Skip to content

Commit

Permalink
[Fuzzing] move fuzz test in main repo add more fuzz test
Browse files Browse the repository at this point in the history
Signed-off-by: Arjun Singh <ajsinghyadav00@gmail.com>
  • Loading branch information
0x34d committed Oct 20, 2023
1 parent ba5271a commit 4addadb
Show file tree
Hide file tree
Showing 19 changed files with 510 additions and 1 deletion.
10 changes: 10 additions & 0 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ option(WITH_THRIFT "With thrift framed protocol supported" OFF)
option(WITH_SNAPPY "With snappy" OFF)
option(WITH_RDMA "With RDMA" OFF)
option(BUILD_UNIT_TESTS "Whether to build unit tests" OFF)
option(BUILD_FUZZ_TESTS "Whether to build fuzz tests" OFF)
option(BUILD_BRPC_TOOLS "Whether to build brpc tools" ON)
option(DOWNLOAD_GTEST "Download and build a fresh copy of googletest. Requires Internet access." ON)

Expand Down Expand Up @@ -478,6 +479,15 @@ if(BUILD_UNIT_TESTS)
add_subdirectory(test)
endif()

if(BUILD_FUZZ_TESTS)
if(NOT CMAKE_CXX_COMPILER_ID MATCHES "Clang")
message(FATAL_ERROR "Fuzzing is only supported with clang")
endif()
if(NOT BUILD_UNIT_TESTS)
message(FATAL_ERROR "BUILD_UNIT_TESTS must be enabled to build fuzz tests")
endif()
endif()

if(BUILD_BRPC_TOOLS)
add_subdirectory(tools)
endif()
Expand Down
27 changes: 26 additions & 1 deletion test/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ else()
message(FATAL_ERROR "Googletest is not available")
endif()

set(CMAKE_CPP_FLAGS "${DEFINE_CLOCK_GETTIME} -DBRPC_WITH_GLOG=${WITH_GLOG_VAL} -DBRPC_WITH_RDMA=${WITH_RDMA_VAL} -DGFLAGS_NS=${GFLAGS_NS}")
set(CMAKE_CPP_FLAGS "${CMAKE_CPP_FLAGS} ${DEFINE_CLOCK_GETTIME} -DBRPC_WITH_GLOG=${WITH_GLOG_VAL} -DBRPC_WITH_RDMA=${WITH_RDMA_VAL} -DGFLAGS_NS=${GFLAGS_NS}")
set(CMAKE_CPP_FLAGS "${CMAKE_CPP_FLAGS} -DBTHREAD_USE_FAST_PTHREAD_MUTEX -D__const__=__unused__ -D_GNU_SOURCE -DUSE_SYMBOLIZE -DNO_TCMALLOC -D__STDC_FORMAT_MACROS -D__STDC_LIMIT_MACROS -D__STDC_CONSTANT_MACROS -DUNIT_TEST -Dprivate=public -Dprotected=public -DBVAR_NOT_LINK_DEFAULT_VARIABLES -D__STRICT_ANSI__ -include ${PROJECT_SOURCE_DIR}/test/sstream_workaround.h")
set(CMAKE_CXX_FLAGS "${CMAKE_CPP_FLAGS} -g -O2 -pipe -Wall -W -fPIC -fstrict-aliasing -Wno-invalid-offsetof -Wno-unused-parameter -fno-omit-frame-pointer")
use_cxx11()
Expand Down Expand Up @@ -253,3 +253,28 @@ foreach(BRPC_UT ${BRPC_UNITTESTS})
${GPERFTOOLS_LIBRARIES})
add_test(NAME ${BRPC_UT_WE} COMMAND ${BRPC_UT_WE})
endforeach()

if(BUILD_FUZZ_TESTS)
add_library(brpc-static-debug STATIC $<TARGET_OBJECTS:BUTIL_DEBUG_LIB>
$<TARGET_OBJECTS:SOURCES_DEBUG_LIB>
$<TARGET_OBJECTS:PROTO_LIB>)
# change the debug lib output dir to be different from the release output
set_target_properties(brpc-static-debug PROPERTIES
LIBRARY_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/test)

target_link_libraries(brpc-static-debug ${DYNAMIC_LIB})
if(BRPC_WITH_GLOG)
target_link_libraries(brpc-static-debug ${GLOG_LIB})
endif()

set(FUZZ_TARGETS fuzz_butil fuzz_esp fuzz_hpack fuzz_http
fuzz_hulu fuzz_json fuzz_redis fuzz_shead fuzz_sofa fuzz_uri)

foreach(target ${FUZZ_TARGETS})
add_executable(${target} fuzzing/${target}.cpp $<TARGET_OBJECTS:TEST_PROTO_LIB>)
target_link_libraries(${target} brpc-static-debug ${LIB_FUZZING_ENGINE})
set_target_properties(${target} PROPERTIES
BUILD_WITH_INSTALL_RPATH TRUE
INSTALL_RPATH "$ORIGIN/lib")
endforeach()
endif()
52 changes: 52 additions & 0 deletions test/fuzzing/fuzz_butil.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.

#include "butil/base64.h"
#include "butil/crc32c.h"
#include "butil/hash.h"
#include "butil/sha1.h"

#define kMinInputLength 5
#define kMaxInputLength 1024

extern "C" int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
if (size < kMinInputLength || size > kMaxInputLength){
return 1;
}

std::string input(reinterpret_cast<const char*>(data), size);

{
std::string encoded;
std::string decoded;
butil::Base64Encode(input, &encoded);
butil::Base64Decode(input, &decoded);
}
{
butil::crc32c::Value(reinterpret_cast<const char*>(data), size);
}
{
butil::Hash(input);
}
{
butil::SHA1HashString(input);
}

return 0;
}
Binary file added test/fuzzing/fuzz_butil_seed_corpus.zip
Binary file not shown.
38 changes: 38 additions & 0 deletions test/fuzzing/fuzz_esp.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.

#include "brpc/policy/esp_protocol.h"

#define kMinInputLength 5
#define kMaxInputLength 1024

extern "C" int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
if (size < kMinInputLength || size > kMaxInputLength){
return 1;
}

std::string input(reinterpret_cast<const char*>(data), size);

butil::IOBuf buf;
buf.append(input);

brpc::policy::ParseEspMessage(&buf, NULL, false, NULL);

return 0;
}
43 changes: 43 additions & 0 deletions test/fuzzing/fuzz_hpack.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.

#include "brpc/details/hpack.h"
#include "butil/logging.h"

#define kMinInputLength 5
#define kMaxInputLength 1024

extern "C" int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
if (size < kMinInputLength || size > kMaxInputLength){
return 1;
}

std::string input(reinterpret_cast<const char*>(data), size);

butil::IOBuf buf;
brpc::HPacker p2;
brpc::HPacker::Header h2;

p2.Init(4096);
buf.append(input);

p2.Decode(&buf, &h2);

return 0;
}
Binary file added test/fuzzing/fuzz_hpack_seed_corpus.zip
Binary file not shown.
45 changes: 45 additions & 0 deletions test/fuzzing/fuzz_http.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.

#include "brpc/details/http_message.h"
#include "brpc/policy/http_rpc_protocol.h"

#define kMinInputLength 5
#define kMaxInputLength 1024

extern "C" int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
if (size < kMinInputLength || size > kMaxInputLength){
return 1;
}

std::string input(reinterpret_cast<const char*>(data), size);

{
butil::IOBuf buf;
buf.append(input);
brpc::HttpMessage http_message;
http_message.ParseFromIOBuf(buf);
}
{
brpc::HttpMessage http_message;
http_message.ParseFromArray((char *)data, size);
}

return 0;
}
Binary file added test/fuzzing/fuzz_http_seed_corpus.zip
Binary file not shown.
38 changes: 38 additions & 0 deletions test/fuzzing/fuzz_hulu.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.

#include "brpc/policy/hulu_pbrpc_protocol.h"

#define kMinInputLength 5
#define kMaxInputLength 1024

extern "C" int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
if (size < kMinInputLength || size > kMaxInputLength){
return 1;
}

std::string input(reinterpret_cast<const char*>(data), size);

butil::IOBuf buf;
buf.append(input);

brpc::policy::ParseHuluMessage(&buf, NULL, false, NULL);

return 0;
}
37 changes: 37 additions & 0 deletions test/fuzzing/fuzz_json.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.

#include "json2pb/json_to_pb.h"
#include "addressbook1.pb.h"

#define kMinInputLength 5
#define kMaxInputLength 1024

extern "C" int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
if (size < kMinInputLength || size > kMaxInputLength){
return 1;
}

std::string error;
JsonContextBody jsondata;
std::string input_data((char *)data,size);
json2pb::JsonToProtoMessage(input_data, &jsondata, &error);

return 0;
}
Binary file added test/fuzzing/fuzz_json_seed_corpus.zip
Binary file not shown.
48 changes: 48 additions & 0 deletions test/fuzzing/fuzz_redis.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.

#include <brpc/redis.h>
#include <brpc/redis_command.h>

#define kMinInputLength 5
#define kMaxInputLength 1024

extern "C" int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
if (size < kMinInputLength || size > kMaxInputLength){
return 1;
}

std::string input(reinterpret_cast<const char*>(data), size);
butil::IOBuf buf;
buf.append(input);
{
butil::Arena arena;
brpc::RedisCommandParser parser;
std::vector<butil::StringPiece> command_out;
parser.Consume(buf, &command_out, &arena);
}
{
butil::Arena arena;
brpc::RedisReply r2(&arena);
r2.ConsumePartialIOBuf(buf);
}

return 0;
}

Binary file added test/fuzzing/fuzz_redis_seed_corpus.zip
Binary file not shown.
Loading

0 comments on commit 4addadb

Please sign in to comment.