placeholder Radamsa readme, updated state of Radamsa in top-level readme, and updated dockerfile to run tests by default as stated in the top-level readme.
Author
|
Updated mutator default behavior to return early without mutation in the event of invalid input buffer. Enabled remaining Radamsa mutators. |
|
Existing core modules should not duplicated. Experimental modules cannot have the same name as existing modules. Please let us know if there are specific changes to the existing mutators you believe will be valuable. |
Comment on lines
+33
to
+35
| SET(TEST_SRCS | ||
| ${CMAKE_INSTALL_PREFIX}/../../test/unittest/ModuleTestHelper.cpp | ||
| ${CMAKE_INSTALL_PREFIX}/../../test/unittest/TestConfigInterface.cpp |
There was a problem hiding this comment.
VMF unittest framework source files should not be explicitly referenced in build configurations. Please link against VmfTestLib.
|
Calls to vmf::VmfRand::randBetween generate warnings when building on Windows because the parameter type used is |
* Linking against VmfTestLib removed the install for yaml-cpp in the dockerfile and pointed cmake at vmf's yaml-cpp instead * Removed irrelevant modules * Changed rand argument types from size_t to ul Arguments to vmf::VmfRand::randBetween are now casted to (or declared as) unsigned long before being passed. The result is casted back to size_t to minimize codebase changes. * Updated "Last Updated" column
|
Previously un-duplicated AFL modules should be included back into this merge request. |
Author
|
I removed the AFL and Determinism modules because they are out of scope for this feature. No changes were made to the removed modules since forking. Additionally, the AFL modules are already incorporated into baseline VMF. |
This reverts commit cc42a65.
* Linking against VmfTestLib removed the install for yaml-cpp in the dockerfile and pointed cmake at vmf's yaml-cpp instead * Changed rand argument types from size_t to ul Arguments to vmf::VmfRand::randBetween are now casted to (or declared as) unsigned long before being passed. The result is casted back to size_t to minimize codebase changes. * Remove legacy AFL++ mutators and update build Remove many AFLPlusPlus mutator source and header files (various AFL*Mutator.cpp/.hpp) and stop including them in the AFLPlusPlus library. Update AFLPlusPlus/CMakeLists.txt to remove the deleted sources and link against vmf_core_modules. Adjust AFLDeleteMutator.hpp: simplify includes, change choose_block_len signature to use VmfRand& and update the rand member. Also update top-level CMakeLists and test/config/experimentalModules.yaml to reflect these module removals. * Added ASAN options * Fixed test-related memory bugs * fixed OoB index calc in AFLInteresting32Mutator The interesting_32 array is composed of 28 int64_t elements (9 from INTERESTING_8, 10 from INTERESTING_16, 9 from INTERESTING_32). The random index into this array was computed using sizeof() >> 2 (divide by 4), which is correct for a 32-bit element type but wrong for int64_t (8 bytes). This produced a range of 0..55 against an array of only 28 elements, causing an out-of-bounds read detected by ASAN as a global-buffer-overflow. Replaced the sizeof() bit-shift with the explicit sum of the INTERESTING_8_LEN, INTERESTING_16_LEN, and INTERESTING_32_LEN constants defined in config.h. * draper patches * Fixed failure case in WidenCodePointMutator Replace the repeated random-try loop with a scan that collects all printable ASCII byte indices, then picks one at random. If no printable bytes are found, copy the buffer unchanged and return. This avoids repeated attempts/infinite loops and adds a fallback case.
Author
|
Requested changes have been implemented. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Not all mutators are ready at this time (a list of the excluded mutators can be found here), but have been included for preliminary review.