Merge pull request #258 from sigp/ssz-fuzzing

Basic Fuzz Tests
This commit is contained in:
Paul Hauner 2019-03-13 14:05:41 +13:00 committed by GitHub
commit 243ef2db80
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
31 changed files with 679 additions and 0 deletions

View File

@ -0,0 +1,4 @@
target
corpus
artifacts

View File

@ -0,0 +1,33 @@
[package]
name = "boolean-bitfield-fuzz"
version = "0.0.1"
authors = ["Automatically generated"]
publish = false
[package.metadata]
cargo-fuzz = true
[dependencies]
ssz = { path = "../../ssz" }
[dependencies.boolean-bitfield]
path = ".."
[dependencies.libfuzzer-sys]
git = "https://github.com/rust-fuzz/libfuzzer-sys.git"
# Prevent this from interfering with workspaces
[workspace]
members = ["."]
[[bin]]
name = "fuzz_target_from_bytes"
path = "fuzz_targets/fuzz_target_from_bytes.rs"
[[bin]]
name = "fuzz_target_ssz_decode"
path = "fuzz_targets/fuzz_target_ssz_decode.rs"
[[bin]]
name = "fuzz_target_ssz_encode"
path = "fuzz_targets/fuzz_target_ssz_encode.rs"

View File

@ -0,0 +1,9 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate boolean_bitfield;
use boolean_bitfield::BooleanBitfield;
fuzz_target!(|data: &[u8]| {
let _result = BooleanBitfield::from_bytes(data);
});

View File

@ -0,0 +1,11 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate boolean_bitfield;
extern crate ssz;
use boolean_bitfield::BooleanBitfield;
use ssz::{Decodable, DecodeError};
fuzz_target!(|data: &[u8]| {
let result: Result<(BooleanBitfield, usize), DecodeError> = <_>::ssz_decode(data, 0);
});

View File

@ -0,0 +1,13 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate boolean_bitfield;
extern crate ssz;
use boolean_bitfield::BooleanBitfield;
use ssz::SszStream;
fuzz_target!(|data: &[u8]| {
let bitfield = BooleanBitfield::from_bytes(data);
let mut ssz = SszStream::new();
ssz.append(&bitfield);
});

4
eth2/utils/hashing/fuzz/.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
target
corpus
artifacts

View File

@ -0,0 +1,22 @@
[package]
name = "hashing-fuzz"
version = "0.0.1"
authors = ["Automatically generated"]
publish = false
[package.metadata]
cargo-fuzz = true
[dependencies.hashing]
path = ".."
[dependencies.libfuzzer-sys]
git = "https://github.com/rust-fuzz/libfuzzer-sys.git"
# Prevent this from interfering with workspaces
[workspace]
members = ["."]
[[bin]]
name = "fuzz_target_hash"
path = "fuzz_targets/fuzz_target_hash.rs"

View File

@ -0,0 +1,9 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate hashing;
use hashing::hash;
fuzz_target!(|data: &[u8]| {
let _result = hash(data);
});

4
eth2/utils/ssz/fuzz/.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
target
corpus
artifacts

View File

@ -0,0 +1,105 @@
[package]
name = "ssz-fuzz"
version = "0.0.1"
authors = ["Automatically generated"]
publish = false
[package.metadata]
cargo-fuzz = true
[dependencies]
ethereum-types = "0.4.0"
[dependencies.ssz]
path = ".."
[dependencies.libfuzzer-sys]
git = "https://github.com/rust-fuzz/libfuzzer-sys.git"
# Prevent this from interfering with workspaces
[workspace]
members = ["."]
[[bin]]
name = "fuzz_target_bool_decode"
path = "fuzz_targets/fuzz_target_bool_decode.rs"
[[bin]]
name = "fuzz_target_bool_encode"
path = "fuzz_targets/fuzz_target_bool_encode.rs"
[[bin]]
name = "fuzz_target_u8_decode"
path = "fuzz_targets/fuzz_target_u8_decode.rs"
[[bin]]
name = "fuzz_target_u8_encode"
path = "fuzz_targets/fuzz_target_u8_encode.rs"
[[bin]]
name = "fuzz_target_u16_decode"
path = "fuzz_targets/fuzz_target_u16_decode.rs"
[[bin]]
name = "fuzz_target_u16_encode"
path = "fuzz_targets/fuzz_target_u16_encode.rs"
[[bin]]
name = "fuzz_target_u32_decode"
path = "fuzz_targets/fuzz_target_u32_decode.rs"
[[bin]]
name = "fuzz_target_u32_encode"
path = "fuzz_targets/fuzz_target_u32_encode.rs"
[[bin]]
name = "fuzz_target_u64_decode"
path = "fuzz_targets/fuzz_target_u64_decode.rs"
[[bin]]
name = "fuzz_target_u64_encode"
path = "fuzz_targets/fuzz_target_u64_encode.rs"
[[bin]]
name = "fuzz_target_usize_decode"
path = "fuzz_targets/fuzz_target_usize_decode.rs"
[[bin]]
name = "fuzz_target_usize_encode"
path = "fuzz_targets/fuzz_target_usize_encode.rs"
[[bin]]
name = "fuzz_target_hash256_decode"
path = "fuzz_targets/fuzz_target_hash256_decode.rs"
[[bin]]
name = "fuzz_target_hash256_encode"
path = "fuzz_targets/fuzz_target_hash256_encode.rs"
[[bin]]
name = "fuzz_target_address_decode"
path = "fuzz_targets/fuzz_target_address_decode.rs"
[[bin]]
name = "fuzz_target_address_encode"
path = "fuzz_targets/fuzz_target_address_encode.rs"
[[bin]]
name = "fuzz_target_vec_decode"
path = "fuzz_targets/fuzz_target_vec_decode.rs"
[[bin]]
name = "fuzz_target_vec_address_decode"
path = "fuzz_targets/fuzz_target_vec_address_decode.rs"
[[bin]]
name = "fuzz_target_vec_u64_decode"
path = "fuzz_targets/fuzz_target_vec_u64_decode.rs"
[[bin]]
name = "fuzz_target_vec_bool_decode"
path = "fuzz_targets/fuzz_target_vec_bool_decode.rs"
[[bin]]
name = "fuzz_target_vec_encode"
path = "fuzz_targets/fuzz_target_vec_encode.rs"

View File

@ -0,0 +1,21 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate ethereum_types;
extern crate ssz;
use ethereum_types::Address;
use ssz::{DecodeError, Decodable};
// Fuzz ssz_decode()
fuzz_target!(|data: &[u8]| {
let result: Result<(Address, usize), DecodeError> = Decodable::ssz_decode(data, 0);
if data.len() >= 20 {
// Should have valid result
let (address, index) = result.unwrap();
assert_eq!(index, 20);
assert_eq!(address, Address::from_slice(&data[..20]));
} else {
// Length of less than 32 should return error
assert_eq!(result, Err(DecodeError::TooShort));
}
});

View File

@ -0,0 +1,20 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate ethereum_types;
extern crate ssz;
use ethereum_types::Address;
use ssz::SszStream;
// Fuzz ssz_encode (via ssz_append)
fuzz_target!(|data: &[u8]| {
let mut ssz = SszStream::new();
if data.len() >= 20 {
let hash = Address::from_slice(&data[..20]);
ssz.append(&hash);
let ssz = ssz.drain();
assert_eq!(data[..20], ssz[..20]);
assert_eq!(ssz.len(), 20);
}
});

View File

@ -0,0 +1,28 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate ssz;
use ssz::{DecodeError, Decodable};
// Fuzz ssz_decode()
fuzz_target!(|data: &[u8]| {
let result: Result<(bool, usize), DecodeError> = Decodable::ssz_decode(data, 0);
if data.len() >= 1 {
// TODO: change to little endian bytes
// https://github.com/sigp/lighthouse/issues/215
if data[0] == u8::pow(2,7) {
let (val_bool, index) = result.unwrap();
assert!(val_bool);
assert_eq!(index, 1);
} else if data[0] == 0 {
let (val_bool, index) = result.unwrap();
assert!(!val_bool);
assert_eq!(index, 1);
} else {
assert_eq!(result, Err(DecodeError::Invalid));
}
} else {
// Length of 0 should return error
assert_eq!(result, Err(DecodeError::TooShort));
}
});

View File

@ -0,0 +1,22 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate ssz;
use ssz::SszStream;
// Fuzz ssz_encode (via ssz_append)
fuzz_target!(|data: &[u8]| {
let mut ssz = SszStream::new();
let mut val_bool = 0;
if data.len() >= 1 {
val_bool = data[0] % u8::pow(2, 6);
}
ssz.append(&val_bool);
let ssz = ssz.drain();
// TODO: change to little endian bytes
// https://github.com/sigp/lighthouse/issues/215
assert_eq!(val_bool, ssz[0] % u8::pow(2, 6));
assert_eq!(ssz.len(), 1);
});

View File

@ -0,0 +1,21 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate ethereum_types;
extern crate ssz;
use ethereum_types::H256;
use ssz::{DecodeError, Decodable};
// Fuzz ssz_decode()
fuzz_target!(|data: &[u8]| {
let result: Result<(H256, usize), DecodeError> = Decodable::ssz_decode(data, 0);
if data.len() >= 32 {
// Should have valid result
let (hash, index) = result.unwrap();
assert_eq!(index, 32);
assert_eq!(hash, H256::from_slice(&data[..32]));
} else {
// Length of less than 32 should return error
assert_eq!(result, Err(DecodeError::TooShort));
}
});

View File

@ -0,0 +1,20 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate ethereum_types;
extern crate ssz;
use ethereum_types::H256;
use ssz::SszStream;
// Fuzz ssz_encode (via ssz_append)
fuzz_target!(|data: &[u8]| {
let mut ssz = SszStream::new();
if data.len() >= 32 {
let hash = H256::from_slice(&data[..32]);
ssz.append(&hash);
let ssz = ssz.drain();
assert_eq!(data[..32], ssz[..32]);
assert_eq!(ssz.len(), 32);
}
});

View File

@ -0,0 +1,22 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate ssz;
use ssz::{DecodeError, Decodable};
// Fuzz ssz_decode()
fuzz_target!(|data: &[u8]| {
let result: Result<(u16, usize), DecodeError> = Decodable::ssz_decode(data, 0);
if data.len() >= 2 {
// Valid result
let (number_u16, index) = result.unwrap();
assert_eq!(index, 2);
// TODO: change to little endian bytes
// https://github.com/sigp/lighthouse/issues/215
let val = u16::from_be_bytes([data[0], data[1]]);
assert_eq!(number_u16, val);
} else {
// Length of 0 or 1 should return error
assert_eq!(result, Err(DecodeError::TooShort));
}
});

View File

@ -0,0 +1,22 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate ssz;
use ssz::SszStream;
// Fuzz ssz_encode (via ssz_append)
fuzz_target!(|data: &[u8]| {
let mut ssz = SszStream::new();
let mut number_u16 = 0;
if data.len() >= 2 {
number_u16 = u16::from_be_bytes([data[0], data[1]]);
}
ssz.append(&number_u16);
let ssz = ssz.drain();
// TODO: change to little endian bytes
// https://github.com/sigp/lighthouse/issues/215
assert_eq!(ssz.len(), 2);
assert_eq!(number_u16, u16::from_be_bytes([ssz[0], ssz[1]]));
});

View File

@ -0,0 +1,22 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate ssz;
use ssz::{DecodeError, Decodable};
// Fuzz ssz_decode()
fuzz_target!(|data: &[u8]| {
let result: Result<(u32, usize), DecodeError> = Decodable::ssz_decode(data, 0);
if data.len() >= 4 {
// Valid result
let (number_u32, index) = result.unwrap();
assert_eq!(index, 4);
// TODO: change to little endian bytes
// https://github.com/sigp/lighthouse/issues/215
let val = u32::from_be_bytes([data[0], data[1], data[2], data[3]]);
assert_eq!(number_u32, val);
} else {
// Length less then 4 should return error
assert_eq!(result, Err(DecodeError::TooShort));
}
});

View File

@ -0,0 +1,22 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate ssz;
use ssz::SszStream;
// Fuzz ssz_encode (via ssz_append)
fuzz_target!(|data: &[u8]| {
let mut ssz = SszStream::new();
let mut number_u32 = 0;
if data.len() >= 4 {
number_u32 = u32::from_be_bytes([data[0], data[1], data[2], data[3]]);
}
ssz.append(&number_u32);
let ssz = ssz.drain();
// TODO: change to little endian bytes
// https://github.com/sigp/lighthouse/issues/215
assert_eq!(ssz.len(), 4);
assert_eq!(number_u32, u32::from_be_bytes([ssz[0], ssz[1], ssz[2], ssz[3]]));
});

View File

@ -0,0 +1,31 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate ssz;
use ssz::{DecodeError, Decodable};
// Fuzz ssz_decode()
fuzz_target!(|data: &[u8]| {
let result: Result<(u64, usize), DecodeError> = Decodable::ssz_decode(data, 0);
if data.len() >= 8 {
// Valid result
let (number_u64, index) = result.unwrap();
assert_eq!(index, 8);
// TODO: change to little endian bytes
// https://github.com/sigp/lighthouse/issues/215
let val = u64::from_be_bytes([
data[0],
data[1],
data[2],
data[3],
data[4],
data[5],
data[6],
data[7],
]);
assert_eq!(number_u64, val);
} else {
// Length less then 8 should return error
assert_eq!(result, Err(DecodeError::TooShort));
}
});

View File

@ -0,0 +1,40 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate ssz;
use ssz::SszStream;
// Fuzz ssz_encode (via ssz_append)
fuzz_target!(|data: &[u8]| {
let mut ssz = SszStream::new();
let mut number_u64 = 0;
if data.len() >= 8 {
number_u64 = u64::from_be_bytes([
data[0],
data[1],
data[2],
data[3],
data[4],
data[5],
data[6],
data[7],
]);
}
ssz.append(&number_u64);
let ssz = ssz.drain();
// TODO: change to little endian bytes
// https://github.com/sigp/lighthouse/issues/215
assert_eq!(ssz.len(), 8);
assert_eq!(number_u64, u64::from_be_bytes([
ssz[0],
ssz[1],
ssz[2],
ssz[3],
ssz[4],
ssz[5],
ssz[6],
ssz[7],
]));
});

View File

@ -0,0 +1,21 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate ssz;
use ssz::{DecodeError, Decodable};
// Fuzz ssz_decode()
fuzz_target!(|data: &[u8]| {
let result: Result<(u8, usize), DecodeError> = Decodable::ssz_decode(data, 0);
if data.len() >= 1 {
// Should have valid result
let (number_u8, index) = result.unwrap();
// TODO: change to little endian bytes
// https://github.com/sigp/lighthouse/issues/215
assert_eq!(index, 1);
assert_eq!(number_u8, data[0]);
} else {
// Length of 0 should return error
assert_eq!(result, Err(DecodeError::TooShort));
}
});

View File

@ -0,0 +1,22 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate ssz;
use ssz::SszStream;
// Fuzz ssz_encode (via ssz_append)
fuzz_target!(|data: &[u8]| {
let mut ssz = SszStream::new();
let mut number_u8 = 0;
if data.len() >= 1 {
number_u8 = data[0];
}
ssz.append(&number_u8);
let ssz = ssz.drain();
// TODO: change to little endian bytes
// https://github.com/sigp/lighthouse/issues/215
assert_eq!(number_u8, ssz[0]);
assert_eq!(ssz.len(), 1);
});

View File

@ -0,0 +1,32 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate ssz;
use ssz::{DecodeError, Decodable};
// Fuzz ssz_decode()
fuzz_target!(|data: &[u8]| {
// Note: we assume architecture is 64 bit -> usize == 64 bits
let result: Result<(usize, usize), DecodeError> = Decodable::ssz_decode(data, 0);
if data.len() >= 8 {
// Valid result
let (number_usize, index) = result.unwrap();
assert_eq!(index, 8);
// TODO: change to little endian bytes
// https://github.com/sigp/lighthouse/issues/215
let val = u64::from_be_bytes([
data[0],
data[1],
data[2],
data[3],
data[4],
data[5],
data[6],
data[7],
]);
assert_eq!(number_usize, val as usize);
} else {
// Length less then 8 should return error
assert_eq!(result, Err(DecodeError::TooShort));
}
});

View File

@ -0,0 +1,40 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate ssz;
use ssz::SszStream;
// Fuzz ssz_encode (via ssz_append)
fuzz_target!(|data: &[u8]| {
let mut ssz = SszStream::new();
let mut number_usize = 0;
if data.len() >= 8 {
number_usize = u64::from_be_bytes([
data[0],
data[1],
data[2],
data[3],
data[4],
data[5],
data[6],
data[7],
]) as usize;
}
ssz.append(&number_usize);
let ssz = ssz.drain();
// TODO: change to little endian bytes
// https://github.com/sigp/lighthouse/issues/215
assert_eq!(ssz.len(), 8);
assert_eq!(number_usize, u64::from_be_bytes([
ssz[0],
ssz[1],
ssz[2],
ssz[3],
ssz[4],
ssz[5],
ssz[6],
ssz[7],
]) as usize);
});

View File

@ -0,0 +1,12 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate ethereum_types;
extern crate ssz;
use ethereum_types::{Address};
use ssz::{DecodeError, Decodable};
// Fuzz ssz_decode()
fuzz_target!(|data: &[u8]| {
let _result: Result<(Vec<Address>, usize), DecodeError> = Decodable::ssz_decode(data, 0);
});

View File

@ -0,0 +1,10 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate ssz;
use ssz::{DecodeError, Decodable};
// Fuzz ssz_decode()
fuzz_target!(|data: &[u8]| {
let _result: Result<(Vec<bool>, usize), DecodeError> = Decodable::ssz_decode(data, 0);
});

View File

@ -0,0 +1,12 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate ethereum_types;
extern crate ssz;
use ethereum_types::{Address, H256};
use ssz::{DecodeError, Decodable};
// Fuzz ssz_decode()
fuzz_target!(|data: &[u8]| {
let _result: Result<(Vec<u8>, usize), DecodeError> = Decodable::ssz_decode(data, 0);
});

View File

@ -0,0 +1,15 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate ethereum_types;
extern crate ssz;
use ethereum_types::{Address, H256};
use ssz::SszStream;
// Fuzz ssz_encode()
fuzz_target!(|data: &[u8]| {
let mut ssz = SszStream::new();
let data_vec = data.to_vec();
ssz.append(&data_vec);
});

View File

@ -0,0 +1,10 @@
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate ssz;
use ssz::{DecodeError, Decodable};
// Fuzz ssz_decode()
fuzz_target!(|data: &[u8]| {
let _result: Result<(Vec<u64>, usize), DecodeError> = Decodable::ssz_decode(data, 0);
});