From 2fbe2ff40be616712cf4edaac286629add268e0a Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Sat, 26 Oct 2019 03:52:16 +0300 Subject: fuzz: introduce continuous fuzzing for Caddy (#2723) * fuzz: lay down the foundation for continuous fuzzing * improve the fuzzers and add some * fuzz: add Fuzzit badge to README & enable fuzzers submission in CI * v2-fuzz: do away with the submodule approach for fuzzers * fuzz: enable fuzzit --- caddyconfig/httpcaddyfile/adapter_fuzz.go | 49 +++++++++++++++++++++++++++++ caddyconfig/httpcaddyfile/addresses_fuzz.go | 29 +++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100644 caddyconfig/httpcaddyfile/adapter_fuzz.go create mode 100644 caddyconfig/httpcaddyfile/addresses_fuzz.go (limited to 'caddyconfig') diff --git a/caddyconfig/httpcaddyfile/adapter_fuzz.go b/caddyconfig/httpcaddyfile/adapter_fuzz.go new file mode 100644 index 0000000..1748b66 --- /dev/null +++ b/caddyconfig/httpcaddyfile/adapter_fuzz.go @@ -0,0 +1,49 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build gofuzz +// +build gofuzz_libfuzzer + +package httpcaddyfile + +import ( + "bytes" + + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" +) + +func FuzzHTTPCaddyfileAdapter(data []byte) int { + adapter := caddyfile.Adapter{ + ServerType: ServerType{}, + } + b, warns, err := adapter.Adapt(data, nil) + // Adapt func calls the Setup() func of the ServerType, + // thus it's going across multiple layers, each can + // return warnings or errors. Marking the presence of + // errors or warnings as interesting in this case + // could push the fuzzer towards a path where we only + // catch errors. Let's push the fuzzer to where it passes + // but breaks. + if (err != nil) || (warns != nil && len(warns) > 0) { + return 0 + } + + // adapted Caddyfile should be parseable by the configuration loader in admin.go + err = caddy.Load(bytes.NewReader(b)) + if err != nil { + return 0 + } + return 1 +} diff --git a/caddyconfig/httpcaddyfile/addresses_fuzz.go b/caddyconfig/httpcaddyfile/addresses_fuzz.go new file mode 100644 index 0000000..26f3696 --- /dev/null +++ b/caddyconfig/httpcaddyfile/addresses_fuzz.go @@ -0,0 +1,29 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build gofuzz +// +build gofuzz_libfuzzer + +package httpcaddyfile + +func FuzzParseAddress(data []byte) int { + addr, err := ParseAddress(string(data)) + if err != nil { + if addr == (Address{}) { + return 1 + } + return 0 + } + return 1 +} -- cgit v1.2.3