Merge pull request #1343 from mab68/afl

Add fuzz testing for faucet.yaml config file

docker/fuzz_config.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 AFL_SKIP_CPUFREQ=1 py-afl-fuzz -x /faucet-src/tests/fuzzer/dict/yaml.dict -m 5000 -i /faucet-src/tests/fuzzer/config/ -o /var/log/afl/ -- /usr/bin/python3 /faucet-src/tests/fuzzer/fuzz_config.py

dockerfile.fuzz

@@ -0,0 +1,18 @@
+FROM faucet/faucet-testbase:latest
+
+ENV PIP="pip -q --no-cache-dir install --upgrade"
+ENV PIP3="pip3 -q --no-cache-dir install --upgrade"
+
+COPY ./ /faucet-src/
+
+RUN \
+  apt-get update && \ 
+  apt-get install -y afl cython3 && \
+  $PIP -r /faucet-src/fuzz-requirements.txt && \
+  $PIP3 -r /faucet-src/requirements.txt && \
+  $PIP3 -r /faucet-src/fuzz-requirements.txt && \
+  $PIP3 /faucet-src
+
+VOLUME ["/faucet-src/tests/fuzzer/config/", "/var/log/afl/"]
+
+CMD ["/faucet-src/docker/fuzz_config.sh"]

docs/fuzzing.rst

@@ -0,0 +1,21 @@
+Fuzzing
+=======
+
+Fuzzing faucet with docker
+--------------------------
+
+First, get yourself setup with docker based on our docker documentation.
+
+Then you can build and run the afl-fuzz tests:
+
+.. code:: bash
+
+  docker build -t faucet/faucet-fuzz -f dockerfile.fuzz .
+
+  docker run -d \
+    -u $(id -u $USER) \
+    --name fuzzer \
+    -v /var/log/afl/:/var/log/afl/ \
+    faucet/faucet-fuzz
+
+AFL then will run indefinitely. You can find the output in /var/log/afl/.

fuzz-requirements.txt

@@ -0,0 +1,3 @@
+-r test-requirements.txt
+python-afl
+cython

tests/fuzzer/config/ex10

@@ -0,0 +1,32 @@
+acls:
+    office-vlan-protect:
+        - rule:
+            dl_type: 0x800
+            ipv4_src: 10.0.100.0/24
+            ipv4_src: 10.0.200.0/24
+            actions:
+                allow: 0
+        - rule:
+            actions:
+                allow: 1
+vlans:
+    office:
+        vid: 100
+        description: "office network"
+        acl_in: office-vlan-protect
+        faucet_mac: "0e:00:00:00:10:01"
+        faucet_vips: ['10.0.100.254/24', '2001:100::1/64', 'fe80::c00:00ff:fe00:1001/64']
+        routes:
+            - route:
+                ip_dst: '192.168.0.0/24'
+                ip_gw: '10.0.100.2'
+dps:
+    sw1:
+        dp_id: 0x1
+        hardware: "Open vSwitch"
+        proactive_learn: True
+        interfaces:
+            1:
+                name: "h1"
+                description: "host1 container"
+                native_vlan: office

tests/fuzzer/config/ex2

@@ -0,0 +1,10 @@
+vlans:
+    100:
+        description: "100"
+dps:
+    switch1:
+        dp_id: 0xcafef00d
+        hardware: 'Open vSwitch'
+        interfaces:
+            1:
+                native_vlan: 100

tests/fuzzer/config/ex3

@@ -0,0 +1,11 @@
+vlans:
+    finance:
+        description: "FINANCE VLAN"
+        vid: 100
+dps:
+    switch1:
+        dp_id: 0xcafef00d
+        hardware: 'Open vSwitch'
+        interfaces:
+            1:
+                native_vlan: finance

tests/fuzzer/config/ex4

@@ -0,0 +1,18 @@
+vlans:
+    100:
+        description: "100"
+acls:
+    101:
+        - rule:
+            dl_dst: "0e:00:00:00:02:02"
+            actions:
+                output:
+                    port: 1
+dps:
+    switch1:
+        dp_id: 0xcafef00d
+        hardware: 'Open vSwitch'
+        interfaces:
+            1:
+                native_vlan: 100
+                acl_in: 101

tests/fuzzer/config/ex5

@@ -0,0 +1,21 @@
+vlans:
+    100:
+        description: "100"
+    200:
+        description: "200"
+routers:
+    router1:
+        vlans: [100, 200]
+dps:
+    switch1:
+        dp_id: 0xcafef00d
+        hardware: 'Open vSwitch'
+        interfaces:
+            1:
+                native_vlan: 100
+    switch2:
+        dp_id: 0xdeadbeef
+        hardware: 'Open vSwitch'
+        interfaces:
+            1:
+                native_vlan: 200

tests/fuzzer/config/ex6

@@ -0,0 +1,10 @@
+vlans:
+    office:
+        vid: 100
+        faucet_mac: '11:22:33:44:55:66'
+dps:
+    sw1:
+        dp_id: 0x1
+        interfaces:
+            1:
+                native_vlan: office

tests/fuzzer/config/ex7

@@ -0,0 +1,10 @@
+vlans:
+    office:
+        vid: 100
+dps:
+    sw1:
+        dp_id: 0x1
+        interfaces:
+            testing:
+                number: 1
+                native_vlan: office

tests/fuzzer/config/ex8

@@ -0,0 +1,26 @@
+vlans:
+    office:
+        vid: 100
+dps:
+    sw1:
+        dp_id: 0x1
+        hardware: "Open vSwitch"
+        stack:
+            priority: 1
+        interfaces:
+            1:
+                stack:
+                    dp: sw2
+                    port: 1
+            2:
+                native_vlan: office
+    sw2:
+        dp_id: 0x2
+        hardware: "Open vSwitch"
+        interfaces:
+            1:
+                stack:
+                    dp: sw1
+                    port: 1
+            2:
+                native_vlan: office

tests/fuzzer/config/ex9

@@ -0,0 +1,14 @@
+dps:
+    sw1:
+        dp_id: 0x1
+        interfaces:
+            1:
+                native_vlan: 2040
+                acl_in: 1
+vlans:
+    name:
+        vid: 2040
+acls:
+    1:
+        - rule:
+            dl_type: 0x800

tests/fuzzer/dict/yaml.dict

@@ -0,0 +1,35 @@
+"<<"
+"["
+"]"
+"{"
+"}"
+"'"
+"-"
+"[]"
+","
+"#"
+":"
+"?"
+"---"
+"..."
+"&"
+"*"
+"!"
+"!!"
+"%"
+"{}"
+"|"
+">"
+" "
+
+"%YAML"
+"%TAG"
+
+"1.3e+9"
+"5.5"
+"5"
+"False"
+"True"
+"1976-07-04"
+"STRING"
+"[pigs, cows, horses, sheep]"

tests/fuzzer/fuzz_config.py

@@ -0,0 +1,33 @@
+#!/usr/bin/env python3
+
+import logging
+import tempfile
+import os
+import sys
+from faucet import config_parser as cp
+
+LOGNAME = 'FAUCETLOG'
+
+logging.disable(logging.CRITICAL)
+tmpdir = tempfile.mkdtemp()
+
+def create_config_file(config):
+    conf_file_name = os.path.join(tmpdir, 'faucet.yaml')
+    with open(conf_file_name, 'w') as conf_file:
+        conf_file.write(config)
+    return conf_file_name
+
+def main():
+    s = sys.stdin.read()
+    file_name = create_config_file(s)
+    try:
+        cp.dp_parser(file_name, LOGNAME)
+    except cp.InvalidConfigError as err:
+        pass
+
+if __name__ == '__main__':
+    import afl
+    afl.init()
+    main()
+
+os._exit(0)