Skip to content

Commit

Permalink
Extend fuzzing for ctap1 and ctap2 requests
Browse files Browse the repository at this point in the history
Previously, we only fuzzed the deserialization of
PublicKeyCredentialUserEntity.  This patch replaces that fuzz target
with the deserialization of entire ctap1 and ctap2 requests.
  • Loading branch information
robin-nitrokey committed Jun 27, 2024
1 parent 4c6a2cb commit 5462df0
Show file tree
Hide file tree
Showing 5 changed files with 48 additions and 16 deletions.
14 changes: 14 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,20 @@ jobs:
cargo check --features get-info-full
cargo check --features large-blobs
check-fuzz:
name: Check fuzz targets
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: nightly
override: true
- name: Check library
run: |
cargo check --manifest-path fuzz/Cargo.toml
test:
name: Run tests
runs-on: ubuntu-latest
Expand Down
21 changes: 15 additions & 6 deletions fuzz/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,16 +1,15 @@

[package]
name = "ctap-types-fuzz"
version = "0.0.0"
authors = ["Automatically generated"]
publish = false
edition = "2018"
edition = "2021"

[package.metadata]
cargo-fuzz = true

[dependencies]
libfuzzer-sys = "0.3"
iso7816 = "0.1.2"
libfuzzer-sys = "0.4"

[dependencies.ctap-types]
path = ".."
Expand All @@ -20,5 +19,15 @@ path = ".."
members = ["."]

[[bin]]
name = "example"
path = "fuzz_targets/example.rs"
name = "ctap1"
path = "fuzz_targets/ctap1.rs"
test = false
doc = false
bench = false

[[bin]]
name = "ctap2"
path = "fuzz_targets/ctap2.rs"
test = false
doc = false
bench = false
11 changes: 11 additions & 0 deletions fuzz/fuzz_targets/ctap1.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
#![no_main]

use ctap_types::ctap1::Request;
use iso7816::command::Command;
use libfuzzer_sys::fuzz_target;

fuzz_target!(|data: &[u8]| {
if let Ok(command) = Command::<7609>::try_from(data) {
Request::try_from(&command).ok();
}
});
8 changes: 8 additions & 0 deletions fuzz/fuzz_targets/ctap2.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#![no_main]

use ctap_types::ctap2::Request;
use libfuzzer_sys::fuzz_target;

fuzz_target!(|data: &[u8]| {
Request::deserialize(data).ok();
});
10 changes: 0 additions & 10 deletions fuzz/fuzz_targets/example.rs

This file was deleted.

0 comments on commit 5462df0

Please sign in to comment.