New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fuzz: server config validation fuzz test. #3770
Changes from 1 commit
43f8819
d63ea00
1582e87
37de6b2
39b6234
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,17 @@ | ||
licenses(["notice"]) # Apache 2 | ||
|
||
load("//bazel:envoy_build_system.bzl", "envoy_cc_test", "envoy_package") | ||
load( | ||
"//bazel:envoy_build_system.bzl", | ||
"envoy_cc_fuzz_test", | ||
"envoy_cc_test", | ||
"envoy_cc_test_library", | ||
"envoy_package", | ||
"envoy_select_hot_restart", | ||
) | ||
load( | ||
"//source/extensions:all_extensions.bzl", | ||
"envoy_all_extensions", | ||
) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Unused. |
||
|
||
envoy_package() | ||
|
||
|
@@ -71,3 +82,20 @@ envoy_cc_test( | |
"//test/test_common:network_utility_lib", | ||
], | ||
) | ||
|
||
envoy_cc_fuzz_test( | ||
name = "config_fuzz_test", | ||
srcs = ["config_fuzz_test.cc"], | ||
corpus = "config_corpus", | ||
deps = [ | ||
"//source/common/thread_local:thread_local_lib", | ||
"//source/server:server_lib", | ||
"//test/integration:integration_lib", | ||
"//test/mocks/server:server_mocks", | ||
"//test/mocks/stats:stats_mocks", | ||
"//source/server:configuration_lib", | ||
"//source/server/config_validation:server_lib", | ||
"//source/server:options_lib", | ||
"//test/test_common:environment_lib", | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. In general, these deps should reflect the headers in |
||
] + envoy_all_extensions(), | ||
) |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,150 @@ | ||
static_resources { | ||
listeners { | ||
name: "listener_0" | ||
address { | ||
socket_address { | ||
address: "0.0.0.0" | ||
port_value: 0 | ||
} | ||
} | ||
filter_chains { | ||
filters { | ||
name: "envoy.http_connection_manager" | ||
config { | ||
fields { | ||
key: "http_filters" | ||
value { | ||
list_value { | ||
values { | ||
struct_value { | ||
fields { | ||
key: "name" | ||
value { | ||
string_value: "envoy.router" | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
fields { | ||
key: "route_config" | ||
value { | ||
struct_value { | ||
fields { | ||
key: "name" | ||
value { | ||
string_value: "local_route" | ||
} | ||
} | ||
fields { | ||
key: "virtual_hosts" | ||
value { | ||
list_value { | ||
values { | ||
struct_value { | ||
fields { | ||
key: "domains" | ||
value { | ||
list_value { | ||
values { | ||
string_value: "*" | ||
} | ||
} | ||
} | ||
} | ||
fields { | ||
key: "name" | ||
value { | ||
string_value: "local_service" | ||
} | ||
} | ||
fields { | ||
key: "routes" | ||
value { | ||
list_value { | ||
values { | ||
struct_value { | ||
fields { | ||
key: "match" | ||
value { | ||
struct_value { | ||
fields { | ||
key: "prefix" | ||
value { | ||
string_value: "/" | ||
} | ||
} | ||
} | ||
} | ||
} | ||
fields { | ||
key: "route" | ||
value { | ||
struct_value { | ||
fields { | ||
key: "cluster" | ||
value { | ||
string_value: "service_google" | ||
} | ||
} | ||
fields { | ||
key: "host_rewrite" | ||
value { | ||
string_value: "www.google.com" | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
fields { | ||
key: "stat_prefix" | ||
value { | ||
string_value: "ingress_http" | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
clusters { | ||
name: "service_google" | ||
type: LOGICAL_DNS | ||
connect_timeout { | ||
nanos: 250000000 | ||
} | ||
hosts { | ||
socket_address { | ||
address: "google.com" | ||
port_value: 0 | ||
} | ||
} | ||
tls_context { | ||
sni: "www.google.com" | ||
} | ||
dns_lookup_family: V4_ONLY | ||
} | ||
} | ||
admin { | ||
access_log_path: "/tmp/admin_access.log" | ||
address { | ||
socket_address { | ||
address: "127.0.0.1" | ||
port_value: 0 | ||
} | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
#include <fstream> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please add a comment to this file explaining that it is derived from |
||
|
||
#include "envoy/config/bootstrap/v2/bootstrap.pb.h" | ||
#include "envoy/config/bootstrap/v2/bootstrap.pb.validate.h" | ||
|
||
#include "common/network/address_impl.h" | ||
#include "common/thread_local/thread_local_impl.h" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is this needed below? |
||
|
||
#include "server/config_validation/server.h" | ||
#include "server/drain_manager_impl.h" | ||
#include "server/hot_restart_nop_impl.h" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think a bunch of these headers aren't needed either; they are vestigial from parts that were removed in |
||
#include "server/options_impl.h" | ||
#include "server/server.h" | ||
#include "server/test_hooks.h" | ||
|
||
#include "test/fuzz/fuzz_runner.h" | ||
#include "test/integration/server.h" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is this needed below? |
||
#include "test/mocks/server/mocks.h" | ||
#include "test/mocks/stats/mocks.h" | ||
#include "test/test_common/environment.h" | ||
|
||
namespace Envoy { | ||
namespace Server { | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Nit: Remove this empty line. |
||
DEFINE_PROTO_FUZZER(const envoy::config::bootstrap::v2::Bootstrap& input) { | ||
testing::NiceMock<MockOptions> options; | ||
TestComponentFactory component_factory; | ||
Thread::MutexBasicLockable access_log_lock; | ||
Stats::IsolatedStoreImpl stats_store; | ||
|
||
const std::string bootstrap_path = TestEnvironment::temporaryPath("bootstrap.pb_text"); | ||
std::ofstream bootstrap_file(bootstrap_path); | ||
bootstrap_file << input.DebugString(); | ||
options.config_path_ = bootstrap_path; | ||
options.v2_config_only_ = true; | ||
try { | ||
ValidationInstance server(options, | ||
std::make_shared<Network::Address::Ipv4Instance>("127.0.0.1"), | ||
stats_store, access_log_lock, component_factory); | ||
} catch (const EnvoyException& ex) { | ||
ENVOY_LOG_MISC(debug, "Controlled EnvoyException exit: {}", ex.what()); | ||
} | ||
} | ||
|
||
} // namespace Server | ||
} // namespace Envoy |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A number of these are unnecessary; you only added a
envoy_cc_fuzz_test
target, so this should be the only new one needed.