From 7c60b1da302dbccfb108a264180ac42d04615d92 Mon Sep 17 00:00:00 2001 From: Sepehrdad <26747519+sepehrdaddev@users.noreply.github.com> Date: Fri, 8 Dec 2023 18:17:55 +0100 Subject: [PATCH] clusterfuzzlite: pin dependencies, update dictionary, fix fuzz server (#2785) * clusterfuzzlite: pin dependencies, update dictionary, fix fuzz server performance. Signed-off-by: Sepehrdad Sh <26747519+sepehrdaddev@users.noreply.github.com> * clusterfuzzlite: enable parallel fuzzing Signed-off-by: Sepehrdad Sh <26747519+sepehrdaddev@users.noreply.github.com> --------- Signed-off-by: Sepehrdad Sh <26747519+sepehrdaddev@users.noreply.github.com> --- .clusterfuzzlite/Dockerfile | 2 +- .github/workflows/cflite_pr.yaml | 5 +- fuzz/dictionaries/FuzzParseEskip.dict | 323 +++++++++++++------------- fuzz/fuzz_targets/FuzzServer.go | 4 +- 4 files changed, 170 insertions(+), 164 deletions(-) diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile index 2eefef18e4..6df6c3b474 100644 --- a/.clusterfuzzlite/Dockerfile +++ b/.clusterfuzzlite/Dockerfile @@ -1,4 +1,4 @@ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder-go@sha256:f7970e735dcd3c5f360ae92b40a20414d70ef3b534ff6f3566dcad1b1cb2ec4c COPY . $SRC/skipper COPY ./.clusterfuzzlite/build.sh $SRC/ diff --git a/.github/workflows/cflite_pr.yaml b/.github/workflows/cflite_pr.yaml index 270b484ca4..dc24dbfb70 100644 --- a/.github/workflows/cflite_pr.yaml +++ b/.github/workflows/cflite_pr.yaml @@ -18,17 +18,18 @@ jobs: steps: - name: Build Fuzzers (${{ matrix.sanitizer }}) id: build - uses: google/clusterfuzzlite/actions/build_fuzzers@v1 + uses: google/clusterfuzzlite/actions/build_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1 with: language: go github-token: ${{ secrets.GITHUB_TOKEN }} sanitizer: ${{ matrix.sanitizer }} - name: Run Fuzzers (${{ matrix.sanitizer }}) id: run - uses: google/clusterfuzzlite/actions/run_fuzzers@v1 + uses: google/clusterfuzzlite/actions/run_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1 with: github-token: ${{ secrets.GITHUB_TOKEN }} fuzz-seconds: 300 mode: 'code-change' sanitizer: ${{ matrix.sanitizer }} output-sarif: true + parallel-fuzzing: true diff --git a/fuzz/dictionaries/FuzzParseEskip.dict b/fuzz/dictionaries/FuzzParseEskip.dict index d03c7a31a3..9d9a93c76d 100644 --- a/fuzz/dictionaries/FuzzParseEskip.dict +++ b/fuzz/dictionaries/FuzzParseEskip.dict @@ -1,188 +1,193 @@ -"&&" -"*" -"->" -")" -":" -"," -"(" -";" -"" -"" -"" -"<" -">" -"backendIsProxy" -"modRequestHeader" -"setRequestHeader" -"appendRequestHeader" -"dropRequestHeader" -"modResponseHeader" -"setResponseHeader" -"appendResponseHeader" -"dropResponseHeader" -"setContextRequestHeader" +"absorb" +"absorbSilent" +"admissionControl" +"After" +"apiUsageMonitoring" "appendContextRequestHeader" -"setContextResponseHeader" "appendContextResponseHeader" +"appendRequestHeader" +"appendResponseHeader" +"auditLog" +"backendBandwidth" +"backendChunks" +"backendIsProxy" +"backendLatency" +"backendRatelimit" +"backendTimeout" +"bandwidth" +"basicAuth" +"bearerinjector" +"Before" +"Between" +"blockContent" +"blockContentHex" +"chunks" +"ClientIP" +"clientRatelimit" +"clusterClientRatelimit" +"clusterLeakyBucketRatelimit" +"clusterRatelimit" +"compress" +"consecutiveBreaker" +"consistentHashBalanceFactor" +"consistentHashKey" +"ContentLengthBetween" +"Cookie" "copyRequestHeader" "copyResponseHeader" -"modPath" -"setPath" -"redirectTo" -"redirectToLower" -"static" -"stripQuery" -"preserveHost" -"status" -"compress" +"corsOrigin" +"Cron" "decompress" -"setQuery" +"disableAccessLog" +"disableBreaker" +"disableRatelimit" "dropQuery" +"dropRequestCookie" +"dropRequestHeader" +"dropResponseCookie" +"dropResponseHeader" +"enableAccessLog" +"endpointCreated" +"errors" +"fadeIn" +"False" +"fifo" +"fifoWithBody" +"flowId" +"ForwardedHost" +"ForwardedProtocol" +"forwardToken" +"forwardTokenField" +"grantCallback" +"grantClaimsQuery" +"grantLogout" +"Header" +"HeaderRegexp" +"HeaderSHA256" +"headerToQuery" +"healthcheck" +"histogramRequestLatency" +"histogramResponseLatency" +"Host" +"HostAny" "inlineContent" "inlineContentIfStatus" -"flowId" -"xforward" -"xforwardFirst" -"randomContent" -"repeatContent" -"repeatContentHex" -"wrapContent" -"wrapContentHex" -"backendTimeout" -"readTimeout" -"writeTimeout" -"blockContent" -"blockContentHex" +"invalid predicate parameters" +"jsCookie" +"JWTPayloadAllKV" +"JWTPayloadAllKVRegexp" +"JWTPayloadAnyKV" +"JWTPayloadAnyKVRegexp" +"jwtValidation" "latency" -"bandwidth" -"chunks" -"backendLatency" -"backendBandwidth" -"backendChunks" -"absorb" -"absorbSilent" -"uniformRequestLatency" -"uniformResponseLatency" +"lifo" +"lifoGroup" +"logHeader" +"lua" +"Method" +"Methods" +"modPath" +"modRequestHeader" +"modResponseHeader" "normalRequestLatency" "normalResponseLatency" -"histogramRequestLatency" -"histogramResponseLatency" -"logHeader" -"tee" -"teenf" -"teeLoopback" -"sed" -"sedDelim" -"sedRequest" -"sedRequestDelim" -"basicAuth" -"webhook" -"oauthTokeninfoAnyScope" +"oauthGrant" +"oauthOidcAllClaims" +"oauthOidcAnyClaims" +"oauthOidcUserInfo" +"oauthTokeninfoAllKV" "oauthTokeninfoAllScope" "oauthTokeninfoAnyKV" -"oauthTokeninfoAllKV" -"oauthTokenintrospectionAnyClaims" +"oauthTokeninfoAnyScope" "oauthTokenintrospectionAllClaims" -"oauthTokenintrospectionAnyKV" "oauthTokenintrospectionAllKV" -"secureOauthTokenintrospectionAnyClaims" -"secureOauthTokenintrospectionAllClaims" -"secureOauthTokenintrospectionAnyKV" -"secureOauthTokenintrospectionAllKV" -"forwardToken" -"forwardTokenField" -"oauthGrant" -"grantCallback" -"grantLogout" -"grantClaimsQuery" -"jwtValidation" -"oauthOidcUserInfo" -"oauthOidcAnyClaims" -"oauthOidcAllClaims" +"oauthTokenintrospectionAnyClaims" +"oauthTokenintrospectionAnyKV" "oidcClaimsQuery" -"dropRequestCookie" -"dropResponseCookie" -"requestCookie" -"responseCookie" -"jsCookie" -"consecutiveBreaker" +"opaAuthorizeRequest" +"opaServeResponse" +"originMarker" +"Path" +"PathRegexp" +"PathSubtree" +"preserveHost" +"QueryParam" +"queryToHeader" +"randomContent" "rateBreaker" -"disableBreaker" -"admissionControl" -"clientRatelimit" "ratelimit" -"clusterClientRatelimit" -"clusterRatelimit" -"clusterLeakyBucketRatelimit" -"backendRatelimit" "ratelimitFailClosed" -"lua" -"corsOrigin" -"headerToQuery" -"queryToHeader" -"disableAccessLog" -"enableAccessLog" -"auditLog" -"unverifiedAuditLog" -"setDynamicBackendHostFromHeader" -"setDynamicBackendSchemeFromHeader" -"setDynamicBackendUrlFromHeader" +"readTimeout" +"redirectTo" +"redirectToLower" +"repeatContent" +"repeatContentHex" +"requestCookie" +"responseCookie" +"rfcHost" +"rfcPath" +"secureOauthTokenintrospectionAllClaims" +"secureOauthTokenintrospectionAllKV" +"secureOauthTokenintrospectionAnyClaims" +"secureOauthTokenintrospectionAnyKV" +"sed" +"sedDelim" +"sedRequest" +"sedRequestDelim" +"setContextRequestHeader" +"setContextResponseHeader" "setDynamicBackendHost" +"setDynamicBackendHostFromHeader" "setDynamicBackendScheme" +"setDynamicBackendSchemeFromHeader" "setDynamicBackendUrl" -"apiUsageMonitoring" -"fifo" -"lifo" -"lifoGroup" -"rfcPath" -"rfcHost" -"bearerinjector" -"tracingBaggageToTag" -"stateBagToTag" -"tracingTag" -"tracingTagFromResponse" -"tracingSpanName" -"originMarker" -"fadeIn" -"endpointCreated" -"consistentHashKey" -"consistentHashBalanceFactor" -"opaAuthorizeRequest" -"opaServeResponse" -"healthcheck" +"setDynamicBackendUrlFromHeader" "setFastCgiFilename" -"disableRatelimit" -"unknownRatelimit" -"Path" -"PathSubtree" -"PathRegexp" -"Host" -"HostAny" -"ForwardedHost" -"ForwardedProtocol" -"Weight" -"True" -"False" +"setPath" +"setQuery" +"setRequestHeader" +"setRequestHeaderFromSecret" +"setResponseHeader" "Shutdown" -"Method" -"Methods" -"Header" -"HeaderRegexp" -"Cookie" -"JWTPayloadAnyKV" -"JWTPayloadAllKV" -"JWTPayloadAnyKVRegexp" -"JWTPayloadAllKVRegexp" -"HeaderSHA256" -"After" -"Before" -"Between" -"Cron" -"QueryParam" "Source" "SourceFromLast" -"ClientIP" +"stateBagToTag" +"static" +"status" +"stripQuery" +"tarpit" +"tee" "Tee" +"teeLoopback" +"teenf" +"tracingBaggageToTag" +"tracingSpanName" +"tracingTag" +"tracingTagFromResponse" "Traffic" "TrafficSegment" -"ContentLengthBetween" \ No newline at end of file +"True" +"uniformRequestLatency" +"uniformResponseLatency" +"unknownRatelimit" +"unverifiedAuditLog" +"webhook" +"Weight" +"wrapContent" +"wrapContentHex" +"writeTimeout" +"xforward" +"xforwardFirst" +"&&" +"(" +")" +"*" +"," +"->" +":" +";" +"<" +">" +"" +"" +"" diff --git a/fuzz/fuzz_targets/FuzzServer.go b/fuzz/fuzz_targets/FuzzServer.go index 422f2ee498..5d3151291f 100644 --- a/fuzz/fuzz_targets/FuzzServer.go +++ b/fuzz/fuzz_targets/FuzzServer.go @@ -21,7 +21,7 @@ var ( ) func find_address() (string, error) { - l, err := net.ListenTCP("tcp", &net.TCPAddr{}) + l, err := net.ListenTCP("tcp", &net.TCPAddr{IP: net.ParseIP("127.0.0.1")}) if err != nil { return "", err @@ -61,7 +61,7 @@ func run_server() { cfg.AccessLogDisabled = true cfg.ApplicationLog = "/dev/null" cfg.Address = addr - cfg.SupportListener = ":0" + cfg.SupportListener = "127.0.0.1:0" go func() { log.Fatal(skipper.Run(cfg.ToOptions()))