# RustFuzz

**Repository Path**: fripSide/RustFuzz

## Basic Information

- **Project Name**: RustFuzz
- **Description**: Rust Fuzzing Toolkit
- **Primary Language**: Unknown
- **License**: Not specified
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2020-06-13
- **Last Updated**: 2020-12-19

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# Rust Fuzzing Toolkit
Help to download vulnerable libraries and run fuzzing command in different fuzzers.  
Similar to https://github.com/rust-fuzz/targets 


## Install
#### Dependencies
1. afl.rs 
https://github.com/rust-fuzz/afl.rs 

2. cargo-fuzz 
https://rust-fuzz.github.io/book/introduction.html 

3. honggfuzz-rs 
https://docs.rs/honggfuzz/0.5.49/honggfuzz/ 

4. Fuzzcheck 
https://github.com/loiclec/fuzzcheck-rs

## Setup

#### Add a new fuzzing project. 
Add the github repo to projects.json 
``` json 
[
	{
		"tag": "string-interner",
		"url": "https://github.com/Robbepop/string-interner",
		"fix": "d91dac0cfe42512526879cdfaac0b81beff54089",
		"bug": "f5ffa9d0284b03e0cac397ee1a1d4ce2080f4644"
		
	},
]
```

#### Add a new fuzzing target to a project. 
Add a cargo fuzz target: 
1. add a library dependency to Cargo.toml and add library dependency to common/Cargo.toml
``` text
[dependencies]
libfuzzer-sys = "0.3"
guess = {path = "../../guess-str"}
# add the smallvec dependency
smallvec = {path = "../fuzz_projs/smallvec1"}
```

2. add test code  
Modify common/lib.rs and add a new function fuzz_xxxx.  

``` rust
mod smallvec_fuzz;
pub fn fuzz_smallvec1(data: &[u8]) {
    smallvec_fuzz::smallvec1_t_103(data);
}

pub fn fuzz_smallvec2(data: &[u8]) {
    smallvec_fuzz::smallvec2_t_2019_0009(data);
}
```

## Usage
``` bash
python3 code_setup.py -f fuzz_target
python3 code_setup.py -t [cargo|afl|hfuzz|fzcheck] [guess|claxon]
```

#### Init projects 
Download projects and set to vulnerable branch.
``` bash
# init and list all fuzzing projects
> python3 code_setup.py -l
Current Fuzzing Projects:
        string-interner -> https://github.com/Robbepop/string-interner
                special fuzzing targets: [afl_string_interner | cargo_string_interner | hfuzz_string_interner]
        base64 -> https://github.com/alicemaz/rust-base64
                special fuzzing targets: [afl_base64 | cargo_base64]
        generator-rs -> https://github.com/Xudong-Huang/generator-rs
                special fuzzing targets: []
        claxon -> https://github.com/ruuda/claxon
                special fuzzing targets: [afl_claxon2 | cargo_claxon2]
        claxon2 -> https://github.com/ruuda/claxon
                special fuzzing targets: [afl_claxon2 | cargo_claxon2]
        smallvec1 -> https://github.com/servo/rust-smallvec
                special fuzzing targets: []
        smallvec2 -> https://github.com/servo/rust-smallvec
                special fuzzing targets: [cargo_smallvec2]
        slice_deque -> https://github.com/gnzlbg/slice_deque
                special fuzzing targets: []
        jpg_decoder -> https://github.com/image-rs/jpeg-decoder
                special fuzzing targets: []
        simd_json -> https://github.com/simd-lite/simd-json
                special fuzzing targets: []
        libflate -> https://github.com/sile/libflate/
                special fuzzing targets: []
        safe_transmute_rs -> https://github.com/nabijaczleweli/safe-transmute-rs
                special fuzzing targets: []
        image -> https://github.com/image-rs/image
                special fuzzing targets: []
Supported fuzzing tools: [afl | cargo | hfuzz | fzcheck]
Normal fuzzing targets: [base64_roundtrip_random_config | base64 | claxon | smallvec1 | smallvec2 | slice_deque | claxon | simd_json | libflate | safe_transmute]
```

#### Run a fuzzing tool on a function
``` bash
python3 code_setup.py -t [cargo|afl|hfuzz|fzcheck] [guess|claxon]
```
Run background:
``` bash
./start_one.sh afl claxon
```

#### Run a special fuzzer on test code
Run fuzzing on a project with a specific fuzzing library.
``` bash
# run a project continuously: cargo fuzz run guess
> python3 code_setup.py -f cargo_guess
Run cmd 'cargo +nightly fuzz run guess' in 'cargo_fuzz_targets'
    Finished dev [unoptimized + debuginfo] target(s) in 0.01s
    Finished dev [unoptimized + debuginfo] target(s) in 0.01s
     Running `fuzz/target/x86_64-unknown-linux-gnu/debug/guess -artifact_prefix=/home/vagrant/proj/rust/mycode/cargo_fuzz_targets/fuzz/artifacts/guess/ /home/vagrant/proj/rust/mycode/cargo_fuzz_targets/fuzz/corpus/guess`
INFO: Seed: 2224432753
INFO: Loaded 1 modules   (6914 inline 8-bit counters): 6914 [0x56424656820a, 0x564246569d0c), 
INFO: Loaded 1 PC tables (6914 PCs): 6914 [0x564246569d10,0x564246584d30), 
...
```

#### TODO
1. Get fuzzer resutls.
2. Covarage statistics.