You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Clone this repo and run git submodule update --init.
cmake -S . -B build -DCMAKE_BUILD_TYPE=Release -Wno-dev. If you want to compile only the mutator for the specific databases, add -DXXXXX=ON, XXXXX can be SQLITE, MYSQL and POSTGRESQL. Mariadb share the same interface with MySQL.
cmake --build build -j, the binaries are in build/.
Build AFLplusplus and DBMSs
Build aflplusplus: cd AFLplusplus && make -j && cd ...
Use afl-cc and afl-c++ to instrument your database.
Run
Configuration
Set up a configuration file in yaml. Examples can be found in data/*.yml.
Same as AFLplusplus: afl-fuzz -i input -o output -- sqlite_harness.
Client/Server Mode (MySQL/MariaDB/PostgreSQL)
Dry run the database to get the __afl_map_size and set it to AFL_MAP_SIZE.
Run afl-fuzz -i input -o output -- ./build/db_driver, it will print the share memory id and wait for 30 seconds.
Start the databse server with export __AFL_SHM_ID=xxxx.
Publications
More details can be found in our CCS 2020 paper. And the bugs found by Squirrel can be found in here.
SQUIRREL: Testing Database Management Systems with Language Validity and Coverage Feedback
@inproceedings{zhong:squirrel,
title = {{SQUIRREL: Testing Database Management Systems with Language Validity and Coverage Feedback}},
author = {Rui Zhong and Yongheng Chen and Hong Hu and Hangfan Zhang and Wenke Lee and Dinghao Wu},
booktitle = {Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS)},
month = nov,
year = 2020,
address = {Orlando, USA},
}
Special Thanks
Roel Van de Paar (@mariadb-RoelVandePaar): For his helpful feedback for improving Squirrel.
