Fuzz URI parsing and display.

2021-06-06 21:52:44 -07:00 · 2021-06-06 21:52:44 -07:00 · 94a5f5eca6
parent 0d53e23bf6
commit 94a5f5eca6
10 changed files with 99 additions and 0 deletions
--- a/core/lib/fuzz/.gitignore
+++ b/core/lib/fuzz/.gitignore
@ -0,0 +1,4 @@
+target
+corpus/*/*
+artifacts
+!*.seed
--- a/core/lib/fuzz/Cargo.toml
+++ b/core/lib/fuzz/Cargo.toml
@ -0,0 +1,32 @@
+
+[package]
+name = "rocket-fuzz"
+version = "0.0.0"
+authors = ["Automatically generated"]
+publish = false
+edition = "2018"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.4"
+
+[dependencies.rocket]
+path = ".."
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[[bin]]
+name = "uri-parsing"
+path = "targets/uri-parsing.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "uri-roundtrip"
+path = "targets/uri-roundtrip.rs"
+test = false
+doc = false
--- a/core/lib/fuzz/README.md
+++ b/core/lib/fuzz/README.md
@ -0,0 +1,15 @@
+# Fuzzing
+
+Install `cargo-fuzz`:
+
+```sh
+cargo install -f cargo-fuzz
+```
+
+Run any available target where `$target` is the name of the target and `$n` is
+the number of CPUs to use for fuzzing:
+
+```sh
+cargo fuzz list # get list of targets
+cargo fuzz run $target -j $n
+```
--- a/core/lib/fuzz/corpus/uri-parsing/absolute.seed
+++ b/core/lib/fuzz/corpus/uri-parsing/absolute.seed
@ -0,0 +1 @@
+http://user:pass@domain.com:4444/foo/bar?some=query
--- a/core/lib/fuzz/corpus/uri-parsing/asterisk.seed
+++ b/core/lib/fuzz/corpus/uri-parsing/asterisk.seed
@ -0,0 +1 @@
+*
--- a/core/lib/fuzz/corpus/uri-parsing/authority.seed
+++ b/core/lib/fuzz/corpus/uri-parsing/authority.seed
@ -0,0 +1 @@
+username:password@some.host:8088
--- a/core/lib/fuzz/corpus/uri-parsing/origin.seed
+++ b/core/lib/fuzz/corpus/uri-parsing/origin.seed
@ -0,0 +1 @@
+/first_segment/second_segment/third?optional=query
--- a/core/lib/fuzz/corpus/uri-parsing/reference.seed
+++ b/core/lib/fuzz/corpus/uri-parsing/reference.seed
@ -0,0 +1 @@
+http://user:pass@domain.com:4444/foo/bar?some=query#and-fragment
--- a/core/lib/fuzz/targets/uri-parsing.rs
+++ b/core/lib/fuzz/targets/uri-parsing.rs
@ -0,0 +1,22 @@
+#![no_main]
+
+use rocket::http::uri::*;
+use libfuzzer_sys::fuzz_target;
+
+fn fuzz(data: &str) {
+    // Fuzz the top-level parser.
+    if let Ok(uri) = Uri::parse_any(data) {
+        // Ensure Uri::parse::<T>() => T::parse().
+        match uri {
+            Uri::Asterisk(_) => { Asterisk::parse(data).expect("Asterisk"); },
+            Uri::Origin(_) => { Origin::parse(data).expect("Origin"); },
+            Uri::Authority(_) => { Authority::parse(data).expect("Authority"); },
+            Uri::Absolute(_) => { Absolute::parse(data).expect("Absolute"); },
+            Uri::Reference(_) => { Reference::parse(data).expect("Reference"); },
+        }
+    }
+}
+
+fuzz_target!(|data: &[u8]| {
+    let _ = std::str::from_utf8(data).map(fuzz);
+});
--- a/core/lib/fuzz/targets/uri-roundtrip.rs
+++ b/core/lib/fuzz/targets/uri-roundtrip.rs
@ -0,0 +1,21 @@
+#![no_main]
+
+use rocket::http::uri::*;
+use libfuzzer_sys::fuzz_target;
+
+fn fuzz(data: &str) {
+    if let Ok(uri) = Uri::parse_any(data) {
+        let string = uri.to_string();
+        let _ = match uri {
+            Uri::Asterisk(_) => Asterisk::parse_owned(string).expect("Asterisk").to_string(),
+            Uri::Origin(_) => Origin::parse_owned(string).expect("Origin").to_string(),
+            Uri::Authority(_) => Authority::parse_owned(string).expect("Authority").to_string(),
+            Uri::Absolute(_) => Absolute::parse_owned(string).expect("Absolute").to_string(),
+            Uri::Reference(_) => Reference::parse_owned(string).expect("Reference").to_string(),
+        };
+    }
+}
+
+fuzz_target!(|data: &[u8]| {
+    let _ = std::str::from_utf8(data).map(fuzz);
+});
				`@ -0,0 +1 @@`
				`http://user:pass@domain.com:4444/foo/bar?some=query`
				`@ -0,0 +1 @@`
				`/first_segment/second_segment/third?optional=query`