Add some fuzzing with cargo-fuzz.

Depends on graphql-rust#1032.
LegNeato · Mar 1, 2022 · 57a0905 · 57a0905
1 parent 2b34ab0
commit 57a0905
Show file tree

Hide file tree

Showing 4 changed files with 95 additions and 0 deletions.
diff --git a/fuzz/.gitignore b/fuzz/.gitignore
@@ -0,0 +1,3 @@
+target
+corpus
+artifacts
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
@@ -0,0 +1,33 @@
+[package]
+name = "fuzz"
+version = "0.0.0"
+authors = ["Automatically generated"]
+publish = false
+edition = "2018"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = { version = "0.4", features = ["arbitrary-derive"] }
+apollo-smith = "0.1.0"
+
+[dependencies.juniper]
+path = "../juniper"
+features = ["arbitrary1"]
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[[bin]]
+name = "document_fuzzer"
+path = "fuzz_targets/document_fuzzer.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "introspection_fuzzer"
+path = "fuzz_targets/introspection_fuzzer.rs"
+test = false
+doc = false
diff --git a/fuzz/fuzz_targets/document_fuzzer.rs b/fuzz/fuzz_targets/document_fuzzer.rs
@@ -0,0 +1,32 @@
+#![no_main]
+use apollo_smith::DocumentBuilder;
+use libfuzzer_sys::{
+    arbitrary::{self, Unstructured},
+    fuzz_target,
+};
+
+use juniper::{DefaultScalarValue, EmptyMutation, EmptySubscription, GraphQLObject, RootNode};
+
+#[derive(Default, GraphQLObject, arbitrary::Arbitrary)]
+struct Query {
+    x: i32,
+    y: String,
+    z: Vec<bool>,
+}
+
+fuzz_target!(|input: &[u8]| {
+    let mut u = Unstructured::new(input);
+    let mut u2 = Unstructured::new(input);
+    if let Ok(gql_doc) = DocumentBuilder::new(&mut u) {
+        let document = gql_doc.finish();
+        let doc = String::from(document);
+
+        let arbitrary_schema: arbitrary::Result<
+            RootNode<Query, EmptyMutation<()>, EmptySubscription<()>, DefaultScalarValue>,
+        > = u2.arbitrary();
+
+        if let Ok(schema) = arbitrary_schema {
+            let _ = juniper::parser::parse_document_source(doc.as_str(), &schema.schema);
+        }
+    }
+});
diff --git a/fuzz/fuzz_targets/introspection_fuzzer.rs b/fuzz/fuzz_targets/introspection_fuzzer.rs
@@ -0,0 +1,27 @@
+#![no_main]
+use libfuzzer_sys::{
+    arbitrary::{self, Unstructured},
+    fuzz_target,
+};
+
+use juniper::{
+    DefaultScalarValue, EmptyMutation, EmptySubscription, GraphQLObject, IntrospectionFormat,
+};
+
+#[derive(Default, GraphQLObject, arbitrary::Arbitrary)]
+struct Query {
+    x: i32,
+    y: String,
+    z: Vec<bool>,
+}
+
+fuzz_target!(|input: &[u8]| {
+    let mut u = Unstructured::new(input);
+    let arbitrary_schema: arbitrary::Result<
+        juniper::RootNode<Query, EmptyMutation<()>, EmptySubscription<()>, DefaultScalarValue>,
+    > = u.arbitrary();
+
+    if let Ok(schema) = arbitrary_schema {
+        let _ = juniper::introspect(&schema, &(), IntrospectionFormat::default());
+    }
+});