fuzzer, testing conversion from vector & deque to json, added
This commit is contained in:
Tanuj Garg
Tanuj Garg
parent
def05d0ad1
commit
35ce214901
9
Makefile
9
Makefile
@ -44,6 +44,7 @@ all:
|
||||
@echo "fuzz_testing_cbor - prepare fuzz testing of the CBOR parser"
|
||||
@echo "fuzz_testing_msgpack - prepare fuzz testing of the MessagePack parser"
|
||||
@echo "fuzz_testing_ubjson - prepare fuzz testing of the UBJSON parser"
|
||||
@echo "fuzz_testing_stl - prepare fuzz testing of the STL parser"
|
||||
@echo "json_unit - create single-file test executable"
|
||||
@echo "pedantic_clang - run Clang with maximal warning flags"
|
||||
@echo "pedantic_gcc - run GCC with maximal warning flags"
|
||||
@ -402,6 +403,14 @@ fuzz_testing_ubjson:
|
||||
find test/data -size -5k -name *.ubjson | xargs -I{} cp "{}" fuzz-testing/testcases
|
||||
@echo "Execute: afl-fuzz -i fuzz-testing/testcases -o fuzz-testing/out fuzz-testing/fuzzer"
|
||||
|
||||
fuzz_testing_msgpack:
|
||||
rm -fr fuzz-testing
|
||||
mkdir -p fuzz-testing fuzz-testing/testcases fuzz-testing/out
|
||||
$(MAKE) parse_stl_fuzzer -C test CXX=afl-clang++
|
||||
mv test/parse_stl_fuzzer fuzz-testing/fuzzer
|
||||
find test/data -size -5k -name *.json | xargs -I{} cp "{}" fuzz-testing/testcases
|
||||
@echo "Execute: afl-fuzz -i fuzz-testing/testcases -o fuzz-testing/out fuzz-testing/fuzzer"
|
||||
|
||||
fuzzing-start:
|
||||
afl-fuzz -S fuzzer1 -i fuzz-testing/testcases -o fuzz-testing/out fuzz-testing/fuzzer > /dev/null &
|
||||
afl-fuzz -S fuzzer2 -i fuzz-testing/testcases -o fuzz-testing/out fuzz-testing/fuzzer > /dev/null &
|
||||
|
||||
@ -94,7 +94,7 @@ check: $(OBJECTS) $(TESTCASES)
|
||||
##############################################################################
|
||||
|
||||
FUZZER_ENGINE = src/fuzzer-driver_afl.cpp
|
||||
FUZZERS = parse_afl_fuzzer parse_bson_fuzzer parse_cbor_fuzzer parse_msgpack_fuzzer parse_ubjson_fuzzer
|
||||
FUZZERS = parse_afl_fuzzer parse_bson_fuzzer parse_cbor_fuzzer parse_msgpack_fuzzer parse_ubjson_fuzzer parse_stl_fuzzer
|
||||
fuzzers: $(FUZZERS)
|
||||
|
||||
parse_afl_fuzzer:
|
||||
@ -112,3 +112,5 @@ parse_msgpack_fuzzer:
|
||||
parse_ubjson_fuzzer:
|
||||
$(CXX) $(CXXFLAGS) $(CPPFLAGS) $(FUZZER_ENGINE) src/fuzzer-parse_ubjson.cpp -o $@
|
||||
|
||||
parse_stl_fuzzer:
|
||||
$(CXX) $(CXXFLAGS) $(CPPFLAGS) $(FUZZER_ENGINE) src/fuzzer-parse_stl.cpp -o $@
|
||||
|
||||
78
test/src/fuzzer-parse_stl.cpp
Normal file
78
test/src/fuzzer-parse_stl.cpp
Normal file
@ -0,0 +1,78 @@
|
||||
/*
|
||||
__ _____ _____ _____
|
||||
__| | __| | | | JSON for Modern C++ (fuzz test support)
|
||||
| | |__ | | | | | | version 3.7.3
|
||||
|_____|_____|_____|_|___| https://github.com/nlohmann/json
|
||||
|
||||
This file implements a parser test suitable for fuzz testing. Given a byte
|
||||
array data, it performs the following steps:
|
||||
|
||||
- j1 = parse(data)
|
||||
- s1 = serialize(j1)
|
||||
- j2 = parse(s1)
|
||||
- s2 = serialize(j2)
|
||||
- assert(s1 == s2)
|
||||
|
||||
The provided function `LLVMFuzzerTestOneInput` can be used in different fuzzer
|
||||
drivers.
|
||||
|
||||
Licensed under the MIT License <http://opensource.org/licenses/MIT>.
|
||||
*/
|
||||
|
||||
#include <iostream>
|
||||
#include <deque>
|
||||
#include <sstream>
|
||||
#include <nlohmann/json.hpp>
|
||||
|
||||
using json = nlohmann::json;
|
||||
|
||||
// see http://llvm.org/docs/LibFuzzer.html
|
||||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
|
||||
{
|
||||
std::vector<uint8_t> vec1(data, data+size);
|
||||
std::deque<uint8_t> deque1(data, data+size);
|
||||
|
||||
json j_vector(vec1);
|
||||
json j_deque(deque1);
|
||||
|
||||
assert(j_vector == j_deque);
|
||||
|
||||
// try
|
||||
// {
|
||||
// // step 1: parse input
|
||||
// json j1 = json::parse(data, data + size);
|
||||
|
||||
// try
|
||||
// {
|
||||
// // step 2: round trip
|
||||
|
||||
// // first serialization
|
||||
// std::string s1 = j1.dump();
|
||||
|
||||
// // parse serialization
|
||||
// json j2 = json::parse(s1);
|
||||
|
||||
// // second serialization
|
||||
// std::string s2 = j2.dump();
|
||||
|
||||
// // serializations must match
|
||||
// assert(s1 == s2);
|
||||
// }
|
||||
// catch (const json::parse_error&)
|
||||
// {
|
||||
// // parsing a JSON serialization must not fail
|
||||
// assert(false);
|
||||
// }
|
||||
// }
|
||||
// catch (const json::parse_error&)
|
||||
// {
|
||||
// // parse errors are ok, because input may be random bytes
|
||||
// }
|
||||
// catch (const json::out_of_range&)
|
||||
// {
|
||||
// // out of range errors may happen if provided sizes are excessive
|
||||
// }
|
||||
|
||||
// return 0 - non-zero return values are reserved for future use
|
||||
return 0;
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user