Skip to content

[fuzz]network-level WriteFilter generic fuzzer#12462

Merged
mattklein123 merged 91 commits intoenvoyproxy:masterfrom
jianwen612:writefilter_fuzz
Aug 10, 2020
Merged

[fuzz]network-level WriteFilter generic fuzzer#12462
mattklein123 merged 91 commits intoenvoyproxy:masterfrom
jianwen612:writefilter_fuzz

Conversation

@jianwen612
Copy link
Contributor

@jianwen612 jianwen612 commented Aug 4, 2020
edited
Loading

Additional Description:
A generic fuzzer to test all network-level WriteFilters. There are 5 WriteFilters now in Envoy, and now this fuzzer can cover 4 of them. Postgres_proxy doesn't support untrusted data currently(#12340), so I didn't cover it.

Risk Level: Low
Testing:
This fuzzer covered onWrite() methods of all the WriteFilters. Since those 4 filters are also subclasses of ReadFilter, onData() and onNewConnection() will be covered in by another fuzzer network_readfilter_fuzzer(#12086).

Coverage report for 4 filters with this single fuzzer(running for 60 seconds):
Directory name------------------------------------------------------------------/ Line Coverage / Functions coverage
source/extensions/filters/network/kafka/broker----------/ 36 % 32 / 89 / 45.8 % 11 / 24
source/extensions/filters/network/zookeeper_proxy-----/28 % 244 / 871 /31.8 % 27 / 85
source/extensions/filters/network/mysql_proxy-----------/11.8 % 94 / 795 /15.7 % 19 / 121
source/extensions/filters/network/mongo_proxy-----------/6.5 % 122 / 1868/ 7.6 % 17 / 233

Since this fuzzer only tests the interface of WriteFilter, the overall coverage of these filters should be a combination of WriteFilter generic fuzzer and ReadFilter generic fuzzer.

/cc @asraa
/cc @samkerner

jianwen612 added 30 commits June 26, 2020 16:57
@jianwen612
added generic freamework for testing filters.
60b15e4 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
added code for covering ext_authz filter
a9d4a1c 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
restore the log output in ext_authz implementation.
69d7434 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
fixed style problem
a6c027c 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
fixed style problem
fea6e32 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
added comments
c684406 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
added ststem time control for local_rate_limit
3b3933c 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
enabled three filters coverage
eb9fbe3 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
added support for ext_authz response
5cfae90 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
added coverage for tcp_proxy and client_ssl_auth. Increased the coverage
24a2f90 
for ext_auth by enabling the mocked response.
Fixed the validation problem inside client_ssl_auth's protobuf
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
removed test for tcp_proxy filter
fbf2e68 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
Merge remote-tracking branch 'upstream/master' into redis_generic_fuzzer
03da8ab 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
fix bazel style
51118cc 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
fixed style
258ffec 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
found issues in tcp_proxy and direct_response. added test cases for the
6babdfc 
issues

Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
Merge remote-tracking branch 'upstream/master' into redis_generic_fuzzer
ce88641 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
replace raw string names with names from factory
52d4aad 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
added test cases for direct response and sni_cluster
9dd4b9f 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
cleaned the code
c7a93d4 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
Merge remote-tracking branch 'upstream/master' into redis_generic_fuzzer
9c8da48 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
deleted some useless comments
355b898 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
removed filters with known issues from the fuzzer
66a63db 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
removed unnecessary corpus
9657675 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
fix the style
c9d7b0f 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
removed unsupported test cases
b6fd5d6 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
removed unnecessary comments
713f2df 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
removed the empty destructor of fakeFactoryContext
ccab863 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
fixed naming problems and removed the constructor of fake class
95d62b8 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
start working on http_connection_manager and solved one potential
f89f312 
use-after-free problem.

Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
fixed style problems
ad4fa21 
Signed-off-by: jianwen <jianwendong@google.com>
jianwen612 added 14 commits July 29, 2020 13:27
@jianwen612
fixed TODO name
4431112 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
Merge remote-tracking branch 'upstream/master' into writefilter_fuzz
7b1cd9b 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
removed unrelevant changes
4bb5dd2 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
fixed proto
09f031a 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
restore the changes
df6d54e 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
trying to add coverage for mongodb
b31f553 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
fixed style and removed cout
7d52110 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
Merge remote-tracking branch 'upstream/master' into writefilter_fuzz
7544234
@jianwen612
added time source
3fba602 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
added a test case for mongo, fixed style problem
4841b65 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
fixed a spelling problem
7ebb945 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
Merge remote-tracking branch 'upstream/master' into writefilter_fuzz
8c965a2
@jianwen612
removed the test case for postgres_proxy
8739130 
Signed-off-by: jianwen <jianwendong@google.com>
@jianwen612
Merge remote-tracking branch 'upstream/master' into writefilter_fuzz
997d8c8
sqkerner
sqkerner reviewed Aug 4, 2020
View reviewed changes
@jianwen612
added new lines and made the comment clearer
1bef133 
Signed-off-by: jianwen <jianwendong@google.com>
sqkerner
sqkerner previously approved these changes Aug 5, 2020
View reviewed changes
sqkerner
sqkerner previously approved these changes Aug 6, 2020
View reviewed changes
asraa
asraa suggested changes Aug 6, 2020
View reviewed changes
Copy link
Contributor

@asraa asraa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nice! Just a couple small comments

@jianwen612
removed a hardcoded debug code, used debug log in writefilter fuzzer.
36129ca 
Signed-off-by: jianwen <jianwendong@google.com>
asraa
asraa reviewed Aug 10, 2020
View reviewed changes
test/extensions/filters/network/common/fuzz/BUILD
name = "network_writefilter_fuzz_test",
srcs = ["network_writefilter_fuzz_test.cc"],
corpus = "network_writefilter_corpus",
# All Envoy network filters must be linked to the test in order for the fuzzer to pick
Copy link
Contributor

@asraa asraa Aug 10, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are the deps below added instead of envoy_all_network_filters to exclude postgres?

Copy link
Contributor Author

@jianwen612 jianwen612 Aug 10, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are the deps below added instead of envoy_all_network_filters to exclude postgres?

envoy_all_network_filters includes 20 filters and only 5 of them are WriteFilters. And yes, I exclude postgres here. But another reason is to exclude all those ReadFilters to reduce linking time.

Copy link
Contributor

@asraa asraa Aug 10, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good for now -- I just wonder if somoene adds a write filter it may get missed.

asraa
asraa approved these changes Aug 10, 2020
View reviewed changes
Copy link
Contributor

@asraa asraa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, LGTM!

@mattklein123 mattklein123 merged commit d651d2e into envoyproxy:master Aug 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@asraa asraa asraa approved these changes

@sqkerner sqkerner sqkerner left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@asraa asraa

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jianwen612 @asraa @sqkerner @mattklein123