Squirrel is a fuzzer for database managment systems (DBMSs).

Squirrel was first built on AFL and then migrated to AFLplusplus to enjoy the improvement of state-of-the-art fuzzing strategies.

1. SQLite
2. PostgreSQL
3. MySQL
4. MariaDB

1. Go to the directory of the dockerfile: cd scripts/docker/xxx/, where xxx is the database name.
2. Build the docker: docker build -t xxx ..
3. Run: docker run -it xxx.

For ubuntu 22.04:

sudo apt install libmysqlclient-dev cmake ninja-build clang pkg-config clang-format libpq-dev libyaml-cpp-dev

1. Clone this repo and run git submodule update --init.
2. cmake -S . -B build -DCMAKE_BUILD_TYPE=Release -Wno-dev. If you want to compile only the mutator for the specific databases, add -DXXXXX=ON, XXXXX can be SQLITE, MYSQL and POSTGRESQL. Mariadb share the same interface with MySQL.
3. cmake --build build -j, the binaries are in build/.

1. Build aflplusplus: cd AFLplusplus && make -j && cd ...
2. Use afl-cc and afl-c++ to instrument your database.

1. Set up a configuration file in yaml. Examples can be found in data/*.yml.
2. Set the enviroment variable

export SQUIRREL_CONFIG=/path/to/config.yml
export AFL_CUSTOM_MUTATOR_ONLY=1
export AFL_CUSTOM_MUTATOR_LIBRARY= REPO_DIR/build/libxxxx_mutator.so
export AFL_DISABLE_TRIM=1

Same as AFLplusplus: afl-fuzz -i input -o output -- sqlite_harness.

1. Dry run the database to get the __afl_map_size and set it to AFL_MAP_SIZE.
2. Run afl-fuzz -i input -o output -- ./build/db_driver, it will print the share memory id and wait for 30 seconds.
3. Start the databse server with export __AFL_SHM_ID=xxxx.

More details can be found in our CCS 2020 paper. And the bugs found by Squirrel can be found in here.

SQUIRREL: Testing Database Management Systems with Language Validity and Coverage Feedback

@inproceedings{zhong:squirrel,
  title        = {{SQUIRREL: Testing Database Management Systems with Language Validity and Coverage Feedback}},
  author       = {Rui Zhong and Yongheng Chen and Hong Hu and Hangfan Zhang and Wenke Lee and Dinghao Wu},
  booktitle    = {Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS)},
  month        = nov,
  year         = 2020,
  address      = {Orlando, USA},
}

1. Roel Van de Paar (@mariadb-RoelVandePaar): For his helpful feedback for improving Squirrel.