Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds one fuzz target for fuzz testing #69

Closed
wants to merge 1 commit into from

Conversation

@catenacyber
Copy link

catenacyber commented Nov 26, 2019

This PR is a draft for discussion

cc @H21lab cf https://github.com/P1sec/pycrate/blob/master/test/test_tcapmap.py#L75
cc @yevgenypats for usage of python-fuzz https://github.com/fuzzitdev/pythonfuzz

The big question is where (and which) exceptions should be handled (in the library or in the application)

More targets can easily be written.

@p1-bmu

This comment has been minimized.

Copy link
Collaborator

p1-bmu commented Nov 26, 2019

Thanks for the submission. I was not aware of this handy fuzzer: quite simple to use and looking efficient.

Regarding exception handling within the ASN.1 runtime, some errors are caught by pycrate, some errors happen within the Python runtime. I am not willing to catch and re-emit all proper Python runtime exceptions that could happen.
On the other side, I realize there are many assert() (from the initial release) that should now be moved to proper exception handling. I have to check that carefully, because there are (too) many of them (around 60)...

In case you are willing to help, you are welcome. Thanks.

@p1-bmu

This comment has been minimized.

Copy link
Collaborator

p1-bmu commented Dec 13, 2019

I modified slightly the fuzz testing done here: https://github.com/P1sec/pycrate/blob/master/test/fuzz/fuzz_asn1rt.py.
It found some uncaught Exception or assert, what led to some fixes commited into the ASN.1 runtime.

@p1-bmu p1-bmu closed this Dec 13, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.