From bfb451806887f8cf9f9491461cb0bd92e76ffffa Mon Sep 17 00:00:00 2001 From: DarkRelay <94099510+DarkRelayLabs@users.noreply.github.com> Date: Thu, 24 Aug 2023 14:28:56 +0530 Subject: [PATCH 1/4] Added AFL Fuzzer in Makefile.in Starts AFL Fuzzing on build using "make afl" --- Makefile.in | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Makefile.in b/Makefile.in index 5df074e..a6c68c7 100644 --- a/Makefile.in +++ b/Makefile.in @@ -307,6 +307,12 @@ testmxml-vg: $(LIBOBJS) testmxml.o testmxml.o: mxml.h +# Fuzz-test the library <> +.PHONY: afl +afl: + $(MAKE) -$(MAKEFLAGS) CC="afl-clang-fast" COMMONFLAGS="-g" clean all + test afl-output || rm -rf afl-output + afl-fuzz -x xml.dict -i afl-input -o afl-output -V 600 -e xml -t 5000 ./testmxml @@ temps.xml # # Analyze code with the Clang static analyzer From 347e58a1f94c5a8e4ddcc5edbdd5f547ddb5c75d Mon Sep 17 00:00:00 2001 From: DarkRelay <94099510+DarkRelayLabs@users.noreply.github.com> Date: Thu, 24 Aug 2023 14:31:48 +0530 Subject: [PATCH 2/4] Created test corpus test.xml Test corpus for afl fuzzing --- afl_input/test.xml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 afl_input/test.xml diff --git a/afl_input/test.xml b/afl_input/test.xml new file mode 100644 index 0000000..044304e --- /dev/null +++ b/afl_input/test.xml @@ -0,0 +1,29 @@ + + + + 123 + Now is the time for all good men to come to the aid of their +country. + + + From 7d85532902c67c7a18e5dc7e5ac46ffb7ed40f13 Mon Sep 17 00:00:00 2001 From: DarkRelay <94099510+DarkRelayLabs@users.noreply.github.com> Date: Thu, 24 Aug 2023 14:36:48 +0530 Subject: [PATCH 3/4] Added AFL dictionary for fuzzing --- xml.dict | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 xml.dict diff --git a/xml.dict b/xml.dict new file mode 100644 index 0000000..8127aa2 --- /dev/null +++ b/xml.dict @@ -0,0 +1,72 @@ +# +# AFL dictionary for XML +# ---------------------- +# +# Several basic syntax elements and attributes, modeled on libxml2. +# +# Created by Michal Zalewski +# + +attr_encoding=" encoding=\"1\"" +attr_generic=" a=\"1\"" +attr_href=" href=\"1\"" +attr_standalone=" standalone=\"no\"" +attr_version=" version=\"1\"" +attr_xml_base=" xml:base=\"1\"" +attr_xml_id=" xml:id=\"1\"" +attr_xml_lang=" xml:lang=\"1\"" +attr_xml_space=" xml:space=\"1\"" +attr_xmlns=" xmlns=\"1\"" + +entity_builtin="<" +entity_decimal="" +entity_external="&a;" +entity_hex="" + +string_any="ANY" +string_brackets="[]" +string_cdata="CDATA" +string_col_fallback=":fallback" +string_col_generic=":a" +string_col_include=":include" +string_dashes="--" +string_empty="EMPTY" +string_empty_dblquotes="\"\"" +string_empty_quotes="''" +string_entities="ENTITIES" +string_entity="ENTITY" +string_fixed="#FIXED" +string_id="ID" +string_idref="IDREF" +string_idrefs="IDREFS" +string_implied="#IMPLIED" +string_nmtoken="NMTOKEN" +string_nmtokens="NMTOKENS" +string_notation="NOTATION" +string_parentheses="()" +string_pcdata="#PCDATA" +string_percent="%a" +string_public="PUBLIC" +string_required="#REQUIRED" +string_schema=":schema" +string_system="SYSTEM" +string_ucs4="UCS-4" +string_utf16="UTF-16" +string_utf8="UTF-8" +string_xmlns="xmlns:" + +tag_attlist="" +tag_doctype="" +tag_open_close="" +tag_open_exclamation="" +tag_xml_q="" From c841beccb24272973b756c62bf7f9b174b9b68b9 Mon Sep 17 00:00:00 2001 From: DarkRelay <94099510+DarkRelayLabs@users.noreply.github.com> Date: Thu, 24 Aug 2023 15:02:26 +0530 Subject: [PATCH 4/4] Rename afl_input to afl-input --- {afl_input => afl-input}/test.xml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {afl_input => afl-input}/test.xml (100%) diff --git a/afl_input/test.xml b/afl-input/test.xml similarity index 100% rename from afl_input/test.xml rename to afl-input/test.xml