Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update OSS-Fuzz integration to use Go native fuzzing #13473

Merged
merged 21 commits into from
Jun 18, 2022
Merged
Show file tree
Hide file tree
Changes from 7 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 31 additions & 0 deletions api/types/fuzz_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
/*
zmb3 marked this conversation as resolved.
Show resolved Hide resolved
Copyright 2022 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package types

import (
"testing"

"github.com/stretchr/testify/require"
)

func FuzzParseDuration(f *testing.F) {
f.Fuzz(func(t *testing.T, s string) {
require.NotPanics(t, func() {
parseDuration(s)
})
})
}
47 changes: 47 additions & 0 deletions api/utils/aws/fuzz_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
/*
Copyright 2022 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package aws

import (
"testing"

"github.com/stretchr/testify/require"
)

func FuzzParseRDSEndpoint(f *testing.F) {
f.Fuzz(func(t *testing.T, endpoint string) {
require.NotPanics(t, func() {
ParseRDSEndpoint(endpoint)
})
})
}

func FuzzParseRedshiftEndpoint(f *testing.F) {
f.Fuzz(func(t *testing.T, endpoint string) {
require.NotPanics(t, func() {
ParseRedshiftEndpoint(endpoint)
})
})
}

func FuzzParseElastiCacheEndpoint(f *testing.F) {
f.Fuzz(func(t *testing.T, endpoint string) {
require.NotPanics(t, func() {
ParseElastiCacheEndpoint(endpoint)
})
})
}
1 change: 1 addition & 0 deletions fuzz/corpora/fuzz_mongo_read/1
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
000�000000000000
Binary file added fuzz/corpora/fuzz_mssql_login/1
Binary file not shown.
Binary file added fuzz/corpora/fuzz_mssql_login/2
Binary file not shown.
Binary file added fuzz/corpora/fuzz_mssql_login/3
Binary file not shown.
Binary file added fuzz/corpora/fuzz_mssql_login/4
Binary file not shown.
Binary file added fuzz/corpora/fuzz_mssql_login/5
Binary file not shown.
Binary file added fuzz/corpora/fuzz_mssql_login/6
Binary file not shown.
Binary file added fuzz/corpora/fuzz_mssql_login/7
Binary file not shown.
33 changes: 33 additions & 0 deletions fuzz/corpora/fuzz_parse_saml_in_response_to/saml_okta_response
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
<?xml version="1.0" encoding="UTF-8"?><saml2p:Response Destination="https://boson.tener.io:3080/v1/webapi/saml/acs" ID="id336368461455218662129342736" InResponseTo="_4f256462-6c2d-466d-afc0-6ee36602b6f2" IssueInstant="2022-04-25T08:55:18.710Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xs="http://www.w3.org/2001/XMLSchema"><saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://www.okta.com/exk14fxcpjuKMcor30h8</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#id336368461455218662129342736"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xs" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>uBRfvYvl5C/LPCh36uAmRLHW76+aDP3ngChtIwP3/Fc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>M1VfkOOBH6r7niHhfGvf4OJ1HH5QJl83aD/b+mTDUUnXzHXgXlkb0BGQkSFn6ixojwCoXchpxCNzVLPN/tvfyY1dxP4MO8b+/07bGuVD2yTNlhN43/FFcDpmZ1ZDW8w2nPF1E5gy1lR8Wx2NgT3kQ2Ui1vRNX/KeX/P9NnABj4AjcshyHK2e49WLM/D4U84XOl7ODtzS7PTvtB0SGIwRE25G//8AsAv81eBfHL54Nz1HAqinMhxQtz32ZDXpKaAV6GypyBTvk6vo7Pkk4OiL6G9VIGC8Bd/gnavsc+Ickfuo7KTq8NDKTLB5WG34XKJqq6dGopSMrxr67oYjCEDZfw==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAX4zyofpMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi04MTMzNTQxHDAaBgkqhkiG9w0BCQEW
DWluZm9Ab2t0YS5jb20wHhcNMjIwMTA3MDkwNTU4WhcNMzIwMTA3MDkwNjU4WjCBkjELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtODEzMzU0MRwwGgYJ
KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
xQz+tLD5cNlOBfdohHvqNWIfC13OCSnUAe20qA0K8y+jtZrpwjtjjLX8iRuCx8dYc/nd6zYOhhSq
2sLmrRa09wUXXTgnLGcj50gePTaroYLyF4FNgQWLvPHJk0FGcx6JvD6L+V5RzYwH87Fhg8niP4LZ
EBw3iZnsIJN9KOuLuQeXTW0PIlMFzpCwT9aUCHCoLepe5Ou8oi8XcOCmsOESHPchV2RC/xQDIqRP
Lp1Sf7NNJ6mTmP2gOoLwsz95beOLrEI+PI/GgZBqM3OutWA0L9mAbJK9T5dPAvhnwCV+SK2HvicJ
T8c6uJxuKmoWv1t3SyaN0cIbmw6vj9CIf4DTwQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCWGgLL
f3tgUZRGjmR5iiKeOeaEWG/eaF1nfenVfSaWT9ckimcXyLCY/P7CXEBiioVrxjky07iceJpi4rVE
RcVZ8SGXCa0NroESmIFlIHez6vRTrqUsfDmidxsSCwY02eaBq+9gK5iXV5WeXMKbn0yeGwF+3PkU
RAH1HuypwMH0FJRLIdW36pw7FCrGrXpk3UC6mEumXC9FptjSK1FlW+ZckgDprePOoUpypEygr2UC
XXOsqT0dwBUUttdOQMZHqIiXS5VPJ8zhYPHBGYI8WGk5FWVuXIXhgRm7LN/EyXIvCOFmDH0tVnQL
V115UGOwvjOOxmOFbYBn865SHgMndFtr</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:Assertion ID="id33636846145688909913681942" IssueInstant="2022-04-25T08:55:18.710Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema"><saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://www.okta.com/exk14fxcpjuKMcor30h8</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#id33636846145688909913681942"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xs" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>XwJSotSzU2qLdzu/WDk8dpQ/Cy1Id88932S/95+N+Ds=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>qyIvGi1+w93AdGUj0+T5RYAq+CAjLSScMTMc7dLTEze6qr3mP51W/bCoZz8E47lpsbLeh0EiATa6h2Uaj6/34rILfCt3aQRNjNicu0gBKhePyNraapdnoyeqJEV8UrAOOKFiH30e5AvQ1nRZqfgY7KMt6cZH5/eXjUS63lPJJn4yr9vLw9loCdHCoHlaseh2IHi7CickyyxSMTX+Y58zpBy2g/KwN3K4oZM4a10ZYWkZpzkZJXDRSUkEc/wTTO7IPPY7Zv7R7UC+zjf5Px1sYeKTkkIxlZViZmtqjYuhibnTmhroJx7wX/LtOPxCkwLHlQRDACBNbP/UtrudU1ZMxA==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAX4zyofpMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi04MTMzNTQxHDAaBgkqhkiG9w0BCQEW
DWluZm9Ab2t0YS5jb20wHhcNMjIwMTA3MDkwNTU4WhcNMzIwMTA3MDkwNjU4WjCBkjELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtODEzMzU0MRwwGgYJ
KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
xQz+tLD5cNlOBfdohHvqNWIfC13OCSnUAe20qA0K8y+jtZrpwjtjjLX8iRuCx8dYc/nd6zYOhhSq
2sLmrRa09wUXXTgnLGcj50gePTaroYLyF4FNgQWLvPHJk0FGcx6JvD6L+V5RzYwH87Fhg8niP4LZ
EBw3iZnsIJN9KOuLuQeXTW0PIlMFzpCwT9aUCHCoLepe5Ou8oi8XcOCmsOESHPchV2RC/xQDIqRP
Lp1Sf7NNJ6mTmP2gOoLwsz95beOLrEI+PI/GgZBqM3OutWA0L9mAbJK9T5dPAvhnwCV+SK2HvicJ
T8c6uJxuKmoWv1t3SyaN0cIbmw6vj9CIf4DTwQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCWGgLL
f3tgUZRGjmR5iiKeOeaEWG/eaF1nfenVfSaWT9ckimcXyLCY/P7CXEBiioVrxjky07iceJpi4rVE
RcVZ8SGXCa0NroESmIFlIHez6vRTrqUsfDmidxsSCwY02eaBq+9gK5iXV5WeXMKbn0yeGwF+3PkU
RAH1HuypwMH0FJRLIdW36pw7FCrGrXpk3UC6mEumXC9FptjSK1FlW+ZckgDprePOoUpypEygr2UC
XXOsqT0dwBUUttdOQMZHqIiXS5VPJ8zhYPHBGYI8WGk5FWVuXIXhgRm7LN/EyXIvCOFmDH0tVnQL
V115UGOwvjOOxmOFbYBn865SHgMndFtr</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">[email protected]</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData InResponseTo="_4f256462-6c2d-466d-afc0-6ee36602b6f2" NotOnOrAfter="2022-04-25T09:00:18.711Z" Recipient="https://boson.tener.io:3080/v1/webapi/saml/acs"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2022-04-25T08:50:18.711Z" NotOnOrAfter="2022-04-25T09:00:18.711Z" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:AudienceRestriction><saml2:Audience>https://boson.tener.io:3080/v1/webapi/saml/acs</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2022-04-25T08:03:11.779Z" SessionIndex="_4f256462-6c2d-466d-afc0-6ee36602b6f2" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement><saml2:AttributeStatement xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:Attribute Name="username" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">[email protected]</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="groups" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Everyone</saml2:AttributeValue><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">okta-admin</saml2:AttributeValue><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">okta-dev</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion></saml2p:Response>
143 changes: 143 additions & 0 deletions fuzz/oss-fuzz-build.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,143 @@
#!/bin/bash -eu
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add a comment at the beginning here, or better yet a README in the fuzz directory that explains what these files are and how to use them?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

README sounds better. However, can we wait until the deliverable report is ready? I suppose there will be more tests and adjustments after the deployment and I wanted to avoid documenting something in the semi-final form.


TELEPORT_PREFIX="github.com/gravitational/teleport"

prepare_teleport() {

go get github.com/AdamKorcz/go-118-fuzz-build/utils
go get -u all || true
go mod tidy
go get github.com/AdamKorcz/go-118-fuzz-build/utils

# Fix /root/go/pkg/mod/github.com/aws/aws-sdk-go-v2/internal/[email protected]/fuzz.go:13:21:
# not enough arguments in call to Parse
rm -f /root/go/pkg/mod/github.com/aws/aws-sdk-go-v2/internal/ini@*/fuzz.go

}

prepare_teleport_api() {

(cd api; go get github.com/AdamKorcz/go-118-fuzz-build/utils)

}

build_teleport_fuzzers() {

compile_native_go_fuzzer $TELEPORT_PREFIX/lib/services \
FuzzParserEvalBoolPredicate fuzz_parser_eval_bool_predicate

compile_native_go_fuzzer $TELEPORT_PREFIX/lib/auth \
FuzzParseSAMLInResponseTo fuzz_parse_saml_in_response_to

compile_native_go_fuzzer $TELEPORT_PREFIX/lib/restrictedsession \
FuzzParseIPSpec fuzz_parse_ip_spec

compile_native_go_fuzzer $TELEPORT_PREFIX/lib/services \
FuzzParseRefs fuzz_parse_refs

compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/db/redis \
FuzzParseRedisAddress fuzz_parse_redis_address

compile_native_go_fuzzer $TELEPORT_PREFIX/lib/sshutils/x11 \
FuzzParseDisplay fuzz_parse_display

compile_native_go_fuzzer $TELEPORT_PREFIX/lib/utils/parse \
FuzzNewExpression fuzz_new_expression

compile_native_go_fuzzer $TELEPORT_PREFIX/lib/utils/parse \
FuzzNewMatcher fuzz_new_matcher

compile_native_go_fuzzer $TELEPORT_PREFIX/lib/utils \
FuzzParseProxyJump fuzz_parse_proxy_jump

compile_native_go_fuzzer $TELEPORT_PREFIX/lib/utils \
FuzzParseWebLinks fuzz_parse_web_links

compile_native_go_fuzzer $TELEPORT_PREFIX/lib/utils \
FuzzReadYAML fuzz_read_yaml

compile_native_go_fuzzer $TELEPORT_PREFIX/lib/client \
FuzzParseProxyHost fuzz_parse_proxy_host

compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/regular \
FuzzParseProxySubsys fuzz_parse_proxy_subsys

compile_native_go_fuzzer $TELEPORT_PREFIX/lib/kube/proxy \
FuzzParseResourcePath fuzz_parse_resource_path

compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/db/mysql/protocol \
FuzzParsePacket fuzz_parse_mysql_packet

compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/db/mysql/protocol \
FuzzFetchMySQLVersion fuzz_fetch_mysql_version

# compile_native_go_fuzzer $TELEPORT_PREFIX/lib/auth \
# FuzzParseAndVerifyIID fuzz_parse_and_verify_iid

compile_native_go_fuzzer $TELEPORT_PREFIX/lib/client \
FuzzParseLabelSpec fuzz_parse_label_spec

compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/db/sqlserver/protocol \
FuzzMSSQLLogin fuzz_mssql_login

# compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/db/mongodb/protocol \
# FuzzMongoRead fuzz_mongo_read
Comment on lines +83 to +84
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this one commented out?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The FuzzMongoRead is already implemented here https://github.com/gravitational/teleport/blob/master/lib/srv/db/mongodb/protocol/fuzz_test.go, but it is currently not usable since there is an overflow bug that has to be fixed. I'll document this in the deliverable.

For the second function, pkcs7.Parse from mozilla panicked during fuzzing tests. Is it better to remove them from the build script, or leave it commented out here?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did the issue with pkcs7.Parse get filed upstream?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@reedloden Yes, I saw this issue from February mozilla-services/pkcs7#67 and that's why I haven't filled a new one.

About the FuzzMongoRead, I described the issue to @jakule today and he mentioned that he would take a look.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From a quick look, mozilla-services/pkcs7#68 might fix it, though haven't looked that closely.


compile_native_go_fuzzer $TELEPORT_PREFIX/lib/services \
FuzzParserEvalBoolPredicate fuzz_parser_eval_bool_predicate

compile_native_go_fuzzer $TELEPORT_PREFIX/lib/auth/webauthn \
FuzzParseCredentialCreationResponseBody fuzz_parse_credential_creation_response_body

compile_native_go_fuzzer $TELEPORT_PREFIX/lib/auth/webauthn \
FuzzParseCredentialRequestResponseBody fuzz_parse_credential_request_response_body

compile_native_go_fuzzer $TELEPORT_PREFIX/lib/web \
FuzzTdpMFACodecDecode fuzz_tdp_mfa_codec_decode

}

build_teleport_api_fuzzers() {

cd api

compile_native_go_fuzzer $TELEPORT_PREFIX/api/types \
FuzzParseDuration fuzz_parse_duration

compile_native_go_fuzzer $TELEPORT_PREFIX/api/utils/aws \
FuzzParseRDSEndpoint fuzz_parse_rds_endpoint

compile_native_go_fuzzer $TELEPORT_PREFIX/api/utils/aws \
FuzzParseRedshiftEndpoint fuzz_parse_redshift_endpoint

compile_native_go_fuzzer $TELEPORT_PREFIX/api/utils/aws \
FuzzParseElastiCacheEndpoint fuzz_parse_elasti_cache_endpoint

cd -

}

compile() {

prepare_teleport
prepare_teleport_api

build_teleport_fuzzers
build_teleport_api_fuzzers

}

copy_corpora() {

# generate corpus
for fuzzer_path in fuzz/corpora/fuzz_*
do
fuzzer_name=$OUT/$(basename "$fuzzer_path")
rm -f "$fuzzer_name"_seed_corpus.zip
zip --junk-paths "$fuzzer_name"_seed_corpus.zip $fuzzer_path/*
done

}

copy_corpora
compile
44 changes: 44 additions & 0 deletions lib/auth/fuzz_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
/*
Copyright 2022 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package auth

import (
"encoding/base64"
"testing"

"github.com/sirupsen/logrus"
"github.com/stretchr/testify/require"
)

func FuzzParseSAMLInResponseTo(f *testing.F) {
// Disable Go App Engine logging
logrus.SetLevel(logrus.PanicLevel)

f.Fuzz(func(t *testing.T, response string) {
require.NotPanics(t, func() {
ParseSAMLInResponseTo(base64.StdEncoding.EncodeToString([]byte(response)))
})
})
}

func FuzzParseAndVerifyIID(f *testing.F) {
f.Fuzz(func(t *testing.T, iidBytes []byte) {
require.NotPanics(t, func() {
parseAndVerifyIID(iidBytes)
})
})
}
44 changes: 44 additions & 0 deletions lib/auth/webauthn/fuzz_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
/*
Copyright 2022 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package webauthn

import (
"bytes"
"testing"

"github.com/stretchr/testify/require"

"github.com/duo-labs/webauthn/protocol"
)

func FuzzParseCredentialCreationResponseBody(f *testing.F) {
f.Fuzz(func(t *testing.T, body []byte) {

require.NotPanics(t, func() {
protocol.ParseCredentialCreationResponseBody(bytes.NewReader(body))
})
})
}

func FuzzParseCredentialRequestResponseBody(f *testing.F) {
f.Fuzz(func(t *testing.T, body []byte) {

require.NotPanics(t, func() {
protocol.ParseCredentialRequestResponseBody(bytes.NewReader(body))
})
})
}
47 changes: 47 additions & 0 deletions lib/client/fuzz_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
/*
Copyright 2022 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package client

import (
"testing"

"github.com/stretchr/testify/require"
)

func FuzzParseProxyHost(f *testing.F) {
f.Fuzz(func(t *testing.T, proxyHost string) {
require.NotPanics(t, func() {
ParseProxyHost(proxyHost)
})
})
}

func FuzzParseLabelSpec(f *testing.F) {
f.Fuzz(func(t *testing.T, spec string) {
require.NotPanics(t, func() {
ParseLabelSpec(spec)
})
})
}

func FuzzParseSearchKeywords(f *testing.F) {
f.Fuzz(func(t *testing.T, spec string, customDelimiter rune) {
require.NotPanics(t, func() {
ParseSearchKeywords(spec, customDelimiter)
})
})
}
Loading