status-im
/
nim-eth
mirror of https://github.com/status-im/nim-eth.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add convenience init and test macro to create fuzzing tests

This commit is contained in:
kdeme 2019-09-25 17:02:43 +02:00 committed by zah
parent 70a892fff7
commit 2a91a8d0cc
2 changed files with 54 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
tests/fuzzing/discovery/fuzz.nim
View File

@ -5,7 +5,7 @@ import
const DefaultListeningPort = 30303 const DefaultListeningPort = 30303
var targetNode: DiscoveryProtocol var targetNode: DiscoveryProtocol
proc init() = init:
# Set up a discovery node, this is the node we target when fuzzing # Set up a discovery node, this is the node we target when fuzzing
var var
targetNodeKey = initPrivateKey("a2b50376a79b1a8c8a3296485572bdfbf54708bb46d3c25d73d2723aaaf6a617") targetNodeKey = initPrivateKey("a2b50376a79b1a8c8a3296485572bdfbf54708bb46d3c25d73d2723aaaf6a617")
@ -14,51 +14,21 @@ proc init() =
# Create the transport as else replies on the messages send will fail. # Create the transport as else replies on the messages send will fail.
targetNode.open() targetNode.open()
proc test(payload: seq[byte]) = test:
var var
msg: seq[byte] msg: seq[byte]
address: Address address: Address
fuzz: # Sending raw payload is possible but won't find us much. We need a hash and
# Sending raw payload is possible but won't find us much. We need a hash and # a signature, and without it there is a big chance it will always result in
# a signature, and without it there is a big chance it will always result in # "Wrong msg mac from" error.
# "Wrong msg mac from" error. let nodeKey = initPrivateKey("a2b50376a79b1a8c8a3296485572bdfbf54708bb46d3c25d73d2723aaaf6a618")
let nodeKey = initPrivateKey("a2b50376a79b1a8c8a3296485572bdfbf54708bb46d3c25d73d2723aaaf6a618") msg = packData(payload, nodeKey)
msg = packData(payload, nodeKey) address = localAddress(DefaultListeningPort + 1)
address = localAddress(DefaultListeningPort + 1)
try: try:
targetNode.receive(address, msg) targetNode.receive(address, msg)
# These errors are also catched in `processClient` in discovery.nim # These errors are also catched in `processClient` in discovery.nim
# TODO: move them a layer down in discovery so we can do a cleaner test there? # TODO: move them a layer down in discovery so we can do a cleaner test there?
except RlpError, DiscProtocolError: except RlpError, DiscProtocolError:
debug "Receive failed", err = getCurrentExceptionMsg() debug "Receive failed", err = getCurrentExceptionMsg()
proc NimMain() {.importc: "NimMain".}
proc fuzzerInit(): cint {.exportc: "LLVMFuzzerInitialize".} =
NimMain()
init()
return 0
template `+`*[T](p: ptr T, off: int): ptr T =
cast[ptr type(p[])](cast[ByteAddress](p) +% off * sizeof(p[]))
proc fuzzerCall(data: ptr byte, len: csize): cint {.exportc: "LLVMFuzzerTestOneInput".} =
if len > 0:
var input: seq[byte]
# TODO: something better to get this data in the seq?
newSeq(input, len)
for i in 0..<len:
input[i] = (data + i)[]
test(input)
return 0
when defined(afl):
init()
test(readStdin())

44
tests/fuzzing/fuzz_helpers.nim
View File

@ -1,6 +1,6 @@
import streams, posix, sequtils, strutils, chronicles import streams, posix, strutils, chronicles, macros
template fuzz*(body) = template fuzz(body) =
# For code we want to fuzz, SIGSEGV is needed on unwanted exceptions. # For code we want to fuzz, SIGSEGV is needed on unwanted exceptions.
# However, this is only needed when fuzzing with afl. # However, this is only needed when fuzzing with afl.
when defined(afl): when defined(afl):
@ -23,5 +23,41 @@ proc readStdin*(): seq[byte] =
s.close() s.close()
# Remove newline if it is there # Remove newline if it is there
input.removeSuffix input.removeSuffix
# TODO: is there a better/faster way? result = cast[seq[byte]](input)
result = input.mapIt(it.byte)
proc NimMain() {.importc: "NimMain".}
template `+`*[T](p: ptr T, off: int): ptr T =
cast[ptr type(p[])](cast[ByteAddress](p) +% off * sizeof(p[]))
macro test*(body: untyped): untyped =
when defined(afl):
result = quote do:
var payload {.inject.} = readStdin()
fuzz: `body`
else:
result = quote do:
proc fuzzerCall(data: ptr byte, len: csize):
cint {.exportc: "LLVMFuzzerTestOneInput".} =
var payload {.inject.} : seq[byte]
if len > 0:
# TODO: something better to get this data in the seq?
newSeq(payload, len)
for i in 0..<len:
payload[i] = (data + i)[]
`body`
macro init*(body: untyped): untyped =
when defined(afl):
result = quote do:
fuzz: `body`
else:
result = quote do:
proc fuzzerInit(): cint {.exportc: "LLVMFuzzerInitialize".} =
NimMain()
`body`
return 0