Help

[WinMin]

How can I modify the code if I want to add a fixed PHP statement at the beginning of the generated test cases?

[Changochen]

Can you try modifying the grammar file? (https://github.com/OMH4ck/PolyGlot-Grammar/blob/d857be160063f330f197e92ea9308577eb61b95a/php/PhpParser.g4#L37)

For example, if you want to add "APREFIX" to every test case, you can

program
    : 'APREFIX' Shebang? (inlineHtml | phpBlock)* EOF
    ;

After that, you have to modify all your seeds to match the grammar.

[Changochen]

Or you can modify it here: https://github.com/OMH4ck/PolyGlot/blob/c87cebb0335a77abc7fff188625a62c629059310/srcs/custom_mutator.cc#L53

For example:

unsigned int afl_custom_fuzz_count(PolyGlotMutator *mutator,
                                   const unsigned char *buf, size_t buf_size) {
  constexpr std::string_view kPrefix = "XXXX";

  // Skip the prefix so that the test case can be parsed.
  buf += kPrefix.size();

  std::string test_case((const char *)buf, buf_size);
  assert(!mutator->HasMutatedTextCase());
  return mutator->Mutate(test_case.c_str());
}

size_t afl_custom_fuzz(PolyGlotMutator *mutator, uint8_t *buf, size_t buf_size,
                       u8 **out_buf, uint8_t *add_buf,
                       size_t add_buf_size,  // add_buf can be nullptr
                       size_t max_size) {
  constexpr std::string kPrefix = "XXXX";
  static std::string current_input;
  current_input = std::string(mutator->GetNextMutatedTestCase());
  current_input = kPrefix + current_input;
  *out_buf = (u8 *)current_input.c_str();
  return current_input.size();
}