forked from uni-due-syssec/efcf-framework
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathci-test-wrapper.sh
More file actions
executable file
·137 lines (119 loc) · 5.69 KB
/
ci-test-wrapper.sh
File metadata and controls
executable file
·137 lines (119 loc) · 5.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
#!/usr/bin/env bash
if [[ -z "$EFCF_BUILD_CACHE" ]]; then
EFCF_BUILD_CACHE="$(realpath -m ./efcf-build-cache)"
fi
if [[ -z "$FUZZING_TIME" ]]; then
FUZZING_TIME=420
fi
export EFCF_BUILD_CACHE
export FUZZING_TIME
export AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES="1"
set -eu -o pipefail
set -x
mkdir -p out || true
rm -rf "$EFCF_BUILD_CACHE"
mkdir -p "$EFCF_BUILD_CACHE"
echo "using build cache $EFCF_BUILD_CACHE"
command -v efcfuzz
efcfuzz --verbose --version
echo "# ==== testing fuzzing source code ===="
efcfuzz --compress-builds n --verbose --until-crash --timeout $FUZZING_TIME --out ./out/basic_src_results/ --source ./data/tests/basic.sol
find ./out/basic_src_results/default/crashes/
test -n "$(ls -A ./out/basic_src_results/default/crashes/)"
pushd ./out/basic_src_results/
./r.sh ./default/crashes/id*
popd
rm -rf "$EFCF_BUILD_CACHE"
echo "# testing fuzzing with other cli flags"
efcfuzz --compress-builds n --quiet --until-crash --timeout $FUZZING_TIME --out ./out/basic_src_results/ --source ./data/tests/basic.sol
rm -rf "$EFCF_BUILD_CACHE"
efcfuzz --compress-builds n --quiet --print-progress --until-crash --timeout $FUZZING_TIME --out ./out/basic_src_results/ --source ./data/tests/basic.sol
rm -rf "$EFCF_BUILD_CACHE"
echo "cores: $(nproc)"
efcfuzz --compress-builds n --quiet --print-progress --cores "$(nproc)" --until-crash --timeout $FUZZING_TIME --out ./out/basic_src_results/ --source ./data/tests/basic.sol
rm -rf "$EFCF_BUILD_CACHE"
df -h . /tmp/ /dev/shm/ /tmp/efcf/
echo "# ==== testing fuzzing combined.json ===="
pushd ./data/tests/; make basic.combined.json; popd
efcfuzz --verbose --compress-builds n --until-crash --timeout $FUZZING_TIME --out ./out/basic_cj_results/ --bin-runtime ./data/tests/basic.combined.json
find ./out/basic_cj_results/default/crashes/
test -n "$(ls -A ./out/basic_cj_results/default/crashes/)"
pushd ./out/basic_cj_results/
./r.sh ./default/crashes/id*
popd
rm -rf "$EFCF_BUILD_CACHE"
df -h . /tmp/ /dev/shm/
echo "# ==== testing fuzzing plain bin-runtime, abi and bin ===="
pushd ./data/tests/; make basic; popd
efcfuzz --verbose --compress-builds n --until-crash --timeout $FUZZING_TIME --out ./out/basic_bin_results/ --bin-runtime ./data/tests/basic.bin-runtime --bin-deploy ./data/tests/basic.bin --abi ./data/tests/basic.abi
find ./out/basic_bin_results/default/crashes/
test -n "$(ls -A ./out/basic_bin_results/default/crashes/)"
pushd ./out/basic_bin_results/
./r.sh ./default/crashes/id*
popd
rm -rf "$EFCF_BUILD_CACHE"
df -h . /tmp/ /dev/shm/
echo "# ===== testing fuzzing source with properties ===="
efcfuzz --verbose --compress-builds n --until-crash --timeout $FUZZING_TIME --out ./out/harvey_baz/ --source ./data/properties-tests/harvey_baz.sol --properties ./data/properties-tests/harvey_baz.signatures
find ./out/harvey_baz/default/crashes/
test -n "$(ls -A ./out/harvey_baz/default/crashes/)"
pushd ./out/harvey_baz/
./r.sh ./default/crashes/id*
popd
rm -rf "$EFCF_BUILD_CACHE"
df -h . /tmp/ /dev/shm/
echo "# ===== testing fuzzing source with event assertions ===="
efcfuzz --verbose --compress-builds n --until-crash --timeout $FUZZING_TIME --out ./out/funwithnumbers --event-assertions --source ./data/assertions-tests/verifyfunwithnumbers.sol
find ./out/funwithnumbers/default/crashes/
test -n "$(ls -A ./out/funwithnumbers/default/crashes/)"
pushd ./out/funwithnumbers/
./r.sh ./default/crashes/id*
popd
rm -rf "$EFCF_BUILD_CACHE"
df -h . /tmp/ /dev/shm/
echo "# ===== testing fuzzing source with solidity panics ===="
efcfuzz --verbose --compress-builds n --until-crash --timeout $FUZZING_TIME --out ./out/overflow --sol-assertions --source ./data/assertions-tests/overflow.sol
find ./out/overflow/default/crashes/
test -n "$(ls -A ./out/overflow/default/crashes/)"
pushd ./out/overflow/
./r.sh ./default/crashes/id*
popd
rm -rf "$EFCF_BUILD_CACHE"
df -h . /tmp/ /dev/shm/
echo "# ==== testing fuzzing combined.json with compressed builds ===="
pushd ./data/tests/; make basic basic.combined.json; popd
efcfuzz --compress-builds y --verbose --until-crash --timeout $FUZZING_TIME --out ./out/basic_cj2_results/ --bin-runtime ./data/tests/basic.combined.json
find ./out/basic_cj2_results/default/crashes/
test -n "$(ls -A ./out/basic_cj2_results/default/crashes/)"
pushd ./out/basic_cj2_results/
./r.sh ./default/crashes/id*
popd
rm -rf "$EFCF_BUILD_CACHE"
df -h . /tmp/ /dev/shm/
echo "# ==== testing fuzzing of not vulnerable contracts ===="
efcfuzz --compress-builds n --verbose --until-crash --timeout 120 --out ./out/suicide_multitx_infeasible/ --source ./data/tests-not-vuln/suicide_multitx_infeasible.sol
find ./out/suicide_multitx_infeasible/ || true
test -z "$(ls -A ./out/suicide_multitx_infeasible/default/crashes/)"
rm -rf "$EFCF_BUILD_CACHE"
df -h . /tmp/ /dev/shm/
echo "# ==== testing fuzzing with git repo removed (fallback to tarball) ===="
ls -al $EFCF_INSTALL_DIR/ $EFCF_INSTALL_DIR/src/
rm -rf $EFCF_INSTALL_DIR/.git
pushd ./data/tests/; make basic basic.combined.json; popd
efcfuzz --compress-builds n --verbose --until-crash --timeout $FUZZING_TIME --out ./out/basic_cj2_results/ --bin-runtime ./data/tests/basic.combined.json
find ./out/basic_cj2_results/default/crashes/
test -n "$(ls -A ./out/basic_cj2_results/default/crashes/)"
pushd ./out/basic_cj2_results/
./r.sh ./default/crashes/id*
popd
rm -rf "$EFCF_BUILD_CACHE" || true
echo "# ==== testing fuzzing VulnBankBuggyLockHard example ===="
pushd ./examples/ReentrancyVulnBankBuggyLockHard/
efcfuzz --source victim.sol --cores `nproc` --name VulnBankBuggyLockHard --until-crash --quiet --print-progress --timeout "$FUZZING_TIME"
find ./efcf_out/crashes_min
test -n "$(ls -A ./efcf_out/crashes_min)"
pushd ./efcf_out/
./r.sh ./crashes_min/*
popd # ./efcf_out/
popd # ./examples/ReentrancyVulnBankBuggyLockHard/
rm -rf "$EFCF_BUILD_CACHE" || true