nixpkgs/pkgs/tools/security/afl/default.nix

{ stdenv, fetchurl, bash, callPackage, makeWrapper }:

let
  afl-qemu = callPackage ./qemu.nix {};
  qemu-exe-name = if stdenv.system == "x86_64-linux" then "qemu-x86_64"
    else if stdenv.system == "i686-linux" then "qemu-i386"
    else throw "afl: no support for ${stdenv.system}!";
in
stdenv.mkDerivation rec {
  name    = "afl-${version}";
  version = "1.58b";

  src = fetchurl {
    url    = "http://lcamtuf.coredump.cx/afl/releases/${name}.tgz";
    sha256 = "1szggm4x9i9bsrcb99s5vbgncagp7jvhz8cg9amkx7p6mp2x4pld";
  };

  buildInputs  = [ makeWrapper ];

  buildPhase   = "make PREFIX=$out";
  installPhase = ''
    # Do the normal installation
    make install PREFIX=$out

    # Install the custom QEMU emulator for binary blob fuzzing.
    cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace

    # Wrap every program with a custom $AFL_PATH; I believe there is a
    # bug in afl which causes it to fail to find `afl-qemu-trace`
    # relative to `afl-fuzz` or `afl-showmap`, so we instead set
    # $AFL_PATH as a workaround, which allows it to be found.
    for x in `ls $out/bin/afl-*`; do
      wrapProgram $x --prefix AFL_PATH : "$out/bin"
    done
  '';

  meta = {
    description = "Powerful fuzzer via genetic algorithms and instrumentation";
    longDescription = ''
      American fuzzy lop is a fuzzer that employs a novel type of
      compile-time instrumentation and genetic algorithms to
      automatically discover clean, interesting test cases that
      trigger new internal states in the targeted binary. This
      substantially improves the functional coverage for the fuzzed
      code. The compact synthesized corpora produced by the tool are
      also useful for seeding other, more labor or resource-intensive
      testing regimes down the road.
    '';
    homepage    = "http://lcamtuf.coredump.cx/afl/";
    license     = stdenv.lib.licenses.asl20;
    platforms   = stdenv.lib.platforms.linux;
    maintainers = [ stdenv.lib.maintainers.thoughtpolice ];
  };
}
nixpkgs: afl - add QEMU support This adds support for `afl-fuzz -Q`, which can be used to instrument arbitrary black-box binary code for fuzz testing using American Fuzzy Lop through QEMU emulation. This requires a custom QEMU 2.2.0 build of the Linux userspace emulators (system emulators aren't required) with some custom patches. Furthermore we have to patch the patches a little to make the build more sane (there are some notes in the README about this). Overall, the addition of this feature by default doesn't significantly impact build times (since building QEMU for only one target builds only a fraction of the source code, and many features are disabled), so it's enabled by default. Signed-off-by: Austin Seipp <aseipp@pobox.com> 2015-03-23 03:57:55 +01:00			`{ stdenv, fetchurl, bash, callPackage, makeWrapper }:`
nixpkgs: American Fuzzy Lop Signed-off-by: Austin Seipp <aseipp@pobox.com> 2014-11-25 19:42:53 +01:00
nixpkgs: afl - add QEMU support This adds support for `afl-fuzz -Q`, which can be used to instrument arbitrary black-box binary code for fuzz testing using American Fuzzy Lop through QEMU emulation. This requires a custom QEMU 2.2.0 build of the Linux userspace emulators (system emulators aren't required) with some custom patches. Furthermore we have to patch the patches a little to make the build more sane (there are some notes in the README about this). Overall, the addition of this feature by default doesn't significantly impact build times (since building QEMU for only one target builds only a fraction of the source code, and many features are disabled), so it's enabled by default. Signed-off-by: Austin Seipp <aseipp@pobox.com> 2015-03-23 03:57:55 +01:00			`let`
			`afl-qemu = callPackage ./qemu.nix {};`
			`qemu-exe-name = if stdenv.system == "x86_64-linux" then "qemu-x86_64"`
			`else if stdenv.system == "i686-linux" then "qemu-i386"`
			`else throw "afl: no support for ${stdenv.system}!";`
			`in`
nixpkgs: American Fuzzy Lop Signed-off-by: Austin Seipp <aseipp@pobox.com> 2014-11-25 19:42:53 +01:00			`stdenv.mkDerivation rec {`
			`name = "afl-${version}";`
nixpkgs: afl 1.57b -> 1.58b Signed-off-by: Austin Seipp <aseipp@pobox.com> 2015-03-28 07:51:00 +01:00			`version = "1.58b";`
nixpkgs: American Fuzzy Lop Signed-off-by: Austin Seipp <aseipp@pobox.com> 2014-11-25 19:42:53 +01:00
			`src = fetchurl {`
			`url = "http://lcamtuf.coredump.cx/afl/releases/${name}.tgz";`
nixpkgs: afl 1.57b -> 1.58b Signed-off-by: Austin Seipp <aseipp@pobox.com> 2015-03-28 07:51:00 +01:00			`sha256 = "1szggm4x9i9bsrcb99s5vbgncagp7jvhz8cg9amkx7p6mp2x4pld";`
nixpkgs: American Fuzzy Lop Signed-off-by: Austin Seipp <aseipp@pobox.com> 2014-11-25 19:42:53 +01:00			`};`

nixpkgs: afl - add QEMU support This adds support for `afl-fuzz -Q`, which can be used to instrument arbitrary black-box binary code for fuzz testing using American Fuzzy Lop through QEMU emulation. This requires a custom QEMU 2.2.0 build of the Linux userspace emulators (system emulators aren't required) with some custom patches. Furthermore we have to patch the patches a little to make the build more sane (there are some notes in the README about this). Overall, the addition of this feature by default doesn't significantly impact build times (since building QEMU for only one target builds only a fraction of the source code, and many features are disabled), so it's enabled by default. Signed-off-by: Austin Seipp <aseipp@pobox.com> 2015-03-23 03:57:55 +01:00			`buildInputs = [ makeWrapper ];`

nixpkgs: American Fuzzy Lop Signed-off-by: Austin Seipp <aseipp@pobox.com> 2014-11-25 19:42:53 +01:00			`buildPhase = "make PREFIX=$out";`
nixpkgs: afl - add QEMU support This adds support for `afl-fuzz -Q`, which can be used to instrument arbitrary black-box binary code for fuzz testing using American Fuzzy Lop through QEMU emulation. This requires a custom QEMU 2.2.0 build of the Linux userspace emulators (system emulators aren't required) with some custom patches. Furthermore we have to patch the patches a little to make the build more sane (there are some notes in the README about this). Overall, the addition of this feature by default doesn't significantly impact build times (since building QEMU for only one target builds only a fraction of the source code, and many features are disabled), so it's enabled by default. Signed-off-by: Austin Seipp <aseipp@pobox.com> 2015-03-23 03:57:55 +01:00			`installPhase = ''`
			`# Do the normal installation`
			`make install PREFIX=$out`

			`# Install the custom QEMU emulator for binary blob fuzzing.`
			`cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace`

			`# Wrap every program with a custom $AFL_PATH; I believe there is a`
			# bug in afl which causes it to fail to find `afl-qemu-trace`
			# relative to `afl-fuzz` or `afl-showmap`, so we instead set
			`# $AFL_PATH as a workaround, which allows it to be found.`
			for x in `ls $out/bin/afl-*`; do
			`wrapProgram $x --prefix AFL_PATH : "$out/bin"`
			`done`
			`'';`
nixpkgs: American Fuzzy Lop Signed-off-by: Austin Seipp <aseipp@pobox.com> 2014-11-25 19:42:53 +01:00
			`meta = {`
			`description = "Powerful fuzzer via genetic algorithms and instrumentation";`
			`longDescription = ''`
			`American fuzzy lop is a fuzzer that employs a novel type of`
			`compile-time instrumentation and genetic algorithms to`
			`automatically discover clean, interesting test cases that`
			`trigger new internal states in the targeted binary. This`
			`substantially improves the functional coverage for the fuzzed`
			`code. The compact synthesized corpora produced by the tool are`
			`also useful for seeding other, more labor or resource-intensive`
			`testing regimes down the road.`
			`'';`
			`homepage = "http://lcamtuf.coredump.cx/afl/";`
			`license = stdenv.lib.licenses.asl20;`
			`platforms = stdenv.lib.platforms.linux;`
			`maintainers = [ stdenv.lib.maintainers.thoughtpolice ];`
			`};`
			`}`