fuzz: json_fuzz_test for RapidJSON and Protobuf parsing. #8658
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We have multiple third party JSON parsers in Envoy, both RapidJSON and Protobuf. Fuzz both RapidJSON and Protobuf JSON loading from a test corpus derived from json_loader_test.cc. Ideally we would be doing differential fuzzing and be able to compare outputs, e.g. success/failure, recursive traversal of the structured objects for equivalence checking. However, even on basic files with non-printable ASCII, there are some difference, so we'll need to think a bit more about the modulo operator we want to use. For now, at least we get crash fuzzing. While both libraries already have some fuzzing, this allows us to trust-but-verify and provides a platform to allow us to do differential fuzzing in the future. This fuzzer seems quite healthy, it's clipping along at ~2k exec/s. Risk level: Low Testing: bazel run //test/common/json:json_fuzz_test_with_libfuzzer --config asan-fuzzer Signed-off-by: Harvey Tuch <htuch@google.com>
Signed-off-by: Harvey Tuch <htuch@google.com>
Signed-off-by: Harvey Tuch <htuch@google.com>
Signed-off-by: Harvey Tuch <htuch@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We have multiple third party JSON parsers in Envoy, both RapidJSON and Protobuf.
Fuzz both RapidJSON and Protobuf JSON loading from a test corpus derived from
json_loader_test.cc. Ideally we would be doing differential fuzzing and be
able to compare outputs, e.g. success/failure, recursive traversal of the
structured objects for equivalence checking. However, even on basic files
with non-printable ASCII, there are some difference, so we'll need to think a
bit more about the modulo operator we want to use. For now, at least we get
crash fuzzing.
While both libraries already have some fuzzing, this allows us to
trust-but-verify and provides a platform to allow us to do differential
fuzzing in the future.
This fuzzer seems quite healthy, it's clipping along at ~2k exec/s.
Risk level: Low
Testing: bazel run //test/common/json:json_fuzz_test_with_libfuzzer --config asan-fuzzer
Signed-off-by: Harvey Tuch htuch@google.com