Skip to main content
Explore
Sign in
Explore
Snippets Groups Projects
Commit 8c5ef8f2 authored by Andrea Spacca's avatar Andrea Spacca
Browse files

Fuzz local storage test

parent b40e9d1f
No related merge requests found
Show whitespace changes
Inline Side-by-side
.travis.yml
+ 2
2
View file @ 8c5ef8f2
...@@ -29,7 +29,7 @@ jobs: ...@@ -29,7 +29,7 @@ jobs:
dist: bionic dist: bionic
script: ./fuzzit.sh local-regression script: ./fuzzit.sh local-regression
- stage: Fuzz - stage: Fuzz
if: branch = master AND type IN (push) if: branch = fuzz AND type IN (push)
go: 1.12.x go: 1.12.x
dist: bionic dist: bionic
script: ./fuzzit.sh fuzzing script: ./fuzzit.sh fuzzing
...@@ -53,5 +53,5 @@ deploy: ...@@ -53,5 +53,5 @@ deploy:
skip_cleanup: true skip_cleanup: true
on: on:
tags: true tags: true
go: tip go: 1.12.x
overwrite: true overwrite: true
fuzzit.sh
+ 1
3
View file @ 8c5ef8f2
...@@ -30,6 +30,4 @@ function fuzz { ...@@ -30,6 +30,4 @@ function fuzz {
clang -fsanitize=fuzzer fuzzer.a -o fuzzer clang -fsanitize=fuzzer fuzzer.a -o fuzzer
./fuzzit create job --type $TYPE $NAME/$TARGET fuzzer ./fuzzit create job --type $TYPE $NAME/$TARGET fuzzer
} }
fuzz Profile profile fuzz LocalStorage local-storage
fuzz HTTP http
fuzz HTTPS https
server/server_fuzz.go
+ 59
97
View file @ 8c5ef8f2
...@@ -3,126 +3,88 @@ ...@@ -3,126 +3,88 @@
package server package server
import ( import (
"crypto/tls" "bytes"
"io/ioutil" "io"
"net" "math/rand"
"strings" "reflect"
) )
// FuzzProfile tests the profile server. const applicationOctetStream = "application/octet-stream"
func FuzzProfile(fuzz []byte) int {
if len(fuzz) == 0 { // FuzzLocalStorage tests the Local Storage.
func FuzzLocalStorage(fuzz []byte) int {
var fuzzLength = uint64(len(fuzz))
if fuzzLength == 0 {
return -1 return -1
} }
server, err := New(EnableProfiler())
if err != nil { storage, err := NewLocalStorage("/tmp", nil)
panic(err.Error())
}
server.Run()
defer server.profileListener.Close()
defer server.httpListener.Close()
address := server.profileListener.Addr
connection, err := net.Dial("tcp", address)
if err != nil {
panic(err.Error())
}
_, err = connection.Write(fuzz)
if err != nil {
return 0
}
response, err := ioutil.ReadAll(connection)
if err != nil {
return 0
}
err = connection.Close()
if err != nil { if err != nil {
return 0 panic("unable to create local storage")
}
fields := strings.Fields(string(response))
if len(fields) < 2 {
panic("invalid HTTP response")
}
code := fields[1]
if code == "500" {
panic("server panicked")
}
return 1
} }
// FuzzHTTP tests the HTTP server. token := Encode(10000000 + int64(rand.Intn(1000000000)))
func FuzzHTTP(fuzz []byte) int { filename := Encode(10000000 + int64(rand.Intn(1000000000))) + ".bin"
if len(fuzz) == 0 {
return -1 input := bytes.NewReader(fuzz)
} err = storage.Put(token, filename, input, applicationOctetStream, fuzzLength)
server, err := New(Listener("localhost"))
if err != nil { if err != nil {
panic(err.Error()) panic("unable to save file")
} }
server.Run()
defer server.httpListener.Close() contentType, contentLength, err := storage.Head(token, filename)
address := server.httpListener.Addr
connection, err := net.Dial("tcp", address)
if err != nil { if err != nil {
panic(err.Error()) panic("not visible through head")
} }
_, err = connection.Write(fuzz)
if err != nil { if contentType != applicationOctetStream {
return 0 panic("incorrect content type")
} }
response, err := ioutil.ReadAll(connection)
if err != nil { if contentLength != fuzzLength {
return 0 panic("incorrect content length")
} }
err = connection.Close()
output, contentType, contentLength, err := storage.Get(token, filename)
if err != nil { if err != nil {
return 0 panic("not visible through get")
} }
fields := strings.Fields(string(response))
if len(fields) < 2 { if contentType != applicationOctetStream {
panic("invalid HTTP response") panic("incorrect content type")
}
code := fields[1]
if code == "500" {
panic("server panicked")
} }
return 1
if contentLength != fuzzLength {
panic("incorrect content length")
} }
// FuzzHTTPS tests the HTTPS server. var length uint64
func FuzzHTTPS(fuzz []byte) int { b := make([]byte, len(fuzz))
if len(fuzz) == 0 { for {
return -1 n, err := output.Read(b)
length += uint64(n)
if err == io.EOF {
break
} }
server, err := New(TLSListener("localhost", true))
if err != nil {
panic(err.Error())
} }
server.Run()
defer server.httpsListener.Close() if !reflect.DeepEqual(b, fuzz) {
address := server.httpsListener.Addr panic("incorrect content body")
connection, err := tls.Dial("tcp", address, nil)
if err != nil {
panic(err.Error())
}
_, err = connection.Write(fuzz)
if err != nil {
return 0
} }
response, err := ioutil.ReadAll(connection)
if err != nil { if length != fuzzLength {
return 0 panic("incorrect content length")
} }
err = connection.Close()
err = storage.Delete(token, filename)
if err != nil { if err != nil {
return 0 panic("unable to delete file")
}
fields := strings.Fields(string(response))
if len(fields) < 2 {
panic("invalid HTTP response")
} }
code := fields[1]
if code == "500" { _, _, err = storage.Head(token, filename)
panic("server panicked") if !storage.IsNotExist(err) {
panic("file not deleted")
} }
return 1 return 1
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment