You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy initial testcases to testcases-directory.
* If you don't have any, run get_testcases_from_github_issues.py. It will fetch testcases (markdown code blocks) from MRuby Github issues.
Run ./runme.sh to start fuzzing.
The script will build the container, configure required host machine values and launch fuzzer container.
The fuzzer will load initial testcases from the host-machine testcases-directory and will save all output (incl. fuzzer binary) to host-machine /dev/shm directory (ramdisk).
When the fuzzer is running, container shows a status screen (afl-whatsup) which has basic info about the AFL-fuzzers.
New crashes are triaged couple times per minute and saved to crashwalk database. A text-based log of unique crashes can be found in results-directory.
Optionally for additional triaging, run docker exec -it CONTAINER_ID /mruby/bin/triage_online.sh.
If the online sandbox fails execution (NO RESULT / NO MEMORY / NO INSTRUCTIONS), the testcase most likely crashes mruby universally and is not a false positive.
TODO
Add support for locating the commit that introduced a crash (git bisect?).
Automatically create Markdown-reports that contain (modify crashwalk?):
Testcase (base64-encoded).
Crashwalk trace.
Commit that introduced the crash.
???
Add support for deduplicating crashes (search existing issue from Github).