Add support to fuzz proto data in uber filter fuzzer#10796
Merged
mattklein123 merged 13 commits intoenvoyproxy:masterfrom May 13, 2020
Merged
Add support to fuzz proto data in uber filter fuzzer#10796mattklein123 merged 13 commits intoenvoyproxy:masterfrom
mattklein123 merged 13 commits intoenvoyproxy:masterfrom
Conversation
asraa
reviewed
Apr 15, 2020
Contributor
Author
|
@vitalybuka @asraa: Note the How do we handle this:
|
nareddyt
added a commit
to nareddyt/libprotobuf-mutator
that referenced
this pull request
Apr 17, 2020
As discussed in envoyproxy/envoy#10796, this will allow breaking wire-compatibility changes in the input proto. The pre-existing corpus will still function, but old fields will be ignored. Risk: Typos in the text proto will cause the fuzzer to run on an incomplete proto. Previously, this would log an error message and skip fuzzing with that test case.
asraa
reviewed
Apr 20, 2020
vitalybuka
pushed a commit
to google/libprotobuf-mutator
that referenced
this pull request
Apr 23, 2020
As discussed in envoyproxy/envoy#10796, this will allow breaking wire-compatibility changes in the input proto. The pre-existing corpus will still function, but old fields will be ignored. Risk: Typos in the text proto will cause the fuzzer to run on an incomplete proto. Previously, this would log an error message and skip fuzzing with that test case.
nareddyt
commented
Apr 23, 2020
asraa
suggested changes
Apr 24, 2020
Contributor
Author
|
FYI we found a bug in protobuf and are waiting for a fix to propagate to Github - google/libprotobuf-mutator#172 |
Signed-off-by: Teju Nareddy <nareddyt@google.com>
Signed-off-by: Teju Nareddy <nareddyt@google.com>
Signed-off-by: Teju Nareddy <nareddyt@google.com>
Signed-off-by: Teju Nareddy <nareddyt@google.com>
Signed-off-by: Teju Nareddy <nareddyt@google.com>
Contributor
Author
|
Sorry for the force push, I rebased instead of merging earlier |
nareddyt
changed the title
Signed-off-by: Teju Nareddy <nareddyt@google.com>
asraa
suggested changes
May 7, 2020
Contributor
asraa
left a comment
asraa
left a comment
There was a problem hiding this comment.
Overall, this looks amazing! Some organization clean-up, but LGTM!
Signed-off-by: Teju Nareddy <nareddyt@google.com>
Signed-off-by: Teju Nareddy <nareddyt@google.com>
asraa
suggested changes
May 12, 2020
Contributor
asraa
left a comment
asraa
left a comment
There was a problem hiding this comment.
Thank you! This looks amazing. Really excited about it.
Signed-off-by: Teju Nareddy <nareddyt@google.com>
Signed-off-by: Teju Nareddy <nareddyt@google.com>
Signed-off-by: Teju Nareddy <nareddyt@google.com>
asraa
reviewed
May 13, 2020
| // These types are request/response from the test Bookstore service | ||
| // for the gRPC Transcoding filter. | ||
| static const std::vector<std::string> expected_types = { | ||
| "type.googleapis.com/bookstore.ListShelvesResponse", |
Contributor
There was a problem hiding this comment.
For later, I wonder if these types can be picked up via reflection.
Contributor
Author
There was a problem hiding this comment.
Good point, I didn't think of that. I did some initial research and it seems feasible. Lets do that in another PR later, if we end up needing to fuzz test with proto data for any other filters.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description: The uber filter fuzzer is not very efficient in fuzzing
decodeDatawith serialized proto bodies. Add some specialized logic that allows libprotobufmutator to generategoogle.protobuf.Anymessages. Uber filter fuzzer then uses the serialized value as the data fordecodeData. This should allow better fuzz coverage in the gRPC Transcoding filter.Risk Level: None
Testing: Ran against sample corpus with debug logs and ensured corpus was parsed correctly, correct decoder functions were called, and filters were not rejecting proto data. Ran
with_libfuzzerfor 5 minutes and ensured crashes were unrelated to the proto data.Docs Changes: None
Release Notes: None