You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -9,6 +9,8 @@ Unlike AFL, AFLGo spends most of its time budget on reaching specific target loc
***information flow detection** by setting sensitive sources and sinks as targets. To expose data leakage vulnerabilities, a security researcher would like to generate executions that exercise sensitive sources containing private information and sensitive sinks where data becomes visible to the outside world. A directed fuzzer can be used to generate such executions efficiently.
***crash reproduction** by setting method calls in the stack-trace as targets. When in-field crashes are reported, only the stack-trace and some environmental parameters are sent to the in-house development team. To preserve the user's privacy, the specific crashing input is often not available. AFLGo could help the in-house team to swiftly reproduce these crashes.
AFLGo is based on <ahref="http://lcamtuf.coredump.cx/afl/"target="_blank">AFL</a> from Michał Zaleski \<[email protected]\>.
# Integration into OSS-Fuzz
The easiest way to use AFLGo is as patch testing tool in OSS-Fuzz. Here is our integration:
*https://github.com/aflgo/oss-fuzz
Expand DownExpand Up
@@ -139,6 +141,6 @@ mkdir in
cp $SUBJECT/test/dtd*in
cp $SUBJECT/test/dtds/*in
# To be continued ...
$AFLGO/afl-fuzz -S ef709ce2 -z exp -c 45m -i in -o out $SUBJECT/xmllint --valid --recover @@
