diff --git a/Makefile b/Makefile index c8652becc30..116bcc8fb10 100644 --- a/Makefile +++ b/Makefile @@ -165,6 +165,18 @@ cover: # Generate the HTML report that can be viewed from the browser in CI. $Q go tool cover -html ".cover/c.out" -o .cover/all.html +.PHONY: fuzz +fuzz: + @go test -fuzz=FuzzIPDecoder -fuzztime=600s ./packet + @go test -fuzz=FuzzICMPDecoder -fuzztime=600s ./packet + @go test -fuzz=FuzzSessionWrite -fuzztime=600s ./quic/v3 + @go test -fuzz=FuzzSessionServe -fuzztime=600s ./quic/v3 + @go test -fuzz=FuzzRegistrationDatagram -fuzztime=600s ./quic/v3 + @go test -fuzz=FuzzPayloadDatagram -fuzztime=600s ./quic/v3 + @go test -fuzz=FuzzRegistrationResponseDatagram -fuzztime=600s ./quic/v3 + @go test -fuzz=FuzzNewIdentity -fuzztime=600s ./tracing + @go test -fuzz=FuzzNewAccessValidator -fuzztime=600s ./validation + .PHONY: install-go install-go: rm -rf ${CF_GO_PATH} diff --git a/packet/decoder_test.go b/packet/decoder_test.go index b8770d74db5..4dc968868fa 100644 --- a/packet/decoder_test.go +++ b/packet/decoder_test.go @@ -254,3 +254,18 @@ func (u *UDP) EncodeLayers() ([]gopacket.SerializableLayer, error) { udpLayer.SetNetworkLayerForChecksum(ipLayers[0].(gopacket.NetworkLayer)) return append(ipLayers, &udpLayer), nil } + +func FuzzIPDecoder(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + ipDecoder := NewIPDecoder() + ipDecoder.Decode(RawPacket{Data: data}) + + }) +} + +func FuzzICMPDecoder(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + icmpDecoder := NewICMPDecoder() + icmpDecoder.Decode(RawPacket{Data: data}) + }) +} diff --git a/quic/v3/datagram_test.go b/quic/v3/datagram_test.go index ff46ef2462a..2c5f06fb9fb 100644 --- a/quic/v3/datagram_test.go +++ b/quic/v3/datagram_test.go @@ -350,3 +350,30 @@ func compareRegistrationDatagrams(t *testing.T, l *v3.UDPSessionRegistrationData l.IdleDurationHint == r.IdleDurationHint && l.Traced == r.Traced } + +func FuzzRegistrationDatagram(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + unmarshaled := v3.UDPSessionRegistrationDatagram{} + err := unmarshaled.UnmarshalBinary(data) + if err == nil { + _, _ = unmarshaled.MarshalBinary() + } + }) +} + +func FuzzPayloadDatagram(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + unmarshaled := v3.UDPSessionPayloadDatagram{} + _ = unmarshaled.UnmarshalBinary(data) + }) +} + +func FuzzRegistrationResponseDatagram(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + unmarshaled := v3.UDPSessionRegistrationResponseDatagram{} + err := unmarshaled.UnmarshalBinary(data) + if err == nil { + _, _ = unmarshaled.MarshalBinary() + } + }) +} diff --git a/tracing/tracing_test.go b/tracing/tracing_test.go index 5c478ed69a3..826e4f12b94 100644 --- a/tracing/tracing_test.go +++ b/tracing/tracing_test.go @@ -72,3 +72,9 @@ func TestAddingSpansWithNilMap(t *testing.T) { // a panic shouldn't occur tr.AddSpans(nil) } + +func FuzzNewIdentity(f *testing.F) { + f.Fuzz(func(t *testing.T, trace string) { + _, _ = NewIdentity(trace) + }) +} diff --git a/validation/validation_test.go b/validation/validation_test.go index 9f4a2cebc21..3e4534cff37 100644 --- a/validation/validation_test.go +++ b/validation/validation_test.go @@ -197,3 +197,10 @@ func createSecureMockServerAndClient(handler http.Handler) (*httptest.Server, *h return server, client, nil } + +func FuzzNewAccessValidator(f *testing.F) { + f.Fuzz(func(t *testing.T, domain string, issuer string, applicationAUD string) { + ctx := context.Background() + _, _ = NewAccessValidator(ctx, domain, issuer, applicationAUD) + }) +}