Skip to content

Toconquer1/Squirrel_test

1 Branch0 Tags
This branch is up to date with s3team/Squirrel:master.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ChangochenChangochen
Create stale.yml
Jan 23, 2023
96810fd · Jan 23, 2023

History

78 Commits
.devcontainer
.devcontainer
Nov 27, 2022
.github
.github
Jan 23, 2023
.vscode
.vscode
Nov 27, 2022
AFLplusplus @ 8cdc48f
AFLplusplus @ 8cdc48f
Nov 27, 2022
data
data
Dec 20, 2022
scripts
scripts
Dec 20, 2022
srcs
srcs
Dec 20, 2022
tests
tests
Dec 20, 2022
third_party
third_party
Nov 27, 2022
.clang-format
.clang-format
Dec 7, 2022
.clang-tidy
.clang-tidy
Dec 7, 2022
.gitignore
.gitignore
Dec 7, 2022
.gitmodules
.gitmodules
Nov 27, 2022
CMakeLists.txt
CMakeLists.txt
Dec 7, 2022
CODEOWNERS
CODEOWNERS
Dec 7, 2022
LICENSE
LICENSE
Aug 30, 2020
README.md
README.md
Dec 15, 2022
compile_commands.json
compile_commands.json
Nov 27, 2022
lint.cmake
lint.cmake
Dec 7, 2022

Repository files navigation

Squirrel, a coverage-guided DBMS fuzzer.

build

Squirrel is a fuzzer for database managment systems (DBMSs).

Squirrel was first built on AFL and then migrated to AFLplusplus to enjoy the improvement of state-of-the-art fuzzing strategies.

Currently supported DBMSs

  1. SQLite
  2. PostgreSQL
  3. MySQL
  4. MariaDB

Build Instruction (Run in docker, recommended)

  1. Go to the directory of the dockerfile: cd scripts/docker/xxx/, where xxx is the database name.
  2. Build the docker: docker build -t xxx ..
  3. Run: docker run -it xxx.

Build Instruction (Run on localhost)

Prerequisite

For ubuntu 22.04:

sudo apt install libmysqlclient-dev cmake ninja-build clang pkg-config clang-format libpq-dev libyaml-cpp-dev

Build Squirrel

  1. Clone this repo and run git submodule update --init.
  2. cmake -S . -B build -DCMAKE_BUILD_TYPE=Release -Wno-dev. If you want to compile only the mutator for the specific databases, add -DXXXXX=ON, XXXXX can be SQLITE, MYSQL and POSTGRESQL. Mariadb share the same interface with MySQL.
  3. cmake --build build -j, the binaries are in build/.

Build AFLplusplus and DBMSs

  1. Build aflplusplus: cd AFLplusplus && make -j && cd ...
  2. Use afl-cc and afl-c++ to instrument your database.

Run

Configuration

  1. Set up a configuration file in yaml. Examples can be found in data/*.yml.
  2. Set the enviroment variable
export SQUIRREL_CONFIG=/path/to/config.yml
export AFL_CUSTOM_MUTATOR_ONLY=1
export AFL_CUSTOM_MUTATOR_LIBRARY= REPO_DIR/build/libxxxx_mutator.so
export AFL_DISABLE_TRIM=1

Normal Mode (SQLite)

Same as AFLplusplus: afl-fuzz -i input -o output -- sqlite_harness.

Client/Server Mode (MySQL/MariaDB/PostgreSQL)

  1. Dry run the database to get the __afl_map_size and set it to AFL_MAP_SIZE.
  2. Run afl-fuzz -i input -o output -- ./build/db_driver, it will print the share memory id and wait for 30 seconds.
  3. Start the databse server with export __AFL_SHM_ID=xxxx.

Publications

More details can be found in our CCS 2020 paper. And the bugs found by Squirrel can be found in here.

SQUIRREL: Testing Database Management Systems with Language Validity and Coverage Feedback

@inproceedings{zhong:squirrel,
  title        = {{SQUIRREL: Testing Database Management Systems with Language Validity and Coverage Feedback}},
  author       = {Rui Zhong and Yongheng Chen and Hong Hu and Hangfan Zhang and Wenke Lee and Dinghao Wu},
  booktitle    = {Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS)},
  month        = nov,
  year         = 2020,
  address      = {Orlando, USA},
}

Special Thanks

  1. Roel Van de Paar (@mariadb-RoelVandePaar): For his helpful feedback for improving Squirrel.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C++ 84.2%
  • Yacc 8.9%
  • C 4.9%
  • Lex 0.8%
  • Dockerfile 0.4%
  • Makefile 0.3%
  • Other 0.5%