Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add fuzzing harness to swift-nio-http2. (#288)
Motivation: Fuzzing is great, we should have a good sensible place to centralise a harness. Modifications: - Add a fuzzing harness. Result: There's a common way to do fuzzing.
- Loading branch information
Showing
8 changed files
with
268 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
.DS_Store | ||
/.build | ||
.build | ||
/Packages | ||
/*.xcodeproj | ||
Package.pins | ||
|
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
// swift-tools-version:5.3 | ||
//===----------------------------------------------------------------------===// | ||
// | ||
// This source file is part of the SwiftNIO open source project | ||
// | ||
// Copyright (c) 2021 Apple Inc. and the SwiftNIO project authors | ||
// Licensed under Apache License v2.0 | ||
// | ||
// See LICENSE.txt for license information | ||
// See CONTRIBUTORS.txt for the list of SwiftNIO project authors | ||
// | ||
// SPDX-License-Identifier: Apache-2.0 | ||
// | ||
//===----------------------------------------------------------------------===// | ||
|
||
import PackageDescription | ||
|
||
let package = Package( | ||
name: "FuzzTesting", | ||
dependencies: [ | ||
.package(name: "swift-nio-http2", path: ".."), | ||
.package(url: "https://github.com/apple/swift-nio", from: "2.29.0"), | ||
], | ||
targets: [ | ||
.target( | ||
name: "FuzzHTTP2", | ||
dependencies: [ | ||
.product(name: "NIOHTTP2", package: "swift-nio-http2"), | ||
.product(name: "NIOHTTP1", package: "swift-nio"), | ||
.product(name: "NIO", package: "swift-nio"), | ||
] | ||
), | ||
] | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
# FuzzTesting | ||
|
||
This subpackage build binaries to be use with Fuzz testing. | ||
|
||
NOTE: The Swift toolchain distributed with Xcode do not include the fuzzing | ||
support, so for macOS, one needs to install the swift.org toolchain and use that | ||
instead. | ||
|
||
To build on macOS: | ||
|
||
``` | ||
xcrun \ | ||
--toolchain swift \ | ||
swift build -c debug -Xswiftc -sanitize=fuzzer,address -Xswiftc -parse-as-library | ||
``` | ||
|
||
To build on linux: | ||
|
||
``` | ||
swift build -c debug -Xswiftc -sanitize=fuzzer,address -Xswiftc -parse-as-library | ||
``` | ||
|
||
Then the binaries will be found in `.build/debug`. | ||
|
||
Note: You can also use `-c release` to build/test in release instead as that | ||
could find different issues. | ||
|
||
In this directory you will also find a `do_build.sh` script. By default it | ||
builds for both _debug_ and _release_. You can also pass `--run-regressions` to | ||
have it run the the build against the previous failcases to check for | ||
regressions. | ||
|
||
When issues are found: | ||
|
||
1. Make sure you add a file to `FailCases` subdirectory so regressions can | ||
easily be watched for. | ||
|
||
2. Consider adding them to the unit tests as well. This can provide even | ||
better regression testing. | ||
|
||
This infrastructure was originally developed for Swift Protobuf, and has been | ||
adapted for SwiftNIO HTTP/2. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
//===----------------------------------------------------------------------===// | ||
// | ||
// This source file is part of the SwiftNIO open source project | ||
// | ||
// Copyright (c) 2021 Apple Inc. and the SwiftNIO project authors | ||
// Licensed under Apache License v2.0 | ||
// | ||
// See LICENSE.txt for license information | ||
// See CONTRIBUTORS.txt for the list of SwiftNIO project authors | ||
// | ||
// SPDX-License-Identifier: Apache-2.0 | ||
// | ||
//===----------------------------------------------------------------------===// | ||
// Sources/protoc-gen-swift/main.swift - Protoc plugin main | ||
// | ||
// Copyright (c) 2020 - 2021 Apple Inc. and the project authors | ||
// Licensed under Apache License v2.0 with Runtime Library Exception | ||
// | ||
// See LICENSE.txt for license information: | ||
// https://github.com/apple/swift-protobuf/blob/main/LICENSE.txt | ||
|
||
|
||
import Foundation | ||
|
||
import NIO | ||
import NIOHTTP1 | ||
import NIOHTTP2 | ||
|
||
fileprivate func fuzzInput(_ bytes: UnsafeRawBufferPointer) throws { | ||
let channel = EmbeddedChannel() | ||
defer { | ||
_ = try? channel.finish() | ||
} | ||
_ = try channel.configureHTTP2Pipeline( | ||
mode: .server, | ||
initialLocalSettings: [HTTP2Setting(parameter: .maxConcurrentStreams, value: 1<<23)], | ||
inboundStreamInitializer: nil | ||
).wait() | ||
try channel.connect(to: SocketAddress(unixDomainSocketPath: "/foo")).wait() | ||
|
||
let buffer = channel.allocator.buffer(bytes: bytes) | ||
try channel.writeInbound(buffer) | ||
channel.embeddedEventLoop.run() | ||
channel.pipeline.fireChannelInactive() | ||
channel.embeddedEventLoop.run() | ||
} | ||
|
||
@_cdecl("LLVMFuzzerTestOneInput") | ||
public func FuzzServer(_ start: UnsafeRawPointer, _ count: Int) -> CInt { | ||
let bytes = UnsafeRawBufferPointer(start: start, count: count) | ||
do { | ||
let _ = try fuzzInput(bytes) | ||
} catch { | ||
// Errors parsing are to be expected since not all inputs will be well formed. | ||
} | ||
|
||
return 0 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,123 @@ | ||
#!/bin/bash | ||
##===----------------------------------------------------------------------===## | ||
## | ||
## This source file is part of the SwiftNIO open source project | ||
## | ||
## Copyright (c) 2021 Apple Inc. and the SwiftNIO project authors | ||
## Licensed under Apache License v2.0 | ||
## | ||
## See LICENSE.txt for license information | ||
## See CONTRIBUTORS.txt for the list of SwiftNIO project authors | ||
## | ||
## SPDX-License-Identifier: Apache-2.0 | ||
## | ||
##===----------------------------------------------------------------------===## | ||
## Copyright (c) 2014 - 2017 Apple Inc. and the project authors | ||
## Licensed under Apache License v2.0 with Runtime Library Exception | ||
## | ||
## See LICENSE.txt for license information: | ||
## https://github.com/apple/swift-protobuf/blob/main/LICENSE.txt | ||
|
||
# As the license header implies, this file was derived from swift-protobuf, | ||
# and edited for use with SwiftNIO HTTP/2. | ||
|
||
|
||
set -eu | ||
|
||
readonly FuzzTestingDir=$(dirname "$(echo $0 | sed -e "s,^\([^/]\),$(pwd)/\1,")") | ||
|
||
printUsage() { | ||
NAME=$(basename "${0}") | ||
cat << EOF | ||
usage: ${NAME} [OPTIONS] | ||
This script builds (and can run) the fuzz tests. | ||
OPTIONS: | ||
General: | ||
-h, --help | ||
Show this message | ||
--debug-only | ||
Just build the 'debug' configuration. | ||
--release-only | ||
Just build the 'release' configuration. | ||
--both | ||
Build both the 'debug' and 'release' configurations. This is | ||
the default. | ||
--run-regressions, --run | ||
After building, also run all the fuzz tests against the known fail | ||
cases. | ||
EOF | ||
} | ||
|
||
FUZZ_TESTS=("FuzzHTTP2") | ||
CHECK_REGRESSIONS="no" | ||
# Default to both | ||
CMD_CONFIGS=("debug" "release") | ||
|
||
while [[ $# != 0 ]]; do | ||
case "${1}" in | ||
-h | --help ) | ||
printUsage | ||
exit 0 | ||
;; | ||
--debug-only ) | ||
CMD_CONFIGS=("debug") | ||
;; | ||
--release-only ) | ||
CMD_CONFIGS=("release") | ||
;; | ||
--both ) | ||
CMD_CONFIGS=("debug" "release") | ||
;; | ||
--run-regressions | --run ) | ||
CHECK_REGRESSIONS="yes" | ||
;; | ||
-*) | ||
echo "ERROR: Unknown option: ${1}" 1>&2 | ||
printUsage | ||
exit 1 | ||
;; | ||
*) | ||
echo "ERROR: Unknown argument: ${1}" 1>&2 | ||
printUsage | ||
exit 1 | ||
;; | ||
esac | ||
shift | ||
done | ||
|
||
cd "${FuzzTestingDir}" | ||
|
||
declare -a CMD_BASE | ||
if [ "$(uname)" == "Darwin" ]; then | ||
CMD_BASE=( | ||
xcrun | ||
--toolchain swift | ||
swift build -Xswiftc -sanitize=fuzzer,address -Xswiftc -parse-as-library | ||
) | ||
else | ||
CMD_BASE=( | ||
swift build -Xswiftc -sanitize=fuzzer,address -Xswiftc -parse-as-library | ||
) | ||
fi | ||
|
||
for CMD_CONFIG in "${CMD_CONFIGS[@]}"; do | ||
echo "------------------------------------------------------------------------------------------" | ||
echo "Building: ${CMD_CONFIG}" | ||
echo "${CMD_BASE[@]}" -c "${CMD_CONFIG}" | ||
"${CMD_BASE[@]}" -c "${CMD_CONFIG}" | ||
|
||
if [[ "${CHECK_REGRESSIONS}" == "yes" ]] ; then | ||
for FUZZ_TEST in "${FUZZ_TESTS[@]}"; do | ||
# Don't worry about running the test cases against the right binaries, they should | ||
# all be able to handle any input. | ||
echo "------------------------------------------------------------------------------------------" | ||
echo "Regressing: ${FUZZ_TEST}" | ||
".build/${CMD_CONFIG}/${FUZZ_TEST}" FailCases/* | ||
done | ||
fi | ||
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters