From e38a8bcab36f442f86cfeca066acc92236760eaf Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 11 Aug 2020 09:43:13 -0500 Subject: [PATCH 1/5] added coverage for mongo and mysql Signed-off-by: jianwen --- .../network_readfilter_corpus/mongodb_proxy_1 | 115 ++++++++++++++++++ .../network_readfilter_corpus/mysql_proxy_1 | 95 +++++++++++++++ .../common/fuzz/uber_per_readfilter.cc | 7 +- .../network/common/fuzz/uber_readfilter.cc | 27 +++- 4 files changed, 241 insertions(+), 3 deletions(-) create mode 100644 test/extensions/filters/network/common/fuzz/network_readfilter_corpus/mongodb_proxy_1 create mode 100644 test/extensions/filters/network/common/fuzz/network_readfilter_corpus/mysql_proxy_1 diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/mongodb_proxy_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/mongodb_proxy_1 new file mode 100644 index 000000000000..e1ca43232555 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/mongodb_proxy_1 @@ -0,0 +1,115 @@ +config { + name: "envoy.filters.network.mongo_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.mongo_proxy.v3.MongoProxy" + value: "\n\001\\\032\007\"\003\010\200t*\000 \001" + } +} +actions { + on_data { + data: "]\000" + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "\004\000" + end_stream: true + } +} +actions { + advance_time { + milliseconds: 14848 + } +} +actions { + on_data { + data: "\004\000" + end_stream: true + } +} +actions { + advance_time { + milliseconds: 14848 + } +} +actions { + on_data { + data: "\004\000\001\000\000\000\000\000\000\001" + end_stream: true + } +} +actions { + on_data { + data: "<" + end_stream: true + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "\004\000" + } +} +actions { + on_data { + data: "\004\000" + } +} +actions { + advance_time { + milliseconds: 14848 + } +} +actions { + on_data { + data: "type.googleapis.com/envoy.extensions.filters.network.mongo_proxy.v3.MongoProxy" + end_stream: true + } +} +actions { + on_data { + data: "\004\000" + end_stream: true + } +} +actions { + on_data { + data: "\004\000" + } +} +actions { + on_data { + data: "pH\037\000 `\000\000" + end_stream: true + } +} +actions { + on_data { + data: "\004\000" + end_stream: true + } +} +actions { + advance_time { + milliseconds: 14848 + } +} +actions { + on_data { + data: "=" + end_stream: true + } +} +actions { + on_data { + data: "\004\000" + end_stream: true + } +} \ No newline at end of file diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/mysql_proxy_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/mysql_proxy_1 new file mode 100644 index 000000000000..da49e89d749d --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/mysql_proxy_1 @@ -0,0 +1,95 @@ +config { + name: "envoy.filters.network.mysql_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.mysql_proxy.v3.MySQLProxy" + value: "\n\006#\336\215\302\246\001" + } +} +actions { + on_data { + data: "\031\031\031\031" + } +} +actions { + advance_time { + milliseconds: 14848 + } +} +actions { + on_data { + data: "\031\031\031\031\031\031\031\031" + end_stream: true + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "3" + } +} +actions { + on_data { + data: "#" + } +} +actions { + on_data { + data: "#" + end_stream: true + } +} +actions { + on_data { + data: "3" + } +} +actions { + on_data { + data: "#" + end_stream: true + } +} +actions { + on_data { + data: "#" + } +} +actions { + on_data { + data: "#" + } +} +actions { + on_data { + data: "\031\031\031\031\031\031\031\031" + end_stream: true + } +} +actions { + on_data { + end_stream: true + } +} +actions { + on_data { + end_stream: true + } +} +actions { + on_data { + data: "3" + } +} +actions { + on_data { + end_stream: true + } +} +actions { + on_data { + data: "3" + } +} \ No newline at end of file diff --git a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc index ce8d04e51fc4..3ff3c9860632 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc @@ -34,8 +34,11 @@ std::vector UberFilterFuzzer::filterNames() { NetworkFilterNames::get().HttpConnectionManager, NetworkFilterNames::get().ThriftProxy, NetworkFilterNames::get().ZooKeeperProxy, NetworkFilterNames::get().SniDynamicForwardProxy, NetworkFilterNames::get().KafkaBroker, NetworkFilterNames::get().RocketmqProxy, - NetworkFilterNames::get().RateLimit, NetworkFilterNames::get().Rbac - // TODO(jianwendong): cover mongo_proxy, mysql_proxy, postgres_proxy, tcp_proxy. + NetworkFilterNames::get().RateLimit, NetworkFilterNames::get().Rbac, + NetworkFilterNames::get().MongoProxy, NetworkFilterNames::get().MySQLProxy + // TODO(jianwendong): add "NetworkFilterNames::get().Postgres" after it supports untrusted + // data. + // TODO(jianwendong): add fuzz test for "NetworkFilterNames::get().TcpProxy". }; // Check whether each filter is loaded into Envoy. // Some customers build Envoy without some filters. When they run fuzzing, the use of a filter diff --git a/test/extensions/filters/network/common/fuzz/uber_readfilter.cc b/test/extensions/filters/network/common/fuzz/uber_readfilter.cc index a5b2faa1ab26..b4ce0e7dbcc8 100644 --- a/test/extensions/filters/network/common/fuzz/uber_readfilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_readfilter.cc @@ -3,6 +3,8 @@ #include "common/config/utility.h" #include "common/config/version_converter.h" +using testing::Return; + namespace Envoy { namespace Extensions { namespace NetworkFilters { @@ -38,14 +40,37 @@ void UberFilterFuzzer::fuzzerSetup() { read_filter_ = read_filter; read_filter_->initializeReadFilterCallbacks(*read_filter_callbacks_); })); + // Prepare sni for sni_cluster filter and sni_dynamic_forward_proxy filter. ON_CALL(read_filter_callbacks_->connection_, requestedServerName()) - .WillByDefault(testing::Return("fake_cluster")); + .WillByDefault(Return("fake_cluster")); + // Prepare time source for filters such as local_ratelimit filter. factory_context_.prepareSimulatedSystemTime(); + // Prepare address for filters such as ext_authz filter. pipe_addr_ = std::make_shared("/test/test.sock"); async_request_ = std::make_unique(); + + // Set featureEnabled for mongo_proxy + ON_CALL(factory_context_.runtime_loader_.snapshot_, featureEnabled("mongo.proxy_enabled", 100)) + .WillByDefault(Return(true)); + ON_CALL(factory_context_.runtime_loader_.snapshot_, + featureEnabled("mongo.connection_logging_enabled", 100)) + .WillByDefault(Return(true)); + ON_CALL(factory_context_.runtime_loader_.snapshot_, featureEnabled("mongo.logging_enabled", 100)) + .WillByDefault(Return(true)); + + // Set featureEnabled for thrift_proxy + ON_CALL(factory_context_.runtime_loader_.snapshot_, + featureEnabled("ratelimit.thrift_filter_enabled", 100)) + .WillByDefault(Return(true)); + ON_CALL(factory_context_.runtime_loader_.snapshot_, + featureEnabled("ratelimit.thrift_filter_enforcing", 100)) + .WillByDefault(Return(true)); + ON_CALL(factory_context_.runtime_loader_.snapshot_, + featureEnabled("ratelimit.test_key.thrift_filter_enabled", 100)) + .WillByDefault(Return(true)); } UberFilterFuzzer::UberFilterFuzzer() : time_source_(factory_context_.simulatedTimeSystem()) { From 67ce348f4f35a1b01cd4656bde41572bbd347cce Mon Sep 17 00:00:00 2001 From: jianwen Date: Wed, 12 Aug 2020 10:20:53 -0500 Subject: [PATCH 2/5] improved the coverage of mongo and mysql filter. Signed-off-by: jianwen --- .../filters/network/common/fuzz/BUILD | 1 + .../network_readfilter_corpus/mongodb_proxy_1 | 44 +++++- .../network_readfilter_corpus/mongodb_proxy_2 | 143 ++++++++++++++++++ .../network_readfilter_corpus/mysql_proxy_1 | 67 +++++--- .../common/fuzz/uber_per_readfilter.cc | 12 +- 5 files changed, 240 insertions(+), 27 deletions(-) create mode 100644 test/extensions/filters/network/common/fuzz/network_readfilter_corpus/mongodb_proxy_2 diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index 8f54f57e5de8..530c85b9892a 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -52,6 +52,7 @@ envoy_cc_test_library( "@envoy_api//envoy/extensions/filters/network/direct_response/v3:pkg_cc_proto", "@envoy_api//envoy/extensions/filters/network/local_ratelimit/v3:pkg_cc_proto", "@envoy_api//envoy/extensions/filters/network/thrift_proxy/v3:pkg_cc_proto", + "@envoy_api//envoy/extensions/filters/network/mongo_proxy/v3:pkg_cc_proto", ], ) diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/mongodb_proxy_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/mongodb_proxy_1 index e1ca43232555..a706859ebfb0 100644 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/mongodb_proxy_1 +++ b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/mongodb_proxy_1 @@ -5,32 +5,55 @@ config { value: "\n\001\\\032\007\"\003\010\200t*\000 \001" } } + actions { on_data { - data: "]\000" + data: "\120\0\0\0\1\0\0\0\1\0\0\0\324\7\0\0\4\0\0\0\164\145\163\164\56\164\145\163\164\0\24\0\0\0\377\377\377\377\52\0\0\0\2\163\164\162\151\156\147\137\156\145\145\144\137\145\163\143\0\20\0\0\0\173\42\146\157\157\42\72\40\42\142\141\162\12\42\175\0\0" } } + actions { - on_new_connection { + on_data { + data: "\56\0\0\0\2\0\0\0\2\0\0\0\1\0\0\0\10\0\0\0\40\116\0\0\0\0\0\0\24\0\0\0\2\0\0\0\5\0\0\0\0\5\0\0\0\0" } } + + actions { on_data { - data: "\004\000" - end_stream: true + data: "\45\0\0\0\3\0\0\0\3\0\0\0\325\7\0\0\0\0\0\0\164\145\163\164\0\24\0\0\0\40\116\0\0\0\0\0\0" } } + actions { - advance_time { - milliseconds: 14848 + on_data { + data: "\43\0\0\0\4\0\0\0\4\0\0\0\322\7\0\0\10\0\0\0\164\145\163\164\0\5\0\0\0\0\5\0\0\0\0" } } + + + + actions { on_data { - data: "\004\000" - end_stream: true + data: "\50\0\0\0\5\0\0\0\5\0\0\0\327\7\0\0\0\0\0\0\2\0\0\0\40\116\0\0\0\0\0\0\100\234\0\0\0\0\0\0" + } +} + + + +actions { + on_data { + data: "\120\0\0\0\17\0\0\0\31\0\0\0\332\7\0\0\124\145\163\164\40\144\141\164\141\142\141\163\145\0\124\145\163\164\40\143\157\155\155\141\156\144\40\156\141\155\145\0\5\0\0\0\0\5\0\0\0\0\26\0\0\0\2\167\157\162\154\144\0\6\0\0\0\150\145\154\154\157\0\0" + } +} + +actions { + on_data { + data: "\60\0\0\0\20\0\0\0\32\0\0\0\333\7\0\0\5\0\0\0\0\5\0\0\0\0\26\0\0\0\2\167\157\162\154\144\0\6\0\0\0\150\145\154\154\157\0\0" } } + actions { advance_time { milliseconds: 14848 @@ -42,6 +65,11 @@ actions { end_stream: true } } +actions { + advance_time { + milliseconds: 14848 + } +} actions { on_data { data: "<" diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/mongodb_proxy_2 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/mongodb_proxy_2 new file mode 100644 index 000000000000..4f7fdc4364f5 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/mongodb_proxy_2 @@ -0,0 +1,143 @@ +config { + name: "envoy.filters.network.mongo_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.mongo_proxy.v3.MongoProxy" + value: "\n\001\\\032\t\032\002\020\010\"\003\010\200t \001" + } +} + +actions { + on_data { + data: "\120\0\0\0\1\0\0\0\1\0\0\0\324\7\0\0\4\0\0\0\164\145\163\164\56\164\145\163\164\0\24\0\0\0\377\377\377\377\52\0\0\0\2\163\164\162\151\156\147\137\156\145\145\144\137\145\163\143\0\20\0\0\0\173\42\146\157\157\42\72\40\42\142\141\162\12\42\175\0\0" + } +} + +actions { + on_data { + data: "\56\0\0\0\2\0\0\0\2\0\0\0\1\0\0\0\10\0\0\0\40\116\0\0\0\0\0\0\24\0\0\0\2\0\0\0\5\0\0\0\0\5\0\0\0\0" + } +} + + +actions { + on_data { + data: "\45\0\0\0\3\0\0\0\3\0\0\0\325\7\0\0\0\0\0\0\164\145\163\164\0\24\0\0\0\40\116\0\0\0\0\0\0" + } +} + +actions { + on_data { + data: "\43\0\0\0\4\0\0\0\4\0\0\0\322\7\0\0\10\0\0\0\164\145\163\164\0\5\0\0\0\0\5\0\0\0\0" + } +} + + + + +actions { + on_data { + data: "\50\0\0\0\5\0\0\0\5\0\0\0\327\7\0\0\0\0\0\0\2\0\0\0\40\116\0\0\0\0\0\0\100\234\0\0\0\0\0\0" + } +} + + + +actions { + on_data { + data: "\120\0\0\0\17\0\0\0\31\0\0\0\332\7\0\0\124\145\163\164\40\144\141\164\141\142\141\163\145\0\124\145\163\164\40\143\157\155\155\141\156\144\40\156\141\155\145\0\5\0\0\0\0\5\0\0\0\0\26\0\0\0\2\167\157\162\154\144\0\6\0\0\0\150\145\154\154\157\0\0" + } +} + +actions { + on_data { + data: "\60\0\0\0\20\0\0\0\32\0\0\0\333\7\0\0\5\0\0\0\0\5\0\0\0\0\26\0\0\0\2\167\157\162\154\144\0\6\0\0\0\150\145\154\154\157\0\0" + } +} + +actions { + advance_time { + milliseconds: 14848 + } +} +actions { + on_data { + data: "\004\000\001\000\000\000\000\000\000\001" + end_stream: true + } +} +actions { + advance_time { + milliseconds: 14848 + } +} +actions { + on_data { + data: "<" + end_stream: true + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "\004\000" + } +} +actions { + on_data { + data: "\004\000" + } +} +actions { + advance_time { + milliseconds: 14848 + } +} +actions { + on_data { + data: "type.googleapis.com/envoy.extensions.filters.network.mongo_proxy.v3.MongoProxy" + end_stream: true + } +} +actions { + on_data { + data: "\004\000" + end_stream: true + } +} +actions { + on_data { + data: "\004\000" + } +} +actions { + on_data { + data: "pH\037\000 `\000\000" + end_stream: true + } +} +actions { + on_data { + data: "\004\000" + end_stream: true + } +} +actions { + advance_time { + milliseconds: 14848 + } +} +actions { + on_data { + data: "=" + end_stream: true + } +} +actions { + on_data { + data: "\004\000" + end_stream: true + } +} \ No newline at end of file diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/mysql_proxy_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/mysql_proxy_1 index da49e89d749d..6fc44c1e5cf0 100644 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/mysql_proxy_1 +++ b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/mysql_proxy_1 @@ -5,82 +5,113 @@ config { value: "\n\006#\336\215\302\246\001" } } + actions { on_data { - data: "\031\031\031\031" + data: "\34\0\0\0\12\65\56\60\56\65\64\0\136\0\0\0\41\100\163\141\154\164\43\44\0\1\1\41\0\2\0\2" } } + actions { - advance_time { - milliseconds: 14848 + on_data { + data: "\57\0\0\1\0\0\0\3\1\0\0\0\41\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\165\163\145\162\61\0\160\64\44\44\167\60\162\66\0" } } + actions { on_data { - data: "\031\031\031\031\031\031\031\031" - end_stream: true + data: "\7\0\0\2\376\1\0\0\0\1\0" } } + actions { - on_new_connection { + on_data { + data: "\14\0\0\3\155\171\163\161\154\137\157\160\141\161\165\145" } } + actions { on_data { - data: "3" + data: "\7\0\0\4\377\1\0\0\0\1\0" } } + actions { on_data { - data: "#" + data: "\30\0\0\0\3\103\122\105\101\124\105\40\104\101\124\101\102\101\123\105\40\155\171\163\161\154\144\142" } } + actions { on_data { - data: "#" - end_stream: true + data: "\34\0\0\0\12\65\56\60\56\65\64\0\136\0\0\0\41\100\163\141\154\164\43\44\0\1\1\41\0\2\0\2" } } actions { - on_data { - data: "3" + advance_time { + milliseconds: 14848 } } actions { on_data { - data: "#" + data: "\7\0\0\2\377\1\0\0\0\1\0" end_stream: true } } +actions { + on_new_connection { + } +} actions { on_data { - data: "#" + data: "\57\0\0\1\0\2\0\3\1\0\0\0\41\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\165\163\145\162\61\0\160\64\44\44\167\60\162\66\0" } } actions { on_data { - data: "#" + data: "\7\0\0\2\0\1\0\0\0\1\0" } } actions { on_data { - data: "\031\031\031\031\031\031\031\031" + data: "\7\0\0\2\376\1\0\0\0\1\0" end_stream: true } } actions { on_data { - end_stream: true + data: "\7\0\0\4\377\1\0\0\0\1\0" } } actions { on_data { + data: "\57\0\0\1\0\0\0\3\1\0\0\0\41\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\165\163\145\162\61\0\160\64\44\44\167\60\162\66\0" end_stream: true } } actions { on_data { - data: "3" + data: "\30\0\0\0\3\103\122\105\101\124\105\40\104\101\124\101\102\101\123\105\40\155\171\163\161\154\144\142" + } +} +actions { + on_data { + data: "\30\0\0\5\3\103\122\105\101\124\105\40\104\101\124\101\102\101\123\105\40\155\171\163\161\154\144\142" + } +} +actions { + on_data { + data: "\1\0\0\0\4" + } +} +actions { + on_data { + data: "\7\0\0\4\1\1\0\0\0\1\0" + } +} +actions { + on_data { + data: "\7\0\0\4\1\1\0\0\0\1\0" } } actions { diff --git a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc index 3ff3c9860632..a51152a35357 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc @@ -1,6 +1,7 @@ #include "envoy/extensions/filters/network/direct_response/v3/config.pb.h" #include "envoy/extensions/filters/network/local_ratelimit/v3/local_rate_limit.pb.h" #include "envoy/extensions/filters/network/thrift_proxy/v3/thrift_proxy.pb.h" +#include "envoy/extensions/filters/network/mongo_proxy/v3/mongo_proxy.pb.h" #include "extensions/filters/common/ratelimit/ratelimit_impl.h" #include "extensions/filters/network/common/utility.h" @@ -160,7 +161,16 @@ void UberFilterFuzzer::checkInvalidInputForFuzzer(const std::string& filter_name "http_conn_manager trying to use Quiche which we won't fuzz here. Config:\n{}", config.DebugString())); } - } + }else if(filter_name == NetworkFilterNames::get().MongoProxy){ + envoy::extensions::filters::network::mongo_proxy::v3::MongoProxy& + config = dynamic_cast(*config_message); + if(config.mutable_delay()->has_header_delay()){ + // Mongo has no header map. Only fixed_delay is supported. + throw EnvoyException(absl::StrCat( + "Header_delay is not supported here. Config:\n{}", + config.DebugString())); + } + } } } // namespace NetworkFilters From 08de362d6402f00be5e1cc51c117f9f78ee2b80d Mon Sep 17 00:00:00 2001 From: jianwen Date: Wed, 12 Aug 2020 10:25:55 -0500 Subject: [PATCH 3/5] fixed style Signed-off-by: jianwen --- .../filters/network/common/fuzz/BUILD | 2 +- .../common/fuzz/uber_per_readfilter.cc | 20 +++++++++---------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index 530c85b9892a..406fd12cf8da 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -51,8 +51,8 @@ envoy_cc_test_library( "//test/mocks/network:network_mocks", "@envoy_api//envoy/extensions/filters/network/direct_response/v3:pkg_cc_proto", "@envoy_api//envoy/extensions/filters/network/local_ratelimit/v3:pkg_cc_proto", - "@envoy_api//envoy/extensions/filters/network/thrift_proxy/v3:pkg_cc_proto", "@envoy_api//envoy/extensions/filters/network/mongo_proxy/v3:pkg_cc_proto", + "@envoy_api//envoy/extensions/filters/network/thrift_proxy/v3:pkg_cc_proto", ], ) diff --git a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc index a51152a35357..15566993b1f4 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc @@ -1,7 +1,7 @@ #include "envoy/extensions/filters/network/direct_response/v3/config.pb.h" #include "envoy/extensions/filters/network/local_ratelimit/v3/local_rate_limit.pb.h" -#include "envoy/extensions/filters/network/thrift_proxy/v3/thrift_proxy.pb.h" #include "envoy/extensions/filters/network/mongo_proxy/v3/mongo_proxy.pb.h" +#include "envoy/extensions/filters/network/thrift_proxy/v3/thrift_proxy.pb.h" #include "extensions/filters/common/ratelimit/ratelimit_impl.h" #include "extensions/filters/network/common/utility.h" @@ -161,16 +161,16 @@ void UberFilterFuzzer::checkInvalidInputForFuzzer(const std::string& filter_name "http_conn_manager trying to use Quiche which we won't fuzz here. Config:\n{}", config.DebugString())); } - }else if(filter_name == NetworkFilterNames::get().MongoProxy){ - envoy::extensions::filters::network::mongo_proxy::v3::MongoProxy& - config = dynamic_cast(*config_message); - if(config.mutable_delay()->has_header_delay()){ - // Mongo has no header map. Only fixed_delay is supported. - throw EnvoyException(absl::StrCat( - "Header_delay is not supported here. Config:\n{}", - config.DebugString())); - } + } else if (filter_name == NetworkFilterNames::get().MongoProxy) { + envoy::extensions::filters::network::mongo_proxy::v3::MongoProxy& config = + dynamic_cast( + *config_message); + if (config.has_delay() && config.mutable_delay()->has_header_delay()) { + // Mongo has no header map. Only fixed_delay is supported. + throw EnvoyException( + absl::StrCat("Header_delay is not supported here. Config:\n{}", config.DebugString())); } + } } } // namespace NetworkFilters From 691e4f5b60ecd0ca1e37fb0be09498566b5bd697 Mon Sep 17 00:00:00 2001 From: jianwen Date: Thu, 13 Aug 2020 12:25:41 -0500 Subject: [PATCH 4/5] fixed the comments Signed-off-by: jianwen --- .../network/common/fuzz/uber_per_readfilter.cc | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc index 15566993b1f4..4895f24861e0 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc @@ -122,7 +122,7 @@ void UberFilterFuzzer::perFilterSetup(const std::string& filter_name) { void UberFilterFuzzer::checkInvalidInputForFuzzer(const std::string& filter_name, Protobuf::Message* config_message) { - // System calls such as reading files are prohibited in this fuzzer. Some input that crashes the + // System calls such as reading files are prohibited in this fuzzer. Some inputs that crash the // mock/fake objects are also prohibited. We could also avoid fuzzing some unfinished features by // checking them here. For now there are only three filters {DirectResponse, LocalRateLimit, // HttpConnectionManager} on which we have constraints. @@ -166,9 +166,14 @@ void UberFilterFuzzer::checkInvalidInputForFuzzer(const std::string& filter_name dynamic_cast( *config_message); if (config.has_delay() && config.mutable_delay()->has_header_delay()) { - // Mongo has no header map. Only fixed_delay is supported. - throw EnvoyException( - absl::StrCat("Header_delay is not supported here. Config:\n{}", config.DebugString())); + // MongoProxy filter doesn't allow header_delay because it will pass nullptr to percentage() + // which will cause "runtime error: member call on null pointer". (See: + // https://github.com/envoyproxy/envoy/blob/master/source/extensions/filters/network/mongo_proxy/proxy.cc#L403 + // and + // https://github.com/envoyproxy/envoy/blob/master/source/extensions/filters/common/fault/fault_config.cc#L16) + throw EnvoyException(absl::StrCat( + "header delay is not supported in the config of a MongoProxy filter.. Config:\n{}", + config.DebugString())); } } } From f22fb255472448aec3da748c7f53a3f590358203 Mon Sep 17 00:00:00 2001 From: jianwen Date: Fri, 14 Aug 2020 13:41:45 -0500 Subject: [PATCH 5/5] removed the change for mongo_proxy config check Signed-off-by: jianwen --- test/extensions/filters/network/common/fuzz/BUILD | 1 - .../network/common/fuzz/uber_per_readfilter.cc | 15 --------------- 2 files changed, 16 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index 406fd12cf8da..8f54f57e5de8 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -51,7 +51,6 @@ envoy_cc_test_library( "//test/mocks/network:network_mocks", "@envoy_api//envoy/extensions/filters/network/direct_response/v3:pkg_cc_proto", "@envoy_api//envoy/extensions/filters/network/local_ratelimit/v3:pkg_cc_proto", - "@envoy_api//envoy/extensions/filters/network/mongo_proxy/v3:pkg_cc_proto", "@envoy_api//envoy/extensions/filters/network/thrift_proxy/v3:pkg_cc_proto", ], ) diff --git a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc index 4895f24861e0..d90c82e2d41a 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc @@ -1,6 +1,5 @@ #include "envoy/extensions/filters/network/direct_response/v3/config.pb.h" #include "envoy/extensions/filters/network/local_ratelimit/v3/local_rate_limit.pb.h" -#include "envoy/extensions/filters/network/mongo_proxy/v3/mongo_proxy.pb.h" #include "envoy/extensions/filters/network/thrift_proxy/v3/thrift_proxy.pb.h" #include "extensions/filters/common/ratelimit/ratelimit_impl.h" @@ -161,20 +160,6 @@ void UberFilterFuzzer::checkInvalidInputForFuzzer(const std::string& filter_name "http_conn_manager trying to use Quiche which we won't fuzz here. Config:\n{}", config.DebugString())); } - } else if (filter_name == NetworkFilterNames::get().MongoProxy) { - envoy::extensions::filters::network::mongo_proxy::v3::MongoProxy& config = - dynamic_cast( - *config_message); - if (config.has_delay() && config.mutable_delay()->has_header_delay()) { - // MongoProxy filter doesn't allow header_delay because it will pass nullptr to percentage() - // which will cause "runtime error: member call on null pointer". (See: - // https://github.com/envoyproxy/envoy/blob/master/source/extensions/filters/network/mongo_proxy/proxy.cc#L403 - // and - // https://github.com/envoyproxy/envoy/blob/master/source/extensions/filters/common/fault/fault_config.cc#L16) - throw EnvoyException(absl::StrCat( - "header delay is not supported in the config of a MongoProxy filter.. Config:\n{}", - config.DebugString())); - } } }