[go: up one dir, main page]
Skip to content

stdpain/Squirrel

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
MariaDB
MariaDB
 
 
MySQL
MySQL
 
 
PostgreSQL
PostgreSQL
 
 
SQLite
SQLite
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Squirrel

Squirrel is a fuzzer that aims at finding memory corruption issues in database managment systems (DBMSs). It is built on AFL. More details can be found in our CCS 2020 paper. And the bugs found by Squirrel can be found in here.

Currently supported DBMSs:

  1. SQLite
  2. PostgreSQL
  3. MySQL
  4. MariaDB

Build Instruction

Currently we test Squirrel on Ubuntu 16 and Ubuntu 18.

  1. Prerequisites:

    sudo apt-get -y update && apt-get -y upgrade
sudo apt-get -y install gdb bison flex git make cmake build-essential gcc-multilib g++-multilib xinetd libreadline-dev zlib1g-dev
sudo apt-get -y install clang libssl-dev libncurses5-dev

# Compile AFL, which is used for instrumenting the DBMSs
cd ~
git clone https://github.com/google/AFL.git
cd AFL
sed -i  's/#define MAP_SIZE_POW2       16/#define MAP_SIZE_POW2       18/' config.h
make
cd llvm_mode/
make

  2. DBMS-specific requirements: Headers and libary of MySQL, PostgreSQL and MariaDB if you want to test them. The most direct way is to compile the DBMSs.

  3. Compile Squirrel:

    git clone 
cd Squirrel/DBNAME/AFL
make afl-fuzz # You need to set the path in the Makefile

  4. Instrument DBMS:

    # SQLite:
git clone https://github.com/sqlite/sqlite.git
cd sqlite
mkdir bld
cd bld
CC=/path/to/afl-gcc CXX=/path/to/afl-g++ ../configure # You can also turn on debug flag if you want to find assertion
make

# MySQL/PostgreSQL/MariaDB
cd Squirrel/DBNAME/docker/
cp ../AFL/afl-fuzz .
sudo docker build -t IMAGE_ID .

Run

# SQLite:
cd Squirrel/SQLite/fuzz_root
./afl-fuzz -i input -o output -- /path/to/sqlite3 --bail

# MySQL, PostgreSQL, MySQL, MariaDB
docker run -it IMAGE_ID bash
python run.py # wait for a few minutes
tmux a -t fuzzing

Since the input has been well-tested. It is more likely to find new bugs if you use your own seeds.

Publications

SQUIRREL: Testing Database Management Systems with Language Validity and Coverage Feedback

@inproceedings{zhong:squirrel,
  title        = {{SQUIRREL: Testing Database Management Systems with Language Validity and Coverage Feedback}},
  author       = {Rui Zhong and Yongheng Chen and Hong Hu and Hangfan Zhang and Wenke Lee and Dinghao Wu},
  booktitle    = {Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS)},
  month        = nov,
  year         = 2020,
  address      = {Orlando, USA},
}

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C++ 63.3%
  • C 28.1%
  • Yacc 7.2%
  • Lex 0.6%
  • Makefile 0.5%
  • Dockerfile 0.2%
  • Other 0.1%