Releases: draperlaboratory/VaderModularFuzzer
Releases · draperlaboratory/VaderModularFuzzer
v4.1.0
New Features:
- New output modules will log all storage metadata to the console (LoggerMetadataOutput) or to a more easily machine readable CSV file (CSVMetadataOutput)
- This feature includes a refactoring of StatsOutput that moves the computation of storage-based output statistics to a new ComputeStats module. ComputStats writes each of these metrics to storage metadata.
- Note: the StatsOutput now relies on ComputeStats, so existing configuration files may need to be updated
- New data types in StorageModule
- unsigned integer
- VMF Core Modules have been updated to use unsigned values when appropriate.
- Note: Existing modules may need to be updated, if they rely on integer data that is output from Core Modules
- temporary buffer
- This provides for better memory utilization by VMF, because large buffers that are only needed during the current fuzzing loop can be cleared
- The AFL_TRACE_BITS and CMPLOG_MAP_BITS data fields are now of type temporary buffer
- unsigned integer
- VMF Controller modules will now keep all seed test cases in storage
- This is a behavioral change from VMF 4.0.0 and below. Use the controller.keepAllSeeds parameter to configure VMF with the old behavior.
- A new helper class, ModuleTestHelper, can be used to easily unit test modules
- See GAInputGenTest and AFLForkserverExecutorTest for example usage
- VmfRand now supports a configurable fixed seed, to enable control randomness for regression testing
Updates and Bug Fixes:
- Our example configuration files have been refactored for better ease of reuse
- Batched loading of large corpus updates for distributed fuzzing, for improved performance
- Command handling for distributed fuzzing is now accomplished via a new helper class, CDMSCommandAndCorpusHandler
- Module templates are now available as a starting point for new module developers (see vmf/src/samples)
- A new ControllerModulePattern class can be used as a starting point for module developers writing controller modules
- All VMF Core Modules controllers have been updated to use this base class
- Map-size autodetection fix to allow this feature to work with SUTs that capture SIGINT
- Minor bug fixes:
- AFLFavoredFeedback had incorrect data registration with storage, which has now been corrected
- Corrected memory errors in unit tests
Note: CDMS has not changed since VMF 3.2, so no upgrade is required for VMF 4.1.0
Release binaries SHA256:
- CDMS.war: 052b61544d9d2c084f2ff3632d2564eb3358cbff95e7aa441c2c9ddf47a00650
- emptycdms.db: 38788934bef348e0ce77c7a03145c1e969c4092b3505b1f7e98e5c3f8e099813
v4.0.0
VMF Version 4.0.0
New Features:
- API Changes to VMF Modules (see docs/migration-4.0.0.md for additional details):
- ExecutorModule now has access to storage, and should write execution results to storage
- FeedbackModule no longer directly depends on a specific ExecutorModule
- InputGenerator now creates the new StorageEntry and passes it to the mutator submodule
- FormatterModule has been removed
- New helper methods to retrieve a submodule by name (getXXXSubmoduleByName)
- API Changes to StorageModule (see docs/migration-4.0.0.md for additional details):
- Tagging separated from saving
- Support for temporary/local storage entries
- New convenience methods to allocation and initialize a buffer in one step
- Capability to specify a default value for a storage entry field
- Minor renaming/relocation of functions
- RedPawn: An input-to-state (I2S) analysis tool comparable to RedQueen (https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04A-2_Aschermann_paper.pdf)
- Config Changes:
- New configuration option to support a named set of submodules (see vmfClassSet in docs/configuration.md)
- Storage and controller module configuration options are now references by className/id (to be consistent with other modules)
- New VmfRand utility function
Updates and Bug Fixes:
- Additional Linux OS Support:
- CentOS 8 and 9
- Kali
- Oracle Linux 8 and 9
- RedHat 8 and 9
- Ubuntu 20 and 22 (Supported in earlier release of VMF as well)
- DirectoryBasedSeedGenerator now sorts test cases in input directory alphabetically
- Improved error handling in AFLForkserverExecutor, auto-detection of AFL++ map size
- Build Changes
- make vmf-clean target is now included (rebuilds VMF without rebuilding third party dependencies)
- coremodules renamed to modules
- VMF framework dependencies are now statically linked, and the required source code is included with VMF
- VMF no longer directly depends on AFL++ source code
- Radamsa module removed
- Radamsa support will instead be provided through VMF Experimental repository(https://github.com/draperlaboratory/VmfExperimental)
- Minor renaming and restructuring of source code
Note: CDMS has not changed since VMF 3.2, so no upgrade is required for VMF 4.0.0
Release binaries SHA256:
- CDMS.war: 052b61544d9d2c084f2ff3632d2564eb3358cbff95e7aa441c2c9ddf47a00650
- emptycdms.db: 38788934bef348e0ce77c7a03145c1e969c4092b3505b1f7e98e5c3f8e099813
v3.2.0
VMF Version 3.2.0
New Features:
- Test cases are passed to and from the CDMS server as a zip file (this increases server performance)
Updates and Bug Fixes:
- Upgraded to C++17
- Added support for compiling VMF with Clang++
- Additional configuration option for tuning CDMS for large installations
- Clearer error messages if the path to the SUT is invalid and for YAML configuration file errors
Release binaries SHA256:
- CDMS.war: 052b61544d9d2c084f2ff3632d2564eb3358cbff95e7aa441c2c9ddf47a00650
- emptycdms.db: 38788934bef348e0ce77c7a03145c1e969c4092b3505b1f7e98e5c3f8e099813
v3.1.0
VMF Version 3.1.0
New Features Include:
- Gramatron input generator and mutators
- Support for building and running on Ubuntu 22.04 LTS
Updates and bugfixes:
- Added Controller options for distributed corpus update configuration
- Corrected bug in reading configuration options for Output modules
- Updated CDMS dependencies
- Fitness values should never be negative
- Add plog external INTERFACE target in CMake script
- Corrected gitignore to no longer exclude src code under "output" modules
- Clearer error handling if there are zero seed test cases
Release binaries SHA256:
- CDMS.war: d8003e3b0dfb0d6664659b18cf0b93be4219b7ab624cb3fbfe8d4b14d2f2df88
- emptycdms.db: 4c14a173a67ea725884aa9051a6316e9bf08043fe1fa91eeb80c59683ac1cda5
- vmf_v3.1.0_Ubuntu18.tar.gz: 02d50b6536d2ad7290c78407a57f1793b5e042b755770d8614585160007b25de
- vmf_v3.1.0_Ubuntu20.tar.gz: 76f3550f3634a85a69aef470fb9e9fca1f5f45b4702f5460cdfd236de458f43b
- vmf_v3.1.0_Ubuntu22.tar.gz: 6cdf3a152ac4df7f5fa9eb4a7ddc0556bbf478fa04160ad58ef8a9cb591aba7e
v3.0.0
First public release of VMF and CDMS
- Getting Started with VMF
Release binaries SHA256
- CDMS.war:
5140e0a659114d1c1d9c75e38dc25411413bbbd2abe302d2f1bed88e46faa939
- vmf_v3.0.0_Ubuntu18.tar.gz:
46cbabac351e8869623804147cde4a5978d38934c9a179f428df900ad043f72a
- vmf_v3.0.0_Ubuntu20.tar.gz:
d8ad7abe842000137453406acce7f914fa187445dcdaf38af01563fead5aba08