diff options
| author | Arjun <pkillarjun@protonmail.com> | 2024-05-25 17:52:02 +0530 |
|---|---|---|
| committer | Andrew Clayton <a.clayton@nginx.com> | 2024-06-14 15:11:38 +0100 |
| commit | 965fc94e4910da14d13a2f10d997cc720b3f6127 (patch) | |
| tree | 6b730222901649e2e2b996b7219ce12fe1f15fe3 | |
| parent | 04a24f61e069926a6546917ee049dc17fbaf1d03 (diff) | |
| download | unit-965fc94e4910da14d13a2f10d997cc720b3f6127.tar.gz unit-965fc94e4910da14d13a2f10d997cc720b3f6127.tar.bz2 | |
fuzzing: add fuzzing infrastructure in build system
Signed-off-by: Arjun <pkillarjun@protonmail.com>
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
| -rw-r--r-- | auto/fuzzing | 75 | ||||
| -rw-r--r-- | auto/help | 2 | ||||
| -rw-r--r-- | auto/make | 2 | ||||
| -rw-r--r-- | auto/options | 4 | ||||
| -rw-r--r-- | auto/sources | 9 | ||||
| -rw-r--r-- | auto/summary | 2 | ||||
| -rwxr-xr-x | configure | 2 | ||||
| -rw-r--r-- | fuzzing/build-fuzz.sh | 20 | ||||
| -rw-r--r-- | fuzzing/oss-fuzz.sh | 29 |
9 files changed, 144 insertions, 1 deletions
diff --git a/auto/fuzzing b/auto/fuzzing new file mode 100644 index 00000000..f792941b --- /dev/null +++ b/auto/fuzzing @@ -0,0 +1,75 @@ +# Copyright (C) NGINX, Inc. + + +if [ -n "$NXT_FUZZ" ]; then + + # Fuzz-Test object files list. + + $echo "NXT_FUZZ_OBJS = \\" >> $NXT_MAKEFILE + + for nxt_src in $NXT_FUZZ_SRCS + do + nxt_obj=${nxt_src%.c}.o + $echo " $NXT_BUILD_DIR/$nxt_obj \\" >> $NXT_MAKEFILE + done + + + # Fuzz-Test executables. + + cat << END >> $NXT_MAKEFILE + +.PHONY: fuzz +fuzz: $NXT_BUILD_DIR/fuzz_basic \\ + $NXT_BUILD_DIR/fuzz_http_controller \\ + $NXT_BUILD_DIR/fuzz_http_h1p \\ + $NXT_BUILD_DIR/fuzz_http_h1p_peer \\ + $NXT_BUILD_DIR/fuzz_json + +$NXT_BUILD_DIR/fuzz_basic: \$(NXT_FUZZ_OBJS) \\ + $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC + \$(PP_LD) \$@ + \$(v)\$(NXT_EXEC_LINK) -o $NXT_BUILD_DIR/fuzz_basic \\ + \$(CFLAGS) $NXT_BUILD_DIR/fuzzing/nxt_basic_fuzz.o \\ + $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC \\ + $NXT_LD_OPT $NXT_LIBM $NXT_LIBS $NXT_LIB_AUX_LIBS \\ + $NXT_FUZZ + +$NXT_BUILD_DIR/fuzz_http_controller: \$(NXT_FUZZ_OBJS) \\ + $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC + \$(PP_LD) \$@ + \$(v)\$(NXT_EXEC_LINK) -o $NXT_BUILD_DIR/fuzz_http_controller \\ + \$(CFLAGS) $NXT_BUILD_DIR/fuzzing/nxt_http_controller_fuzz.o \\ + $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC \\ + $NXT_LD_OPT $NXT_LIBM $NXT_LIBS $NXT_LIB_AUX_LIBS \\ + $NXT_FUZZ + +$NXT_BUILD_DIR/fuzz_http_h1p: \$(NXT_FUZZ_OBJS) \\ + $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC + \$(PP_LD) \$@ + \$(v)\$(NXT_EXEC_LINK) -o $NXT_BUILD_DIR/fuzz_http_h1p \\ + \$(CFLAGS) $NXT_BUILD_DIR/fuzzing/nxt_http_h1p_fuzz.o \\ + $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC \\ + $NXT_LD_OPT $NXT_LIBM $NXT_LIBS $NXT_LIB_AUX_LIBS \\ + $NXT_FUZZ + +$NXT_BUILD_DIR/fuzz_http_h1p_peer: \$(NXT_FUZZ_OBJS) \\ + $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC + \$(PP_LD) \$@ + \$(v)\$(NXT_EXEC_LINK) -o $NXT_BUILD_DIR/fuzz_http_h1p_peer \\ + \$(CFLAGS) $NXT_BUILD_DIR/fuzzing/nxt_http_h1p_peer_fuzz.o \\ + $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC \\ + $NXT_LD_OPT $NXT_LIBM $NXT_LIBS $NXT_LIB_AUX_LIBS \\ + $NXT_FUZZ + +$NXT_BUILD_DIR/fuzz_json: \$(NXT_FUZZ_OBJS) \\ + $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC + \$(PP_LD) \$@ + \$(v)\$(NXT_EXEC_LINK) -o $NXT_BUILD_DIR/fuzz_json \\ + \$(CFLAGS) $NXT_BUILD_DIR/fuzzing/nxt_json_fuzz.o \\ + $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC \\ + $NXT_LD_OPT $NXT_LIBM $NXT_LIBS $NXT_LIB_AUX_LIBS \\ + $NXT_FUZZ + +END + +fi @@ -54,6 +54,8 @@ cat << END --debug enable debug logging + --fuzz=ENGINE enable fuzz testing + python OPTIONS configure Python module run "./configure python --help" to see available options @@ -158,7 +158,7 @@ END # Object files. -for nxt_src in $NXT_LIB_SRCS $NXT_TEST_SRCS $NXT_LIB_UNIT_SRCS \ +for nxt_src in $NXT_LIB_SRCS $NXT_TEST_SRCS $NXT_FUZZ_SRCS $NXT_LIB_UNIT_SRCS \ src/test/nxt_unit_app_test.c \ src/test/nxt_unit_websocket_chat.c \ src/test/nxt_unit_websocket_echo.c diff --git a/auto/options b/auto/options index 0550c699..5be1ebe1 100644 --- a/auto/options +++ b/auto/options @@ -42,6 +42,8 @@ NXT_TEST_BUILD_HPUX_SENDFILE=NO NXT_TESTS=NO +NXT_FUZZ= + NXT_HELP=NO for nxt_option @@ -125,6 +127,8 @@ do --tests) NXT_TESTS=YES ;; + --fuzz=*) NXT_FUZZ="$value" ;; + --help) . auto/help exit 0 diff --git a/auto/sources b/auto/sources index f34d7fd7..dfabf7cf 100644 --- a/auto/sources +++ b/auto/sources @@ -307,6 +307,15 @@ if [ $NXT_TESTS = YES ]; then fi +NXT_FUZZ_SRCS=" \ + fuzzing/nxt_basic_fuzz.c \ + fuzzing/nxt_http_controller_fuzz.c \ + fuzzing/nxt_http_h1p_fuzz.c \ + fuzzing/nxt_http_h1p_peer_fuzz.c \ + fuzzing/nxt_json_fuzz.c \ +" + + NXT_SRCS=" \ src/nxt_main.c \ " diff --git a/auto/summary b/auto/summary index dd7a60a0..b6caee6c 100644 --- a/auto/summary +++ b/auto/summary @@ -36,4 +36,6 @@ Unit configuration summary: debug logging: ............. $NXT_DEBUG + fuzz engine: ............... "$NXT_FUZZ" + END @@ -57,6 +57,7 @@ esac mkdir -p $NXT_BUILD_DIR mkdir -p $NXT_BUILD_DIR/bin +mkdir -p $NXT_BUILD_DIR/fuzzing mkdir -p $NXT_BUILD_DIR/include mkdir -p $NXT_BUILD_DIR/lib mkdir -p $NXT_BUILD_DIR/lib/unit/modules @@ -179,4 +180,5 @@ if [ $NXT_NJS != NO ]; then fi . auto/make +. auto/fuzzing . auto/summary diff --git a/fuzzing/build-fuzz.sh b/fuzzing/build-fuzz.sh new file mode 100644 index 00000000..04f080d9 --- /dev/null +++ b/fuzzing/build-fuzz.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + +export CC=clang +export CXX=clang++ +export CFLAGS="-g -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address,undefined -fsanitize=fuzzer-no-link" +export CXXFLAGS="-g -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address,undefined -fsanitize=fuzzer-no-link" +export LIB_FUZZING_ENGINE="-fsanitize=fuzzer" + +./configure --no-regex --no-pcre2 --fuzz=$LIB_FUZZING_ENGINE +make fuzz -j$(nproc) + +mkdir -p build/fuzz_basic_seed +mkdir -p build/fuzz_http_controller_seed +mkdir -p build/fuzz_http_h1p_seed +mkdir -p build/fuzz_http_h1p_peer_seed +mkdir -p build/fuzz_json_seed + +echo "" +echo "Run: ./build/\${fuzzer} build/\${fuzzer}_seed src/fuzz/\${fuzzer}_seed_corpus" +echo "" diff --git a/fuzzing/oss-fuzz.sh b/fuzzing/oss-fuzz.sh new file mode 100644 index 00000000..1fe5ecda --- /dev/null +++ b/fuzzing/oss-fuzz.sh @@ -0,0 +1,29 @@ +#!/bin/bash -eu + +# Build unit +./configure --no-regex --no-pcre2 --fuzz="$LIB_FUZZING_ENGINE" +make fuzz -j"$(nproc)" + +# Copy all fuzzers. +cp build/fuzz_* $OUT/ + +# cd into fuzzing dir +pushd fuzzing/ +cp fuzz_http.dict $OUT/fuzz_http_controller.dict +cp fuzz_http.dict $OUT/fuzz_http_h1p.dict +cp fuzz_http.dict $OUT/fuzz_http_h1p_peer.dict + +# Create temporary directories. +cp -r fuzz_http_seed_corpus/ fuzz_http_controller_seed_corpus/ +cp -r fuzz_http_seed_corpus/ fuzz_http_h1p_seed_corpus/ +cp -r fuzz_http_seed_corpus/ fuzz_http_h1p_peer_seed_corpus/ + +zip -r $OUT/fuzz_basic_seed_corpus.zip fuzz_basic_seed_corpus/ +zip -r $OUT/fuzz_http_controller_seed_corpus.zip fuzz_http_controller_seed_corpus/ +zip -r $OUT/fuzz_http_h1p_seed_corpus.zip fuzz_http_h1p_seed_corpus/ +zip -r $OUT/fuzz_http_h1p_peer_seed_corpus.zip fuzz_http_h1p_peer_seed_corpus/ +zip -r $OUT/fuzz_json_seed_corpus.zip fuzz_json_seed_corpus/ + +# Delete temporary directories. +rm -r fuzz_http_controller_seed_corpus/ fuzz_http_h1p_seed_corpus/ fuzz_http_h1p_peer_seed_corpus/ +popd |