From 60b15e42b98a4e18d5405579f54603f8d0f982e6 Mon Sep 17 00:00:00 2001 From: jianwen Date: Fri, 26 Jun 2020 16:57:51 -0500 Subject: [PATCH 01/76] added generic freamework for testing filters. Signed-off-by: jianwen --- .../filters/network/common/fuzz/BUILD | 59 +++++++++++++ .../common/fuzz/network_filter_corpus/empty | 14 ++++ .../common/fuzz/network_filter_fuzz.proto | 32 +++++++ .../common/fuzz/network_filter_fuzz_test.cc | 55 ++++++++++++ .../network/common/fuzz/uber_filter.cc | 84 +++++++++++++++++++ .../filters/network/common/fuzz/uber_filter.h | 33 ++++++++ 6 files changed, 277 insertions(+) create mode 100644 test/extensions/filters/network/common/fuzz/BUILD create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/empty create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc create mode 100644 test/extensions/filters/network/common/fuzz/uber_filter.cc create mode 100644 test/extensions/filters/network/common/fuzz/uber_filter.h diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD new file mode 100644 index 0000000000000..55352a62e0e38 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -0,0 +1,59 @@ +load( + "//bazel:envoy_build_system.bzl", + "envoy_cc_test", + "envoy_cc_test_library", + "envoy_cc_fuzz_test", + "envoy_package", + "envoy_proto_library", +) + +load( + "//source/extensions:all_extensions.bzl", + "envoy_all_extensions", +) + +licenses(["notice"]) # Apache 2 + +envoy_package() +envoy_proto_library( + name = "network_filter_fuzz_proto", + srcs = ["network_filter_fuzz.proto"], + deps = [ + "//test/fuzz:common_proto", + "@envoy_api//envoy/config/listener/v3:pkg", + ], +) + +envoy_cc_test_library( + name = "uber_filter_lib", + srcs = [ + "uber_filter.cc", + ], + hdrs = ["uber_filter.h"], + deps = [ + ":network_filter_fuzz_proto_cc_proto", + "//source/common/config:utility_lib", + "//source/common/network:utility_lib", + "//source/common/protobuf:utility_lib", + "//source/extensions/filters/network:well_known_names", + "//source/extensions/filters/network/common:utility_lib", + "//test/fuzz:utility_lib", + "//test/mocks/buffer:buffer_mocks", + "//test/mocks/network:network_mocks", + "//test/mocks/server:server_mocks", + ], +) + +envoy_cc_fuzz_test( + name = "network_filter_fuzz_test", + srcs = ["network_filter_fuzz_test.cc"], + corpus = "network_filter_corpus", + # All Envoy extensions must be linked to the test in order for the fuzzer to pick + # these up via the NamedHttpFilterConfigFactory. + deps = [ + ":uber_filter_lib", + "//source/common/config:utility_lib", + "//source/common/protobuf:utility_lib", + "//test/config:utility_lib", + ] + envoy_all_extensions(), +) \ No newline at end of file diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/empty b/test/extensions/filters/network/common/fuzz/network_filter_corpus/empty new file mode 100644 index 0000000000000..9933bd3fed12a --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/empty @@ -0,0 +1,14 @@ +config { + name: "envoy.filters.network.local_ratelimit" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit" + value:"\001\n\311\001type.googleapis.com/envoy.extensions.filters.netwe\360\231\201\270\362\251\212\211\361\263\275\271\363\206\215\263\361\255\230\252\362\265\266\243\364\203\217\266\362\211\226\227\362\232\255\221\362\227\227\210\362\255\274\232\363\220\256\256\364\206\217\231\363\246\273\262\363\214\207\237\360\255\215\236\364\206\232\207\361\273\210\256\362\234\204\234\361\256\236\207\361\225\240\253\363\255\231\272\363\254\256\273\360\276\201\214\361\231\215\216\363\233\202\226\361\252\222\256\362\217\241\265\363\200\257\245voy.api.v2.route.RouteActlRateLimit\022\017\010\200\312\002\022\004\010\200\312\002\032\003\010\200^" + } +} + +actions { + on_data { + data: "\nVtype.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit\022\002\010 \032d\n\002\010\001\022^\n2\n%envoy.filters.network.local_ratelimit\022\000\032\007\n\002\010\001\022\001+\022\000\032&\n\000\022\"\000\000\000\000\000voy.filters.network.lo\000\000\000\000\000\000+" + end_stream: true + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto b/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto new file mode 100644 index 0000000000000..649ce3440669f --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto @@ -0,0 +1,32 @@ +syntax = "proto3"; + +package test.extensions.filters.network; +import "google/protobuf/empty.proto"; +import "validate/validate.proto"; +import "test/fuzz/common.proto"; +// import "envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto"; +import "envoy/config/listener/v3/listener_components.proto"; + +message OnData { + bytes data = 1; + bool end_stream = 2; +} + +message Action { + oneof action_selector { + option (validate.required) = true; + // Call onNewConnection(). + google.protobuf.Empty on_new_connection = 1; + // Call onData(). + OnData on_data = 2; + // Connection close + // google.protobuf.Empty remote_close = 3; + // google.protobuf.Empty local_close = 4; + } +} + +message FilterFuzzTestCase { + // envoy.extensions.filters.network.http_connection_manager.v3.HttpFilter config = 1; + envoy.config.listener.v3.Filter config = 1; + repeated Action actions = 2; +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc new file mode 100644 index 0000000000000..3a9c6429e855f --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc @@ -0,0 +1,55 @@ +#include "common/config/utility.h" +#include "common/protobuf/utility.h" + +#include "extensions/filters/network/well_known_names.h" + +#include "test/config/utility.h" +#include "test/extensions/filters/network/common/fuzz/network_filter_fuzz.pb.validate.h" +#include "test/extensions/filters/network/common/fuzz/uber_filter.h" +#include "test/fuzz/fuzz_runner.h" + +namespace Envoy { +namespace Extensions { +namespace NetworkFilters { + +DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase& input) { + ABSL_ATTRIBUTE_UNUSED static PostProcessorRegistration reg = { + [](test::extensions::filters::network::FilterFuzzTestCase* input, unsigned int seed) { + // This ensures that the mutated configs all have valid filter names and type_urls. The list + // of names and type_urls is pulled from the NamedNetworkFilterConfigFactory. All Envoy + // extensions are built with this test (see BUILD file). This post-processor mutation is + // applied only when libprotobuf-mutator calls mutate on an input, and *not* during fuzz + // target execution. Replaying a corpus through the fuzzer will not be affected by the + // post-processor mutation. + static const std::vector filter_names = Registry::FactoryRegistry< + Server::Configuration::NamedNetworkFilterConfigFactory>::registeredNames(); + static const auto factories = Registry::FactoryRegistry< + Server::Configuration::NamedNetworkFilterConfigFactory>::factories(); + // Choose a valid filter name. + if (std::find(filter_names.begin(), filter_names.end(), input->config().name()) == + std::end(filter_names)) { + absl::string_view filter_name = filter_names[seed % filter_names.size()]; + filter_name = "envoy.filters.network.local_ratelimit"; + input->mutable_config()->set_name(std::string(filter_name)); + } + // Set the corresponding type_url for Any. + auto& factory = factories.at(input->config().name()); + input->mutable_config()->mutable_typed_config()->set_type_url( + absl::StrCat("type.googleapis.com/", + factory->createEmptyConfigProto()->GetDescriptor()->full_name())); + }}; + + try { + // Catch invalid header characters. + TestUtility::validate(input); + // Fuzz filter. + static UberFilterFuzzer fuzzer; + fuzzer.fuzz(input.config(), input.actions()); + } catch (const ProtoValidationException& e) { + ENVOY_LOG_MISC(debug, "ProtoValidationException: {}", e.what()); + } +} + +} // namespace NetworkFilters +} // namespace Extensions +} // namespace Envoy \ No newline at end of file diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc new file mode 100644 index 0000000000000..ab61b7a458f07 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -0,0 +1,84 @@ +#include "test/extensions/filters/network/common/fuzz/uber_filter.h" + +#include "common/config/utility.h" +#include "common/config/version_converter.h" +// #include "common/network/message_impl.h" +#include "common/network/utility.h" +#include "common/protobuf/protobuf.h" +#include "common/protobuf/utility.h" + +#include "test/test_common/utility.h" +#include + +namespace Envoy { +namespace Extensions { +namespace NetworkFilters { + +void UberFilterFuzzer::perFilterSetup() { + // Prepare expectations for the ext_authz filter. + addr_ = std::make_shared("1.2.3.4", 1111); + ON_CALL(connection_, addReadFilter(_)).WillByDefault(Invoke([&](Network::ReadFilterSharedPtr read_filter) -> void { + read_filter_=read_filter; + })); + ON_CALL(connection_, remoteAddress()).WillByDefault(testing::ReturnRef(addr_)); + ON_CALL(connection_, localAddress()).WillByDefault(testing::ReturnRef(addr_)); + ON_CALL(factory_context_, clusterManager()).WillByDefault(testing::ReturnRef(cluster_manager_)); + ON_CALL(factory_context_, admin()).WillByDefault(testing::ReturnRef(factory_context_.admin_)); + ON_CALL(factory_context_.admin_, addHandler(_, _, _, _, _)).WillByDefault(testing::Return(true)); + ON_CALL(factory_context_.admin_, removeHandler(_)).WillByDefault(testing::Return(true)); +} + +UberFilterFuzzer::UberFilterFuzzer() { + + perFilterSetup(); +} +void UberFilterFuzzer::fuzz( + const envoy::config::listener::v3::Filter& proto_config, + const ::google::protobuf::RepeatedPtrField< ::test::extensions::filters::network::Action>& actions) { + try { + // std::cout<(proto_config.name()); + ProtobufTypes::MessagePtr message = Config::Utility::translateToFactoryConfig( + proto_config, factory_context_.messageValidationVisitor(), factory); + cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); + cb_(connection_); + } catch (const EnvoyException& e) { + ENVOY_LOG_MISC(debug, "Controlled exception {}", e.what()); + return; + } + if(read_filter_!=nullptr){ + ENVOY_LOG_MISC(trace, "read_filter test actions:"); + for (const auto& action : actions) { + ENVOY_LOG_MISC(trace, "action {}", action.DebugString()); + switch (action.action_selector_case()) { + case test::extensions::filters::network::Action::kOnData: { + ::std::cout<<"ondata!"<<::std::endl; + ASSERT(true); + Buffer::OwnedImpl buffer(action.on_data().data()); + read_filter_->onData(buffer, action.on_data().end_stream()); + break; + } + case test::extensions::filters::network::Action::kOnNewConnection: { + read_filter_->onNewConnection(); + break; + } + // case test::extensions::filters::network::Action::kAdvanceTime: { + // break; + // } + default: + // Unhandled actions + PANIC("A case is missing for an action"); + } + } + } + + +} + + +} // namespace HttpFilters +} // namespace Extensions +} // namespace Envoy diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h new file mode 100644 index 0000000000000..b1a0a9fe87136 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -0,0 +1,33 @@ +#include "test/fuzz/utility.h" +#include "test/mocks/buffer/mocks.h" +#include "test/mocks/network/mocks.h" +#include "test/mocks/server/mocks.h" +#include "test/extensions/filters/network/common/fuzz/network_filter_fuzz.pb.validate.h" +#include "envoy/network/filter.h" +namespace Envoy { +namespace Extensions { +namespace NetworkFilters { + +class UberFilterFuzzer { +public: + UberFilterFuzzer(); + // This creates the filter config and runs the fuzzed data against the filter. + void fuzz(const envoy::config::listener::v3::Filter& proto_config, + const ::google::protobuf::RepeatedPtrField< ::test::extensions::filters::network::Action>& actions); +protected: + // Set-up filter specific mock expectations in constructor. + void perFilterSetup(); + +private: + NiceMock factory_context_; + Network::ReadFilterSharedPtr read_filter_; + Network::FilterFactoryCb cb_; + NiceMock connection_; + Network::Address::InstanceConstSharedPtr addr_; + NiceMock cluster_manager_; + +}; + +} // namespace HttpFilters +} // namespace Extensions +} // namespace Envoy From a9d4a1c834361e118b63d8dc68842b08ec8f2dbe Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 30 Jun 2020 15:52:23 -0500 Subject: [PATCH 02/76] added code for covering ext_authz filter Signed-off-by: jianwen --- .../filters/network/ext_authz/ext_authz.cc | 3 + .../filters/network/common/fuzz/BUILD | 9 +- ...h-7de3f579108ea62529fa28c418116ac80952a52f | 11 ++ ...h-a01458c34cc4a5ebd2fd07d2b81eef868a70f2e8 | 25 ++++ ...h-b7cb947d99fecbddb0d49347cd178a4ec29018b1 | 12 ++ .../common/fuzz/network_filter_fuzz.proto | 13 +- .../common/fuzz/network_filter_fuzz_test.cc | 21 ++- .../network/common/fuzz/uber_filter.cc | 128 +++++++++++++----- .../filters/network/common/fuzz/uber_filter.h | 36 ++++- 9 files changed, 203 insertions(+), 55 deletions(-) create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-7de3f579108ea62529fa28c418116ac80952a52f create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a01458c34cc4a5ebd2fd07d2b81eef868a70f2e8 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-b7cb947d99fecbddb0d49347cd178a4ec29018b1 diff --git a/source/extensions/filters/network/ext_authz/ext_authz.cc b/source/extensions/filters/network/ext_authz/ext_authz.cc index af91178846084..5bc80229a876e 100644 --- a/source/extensions/filters/network/ext_authz/ext_authz.cc +++ b/source/extensions/filters/network/ext_authz/ext_authz.cc @@ -24,6 +24,7 @@ void Filter::callCheck() { config_->includePeerCertificate()); status_ = Status::Calling; + std::cout<<"calling for check"<stats().active_.inc(); config_->stats().total_.inc(); @@ -51,9 +52,11 @@ Network::FilterStatus Filter::onNewConnection() { void Filter::onEvent(Network::ConnectionEvent event) { if (event == Network::ConnectionEvent::RemoteClose || event == Network::ConnectionEvent::LocalClose) { + std::cout<<"enter onEvent() in ext_auth"<cancel(); config_->stats().active_.dec(); } diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index 55352a62e0e38..f0cc35c1a6f60 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -1,12 +1,10 @@ load( "//bazel:envoy_build_system.bzl", - "envoy_cc_test", - "envoy_cc_test_library", "envoy_cc_fuzz_test", + "envoy_cc_test_library", "envoy_package", "envoy_proto_library", ) - load( "//source/extensions:all_extensions.bzl", "envoy_all_extensions", @@ -15,6 +13,7 @@ load( licenses(["notice"]) # Apache 2 envoy_package() + envoy_proto_library( name = "network_filter_fuzz_proto", srcs = ["network_filter_fuzz.proto"], @@ -41,6 +40,8 @@ envoy_cc_test_library( "//test/mocks/buffer:buffer_mocks", "//test/mocks/network:network_mocks", "//test/mocks/server:server_mocks", + "//source/extensions/filters/network/ext_authz", + "//test/extensions/filters/common/ext_authz:ext_authz_mocks", ], ) @@ -56,4 +57,4 @@ envoy_cc_fuzz_test( "//source/common/protobuf:utility_lib", "//test/config:utility_lib", ] + envoy_all_extensions(), -) \ No newline at end of file +) diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-7de3f579108ea62529fa28c418116ac80952a52f b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-7de3f579108ea62529fa28c418116ac80952a52f new file mode 100644 index 0000000000000..8663a7a9c3c90 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-7de3f579108ea62529fa28c418116ac80952a52f @@ -0,0 +1,11 @@ +config { + name: "envoy.filters.network.ext_authz" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.ext_authz.v3.ExtAuthz" + } +} +actions { + advance_time { + milliseconds: 655360 + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a01458c34cc4a5ebd2fd07d2b81eef868a70f2e8 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a01458c34cc4a5ebd2fd07d2b81eef868a70f2e8 new file mode 100644 index 0000000000000..5b612796f22ee --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a01458c34cc4a5ebd2fd07d2b81eef868a70f2e8 @@ -0,0 +1,25 @@ +config { + name: "envoy.filters.network.local_ratelimit" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit" + value: "\nVtype.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit\022\013\010\001\032\007\010\200^\020\200\306\001" + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "\000\000" + } +} +actions { + on_data { + data: "\000\000" + } +} +actions { + on_new_connection { + } +} \ No newline at end of file diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-b7cb947d99fecbddb0d49347cd178a4ec29018b1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-b7cb947d99fecbddb0d49347cd178a4ec29018b1 new file mode 100644 index 0000000000000..2587626b13169 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-b7cb947d99fecbddb0d49347cd178a4ec29018b1 @@ -0,0 +1,12 @@ +config { + name: "envoy.filters.network.ext_authz" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.ext_authz.v3.ExtAuthz" + value: "\n\037envoy.filters.network.ext_authz\030\001(\001" + } +} +actions { + on_data { + data: ":" + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto b/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto index 649ce3440669f..feb5a1cfbf715 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto @@ -12,16 +12,19 @@ message OnData { bool end_stream = 2; } +message AdvanceTime { + uint32 milliseconds = 1 [(validate.rules).uint32 = {gt: 0}]; +} + message Action { oneof action_selector { option (validate.required) = true; - // Call onNewConnection(). + // Call onNewConnection() google.protobuf.Empty on_new_connection = 1; - // Call onData(). + // Call onData() OnData on_data = 2; - // Connection close - // google.protobuf.Empty remote_close = 3; - // google.protobuf.Empty local_close = 4; + // Advance time_source_ + AdvanceTime advance_time = 3; } } diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc index 3a9c6429e855f..5cbcc2dfae165 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc @@ -7,11 +7,15 @@ #include "test/extensions/filters/network/common/fuzz/network_filter_fuzz.pb.validate.h" #include "test/extensions/filters/network/common/fuzz/uber_filter.h" #include "test/fuzz/fuzz_runner.h" +#include +#include +#include namespace Envoy { namespace Extensions { namespace NetworkFilters { + DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase& input) { ABSL_ATTRIBUTE_UNUSED static PostProcessorRegistration reg = { [](test::extensions::filters::network::FilterFuzzTestCase* input, unsigned int seed) { @@ -21,15 +25,17 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase // applied only when libprotobuf-mutator calls mutate on an input, and *not* during fuzz // target execution. Replaying a corpus through the fuzzer will not be affected by the // post-processor mutation. - static const std::vector filter_names = Registry::FactoryRegistry< - Server::Configuration::NamedNetworkFilterConfigFactory>::registeredNames(); + + // static const std::vector filter_names = Registry::FactoryRegistry< + // Server::Configuration::NamedNetworkFilterConfigFactory>::registeredNames(); + static const std::vector filter_names = UberFilterFuzzer::filter_names(); static const auto factories = Registry::FactoryRegistry< Server::Configuration::NamedNetworkFilterConfigFactory>::factories(); // Choose a valid filter name. if (std::find(filter_names.begin(), filter_names.end(), input->config().name()) == std::end(filter_names)) { absl::string_view filter_name = filter_names[seed % filter_names.size()]; - filter_name = "envoy.filters.network.local_ratelimit"; + // filter_name = "envoy.filters.network.local_ratelimit"; input->mutable_config()->set_name(std::string(filter_name)); } // Set the corresponding type_url for Any. @@ -42,12 +48,19 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase try { // Catch invalid header characters. TestUtility::validate(input); + // names of available filters: + // static const std::vector filter_names = Registry::FactoryRegistry< + // Server::Configuration::NamedNetworkFilterConfigFactory>::registeredNames(); + // std::cout<<"Found "< +// #include +#include "extensions/filters/network/ext_authz/ext_authz.h" namespace Envoy { namespace Extensions { namespace NetworkFilters { +std::vector UberFilterFuzzer::filter_names() { + static ::std::vector filter_names_; + if (filter_names_.size() == 0) { + filter_names_ = {"envoy.filters.network.ext_authz", "envoy.filters.network.local_ratelimit"}; + } + return filter_names_; +} + +void UberFilterFuzzer::reset(const std::string filter_name) { + if(filter_name==NetworkFilterNames::get().ExtAuthorization){ + // read_filter_callbacks_.connection_.raiseEvent(Network::ConnectionEvent::LocalClose); + ExtAuthz::Filter* ext_authz_filter=dynamic_cast(read_filter_.get()); + ext_authz_filter->onEvent(Network::ConnectionEvent::LocalClose); + } -void UberFilterFuzzer::perFilterSetup() { + + // ENVOY_LOG_MISC(info, "Reset finished"); +} +void UberFilterFuzzer::mockMethodsSetup() { + // static setup process when fuzzer class constructor. + // Prepare expectations for the ext_authz filter. - addr_ = std::make_shared("1.2.3.4", 1111); - ON_CALL(connection_, addReadFilter(_)).WillByDefault(Invoke([&](Network::ReadFilterSharedPtr read_filter) -> void { - read_filter_=read_filter; - })); - ON_CALL(connection_, remoteAddress()).WillByDefault(testing::ReturnRef(addr_)); - ON_CALL(connection_, localAddress()).WillByDefault(testing::ReturnRef(addr_)); + addr_ = std::make_shared("/test/test.sock"); + ON_CALL(factory_context_, clusterManager()).WillByDefault(testing::ReturnRef(cluster_manager_)); - ON_CALL(factory_context_, admin()).WillByDefault(testing::ReturnRef(factory_context_.admin_)); - ON_CALL(factory_context_.admin_, addHandler(_, _, _, _, _)).WillByDefault(testing::Return(true)); - ON_CALL(factory_context_.admin_, removeHandler(_)).WillByDefault(testing::Return(true)); + + ON_CALL(read_filter_callbacks_.connection_, remoteAddress()) + .WillByDefault(testing::ReturnRef(addr_)); + ON_CALL(read_filter_callbacks_.connection_, localAddress()) + .WillByDefault(testing::ReturnRef(addr_)); + + // ON_CALL(cluster_manager_.async_client_, send_(_, _, _)).WillByDefault(Return(&async_request_)); + // Prepare expectations for the local_ratelimit filter. + ON_CALL(factory_context_, runtime()).WillByDefault(testing::ReturnRef(runtime_)); + ON_CALL(factory_context_, scope()).WillByDefault(testing::ReturnRef(scope_)); + // Prapre general expectations for filters. + ON_CALL(factory_context_, timeSource()).WillByDefault(testing::ReturnRef(time_source_)); + + ON_CALL(connection_, addReadFilter(_)) + .WillByDefault(Invoke( + [&](Network::ReadFilterSharedPtr read_filter) -> void { read_filter_ = read_filter; })); + } -UberFilterFuzzer::UberFilterFuzzer() { - - perFilterSetup(); +void UberFilterFuzzer::filterSetup(const envoy::config::listener::v3::Filter& proto_config) { + const std::string filter_name = proto_config.name(); + ENVOY_LOG_MISC(info, "filter name {}", filter_name); + + auto& factory = Config::Utility::getAndCheckFactoryByName< + Server::Configuration::NamedNetworkFilterConfigFactory>(filter_name); + + ProtobufTypes::MessagePtr message = Config::Utility::translateToFactoryConfig( + proto_config, factory_context_.messageValidationVisitor(), factory); + + // ENVOY_LOG_MISC(trace, "Input Config: {}", message->DebugString()); + + // if (filter_name == NetworkFilterNames::get().ExtAuthorization) { + // envoy::extensions::filters::network::ext_authz::v3::ExtAuthz* ext_authz_proto_config = + // dynamic_cast(message.get()); + // ExtAuthz::ConfigSharedPtr ext_authz_config( + // new ExtAuthz::Config(*ext_authz_proto_config, scope_)); + // client_=new Filters::Common::ExtAuthz::MockClient(); + // ON_CALL(*client_, check(_, _, _, _)) + // .WillByDefault(testing::WithArgs<0>( + // Invoke([&](Filters::Common::ExtAuthz::RequestCallbacks& callbacks) -> void { + // Filters::Common::ExtAuthz::ResponsePtr response = std::make_unique(); + // response->status = Filters::Common::ExtAuthz::CheckStatus::OK; + // callbacks.onComplete(std::move(response)); + // }))); + // read_filter_ = std::make_unique(ext_authz_config, + // Filters::Common::ExtAuthz::ClientPtr{client_}); + // } else { + cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); + cb_(connection_); + // } } +UberFilterFuzzer::UberFilterFuzzer() { + mockMethodsSetup(); +} + void UberFilterFuzzer::fuzz( const envoy::config::listener::v3::Filter& proto_config, - const ::google::protobuf::RepeatedPtrField< ::test::extensions::filters::network::Action>& actions) { + const Protobuf::RepeatedPtrField<::test::extensions::filters::network::Action>& actions) { try { - // std::cout<(proto_config.name()); - ProtobufTypes::MessagePtr message = Config::Utility::translateToFactoryConfig( - proto_config, factory_context_.messageValidationVisitor(), factory); - cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); - cb_(connection_); + filterSetup(proto_config); } catch (const EnvoyException& e) { - ENVOY_LOG_MISC(debug, "Controlled exception {}", e.what()); + ENVOY_LOG_MISC(debug, "Controlled exception in filter setup{}", e.what()); return; } - if(read_filter_!=nullptr){ - ENVOY_LOG_MISC(trace, "read_filter test actions:"); + if (read_filter_ != nullptr) { + read_filter_->initializeReadFilterCallbacks(read_filter_callbacks_); for (const auto& action : actions) { ENVOY_LOG_MISC(trace, "action {}", action.DebugString()); switch (action.action_selector_case()) { case test::extensions::filters::network::Action::kOnData: { - ::std::cout<<"ondata!"<<::std::endl; - ASSERT(true); Buffer::OwnedImpl buffer(action.on_data().data()); read_filter_->onData(buffer, action.on_data().end_stream()); break; } case test::extensions::filters::network::Action::kOnNewConnection: { + // ENVOY_LOG_MISC(trace, "inside onnewconnection before"); read_filter_->onNewConnection(); + // ENVOY_LOG_MISC(trace, "inside onnewconnection after"); + break; + } + case test::extensions::filters::network::Action::kAdvanceTime: { + time_source_.setMonotonicTime( + std::chrono::milliseconds(action.advance_time().milliseconds())); break; } - // case test::extensions::filters::network::Action::kAdvanceTime: { - // break; - // } default: // Unhandled actions PANIC("A case is missing for an action"); } } } - - + reset(proto_config.name()); } - -} // namespace HttpFilters +} // namespace NetworkFilters } // namespace Extensions } // namespace Envoy diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index b1a0a9fe87136..a4e6a026a5321 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -1,9 +1,13 @@ +#include "envoy/network/filter.h" + +#include "common/protobuf/protobuf.h" + +#include "test/extensions/filters/network/common/fuzz/network_filter_fuzz.pb.validate.h" #include "test/fuzz/utility.h" #include "test/mocks/buffer/mocks.h" #include "test/mocks/network/mocks.h" #include "test/mocks/server/mocks.h" -#include "test/extensions/filters/network/common/fuzz/network_filter_fuzz.pb.validate.h" -#include "envoy/network/filter.h" +#include "test/extensions/filters/common/ext_authz/mocks.h" namespace Envoy { namespace Extensions { namespace NetworkFilters { @@ -12,22 +16,42 @@ class UberFilterFuzzer { public: UberFilterFuzzer(); // This creates the filter config and runs the fuzzed data against the filter. - void fuzz(const envoy::config::listener::v3::Filter& proto_config, - const ::google::protobuf::RepeatedPtrField< ::test::extensions::filters::network::Action>& actions); + void + fuzz(const envoy::config::listener::v3::Filter& proto_config, + const Protobuf::RepeatedPtrField<::test::extensions::filters::network::Action>& actions); + + // Get the name of filters which has been covered by this fuzzer. + static std::vector filter_names(); + void reset(const std::string filter_name); + protected: // Set-up filter specific mock expectations in constructor. - void perFilterSetup(); + void mockMethodsSetup(); + void filterSetup(const envoy::config::listener::v3::Filter& proto_config); private: + static ::std::vector filter_names_; + NiceMock factory_context_; Network::ReadFilterSharedPtr read_filter_; + Network::FilterFactoryCb cb_; NiceMock connection_; Network::Address::InstanceConstSharedPtr addr_; NiceMock cluster_manager_; + Event::SimulatedTimeSystem time_source_; + + Stats::IsolatedStoreImpl scope_; + NiceMock runtime_; + NiceMock read_filter_callbacks_; + + // Filters::Common::ExtAuthz::MockClient* client_; + // NiceMock async_request_; + + // Filters::Common::ExtAuthz::ResponsePtr response_; }; -} // namespace HttpFilters +} // namespace NetworkFilters } // namespace Extensions } // namespace Envoy From 69d74342790475185884ae82bd8bbce9581b7885 Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 30 Jun 2020 15:54:59 -0500 Subject: [PATCH 03/76] restore the log output in ext_authz implementation. Signed-off-by: jianwen --- source/extensions/filters/network/ext_authz/ext_authz.cc | 3 --- 1 file changed, 3 deletions(-) diff --git a/source/extensions/filters/network/ext_authz/ext_authz.cc b/source/extensions/filters/network/ext_authz/ext_authz.cc index 5bc80229a876e..af91178846084 100644 --- a/source/extensions/filters/network/ext_authz/ext_authz.cc +++ b/source/extensions/filters/network/ext_authz/ext_authz.cc @@ -24,7 +24,6 @@ void Filter::callCheck() { config_->includePeerCertificate()); status_ = Status::Calling; - std::cout<<"calling for check"<stats().active_.inc(); config_->stats().total_.inc(); @@ -52,11 +51,9 @@ Network::FilterStatus Filter::onNewConnection() { void Filter::onEvent(Network::ConnectionEvent event) { if (event == Network::ConnectionEvent::RemoteClose || event == Network::ConnectionEvent::LocalClose) { - std::cout<<"enter onEvent() in ext_auth"<cancel(); config_->stats().active_.dec(); } From a6c027c49ccba85beebe317c29ff97755fca6be8 Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 30 Jun 2020 15:58:16 -0500 Subject: [PATCH 04/76] fixed style problem Signed-off-by: jianwen --- .../filters/network/common/fuzz/BUILD | 4 +-- .../common/fuzz/network_filter_fuzz_test.cc | 12 ++++----- .../network/common/fuzz/uber_filter.cc | 27 ++++++++----------- .../filters/network/common/fuzz/uber_filter.h | 8 +++--- 4 files changed, 23 insertions(+), 28 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index f0cc35c1a6f60..4c9a5d6900729 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -36,12 +36,12 @@ envoy_cc_test_library( "//source/common/protobuf:utility_lib", "//source/extensions/filters/network:well_known_names", "//source/extensions/filters/network/common:utility_lib", + "//source/extensions/filters/network/ext_authz", + "//test/extensions/filters/common/ext_authz:ext_authz_mocks", "//test/fuzz:utility_lib", "//test/mocks/buffer:buffer_mocks", "//test/mocks/network:network_mocks", "//test/mocks/server:server_mocks", - "//source/extensions/filters/network/ext_authz", - "//test/extensions/filters/common/ext_authz:ext_authz_mocks", ], ) diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc index 5cbcc2dfae165..e961a3208ab3f 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc @@ -1,3 +1,7 @@ +#include +#include +#include + #include "common/config/utility.h" #include "common/protobuf/utility.h" @@ -7,15 +11,11 @@ #include "test/extensions/filters/network/common/fuzz/network_filter_fuzz.pb.validate.h" #include "test/extensions/filters/network/common/fuzz/uber_filter.h" #include "test/fuzz/fuzz_runner.h" -#include -#include -#include namespace Envoy { namespace Extensions { namespace NetworkFilters { - DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase& input) { ABSL_ATTRIBUTE_UNUSED static PostProcessorRegistration reg = { [](test::extensions::filters::network::FilterFuzzTestCase* input, unsigned int seed) { @@ -25,7 +25,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase // applied only when libprotobuf-mutator calls mutate on an input, and *not* during fuzz // target execution. Replaying a corpus through the fuzzer will not be affected by the // post-processor mutation. - + // static const std::vector filter_names = Registry::FactoryRegistry< // Server::Configuration::NamedNetworkFilterConfigFactory>::registeredNames(); static const std::vector filter_names = UberFilterFuzzer::filter_names(); @@ -60,7 +60,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase fuzzer.fuzz(input.config(), input.actions()); } catch (const ProtoValidationException& e) { ENVOY_LOG_MISC(debug, "ProtoValidationException: {}", e.what()); - } + } } } // namespace NetworkFilters diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index c124db4fa243c..9ff9a5f1d863d 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -3,13 +3,11 @@ #include "common/config/utility.h" #include "common/config/version_converter.h" -// #include "common/network/message_impl.h" #include "common/network/utility.h" #include "common/protobuf/protobuf.h" #include "common/protobuf/utility.h" #include "extensions/filters/network/well_known_names.h" #include "test/test_common/utility.h" -// #include #include "extensions/filters/network/ext_authz/ext_authz.h" namespace Envoy { @@ -24,12 +22,11 @@ std::vector UberFilterFuzzer::filter_names() { } void UberFilterFuzzer::reset(const std::string filter_name) { - if(filter_name==NetworkFilterNames::get().ExtAuthorization){ + if (filter_name == NetworkFilterNames::get().ExtAuthorization) { // read_filter_callbacks_.connection_.raiseEvent(Network::ConnectionEvent::LocalClose); - ExtAuthz::Filter* ext_authz_filter=dynamic_cast(read_filter_.get()); + ExtAuthz::Filter* ext_authz_filter = dynamic_cast(read_filter_.get()); ext_authz_filter->onEvent(Network::ConnectionEvent::LocalClose); } - // ENVOY_LOG_MISC(info, "Reset finished"); } @@ -50,13 +47,12 @@ void UberFilterFuzzer::mockMethodsSetup() { // Prepare expectations for the local_ratelimit filter. ON_CALL(factory_context_, runtime()).WillByDefault(testing::ReturnRef(runtime_)); ON_CALL(factory_context_, scope()).WillByDefault(testing::ReturnRef(scope_)); - // Prapre general expectations for filters. + // Prepare general expectations for filters. ON_CALL(factory_context_, timeSource()).WillByDefault(testing::ReturnRef(time_source_)); ON_CALL(connection_, addReadFilter(_)) .WillByDefault(Invoke( [&](Network::ReadFilterSharedPtr read_filter) -> void { read_filter_ = read_filter; })); - } void UberFilterFuzzer::filterSetup(const envoy::config::listener::v3::Filter& proto_config) { @@ -80,20 +76,19 @@ void UberFilterFuzzer::filterSetup(const envoy::config::listener::v3::Filter& pr // ON_CALL(*client_, check(_, _, _, _)) // .WillByDefault(testing::WithArgs<0>( // Invoke([&](Filters::Common::ExtAuthz::RequestCallbacks& callbacks) -> void { - // Filters::Common::ExtAuthz::ResponsePtr response = std::make_unique(); - // response->status = Filters::Common::ExtAuthz::CheckStatus::OK; + // Filters::Common::ExtAuthz::ResponsePtr response = + // std::make_unique(); response->status = + // Filters::Common::ExtAuthz::CheckStatus::OK; // callbacks.onComplete(std::move(response)); // }))); // read_filter_ = std::make_unique(ext_authz_config, // Filters::Common::ExtAuthz::ClientPtr{client_}); // } else { - cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); - cb_(connection_); + cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); + cb_(connection_); // } } -UberFilterFuzzer::UberFilterFuzzer() { - mockMethodsSetup(); -} +UberFilterFuzzer::UberFilterFuzzer() { mockMethodsSetup(); } void UberFilterFuzzer::fuzz( const envoy::config::listener::v3::Filter& proto_config, @@ -116,9 +111,9 @@ void UberFilterFuzzer::fuzz( break; } case test::extensions::filters::network::Action::kOnNewConnection: { - // ENVOY_LOG_MISC(trace, "inside onnewconnection before"); + // ENVOY_LOG_MISC(trace, "inside onNewConnection before"); read_filter_->onNewConnection(); - // ENVOY_LOG_MISC(trace, "inside onnewconnection after"); + // ENVOY_LOG_MISC(trace, "inside onNewConnection after"); break; } case test::extensions::filters::network::Action::kAdvanceTime: { diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index a4e6a026a5321..1cd6dea0a39e8 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -2,12 +2,13 @@ #include "common/protobuf/protobuf.h" +#include "test/extensions/filters/common/ext_authz/mocks.h" #include "test/extensions/filters/network/common/fuzz/network_filter_fuzz.pb.validate.h" #include "test/fuzz/utility.h" #include "test/mocks/buffer/mocks.h" #include "test/mocks/network/mocks.h" #include "test/mocks/server/mocks.h" -#include "test/extensions/filters/common/ext_authz/mocks.h" + namespace Envoy { namespace Extensions { namespace NetworkFilters { @@ -44,12 +45,11 @@ class UberFilterFuzzer { Stats::IsolatedStoreImpl scope_; NiceMock runtime_; NiceMock read_filter_callbacks_; - + // Filters::Common::ExtAuthz::MockClient* client_; // NiceMock async_request_; - - // Filters::Common::ExtAuthz::ResponsePtr response_; + // Filters::Common::ExtAuthz::ResponsePtr response_; }; } // namespace NetworkFilters From fea6e32ef9817a51518899dbf5acb74ca10ebb24 Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 30 Jun 2020 15:59:00 -0500 Subject: [PATCH 05/76] fixed style problem Signed-off-by: jianwen --- test/extensions/filters/network/common/fuzz/uber_filter.cc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index 9ff9a5f1d863d..9ed8dcfb21c52 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -2,13 +2,14 @@ #include "common/config/utility.h" #include "common/config/version_converter.h" - #include "common/network/utility.h" #include "common/protobuf/protobuf.h" #include "common/protobuf/utility.h" + +#include "extensions/filters/network/ext_authz/ext_authz.h" #include "extensions/filters/network/well_known_names.h" + #include "test/test_common/utility.h" -#include "extensions/filters/network/ext_authz/ext_authz.h" namespace Envoy { namespace Extensions { From c68440644bb4ebb8eb4c00a939c9ce1694ab9742 Mon Sep 17 00:00:00 2001 From: jianwen Date: Wed, 1 Jul 2020 10:43:47 -0500 Subject: [PATCH 06/76] added comments Signed-off-by: jianwen --- .../common/fuzz/network_filter_fuzz_test.cc | 12 +----- .../network/common/fuzz/uber_filter.cc | 38 +++---------------- .../filters/network/common/fuzz/uber_filter.h | 23 +++++------ 3 files changed, 17 insertions(+), 56 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc index e961a3208ab3f..2aa513cde7a56 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc @@ -1,5 +1,3 @@ -#include -#include #include #include "common/config/utility.h" @@ -35,7 +33,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase if (std::find(filter_names.begin(), filter_names.end(), input->config().name()) == std::end(filter_names)) { absl::string_view filter_name = filter_names[seed % filter_names.size()]; - // filter_name = "envoy.filters.network.local_ratelimit"; + filter_name = "envoy.filters.network.redis_proxy"; input->mutable_config()->set_name(std::string(filter_name)); } // Set the corresponding type_url for Any. @@ -46,15 +44,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase }}; try { - // Catch invalid header characters. TestUtility::validate(input); - // names of available filters: - // static const std::vector filter_names = Registry::FactoryRegistry< - // Server::Configuration::NamedNetworkFilterConfigFactory>::registeredNames(); - // std::cout<<"Found "< UberFilterFuzzer::filter_names() { + // This filters that have already been covered by this fuzzer. + // Will extend to cover other filters one by one. static ::std::vector filter_names_; if (filter_names_.size() == 0) { filter_names_ = {"envoy.filters.network.ext_authz", "envoy.filters.network.local_ratelimit"}; @@ -24,33 +26,27 @@ std::vector UberFilterFuzzer::filter_names() { void UberFilterFuzzer::reset(const std::string filter_name) { if (filter_name == NetworkFilterNames::get().ExtAuthorization) { - // read_filter_callbacks_.connection_.raiseEvent(Network::ConnectionEvent::LocalClose); ExtAuthz::Filter* ext_authz_filter = dynamic_cast(read_filter_.get()); + // The desctructor of GrpcClientImpl ASSERT callbacks_==nullptr. There must be either an + // authorization response or an close event to set callbacks_ to nullptr. ext_authz_filter->onEvent(Network::ConnectionEvent::LocalClose); } - - // ENVOY_LOG_MISC(info, "Reset finished"); } void UberFilterFuzzer::mockMethodsSetup() { - // static setup process when fuzzer class constructor. + // setup process when fuzzer object is constructed. For a static fuzzer, this will only be executed once. // Prepare expectations for the ext_authz filter. addr_ = std::make_shared("/test/test.sock"); - ON_CALL(factory_context_, clusterManager()).WillByDefault(testing::ReturnRef(cluster_manager_)); - ON_CALL(read_filter_callbacks_.connection_, remoteAddress()) .WillByDefault(testing::ReturnRef(addr_)); ON_CALL(read_filter_callbacks_.connection_, localAddress()) .WillByDefault(testing::ReturnRef(addr_)); - - // ON_CALL(cluster_manager_.async_client_, send_(_, _, _)).WillByDefault(Return(&async_request_)); // Prepare expectations for the local_ratelimit filter. ON_CALL(factory_context_, runtime()).WillByDefault(testing::ReturnRef(runtime_)); ON_CALL(factory_context_, scope()).WillByDefault(testing::ReturnRef(scope_)); - // Prepare general expectations for filters. + // Prepare general expectations for all the filters. ON_CALL(factory_context_, timeSource()).WillByDefault(testing::ReturnRef(time_source_)); - ON_CALL(connection_, addReadFilter(_)) .WillByDefault(Invoke( [&](Network::ReadFilterSharedPtr read_filter) -> void { read_filter_ = read_filter; })); @@ -66,28 +62,8 @@ void UberFilterFuzzer::filterSetup(const envoy::config::listener::v3::Filter& pr ProtobufTypes::MessagePtr message = Config::Utility::translateToFactoryConfig( proto_config, factory_context_.messageValidationVisitor(), factory); - // ENVOY_LOG_MISC(trace, "Input Config: {}", message->DebugString()); - - // if (filter_name == NetworkFilterNames::get().ExtAuthorization) { - // envoy::extensions::filters::network::ext_authz::v3::ExtAuthz* ext_authz_proto_config = - // dynamic_cast(message.get()); - // ExtAuthz::ConfigSharedPtr ext_authz_config( - // new ExtAuthz::Config(*ext_authz_proto_config, scope_)); - // client_=new Filters::Common::ExtAuthz::MockClient(); - // ON_CALL(*client_, check(_, _, _, _)) - // .WillByDefault(testing::WithArgs<0>( - // Invoke([&](Filters::Common::ExtAuthz::RequestCallbacks& callbacks) -> void { - // Filters::Common::ExtAuthz::ResponsePtr response = - // std::make_unique(); response->status = - // Filters::Common::ExtAuthz::CheckStatus::OK; - // callbacks.onComplete(std::move(response)); - // }))); - // read_filter_ = std::make_unique(ext_authz_config, - // Filters::Common::ExtAuthz::ClientPtr{client_}); - // } else { cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); cb_(connection_); - // } } UberFilterFuzzer::UberFilterFuzzer() { mockMethodsSetup(); } @@ -112,9 +88,7 @@ void UberFilterFuzzer::fuzz( break; } case test::extensions::filters::network::Action::kOnNewConnection: { - // ENVOY_LOG_MISC(trace, "inside onNewConnection before"); read_filter_->onNewConnection(); - // ENVOY_LOG_MISC(trace, "inside onNewConnection after"); break; } case test::extensions::filters::network::Action::kAdvanceTime: { diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index 1cd6dea0a39e8..afc7057ab15de 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -20,36 +20,33 @@ class UberFilterFuzzer { void fuzz(const envoy::config::listener::v3::Filter& proto_config, const Protobuf::RepeatedPtrField<::test::extensions::filters::network::Action>& actions); - // Get the name of filters which has been covered by this fuzzer. static std::vector filter_names(); + // Avoid issues in destructors. void reset(const std::string filter_name); protected: // Set-up filter specific mock expectations in constructor. void mockMethodsSetup(); + // Set-up mock expectations each timer when a filter is fuzzed. void filterSetup(const envoy::config::listener::v3::Filter& proto_config); private: static ::std::vector filter_names_; - - NiceMock factory_context_; + // NiceMock factory_context_; + Server::Configuration::MockFactoryContext factory_context_; Network::ReadFilterSharedPtr read_filter_; - Network::FilterFactoryCb cb_; - NiceMock connection_; + // NiceMock connection_; + Envoy::Network::MockConnection connection_; Network::Address::InstanceConstSharedPtr addr_; - NiceMock cluster_manager_; + // NiceMock cluster_manager_; + Upstream::MockClusterManager cluster_manager_; Event::SimulatedTimeSystem time_source_; - Stats::IsolatedStoreImpl scope_; - NiceMock runtime_; + // NiceMock runtime_; + Runtime::MockLoader runtime_; NiceMock read_filter_callbacks_; - - // Filters::Common::ExtAuthz::MockClient* client_; - // NiceMock async_request_; - - // Filters::Common::ExtAuthz::ResponsePtr response_; }; } // namespace NetworkFilters From 3b3933c7c0233dc5e6331b849c71a7a065cd2998 Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 7 Jul 2020 13:12:35 -0500 Subject: [PATCH 07/76] added ststem time control for local_rate_limit Signed-off-by: jianwen --- ...h-a01458c34cc4a5ebd2fd07d2b81eef868a70f2e8 | 16 ++- .../common/fuzz/network_filter_fuzz.proto | 2 +- .../common/fuzz/network_filter_fuzz_test.cc | 3 +- .../network/common/fuzz/uber_filter.cc | 98 ++++++++++++------- .../filters/network/common/fuzz/uber_filter.h | 10 +- 5 files changed, 87 insertions(+), 42 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a01458c34cc4a5ebd2fd07d2b81eef868a70f2e8 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a01458c34cc4a5ebd2fd07d2b81eef868a70f2e8 index 5b612796f22ee..ab8d73afbd8f8 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a01458c34cc4a5ebd2fd07d2b81eef868a70f2e8 +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a01458c34cc4a5ebd2fd07d2b81eef868a70f2e8 @@ -22,4 +22,18 @@ actions { actions { on_new_connection { } -} \ No newline at end of file +} +actions { + advance_time { + milliseconds: 12035000 + } +} +actions { + on_data { + data: "\000\000" + } +} +actions { + on_new_connection { + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto b/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto index feb5a1cfbf715..90657d787724f 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto @@ -29,7 +29,7 @@ message Action { } message FilterFuzzTestCase { - // envoy.extensions.filters.network.http_connection_manager.v3.HttpFilter config = 1; + // This is actually a protobuf type for the config of network filters. envoy.config.listener.v3.Filter config = 1; repeated Action actions = 2; } diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc index 2aa513cde7a56..61dba1bbfb888 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc @@ -13,7 +13,6 @@ namespace Envoy { namespace Extensions { namespace NetworkFilters { - DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase& input) { ABSL_ATTRIBUTE_UNUSED static PostProcessorRegistration reg = { [](test::extensions::filters::network::FilterFuzzTestCase* input, unsigned int seed) { @@ -33,7 +32,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase if (std::find(filter_names.begin(), filter_names.end(), input->config().name()) == std::end(filter_names)) { absl::string_view filter_name = filter_names[seed % filter_names.size()]; - filter_name = "envoy.filters.network.redis_proxy"; + // filter_name = "envoy.filters.network.redis_proxy"; input->mutable_config()->set_name(std::string(filter_name)); } // Set the corresponding type_url for Any. diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index de66e627eb858..16488aaf39038 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -10,6 +10,7 @@ #include "extensions/filters/network/well_known_names.h" #include "test/test_common/utility.h" +#include namespace Envoy { namespace Extensions { @@ -19,37 +20,60 @@ std::vector UberFilterFuzzer::filter_names() { // Will extend to cover other filters one by one. static ::std::vector filter_names_; if (filter_names_.size() == 0) { - filter_names_ = {"envoy.filters.network.ext_authz", "envoy.filters.network.local_ratelimit"}; + filter_names_ = { "envoy.filters.network.ext_authz", + "envoy.filters.network.local_ratelimit", + "envoy.filters.network.redis_proxy" }; } return filter_names_; } -void UberFilterFuzzer::reset(const std::string filter_name) { - if (filter_name == NetworkFilterNames::get().ExtAuthorization) { - ExtAuthz::Filter* ext_authz_filter = dynamic_cast(read_filter_.get()); - // The desctructor of GrpcClientImpl ASSERT callbacks_==nullptr. There must be either an - // authorization response or an close event to set callbacks_ to nullptr. - ext_authz_filter->onEvent(Network::ConnectionEvent::LocalClose); - } +void UberFilterFuzzer::reset(const std::string) { + + read_filter_callbacks_->connection_.raiseEvent(Network::ConnectionEvent::LocalClose); + // release the filter memory + read_filter_.reset(); + // reset the read_filter_callbacks_ because the filter has been destructed. + read_filter_callbacks_=std::make_shared>(); + ON_CALL(read_filter_callbacks_->connection_, remoteAddress()) + .WillByDefault(testing::ReturnRef(addr_)); + ON_CALL(read_filter_callbacks_->connection_, localAddress()) + .WillByDefault(testing::ReturnRef(addr_)); + ON_CALL(read_filter_callbacks_->connection_, addReadFilter(_)) + .WillByDefault(Invoke( + [&](Network::ReadFilterSharedPtr read_filter) -> void { + read_filter_ = read_filter; + read_filter_->initializeReadFilterCallbacks(*read_filter_callbacks_); + std::cout<<"filter recorded"<>(); + // Prepare expectations for the local_ratelimit filter + api_ = Api::createApiForTest(time_source_); + dispatcher_ = api_->allocateDispatcher("test_thread"); + ON_CALL(factory_context_, dispatcher()).WillByDefault(testing::ReturnRef(*dispatcher_)); // Prepare expectations for the ext_authz filter. addr_ = std::make_shared("/test/test.sock"); ON_CALL(factory_context_, clusterManager()).WillByDefault(testing::ReturnRef(cluster_manager_)); - ON_CALL(read_filter_callbacks_.connection_, remoteAddress()) + + ON_CALL(read_filter_callbacks_->connection_, remoteAddress()) .WillByDefault(testing::ReturnRef(addr_)); - ON_CALL(read_filter_callbacks_.connection_, localAddress()) + ON_CALL(read_filter_callbacks_->connection_, localAddress()) .WillByDefault(testing::ReturnRef(addr_)); // Prepare expectations for the local_ratelimit filter. ON_CALL(factory_context_, runtime()).WillByDefault(testing::ReturnRef(runtime_)); - ON_CALL(factory_context_, scope()).WillByDefault(testing::ReturnRef(scope_)); + // ON_CALL(factory_context_, scope()).WillByDefault(testing::ReturnRef(scope_)); // Prepare general expectations for all the filters. ON_CALL(factory_context_, timeSource()).WillByDefault(testing::ReturnRef(time_source_)); - ON_CALL(connection_, addReadFilter(_)) + ON_CALL(read_filter_callbacks_->connection_, addReadFilter(_)) .WillByDefault(Invoke( - [&](Network::ReadFilterSharedPtr read_filter) -> void { read_filter_ = read_filter; })); + [&](Network::ReadFilterSharedPtr read_filter) -> void { + read_filter_ = read_filter; + read_filter_->initializeReadFilterCallbacks(*read_filter_callbacks_); + // std::cout<<"filter recorded"<DebugString()); cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); - cb_(connection_); + cb_(read_filter_callbacks_->connection_); } UberFilterFuzzer::UberFilterFuzzer() { mockMethodsSetup(); } @@ -77,31 +101,37 @@ void UberFilterFuzzer::fuzz( ENVOY_LOG_MISC(debug, "Controlled exception in filter setup{}", e.what()); return; } - if (read_filter_ != nullptr) { - read_filter_->initializeReadFilterCallbacks(read_filter_callbacks_); - for (const auto& action : actions) { - ENVOY_LOG_MISC(trace, "action {}", action.DebugString()); - switch (action.action_selector_case()) { - case test::extensions::filters::network::Action::kOnData: { + + for (const auto& action : actions) { + ENVOY_LOG_MISC(trace, "action {}", action.DebugString()); + switch (action.action_selector_case()) { + case test::extensions::filters::network::Action::kOnData: { + if (read_filter_ != nullptr) { + // std::cout<<"on data!"<onData(buffer, action.on_data().end_stream()); - break; } - case test::extensions::filters::network::Action::kOnNewConnection: { + break; + } + case test::extensions::filters::network::Action::kOnNewConnection: { + if (read_filter_ != nullptr) { + // std::cout<<"on new connection! "<onNewConnection(); - break; - } - case test::extensions::filters::network::Action::kAdvanceTime: { - time_source_.setMonotonicTime( - std::chrono::milliseconds(action.advance_time().milliseconds())); - break; - } - default: - // Unhandled actions - PANIC("A case is missing for an action"); } + break; + } + case test::extensions::filters::network::Action::kAdvanceTime: { + time_source_.advanceTimeAsync( + std::chrono::milliseconds(action.advance_time().milliseconds())); + dispatcher_->run(Event::Dispatcher::RunType::NonBlock); + break; + } + default: + // Unhandled actions + PANIC("A case is missing for an action"); } } + reset(proto_config.name()); } diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index afc7057ab15de..72b51edd980fc 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -32,21 +32,23 @@ class UberFilterFuzzer { void filterSetup(const envoy::config::listener::v3::Filter& proto_config); private: - static ::std::vector filter_names_; + // ::std::vector filter_names_; // NiceMock factory_context_; Server::Configuration::MockFactoryContext factory_context_; Network::ReadFilterSharedPtr read_filter_; Network::FilterFactoryCb cb_; // NiceMock connection_; - Envoy::Network::MockConnection connection_; + // Envoy::Network::MockConnection connection_; Network::Address::InstanceConstSharedPtr addr_; // NiceMock cluster_manager_; Upstream::MockClusterManager cluster_manager_; Event::SimulatedTimeSystem time_source_; - Stats::IsolatedStoreImpl scope_; + Api::ApiPtr api_; + Event::DispatcherPtr dispatcher_; + // Stats::IsolatedStoreImpl scope_; // NiceMock runtime_; Runtime::MockLoader runtime_; - NiceMock read_filter_callbacks_; + std::shared_ptr> read_filter_callbacks_; }; } // namespace NetworkFilters From eb9fbe3b4a64628d4614427751fc857547a93853 Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 7 Jul 2020 16:33:07 -0500 Subject: [PATCH 08/76] enabled three filters coverage Signed-off-by: jianwen --- test/extensions/filters/network/common/fuzz/uber_filter.cc | 4 ---- 1 file changed, 4 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index 16488aaf39038..ff6dfbb1e2a3a 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -43,7 +43,6 @@ void UberFilterFuzzer::reset(const std::string) { [&](Network::ReadFilterSharedPtr read_filter) -> void { read_filter_ = read_filter; read_filter_->initializeReadFilterCallbacks(*read_filter_callbacks_); - std::cout<<"filter recorded"< void { read_filter_ = read_filter; read_filter_->initializeReadFilterCallbacks(*read_filter_callbacks_); - // std::cout<<"filter recorded"<onData(buffer, action.on_data().end_stream()); } @@ -115,7 +112,6 @@ void UberFilterFuzzer::fuzz( } case test::extensions::filters::network::Action::kOnNewConnection: { if (read_filter_ != nullptr) { - // std::cout<<"on new connection! "<onNewConnection(); } break; From 5cfae904e38d567710d1d51956a537dad9076d05 Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 7 Jul 2020 19:42:13 -0500 Subject: [PATCH 09/76] added support for ext_authz response Signed-off-by: jianwen --- .../filters/network/common/fuzz/BUILD | 1 + ...1458c34cc4a5ebd2fd07d2b81eef868a70f2e8copy | 39 +++++++ ...cb947d99fecbddb0d49347cd178a4ec29018b1copy | 12 ++ .../network/common/fuzz/uber_filter.cc | 104 +++++++++++++----- .../filters/network/common/fuzz/uber_filter.h | 7 +- 5 files changed, 133 insertions(+), 30 deletions(-) create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a01458c34cc4a5ebd2fd07d2b81eef868a70f2e8copy create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-b7cb947d99fecbddb0d49347cd178a4ec29018b1copy diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index 4c9a5d6900729..efcb38ac89b94 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -38,6 +38,7 @@ envoy_cc_test_library( "//source/extensions/filters/network/common:utility_lib", "//source/extensions/filters/network/ext_authz", "//test/extensions/filters/common/ext_authz:ext_authz_mocks", + "//test/extensions/filters/common/ext_authz:ext_authz_test_common", "//test/fuzz:utility_lib", "//test/mocks/buffer:buffer_mocks", "//test/mocks/network:network_mocks", diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a01458c34cc4a5ebd2fd07d2b81eef868a70f2e8copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a01458c34cc4a5ebd2fd07d2b81eef868a70f2e8copy new file mode 100644 index 0000000000000..ab8d73afbd8f8 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a01458c34cc4a5ebd2fd07d2b81eef868a70f2e8copy @@ -0,0 +1,39 @@ +config { + name: "envoy.filters.network.local_ratelimit" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit" + value: "\nVtype.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit\022\013\010\001\032\007\010\200^\020\200\306\001" + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "\000\000" + } +} +actions { + on_data { + data: "\000\000" + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 12035000 + } +} +actions { + on_data { + data: "\000\000" + } +} +actions { + on_new_connection { + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-b7cb947d99fecbddb0d49347cd178a4ec29018b1copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-b7cb947d99fecbddb0d49347cd178a4ec29018b1copy new file mode 100644 index 0000000000000..2587626b13169 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-b7cb947d99fecbddb0d49347cd178a4ec29018b1copy @@ -0,0 +1,12 @@ +config { + name: "envoy.filters.network.ext_authz" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.ext_authz.v3.ExtAuthz" + value: "\n\037envoy.filters.network.ext_authz\030\001(\001" + } +} +actions { + on_data { + data: ":" + } +} diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index ff6dfbb1e2a3a..89ff70ae69b47 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -6,12 +6,15 @@ #include "common/protobuf/protobuf.h" #include "common/protobuf/utility.h" -#include "extensions/filters/network/ext_authz/ext_authz.h" + #include "extensions/filters/network/well_known_names.h" #include "test/test_common/utility.h" #include +// #include "extensions/filters/network/ext_authz/ext_authz.h" +#include "test/extensions/filters/common/ext_authz/test_common.h" +// #include "extensions/filters/common/ext_authz/ext_authz_grpc_impl.h" namespace Envoy { namespace Extensions { namespace NetworkFilters { @@ -29,63 +32,104 @@ std::vector UberFilterFuzzer::filter_names() { void UberFilterFuzzer::reset(const std::string) { - read_filter_callbacks_->connection_.raiseEvent(Network::ConnectionEvent::LocalClose); + // read_filter_callbacks_->connection_.raiseEvent(Network::ConnectionEvent::LocalClose); // release the filter memory - read_filter_.reset(); + // read_filter_.reset(); // reset the read_filter_callbacks_ because the filter has been destructed. + // read_filter_callbacks_=std::make_shared>(); + // ON_CALL(read_filter_callbacks_->connection_, remoteAddress()) + // .WillByDefault(testing::ReturnRef(addr_)); + // ON_CALL(read_filter_callbacks_->connection_, localAddress()) + // .WillByDefault(testing::ReturnRef(addr_)); + // ON_CALL(read_filter_callbacks_->connection_, addReadFilter(_)) + // .WillByDefault(Invoke( + // [&](Network::ReadFilterSharedPtr read_filter) -> void { + // read_filter_ = read_filter; + // read_filter_->initializeReadFilterCallbacks(*read_filter_callbacks_); + // })); +} +void UberFilterFuzzer::perFilterSetup(const std::string filter_name){ + std::cout<<"setup for filter:"<>(); - ON_CALL(read_filter_callbacks_->connection_, remoteAddress()) - .WillByDefault(testing::ReturnRef(addr_)); - ON_CALL(read_filter_callbacks_->connection_, localAddress()) - .WillByDefault(testing::ReturnRef(addr_)); ON_CALL(read_filter_callbacks_->connection_, addReadFilter(_)) - .WillByDefault(Invoke( - [&](Network::ReadFilterSharedPtr read_filter) -> void { - read_filter_ = read_filter; - read_filter_->initializeReadFilterCallbacks(*read_filter_callbacks_); + .WillByDefault(Invoke( + [&](Network::ReadFilterSharedPtr read_filter) -> void { + read_filter_ = read_filter; + read_filter_->initializeReadFilterCallbacks(*read_filter_callbacks_); + })); + + + // setup response for ext_authz filter + if(filter_name=="envoy.filters.network.ext_authz"){ + addr_ = std::make_shared("/test/test.sock"); + + ON_CALL(read_filter_callbacks_->connection_, remoteAddress()) + .WillByDefault(testing::ReturnRef(addr_)); + ON_CALL(read_filter_callbacks_->connection_, localAddress()) + .WillByDefault(testing::ReturnRef(addr_)); + + async_client_factory_ = std::make_unique(); + async_client_ = std::make_unique(); + async_request_ = std::make_unique(); + + ON_CALL(*async_client_, sendRaw(_,_,_,_,_,_)).WillByDefault(testing::WithArgs<3>(Invoke([&](Grpc::RawAsyncRequestCallbacks& callbacks){ + + Filters::Common::ExtAuthz::GrpcClientImpl* grpc_client_impl=dynamic_cast(&callbacks); + + const std::string empty_body{}; + const auto expected_headers = Filters::Common::ExtAuthz::TestCommon::makeHeaderValueOption({{"foo", "bar", false}}); + auto check_response = Filters::Common::ExtAuthz::TestCommon::makeCheckResponse( + Grpc::Status::WellKnownGrpcStatus::Ok, envoy::type::v3::OK, empty_body, expected_headers); + grpc_client_impl->onSuccess(std::move(check_response), span_); + // grpc_client_impl->cancel(); + + return async_request_.get(); + }))); + ON_CALL(*async_client_factory_, create()).WillByDefault(Invoke([&] { + return std::move(async_client_); + })); + + ON_CALL(cluster_manager_.async_client_manager_, + factoryForGrpcService(_, _, _)) + .WillByDefault(Invoke([&](const envoy::config::core::v3::GrpcService&, Stats::Scope&, bool) { + return std::move(async_client_factory_); })); + } + + } void UberFilterFuzzer::mockMethodsSetup() { // setup process when fuzzer object is constructed. For a static fuzzer, this will only be executed once. - read_filter_callbacks_=std::make_shared>(); + + // Prepare expectations for the ext_authz filter. + // Prepare expectations for the local_ratelimit filter api_ = Api::createApiForTest(time_source_); dispatcher_ = api_->allocateDispatcher("test_thread"); + ON_CALL(factory_context_, dispatcher()).WillByDefault(testing::ReturnRef(*dispatcher_)); - // Prepare expectations for the ext_authz filter. - addr_ = std::make_shared("/test/test.sock"); ON_CALL(factory_context_, clusterManager()).WillByDefault(testing::ReturnRef(cluster_manager_)); - - ON_CALL(read_filter_callbacks_->connection_, remoteAddress()) - .WillByDefault(testing::ReturnRef(addr_)); - ON_CALL(read_filter_callbacks_->connection_, localAddress()) - .WillByDefault(testing::ReturnRef(addr_)); // Prepare expectations for the local_ratelimit filter. ON_CALL(factory_context_, runtime()).WillByDefault(testing::ReturnRef(runtime_)); // ON_CALL(factory_context_, scope()).WillByDefault(testing::ReturnRef(scope_)); + // Prepare general expectations for all the filters. ON_CALL(factory_context_, timeSource()).WillByDefault(testing::ReturnRef(time_source_)); - ON_CALL(read_filter_callbacks_->connection_, addReadFilter(_)) - .WillByDefault(Invoke( - [&](Network::ReadFilterSharedPtr read_filter) -> void { - read_filter_ = read_filter; - read_filter_->initializeReadFilterCallbacks(*read_filter_callbacks_); - })); + } void UberFilterFuzzer::filterSetup(const envoy::config::listener::v3::Filter& proto_config) { const std::string filter_name = proto_config.name(); ENVOY_LOG_MISC(info, "filter name {}", filter_name); - auto& factory = Config::Utility::getAndCheckFactoryByName< Server::Configuration::NamedNetworkFilterConfigFactory>(filter_name); - ProtobufTypes::MessagePtr message = Config::Utility::translateToFactoryConfig( proto_config, factory_context_.messageValidationVisitor(), factory); ENVOY_LOG_MISC(info, "Config content: {}", message->DebugString()); cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); - cb_(read_filter_callbacks_->connection_); } UberFilterFuzzer::UberFilterFuzzer() { mockMethodsSetup(); } @@ -99,7 +143,9 @@ void UberFilterFuzzer::fuzz( ENVOY_LOG_MISC(debug, "Controlled exception in filter setup{}", e.what()); return; } - + perFilterSetup(proto_config.name()); + //add filter to connection_ + cb_(read_filter_callbacks_->connection_); for (const auto& action : actions) { ENVOY_LOG_MISC(trace, "action {}", action.DebugString()); switch (action.action_selector_case()) { diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index 72b51edd980fc..21bf95a726094 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -8,6 +8,7 @@ #include "test/mocks/buffer/mocks.h" #include "test/mocks/network/mocks.h" #include "test/mocks/server/mocks.h" +#include <__mutex_base> namespace Envoy { namespace Extensions { @@ -24,7 +25,7 @@ class UberFilterFuzzer { static std::vector filter_names(); // Avoid issues in destructors. void reset(const std::string filter_name); - + void perFilterSetup(const std::string filter_name); protected: // Set-up filter specific mock expectations in constructor. void mockMethodsSetup(); @@ -49,6 +50,10 @@ class UberFilterFuzzer { // NiceMock runtime_; Runtime::MockLoader runtime_; std::shared_ptr> read_filter_callbacks_; + std::unique_ptrasync_request_; + std::unique_ptr async_client_; + std::unique_ptr async_client_factory_; + Tracing::MockSpan span_; }; } // namespace NetworkFilters From 24a2f9095395f1c82bee218c26f070c757ff1276 Mon Sep 17 00:00:00 2001 From: jianwen Date: Wed, 8 Jul 2020 17:47:00 -0500 Subject: [PATCH 10/76] added coverage for tcp_proxy and client_ssl_auth. Increased the coverage for ext_auth by enabling the mocked response. Fixed the validation problem inside client_ssl_auth's protobuf Signed-off-by: jianwen --- .../client_ssl_auth/v3/client_ssl_auth.proto | 3 +- .../client_ssl_auth/v3/client_ssl_auth.proto | 3 +- source/extensions/all_extensions.bzl | 7 + .../filters/network/common/fuzz/BUILD | 5 +- .../network_filter_corpus/client_sslL_auth_2 | 47 ++++++ .../network_filter_corpus/client_ssl_authz_1 | 44 ++++++ .../client_ssl_authz_1_copy | 44 ++++++ ...2529fa28c418116ac80952a52f => ext_authz_1} | 0 ...ddb0d49347cd178a4ec29018b1 => ext_authz_2} | 0 ...7cd178a4ec29018b1copy => ext_authz_2_copy} | 0 ...07d2b81eef868a70f2e8 => local_ratelimit_1} | 0 ...f868a70f2e8copy => local_ratelimit_1_copy} | 0 .../fuzz/network_filter_corpus/redis_proxy_1 | 43 +++++ .../network_filter_corpus/redis_proxy_1_copy | 43 +++++ .../fuzz/network_filter_corpus/tcp_proxy_1 | 34 ++++ .../network_filter_corpus/tcp_proxy_1_copy | 34 ++++ .../common/fuzz/network_filter_fuzz_test.cc | 10 +- .../network/common/fuzz/uber_filter.cc | 147 +++++++----------- .../filters/network/common/fuzz/uber_filter.h | 13 +- 19 files changed, 370 insertions(+), 107 deletions(-) create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/client_sslL_auth_2 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1_copy rename test/extensions/filters/network/common/fuzz/network_filter_corpus/{crash-7de3f579108ea62529fa28c418116ac80952a52f => ext_authz_1} (100%) rename test/extensions/filters/network/common/fuzz/network_filter_corpus/{crash-b7cb947d99fecbddb0d49347cd178a4ec29018b1 => ext_authz_2} (100%) rename test/extensions/filters/network/common/fuzz/network_filter_corpus/{crash-b7cb947d99fecbddb0d49347cd178a4ec29018b1copy => ext_authz_2_copy} (100%) rename test/extensions/filters/network/common/fuzz/network_filter_corpus/{crash-a01458c34cc4a5ebd2fd07d2b81eef868a70f2e8 => local_ratelimit_1} (100%) rename test/extensions/filters/network/common/fuzz/network_filter_corpus/{crash-a01458c34cc4a5ebd2fd07d2b81eef868a70f2e8copy => local_ratelimit_1_copy} (100%) create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1_copy create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1_copy diff --git a/api/envoy/extensions/filters/network/client_ssl_auth/v3/client_ssl_auth.proto b/api/envoy/extensions/filters/network/client_ssl_auth/v3/client_ssl_auth.proto index e2da157574f89..5415aacb18f64 100644 --- a/api/envoy/extensions/filters/network/client_ssl_auth/v3/client_ssl_auth.proto +++ b/api/envoy/extensions/filters/network/client_ssl_auth/v3/client_ssl_auth.proto @@ -28,7 +28,8 @@ message ClientSSLAuth { // the authentication service. The filter will connect to the service every 60s to fetch the list // of principals. The service must support the expected :ref:`REST API // `. - string auth_api_cluster = 1 [(validate.rules).string = {min_bytes: 1}]; + string auth_api_cluster = 1 + [(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_VALUE strict: false}]; // The prefix to use when emitting :ref:`statistics // `. diff --git a/generated_api_shadow/envoy/extensions/filters/network/client_ssl_auth/v3/client_ssl_auth.proto b/generated_api_shadow/envoy/extensions/filters/network/client_ssl_auth/v3/client_ssl_auth.proto index e2da157574f89..5415aacb18f64 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/client_ssl_auth/v3/client_ssl_auth.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/client_ssl_auth/v3/client_ssl_auth.proto @@ -28,7 +28,8 @@ message ClientSSLAuth { // the authentication service. The filter will connect to the service every 60s to fetch the list // of principals. The service must support the expected :ref:`REST API // `. - string auth_api_cluster = 1 [(validate.rules).string = {min_bytes: 1}]; + string auth_api_cluster = 1 + [(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_VALUE strict: false}]; // The prefix to use when emitting :ref:`statistics // `. diff --git a/source/extensions/all_extensions.bzl b/source/extensions/all_extensions.bzl index f22633aeeb2a6..aaf4902738d63 100644 --- a/source/extensions/all_extensions.bzl +++ b/source/extensions/all_extensions.bzl @@ -14,3 +14,10 @@ def envoy_all_extensions(denylist = []): # These extensions can be removed on a site specific basis. return [v for k, v in all_extensions.items() if not k in denylist] + +_network_filter_prefix = "envoy.filters.network" + +def envoy_all_network_filters(): + all_extensions = dicts.add(_required_extensions, EXTENSIONS) + + return [v for k, v in all_extensions.items() if k.startswith(_network_filter_prefix)] \ No newline at end of file diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index efcb38ac89b94..cf5461a2ca541 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -7,7 +7,8 @@ load( ) load( "//source/extensions:all_extensions.bzl", - "envoy_all_extensions", + # "envoy_all_extensions", + "envoy_all_network_filters", ) licenses(["notice"]) # Apache 2 @@ -57,5 +58,5 @@ envoy_cc_fuzz_test( "//source/common/config:utility_lib", "//source/common/protobuf:utility_lib", "//test/config:utility_lib", - ] + envoy_all_extensions(), + ] + envoy_all_network_filters(), ) diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_sslL_auth_2 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_sslL_auth_2 new file mode 100644 index 0000000000000..dd24c6c6c4daa --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_sslL_auth_2 @@ -0,0 +1,47 @@ +config { + name: "envoy.filters.network.client_ssl_auth" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.client_ssl_auth.v3.ClientSSLAuth" + value: "\n\010\177\177_p\000O\002@\022\007x-clien" + } +} +actions { + advance_time { + milliseconds: 524288 + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 524288 + } +} +actions { + advance_time { + milliseconds: 524288 + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "ppu" + end_stream: true + } +} +actions { + advance_time { + milliseconds: 524288 + } +} +actions { + on_data { + data: "type.googleapis.com/envoy.extensions.filters.network.client_ssl_auth.v3.ClientSSLAuth" + end_stream: true + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1 new file mode 100644 index 0000000000000..44f4dfaf34d18 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1 @@ -0,0 +1,44 @@ +config { + name: "envoy.filters.network.client_ssl_auth" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.client_ssl_auth.v3.ClientSSLAuth" + value: "\n%envoy.filters.network.client_ssl_auth\022\0011" + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 4 + } +} +actions { + on_data { + data: "u\360" + } +} +actions { + on_data { + data: "u\360" + } +} +actions { + on_data { + data: "u\360" + } +} +actions { + advance_time { + milliseconds: 4 + } +} +actions { + on_new_connection { + } +} +actions { + on_new_connection { + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1_copy new file mode 100644 index 0000000000000..44f4dfaf34d18 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1_copy @@ -0,0 +1,44 @@ +config { + name: "envoy.filters.network.client_ssl_auth" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.client_ssl_auth.v3.ClientSSLAuth" + value: "\n%envoy.filters.network.client_ssl_auth\022\0011" + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 4 + } +} +actions { + on_data { + data: "u\360" + } +} +actions { + on_data { + data: "u\360" + } +} +actions { + on_data { + data: "u\360" + } +} +actions { + advance_time { + milliseconds: 4 + } +} +actions { + on_new_connection { + } +} +actions { + on_new_connection { + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-7de3f579108ea62529fa28c418116ac80952a52f b/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-7de3f579108ea62529fa28c418116ac80952a52f rename to test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-b7cb947d99fecbddb0d49347cd178a4ec29018b1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-b7cb947d99fecbddb0d49347cd178a4ec29018b1 rename to test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-b7cb947d99fecbddb0d49347cd178a4ec29018b1copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2_copy similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-b7cb947d99fecbddb0d49347cd178a4ec29018b1copy rename to test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2_copy diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a01458c34cc4a5ebd2fd07d2b81eef868a70f2e8 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a01458c34cc4a5ebd2fd07d2b81eef868a70f2e8 rename to test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a01458c34cc4a5ebd2fd07d2b81eef868a70f2e8copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_1_copy similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a01458c34cc4a5ebd2fd07d2b81eef868a70f2e8copy rename to test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_1_copy diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1 new file mode 100644 index 0000000000000..ea0f08e12ffb3 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1 @@ -0,0 +1,43 @@ +config { + name: "envoy.filters.network.redis_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.redis_proxy.v3.RedisProxy" + value: "\n\001N\032\032\n\005\020\200\200\200\030\030\001 \377\377\377\337\017*\005\020\200\200\200\0302\000@\001*\010\n\006\032\004\001\000\000\010" + } +} +actions { + advance_time { + milliseconds: 1862270976 + } +} +actions { + on_new_connection { + + } +} +actions { + advance_time { + milliseconds: 455213056 + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "0" + end_stream: true + } +} +actions { + on_data { + data: "0" + end_stream: true + } +} +actions { + advance_time { + milliseconds: 1862270976 + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1_copy new file mode 100644 index 0000000000000..ea0f08e12ffb3 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1_copy @@ -0,0 +1,43 @@ +config { + name: "envoy.filters.network.redis_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.redis_proxy.v3.RedisProxy" + value: "\n\001N\032\032\n\005\020\200\200\200\030\030\001 \377\377\377\337\017*\005\020\200\200\200\0302\000@\001*\010\n\006\032\004\001\000\000\010" + } +} +actions { + advance_time { + milliseconds: 1862270976 + } +} +actions { + on_new_connection { + + } +} +actions { + advance_time { + milliseconds: 455213056 + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "0" + end_stream: true + } +} +actions { + on_data { + data: "0" + end_stream: true + } +} +actions { + advance_time { + milliseconds: 1862270976 + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1 new file mode 100644 index 0000000000000..1c4cce16fa644 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1 @@ -0,0 +1,34 @@ +config { + name: "envoy.filters.network.tcp_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy" + value: "\n\002AZ\022\320\001\n\001Z\022y\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\032J(\n&\n\"envoy.config.core.v3.SocketAddress\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\022\000J(\n&\n\"envoy.config.core.v3.SocketAddress\022\000" + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "u\360" + } +} +actions { + on_new_connection { + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "u\360" + } +} +actions { + advance_time { + milliseconds: 12288 + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1_copy new file mode 100644 index 0000000000000..1c4cce16fa644 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1_copy @@ -0,0 +1,34 @@ +config { + name: "envoy.filters.network.tcp_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy" + value: "\n\002AZ\022\320\001\n\001Z\022y\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\032J(\n&\n\"envoy.config.core.v3.SocketAddress\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\022\000J(\n&\n\"envoy.config.core.v3.SocketAddress\022\000" + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "u\360" + } +} +actions { + on_new_connection { + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "u\360" + } +} +actions { + advance_time { + milliseconds: 12288 + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc index 61dba1bbfb888..012d3d4e0a689 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc @@ -1,5 +1,3 @@ -#include - #include "common/config/utility.h" #include "common/protobuf/utility.h" @@ -23,16 +21,16 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase // target execution. Replaying a corpus through the fuzzer will not be affected by the // post-processor mutation. - // static const std::vector filter_names = Registry::FactoryRegistry< - // Server::Configuration::NamedNetworkFilterConfigFactory>::registeredNames(); - static const std::vector filter_names = UberFilterFuzzer::filter_names(); + // After extending to cover all the filters, we can use `Registry::FactoryRegistry< + // Server::Configuration::NamedNetworkFilterConfigFactory>::registeredNames()` + // to get all the filter names instead of calling `UberFilterFuzzer::filter_names()` + static const auto filter_names = UberFilterFuzzer::filter_names(); static const auto factories = Registry::FactoryRegistry< Server::Configuration::NamedNetworkFilterConfigFactory>::factories(); // Choose a valid filter name. if (std::find(filter_names.begin(), filter_names.end(), input->config().name()) == std::end(filter_names)) { absl::string_view filter_name = filter_names[seed % filter_names.size()]; - // filter_name = "envoy.filters.network.redis_proxy"; input->mutable_config()->set_name(std::string(filter_name)); } // Set the corresponding type_url for Any. diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index 89ff70ae69b47..7784e957f2114 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -3,122 +3,94 @@ #include "common/config/utility.h" #include "common/config/version_converter.h" #include "common/network/utility.h" -#include "common/protobuf/protobuf.h" #include "common/protobuf/utility.h" - #include "extensions/filters/network/well_known_names.h" +#include "test/extensions/filters/common/ext_authz/test_common.h" #include "test/test_common/utility.h" -#include -// #include "extensions/filters/network/ext_authz/ext_authz.h" -#include "test/extensions/filters/common/ext_authz/test_common.h" -// #include "extensions/filters/common/ext_authz/ext_authz_grpc_impl.h" namespace Envoy { namespace Extensions { namespace NetworkFilters { std::vector UberFilterFuzzer::filter_names() { // This filters that have already been covered by this fuzzer. - // Will extend to cover other filters one by one. + // Will extend to cover other network filters one by one. static ::std::vector filter_names_; if (filter_names_.size() == 0) { - filter_names_ = { "envoy.filters.network.ext_authz", - "envoy.filters.network.local_ratelimit", - "envoy.filters.network.redis_proxy" }; + filter_names_ = {"envoy.filters.network.ext_authz", "envoy.filters.network.local_ratelimit", + "envoy.filters.network.redis_proxy", "envoy.filters.network.tcp_proxy", + "envoy.filters.network.client_ssl_auth"}; } return filter_names_; } void UberFilterFuzzer::reset(const std::string) { - - // read_filter_callbacks_->connection_.raiseEvent(Network::ConnectionEvent::LocalClose); - // release the filter memory - // read_filter_.reset(); - // reset the read_filter_callbacks_ because the filter has been destructed. - // read_filter_callbacks_=std::make_shared>(); - // ON_CALL(read_filter_callbacks_->connection_, remoteAddress()) - // .WillByDefault(testing::ReturnRef(addr_)); - // ON_CALL(read_filter_callbacks_->connection_, localAddress()) - // .WillByDefault(testing::ReturnRef(addr_)); - // ON_CALL(read_filter_callbacks_->connection_, addReadFilter(_)) - // .WillByDefault(Invoke( - // [&](Network::ReadFilterSharedPtr read_filter) -> void { - // read_filter_ = read_filter; - // read_filter_->initializeReadFilterCallbacks(*read_filter_callbacks_); - // })); + // Close the connection to make sure the filter' callback is set to nullptr. + read_filter_callbacks_->connection_.raiseEvent(Network::ConnectionEvent::LocalClose); + // Clear the filter's raw poninter stored inside the connection_ and reset the connection_. + read_filter_callbacks_->connection_.callbacks_.clear(); + read_filter_callbacks_->connection_.bytes_sent_callbacks_.clear(); + read_filter_callbacks_->connection_.state_ = Network::Connection::State::Open; } -void UberFilterFuzzer::perFilterSetup(const std::string filter_name){ - std::cout<<"setup for filter:"<>(); - ON_CALL(read_filter_callbacks_->connection_, addReadFilter(_)) - .WillByDefault(Invoke( - [&](Network::ReadFilterSharedPtr read_filter) -> void { - read_filter_ = read_filter; - read_filter_->initializeReadFilterCallbacks(*read_filter_callbacks_); - })); - - - // setup response for ext_authz filter - if(filter_name=="envoy.filters.network.ext_authz"){ - addr_ = std::make_shared("/test/test.sock"); +void UberFilterFuzzer::perFilterSetup(const std::string filter_name) { + std::cout << "setup for filter:" << filter_name << std::endl; + // Set up response for ext_authz filter + if (filter_name == "envoy.filters.network.ext_authz") { + addr_ = std::make_shared("/test/test.sock"); ON_CALL(read_filter_callbacks_->connection_, remoteAddress()) .WillByDefault(testing::ReturnRef(addr_)); ON_CALL(read_filter_callbacks_->connection_, localAddress()) .WillByDefault(testing::ReturnRef(addr_)); async_client_factory_ = std::make_unique(); - async_client_ = std::make_unique(); - async_request_ = std::make_unique(); - - ON_CALL(*async_client_, sendRaw(_,_,_,_,_,_)).WillByDefault(testing::WithArgs<3>(Invoke([&](Grpc::RawAsyncRequestCallbacks& callbacks){ - - Filters::Common::ExtAuthz::GrpcClientImpl* grpc_client_impl=dynamic_cast(&callbacks); - - const std::string empty_body{}; - const auto expected_headers = Filters::Common::ExtAuthz::TestCommon::makeHeaderValueOption({{"foo", "bar", false}}); - auto check_response = Filters::Common::ExtAuthz::TestCommon::makeCheckResponse( - Grpc::Status::WellKnownGrpcStatus::Ok, envoy::type::v3::OK, empty_body, expected_headers); - grpc_client_impl->onSuccess(std::move(check_response), span_); - // grpc_client_impl->cancel(); - - return async_request_.get(); - }))); - ON_CALL(*async_client_factory_, create()).WillByDefault(Invoke([&] { - return std::move(async_client_); - })); - - ON_CALL(cluster_manager_.async_client_manager_, - factoryForGrpcService(_, _, _)) - .WillByDefault(Invoke([&](const envoy::config::core::v3::GrpcService&, Stats::Scope&, bool) { - return std::move(async_client_factory_); - })); + async_client_ = std::make_unique(); + async_request_ = std::make_unique(); + + ON_CALL(*async_client_, sendRaw(_, _, _, _, _, _)) + .WillByDefault(testing::WithArgs<3>(Invoke([&](Grpc::RawAsyncRequestCallbacks& callbacks) { + Filters::Common::ExtAuthz::GrpcClientImpl* grpc_client_impl = + dynamic_cast(&callbacks); + const std::string empty_body{}; + const auto expected_headers = + Filters::Common::ExtAuthz::TestCommon::makeHeaderValueOption({{"foo", "bar", false}}); + auto check_response = Filters::Common::ExtAuthz::TestCommon::makeCheckResponse( + Grpc::Status::WellKnownGrpcStatus::Ok, envoy::type::v3::OK, empty_body, + expected_headers); + grpc_client_impl->onSuccess(std::move(check_response), span_); + return async_request_.get(); + }))); + + ON_CALL(*async_client_factory_, create()).WillByDefault(Invoke([&] { + return std::move(async_client_); + })); + + ON_CALL(cluster_manager_.async_client_manager_, factoryForGrpcService(_, _, _)) + .WillByDefault(Invoke([&](const envoy::config::core::v3::GrpcService&, Stats::Scope&, + bool) { return std::move(async_client_factory_); })); } - - } -void UberFilterFuzzer::mockMethodsSetup() { - // setup process when fuzzer object is constructed. For a static fuzzer, this will only be executed once. - - // Prepare expectations for the ext_authz filter. - - // Prepare expectations for the local_ratelimit filter +void UberFilterFuzzer::fuzzerSetup() { + // Setup process when this fuzzer object is constructed. + // For a static fuzzer, this will only be executed once. + + // Get the pointer of read_filter when the read_filter is being added to connection_. + read_filter_callbacks_ = std::make_shared>(); + ON_CALL(read_filter_callbacks_->connection_, addReadFilter(_)) + .WillByDefault(Invoke([&](Network::ReadFilterSharedPtr read_filter) -> void { + read_filter_ = read_filter; + read_filter_->initializeReadFilterCallbacks(*read_filter_callbacks_); + })); + + // Prepare time source for filters such as local_ratelimit filter api_ = Api::createApiForTest(time_source_); dispatcher_ = api_->allocateDispatcher("test_thread"); - ON_CALL(factory_context_, dispatcher()).WillByDefault(testing::ReturnRef(*dispatcher_)); - ON_CALL(factory_context_, clusterManager()).WillByDefault(testing::ReturnRef(cluster_manager_)); - // Prepare expectations for the local_ratelimit filter. ON_CALL(factory_context_, runtime()).WillByDefault(testing::ReturnRef(runtime_)); - // ON_CALL(factory_context_, scope()).WillByDefault(testing::ReturnRef(scope_)); - - // Prepare general expectations for all the filters. ON_CALL(factory_context_, timeSource()).WillByDefault(testing::ReturnRef(time_source_)); - - + // Prepare general expectations for all the filters. + ON_CALL(factory_context_, clusterManager()).WillByDefault(testing::ReturnRef(cluster_manager_)); } void UberFilterFuzzer::filterSetup(const envoy::config::listener::v3::Filter& proto_config) { @@ -131,20 +103,21 @@ void UberFilterFuzzer::filterSetup(const envoy::config::listener::v3::Filter& pr ENVOY_LOG_MISC(info, "Config content: {}", message->DebugString()); cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); } -UberFilterFuzzer::UberFilterFuzzer() { mockMethodsSetup(); } +UberFilterFuzzer::UberFilterFuzzer() { fuzzerSetup(); } void UberFilterFuzzer::fuzz( const envoy::config::listener::v3::Filter& proto_config, const Protobuf::RepeatedPtrField<::test::extensions::filters::network::Action>& actions) { try { - // Try to create the filter. Exit early if the config is invalid or violates PGV constraints. + // Try to create the filter callback(cb_). Exit early if the config is invalid or violates PGV + // constraints. filterSetup(proto_config); } catch (const EnvoyException& e) { ENVOY_LOG_MISC(debug, "Controlled exception in filter setup{}", e.what()); return; } perFilterSetup(proto_config.name()); - //add filter to connection_ + // Add filter to connection_ cb_(read_filter_callbacks_->connection_); for (const auto& action : actions) { ENVOY_LOG_MISC(trace, "action {}", action.DebugString()); @@ -173,7 +146,7 @@ void UberFilterFuzzer::fuzz( PANIC("A case is missing for an action"); } } - + reset(proto_config.name()); } diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index 21bf95a726094..e540773695e79 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -8,7 +8,6 @@ #include "test/mocks/buffer/mocks.h" #include "test/mocks/network/mocks.h" #include "test/mocks/server/mocks.h" -#include <__mutex_base> namespace Envoy { namespace Extensions { @@ -26,31 +25,25 @@ class UberFilterFuzzer { // Avoid issues in destructors. void reset(const std::string filter_name); void perFilterSetup(const std::string filter_name); + protected: // Set-up filter specific mock expectations in constructor. - void mockMethodsSetup(); + void fuzzerSetup(); // Set-up mock expectations each timer when a filter is fuzzed. void filterSetup(const envoy::config::listener::v3::Filter& proto_config); private: - // ::std::vector filter_names_; - // NiceMock factory_context_; Server::Configuration::MockFactoryContext factory_context_; Network::ReadFilterSharedPtr read_filter_; Network::FilterFactoryCb cb_; - // NiceMock connection_; - // Envoy::Network::MockConnection connection_; Network::Address::InstanceConstSharedPtr addr_; - // NiceMock cluster_manager_; Upstream::MockClusterManager cluster_manager_; Event::SimulatedTimeSystem time_source_; Api::ApiPtr api_; Event::DispatcherPtr dispatcher_; - // Stats::IsolatedStoreImpl scope_; - // NiceMock runtime_; Runtime::MockLoader runtime_; std::shared_ptr> read_filter_callbacks_; - std::unique_ptrasync_request_; + std::unique_ptr async_request_; std::unique_ptr async_client_; std::unique_ptr async_client_factory_; Tracing::MockSpan span_; From fbf2e6822cad15d2ccd70cab3f75748384fe6822 Mon Sep 17 00:00:00 2001 From: jianwen Date: Fri, 10 Jul 2020 13:25:18 -0500 Subject: [PATCH 11/76] removed test for tcp_proxy filter Signed-off-by: jianwen --- .../network_filter_corpus/direct_response_1 | 32 +++++++++++++++ .../direct_response_1_copy | 32 +++++++++++++++ .../fuzz/network_filter_corpus/dubbo_proxy_1 | 39 +++++++++++++++++++ .../network_filter_corpus/dubbo_proxy_1_copy | 39 +++++++++++++++++++ .../common/fuzz/network_filter_corpus/echo_1 | 34 ++++++++++++++++ .../fuzz/network_filter_corpus/echo_1_copy | 34 ++++++++++++++++ .../fuzz/network_filter_corpus/sni_cluster_1 | 35 +++++++++++++++++ .../network_filter_corpus/sni_cluster_1_copy | 35 +++++++++++++++++ .../common/fuzz/network_filter_fuzz_test.cc | 9 ++++- .../network/common/fuzz/uber_filter.cc | 29 +++++++++++--- .../filters/network/common/fuzz/uber_filter.h | 12 +++++- 11 files changed, 322 insertions(+), 8 deletions(-) create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1_copy create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1_copy create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1_copy create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1_copy diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1 new file mode 100644 index 0000000000000..14e4b24d92bb2 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1 @@ -0,0 +1,32 @@ +config { + name: "envoy.filters.network.direct_response" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.direct_response.v3.Config" + } +} +actions { + on_data { + } +} +actions { + on_data { + data: "y" + } +} +actions { + on_data { + } +} +actions { + on_data { + } +} +actions { + on_data { + data: "\006" + } +} +actions { + on_data { + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1_copy new file mode 100644 index 0000000000000..14e4b24d92bb2 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1_copy @@ -0,0 +1,32 @@ +config { + name: "envoy.filters.network.direct_response" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.direct_response.v3.Config" + } +} +actions { + on_data { + } +} +actions { + on_data { + data: "y" + } +} +actions { + on_data { + } +} +actions { + on_data { + } +} +actions { + on_data { + data: "\006" + } +} +actions { + on_data { + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1 new file mode 100644 index 0000000000000..13fc32667c5ec --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1 @@ -0,0 +1,39 @@ +config { + name: "envoy.filters.network.dubbo_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.dubbo_proxy.v3.DubboProxy" + value: "\n!envoy.filters.network.dubbo_proxy" + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "\000\013" + } +} +actions { + on_data { + data: "\000\013" + } +} +actions { + on_data { + data: "\000\013" + } +} +actions { + on_data { + data: "\000\013" + } +} +actions { + on_new_connection { + } +} +actions { + on_new_connection { + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1_copy new file mode 100644 index 0000000000000..13fc32667c5ec --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1_copy @@ -0,0 +1,39 @@ +config { + name: "envoy.filters.network.dubbo_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.dubbo_proxy.v3.DubboProxy" + value: "\n!envoy.filters.network.dubbo_proxy" + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "\000\013" + } +} +actions { + on_data { + data: "\000\013" + } +} +actions { + on_data { + data: "\000\013" + } +} +actions { + on_data { + data: "\000\013" + } +} +actions { + on_new_connection { + } +} +actions { + on_new_connection { + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1 new file mode 100644 index 0000000000000..5eb88e52693ba --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1 @@ -0,0 +1,34 @@ +config { + name: "envoy.filters.network.echo" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.echo.v3.Echo" + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 2097152 + } +} +actions { + advance_time { + milliseconds: 4194304 + } +} +actions { + on_data { + } +} +actions { + advance_time { + milliseconds: 2097152 + } +} +actions { + advance_time { + milliseconds: 778793567 + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1_copy new file mode 100644 index 0000000000000..5eb88e52693ba --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1_copy @@ -0,0 +1,34 @@ +config { + name: "envoy.filters.network.echo" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.echo.v3.Echo" + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 2097152 + } +} +actions { + advance_time { + milliseconds: 4194304 + } +} +actions { + on_data { + } +} +actions { + advance_time { + milliseconds: 2097152 + } +} +actions { + advance_time { + milliseconds: 778793567 + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1 new file mode 100644 index 0000000000000..9452cb8d6074a --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1 @@ -0,0 +1,35 @@ +config { + name: "envoy.filters.network.sni_cluster" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 268435456 + } +} +actions { + on_data { + data: "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" + } +} +actions { + on_data { + data: "IIIIIIIIIIIIIIIIIIII\000\000\000\000\000\000\000;IIIIIIIIIIIIIIIIIIIIIIIIIIIIII" + } +} +actions { + advance_time { + milliseconds: 16384 + } +} +actions { + advance_time { + milliseconds: 13 + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1_copy new file mode 100644 index 0000000000000..9452cb8d6074a --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1_copy @@ -0,0 +1,35 @@ +config { + name: "envoy.filters.network.sni_cluster" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 268435456 + } +} +actions { + on_data { + data: "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" + } +} +actions { + on_data { + data: "IIIIIIIIIIIIIIIIIIII\000\000\000\000\000\000\000;IIIIIIIIIIIIIIIIIIIIIIIIIIIIII" + } +} +actions { + advance_time { + milliseconds: 16384 + } +} +actions { + advance_time { + milliseconds: 13 + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc index 012d3d4e0a689..09b6b51126e6f 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc @@ -24,13 +24,14 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase // After extending to cover all the filters, we can use `Registry::FactoryRegistry< // Server::Configuration::NamedNetworkFilterConfigFactory>::registeredNames()` // to get all the filter names instead of calling `UberFilterFuzzer::filter_names()` - static const auto filter_names = UberFilterFuzzer::filter_names(); + static const auto filter_names = UberFilterFuzzer::filterNames(); static const auto factories = Registry::FactoryRegistry< Server::Configuration::NamedNetworkFilterConfigFactory>::factories(); // Choose a valid filter name. if (std::find(filter_names.begin(), filter_names.end(), input->config().name()) == std::end(filter_names)) { absl::string_view filter_name = filter_names[seed % filter_names.size()]; + // filter_name = "envoy.filters.network.dubbo_proxy"; input->mutable_config()->set_name(std::string(filter_name)); } // Set the corresponding type_url for Any. @@ -43,6 +44,12 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase try { TestUtility::validate(input); // Fuzz filter. + static const auto filter_names = UberFilterFuzzer::filterNames(); + if (std::find(filter_names.begin(), filter_names.end(), input.config().name()) == + std::end(filter_names)) { + ENVOY_LOG_MISC(debug, "Test case with unsupported filter type: {}", input.config().name()); + return; + } static UberFilterFuzzer fuzzer; fuzzer.fuzz(input.config(), input.actions()); } catch (const ProtoValidationException& e) { diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index 7784e957f2114..af67655b15650 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -13,14 +13,15 @@ namespace Envoy { namespace Extensions { namespace NetworkFilters { -std::vector UberFilterFuzzer::filter_names() { +std::vector UberFilterFuzzer::filterNames() { // This filters that have already been covered by this fuzzer. // Will extend to cover other network filters one by one. static ::std::vector filter_names_; - if (filter_names_.size() == 0) { + if (filter_names_.empty()) { filter_names_ = {"envoy.filters.network.ext_authz", "envoy.filters.network.local_ratelimit", - "envoy.filters.network.redis_proxy", "envoy.filters.network.tcp_proxy", - "envoy.filters.network.client_ssl_auth"}; + "envoy.filters.network.redis_proxy", + "envoy.filters.network.client_ssl_auth","envoy.filters.network.echo", + "envoy.filters.network.direct_response","envoy.filters.network.sni_cluster"}; } return filter_names_; } @@ -32,6 +33,16 @@ void UberFilterFuzzer::reset(const std::string) { read_filter_callbacks_->connection_.callbacks_.clear(); read_filter_callbacks_->connection_.bytes_sent_callbacks_.clear(); read_filter_callbacks_->connection_.state_ = Network::Connection::State::Open; + + // read_filter_callbacks_ = std::make_shared>(); + // ON_CALL(read_filter_callbacks_->connection_, addReadFilter(_)) + // .WillByDefault(Invoke([&](Network::ReadFilterSharedPtr read_filter) -> void { + // read_filter_ = read_filter; + // read_filter_->initializeReadFilterCallbacks(*read_filter_callbacks_); + // })); + // // Prepare sni for sni_cluster filter + // ON_CALL(read_filter_callbacks_->connection_, requestedServerName()) + // .WillByDefault(testing::Return("filter_state_cluster")); } void UberFilterFuzzer::perFilterSetup(const std::string filter_name) { std::cout << "setup for filter:" << filter_name << std::endl; @@ -70,6 +81,7 @@ void UberFilterFuzzer::perFilterSetup(const std::string filter_name) { .WillByDefault(Invoke([&](const envoy::config::core::v3::GrpcService&, Stats::Scope&, bool) { return std::move(async_client_factory_); })); } + } void UberFilterFuzzer::fuzzerSetup() { // Setup process when this fuzzer object is constructed. @@ -82,7 +94,9 @@ void UberFilterFuzzer::fuzzerSetup() { read_filter_ = read_filter; read_filter_->initializeReadFilterCallbacks(*read_filter_callbacks_); })); - + // Prepare sni for sni_cluster filter + ON_CALL(read_filter_callbacks_->connection_, requestedServerName()) + .WillByDefault(testing::Return("filter_state_cluster")); // Prepare time source for filters such as local_ratelimit filter api_ = Api::createApiForTest(time_source_); dispatcher_ = api_->allocateDispatcher("test_thread"); @@ -94,7 +108,7 @@ void UberFilterFuzzer::fuzzerSetup() { } void UberFilterFuzzer::filterSetup(const envoy::config::listener::v3::Filter& proto_config) { - const std::string filter_name = proto_config.name(); + const std::string& filter_name = proto_config.name(); ENVOY_LOG_MISC(info, "filter name {}", filter_name); auto& factory = Config::Utility::getAndCheckFactoryByName< Server::Configuration::NamedNetworkFilterConfigFactory>(filter_name); @@ -119,6 +133,9 @@ void UberFilterFuzzer::fuzz( perFilterSetup(proto_config.name()); // Add filter to connection_ cb_(read_filter_callbacks_->connection_); + // if (actions.size() > 5) { + // PANIC("A case is found!"); + // } for (const auto& action : actions) { ENVOY_LOG_MISC(trace, "action {}", action.DebugString()); switch (action.action_selector_case()) { diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index e540773695e79..ae8ec033d9661 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -21,7 +21,7 @@ class UberFilterFuzzer { fuzz(const envoy::config::listener::v3::Filter& proto_config, const Protobuf::RepeatedPtrField<::test::extensions::filters::network::Action>& actions); // Get the name of filters which has been covered by this fuzzer. - static std::vector filter_names(); + static std::vector filterNames(); // Avoid issues in destructors. void reset(const std::string filter_name); void perFilterSetup(const std::string filter_name); @@ -47,6 +47,16 @@ class UberFilterFuzzer { std::unique_ptr async_client_; std::unique_ptr async_client_factory_; Tracing::MockSpan span_; + // mock tcp upstream + std::vector>> + upstream_connection_data_{}; + std::vector>> upstream_hosts_{}; + std::vector>> upstream_connections_{}; + Network::Address::InstanceConstSharedPtr upstream_local_address_; + Network::Address::InstanceConstSharedPtr upstream_remote_address_; + std::vector conn_pool_callbacks_; + std::vector>> conn_pool_handles_; + NiceMock conn_pool_; }; } // namespace NetworkFilters From 51118cc429726682b35f3b09647fcc519a6cc5e4 Mon Sep 17 00:00:00 2001 From: jianwen Date: Fri, 10 Jul 2020 13:34:47 -0500 Subject: [PATCH 12/76] fix bazel style Signed-off-by: jianwen --- source/extensions/all_extensions.bzl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/extensions/all_extensions.bzl b/source/extensions/all_extensions.bzl index bdd7a7b6df91e..17b4521adea31 100644 --- a/source/extensions/all_extensions.bzl +++ b/source/extensions/all_extensions.bzl @@ -21,7 +21,7 @@ def envoy_all_network_filters(): all_extensions = dicts.add(_required_extensions, EXTENSIONS) return [v for k, v in all_extensions.items() if k.startswith(_network_filter_prefix)] - + # Core extensions needed to run Envoy's integration tests. _core_extensions = [ "envoy.access_loggers.file", From 258ffec659d369f86f6118e409a22b18bedbb625 Mon Sep 17 00:00:00 2001 From: jianwen Date: Fri, 10 Jul 2020 13:36:30 -0500 Subject: [PATCH 13/76] fixed style Signed-off-by: jianwen --- .../network/common/fuzz/network_filter_fuzz_test.cc | 2 +- .../filters/network/common/fuzz/uber_filter.cc | 11 +++++------ .../filters/network/common/fuzz/uber_filter.h | 2 +- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc index 09b6b51126e6f..b2823413af2e9 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc @@ -46,7 +46,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase // Fuzz filter. static const auto filter_names = UberFilterFuzzer::filterNames(); if (std::find(filter_names.begin(), filter_names.end(), input.config().name()) == - std::end(filter_names)) { + std::end(filter_names)) { ENVOY_LOG_MISC(debug, "Test case with unsupported filter type: {}", input.config().name()); return; } diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index af67655b15650..a3a6ed9e2b67a 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -18,10 +18,10 @@ std::vector UberFilterFuzzer::filterNames() { // Will extend to cover other network filters one by one. static ::std::vector filter_names_; if (filter_names_.empty()) { - filter_names_ = {"envoy.filters.network.ext_authz", "envoy.filters.network.local_ratelimit", - "envoy.filters.network.redis_proxy", - "envoy.filters.network.client_ssl_auth","envoy.filters.network.echo", - "envoy.filters.network.direct_response","envoy.filters.network.sni_cluster"}; + filter_names_ = {"envoy.filters.network.ext_authz", "envoy.filters.network.local_ratelimit", + "envoy.filters.network.redis_proxy", "envoy.filters.network.client_ssl_auth", + "envoy.filters.network.echo", "envoy.filters.network.direct_response", + "envoy.filters.network.sni_cluster"}; } return filter_names_; } @@ -81,7 +81,6 @@ void UberFilterFuzzer::perFilterSetup(const std::string filter_name) { .WillByDefault(Invoke([&](const envoy::config::core::v3::GrpcService&, Stats::Scope&, bool) { return std::move(async_client_factory_); })); } - } void UberFilterFuzzer::fuzzerSetup() { // Setup process when this fuzzer object is constructed. @@ -96,7 +95,7 @@ void UberFilterFuzzer::fuzzerSetup() { })); // Prepare sni for sni_cluster filter ON_CALL(read_filter_callbacks_->connection_, requestedServerName()) - .WillByDefault(testing::Return("filter_state_cluster")); + .WillByDefault(testing::Return("filter_state_cluster")); // Prepare time source for filters such as local_ratelimit filter api_ = Api::createApiForTest(time_source_); dispatcher_ = api_->allocateDispatcher("test_thread"); diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index ae8ec033d9661..6816e7efaff51 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -49,7 +49,7 @@ class UberFilterFuzzer { Tracing::MockSpan span_; // mock tcp upstream std::vector>> - upstream_connection_data_{}; + upstream_connection_data_{}; std::vector>> upstream_hosts_{}; std::vector>> upstream_connections_{}; Network::Address::InstanceConstSharedPtr upstream_local_address_; From 6babdfc5cbdf95119beb287304ba870b63da30d5 Mon Sep 17 00:00:00 2001 From: jianwen Date: Mon, 13 Jul 2020 09:15:09 -0500 Subject: [PATCH 14/76] found issues in tcp_proxy and direct_response. added test cases for the issues Signed-off-by: jianwen --- ...h-132f97b1781cbab3ed550ee08a64043d2bec31b1 | 11 ++ ...h-a54492d3dff68c09e6a8b22e558e3fe865b78895 | 40 +++++ ...492d3dff68c09e6a8b22e558e3fe865b78895_copy | 40 +++++ ...h-eeed3185f9fdea73e2e4282e03ccb887bd5a72a3 | 16 ++ .../sni_dynamic_forward_proxy_1 | 36 +++++ .../sni_dynamic_forward_proxy_1_copy | 36 +++++ .../common/fuzz/network_filter_fuzz_test.cc | 2 +- .../network/common/fuzz/uber_filter.cc | 63 +++++--- .../filters/network/common/fuzz/uber_filter.h | 144 ++++++++++++++++-- 9 files changed, 348 insertions(+), 40 deletions(-) create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-132f97b1781cbab3ed550ee08a64043d2bec31b1 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895_copy create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-eeed3185f9fdea73e2e4282e03ccb887bd5a72a3 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1_copy diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-132f97b1781cbab3ed550ee08a64043d2bec31b1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-132f97b1781cbab3ed550ee08a64043d2bec31b1 new file mode 100644 index 0000000000000..5c3b5c1c81a79 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-132f97b1781cbab3ed550ee08a64043d2bec31b1 @@ -0,0 +1,11 @@ +config { + name: "envoy.filters.network.sni_cluster" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } +} +actions { + advance_time { + milliseconds: 16777216 + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895 new file mode 100644 index 0000000000000..3a6b385654b01 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895 @@ -0,0 +1,40 @@ +config { + name: "envoy.filters.network.local_ratelimit" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit" + value: "\nVtype.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit\022\013\010\001\032\007\010\200^\020\200\306\001" + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "\000" + } +} +actions { + on_data { + data: "\000\000" + } +} +actions { + advance_time { + milliseconds: 12035000 + } +} +actions { + advance_time { + milliseconds: 12035000 + } +} +actions { + advance_time { + milliseconds: 268435456 + } +} +actions { + on_new_connection { + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895_copy new file mode 100644 index 0000000000000..3a6b385654b01 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895_copy @@ -0,0 +1,40 @@ +config { + name: "envoy.filters.network.local_ratelimit" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit" + value: "\nVtype.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit\022\013\010\001\032\007\010\200^\020\200\306\001" + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "\000" + } +} +actions { + on_data { + data: "\000\000" + } +} +actions { + advance_time { + milliseconds: 12035000 + } +} +actions { + advance_time { + milliseconds: 12035000 + } +} +actions { + advance_time { + milliseconds: 268435456 + } +} +actions { + on_new_connection { + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-eeed3185f9fdea73e2e4282e03ccb887bd5a72a3 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-eeed3185f9fdea73e2e4282e03ccb887bd5a72a3 new file mode 100644 index 0000000000000..00b1d061fd07b --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-eeed3185f9fdea73e2e4282e03ccb887bd5a72a3 @@ -0,0 +1,16 @@ +config { + name: "envoy.filters.network.direct_response" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.direct_response.v3.Config" + value: "\n\032\n\030*\014\n\002\020\001\"\006\020\001\"\002\030\0012\003\032\001\':\003\032\001\'" + } +} +actions { + advance_time { + milliseconds: 2147483648 + } +} +actions { + on_new_connection { + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1 new file mode 100644 index 0000000000000..21ad6d880835a --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1 @@ -0,0 +1,36 @@ +config { + name: "envoy.filters.network.sni_dynamic_forward_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.sni_dynamic_forward_proxy.v3alpha.FilterConfig" + value: "\nP\nFenvoy.network.sni_dynamic_fo.filters.network.sni_dynamic_forward_proxy*\006\010\200\200\200\260\002" + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 30976 + } +} +actions { + advance_time { + milliseconds: 262144 + } +} +actions { + on_data { + data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" + } +} +actions { + on_data { + data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" + } +} +actions { + on_data { + data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1_copy new file mode 100644 index 0000000000000..21ad6d880835a --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1_copy @@ -0,0 +1,36 @@ +config { + name: "envoy.filters.network.sni_dynamic_forward_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.sni_dynamic_forward_proxy.v3alpha.FilterConfig" + value: "\nP\nFenvoy.network.sni_dynamic_fo.filters.network.sni_dynamic_forward_proxy*\006\010\200\200\200\260\002" + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 30976 + } +} +actions { + advance_time { + milliseconds: 262144 + } +} +actions { + on_data { + data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" + } +} +actions { + on_data { + data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" + } +} +actions { + on_data { + data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc index b2823413af2e9..2075fb44cafbc 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc @@ -31,7 +31,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase if (std::find(filter_names.begin(), filter_names.end(), input->config().name()) == std::end(filter_names)) { absl::string_view filter_name = filter_names[seed % filter_names.size()]; - // filter_name = "envoy.filters.network.dubbo_proxy"; + // filter_name = "envoy.filters.network.sni_dynamic_forward_proxy"; input->mutable_config()->set_name(std::string(filter_name)); } // Set the corresponding type_url for Any. diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index a3a6ed9e2b67a..2bf9d56718ca4 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -13,15 +13,23 @@ namespace Envoy { namespace Extensions { namespace NetworkFilters { + std::vector UberFilterFuzzer::filterNames() { // This filters that have already been covered by this fuzzer. // Will extend to cover other network filters one by one. static ::std::vector filter_names_; if (filter_names_.empty()) { - filter_names_ = {"envoy.filters.network.ext_authz", "envoy.filters.network.local_ratelimit", - "envoy.filters.network.redis_proxy", "envoy.filters.network.client_ssl_auth", - "envoy.filters.network.echo", "envoy.filters.network.direct_response", - "envoy.filters.network.sni_cluster"}; + filter_names_ = { + "envoy.filters.network.ext_authz", + "envoy.filters.network.local_ratelimit", + "envoy.filters.network.redis_proxy", + "envoy.filters.network.client_ssl_auth", + "envoy.filters.network.echo", + // "envoy.filters.network.tcp_proxy" + "envoy.filters.network.direct_response", + // "envoy.filters.network.sni_dynamic_forward_proxy", + "envoy.filters.network.sni_cluster" + }; } return filter_names_; } @@ -49,15 +57,11 @@ void UberFilterFuzzer::perFilterSetup(const std::string filter_name) { // Set up response for ext_authz filter if (filter_name == "envoy.filters.network.ext_authz") { - addr_ = std::make_shared("/test/test.sock"); - ON_CALL(read_filter_callbacks_->connection_, remoteAddress()) - .WillByDefault(testing::ReturnRef(addr_)); - ON_CALL(read_filter_callbacks_->connection_, localAddress()) - .WillByDefault(testing::ReturnRef(addr_)); + async_client_factory_ = std::make_unique(); async_client_ = std::make_unique(); - async_request_ = std::make_unique(); + ON_CALL(*async_client_, sendRaw(_, _, _, _, _, _)) .WillByDefault(testing::WithArgs<3>(Invoke([&](Grpc::RawAsyncRequestCallbacks& callbacks) { @@ -65,7 +69,7 @@ void UberFilterFuzzer::perFilterSetup(const std::string filter_name) { dynamic_cast(&callbacks); const std::string empty_body{}; const auto expected_headers = - Filters::Common::ExtAuthz::TestCommon::makeHeaderValueOption({{"foo", "bar", false}}); + Filters::Common::ExtAuthz::TestCommon::makeHeaderValueOption({}); auto check_response = Filters::Common::ExtAuthz::TestCommon::makeCheckResponse( Grpc::Status::WellKnownGrpcStatus::Ok, envoy::type::v3::OK, empty_body, expected_headers); @@ -77,7 +81,7 @@ void UberFilterFuzzer::perFilterSetup(const std::string filter_name) { return std::move(async_client_); })); - ON_CALL(cluster_manager_.async_client_manager_, factoryForGrpcService(_, _, _)) + ON_CALL(factory_context_.cluster_manager_.async_client_manager_, factoryForGrpcService(_, _, _)) .WillByDefault(Invoke([&](const envoy::config::core::v3::GrpcService&, Stats::Scope&, bool) { return std::move(async_client_factory_); })); } @@ -93,17 +97,27 @@ void UberFilterFuzzer::fuzzerSetup() { read_filter_ = read_filter; read_filter_->initializeReadFilterCallbacks(*read_filter_callbacks_); })); - // Prepare sni for sni_cluster filter + // Prepare sni for sni_cluster filter and sni_dynamic_forward_proxy filter ON_CALL(read_filter_callbacks_->connection_, requestedServerName()) .WillByDefault(testing::Return("filter_state_cluster")); // Prepare time source for filters such as local_ratelimit filter - api_ = Api::createApiForTest(time_source_); - dispatcher_ = api_->allocateDispatcher("test_thread"); - ON_CALL(factory_context_, dispatcher()).WillByDefault(testing::ReturnRef(*dispatcher_)); - ON_CALL(factory_context_, runtime()).WillByDefault(testing::ReturnRef(runtime_)); - ON_CALL(factory_context_, timeSource()).WillByDefault(testing::ReturnRef(time_source_)); + factory_context_.prepareSimulatedSystemTime(); + + addr_ = std::make_shared("/test/test.sock"); + ON_CALL(read_filter_callbacks_->connection_, remoteAddress()) + .WillByDefault(testing::ReturnRef(addr_)); + ON_CALL(read_filter_callbacks_->connection_, localAddress()) + .WillByDefault(testing::ReturnRef(addr_)); + + async_request_ = std::make_unique(); + // time_source_ = dynamic_cast(&factory_context_.timeSource()); + // time_source_=factory_context_.timeSource(); + // api_ = Api::createApiForTest(time_source_); + // dispatcher_ = api_->allocateDispatcher("test_thread"); + // ON_CALL(factory_context_, dispatcher()).WillByDefault(testing::ReturnRef(*dispatcher_)); + // ON_CALL(factory_context_, timeSource()).WillByDefault(testing::ReturnRef(time_source_)); // Prepare general expectations for all the filters. - ON_CALL(factory_context_, clusterManager()).WillByDefault(testing::ReturnRef(cluster_manager_)); + // ON_CALL(factory_context_, clusterManager()).WillByDefault(testing::ReturnRef(cluster_manager_)); } void UberFilterFuzzer::filterSetup(const envoy::config::listener::v3::Filter& proto_config) { @@ -116,7 +130,7 @@ void UberFilterFuzzer::filterSetup(const envoy::config::listener::v3::Filter& pr ENVOY_LOG_MISC(info, "Config content: {}", message->DebugString()); cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); } -UberFilterFuzzer::UberFilterFuzzer() { fuzzerSetup(); } +UberFilterFuzzer::UberFilterFuzzer() :factory_context_{},time_source_(factory_context_.SimulatedTimeSystem()){ fuzzerSetup(); } void UberFilterFuzzer::fuzz( const envoy::config::listener::v3::Filter& proto_config, @@ -125,13 +139,14 @@ void UberFilterFuzzer::fuzz( // Try to create the filter callback(cb_). Exit early if the config is invalid or violates PGV // constraints. filterSetup(proto_config); + perFilterSetup(proto_config.name()); + // Add filter to connection_ + cb_(read_filter_callbacks_->connection_); } catch (const EnvoyException& e) { ENVOY_LOG_MISC(debug, "Controlled exception in filter setup{}", e.what()); return; } - perFilterSetup(proto_config.name()); - // Add filter to connection_ - cb_(read_filter_callbacks_->connection_); + // if (actions.size() > 5) { // PANIC("A case is found!"); // } @@ -154,7 +169,7 @@ void UberFilterFuzzer::fuzz( case test::extensions::filters::network::Action::kAdvanceTime: { time_source_.advanceTimeAsync( std::chrono::milliseconds(action.advance_time().milliseconds())); - dispatcher_->run(Event::Dispatcher::RunType::NonBlock); + factory_context_.dispatcher().run(Event::Dispatcher::RunType::NonBlock); break; } default: diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index 6816e7efaff51..513ecd90b5bc3 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -9,7 +9,121 @@ #include "test/mocks/network/mocks.h" #include "test/mocks/server/mocks.h" +#include "common/singleton/manager_impl.h" + namespace Envoy { +namespace Server{ +namespace Configuration{ +class FakeFactoryContext: public MockFactoryContext{ +public: +FakeFactoryContext() { + //instantizate + // api_ = Api::createApiForTest(time_system_); + // dispatcher_ = api_->allocateDispatcher("test_thread"); +} +// ServerFactoryContext& getServerFactoryContext() { +// return server_factory_context_; +// } +// TransportSocketFactoryContext& getTransportSocketFactoryContext() const{ +// return re +// } +void prepareSimulatedSystemTime(){ + api_ = Api::createApiForTest(time_system_); + dispatcher_ = api_->allocateDispatcher("test_thread"); +} +AccessLog::AccessLogManager& accessLogManager() override{ + return access_log_manager_; +} +Upstream::ClusterManager& clusterManager() override{ + return cluster_manager_; +} +Event::Dispatcher& dispatcher() override{ + return *dispatcher_; +} +const Network::DrainDecision& drainDecision() override{ + return drain_manager_; +} +Init::Manager& initManager() override{ + return init_manager_; +} +ServerLifecycleNotifier& lifecycleNotifier() override{ + return lifecycle_notifier_; +} +const LocalInfo::LocalInfo& localInfo() const override{ + return local_info_; +} +Envoy::Random::RandomGenerator& random() override{ + return random_; +} +Envoy::Runtime::Loader& runtime() override{ + return runtime_loader_; +} +Stats::Scope& scope() override{ + return scope_; +} +Singleton::Manager& singletonManager() override{ + return *singleton_manager_; +} +ThreadLocal::Instance& threadLocal() override{ + return thread_local_; +} +Server::Admin& admin() override{ + return admin_; +} +Stats::Scope& listenerScope() override{ + return listener_scope_; +} +Api::Api& api() override{ + return *api_; +} +TimeSource& timeSource() override{ + return time_system_; +} +OverloadManager& overloadManager() override{ + return overload_manager_; +} +ProtobufMessage::ValidationContext& messageValidationContext() override{ + return validation_context_; +} +ProtobufMessage::ValidationVisitor& messageValidationVisitor() override{ + return ProtobufMessage::getStrictValidationVisitor(); +} +Event::SimulatedTimeSystem& SimulatedTimeSystem(){ + return dynamic_cast(time_system_); +} +Event::TestTimeSystem& timeSystem() { return time_system_; } +Grpc::Context& grpcContext() override { return grpc_context_; } +Http::Context& httpContext() override { return http_context_; } +~FakeFactoryContext() = default; + +// const testing::NiceMock server_factory_context_; +// testing::NiceMock access_log_manager_; +// testing::NiceMock cluster_manager_; +// testing::NiceMock dispatcher_; +Event::DispatcherPtr dispatcher_; +// testing::NiceMock drain_manager_; +// testing::NiceMock init_manager_; +// testing::NiceMock lifecycle_notifier_; +// testing::NiceMock local_info_; +// testing::NiceMock random_; +// testing::NiceMock runtime_loader_; +// testing::NiceMock scope_; +// testing::NiceMock thread_local_; +// Singleton::ManagerPtr singleton_manager_; +// testing::NiceMock admin_; +// Stats::IsolatedStoreImpl listener_scope_; +// Event::GlobalTimeSystem time_system_; +Event::SimulatedTimeSystem time_system_; +// testing::NiceMock validation_context_; +// testing::NiceMock overload_manager_; +// Grpc::ContextImpl grpc_context_; +// Http::ContextImpl http_context_; +// testing::NiceMock api_; +Api::ApiPtr api_; +}; + +}//namespace Server +}//namespace Configuration namespace Extensions { namespace NetworkFilters { @@ -33,30 +147,30 @@ class UberFilterFuzzer { void filterSetup(const envoy::config::listener::v3::Filter& proto_config); private: - Server::Configuration::MockFactoryContext factory_context_; + Server::Configuration::FakeFactoryContext factory_context_; Network::ReadFilterSharedPtr read_filter_; Network::FilterFactoryCb cb_; Network::Address::InstanceConstSharedPtr addr_; - Upstream::MockClusterManager cluster_manager_; - Event::SimulatedTimeSystem time_source_; - Api::ApiPtr api_; - Event::DispatcherPtr dispatcher_; - Runtime::MockLoader runtime_; + // Upstream::MockClusterManager cluster_manager_; + Event::SimulatedTimeSystem& time_source_; + // Api::ApiPtr api_; + // Event::DispatcherPtr dispatcher_; + // Runtime::MockLoader runtime_; std::shared_ptr> read_filter_callbacks_; std::unique_ptr async_request_; std::unique_ptr async_client_; std::unique_ptr async_client_factory_; Tracing::MockSpan span_; // mock tcp upstream - std::vector>> - upstream_connection_data_{}; - std::vector>> upstream_hosts_{}; - std::vector>> upstream_connections_{}; - Network::Address::InstanceConstSharedPtr upstream_local_address_; - Network::Address::InstanceConstSharedPtr upstream_remote_address_; - std::vector conn_pool_callbacks_; - std::vector>> conn_pool_handles_; - NiceMock conn_pool_; + // std::vector>> + // upstream_connection_data_{}; + // std::vector>> upstream_hosts_{}; + // std::vector>> upstream_connections_{}; + // Network::Address::InstanceConstSharedPtr upstream_local_address_; + // Network::Address::InstanceConstSharedPtr upstream_remote_address_; + // std::vector conn_pool_callbacks_; + // std::vector>> conn_pool_handles_; + // NiceMock conn_pool_; }; } // namespace NetworkFilters From 52d4aad6a790e0ef8f48c2691a9b529535e63453 Mon Sep 17 00:00:00 2001 From: jianwen Date: Mon, 13 Jul 2020 13:33:54 -0500 Subject: [PATCH 15/76] replace raw string names with names from factory Signed-off-by: jianwen --- .../filters/network/common/fuzz/BUILD | 1 + ...h-132f97b1781cbab3ed550ee08a64043d2bec31b1 | 11 --- ...h-eeed3185f9fdea73e2e4282e03ccb887bd5a72a3 | 16 ---- .../network/common/fuzz/uber_filter.cc | 84 ++++++++++--------- .../filters/network/common/fuzz/uber_filter.h | 25 ++---- 5 files changed, 52 insertions(+), 85 deletions(-) delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-132f97b1781cbab3ed550ee08a64043d2bec31b1 delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-eeed3185f9fdea73e2e4282e03ccb887bd5a72a3 diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index cf5461a2ca541..866983938fb56 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -44,6 +44,7 @@ envoy_cc_test_library( "//test/mocks/buffer:buffer_mocks", "//test/mocks/network:network_mocks", "//test/mocks/server:server_mocks", + "@envoy_api//envoy/extensions/filters/network/direct_response/v3:pkg_cc_proto", ], ) diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-132f97b1781cbab3ed550ee08a64043d2bec31b1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-132f97b1781cbab3ed550ee08a64043d2bec31b1 deleted file mode 100644 index 5c3b5c1c81a79..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-132f97b1781cbab3ed550ee08a64043d2bec31b1 +++ /dev/null @@ -1,11 +0,0 @@ -config { - name: "envoy.filters.network.sni_cluster" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } -} -actions { - advance_time { - milliseconds: 16777216 - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-eeed3185f9fdea73e2e4282e03ccb887bd5a72a3 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-eeed3185f9fdea73e2e4282e03ccb887bd5a72a3 deleted file mode 100644 index 00b1d061fd07b..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-eeed3185f9fdea73e2e4282e03ccb887bd5a72a3 +++ /dev/null @@ -1,16 +0,0 @@ -config { - name: "envoy.filters.network.direct_response" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.direct_response.v3.Config" - value: "\n\032\n\030*\014\n\002\020\001\"\006\020\001\"\002\030\0012\003\032\001\':\003\032\001\'" - } -} -actions { - advance_time { - milliseconds: 2147483648 - } -} -actions { - on_new_connection { - } -} diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index 2bf9d56718ca4..ab551c1d03ec5 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -5,9 +5,12 @@ #include "common/network/utility.h" #include "common/protobuf/utility.h" +#include "envoy/extensions/filters/network/direct_response/v3/config.pb.h" #include "extensions/filters/network/well_known_names.h" +#include "extensions/filters/network/common/utility.h" #include "test/extensions/filters/common/ext_authz/test_common.h" + #include "test/test_common/utility.h" namespace Envoy { @@ -20,15 +23,16 @@ std::vector UberFilterFuzzer::filterNames() { static ::std::vector filter_names_; if (filter_names_.empty()) { filter_names_ = { - "envoy.filters.network.ext_authz", - "envoy.filters.network.local_ratelimit", - "envoy.filters.network.redis_proxy", - "envoy.filters.network.client_ssl_auth", - "envoy.filters.network.echo", - // "envoy.filters.network.tcp_proxy" - "envoy.filters.network.direct_response", - // "envoy.filters.network.sni_dynamic_forward_proxy", - "envoy.filters.network.sni_cluster" + NetworkFilterNames::get().ExtAuthorization, + NetworkFilterNames::get().LocalRateLimit, + NetworkFilterNames::get().RedisProxy, + NetworkFilterNames::get().ClientSslAuth, + NetworkFilterNames::get().Echo, + // NetworkFilterNames::get().TcpProxy, + NetworkFilterNames::get().DirectResponse, + // NetworkFilterNames::get().SniDynamicForwardProxy, + NetworkFilterNames::get().DubboProxy, + NetworkFilterNames::get().SniCluster }; } return filter_names_; @@ -41,16 +45,6 @@ void UberFilterFuzzer::reset(const std::string) { read_filter_callbacks_->connection_.callbacks_.clear(); read_filter_callbacks_->connection_.bytes_sent_callbacks_.clear(); read_filter_callbacks_->connection_.state_ = Network::Connection::State::Open; - - // read_filter_callbacks_ = std::make_shared>(); - // ON_CALL(read_filter_callbacks_->connection_, addReadFilter(_)) - // .WillByDefault(Invoke([&](Network::ReadFilterSharedPtr read_filter) -> void { - // read_filter_ = read_filter; - // read_filter_->initializeReadFilterCallbacks(*read_filter_callbacks_); - // })); - // // Prepare sni for sni_cluster filter - // ON_CALL(read_filter_callbacks_->connection_, requestedServerName()) - // .WillByDefault(testing::Return("filter_state_cluster")); } void UberFilterFuzzer::perFilterSetup(const std::string filter_name) { std::cout << "setup for filter:" << filter_name << std::endl; @@ -83,7 +77,9 @@ void UberFilterFuzzer::perFilterSetup(const std::string filter_name) { ON_CALL(factory_context_.cluster_manager_.async_client_manager_, factoryForGrpcService(_, _, _)) .WillByDefault(Invoke([&](const envoy::config::core::v3::GrpcService&, Stats::Scope&, - bool) { return std::move(async_client_factory_); })); + bool) { + return std::move(async_client_factory_); + })); } } void UberFilterFuzzer::fuzzerSetup() { @@ -110,27 +106,24 @@ void UberFilterFuzzer::fuzzerSetup() { .WillByDefault(testing::ReturnRef(addr_)); async_request_ = std::make_unique(); - // time_source_ = dynamic_cast(&factory_context_.timeSource()); - // time_source_=factory_context_.timeSource(); - // api_ = Api::createApiForTest(time_source_); - // dispatcher_ = api_->allocateDispatcher("test_thread"); - // ON_CALL(factory_context_, dispatcher()).WillByDefault(testing::ReturnRef(*dispatcher_)); - // ON_CALL(factory_context_, timeSource()).WillByDefault(testing::ReturnRef(time_source_)); - // Prepare general expectations for all the filters. - // ON_CALL(factory_context_, clusterManager()).WillByDefault(testing::ReturnRef(cluster_manager_)); } -void UberFilterFuzzer::filterSetup(const envoy::config::listener::v3::Filter& proto_config) { - const std::string& filter_name = proto_config.name(); - ENVOY_LOG_MISC(info, "filter name {}", filter_name); - auto& factory = Config::Utility::getAndCheckFactoryByName< - Server::Configuration::NamedNetworkFilterConfigFactory>(filter_name); - ProtobufTypes::MessagePtr message = Config::Utility::translateToFactoryConfig( - proto_config, factory_context_.messageValidationVisitor(), factory); - ENVOY_LOG_MISC(info, "Config content: {}", message->DebugString()); - cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); +UberFilterFuzzer::UberFilterFuzzer() :factory_context_{},time_source_(factory_context_.SimulatedTimeSystem()){ + fuzzerSetup(); +} +bool UberFilterFuzzer::containsSystemCall(absl::string_view filter_name, Protobuf::Message* config_message){ + const std::string name = Extensions::NetworkFilters::Common::FilterNameUtil::canonicalFilterName( + std::string(filter_name)); + if(filter_name == NetworkFilterNames::get().DirectResponse){ + envoy::extensions::filters::network::direct_response::v3::Config& config = + dynamic_cast(*config_message); + if(config.response().specifier_case()==envoy::config::core::v3::DataSource::SpecifierCase::kFilename){ + ENVOY_LOG_MISC(info, "direct_response filter trying to open a file: {}", config.DebugString()); + return true; + } + } + return false; } -UberFilterFuzzer::UberFilterFuzzer() :factory_context_{},time_source_(factory_context_.SimulatedTimeSystem()){ fuzzerSetup(); } void UberFilterFuzzer::fuzz( const envoy::config::listener::v3::Filter& proto_config, @@ -138,7 +131,20 @@ void UberFilterFuzzer::fuzz( try { // Try to create the filter callback(cb_). Exit early if the config is invalid or violates PGV // constraints. - filterSetup(proto_config); + const std::string& filter_name = proto_config.name(); + ENVOY_LOG_MISC(info, "filter name {}", filter_name); + auto& factory = Config::Utility::getAndCheckFactoryByName< + Server::Configuration::NamedNetworkFilterConfigFactory>(filter_name); + ProtobufTypes::MessagePtr message = Config::Utility::translateToFactoryConfig( + proto_config, factory_context_.messageValidationVisitor(), factory); + if(containsSystemCall(filter_name, message.get())){ + // Make sure no invalid system calls are executed in fuzzer. + return; + } + ENVOY_LOG_MISC(info, "Config content: {}", message->DebugString()); + cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); + + // filterSetup(proto_config); perFilterSetup(proto_config.name()); // Add filter to connection_ cb_(read_filter_callbacks_->connection_); diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index 513ecd90b5bc3..5c3bb81b824ba 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -136,41 +136,28 @@ class UberFilterFuzzer { const Protobuf::RepeatedPtrField<::test::extensions::filters::network::Action>& actions); // Get the name of filters which has been covered by this fuzzer. static std::vector filterNames(); - // Avoid issues in destructors. - void reset(const std::string filter_name); - void perFilterSetup(const std::string filter_name); + + bool containsSystemCall(absl::string_view filter_name, Protobuf::Message* config_message); protected: // Set-up filter specific mock expectations in constructor. void fuzzerSetup(); - // Set-up mock expectations each timer when a filter is fuzzed. - void filterSetup(const envoy::config::listener::v3::Filter& proto_config); + // Avoid issues in destructors. + void reset(const std::string filter_name); + void perFilterSetup(const std::string filter_name); private: Server::Configuration::FakeFactoryContext factory_context_; Network::ReadFilterSharedPtr read_filter_; Network::FilterFactoryCb cb_; Network::Address::InstanceConstSharedPtr addr_; - // Upstream::MockClusterManager cluster_manager_; Event::SimulatedTimeSystem& time_source_; - // Api::ApiPtr api_; - // Event::DispatcherPtr dispatcher_; - // Runtime::MockLoader runtime_; std::shared_ptr> read_filter_callbacks_; std::unique_ptr async_request_; std::unique_ptr async_client_; std::unique_ptr async_client_factory_; Tracing::MockSpan span_; - // mock tcp upstream - // std::vector>> - // upstream_connection_data_{}; - // std::vector>> upstream_hosts_{}; - // std::vector>> upstream_connections_{}; - // Network::Address::InstanceConstSharedPtr upstream_local_address_; - // Network::Address::InstanceConstSharedPtr upstream_remote_address_; - // std::vector conn_pool_callbacks_; - // std::vector>> conn_pool_handles_; - // NiceMock conn_pool_; + }; } // namespace NetworkFilters From 9dd4b9f1609f828b374e3ce8dd28529d92fcd5cd Mon Sep 17 00:00:00 2001 From: jianwen Date: Mon, 13 Jul 2020 13:36:01 -0500 Subject: [PATCH 16/76] added test cases for direct response and sni_cluster Signed-off-by: jianwen --- .../direct_response_open_file | 16 ++++++++++++++++ .../fuzz/network_filter_corpus/sni_cluster_2 | 11 +++++++++++ 2 files changed, 27 insertions(+) create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_open_file create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_2 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_open_file b/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_open_file new file mode 100644 index 0000000000000..00b1d061fd07b --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_open_file @@ -0,0 +1,16 @@ +config { + name: "envoy.filters.network.direct_response" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.direct_response.v3.Config" + value: "\n\032\n\030*\014\n\002\020\001\"\006\020\001\"\002\030\0012\003\032\001\':\003\032\001\'" + } +} +actions { + advance_time { + milliseconds: 2147483648 + } +} +actions { + on_new_connection { + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_2 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_2 new file mode 100644 index 0000000000000..5c3b5c1c81a79 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_2 @@ -0,0 +1,11 @@ +config { + name: "envoy.filters.network.sni_cluster" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } +} +actions { + advance_time { + milliseconds: 16777216 + } +} From c7a93d4281d39cd9212f0634d09acb18b5f72bd4 Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 14 Jul 2020 13:26:38 -0500 Subject: [PATCH 17/76] cleaned the code Signed-off-by: jianwen --- .../filters/network/common/fuzz/BUILD | 1 + .../local_ratelimit_time_overflow | 44 ++++ .../network/common/fuzz/uber_filter.cc | 82 ++++---- .../filters/network/common/fuzz/uber_filter.h | 193 +++++++----------- 4 files changed, 165 insertions(+), 155 deletions(-) create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_time_overflow diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index 866983938fb56..51a3c2e4e01a4 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -45,6 +45,7 @@ envoy_cc_test_library( "//test/mocks/network:network_mocks", "//test/mocks/server:server_mocks", "@envoy_api//envoy/extensions/filters/network/direct_response/v3:pkg_cc_proto", + "@envoy_api//envoy/extensions/filters/network/local_ratelimit/v3:pkg_cc_proto", ], ) diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_time_overflow b/test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_time_overflow new file mode 100644 index 0000000000000..a450f763024bd --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_time_overflow @@ -0,0 +1,44 @@ +config { + name: "envoy.filters.network.local_ratelimit" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit" + value: "\nVtype.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit\022\017\010\001\032\013\010\200\336\200\200\240\007\020\200\306!" + } +} +actions { + advance_time { + milliseconds: 12035000 + } +} +actions { + on_data { + data: "\000\013" + } +} +actions { + on_data { + data: "\000\000" + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 12035000 + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 53 + } +} +actions { + on_new_connection { + } +} diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index ab551c1d03ec5..014a2e57d7721 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -1,16 +1,17 @@ #include "test/extensions/filters/network/common/fuzz/uber_filter.h" +#include "envoy/extensions/filters/network/direct_response/v3/config.pb.h" +#include "envoy/extensions/filters/network/local_ratelimit/v3/local_rate_limit.pb.h" + #include "common/config/utility.h" #include "common/config/version_converter.h" #include "common/network/utility.h" #include "common/protobuf/utility.h" -#include "envoy/extensions/filters/network/direct_response/v3/config.pb.h" -#include "extensions/filters/network/well_known_names.h" #include "extensions/filters/network/common/utility.h" +#include "extensions/filters/network/well_known_names.h" #include "test/extensions/filters/common/ext_authz/test_common.h" - #include "test/test_common/utility.h" namespace Envoy { @@ -22,24 +23,19 @@ std::vector UberFilterFuzzer::filterNames() { // Will extend to cover other network filters one by one. static ::std::vector filter_names_; if (filter_names_.empty()) { - filter_names_ = { - NetworkFilterNames::get().ExtAuthorization, - NetworkFilterNames::get().LocalRateLimit, - NetworkFilterNames::get().RedisProxy, - NetworkFilterNames::get().ClientSslAuth, - NetworkFilterNames::get().Echo, - // NetworkFilterNames::get().TcpProxy, - NetworkFilterNames::get().DirectResponse, - // NetworkFilterNames::get().SniDynamicForwardProxy, - NetworkFilterNames::get().DubboProxy, - NetworkFilterNames::get().SniCluster - }; + filter_names_ = {NetworkFilterNames::get().ExtAuthorization, + NetworkFilterNames::get().LocalRateLimit, NetworkFilterNames::get().RedisProxy, + NetworkFilterNames::get().ClientSslAuth, NetworkFilterNames::get().Echo, + NetworkFilterNames::get().DirectResponse, + // NetworkFilterNames::get().SniDynamicForwardProxy, + // NetworkFilterNames::get().TcpProxy, + NetworkFilterNames::get().DubboProxy, NetworkFilterNames::get().SniCluster}; } return filter_names_; } void UberFilterFuzzer::reset(const std::string) { - // Close the connection to make sure the filter' callback is set to nullptr. + // Close the connection to make sure the filter's callback is set to nullptr. read_filter_callbacks_->connection_.raiseEvent(Network::ConnectionEvent::LocalClose); // Clear the filter's raw poninter stored inside the connection_ and reset the connection_. read_filter_callbacks_->connection_.callbacks_.clear(); @@ -47,15 +43,11 @@ void UberFilterFuzzer::reset(const std::string) { read_filter_callbacks_->connection_.state_ = Network::Connection::State::Open; } void UberFilterFuzzer::perFilterSetup(const std::string filter_name) { - std::cout << "setup for filter:" << filter_name << std::endl; - // Set up response for ext_authz filter - if (filter_name == "envoy.filters.network.ext_authz") { - + if (filter_name == NetworkFilterNames::get().ExtAuthorization) { async_client_factory_ = std::make_unique(); async_client_ = std::make_unique(); - ON_CALL(*async_client_, sendRaw(_, _, _, _, _, _)) .WillByDefault(testing::WithArgs<3>(Invoke([&](Grpc::RawAsyncRequestCallbacks& callbacks) { @@ -67,6 +59,7 @@ void UberFilterFuzzer::perFilterSetup(const std::string filter_name) { auto check_response = Filters::Common::ExtAuthz::TestCommon::makeCheckResponse( Grpc::Status::WellKnownGrpcStatus::Ok, envoy::type::v3::OK, empty_body, expected_headers); + // Give response to the grpc_client by calling onSuccess() grpc_client_impl->onSuccess(std::move(check_response), span_); return async_request_.get(); }))); @@ -77,9 +70,7 @@ void UberFilterFuzzer::perFilterSetup(const std::string filter_name) { ON_CALL(factory_context_.cluster_manager_.async_client_manager_, factoryForGrpcService(_, _, _)) .WillByDefault(Invoke([&](const envoy::config::core::v3::GrpcService&, Stats::Scope&, - bool) { - return std::move(async_client_factory_); - })); + bool) { return std::move(async_client_factory_); })); } } void UberFilterFuzzer::fuzzerSetup() { @@ -95,10 +86,10 @@ void UberFilterFuzzer::fuzzerSetup() { })); // Prepare sni for sni_cluster filter and sni_dynamic_forward_proxy filter ON_CALL(read_filter_callbacks_->connection_, requestedServerName()) - .WillByDefault(testing::Return("filter_state_cluster")); + .WillByDefault(testing::Return("fake_cluster")); // Prepare time source for filters such as local_ratelimit filter factory_context_.prepareSimulatedSystemTime(); - + // Prepare address for filters such as ext_authz filter addr_ = std::make_shared("/test/test.sock"); ON_CALL(read_filter_callbacks_->connection_, remoteAddress()) .WillByDefault(testing::ReturnRef(addr_)); @@ -108,17 +99,31 @@ void UberFilterFuzzer::fuzzerSetup() { async_request_ = std::make_unique(); } -UberFilterFuzzer::UberFilterFuzzer() :factory_context_{},time_source_(factory_context_.SimulatedTimeSystem()){ - fuzzerSetup(); +UberFilterFuzzer::UberFilterFuzzer() : time_source_(factory_context_.SimulatedTimeSystem()) { + fuzzerSetup(); } -bool UberFilterFuzzer::containsSystemCall(absl::string_view filter_name, Protobuf::Message* config_message){ +bool UberFilterFuzzer::invalidInputForFuzzer(absl::string_view filter_name, + Protobuf::Message* config_message) { + // System calls such as reading files are prohibited in this fuzzer. Some input that crashes the + // mock/fake objects are also prohibited. const std::string name = Extensions::NetworkFilters::Common::FilterNameUtil::canonicalFilterName( - std::string(filter_name)); - if(filter_name == NetworkFilterNames::get().DirectResponse){ + std::string(filter_name)); + if (filter_name == NetworkFilterNames::get().DirectResponse) { envoy::extensions::filters::network::direct_response::v3::Config& config = - dynamic_cast(*config_message); - if(config.response().specifier_case()==envoy::config::core::v3::DataSource::SpecifierCase::kFilename){ - ENVOY_LOG_MISC(info, "direct_response filter trying to open a file: {}", config.DebugString()); + dynamic_cast( + *config_message); + if (config.response().specifier_case() == + envoy::config::core::v3::DataSource::SpecifierCase::kFilename) { + return true; + } + } else if (filter_name == NetworkFilterNames::get().LocalRateLimit) { + envoy::extensions::filters::network::local_ratelimit::v3::LocalRateLimit& config = + dynamic_cast( + *config_message); + if (config.token_bucket().fill_interval().seconds() > seconds_in_one_day_) { + // Too large fill_interval may cause "c++/v1/chrono" overflow when simulated_time_system_ is + // converting it to a smaller unit. Constraining fill_interval to no greater than one day is + // reasonable. return true; } } @@ -137,14 +142,12 @@ void UberFilterFuzzer::fuzz( Server::Configuration::NamedNetworkFilterConfigFactory>(filter_name); ProtobufTypes::MessagePtr message = Config::Utility::translateToFactoryConfig( proto_config, factory_context_.messageValidationVisitor(), factory); - if(containsSystemCall(filter_name, message.get())){ + if (invalidInputForFuzzer(filter_name, message.get())) { // Make sure no invalid system calls are executed in fuzzer. return; } - ENVOY_LOG_MISC(info, "Config content: {}", message->DebugString()); + ENVOY_LOG_MISC(info, "Config content after decoded: {}", message->DebugString()); cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); - - // filterSetup(proto_config); perFilterSetup(proto_config.name()); // Add filter to connection_ cb_(read_filter_callbacks_->connection_); @@ -153,9 +156,6 @@ void UberFilterFuzzer::fuzz( return; } - // if (actions.size() > 5) { - // PANIC("A case is found!"); - // } for (const auto& action : actions) { ENVOY_LOG_MISC(trace, "action {}", action.DebugString()); switch (action.action_selector_case()) { diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index 5c3bb81b824ba..20ee2bebd01ef 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -1,6 +1,7 @@ #include "envoy/network/filter.h" #include "common/protobuf/protobuf.h" +#include "common/singleton/manager_impl.h" #include "test/extensions/filters/common/ext_authz/mocks.h" #include "test/extensions/filters/network/common/fuzz/network_filter_fuzz.pb.validate.h" @@ -9,121 +10,85 @@ #include "test/mocks/network/mocks.h" #include "test/mocks/server/mocks.h" -#include "common/singleton/manager_impl.h" - namespace Envoy { -namespace Server{ -namespace Configuration{ -class FakeFactoryContext: public MockFactoryContext{ -public: -FakeFactoryContext() { - //instantizate - // api_ = Api::createApiForTest(time_system_); - // dispatcher_ = api_->allocateDispatcher("test_thread"); -} -// ServerFactoryContext& getServerFactoryContext() { -// return server_factory_context_; -// } -// TransportSocketFactoryContext& getTransportSocketFactoryContext() const{ -// return re -// } -void prepareSimulatedSystemTime(){ - api_ = Api::createApiForTest(time_system_); - dispatcher_ = api_->allocateDispatcher("test_thread"); -} -AccessLog::AccessLogManager& accessLogManager() override{ - return access_log_manager_; -} -Upstream::ClusterManager& clusterManager() override{ - return cluster_manager_; -} -Event::Dispatcher& dispatcher() override{ - return *dispatcher_; -} -const Network::DrainDecision& drainDecision() override{ - return drain_manager_; -} -Init::Manager& initManager() override{ - return init_manager_; -} -ServerLifecycleNotifier& lifecycleNotifier() override{ - return lifecycle_notifier_; -} -const LocalInfo::LocalInfo& localInfo() const override{ - return local_info_; -} -Envoy::Random::RandomGenerator& random() override{ - return random_; -} -Envoy::Runtime::Loader& runtime() override{ - return runtime_loader_; -} -Stats::Scope& scope() override{ - return scope_; -} -Singleton::Manager& singletonManager() override{ - return *singleton_manager_; -} -ThreadLocal::Instance& threadLocal() override{ - return thread_local_; -} -Server::Admin& admin() override{ - return admin_; -} -Stats::Scope& listenerScope() override{ - return listener_scope_; -} -Api::Api& api() override{ - return *api_; -} -TimeSource& timeSource() override{ - return time_system_; -} -OverloadManager& overloadManager() override{ - return overload_manager_; -} -ProtobufMessage::ValidationContext& messageValidationContext() override{ - return validation_context_; -} -ProtobufMessage::ValidationVisitor& messageValidationVisitor() override{ - return ProtobufMessage::getStrictValidationVisitor(); -} -Event::SimulatedTimeSystem& SimulatedTimeSystem(){ - return dynamic_cast(time_system_); -} -Event::TestTimeSystem& timeSystem() { return time_system_; } -Grpc::Context& grpcContext() override { return grpc_context_; } -Http::Context& httpContext() override { return http_context_; } -~FakeFactoryContext() = default; +namespace Server { +namespace Configuration { +class FakeFactoryContext : public MockFactoryContext { +public: + FakeFactoryContext() { + // instantizate + // api_ = Api::createApiForTest(time_system_); + // dispatcher_ = api_->allocateDispatcher("test_thread"); + } + // ServerFactoryContext& getServerFactoryContext() { + // return server_factory_context_; + // } + // TransportSocketFactoryContext& getTransportSocketFactoryContext() const{ + // return re + // } + void prepareSimulatedSystemTime() { + api_ = Api::createApiForTest(time_system_); + dispatcher_ = api_->allocateDispatcher("test_thread"); + } + AccessLog::AccessLogManager& accessLogManager() override { return access_log_manager_; } + Upstream::ClusterManager& clusterManager() override { return cluster_manager_; } + Event::Dispatcher& dispatcher() override { return *dispatcher_; } + const Network::DrainDecision& drainDecision() override { return drain_manager_; } + Init::Manager& initManager() override { return init_manager_; } + ServerLifecycleNotifier& lifecycleNotifier() override { return lifecycle_notifier_; } + const LocalInfo::LocalInfo& localInfo() const override { return local_info_; } + Envoy::Random::RandomGenerator& random() override { return random_; } + Envoy::Runtime::Loader& runtime() override { return runtime_loader_; } + Stats::Scope& scope() override { return scope_; } + Singleton::Manager& singletonManager() override { return *singleton_manager_; } + ThreadLocal::Instance& threadLocal() override { return thread_local_; } + Server::Admin& admin() override { return admin_; } + Stats::Scope& listenerScope() override { return listener_scope_; } + Api::Api& api() override { return *api_; } + TimeSource& timeSource() override { return time_system_; } + OverloadManager& overloadManager() override { return overload_manager_; } + ProtobufMessage::ValidationContext& messageValidationContext() override { + return validation_context_; + } + ProtobufMessage::ValidationVisitor& messageValidationVisitor() override { + return ProtobufMessage::getStrictValidationVisitor(); + } + Event::SimulatedTimeSystem& SimulatedTimeSystem() { + return dynamic_cast(time_system_); + } + Event::TestTimeSystem& timeSystem() { return time_system_; } + Grpc::Context& grpcContext() override { return grpc_context_; } + Http::Context& httpContext() override { return http_context_; } + ~FakeFactoryContext() = default; -// const testing::NiceMock server_factory_context_; -// testing::NiceMock access_log_manager_; -// testing::NiceMock cluster_manager_; -// testing::NiceMock dispatcher_; -Event::DispatcherPtr dispatcher_; -// testing::NiceMock drain_manager_; -// testing::NiceMock init_manager_; -// testing::NiceMock lifecycle_notifier_; -// testing::NiceMock local_info_; -// testing::NiceMock random_; -// testing::NiceMock runtime_loader_; -// testing::NiceMock scope_; -// testing::NiceMock thread_local_; -// Singleton::ManagerPtr singleton_manager_; -// testing::NiceMock admin_; -// Stats::IsolatedStoreImpl listener_scope_; -// Event::GlobalTimeSystem time_system_; -Event::SimulatedTimeSystem time_system_; -// testing::NiceMock validation_context_; -// testing::NiceMock overload_manager_; -// Grpc::ContextImpl grpc_context_; -// Http::ContextImpl http_context_; -// testing::NiceMock api_; -Api::ApiPtr api_; + // const testing::NiceMock server_factory_context_; + // testing::NiceMock access_log_manager_; + // testing::NiceMock cluster_manager_; + // testing::NiceMock dispatcher_; + Event::DispatcherPtr dispatcher_; + // testing::NiceMock drain_manager_; + // testing::NiceMock init_manager_; + // testing::NiceMock lifecycle_notifier_; + // testing::NiceMock local_info_; + // testing::NiceMock random_; + // testing::NiceMock runtime_loader_; + // testing::NiceMock scope_; + // testing::NiceMock thread_local_; + // Singleton::ManagerPtr singleton_manager_; + // testing::NiceMock admin_; + // Stats::IsolatedStoreImpl listener_scope_; + // Event::GlobalTimeSystem time_system_; + Event::SimulatedTimeSystem time_system_; + // testing::NiceMock validation_context_; + // testing::NiceMock overload_manager_; + // Grpc::ContextImpl grpc_context_; + // Http::ContextImpl http_context_; + // testing::NiceMock api_; + Api::ApiPtr api_; }; -}//namespace Server -}//namespace Configuration +} // namespace Configuration +} // namespace Server namespace Extensions { namespace NetworkFilters { @@ -137,12 +102,12 @@ class UberFilterFuzzer { // Get the name of filters which has been covered by this fuzzer. static std::vector filterNames(); - bool containsSystemCall(absl::string_view filter_name, Protobuf::Message* config_message); + bool invalidInputForFuzzer(absl::string_view filter_name, Protobuf::Message* config_message); protected: // Set-up filter specific mock expectations in constructor. void fuzzerSetup(); - // Avoid issues in destructors. + // Avoid issues in destructors. void reset(const std::string filter_name); void perFilterSetup(const std::string filter_name); @@ -157,7 +122,7 @@ class UberFilterFuzzer { std::unique_ptr async_client_; std::unique_ptr async_client_factory_; Tracing::MockSpan span_; - + int seconds_in_one_day_ = 86400; }; } // namespace NetworkFilters From 355b89838ae4e6ad6b51c9933e96328edb257623 Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 14 Jul 2020 14:01:29 -0500 Subject: [PATCH 18/76] deleted some useless comments Signed-off-by: jianwen --- .../filters/network/common/fuzz/uber_filter.cc | 2 +- .../filters/network/common/fuzz/uber_filter.h | 12 +----------- 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index 014a2e57d7721..9f3ae31109b0b 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -37,7 +37,7 @@ std::vector UberFilterFuzzer::filterNames() { void UberFilterFuzzer::reset(const std::string) { // Close the connection to make sure the filter's callback is set to nullptr. read_filter_callbacks_->connection_.raiseEvent(Network::ConnectionEvent::LocalClose); - // Clear the filter's raw poninter stored inside the connection_ and reset the connection_. + // Clear the filter's raw pointer stored inside the connection_ and reset the connection_. read_filter_callbacks_->connection_.callbacks_.clear(); read_filter_callbacks_->connection_.bytes_sent_callbacks_.clear(); read_filter_callbacks_->connection_.state_ = Network::Connection::State::Open; diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index 20ee2bebd01ef..427b8674e73ca 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -15,17 +15,7 @@ namespace Server { namespace Configuration { class FakeFactoryContext : public MockFactoryContext { public: - FakeFactoryContext() { - // instantizate - // api_ = Api::createApiForTest(time_system_); - // dispatcher_ = api_->allocateDispatcher("test_thread"); - } - // ServerFactoryContext& getServerFactoryContext() { - // return server_factory_context_; - // } - // TransportSocketFactoryContext& getTransportSocketFactoryContext() const{ - // return re - // } + FakeFactoryContext() {} void prepareSimulatedSystemTime() { api_ = Api::createApiForTest(time_system_); dispatcher_ = api_->allocateDispatcher("test_thread"); From 66a63dbfff2d5a8874f5dfbc28221c2be38d0f66 Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 14 Jul 2020 16:18:10 -0500 Subject: [PATCH 19/76] removed filters with known issues from the fuzzer Signed-off-by: jianwen --- .../filters/network/common/fuzz/uber_filter.cc | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index 9f3ae31109b0b..2d0d1c827b41c 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -24,12 +24,13 @@ std::vector UberFilterFuzzer::filterNames() { static ::std::vector filter_names_; if (filter_names_.empty()) { filter_names_ = {NetworkFilterNames::get().ExtAuthorization, - NetworkFilterNames::get().LocalRateLimit, NetworkFilterNames::get().RedisProxy, - NetworkFilterNames::get().ClientSslAuth, NetworkFilterNames::get().Echo, + NetworkFilterNames::get().LocalRateLimit, + NetworkFilterNames::get().RedisProxy, + NetworkFilterNames::get().ClientSslAuth, + NetworkFilterNames::get().Echo, NetworkFilterNames::get().DirectResponse, - // NetworkFilterNames::get().SniDynamicForwardProxy, - // NetworkFilterNames::get().TcpProxy, - NetworkFilterNames::get().DubboProxy, NetworkFilterNames::get().SniCluster}; + NetworkFilterNames::get().DubboProxy, + NetworkFilterNames::get().SniCluster}; } return filter_names_; } From 96576752eb6974aa684d9cc647b34b205e8dd64b Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 14 Jul 2020 17:04:43 -0500 Subject: [PATCH 20/76] removed unnecessary corpus Signed-off-by: jianwen --- .../client_ssl_authz_1_copy | 44 ------------------- ...h-a54492d3dff68c09e6a8b22e558e3fe865b78895 | 40 ----------------- ...492d3dff68c09e6a8b22e558e3fe865b78895_copy | 40 ----------------- .../direct_response_1_copy | 32 -------------- .../network_filter_corpus/dubbo_proxy_1_copy | 39 ---------------- .../fuzz/network_filter_corpus/echo_1_copy | 34 -------------- .../network_filter_corpus/ext_authz_2_copy | 12 ----- .../local_ratelimit_1_copy | 39 ---------------- .../network_filter_corpus/redis_proxy_1_copy | 43 ------------------ .../network_filter_corpus/sni_cluster_1_copy | 35 --------------- .../sni_dynamic_forward_proxy_1_copy | 36 --------------- .../network_filter_corpus/tcp_proxy_1_copy | 34 -------------- .../common/fuzz/network_filter_fuzz_test.cc | 11 ++--- .../network/common/fuzz/uber_filter.cc | 10 +++-- .../filters/network/common/fuzz/uber_filter.h | 11 ++--- 15 files changed, 16 insertions(+), 444 deletions(-) delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1_copy delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895 delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895_copy delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1_copy delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1_copy delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1_copy delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2_copy delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_1_copy delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1_copy delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1_copy delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1_copy delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1_copy diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1_copy deleted file mode 100644 index 44f4dfaf34d18..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1_copy +++ /dev/null @@ -1,44 +0,0 @@ -config { - name: "envoy.filters.network.client_ssl_auth" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.client_ssl_auth.v3.ClientSSLAuth" - value: "\n%envoy.filters.network.client_ssl_auth\022\0011" - } -} -actions { - on_new_connection { - } -} -actions { - advance_time { - milliseconds: 4 - } -} -actions { - on_data { - data: "u\360" - } -} -actions { - on_data { - data: "u\360" - } -} -actions { - on_data { - data: "u\360" - } -} -actions { - advance_time { - milliseconds: 4 - } -} -actions { - on_new_connection { - } -} -actions { - on_new_connection { - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895 deleted file mode 100644 index 3a6b385654b01..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895 +++ /dev/null @@ -1,40 +0,0 @@ -config { - name: "envoy.filters.network.local_ratelimit" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit" - value: "\nVtype.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit\022\013\010\001\032\007\010\200^\020\200\306\001" - } -} -actions { - on_new_connection { - } -} -actions { - on_data { - data: "\000" - } -} -actions { - on_data { - data: "\000\000" - } -} -actions { - advance_time { - milliseconds: 12035000 - } -} -actions { - advance_time { - milliseconds: 12035000 - } -} -actions { - advance_time { - milliseconds: 268435456 - } -} -actions { - on_new_connection { - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895_copy deleted file mode 100644 index 3a6b385654b01..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895_copy +++ /dev/null @@ -1,40 +0,0 @@ -config { - name: "envoy.filters.network.local_ratelimit" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit" - value: "\nVtype.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit\022\013\010\001\032\007\010\200^\020\200\306\001" - } -} -actions { - on_new_connection { - } -} -actions { - on_data { - data: "\000" - } -} -actions { - on_data { - data: "\000\000" - } -} -actions { - advance_time { - milliseconds: 12035000 - } -} -actions { - advance_time { - milliseconds: 12035000 - } -} -actions { - advance_time { - milliseconds: 268435456 - } -} -actions { - on_new_connection { - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1_copy deleted file mode 100644 index 14e4b24d92bb2..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1_copy +++ /dev/null @@ -1,32 +0,0 @@ -config { - name: "envoy.filters.network.direct_response" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.direct_response.v3.Config" - } -} -actions { - on_data { - } -} -actions { - on_data { - data: "y" - } -} -actions { - on_data { - } -} -actions { - on_data { - } -} -actions { - on_data { - data: "\006" - } -} -actions { - on_data { - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1_copy deleted file mode 100644 index 13fc32667c5ec..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1_copy +++ /dev/null @@ -1,39 +0,0 @@ -config { - name: "envoy.filters.network.dubbo_proxy" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.dubbo_proxy.v3.DubboProxy" - value: "\n!envoy.filters.network.dubbo_proxy" - } -} -actions { - on_new_connection { - } -} -actions { - on_data { - data: "\000\013" - } -} -actions { - on_data { - data: "\000\013" - } -} -actions { - on_data { - data: "\000\013" - } -} -actions { - on_data { - data: "\000\013" - } -} -actions { - on_new_connection { - } -} -actions { - on_new_connection { - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1_copy deleted file mode 100644 index 5eb88e52693ba..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1_copy +++ /dev/null @@ -1,34 +0,0 @@ -config { - name: "envoy.filters.network.echo" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.echo.v3.Echo" - } -} -actions { - on_new_connection { - } -} -actions { - advance_time { - milliseconds: 2097152 - } -} -actions { - advance_time { - milliseconds: 4194304 - } -} -actions { - on_data { - } -} -actions { - advance_time { - milliseconds: 2097152 - } -} -actions { - advance_time { - milliseconds: 778793567 - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2_copy deleted file mode 100644 index 2587626b13169..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2_copy +++ /dev/null @@ -1,12 +0,0 @@ -config { - name: "envoy.filters.network.ext_authz" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.ext_authz.v3.ExtAuthz" - value: "\n\037envoy.filters.network.ext_authz\030\001(\001" - } -} -actions { - on_data { - data: ":" - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_1_copy deleted file mode 100644 index ab8d73afbd8f8..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_1_copy +++ /dev/null @@ -1,39 +0,0 @@ -config { - name: "envoy.filters.network.local_ratelimit" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit" - value: "\nVtype.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit\022\013\010\001\032\007\010\200^\020\200\306\001" - } -} -actions { - on_new_connection { - } -} -actions { - on_data { - data: "\000\000" - } -} -actions { - on_data { - data: "\000\000" - } -} -actions { - on_new_connection { - } -} -actions { - advance_time { - milliseconds: 12035000 - } -} -actions { - on_data { - data: "\000\000" - } -} -actions { - on_new_connection { - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1_copy deleted file mode 100644 index ea0f08e12ffb3..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1_copy +++ /dev/null @@ -1,43 +0,0 @@ -config { - name: "envoy.filters.network.redis_proxy" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.redis_proxy.v3.RedisProxy" - value: "\n\001N\032\032\n\005\020\200\200\200\030\030\001 \377\377\377\337\017*\005\020\200\200\200\0302\000@\001*\010\n\006\032\004\001\000\000\010" - } -} -actions { - advance_time { - milliseconds: 1862270976 - } -} -actions { - on_new_connection { - - } -} -actions { - advance_time { - milliseconds: 455213056 - } -} -actions { - on_new_connection { - } -} -actions { - on_data { - data: "0" - end_stream: true - } -} -actions { - on_data { - data: "0" - end_stream: true - } -} -actions { - advance_time { - milliseconds: 1862270976 - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1_copy deleted file mode 100644 index 9452cb8d6074a..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1_copy +++ /dev/null @@ -1,35 +0,0 @@ -config { - name: "envoy.filters.network.sni_cluster" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } -} -actions { - on_new_connection { - } -} -actions { - advance_time { - milliseconds: 268435456 - } -} -actions { - on_data { - data: "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" - } -} -actions { - on_data { - data: "IIIIIIIIIIIIIIIIIIII\000\000\000\000\000\000\000;IIIIIIIIIIIIIIIIIIIIIIIIIIIIII" - } -} -actions { - advance_time { - milliseconds: 16384 - } -} -actions { - advance_time { - milliseconds: 13 - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1_copy deleted file mode 100644 index 21ad6d880835a..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1_copy +++ /dev/null @@ -1,36 +0,0 @@ -config { - name: "envoy.filters.network.sni_dynamic_forward_proxy" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.sni_dynamic_forward_proxy.v3alpha.FilterConfig" - value: "\nP\nFenvoy.network.sni_dynamic_fo.filters.network.sni_dynamic_forward_proxy*\006\010\200\200\200\260\002" - } -} -actions { - on_new_connection { - } -} -actions { - advance_time { - milliseconds: 30976 - } -} -actions { - advance_time { - milliseconds: 262144 - } -} -actions { - on_data { - data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" - } -} -actions { - on_data { - data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" - } -} -actions { - on_data { - data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1_copy deleted file mode 100644 index 1c4cce16fa644..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1_copy +++ /dev/null @@ -1,34 +0,0 @@ -config { - name: "envoy.filters.network.tcp_proxy" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy" - value: "\n\002AZ\022\320\001\n\001Z\022y\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\032J(\n&\n\"envoy.config.core.v3.SocketAddress\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\022\000J(\n&\n\"envoy.config.core.v3.SocketAddress\022\000" - } -} -actions { - on_new_connection { - } -} -actions { - on_data { - data: "u\360" - } -} -actions { - on_new_connection { - } -} -actions { - on_new_connection { - } -} -actions { - on_data { - data: "u\360" - } -} -actions { - advance_time { - milliseconds: 12288 - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc index 2075fb44cafbc..6292840e1e11b 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc @@ -14,11 +14,9 @@ namespace NetworkFilters { DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase& input) { ABSL_ATTRIBUTE_UNUSED static PostProcessorRegistration reg = { [](test::extensions::filters::network::FilterFuzzTestCase* input, unsigned int seed) { - // This ensures that the mutated configs all have valid filter names and type_urls. The list - // of names and type_urls is pulled from the NamedNetworkFilterConfigFactory. All Envoy - // extensions are built with this test (see BUILD file). This post-processor mutation is - // applied only when libprotobuf-mutator calls mutate on an input, and *not* during fuzz - // target execution. Replaying a corpus through the fuzzer will not be affected by the + // This post-processor mutation is applied only when libprotobuf-mutator + // calls mutate on an input, and *not* during fuzz target execution. + // Replaying a corpus through the fuzzer will not be affected by the // post-processor mutation. // After extending to cover all the filters, we can use `Registry::FactoryRegistry< @@ -31,7 +29,6 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase if (std::find(filter_names.begin(), filter_names.end(), input->config().name()) == std::end(filter_names)) { absl::string_view filter_name = filter_names[seed % filter_names.size()]; - // filter_name = "envoy.filters.network.sni_dynamic_forward_proxy"; input->mutable_config()->set_name(std::string(filter_name)); } // Set the corresponding type_url for Any. @@ -43,7 +40,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase try { TestUtility::validate(input); - // Fuzz filter. + // Check the filter's name in case some filters are not supported yet. static const auto filter_names = UberFilterFuzzer::filterNames(); if (std::find(filter_names.begin(), filter_names.end(), input.config().name()) == std::end(filter_names)) { diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index 2d0d1c827b41c..5c1e5de79b65e 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -35,7 +35,9 @@ std::vector UberFilterFuzzer::filterNames() { return filter_names_; } -void UberFilterFuzzer::reset(const std::string) { +void UberFilterFuzzer::reset() { + // Reset some changes made by current filter on some mock objects + // Close the connection to make sure the filter's callback is set to nullptr. read_filter_callbacks_->connection_.raiseEvent(Network::ConnectionEvent::LocalClose); // Clear the filter's raw pointer stored inside the connection_ and reset the connection_. @@ -43,7 +45,7 @@ void UberFilterFuzzer::reset(const std::string) { read_filter_callbacks_->connection_.bytes_sent_callbacks_.clear(); read_filter_callbacks_->connection_.state_ = Network::Connection::State::Open; } -void UberFilterFuzzer::perFilterSetup(const std::string filter_name) { +void UberFilterFuzzer::perFilterSetup(const std::string& filter_name) { // Set up response for ext_authz filter if (filter_name == NetworkFilterNames::get().ExtAuthorization) { @@ -103,7 +105,7 @@ void UberFilterFuzzer::fuzzerSetup() { UberFilterFuzzer::UberFilterFuzzer() : time_source_(factory_context_.SimulatedTimeSystem()) { fuzzerSetup(); } -bool UberFilterFuzzer::invalidInputForFuzzer(absl::string_view filter_name, +bool UberFilterFuzzer::invalidInputForFuzzer(const std::string& filter_name, Protobuf::Message* config_message) { // System calls such as reading files are prohibited in this fuzzer. Some input that crashes the // mock/fake objects are also prohibited. @@ -185,7 +187,7 @@ void UberFilterFuzzer::fuzz( } } - reset(proto_config.name()); + reset(); } } // namespace NetworkFilters diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index 427b8674e73ca..cf9406506b1f3 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -91,15 +91,16 @@ class UberFilterFuzzer { const Protobuf::RepeatedPtrField<::test::extensions::filters::network::Action>& actions); // Get the name of filters which has been covered by this fuzzer. static std::vector filterNames(); - - bool invalidInputForFuzzer(absl::string_view filter_name, Protobuf::Message* config_message); + // Check whether the filter's config is invalid for fuzzer(e.g. system call) + bool invalidInputForFuzzer(const std::string& filter_name, Protobuf::Message* config_message); protected: // Set-up filter specific mock expectations in constructor. void fuzzerSetup(); - // Avoid issues in destructors. - void reset(const std::string filter_name); - void perFilterSetup(const std::string filter_name); + // Reset the states of the mock objects. + void reset(); + // Mock behaviors for specific filters. + void perFilterSetup(const std::string& filter_name); private: Server::Configuration::FakeFactoryContext factory_context_; From c9d7b0f50d9c4c910c17f5c916210b6bc21bc965 Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 14 Jul 2020 17:05:35 -0500 Subject: [PATCH 21/76] fix the style Signed-off-by: jianwen --- .../filters/network/common/fuzz/network_filter_fuzz_test.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc index 6292840e1e11b..89253eaa9101d 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc @@ -14,8 +14,8 @@ namespace NetworkFilters { DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase& input) { ABSL_ATTRIBUTE_UNUSED static PostProcessorRegistration reg = { [](test::extensions::filters::network::FilterFuzzTestCase* input, unsigned int seed) { - // This post-processor mutation is applied only when libprotobuf-mutator - // calls mutate on an input, and *not* during fuzz target execution. + // This post-processor mutation is applied only when libprotobuf-mutator + // calls mutate on an input, and *not* during fuzz target execution. // Replaying a corpus through the fuzzer will not be affected by the // post-processor mutation. From b6fd5d682f7cbf204729b2bf9b313c6ec0e7a8a5 Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 14 Jul 2020 17:32:01 -0500 Subject: [PATCH 22/76] removed unsupported test cases Signed-off-by: jianwen --- .../sni_dynamic_forward_proxy_1 | 36 ------------------- .../fuzz/network_filter_corpus/tcp_proxy_1 | 34 ------------------ 2 files changed, 70 deletions(-) delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1 delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1 deleted file mode 100644 index 21ad6d880835a..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1 +++ /dev/null @@ -1,36 +0,0 @@ -config { - name: "envoy.filters.network.sni_dynamic_forward_proxy" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.sni_dynamic_forward_proxy.v3alpha.FilterConfig" - value: "\nP\nFenvoy.network.sni_dynamic_fo.filters.network.sni_dynamic_forward_proxy*\006\010\200\200\200\260\002" - } -} -actions { - on_new_connection { - } -} -actions { - advance_time { - milliseconds: 30976 - } -} -actions { - advance_time { - milliseconds: 262144 - } -} -actions { - on_data { - data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" - } -} -actions { - on_data { - data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" - } -} -actions { - on_data { - data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1 deleted file mode 100644 index 1c4cce16fa644..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1 +++ /dev/null @@ -1,34 +0,0 @@ -config { - name: "envoy.filters.network.tcp_proxy" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy" - value: "\n\002AZ\022\320\001\n\001Z\022y\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\032J(\n&\n\"envoy.config.core.v3.SocketAddress\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\022\000J(\n&\n\"envoy.config.core.v3.SocketAddress\022\000" - } -} -actions { - on_new_connection { - } -} -actions { - on_data { - data: "u\360" - } -} -actions { - on_new_connection { - } -} -actions { - on_new_connection { - } -} -actions { - on_data { - data: "u\360" - } -} -actions { - advance_time { - milliseconds: 12288 - } -} From 713f2df34a9fb5279f5f0edce2555c070dccf911 Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 14 Jul 2020 17:42:52 -0500 Subject: [PATCH 23/76] removed unnecessary comments Signed-off-by: jianwen --- .../filters/network/common/fuzz/uber_filter.h | 21 ------------------- 1 file changed, 21 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index cf9406506b1f3..15cf78f9a51de 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -51,29 +51,8 @@ class FakeFactoryContext : public MockFactoryContext { Http::Context& httpContext() override { return http_context_; } ~FakeFactoryContext() = default; - // const testing::NiceMock server_factory_context_; - // testing::NiceMock access_log_manager_; - // testing::NiceMock cluster_manager_; - // testing::NiceMock dispatcher_; Event::DispatcherPtr dispatcher_; - // testing::NiceMock drain_manager_; - // testing::NiceMock init_manager_; - // testing::NiceMock lifecycle_notifier_; - // testing::NiceMock local_info_; - // testing::NiceMock random_; - // testing::NiceMock runtime_loader_; - // testing::NiceMock scope_; - // testing::NiceMock thread_local_; - // Singleton::ManagerPtr singleton_manager_; - // testing::NiceMock admin_; - // Stats::IsolatedStoreImpl listener_scope_; - // Event::GlobalTimeSystem time_system_; Event::SimulatedTimeSystem time_system_; - // testing::NiceMock validation_context_; - // testing::NiceMock overload_manager_; - // Grpc::ContextImpl grpc_context_; - // Http::ContextImpl http_context_; - // testing::NiceMock api_; Api::ApiPtr api_; }; From ccab863a8cce0833d4fc80370b594a365a9b856c Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 14 Jul 2020 18:13:29 -0500 Subject: [PATCH 24/76] removed the empty destructor of fakeFactoryContext Signed-off-by: jianwen --- test/extensions/filters/network/common/fuzz/uber_filter.h | 1 - 1 file changed, 1 deletion(-) diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index 15cf78f9a51de..ab67ca3af9d71 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -49,7 +49,6 @@ class FakeFactoryContext : public MockFactoryContext { Event::TestTimeSystem& timeSystem() { return time_system_; } Grpc::Context& grpcContext() override { return grpc_context_; } Http::Context& httpContext() override { return http_context_; } - ~FakeFactoryContext() = default; Event::DispatcherPtr dispatcher_; Event::SimulatedTimeSystem time_system_; From 95d62b8cca57ba868d54b744be2482ab3ff861ca Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 14 Jul 2020 23:40:18 -0500 Subject: [PATCH 25/76] fixed naming problems and removed the constructor of fake class Signed-off-by: jianwen --- test/extensions/filters/network/common/fuzz/uber_filter.cc | 2 +- test/extensions/filters/network/common/fuzz/uber_filter.h | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index 5c1e5de79b65e..bc318e4663bc3 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -102,7 +102,7 @@ void UberFilterFuzzer::fuzzerSetup() { async_request_ = std::make_unique(); } -UberFilterFuzzer::UberFilterFuzzer() : time_source_(factory_context_.SimulatedTimeSystem()) { +UberFilterFuzzer::UberFilterFuzzer() : time_source_(factory_context_.simulatedTimeSystem()) { fuzzerSetup(); } bool UberFilterFuzzer::invalidInputForFuzzer(const std::string& filter_name, diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index ab67ca3af9d71..8a04388f54298 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -15,7 +15,6 @@ namespace Server { namespace Configuration { class FakeFactoryContext : public MockFactoryContext { public: - FakeFactoryContext() {} void prepareSimulatedSystemTime() { api_ = Api::createApiForTest(time_system_); dispatcher_ = api_->allocateDispatcher("test_thread"); @@ -43,7 +42,7 @@ class FakeFactoryContext : public MockFactoryContext { ProtobufMessage::ValidationVisitor& messageValidationVisitor() override { return ProtobufMessage::getStrictValidationVisitor(); } - Event::SimulatedTimeSystem& SimulatedTimeSystem() { + Event::SimulatedTimeSystem& simulatedTimeSystem() { return dynamic_cast(time_system_); } Event::TestTimeSystem& timeSystem() { return time_system_; } From f89f3122d78c123e034aba0b29c1e36321ceb2a6 Mon Sep 17 00:00:00 2001 From: jianwen Date: Wed, 15 Jul 2020 13:10:23 -0500 Subject: [PATCH 26/76] start working on http_connection_manager and solved one potential use-after-free problem. Signed-off-by: jianwen --- .../client_ssl_authz_1_copy | 44 +++++++++++++++++++ ...492d3dff68c09e6a8b22e558e3fe865b78895_copy | 40 +++++++++++++++++ .../direct_response_1_copy | 32 ++++++++++++++ .../network_filter_corpus/dubbo_proxy_1_copy | 39 ++++++++++++++++ .../fuzz/network_filter_corpus/echo_1_copy | 34 ++++++++++++++ .../network_filter_corpus/ext_authz_2_copy | 12 +++++ .../http_connection_manager_1 | 7 +++ .../http_connection_manager_2 | 12 +++++ .../http_connection_manager_3 | 7 +++ .../http_connection_manager_4 | 12 +++++ .../http_connection_manager_5 | 12 +++++ .../local_ratelimit_1_copy | 39 ++++++++++++++++ .../network_filter_corpus/redis_proxy_1_copy | 43 ++++++++++++++++++ .../network_filter_corpus/sni_cluster_1_copy | 35 +++++++++++++++ .../sni_dynamic_forward_proxy_1 | 36 +++++++++++++++ .../sni_dynamic_forward_proxy_1_copy | 36 +++++++++++++++ .../fuzz/network_filter_corpus/tcp_proxy_1 | 34 ++++++++++++++ .../network_filter_corpus/tcp_proxy_1_copy | 34 ++++++++++++++ .../common/fuzz/network_filter_fuzz_test.cc | 1 + .../network/common/fuzz/uber_filter.cc | 40 ++++++++++++++--- .../filters/network/common/fuzz/uber_filter.h | 3 +- 21 files changed, 544 insertions(+), 8 deletions(-) create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1_copy create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895_copy create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1_copy create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1_copy create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1_copy create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2_copy create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_1 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_2 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_3 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_4 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_5 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_1_copy create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1_copy create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1_copy create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1_copy create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1_copy diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1_copy new file mode 100644 index 0000000000000..44f4dfaf34d18 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1_copy @@ -0,0 +1,44 @@ +config { + name: "envoy.filters.network.client_ssl_auth" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.client_ssl_auth.v3.ClientSSLAuth" + value: "\n%envoy.filters.network.client_ssl_auth\022\0011" + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 4 + } +} +actions { + on_data { + data: "u\360" + } +} +actions { + on_data { + data: "u\360" + } +} +actions { + on_data { + data: "u\360" + } +} +actions { + advance_time { + milliseconds: 4 + } +} +actions { + on_new_connection { + } +} +actions { + on_new_connection { + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895_copy new file mode 100644 index 0000000000000..3a6b385654b01 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895_copy @@ -0,0 +1,40 @@ +config { + name: "envoy.filters.network.local_ratelimit" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit" + value: "\nVtype.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit\022\013\010\001\032\007\010\200^\020\200\306\001" + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "\000" + } +} +actions { + on_data { + data: "\000\000" + } +} +actions { + advance_time { + milliseconds: 12035000 + } +} +actions { + advance_time { + milliseconds: 12035000 + } +} +actions { + advance_time { + milliseconds: 268435456 + } +} +actions { + on_new_connection { + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1_copy new file mode 100644 index 0000000000000..14e4b24d92bb2 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1_copy @@ -0,0 +1,32 @@ +config { + name: "envoy.filters.network.direct_response" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.direct_response.v3.Config" + } +} +actions { + on_data { + } +} +actions { + on_data { + data: "y" + } +} +actions { + on_data { + } +} +actions { + on_data { + } +} +actions { + on_data { + data: "\006" + } +} +actions { + on_data { + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1_copy new file mode 100644 index 0000000000000..13fc32667c5ec --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1_copy @@ -0,0 +1,39 @@ +config { + name: "envoy.filters.network.dubbo_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.dubbo_proxy.v3.DubboProxy" + value: "\n!envoy.filters.network.dubbo_proxy" + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "\000\013" + } +} +actions { + on_data { + data: "\000\013" + } +} +actions { + on_data { + data: "\000\013" + } +} +actions { + on_data { + data: "\000\013" + } +} +actions { + on_new_connection { + } +} +actions { + on_new_connection { + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1_copy new file mode 100644 index 0000000000000..5eb88e52693ba --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1_copy @@ -0,0 +1,34 @@ +config { + name: "envoy.filters.network.echo" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.echo.v3.Echo" + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 2097152 + } +} +actions { + advance_time { + milliseconds: 4194304 + } +} +actions { + on_data { + } +} +actions { + advance_time { + milliseconds: 2097152 + } +} +actions { + advance_time { + milliseconds: 778793567 + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2_copy new file mode 100644 index 0000000000000..2587626b13169 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2_copy @@ -0,0 +1,12 @@ +config { + name: "envoy.filters.network.ext_authz" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.ext_authz.v3.ExtAuthz" + value: "\n\037envoy.filters.network.ext_authz\030\001(\001" + } +} +actions { + on_data { + data: ":" + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_1 new file mode 100644 index 0000000000000..4573a43430555 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_1 @@ -0,0 +1,7 @@ +config { + name: "envoy.filters.network.http_connection_manager" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager" + value: "\022\002B\001\"\000J\004(\001J\000z\002\010\001\220\001\001" + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_2 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_2 new file mode 100644 index 0000000000000..552f13f9fb800 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_2 @@ -0,0 +1,12 @@ +config { + name: "envoy.filters.network.http_connection_manager" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager" + value: "\022-\361\255\205\257\363\265\215\251\360\276\223\261\364\212\242\212\361\256\204\235\362\274\244\223\360\247\252\220\361\266\265\204\361\266\200\256\360\270\202\223\361\200\200\254\005\"\004:\002\010\001r\000\362\001\002\010\001\210\002\001" + } +} +actions { + on_data { + data: "\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'" + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_3 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_3 new file mode 100644 index 0000000000000..8255592394145 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_3 @@ -0,0 +1,7 @@ +config { + name: "envoy.filters.network.http_connection_manager" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager" + value: "\010\001\022\002B\001\"\004:\002\010\001:\026\032\t\t\000\001\t\000\000\000\000\000*\t\t\000\000\000\000\010\000\000\000Retype.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager" + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_4 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_4 new file mode 100644 index 0000000000000..eda8aaf4378f4 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_4 @@ -0,0 +1,12 @@ +config { + name: "envoy.filters.network.http_connection_manager" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager" + value: "\022-\361\255\205\257\363\265\215\251\360\276\223\261\364\212\242\212\361\256\204\235\362\274\244\223\360\247\252\220\361\266\265\204\361\266\200\256\360\270\202\223\361\200\200\254\005\"\000r\000\212\001\010\n\002\010\001\030\001 \001\362\001\002\010\001\210\002\001" + } +} +actions { + on_data { + data: "\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'" + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_5 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_5 new file mode 100644 index 0000000000000..75b9e1497e520 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_5 @@ -0,0 +1,12 @@ +config { + name: "envoy.filters.network.http_connection_manager" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager" + value: "\010\002\022\001-\"5\n\001\000\032\001~\032\'envoy.type.matcher.v3.ListStringMatcherB\001-B\001~:\013\"\t\t\000\000\000\004\000\000\000\000B\002(\001\312\001\000\362\001\002\010\001" + } +} +actions { + advance_time { + milliseconds: 2151284736 + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_1_copy new file mode 100644 index 0000000000000..ab8d73afbd8f8 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_1_copy @@ -0,0 +1,39 @@ +config { + name: "envoy.filters.network.local_ratelimit" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit" + value: "\nVtype.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit\022\013\010\001\032\007\010\200^\020\200\306\001" + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "\000\000" + } +} +actions { + on_data { + data: "\000\000" + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 12035000 + } +} +actions { + on_data { + data: "\000\000" + } +} +actions { + on_new_connection { + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1_copy new file mode 100644 index 0000000000000..ea0f08e12ffb3 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1_copy @@ -0,0 +1,43 @@ +config { + name: "envoy.filters.network.redis_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.redis_proxy.v3.RedisProxy" + value: "\n\001N\032\032\n\005\020\200\200\200\030\030\001 \377\377\377\337\017*\005\020\200\200\200\0302\000@\001*\010\n\006\032\004\001\000\000\010" + } +} +actions { + advance_time { + milliseconds: 1862270976 + } +} +actions { + on_new_connection { + + } +} +actions { + advance_time { + milliseconds: 455213056 + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "0" + end_stream: true + } +} +actions { + on_data { + data: "0" + end_stream: true + } +} +actions { + advance_time { + milliseconds: 1862270976 + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1_copy new file mode 100644 index 0000000000000..9452cb8d6074a --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1_copy @@ -0,0 +1,35 @@ +config { + name: "envoy.filters.network.sni_cluster" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 268435456 + } +} +actions { + on_data { + data: "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" + } +} +actions { + on_data { + data: "IIIIIIIIIIIIIIIIIIII\000\000\000\000\000\000\000;IIIIIIIIIIIIIIIIIIIIIIIIIIIIII" + } +} +actions { + advance_time { + milliseconds: 16384 + } +} +actions { + advance_time { + milliseconds: 13 + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1 new file mode 100644 index 0000000000000..21ad6d880835a --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1 @@ -0,0 +1,36 @@ +config { + name: "envoy.filters.network.sni_dynamic_forward_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.sni_dynamic_forward_proxy.v3alpha.FilterConfig" + value: "\nP\nFenvoy.network.sni_dynamic_fo.filters.network.sni_dynamic_forward_proxy*\006\010\200\200\200\260\002" + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 30976 + } +} +actions { + advance_time { + milliseconds: 262144 + } +} +actions { + on_data { + data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" + } +} +actions { + on_data { + data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" + } +} +actions { + on_data { + data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1_copy new file mode 100644 index 0000000000000..21ad6d880835a --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1_copy @@ -0,0 +1,36 @@ +config { + name: "envoy.filters.network.sni_dynamic_forward_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.sni_dynamic_forward_proxy.v3alpha.FilterConfig" + value: "\nP\nFenvoy.network.sni_dynamic_fo.filters.network.sni_dynamic_forward_proxy*\006\010\200\200\200\260\002" + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 30976 + } +} +actions { + advance_time { + milliseconds: 262144 + } +} +actions { + on_data { + data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" + } +} +actions { + on_data { + data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" + } +} +actions { + on_data { + data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1 new file mode 100644 index 0000000000000..1c4cce16fa644 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1 @@ -0,0 +1,34 @@ +config { + name: "envoy.filters.network.tcp_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy" + value: "\n\002AZ\022\320\001\n\001Z\022y\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\032J(\n&\n\"envoy.config.core.v3.SocketAddress\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\022\000J(\n&\n\"envoy.config.core.v3.SocketAddress\022\000" + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "u\360" + } +} +actions { + on_new_connection { + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "u\360" + } +} +actions { + advance_time { + milliseconds: 12288 + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1_copy new file mode 100644 index 0000000000000..1c4cce16fa644 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1_copy @@ -0,0 +1,34 @@ +config { + name: "envoy.filters.network.tcp_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy" + value: "\n\002AZ\022\320\001\n\001Z\022y\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\032J(\n&\n\"envoy.config.core.v3.SocketAddress\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\022\000J(\n&\n\"envoy.config.core.v3.SocketAddress\022\000" + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "u\360" + } +} +actions { + on_new_connection { + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "u\360" + } +} +actions { + advance_time { + milliseconds: 12288 + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc index 89253eaa9101d..5edeea8dfc7a4 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc @@ -29,6 +29,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase if (std::find(filter_names.begin(), filter_names.end(), input->config().name()) == std::end(filter_names)) { absl::string_view filter_name = filter_names[seed % filter_names.size()]; + filter_name = NetworkFilterNames::get().HttpConnectionManager; input->mutable_config()->set_name(std::string(filter_name)); } // Set the corresponding type_url for Any. diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index bc318e4663bc3..d4a9ed43aa05c 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -30,7 +30,8 @@ std::vector UberFilterFuzzer::filterNames() { NetworkFilterNames::get().Echo, NetworkFilterNames::get().DirectResponse, NetworkFilterNames::get().DubboProxy, - NetworkFilterNames::get().SniCluster}; + NetworkFilterNames::get().SniCluster, + NetworkFilterNames::get().HttpConnectionManager}; } return filter_names_; } @@ -44,8 +45,13 @@ void UberFilterFuzzer::reset() { read_filter_callbacks_->connection_.callbacks_.clear(); read_filter_callbacks_->connection_.bytes_sent_callbacks_.clear(); read_filter_callbacks_->connection_.state_ = Network::Connection::State::Open; + // Clear the pointers inside the mock_dispatcher + Event::MockDispatcher& mock_dispatcher = dynamic_cast(read_filter_callbacks_->connection_.dispatcher_); + mock_dispatcher.to_delete_.clear(); + } void UberFilterFuzzer::perFilterSetup(const std::string& filter_name) { + std::cout<<"setup for"<connection_.local_address_ = + std::make_shared("/test/test.sock"); + read_filter_callbacks_->connection_.remote_address_ = + std::make_shared("/test/test.sock"); + } + else if(filter_name == NetworkFilterNames::get().HttpConnectionManager){ + // ON_CALL(read_filter_callbacks_->connection_, ssl()).WillByDefault(testing::Return(ssl_connection_)); + // ON_CALL(Const(read_filter_callbacks_->connection_), ssl()).WillByDefault(testing::Return(ssl_connection_)); + // ON_CALL(read_filter_callbacks_.connection_, close(_)) + // .WillByDefault(InvokeWithoutArgs([&connection_alive] { connection_alive = false; })); + + read_filter_callbacks_->connection_.local_address_ = + std::make_shared("127.0.0.1"); + read_filter_callbacks_->connection_.remote_address_ = + std::make_shared("0.0.0.0"); } } void UberFilterFuzzer::fuzzerSetup() { @@ -84,6 +105,7 @@ void UberFilterFuzzer::fuzzerSetup() { read_filter_callbacks_ = std::make_shared>(); ON_CALL(read_filter_callbacks_->connection_, addReadFilter(_)) .WillByDefault(Invoke([&](Network::ReadFilterSharedPtr read_filter) -> void { + std::cout<<"add filter"<initializeReadFilterCallbacks(*read_filter_callbacks_); })); @@ -93,13 +115,15 @@ void UberFilterFuzzer::fuzzerSetup() { // Prepare time source for filters such as local_ratelimit filter factory_context_.prepareSimulatedSystemTime(); // Prepare address for filters such as ext_authz filter - addr_ = std::make_shared("/test/test.sock"); - ON_CALL(read_filter_callbacks_->connection_, remoteAddress()) - .WillByDefault(testing::ReturnRef(addr_)); - ON_CALL(read_filter_callbacks_->connection_, localAddress()) - .WillByDefault(testing::ReturnRef(addr_)); + // addr_ = std::make_shared("/test/test.sock"); + // ON_CALL(read_filter_callbacks_->connection_, remoteAddress()) + // .WillByDefault(testing::ReturnRef(addr_)); + // ON_CALL(read_filter_callbacks_->connection_, localAddress()) + // .WillByDefault(testing::ReturnRef(addr_)); async_request_ = std::make_unique(); + // Prepare protocol for http_connection_manager + read_filter_callbacks_->connection_.stream_info_.protocol_ = Http::Protocol::Http2; } UberFilterFuzzer::UberFilterFuzzer() : time_source_(factory_context_.simulatedTimeSystem()) { @@ -158,7 +182,9 @@ void UberFilterFuzzer::fuzz( ENVOY_LOG_MISC(debug, "Controlled exception in filter setup{}", e.what()); return; } - +// if (actions.size() > 5) { +// PANIC("A case is found!"); +// } for (const auto& action : actions) { ENVOY_LOG_MISC(trace, "action {}", action.DebugString()); switch (action.action_selector_case()) { diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index 8a04388f54298..140e967d025d5 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -83,13 +83,14 @@ class UberFilterFuzzer { Server::Configuration::FakeFactoryContext factory_context_; Network::ReadFilterSharedPtr read_filter_; Network::FilterFactoryCb cb_; - Network::Address::InstanceConstSharedPtr addr_; + // Network::Address::InstanceConstSharedPtr addr_; Event::SimulatedTimeSystem& time_source_; std::shared_ptr> read_filter_callbacks_; std::unique_ptr async_request_; std::unique_ptr async_client_; std::unique_ptr async_client_factory_; Tracing::MockSpan span_; + std::shared_ptr ssl_connection_ = std::make_shared(); int seconds_in_one_day_ = 86400; }; From ad4fa214c35578e0c328cd5e4459679a022c7bb1 Mon Sep 17 00:00:00 2001 From: jianwen Date: Wed, 15 Jul 2020 13:19:11 -0500 Subject: [PATCH 27/76] fixed style problems Signed-off-by: jianwen --- source/extensions/all_extensions.bzl | 15 ++++++++------- test/extensions/filters/network/common/fuzz/BUILD | 1 - .../network/common/fuzz/network_filter_fuzz.proto | 1 - .../common/fuzz/network_filter_fuzz_test.cc | 2 +- .../filters/network/common/fuzz/uber_filter.cc | 14 +++++++------- .../filters/network/common/fuzz/uber_filter.h | 2 +- 6 files changed, 17 insertions(+), 18 deletions(-) diff --git a/source/extensions/all_extensions.bzl b/source/extensions/all_extensions.bzl index 23e36d7a525b7..5254daf61ce13 100644 --- a/source/extensions/all_extensions.bzl +++ b/source/extensions/all_extensions.bzl @@ -15,13 +15,6 @@ def envoy_all_extensions(denylist = []): # These extensions can be removed on a site specific basis. return [v for k, v in all_extensions.items() if not k in denylist] -_network_filter_prefix = "envoy.filters.network" - -def envoy_all_network_filters(): - all_extensions = dicts.add(_required_extensions, EXTENSIONS) - - return [v for k, v in all_extensions.items() if k.startswith(_network_filter_prefix)] - # Core extensions needed to run Envoy's integration tests. _core_extensions = [ "envoy.access_loggers.file", @@ -45,3 +38,11 @@ def envoy_all_http_filters(): all_extensions = dicts.add(_required_extensions, EXTENSIONS) return [v for k, v in all_extensions.items() if k.startswith(_http_filter_prefix)] + +_network_filter_prefix = "envoy.filters.network" + +# Return all network-layer filter extensions to be compiled into network-layer filter generic fuzzer +def envoy_all_network_filters(): + all_extensions = dicts.add(_required_extensions, EXTENSIONS) + + return [v for k, v in all_extensions.items() if k.startswith(_network_filter_prefix)] diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index 51a3c2e4e01a4..e8554320a49a0 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -7,7 +7,6 @@ load( ) load( "//source/extensions:all_extensions.bzl", - # "envoy_all_extensions", "envoy_all_network_filters", ) diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto b/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto index 90657d787724f..48f85a292ee16 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto @@ -4,7 +4,6 @@ package test.extensions.filters.network; import "google/protobuf/empty.proto"; import "validate/validate.proto"; import "test/fuzz/common.proto"; -// import "envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto"; import "envoy/config/listener/v3/listener_components.proto"; message OnData { diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc index 89253eaa9101d..fadf6d0c7c29b 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc @@ -21,7 +21,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase // After extending to cover all the filters, we can use `Registry::FactoryRegistry< // Server::Configuration::NamedNetworkFilterConfigFactory>::registeredNames()` - // to get all the filter names instead of calling `UberFilterFuzzer::filter_names()` + // to get all the filter names instead of calling `UberFilterFuzzer::filter_names()`. static const auto filter_names = UberFilterFuzzer::filterNames(); static const auto factories = Registry::FactoryRegistry< Server::Configuration::NamedNetworkFilterConfigFactory>::factories(); diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index bc318e4663bc3..aa08f15c132eb 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -36,7 +36,7 @@ std::vector UberFilterFuzzer::filterNames() { } void UberFilterFuzzer::reset() { - // Reset some changes made by current filter on some mock objects + // Reset some changes made by current filter on some mock objects. // Close the connection to make sure the filter's callback is set to nullptr. read_filter_callbacks_->connection_.raiseEvent(Network::ConnectionEvent::LocalClose); @@ -62,7 +62,7 @@ void UberFilterFuzzer::perFilterSetup(const std::string& filter_name) { auto check_response = Filters::Common::ExtAuthz::TestCommon::makeCheckResponse( Grpc::Status::WellKnownGrpcStatus::Ok, envoy::type::v3::OK, empty_body, expected_headers); - // Give response to the grpc_client by calling onSuccess() + // Give response to the grpc_client by calling onSuccess(). grpc_client_impl->onSuccess(std::move(check_response), span_); return async_request_.get(); }))); @@ -87,12 +87,12 @@ void UberFilterFuzzer::fuzzerSetup() { read_filter_ = read_filter; read_filter_->initializeReadFilterCallbacks(*read_filter_callbacks_); })); - // Prepare sni for sni_cluster filter and sni_dynamic_forward_proxy filter + // Prepare sni for sni_cluster filter and sni_dynamic_forward_proxy filter. ON_CALL(read_filter_callbacks_->connection_, requestedServerName()) .WillByDefault(testing::Return("fake_cluster")); - // Prepare time source for filters such as local_ratelimit filter + // Prepare time source for filters such as local_ratelimit filter. factory_context_.prepareSimulatedSystemTime(); - // Prepare address for filters such as ext_authz filter + // Prepare address for filters such as ext_authz filter. addr_ = std::make_shared("/test/test.sock"); ON_CALL(read_filter_callbacks_->connection_, remoteAddress()) .WillByDefault(testing::ReturnRef(addr_)); @@ -152,7 +152,7 @@ void UberFilterFuzzer::fuzz( ENVOY_LOG_MISC(info, "Config content after decoded: {}", message->DebugString()); cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); perFilterSetup(proto_config.name()); - // Add filter to connection_ + // Add filter to connection_. cb_(read_filter_callbacks_->connection_); } catch (const EnvoyException& e) { ENVOY_LOG_MISC(debug, "Controlled exception in filter setup{}", e.what()); @@ -182,7 +182,7 @@ void UberFilterFuzzer::fuzz( break; } default: - // Unhandled actions + // Unhandled actions. PANIC("A case is missing for an action"); } } diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index 8a04388f54298..3ff82a6f4367b 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -68,7 +68,7 @@ class UberFilterFuzzer { const Protobuf::RepeatedPtrField<::test::extensions::filters::network::Action>& actions); // Get the name of filters which has been covered by this fuzzer. static std::vector filterNames(); - // Check whether the filter's config is invalid for fuzzer(e.g. system call) + // Check whether the filter's config is invalid for fuzzer(e.g. system call). bool invalidInputForFuzzer(const std::string& filter_name, Protobuf::Message* config_message); protected: From f1ced93772293fe5fb20c1ebd100b8629f857b6c Mon Sep 17 00:00:00 2001 From: jianwen Date: Wed, 15 Jul 2020 13:30:53 -0500 Subject: [PATCH 28/76] modified ON_CALL to EXPECT_CALL.WillOnce for some unique_ptr. Removed ON_CALL for addr_, instead, directly change the pointer inside connection_ Signed-off-by: jianwen --- .../filters/network/common/fuzz/uber_filter.cc | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index aa08f15c132eb..f972dbc745fcc 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -67,12 +67,12 @@ void UberFilterFuzzer::perFilterSetup(const std::string& filter_name) { return async_request_.get(); }))); - ON_CALL(*async_client_factory_, create()).WillByDefault(Invoke([&] { + EXPECT_CALL(*async_client_factory_, create()).WillOnce(Invoke([&] { return std::move(async_client_); })); - ON_CALL(factory_context_.cluster_manager_.async_client_manager_, factoryForGrpcService(_, _, _)) - .WillByDefault(Invoke([&](const envoy::config::core::v3::GrpcService&, Stats::Scope&, + EXPECT_CALL(factory_context_.cluster_manager_.async_client_manager_, factoryForGrpcService(_, _, _)) + .WillOnce(Invoke([&](const envoy::config::core::v3::GrpcService&, Stats::Scope&, bool) { return std::move(async_client_factory_); })); } } @@ -94,11 +94,8 @@ void UberFilterFuzzer::fuzzerSetup() { factory_context_.prepareSimulatedSystemTime(); // Prepare address for filters such as ext_authz filter. addr_ = std::make_shared("/test/test.sock"); - ON_CALL(read_filter_callbacks_->connection_, remoteAddress()) - .WillByDefault(testing::ReturnRef(addr_)); - ON_CALL(read_filter_callbacks_->connection_, localAddress()) - .WillByDefault(testing::ReturnRef(addr_)); - + read_filter_callbacks_->connection_.remote_address_ = addr_; + read_filter_callbacks_->connection_.local_address_ = addr_; async_request_ = std::make_unique(); } From 655b66095103eadbd0473397e25bf7ecef2fb389 Mon Sep 17 00:00:00 2001 From: jianwen Date: Wed, 15 Jul 2020 13:33:30 -0500 Subject: [PATCH 29/76] run fix code style Signed-off-by: jianwen --- .../extensions/filters/network/common/fuzz/uber_filter.cc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index f972dbc745fcc..e7936a35e0823 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -71,9 +71,11 @@ void UberFilterFuzzer::perFilterSetup(const std::string& filter_name) { return std::move(async_client_); })); - EXPECT_CALL(factory_context_.cluster_manager_.async_client_manager_, factoryForGrpcService(_, _, _)) - .WillOnce(Invoke([&](const envoy::config::core::v3::GrpcService&, Stats::Scope&, - bool) { return std::move(async_client_factory_); })); + EXPECT_CALL(factory_context_.cluster_manager_.async_client_manager_, + factoryForGrpcService(_, _, _)) + .WillOnce(Invoke([&](const envoy::config::core::v3::GrpcService&, Stats::Scope&, bool) { + return std::move(async_client_factory_); + })); } } void UberFilterFuzzer::fuzzerSetup() { From 2aedc6ec54a4ebe84b1c1c04c3001a234cf1e733 Mon Sep 17 00:00:00 2001 From: jianwen Date: Thu, 16 Jul 2020 13:47:19 -0500 Subject: [PATCH 30/76] added HCM filter and SDFP filter Signed-off-by: jianwen --- .../filters/network/common/fuzz/BUILD | 6 ++-- .../common/fuzz/network_filter_fuzz_test.cc | 2 +- .../network/common/fuzz/uber_filter.cc | 33 ++++++++++++++----- .../filters/network/common/fuzz/uber_filter.h | 6 +++- 4 files changed, 33 insertions(+), 14 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index 51a3c2e4e01a4..7cadd6811d7ad 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -7,7 +7,6 @@ load( ) load( "//source/extensions:all_extensions.bzl", - # "envoy_all_extensions", "envoy_all_network_filters", ) @@ -46,6 +45,7 @@ envoy_cc_test_library( "//test/mocks/server:server_mocks", "@envoy_api//envoy/extensions/filters/network/direct_response/v3:pkg_cc_proto", "@envoy_api//envoy/extensions/filters/network/local_ratelimit/v3:pkg_cc_proto", + "@envoy_api//envoy/extensions/filters/network/http_connection_manager/v3:pkg_cc_proto", ], ) @@ -53,8 +53,8 @@ envoy_cc_fuzz_test( name = "network_filter_fuzz_test", srcs = ["network_filter_fuzz_test.cc"], corpus = "network_filter_corpus", - # All Envoy extensions must be linked to the test in order for the fuzzer to pick - # these up via the NamedHttpFilterConfigFactory. + # All Envoy network extensions must be linked to the test in order for the fuzzer to pick + # these up via the NamedNetworkFilterConfigFactory. deps = [ ":uber_filter_lib", "//source/common/config:utility_lib", diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc index 5edeea8dfc7a4..34bd1eac61a8a 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc @@ -29,7 +29,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase if (std::find(filter_names.begin(), filter_names.end(), input->config().name()) == std::end(filter_names)) { absl::string_view filter_name = filter_names[seed % filter_names.size()]; - filter_name = NetworkFilterNames::get().HttpConnectionManager; + filter_name = NetworkFilterNames::get().SniDynamicForwardProxy; input->mutable_config()->set_name(std::string(filter_name)); } // Set the corresponding type_url for Any. diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index d4a9ed43aa05c..5d9a25feb80fb 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -31,7 +31,9 @@ std::vector UberFilterFuzzer::filterNames() { NetworkFilterNames::get().DirectResponse, NetworkFilterNames::get().DubboProxy, NetworkFilterNames::get().SniCluster, - NetworkFilterNames::get().HttpConnectionManager}; + + NetworkFilterNames::get().HttpConnectionManager, + NetworkFilterNames::get().SniDynamicForwardProxy}; } return filter_names_; } @@ -48,7 +50,8 @@ void UberFilterFuzzer::reset() { // Clear the pointers inside the mock_dispatcher Event::MockDispatcher& mock_dispatcher = dynamic_cast(read_filter_callbacks_->connection_.dispatcher_); mock_dispatcher.to_delete_.clear(); - + std::cout<connection_.local_address_ = - std::make_shared("/test/test.sock"); + ext_authz_addr_; read_filter_callbacks_->connection_.remote_address_ = - std::make_shared("/test/test.sock"); + ext_authz_addr_; } else if(filter_name == NetworkFilterNames::get().HttpConnectionManager){ // ON_CALL(read_filter_callbacks_->connection_, ssl()).WillByDefault(testing::Return(ssl_connection_)); @@ -92,10 +95,13 @@ void UberFilterFuzzer::perFilterSetup(const std::string& filter_name) { // .WillByDefault(InvokeWithoutArgs([&connection_alive] { connection_alive = false; })); read_filter_callbacks_->connection_.local_address_ = - std::make_shared("127.0.0.1"); + http_conn_manager_addr_; read_filter_callbacks_->connection_.remote_address_ = - std::make_shared("0.0.0.0"); + http_conn_manager_addr_; } + + // listener_scope_ = std::make_unique(); + // ON_CALL(factory_context_,listenerScope()).WillByDefault(testing::ReturnRef(*listener_scope_)); } void UberFilterFuzzer::fuzzerSetup() { // Setup process when this fuzzer object is constructed. @@ -115,7 +121,8 @@ void UberFilterFuzzer::fuzzerSetup() { // Prepare time source for filters such as local_ratelimit filter factory_context_.prepareSimulatedSystemTime(); // Prepare address for filters such as ext_authz filter - // addr_ = std::make_shared("/test/test.sock"); + ext_authz_addr_ = std::make_shared("/test/test.sock"); + http_conn_manager_addr_ = std::make_shared("127.0.0.1"); // ON_CALL(read_filter_callbacks_->connection_, remoteAddress()) // .WillByDefault(testing::ReturnRef(addr_)); // ON_CALL(read_filter_callbacks_->connection_, localAddress()) @@ -123,7 +130,7 @@ void UberFilterFuzzer::fuzzerSetup() { async_request_ = std::make_unique(); // Prepare protocol for http_connection_manager - read_filter_callbacks_->connection_.stream_info_.protocol_ = Http::Protocol::Http2; + // read_filter_callbacks_->connection_.stream_info_.protocol_ = Http::Protocol::Http2; } UberFilterFuzzer::UberFilterFuzzer() : time_source_(factory_context_.simulatedTimeSystem()) { @@ -153,6 +160,14 @@ bool UberFilterFuzzer::invalidInputForFuzzer(const std::string& filter_name, // reasonable. return true; } + }else if(filter_name == NetworkFilterNames::get().HttpConnectionManager) { + envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager& config = + dynamic_cast( + *config_message); + if (config.codec_type() == envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager::HTTP3){ + // Quiche is not supported yet. + return true; + } } return false; } @@ -174,8 +189,8 @@ void UberFilterFuzzer::fuzz( return; } ENVOY_LOG_MISC(info, "Config content after decoded: {}", message->DebugString()); - cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); perFilterSetup(proto_config.name()); + cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); // Add filter to connection_ cb_(read_filter_callbacks_->connection_); } catch (const EnvoyException& e) { diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index 140e967d025d5..b37d889a91e1b 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -51,7 +51,9 @@ class FakeFactoryContext : public MockFactoryContext { Event::DispatcherPtr dispatcher_; Event::SimulatedTimeSystem time_system_; + NiceMock listener_scope_; Api::ApiPtr api_; + }; } // namespace Configuration @@ -83,7 +85,8 @@ class UberFilterFuzzer { Server::Configuration::FakeFactoryContext factory_context_; Network::ReadFilterSharedPtr read_filter_; Network::FilterFactoryCb cb_; - // Network::Address::InstanceConstSharedPtr addr_; + Network::Address::InstanceConstSharedPtr ext_authz_addr_; + Network::Address::InstanceConstSharedPtr http_conn_manager_addr_; Event::SimulatedTimeSystem& time_source_; std::shared_ptr> read_filter_callbacks_; std::unique_ptr async_request_; @@ -91,6 +94,7 @@ class UberFilterFuzzer { std::unique_ptr async_client_factory_; Tracing::MockSpan span_; std::shared_ptr ssl_connection_ = std::make_shared(); + // std::unique_ptr listener_scope_; int seconds_in_one_day_ = 86400; }; From fe23bab37d105eaf326e420a8f2b28760337e138 Mon Sep 17 00:00:00 2001 From: jianwen Date: Thu, 16 Jul 2020 14:20:34 -0500 Subject: [PATCH 31/76] fixed typos and added TODOs Signed-off-by: jianwen --- .../common/fuzz/network_filter_fuzz.proto | 1 - .../common/fuzz/network_filter_fuzz_test.cc | 4 ++- .../network/common/fuzz/uber_filter.cc | 34 +++++++++++-------- .../filters/network/common/fuzz/uber_filter.h | 3 +- 4 files changed, 24 insertions(+), 18 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto b/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto index 48f85a292ee16..eafc899ca06c9 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto @@ -3,7 +3,6 @@ syntax = "proto3"; package test.extensions.filters.network; import "google/protobuf/empty.proto"; import "validate/validate.proto"; -import "test/fuzz/common.proto"; import "envoy/config/listener/v3/listener_components.proto"; message OnData { diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc index fadf6d0c7c29b..f67d5f1fcf8ac 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc @@ -19,7 +19,8 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase // Replaying a corpus through the fuzzer will not be affected by the // post-processor mutation. - // After extending to cover all the filters, we can use `Registry::FactoryRegistry< + // TODO(jianwendong): After extending to cover all the filters, we can use + // `Registry::FactoryRegistry< // Server::Configuration::NamedNetworkFilterConfigFactory>::registeredNames()` // to get all the filter names instead of calling `UberFilterFuzzer::filter_names()`. static const auto filter_names = UberFilterFuzzer::filterNames(); @@ -42,6 +43,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase TestUtility::validate(input); // Check the filter's name in case some filters are not supported yet. static const auto filter_names = UberFilterFuzzer::filterNames(); + // TODO(jianwendong): remove this if block after covering all the filters. if (std::find(filter_names.begin(), filter_names.end(), input.config().name()) == std::end(filter_names)) { ENVOY_LOG_MISC(debug, "Test case with unsupported filter type: {}", input.config().name()); diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index e7936a35e0823..4e5fd68549e1b 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -1,5 +1,6 @@ #include "test/extensions/filters/network/common/fuzz/uber_filter.h" +#include "envoy/common/exception.h" #include "envoy/extensions/filters/network/direct_response/v3/config.pb.h" #include "envoy/extensions/filters/network/local_ratelimit/v3/local_rate_limit.pb.h" @@ -19,7 +20,7 @@ namespace Extensions { namespace NetworkFilters { std::vector UberFilterFuzzer::filterNames() { - // This filters that have already been covered by this fuzzer. + // These filters have already been covered by this fuzzer. // Will extend to cover other network filters one by one. static ::std::vector filter_names_; if (filter_names_.empty()) { @@ -44,14 +45,17 @@ void UberFilterFuzzer::reset() { read_filter_callbacks_->connection_.callbacks_.clear(); read_filter_callbacks_->connection_.bytes_sent_callbacks_.clear(); read_filter_callbacks_->connection_.state_ = Network::Connection::State::Open; + read_filter_.reset(); } + +// TODO(jianwendong): seperate the methods for per filter processing to a different file. void UberFilterFuzzer::perFilterSetup(const std::string& filter_name) { // Set up response for ext_authz filter if (filter_name == NetworkFilterNames::get().ExtAuthorization) { async_client_factory_ = std::make_unique(); async_client_ = std::make_unique(); - + // TODO(jianwendong): consider testing on different kinds of responses. ON_CALL(*async_client_, sendRaw(_, _, _, _, _, _)) .WillByDefault(testing::WithArgs<3>(Invoke([&](Grpc::RawAsyncRequestCallbacks& callbacks) { Filters::Common::ExtAuthz::GrpcClientImpl* grpc_client_impl = @@ -104,8 +108,8 @@ void UberFilterFuzzer::fuzzerSetup() { UberFilterFuzzer::UberFilterFuzzer() : time_source_(factory_context_.simulatedTimeSystem()) { fuzzerSetup(); } -bool UberFilterFuzzer::invalidInputForFuzzer(const std::string& filter_name, - Protobuf::Message* config_message) { +void UberFilterFuzzer::checkInvalidInputForFuzzer(const std::string& filter_name, + Protobuf::Message* config_message) { // System calls such as reading files are prohibited in this fuzzer. Some input that crashes the // mock/fake objects are also prohibited. const std::string name = Extensions::NetworkFilters::Common::FilterNameUtil::canonicalFilterName( @@ -116,7 +120,8 @@ bool UberFilterFuzzer::invalidInputForFuzzer(const std::string& filter_name, *config_message); if (config.response().specifier_case() == envoy::config::core::v3::DataSource::SpecifierCase::kFilename) { - return true; + throw EnvoyException( + fmt::format("direct_response trying to open a file. Config:\n{}", config.DebugString())); } } else if (filter_name == NetworkFilterNames::get().LocalRateLimit) { envoy::extensions::filters::network::local_ratelimit::v3::LocalRateLimit& config = @@ -126,10 +131,11 @@ bool UberFilterFuzzer::invalidInputForFuzzer(const std::string& filter_name, // Too large fill_interval may cause "c++/v1/chrono" overflow when simulated_time_system_ is // converting it to a smaller unit. Constraining fill_interval to no greater than one day is // reasonable. - return true; + throw EnvoyException( + fmt::format("local_ratelimit trying to set a large fill_interval. Config:\n{}", + config.DebugString())); } } - return false; } void UberFilterFuzzer::fuzz( @@ -144,20 +150,18 @@ void UberFilterFuzzer::fuzz( Server::Configuration::NamedNetworkFilterConfigFactory>(filter_name); ProtobufTypes::MessagePtr message = Config::Utility::translateToFactoryConfig( proto_config, factory_context_.messageValidationVisitor(), factory); - if (invalidInputForFuzzer(filter_name, message.get())) { - // Make sure no invalid system calls are executed in fuzzer. - return; - } + // Make sure no invalid system calls are executed in fuzzer. + checkInvalidInputForFuzzer(filter_name, message.get()); ENVOY_LOG_MISC(info, "Config content after decoded: {}", message->DebugString()); cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); - perFilterSetup(proto_config.name()); - // Add filter to connection_. - cb_(read_filter_callbacks_->connection_); + } catch (const EnvoyException& e) { ENVOY_LOG_MISC(debug, "Controlled exception in filter setup{}", e.what()); return; } - + perFilterSetup(proto_config.name()); + // Add filter to connection_. + cb_(read_filter_callbacks_->connection_); for (const auto& action : actions) { ENVOY_LOG_MISC(trace, "action {}", action.DebugString()); switch (action.action_selector_case()) { diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index 3ff82a6f4367b..0aa3b9db24095 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -69,7 +69,8 @@ class UberFilterFuzzer { // Get the name of filters which has been covered by this fuzzer. static std::vector filterNames(); // Check whether the filter's config is invalid for fuzzer(e.g. system call). - bool invalidInputForFuzzer(const std::string& filter_name, Protobuf::Message* config_message); + void checkInvalidInputForFuzzer(const std::string& filter_name, + Protobuf::Message* config_message); protected: // Set-up filter specific mock expectations in constructor. From 994c156538f0e262851d3989c4cd23d93869dfc2 Mon Sep 17 00:00:00 2001 From: jianwen Date: Thu, 16 Jul 2020 14:21:28 -0500 Subject: [PATCH 32/76] fixed a typo Signed-off-by: jianwen --- test/extensions/filters/network/common/fuzz/uber_filter.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index 4e5fd68549e1b..f97a702821589 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -48,7 +48,7 @@ void UberFilterFuzzer::reset() { read_filter_.reset(); } -// TODO(jianwendong): seperate the methods for per filter processing to a different file. +// TODO(jianwendong): separate the methods for per filter processing to a different file. void UberFilterFuzzer::perFilterSetup(const std::string& filter_name) { // Set up response for ext_authz filter if (filter_name == NetworkFilterNames::get().ExtAuthorization) { From 86163718afadc62db83d80cccb4f39739c798070 Mon Sep 17 00:00:00 2001 From: jianwen Date: Thu, 16 Jul 2020 15:54:55 -0500 Subject: [PATCH 33/76] separate the fake class definition and the per_filter processing in different files. Cleaned up the deps Signed-off-by: jianwen --- .../filters/network/common/fuzz/BUILD | 13 +-- .../network/common/fuzz/uber_filter.cc | 92 +----------------- .../filters/network/common/fuzz/uber_filter.h | 51 +--------- .../network/common/fuzz/uber_per_filter.cc | 97 +++++++++++++++++++ .../filters/network/common/fuzz/utils/BUILD | 17 ++++ .../filters/network/common/fuzz/utils/fakes.h | 49 ++++++++++ 6 files changed, 169 insertions(+), 150 deletions(-) create mode 100644 test/extensions/filters/network/common/fuzz/uber_per_filter.cc create mode 100644 test/extensions/filters/network/common/fuzz/utils/BUILD create mode 100644 test/extensions/filters/network/common/fuzz/utils/fakes.h diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index e8554320a49a0..cac5d5722bde8 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -27,22 +27,18 @@ envoy_cc_test_library( name = "uber_filter_lib", srcs = [ "uber_filter.cc", + "uber_per_filter.cc", ], hdrs = ["uber_filter.h"], deps = [ ":network_filter_fuzz_proto_cc_proto", "//source/common/config:utility_lib", - "//source/common/network:utility_lib", - "//source/common/protobuf:utility_lib", "//source/extensions/filters/network:well_known_names", "//source/extensions/filters/network/common:utility_lib", - "//source/extensions/filters/network/ext_authz", - "//test/extensions/filters/common/ext_authz:ext_authz_mocks", "//test/extensions/filters/common/ext_authz:ext_authz_test_common", + "//test/extensions/filters/network/common/fuzz/utils:network_filter_fuzzer_fakes_lib", "//test/fuzz:utility_lib", - "//test/mocks/buffer:buffer_mocks", "//test/mocks/network:network_mocks", - "//test/mocks/server:server_mocks", "@envoy_api//envoy/extensions/filters/network/direct_response/v3:pkg_cc_proto", "@envoy_api//envoy/extensions/filters/network/local_ratelimit/v3:pkg_cc_proto", ], @@ -52,12 +48,11 @@ envoy_cc_fuzz_test( name = "network_filter_fuzz_test", srcs = ["network_filter_fuzz_test.cc"], corpus = "network_filter_corpus", - # All Envoy extensions must be linked to the test in order for the fuzzer to pick - # these up via the NamedHttpFilterConfigFactory. + # All Envoy network filters must be linked to the test in order for the fuzzer to pick + # these up via the NamedNetworkFilterConfigFactory. deps = [ ":uber_filter_lib", "//source/common/config:utility_lib", - "//source/common/protobuf:utility_lib", "//test/config:utility_lib", ] + envoy_all_network_filters(), ) diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index f97a702821589..0950c634176df 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -1,87 +1,26 @@ #include "test/extensions/filters/network/common/fuzz/uber_filter.h" #include "envoy/common/exception.h" -#include "envoy/extensions/filters/network/direct_response/v3/config.pb.h" -#include "envoy/extensions/filters/network/local_ratelimit/v3/local_rate_limit.pb.h" #include "common/config/utility.h" #include "common/config/version_converter.h" -#include "common/network/utility.h" -#include "common/protobuf/utility.h" - -#include "extensions/filters/network/common/utility.h" -#include "extensions/filters/network/well_known_names.h" - -#include "test/extensions/filters/common/ext_authz/test_common.h" -#include "test/test_common/utility.h" namespace Envoy { namespace Extensions { namespace NetworkFilters { -std::vector UberFilterFuzzer::filterNames() { - // These filters have already been covered by this fuzzer. - // Will extend to cover other network filters one by one. - static ::std::vector filter_names_; - if (filter_names_.empty()) { - filter_names_ = {NetworkFilterNames::get().ExtAuthorization, - NetworkFilterNames::get().LocalRateLimit, - NetworkFilterNames::get().RedisProxy, - NetworkFilterNames::get().ClientSslAuth, - NetworkFilterNames::get().Echo, - NetworkFilterNames::get().DirectResponse, - NetworkFilterNames::get().DubboProxy, - NetworkFilterNames::get().SniCluster}; - } - return filter_names_; -} - void UberFilterFuzzer::reset() { // Reset some changes made by current filter on some mock objects. // Close the connection to make sure the filter's callback is set to nullptr. read_filter_callbacks_->connection_.raiseEvent(Network::ConnectionEvent::LocalClose); - // Clear the filter's raw pointer stored inside the connection_ and reset the connection_. + // Clear the filter's raw pointer stored inside the connection_ and reset the connection_'s state. read_filter_callbacks_->connection_.callbacks_.clear(); read_filter_callbacks_->connection_.bytes_sent_callbacks_.clear(); read_filter_callbacks_->connection_.state_ = Network::Connection::State::Open; read_filter_.reset(); } -// TODO(jianwendong): separate the methods for per filter processing to a different file. -void UberFilterFuzzer::perFilterSetup(const std::string& filter_name) { - // Set up response for ext_authz filter - if (filter_name == NetworkFilterNames::get().ExtAuthorization) { - - async_client_factory_ = std::make_unique(); - async_client_ = std::make_unique(); - // TODO(jianwendong): consider testing on different kinds of responses. - ON_CALL(*async_client_, sendRaw(_, _, _, _, _, _)) - .WillByDefault(testing::WithArgs<3>(Invoke([&](Grpc::RawAsyncRequestCallbacks& callbacks) { - Filters::Common::ExtAuthz::GrpcClientImpl* grpc_client_impl = - dynamic_cast(&callbacks); - const std::string empty_body{}; - const auto expected_headers = - Filters::Common::ExtAuthz::TestCommon::makeHeaderValueOption({}); - auto check_response = Filters::Common::ExtAuthz::TestCommon::makeCheckResponse( - Grpc::Status::WellKnownGrpcStatus::Ok, envoy::type::v3::OK, empty_body, - expected_headers); - // Give response to the grpc_client by calling onSuccess(). - grpc_client_impl->onSuccess(std::move(check_response), span_); - return async_request_.get(); - }))); - - EXPECT_CALL(*async_client_factory_, create()).WillOnce(Invoke([&] { - return std::move(async_client_); - })); - - EXPECT_CALL(factory_context_.cluster_manager_.async_client_manager_, - factoryForGrpcService(_, _, _)) - .WillOnce(Invoke([&](const envoy::config::core::v3::GrpcService&, Stats::Scope&, bool) { - return std::move(async_client_factory_); - })); - } -} void UberFilterFuzzer::fuzzerSetup() { // Setup process when this fuzzer object is constructed. // For a static fuzzer, this will only be executed once. @@ -108,35 +47,6 @@ void UberFilterFuzzer::fuzzerSetup() { UberFilterFuzzer::UberFilterFuzzer() : time_source_(factory_context_.simulatedTimeSystem()) { fuzzerSetup(); } -void UberFilterFuzzer::checkInvalidInputForFuzzer(const std::string& filter_name, - Protobuf::Message* config_message) { - // System calls such as reading files are prohibited in this fuzzer. Some input that crashes the - // mock/fake objects are also prohibited. - const std::string name = Extensions::NetworkFilters::Common::FilterNameUtil::canonicalFilterName( - std::string(filter_name)); - if (filter_name == NetworkFilterNames::get().DirectResponse) { - envoy::extensions::filters::network::direct_response::v3::Config& config = - dynamic_cast( - *config_message); - if (config.response().specifier_case() == - envoy::config::core::v3::DataSource::SpecifierCase::kFilename) { - throw EnvoyException( - fmt::format("direct_response trying to open a file. Config:\n{}", config.DebugString())); - } - } else if (filter_name == NetworkFilterNames::get().LocalRateLimit) { - envoy::extensions::filters::network::local_ratelimit::v3::LocalRateLimit& config = - dynamic_cast( - *config_message); - if (config.token_bucket().fill_interval().seconds() > seconds_in_one_day_) { - // Too large fill_interval may cause "c++/v1/chrono" overflow when simulated_time_system_ is - // converting it to a smaller unit. Constraining fill_interval to no greater than one day is - // reasonable. - throw EnvoyException( - fmt::format("local_ratelimit trying to set a large fill_interval. Config:\n{}", - config.DebugString())); - } - } -} void UberFilterFuzzer::fuzz( const envoy::config::listener::v3::Filter& proto_config, diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index 0aa3b9db24095..5b1627b36cb18 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -1,61 +1,12 @@ #include "envoy/network/filter.h" #include "common/protobuf/protobuf.h" -#include "common/singleton/manager_impl.h" -#include "test/extensions/filters/common/ext_authz/mocks.h" #include "test/extensions/filters/network/common/fuzz/network_filter_fuzz.pb.validate.h" -#include "test/fuzz/utility.h" -#include "test/mocks/buffer/mocks.h" +#include "test/extensions/filters/network/common/fuzz/utils/fakes.h" #include "test/mocks/network/mocks.h" -#include "test/mocks/server/mocks.h" namespace Envoy { -namespace Server { -namespace Configuration { -class FakeFactoryContext : public MockFactoryContext { -public: - void prepareSimulatedSystemTime() { - api_ = Api::createApiForTest(time_system_); - dispatcher_ = api_->allocateDispatcher("test_thread"); - } - AccessLog::AccessLogManager& accessLogManager() override { return access_log_manager_; } - Upstream::ClusterManager& clusterManager() override { return cluster_manager_; } - Event::Dispatcher& dispatcher() override { return *dispatcher_; } - const Network::DrainDecision& drainDecision() override { return drain_manager_; } - Init::Manager& initManager() override { return init_manager_; } - ServerLifecycleNotifier& lifecycleNotifier() override { return lifecycle_notifier_; } - const LocalInfo::LocalInfo& localInfo() const override { return local_info_; } - Envoy::Random::RandomGenerator& random() override { return random_; } - Envoy::Runtime::Loader& runtime() override { return runtime_loader_; } - Stats::Scope& scope() override { return scope_; } - Singleton::Manager& singletonManager() override { return *singleton_manager_; } - ThreadLocal::Instance& threadLocal() override { return thread_local_; } - Server::Admin& admin() override { return admin_; } - Stats::Scope& listenerScope() override { return listener_scope_; } - Api::Api& api() override { return *api_; } - TimeSource& timeSource() override { return time_system_; } - OverloadManager& overloadManager() override { return overload_manager_; } - ProtobufMessage::ValidationContext& messageValidationContext() override { - return validation_context_; - } - ProtobufMessage::ValidationVisitor& messageValidationVisitor() override { - return ProtobufMessage::getStrictValidationVisitor(); - } - Event::SimulatedTimeSystem& simulatedTimeSystem() { - return dynamic_cast(time_system_); - } - Event::TestTimeSystem& timeSystem() { return time_system_; } - Grpc::Context& grpcContext() override { return grpc_context_; } - Http::Context& httpContext() override { return http_context_; } - - Event::DispatcherPtr dispatcher_; - Event::SimulatedTimeSystem time_system_; - Api::ApiPtr api_; -}; - -} // namespace Configuration -} // namespace Server namespace Extensions { namespace NetworkFilters { diff --git a/test/extensions/filters/network/common/fuzz/uber_per_filter.cc b/test/extensions/filters/network/common/fuzz/uber_per_filter.cc new file mode 100644 index 0000000000000..87d60efb423a0 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/uber_per_filter.cc @@ -0,0 +1,97 @@ +#include "envoy/extensions/filters/network/direct_response/v3/config.pb.h" +#include "envoy/extensions/filters/network/local_ratelimit/v3/local_rate_limit.pb.h" + +#include "extensions/filters/network/common/utility.h" +#include "extensions/filters/network/well_known_names.h" + +#include "test/extensions/filters/common/ext_authz/test_common.h" +#include "test/extensions/filters/network/common/fuzz/uber_filter.h" + +namespace Envoy { +namespace Extensions { +namespace NetworkFilters { + +std::vector UberFilterFuzzer::filterNames() { + // These filters have already been covered by this fuzzer. + // Will extend to cover other network filters one by one. + static ::std::vector filter_names_; + if (filter_names_.empty()) { + filter_names_ = {NetworkFilterNames::get().ExtAuthorization, + NetworkFilterNames::get().LocalRateLimit, + NetworkFilterNames::get().RedisProxy, + NetworkFilterNames::get().ClientSslAuth, + NetworkFilterNames::get().Echo, + NetworkFilterNames::get().DirectResponse, + NetworkFilterNames::get().DubboProxy, + NetworkFilterNames::get().SniCluster}; + } + return filter_names_; +} + +void UberFilterFuzzer::perFilterSetup(const std::string& filter_name) { + // Set up response for ext_authz filter + if (filter_name == NetworkFilterNames::get().ExtAuthorization) { + + async_client_factory_ = std::make_unique(); + async_client_ = std::make_unique(); + // TODO(jianwendong): consider testing on different kinds of responses. + ON_CALL(*async_client_, sendRaw(_, _, _, _, _, _)) + .WillByDefault(testing::WithArgs<3>(Invoke([&](Grpc::RawAsyncRequestCallbacks& callbacks) { + Filters::Common::ExtAuthz::GrpcClientImpl* grpc_client_impl = + dynamic_cast(&callbacks); + const std::string empty_body{}; + const auto expected_headers = + Filters::Common::ExtAuthz::TestCommon::makeHeaderValueOption({}); + auto check_response = Filters::Common::ExtAuthz::TestCommon::makeCheckResponse( + Grpc::Status::WellKnownGrpcStatus::Ok, envoy::type::v3::OK, empty_body, + expected_headers); + // Give response to the grpc_client by calling onSuccess(). + grpc_client_impl->onSuccess(std::move(check_response), span_); + return async_request_.get(); + }))); + + EXPECT_CALL(*async_client_factory_, create()).WillOnce(Invoke([&] { + return std::move(async_client_); + })); + + EXPECT_CALL(factory_context_.cluster_manager_.async_client_manager_, + factoryForGrpcService(_, _, _)) + .WillOnce(Invoke([&](const envoy::config::core::v3::GrpcService&, Stats::Scope&, bool) { + return std::move(async_client_factory_); + })); + } +} + +void UberFilterFuzzer::checkInvalidInputForFuzzer(const std::string& filter_name, + Protobuf::Message* config_message) { + // System calls such as reading files are prohibited in this fuzzer. Some input that crashes the + // mock/fake objects are also prohibited. + const std::string name = Extensions::NetworkFilters::Common::FilterNameUtil::canonicalFilterName( + std::string(filter_name)); + if (filter_name == NetworkFilterNames::get().DirectResponse) { + envoy::extensions::filters::network::direct_response::v3::Config& config = + dynamic_cast( + *config_message); + if (config.response().specifier_case() == + envoy::config::core::v3::DataSource::SpecifierCase::kFilename) { + throw EnvoyException( + fmt::format("direct_response trying to open a file. Config:\n{}", config.DebugString())); + } + } else if (filter_name == NetworkFilterNames::get().LocalRateLimit) { + envoy::extensions::filters::network::local_ratelimit::v3::LocalRateLimit& config = + dynamic_cast( + *config_message); + if (config.token_bucket().fill_interval().seconds() > seconds_in_one_day_) { + // Too large fill_interval may cause "c++/v1/chrono" overflow when simulated_time_system_ is + // converting it to a smaller unit. Constraining fill_interval to no greater than one day is + // reasonable. + throw EnvoyException( + fmt::format("local_ratelimit trying to set a large fill_interval. Config:\n{}", + config.DebugString())); + } + } +} + +} // namespace NetworkFilters +} // namespace Extensions +} // namespace Envoy diff --git a/test/extensions/filters/network/common/fuzz/utils/BUILD b/test/extensions/filters/network/common/fuzz/utils/BUILD new file mode 100644 index 0000000000000..6c231c2a185f0 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/utils/BUILD @@ -0,0 +1,17 @@ +load( + "//bazel:envoy_build_system.bzl", + "envoy_cc_test_library", + "envoy_package", +) + +licenses(["notice"]) # Apache 2 + +envoy_package() + +envoy_cc_test_library( + name = "network_filter_fuzzer_fakes_lib", + hdrs = ["fakes.h"], + deps = [ + "//test/mocks/server:factory_context_mocks", + ], +) diff --git a/test/extensions/filters/network/common/fuzz/utils/fakes.h b/test/extensions/filters/network/common/fuzz/utils/fakes.h new file mode 100644 index 0000000000000..035dcb3e29cac --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/utils/fakes.h @@ -0,0 +1,49 @@ +#include "test/mocks/server/factory_context.h" + +namespace Envoy { +namespace Server { +namespace Configuration { +class FakeFactoryContext : public MockFactoryContext { +public: + void prepareSimulatedSystemTime() { + api_ = Api::createApiForTest(time_system_); + dispatcher_ = api_->allocateDispatcher("test_thread"); + } + AccessLog::AccessLogManager& accessLogManager() override { return access_log_manager_; } + Upstream::ClusterManager& clusterManager() override { return cluster_manager_; } + Event::Dispatcher& dispatcher() override { return *dispatcher_; } + const Network::DrainDecision& drainDecision() override { return drain_manager_; } + Init::Manager& initManager() override { return init_manager_; } + ServerLifecycleNotifier& lifecycleNotifier() override { return lifecycle_notifier_; } + const LocalInfo::LocalInfo& localInfo() const override { return local_info_; } + Envoy::Random::RandomGenerator& random() override { return random_; } + Envoy::Runtime::Loader& runtime() override { return runtime_loader_; } + Stats::Scope& scope() override { return scope_; } + Singleton::Manager& singletonManager() override { return *singleton_manager_; } + ThreadLocal::Instance& threadLocal() override { return thread_local_; } + Server::Admin& admin() override { return admin_; } + Stats::Scope& listenerScope() override { return listener_scope_; } + Api::Api& api() override { return *api_; } + TimeSource& timeSource() override { return time_system_; } + OverloadManager& overloadManager() override { return overload_manager_; } + ProtobufMessage::ValidationContext& messageValidationContext() override { + return validation_context_; + } + ProtobufMessage::ValidationVisitor& messageValidationVisitor() override { + return ProtobufMessage::getStrictValidationVisitor(); + } + Event::SimulatedTimeSystem& simulatedTimeSystem() { + return dynamic_cast(time_system_); + } + Event::TestTimeSystem& timeSystem() { return time_system_; } + Grpc::Context& grpcContext() override { return grpc_context_; } + Http::Context& httpContext() override { return http_context_; } + + Event::DispatcherPtr dispatcher_; + Event::SimulatedTimeSystem time_system_; + Api::ApiPtr api_; +}; + +} // namespace Configuration +} // namespace Server +} // namespace Envoy From abca561ee74b72c70e2c1bf38c278483838d76ce Mon Sep 17 00:00:00 2001 From: jianwen Date: Thu, 16 Jul 2020 16:08:59 -0500 Subject: [PATCH 34/76] added comments and assert() Signed-off-by: jianwen --- source/extensions/all_extensions.bzl | 3 ++- .../filters/network/common/fuzz/uber_filter.cc | 12 ++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/source/extensions/all_extensions.bzl b/source/extensions/all_extensions.bzl index 5254daf61ce13..ace7333688bca 100644 --- a/source/extensions/all_extensions.bzl +++ b/source/extensions/all_extensions.bzl @@ -39,9 +39,10 @@ def envoy_all_http_filters(): return [v for k, v in all_extensions.items() if k.startswith(_http_filter_prefix)] +# All network-layer filters are extensions with names that have the following prefix. _network_filter_prefix = "envoy.filters.network" -# Return all network-layer filter extensions to be compiled into network-layer filter generic fuzzer +# Return all network-layer filter extensions to be compiled into network-layer filter generic fuzzer. def envoy_all_network_filters(): all_extensions = dicts.add(_required_extensions, EXTENSIONS) diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index 0950c634176df..c1840cceb319b 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -76,16 +76,16 @@ void UberFilterFuzzer::fuzz( ENVOY_LOG_MISC(trace, "action {}", action.DebugString()); switch (action.action_selector_case()) { case test::extensions::filters::network::Action::kOnData: { - if (read_filter_ != nullptr) { - Buffer::OwnedImpl buffer(action.on_data().data()); - read_filter_->onData(buffer, action.on_data().end_stream()); - } + ASSERT(read_filter_ != nullptr); + Buffer::OwnedImpl buffer(action.on_data().data()); + read_filter_->onData(buffer, action.on_data().end_stream()); + break; } case test::extensions::filters::network::Action::kOnNewConnection: { - if (read_filter_ != nullptr) { + ASSERT(read_filter_ != nullptr); read_filter_->onNewConnection(); - } + break; } case test::extensions::filters::network::Action::kAdvanceTime: { From 5b811769c6bb3f26b6afbbf2eb56d80c33019214 Mon Sep 17 00:00:00 2001 From: jianwen Date: Thu, 16 Jul 2020 16:09:46 -0500 Subject: [PATCH 35/76] fix style Signed-off-by: jianwen --- test/extensions/filters/network/common/fuzz/uber_filter.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index c1840cceb319b..b62344e20b024 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -79,12 +79,12 @@ void UberFilterFuzzer::fuzz( ASSERT(read_filter_ != nullptr); Buffer::OwnedImpl buffer(action.on_data().data()); read_filter_->onData(buffer, action.on_data().end_stream()); - + break; } case test::extensions::filters::network::Action::kOnNewConnection: { ASSERT(read_filter_ != nullptr); - read_filter_->onNewConnection(); + read_filter_->onNewConnection(); break; } From 409b0929e6035ef9e93e825cfdd33e39c04ac8fe Mon Sep 17 00:00:00 2001 From: jianwen Date: Mon, 20 Jul 2020 12:58:00 -0500 Subject: [PATCH 36/76] fixed the proto definition on ThriftProxy.Route.RouteAction.cluter_header. Signed-off-by: jianwen --- .../extensions/filters/network/thrift_proxy/v3/route.proto | 2 +- .../filters/network/common/fuzz/network_filter_fuzz_test.cc | 2 +- test/extensions/filters/network/common/fuzz/uber_filter.cc | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/api/envoy/extensions/filters/network/thrift_proxy/v3/route.proto b/api/envoy/extensions/filters/network/thrift_proxy/v3/route.proto index 5ce18fd06233a..d4e9f7c13f2da 100644 --- a/api/envoy/extensions/filters/network/thrift_proxy/v3/route.proto +++ b/api/envoy/extensions/filters/network/thrift_proxy/v3/route.proto @@ -103,7 +103,7 @@ message RouteAction { // header is not found or the referenced cluster does not exist Envoy will // respond with an unknown method exception or an internal error exception, // respectively. - string cluster_header = 6 [(validate.rules).string = {min_bytes: 1}]; + string cluster_header = 6 [(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_VALUE strict: false}, ]; } // Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints in diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc index 34bd1eac61a8a..dc5a03cb9342c 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc @@ -29,7 +29,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase if (std::find(filter_names.begin(), filter_names.end(), input->config().name()) == std::end(filter_names)) { absl::string_view filter_name = filter_names[seed % filter_names.size()]; - filter_name = NetworkFilterNames::get().SniDynamicForwardProxy; + filter_name = NetworkFilterNames::get().ThriftProxy; input->mutable_config()->set_name(std::string(filter_name)); } // Set the corresponding type_url for Any. diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index 5d9a25feb80fb..be94e88102879 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -32,6 +32,8 @@ std::vector UberFilterFuzzer::filterNames() { NetworkFilterNames::get().DubboProxy, NetworkFilterNames::get().SniCluster, + NetworkFilterNames::get().ThriftProxy, + NetworkFilterNames::get().ZooKeeperProxy, NetworkFilterNames::get().HttpConnectionManager, NetworkFilterNames::get().SniDynamicForwardProxy}; } @@ -50,7 +52,7 @@ void UberFilterFuzzer::reset() { // Clear the pointers inside the mock_dispatcher Event::MockDispatcher& mock_dispatcher = dynamic_cast(read_filter_callbacks_->connection_.dispatcher_); mock_dispatcher.to_delete_.clear(); - std::cout< Date: Mon, 20 Jul 2020 13:22:33 -0500 Subject: [PATCH 37/76] run proto fix after modification in route.proto Signed-off-by: jianwen --- .../extensions/filters/network/thrift_proxy/v3/route.proto | 4 +++- .../filters/network/thrift_proxy/v4alpha/route.proto | 4 +++- .../extensions/filters/network/thrift_proxy/v3/route.proto | 4 +++- .../filters/network/thrift_proxy/v4alpha/route.proto | 4 +++- 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/api/envoy/extensions/filters/network/thrift_proxy/v3/route.proto b/api/envoy/extensions/filters/network/thrift_proxy/v3/route.proto index d4e9f7c13f2da..b7afc4f0b8037 100644 --- a/api/envoy/extensions/filters/network/thrift_proxy/v3/route.proto +++ b/api/envoy/extensions/filters/network/thrift_proxy/v3/route.proto @@ -103,7 +103,9 @@ message RouteAction { // header is not found or the referenced cluster does not exist Envoy will // respond with an unknown method exception or an internal error exception, // respectively. - string cluster_header = 6 [(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_VALUE strict: false}, ]; + string cluster_header = 6 [ + (validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_VALUE strict: false} + ]; } // Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints in diff --git a/api/envoy/extensions/filters/network/thrift_proxy/v4alpha/route.proto b/api/envoy/extensions/filters/network/thrift_proxy/v4alpha/route.proto index 9b847d645a65e..374cc131ddf83 100644 --- a/api/envoy/extensions/filters/network/thrift_proxy/v4alpha/route.proto +++ b/api/envoy/extensions/filters/network/thrift_proxy/v4alpha/route.proto @@ -103,7 +103,9 @@ message RouteAction { // header is not found or the referenced cluster does not exist Envoy will // respond with an unknown method exception or an internal error exception, // respectively. - string cluster_header = 6 [(validate.rules).string = {min_bytes: 1}]; + string cluster_header = 6 [ + (validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_VALUE strict: false} + ]; } // Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints in diff --git a/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/v3/route.proto b/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/v3/route.proto index 5ce18fd06233a..b7afc4f0b8037 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/v3/route.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/v3/route.proto @@ -103,7 +103,9 @@ message RouteAction { // header is not found or the referenced cluster does not exist Envoy will // respond with an unknown method exception or an internal error exception, // respectively. - string cluster_header = 6 [(validate.rules).string = {min_bytes: 1}]; + string cluster_header = 6 [ + (validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_VALUE strict: false} + ]; } // Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints in diff --git a/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/v4alpha/route.proto b/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/v4alpha/route.proto index 9b847d645a65e..374cc131ddf83 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/v4alpha/route.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/thrift_proxy/v4alpha/route.proto @@ -103,7 +103,9 @@ message RouteAction { // header is not found or the referenced cluster does not exist Envoy will // respond with an unknown method exception or an internal error exception, // respectively. - string cluster_header = 6 [(validate.rules).string = {min_bytes: 1}]; + string cluster_header = 6 [ + (validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_VALUE strict: false} + ]; } // Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints in From d22a7fbb6783f9875c43beca808f384ded8186ef Mon Sep 17 00:00:00 2001 From: jianwen Date: Mon, 20 Jul 2020 13:42:43 -0500 Subject: [PATCH 38/76] added comment on seconds_in_one_day_ Signed-off-by: jianwen --- test/extensions/filters/network/common/fuzz/uber_filter.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index 5b1627b36cb18..0413eb087c7ae 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -42,6 +42,8 @@ class UberFilterFuzzer { std::unique_ptr async_client_; std::unique_ptr async_client_factory_; Tracing::MockSpan span_; + // Limit the fill_interval in the config of local_ratelimit filter prevent overflow in + // std::chrono::time_point. int seconds_in_one_day_ = 86400; }; From 2e36c25c64ee0b2cbb3624e986254ce247b6e9fb Mon Sep 17 00:00:00 2001 From: jianwen Date: Mon, 20 Jul 2020 13:58:34 -0500 Subject: [PATCH 39/76] added test cases Signed-off-by: jianwen --- .../fuzz/network_filter_corpus/thrift_proxy_1 | 7 ++++ .../network_filter_corpus/zookeeper_proxy_1 | 34 +++++++++++++++++++ .../common/fuzz/network_filter_fuzz_test.cc | 1 + 3 files changed, 42 insertions(+) create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_1 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/zookeeper_proxy_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_1 new file mode 100644 index 0000000000000..ca2772ee0e71d --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_1 @@ -0,0 +1,7 @@ +config { + name: "envoy.filters.network.thrift_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxy" + value: "\nYtype.googleapis.com/envoy.extensions.filters.network.thrift_proxy.vLLLLLLLLL3.ThriftProxy\020\003\030\003\"\231\002\022\226\002\n\003\n\001A\022\216\002\032\201\002\n\361\001\n\010@\000\000\000\000\000\000\000\022\344\001\nc\n_*]\032[\nPtype.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxy\022\007\020\002\"\003\n\001A\022\000\n}\nyenvoy.filters.network.thrift_prox\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177y\022\000\n\013\n\000\022\007\n\005\n\001#\022\0002\010A\000\000\000\000\000\000\000" + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/zookeeper_proxy_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/zookeeper_proxy_1 new file mode 100644 index 0000000000000..fb16dbd750df4 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/zookeeper_proxy_1 @@ -0,0 +1,34 @@ +config { + name: "envoy.filters.network.zookeeper_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.zookeeper_proxy.v3.ZooKeeperProxy" + value: "\nVtype.googleapis.com/envoy.extensions.filters.network.zookeeper_proxy.v3.ZooKeeperProxy\032\000" + } +} +actions { + advance_time { + milliseconds: 8257536 + } +} +actions { + on_new_connection { + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 8257536 + } +} +actions { + on_data { + } +} +actions { + advance_time { + milliseconds: 83886080 + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc index dc5a03cb9342c..394f29f4d6f06 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc @@ -42,6 +42,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase try { TestUtility::validate(input); // Check the filter's name in case some filters are not supported yet. + // TODO(jianwendong): remove this check after all filters are supported. static const auto filter_names = UberFilterFuzzer::filterNames(); if (std::find(filter_names.begin(), filter_names.end(), input.config().name()) == std::end(filter_names)) { From 9eaf8263dd95c944f4990b4139c420627906512e Mon Sep 17 00:00:00 2001 From: jianwen Date: Mon, 20 Jul 2020 16:08:26 -0500 Subject: [PATCH 40/76] trying to add valid filters Signed-off-by: jianwen --- .../filters/network/common/fuzz/BUILD | 1 + .../network/common/fuzz/uber_filter.cc | 20 +++++++++++++------ 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index 7cadd6811d7ad..e6111e67ef755 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -46,6 +46,7 @@ envoy_cc_test_library( "@envoy_api//envoy/extensions/filters/network/direct_response/v3:pkg_cc_proto", "@envoy_api//envoy/extensions/filters/network/local_ratelimit/v3:pkg_cc_proto", "@envoy_api//envoy/extensions/filters/network/http_connection_manager/v3:pkg_cc_proto", + "@envoy_api//envoy/extensions/filters/network/thrift_proxy/v3:pkg_cc_proto", ], ) diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index be94e88102879..bce501849c950 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -2,6 +2,7 @@ #include "envoy/extensions/filters/network/direct_response/v3/config.pb.h" #include "envoy/extensions/filters/network/local_ratelimit/v3/local_rate_limit.pb.h" +#include "envoy/extensions/filters/network/thrift_proxy/v3/thrift_proxy.pb.h" #include "common/config/utility.h" #include "common/config/version_converter.h" @@ -170,6 +171,10 @@ bool UberFilterFuzzer::invalidInputForFuzzer(const std::string& filter_name, // Quiche is not supported yet. return true; } + }else if(filter_name ==NetworkFilterNames::get().ThriftProxy){ + envoy::extensions::filters::network::thrift_proxy::v3::ThriftProxy& config = + dynamic_cast( + *config_message); } return false; } @@ -191,17 +196,20 @@ void UberFilterFuzzer::fuzz( return; } ENVOY_LOG_MISC(info, "Config content after decoded: {}", message->DebugString()); - perFilterSetup(proto_config.name()); cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); - // Add filter to connection_ - cb_(read_filter_callbacks_->connection_); + } catch (const EnvoyException& e) { ENVOY_LOG_MISC(debug, "Controlled exception in filter setup{}", e.what()); return; } -// if (actions.size() > 5) { -// PANIC("A case is found!"); -// } + perFilterSetup(proto_config.name()); + + // Add filter to connection_ + cb_(read_filter_callbacks_->connection_); + std::cout<<"pass validation"< 1) { + PANIC("A case is found!"); + } for (const auto& action : actions) { ENVOY_LOG_MISC(trace, "action {}", action.DebugString()); switch (action.action_selector_case()) { From b3c389f7443766aad3afd76e5619fd5a3652044b Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 21 Jul 2020 09:08:24 -0500 Subject: [PATCH 41/76] added test case for thrift proxy and added deps Signed-off-by: jianwen --- .../filters/network/common/fuzz/BUILD | 2 + .../fuzz/network_filter_corpus/thrift_proxy_1 | 2 +- .../fuzz/network_filter_corpus/thrift_proxy_2 | 7 ++++ .../fuzz/network_filter_corpus/thrift_proxy_3 | 34 +++++++++++++++ .../common/fuzz/network_filter_fuzz_test.cc | 2 +- .../network/common/fuzz/uber_filter.cc | 41 +++++++------------ .../filters/network/common/fuzz/uber_filter.h | 1 + .../network/common/fuzz/uber_per_filter.cc | 41 ++++++++++++++++--- 8 files changed, 96 insertions(+), 34 deletions(-) create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_2 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_3 diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index d26e3a1680019..d7e3919fe5b55 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -56,5 +56,7 @@ envoy_cc_fuzz_test( ":uber_filter_lib", "//source/common/config:utility_lib", "//test/config:utility_lib", + "//source/extensions/filters/network/thrift_proxy/router:config", + "//source/extensions/filters/network/thrift_proxy/filters/ratelimit:config", ] + envoy_all_network_filters(), ) diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_1 index ca2772ee0e71d..a194b7f990310 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_1 +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_1 @@ -2,6 +2,6 @@ config { name: "envoy.filters.network.thrift_proxy" typed_config { type_url: "type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxy" - value: "\nYtype.googleapis.com/envoy.extensions.filters.network.thrift_proxy.vLLLLLLLLL3.ThriftProxy\020\003\030\003\"\231\002\022\226\002\n\003\n\001A\022\216\002\032\201\002\n\361\001\n\010@\000\000\000\000\000\000\000\022\344\001\nc\n_*]\032[\nPtype.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxy\022\007\020\002\"\003\n\001A\022\000\n}\nyenvoy.filters.network.thrift_prox\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177y\022\000\n\013\n\000\022\007\n\005\n\001#\022\0002\010A\000\000\000\000\000\000\000" + value: "\nYtype.googleapis.com/envoy.extensions.filters.network.thrift_proxy.vLLLLLLLLL3.ThriftProxy\020\003\030\003\"\231\002\022\226\002\n\003\n\001A\022\216\002\032\201\002\n\361\001\n\010@\000\000\000\000\000\000\000\022\344\001\nc\n_*]\032[\nPtype.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxy\022\007\020\002\"\003\n\001A\022\000\n}\nyenvoy.filters.network.thrift_prox\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177y\022\000\n\013\n\000\022\007\n\005\n\001#\022\0002\010A\177\177\177\177\177\177\177" } } diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_2 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_2 new file mode 100644 index 0000000000000..ca2772ee0e71d --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_2 @@ -0,0 +1,7 @@ +config { + name: "envoy.filters.network.thrift_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxy" + value: "\nYtype.googleapis.com/envoy.extensions.filters.network.thrift_proxy.vLLLLLLLLL3.ThriftProxy\020\003\030\003\"\231\002\022\226\002\n\003\n\001A\022\216\002\032\201\002\n\361\001\n\010@\000\000\000\000\000\000\000\022\344\001\nc\n_*]\032[\nPtype.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxy\022\007\020\002\"\003\n\001A\022\000\n}\nyenvoy.filters.network.thrift_prox\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177y\022\000\n\013\n\000\022\007\n\005\n\001#\022\0002\010A\000\000\000\000\000\000\000" + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_3 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_3 new file mode 100644 index 0000000000000..78a87924ae34e --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_3 @@ -0,0 +1,34 @@ +config { + name: "envoy.filters.network.thrift_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxy" + value: "\nz\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177" + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 10 + } +} +actions { + on_new_connection { + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + } +} +actions { + on_data { + data: "type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.Thrif~tProxy" + end_stream: true + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc index 4197754a33e40..589b7de3bffb7 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc @@ -39,7 +39,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase absl::StrCat("type.googleapis.com/", factory->createEmptyConfigProto()->GetDescriptor()->full_name())); }}; - + // UberFilterFuzzer::setThriftFilters(nullptr); try { TestUtility::validate(input); // Check the filter's name in case some filters are not supported yet. diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index a1f45496b523b..5ebbe752e4392 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -8,29 +8,6 @@ namespace Envoy { namespace Extensions { namespace NetworkFilters { - -std::vector UberFilterFuzzer::filterNames() { - // This filters that have already been covered by this fuzzer. - // Will extend to cover other network filters one by one. - static ::std::vector filter_names_; - if (filter_names_.empty()) { - filter_names_ = {NetworkFilterNames::get().ExtAuthorization, - NetworkFilterNames::get().LocalRateLimit, - NetworkFilterNames::get().RedisProxy, - NetworkFilterNames::get().ClientSslAuth, - NetworkFilterNames::get().Echo, - NetworkFilterNames::get().DirectResponse, - NetworkFilterNames::get().DubboProxy, - NetworkFilterNames::get().SniCluster, - - NetworkFilterNames::get().ThriftProxy, - NetworkFilterNames::get().ZooKeeperProxy, - NetworkFilterNames::get().HttpConnectionManager, - NetworkFilterNames::get().SniDynamicForwardProxy}; - } - return filter_names_; -} - void UberFilterFuzzer::reset() { // Reset some changes made by current filter on some mock objects. @@ -40,6 +17,9 @@ void UberFilterFuzzer::reset() { read_filter_callbacks_->connection_.callbacks_.clear(); read_filter_callbacks_->connection_.bytes_sent_callbacks_.clear(); read_filter_callbacks_->connection_.state_ = Network::Connection::State::Open; + // Clear the pointers inside the mock_dispatcher + Event::MockDispatcher& mock_dispatcher = dynamic_cast(read_filter_callbacks_->connection_.dispatcher_); + mock_dispatcher.to_delete_.clear(); read_filter_.reset(); } @@ -51,6 +31,12 @@ void UberFilterFuzzer::fuzzerSetup() { read_filter_callbacks_ = std::make_shared>(); ON_CALL(read_filter_callbacks_->connection_, addReadFilter(_)) .WillByDefault(Invoke([&](Network::ReadFilterSharedPtr read_filter) -> void { + std::cout<<"add readFilter"<initializeReadFilterCallbacks(*read_filter_callbacks_); + })); + ON_CALL(read_filter_callbacks_->connection_, addFilter(_)) + .WillByDefault(Invoke([&](Network::FilterSharedPtr read_filter) -> void { std::cout<<"add filter"<initializeReadFilterCallbacks(*read_filter_callbacks_); @@ -61,9 +47,8 @@ void UberFilterFuzzer::fuzzerSetup() { // Prepare time source for filters such as local_ratelimit filter. factory_context_.prepareSimulatedSystemTime(); // Prepare address for filters such as ext_authz filter. - addr_ = std::make_shared("/test/test.sock"); - read_filter_callbacks_->connection_.remote_address_ = addr_; - read_filter_callbacks_->connection_.local_address_ = addr_; + ext_authz_addr_ = std::make_shared("/test/test.sock"); + http_conn_manager_addr_ = std::make_shared("127.0.0.1"); async_request_ = std::make_unique(); // Prepare protocol for http_connection_manager // read_filter_callbacks_->connection_.stream_info_.protocol_ = Http::Protocol::Http2; @@ -97,6 +82,10 @@ void UberFilterFuzzer::fuzz( perFilterSetup(proto_config.name()); // Add filter to connection_. cb_(read_filter_callbacks_->connection_); + // std::cout<<"passed validation!"< 5) { + // PANIC("A case is found!"); + // } for (const auto& action : actions) { ENVOY_LOG_MISC(trace, "action {}", action.DebugString()); switch (action.action_selector_case()) { diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_filter.h index 9c611d1b3cf1b..69a57b44c06e6 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_filter.h @@ -22,6 +22,7 @@ class UberFilterFuzzer { // Check whether the filter's config is invalid for fuzzer(e.g. system call). void checkInvalidInputForFuzzer(const std::string& filter_name, Protobuf::Message* config_message); + static void setThriftFilters(envoy::config::listener::v3::Filter* config_message); protected: // Set-up filter specific mock expectations in constructor. diff --git a/test/extensions/filters/network/common/fuzz/uber_per_filter.cc b/test/extensions/filters/network/common/fuzz/uber_per_filter.cc index 87d60efb423a0..7f1a6de932fc9 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_filter.cc @@ -1,5 +1,6 @@ #include "envoy/extensions/filters/network/direct_response/v3/config.pb.h" #include "envoy/extensions/filters/network/local_ratelimit/v3/local_rate_limit.pb.h" +#include "envoy/extensions/filters/network/thrift_proxy/v3/thrift_proxy.pb.h" #include "extensions/filters/network/common/utility.h" #include "extensions/filters/network/well_known_names.h" @@ -23,7 +24,12 @@ std::vector UberFilterFuzzer::filterNames() { NetworkFilterNames::get().Echo, NetworkFilterNames::get().DirectResponse, NetworkFilterNames::get().DubboProxy, - NetworkFilterNames::get().SniCluster}; + NetworkFilterNames::get().SniCluster, + + NetworkFilterNames::get().ThriftProxy, + NetworkFilterNames::get().ZooKeeperProxy, + NetworkFilterNames::get().HttpConnectionManager, + NetworkFilterNames::get().SniDynamicForwardProxy}; } return filter_names_; } @@ -59,6 +65,15 @@ void UberFilterFuzzer::perFilterSetup(const std::string& filter_name) { .WillOnce(Invoke([&](const envoy::config::core::v3::GrpcService&, Stats::Scope&, bool) { return std::move(async_client_factory_); })); + read_filter_callbacks_->connection_.local_address_ = + ext_authz_addr_; + read_filter_callbacks_->connection_.remote_address_ = + ext_authz_addr_; + }else if(filter_name == NetworkFilterNames::get().HttpConnectionManager){ + read_filter_callbacks_->connection_.local_address_ = + http_conn_manager_addr_; + read_filter_callbacks_->connection_.remote_address_ = + http_conn_manager_addr_; } } @@ -70,17 +85,17 @@ void UberFilterFuzzer::checkInvalidInputForFuzzer(const std::string& filter_name std::string(filter_name)); if (filter_name == NetworkFilterNames::get().DirectResponse) { envoy::extensions::filters::network::direct_response::v3::Config& config = - dynamic_cast( - *config_message); + dynamic_cast( + *config_message); if (config.response().specifier_case() == envoy::config::core::v3::DataSource::SpecifierCase::kFilename) { throw EnvoyException( - fmt::format("direct_response trying to open a file. Config:\n{}", config.DebugString())); + fmt::format("direct_response trying to open a file. Config:\n{}", config.DebugString())); } } else if (filter_name == NetworkFilterNames::get().LocalRateLimit) { envoy::extensions::filters::network::local_ratelimit::v3::LocalRateLimit& config = - dynamic_cast( - *config_message); + dynamic_cast( + *config_message); if (config.token_bucket().fill_interval().seconds() > seconds_in_one_day_) { // Too large fill_interval may cause "c++/v1/chrono" overflow when simulated_time_system_ is // converting it to a smaller unit. Constraining fill_interval to no greater than one day is @@ -92,6 +107,20 @@ void UberFilterFuzzer::checkInvalidInputForFuzzer(const std::string& filter_name } } +void UberFilterFuzzer::setThriftFilters(envoy::config::listener::v3::Filter*){ + envoy::extensions::filters::network::thrift_proxy::v3::ThriftProxy config; + *(config.mutable_stat_prefix())="thrift"; + *(config.mutable_route_config()->mutable_name())="local_route"; + auto filter1 = config.mutable_thrift_filters()->Add(); + *(filter1->mutable_name())="envoy.filters.thrift.router"; + auto filter2 = config.mutable_thrift_filters()->Add(); + *(filter2->mutable_name())="envoy.filters.thrift.rate_limit"; + ProtobufWkt::Any out_config; + out_config.PackFrom(config); + std::cout<<"debug_string:\n"< Date: Tue, 21 Jul 2020 09:37:34 -0500 Subject: [PATCH 42/76] added comment and log Signed-off-by: jianwen --- .../filters/network/common/fuzz/network_filter_fuzz.proto | 3 ++- test/extensions/filters/network/common/fuzz/uber_filter.cc | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto b/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto index eafc899ca06c9..e8205658d25e1 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto @@ -11,7 +11,8 @@ message OnData { } message AdvanceTime { - uint32 milliseconds = 1 [(validate.rules).uint32 = {gt: 0}]; + // Advance the system time by (0,24] hours. + uint32 milliseconds = 1 [(validate.rules).uint32 = {gt: 0 lt: 86400000}]; } message Action { diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index b62344e20b024..ed159570e6a45 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -94,10 +94,12 @@ void UberFilterFuzzer::fuzz( factory_context_.dispatcher().run(Event::Dispatcher::RunType::NonBlock); break; } - default: + default: { // Unhandled actions. + ENVOY_LOG_MISC(debug, "Action support is missing for:\n{}", action.DebugString()); PANIC("A case is missing for an action"); } + } } reset(); From 7ac7658c6d944897fcfc23dab32fc42ea162f390 Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 21 Jul 2020 10:12:44 -0500 Subject: [PATCH 43/76] refined the test cases Signed-off-by: jianwen --- .../fuzz/network_filter_corpus/direct_response_1 | 4 ++++ .../direct_response_open_file | 7 +++++-- .../fuzz/network_filter_corpus/dubbo_proxy_1 | 14 ++++++++++++++ .../common/fuzz/network_filter_corpus/echo_1 | 7 ++----- .../fuzz/network_filter_corpus/ext_authz_1 | 9 +++++++++ .../fuzz/network_filter_corpus/ext_authz_2 | 4 ++++ .../fuzz/network_filter_corpus/redis_proxy_1 | 15 --------------- .../fuzz/network_filter_corpus/sni_cluster_1 | 2 +- .../fuzz/network_filter_corpus/sni_cluster_2 | 16 +++++++++++++++- 9 files changed, 54 insertions(+), 24 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1 index 14e4b24d92bb2..c65354895b289 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1 +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1 @@ -4,6 +4,10 @@ config { type_url: "type.googleapis.com/envoy.extensions.filters.network.direct_response.v3.Config" } } +actions { + on_new_connection { + } +} actions { on_data { } diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_open_file b/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_open_file index 00b1d061fd07b..26df2e4de4ec6 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_open_file +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_open_file @@ -6,8 +6,11 @@ config { } } actions { - advance_time { - milliseconds: 2147483648 + on_new_connection { + } +} +actions{ + on_data{ } } actions { diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1 index 13fc32667c5ec..b9c6f893f556b 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1 +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1 @@ -9,6 +9,20 @@ actions { on_new_connection { } } +actions { + advance_time { + milliseconds: 268435 + } +} +actions { + on_data { + data: "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" + } +} +actions { + on_new_connection { + } +} actions { on_data { data: "\000\013" diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1 index 5eb88e52693ba..fd15fde5a83f8 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1 +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1 @@ -20,6 +20,7 @@ actions { } actions { on_data { + data: "y" } } actions { @@ -27,8 +28,4 @@ actions { milliseconds: 2097152 } } -actions { - advance_time { - milliseconds: 778793567 - } -} + diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_1 index 8663a7a9c3c90..fabd48ca01501 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_1 +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_1 @@ -4,6 +4,15 @@ config { type_url: "type.googleapis.com/envoy.extensions.filters.network.ext_authz.v3.ExtAuthz" } } +actions { + on_data { + data: "y" + } +} +actions { + on_new_connection { + } +} actions { advance_time { milliseconds: 655360 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2 index 2587626b13169..cc8199f166f42 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2 +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2 @@ -5,6 +5,10 @@ config { value: "\n\037envoy.filters.network.ext_authz\030\001(\001" } } +actions { + on_new_connection { + } +} actions { on_data { data: ":" diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1 index ea0f08e12ffb3..15ac639614e89 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1 +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1 @@ -5,21 +5,11 @@ config { value: "\n\001N\032\032\n\005\020\200\200\200\030\030\001 \377\377\377\337\017*\005\020\200\200\200\0302\000@\001*\010\n\006\032\004\001\000\000\010" } } -actions { - advance_time { - milliseconds: 1862270976 - } -} actions { on_new_connection { } } -actions { - advance_time { - milliseconds: 455213056 - } -} actions { on_new_connection { } @@ -36,8 +26,3 @@ actions { end_stream: true } } -actions { - advance_time { - milliseconds: 1862270976 - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1 index 9452cb8d6074a..e657e3b116a2f 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1 +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1 @@ -10,7 +10,7 @@ actions { } actions { advance_time { - milliseconds: 268435456 + milliseconds: 268435 } } actions { diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_2 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_2 index 5c3b5c1c81a79..25a5c974299ad 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_2 +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_2 @@ -4,8 +4,22 @@ config { type_url: "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" } } +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 268435 + } +} +actions { + on_data { + data: "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" + } +} actions { advance_time { - milliseconds: 16777216 + milliseconds: 1677721 } } From 2b6af9d86b6b6245230f69dcd7160e85b4889322 Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 21 Jul 2020 14:44:39 -0500 Subject: [PATCH 44/76] added dict Signed-off-by: jianwen --- .../filters/network/common/fuzz/network_filter_fuzz_test.dict | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.dict diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.dict b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.dict new file mode 100644 index 0000000000000..cf10152e230ef --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.dict @@ -0,0 +1,3 @@ +# ThriftProxy's supported thrift_filters +"envoy.filters.thrift.router" +"envoy.filters.thrift.rate_limit" From ba003058d49dec1ee815761837aa5f9dee39cb0f Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 21 Jul 2020 14:53:22 -0500 Subject: [PATCH 45/76] added dict to BUILD Signed-off-by: jianwen --- test/extensions/filters/network/common/fuzz/BUILD | 1 + 1 file changed, 1 insertion(+) diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index d7e3919fe5b55..e21df9136ba70 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -50,6 +50,7 @@ envoy_cc_fuzz_test( name = "network_filter_fuzz_test", srcs = ["network_filter_fuzz_test.cc"], corpus = "network_filter_corpus", + dictionaries = ["network_filter_fuzz_test.dict"], # All Envoy network filters must be linked to the test in order for the fuzzer to pick # these up via the NamedNetworkFilterConfigFactory. deps = [ From 8d0c52ba8c1b1e6ac840ece948db50546734f689 Mon Sep 17 00:00:00 2001 From: jianwen Date: Wed, 22 Jul 2020 10:20:37 -0500 Subject: [PATCH 46/76] added support for rocketmq_proxy Signed-off-by: jianwen --- .../network/common/fuzz/network_filter_fuzz_test.cc | 2 +- .../filters/network/common/fuzz/uber_per_filter.cc | 12 +++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc index 589b7de3bffb7..5357af2a6bac9 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc @@ -30,7 +30,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase if (std::find(filter_names.begin(), filter_names.end(), input->config().name()) == std::end(filter_names)) { absl::string_view filter_name = filter_names[seed % filter_names.size()]; - filter_name = NetworkFilterNames::get().ThriftProxy; + filter_name = NetworkFilterNames::get().RateLimit; input->mutable_config()->set_name(std::string(filter_name)); } // Set the corresponding type_url for Any. diff --git a/test/extensions/filters/network/common/fuzz/uber_per_filter.cc b/test/extensions/filters/network/common/fuzz/uber_per_filter.cc index 7f1a6de932fc9..ac244f97970d3 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_filter.cc @@ -29,7 +29,17 @@ std::vector UberFilterFuzzer::filterNames() { NetworkFilterNames::get().ThriftProxy, NetworkFilterNames::get().ZooKeeperProxy, NetworkFilterNames::get().HttpConnectionManager, - NetworkFilterNames::get().SniDynamicForwardProxy}; + NetworkFilterNames::get().SniDynamicForwardProxy, + NetworkFilterNames::get().KafkaBroker, + NetworkFilterNames::get().RocketmqProxy, //fix the assert + NetworkFilterNames::get().RateLimit//ratelimit + //rbac + + // mongo_proxy + // mysql_proxy + // postgres_proxy + //tcp_proxy + }; } return filter_names_; } From 13416756bac0a61a8c8b979ac50d04ad81708ca1 Mon Sep 17 00:00:00 2001 From: jianwen Date: Wed, 22 Jul 2020 10:32:27 -0500 Subject: [PATCH 47/76] refined test cases for kafka and rocketmq Signed-off-by: jianwen --- .../common/fuzz/network_filter_corpus/kafka_1 | 20 +++++++++++++ .../network_filter_corpus/rocketmq_proxy_1 | 29 +++++++++++++++++++ .../rocketmq_proxy_crash | 29 +++++++++++++++++++ 3 files changed, 78 insertions(+) create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/kafka_1 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/rocketmq_proxy_1 create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/rocketmq_proxy_crash diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/kafka_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/kafka_1 new file mode 100644 index 0000000000000..dd8c619f9d2f6 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/kafka_1 @@ -0,0 +1,20 @@ +config { + name: "envoy.filters.network.kafka_broker" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.kafka_broker.v3.KafkaBroker" + value: "\n\"envoy.filters.network.kafka_broker" + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + } +} +actions { + advance_time { + milliseconds: 10000 + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/rocketmq_proxy_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/rocketmq_proxy_1 new file mode 100644 index 0000000000000..ecd0e74f21107 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/rocketmq_proxy_1 @@ -0,0 +1,29 @@ +config { + name: "envoy.filters.network.rocketmq_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.rocketmq_proxy.v3.RocketmqProxy" + value: "\n\004\341\200\200Y" + } +} +actions { + on_new_connection { + + } +} +actions { + on_data { + data: "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" + end_stream: true + } +} +actions { + on_data { + data: "\377j" + end_stream: true + } +} +actions { + on_data { + end_stream: true + } +} \ No newline at end of file diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/rocketmq_proxy_crash b/test/extensions/filters/network/common/fuzz/network_filter_corpus/rocketmq_proxy_crash new file mode 100644 index 0000000000000..919d40f5bd37d --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/rocketmq_proxy_crash @@ -0,0 +1,29 @@ +config { + name: "envoy.filters.network.rocketmq_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.rocketmq_proxy.v3.RocketmqProxy" + value: "\n \022\034\n\032__________________________ \001 \001" + } +} +actions { + on_new_connection { + + } +} +actions { + on_data { + data: "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" + end_stream: true + } +} +actions { + on_data { + data: "\377j" + end_stream: true + } +} +actions { + on_data { + end_stream: true + } +} From e095de3ebbb09c3083aa97ce48380efa735ee396 Mon Sep 17 00:00:00 2001 From: jianwen Date: Wed, 22 Jul 2020 11:16:35 -0500 Subject: [PATCH 48/76] added support for RateLimit and a test case for it. Signed-off-by: jianwen --- .../fuzz/network_filter_corpus/ratelimit_1 | 26 +++++++++++++++++++ .../network/common/fuzz/uber_filter.cc | 8 +++--- 2 files changed, 30 insertions(+), 4 deletions(-) create mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/ratelimit_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/ratelimit_1 b/test/extensions/filters/network/common/fuzz/network_filter_corpus/ratelimit_1 new file mode 100644 index 0000000000000..967d64df713d0 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_filter_corpus/ratelimit_1 @@ -0,0 +1,26 @@ +config { + name: "envoy.filters.network.ratelimit" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.ratelimit.v3.RateLimit" + value: "\nP\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\022Y\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\032W\nU\n\001[\022P\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\"\005\020\200\200\214\001(\0012e\022c\022Y\n\010\001\000\000\000\000\000\000\002\"M\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\032\006\010\200\200\204\360\002" + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + data: "\000" + } +} +actions { + on_data { + data: "\000\000" + } +} +actions { + advance_time { + milliseconds: 7299840 + } +} diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_filter.cc index e5312fd864ee9..2c2303a2d5b4e 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_filter.cc @@ -82,10 +82,10 @@ void UberFilterFuzzer::fuzz( perFilterSetup(proto_config.name()); // Add filter to connection_. cb_(read_filter_callbacks_->connection_); - // std::cout<<"passed validation!"< 5) { - // PANIC("A case is found!"); - // } + std::cout<<"passed validation!"< 2) { + PANIC("A case is found!"); + } for (const auto& action : actions) { ENVOY_LOG_MISC(trace, "action {}", action.DebugString()); switch (action.action_selector_case()) { From 8a92cd0efb9a2c394e045b077d13cd269ef69c5b Mon Sep 17 00:00:00 2001 From: jianwen Date: Wed, 22 Jul 2020 12:12:57 -0500 Subject: [PATCH 49/76] renamed the filter fuzzer to readfilter fuzzer Signed-off-by: jianwen --- .../filters/network/common/fuzz/BUILD | 22 +++++++++---------- .../client_sslL_auth_2 | 0 .../client_ssl_authz_1 | 0 .../direct_response_1 | 0 .../direct_response_open_file | 0 .../dubbo_proxy_1 | 0 .../echo_1 | 0 .../empty | 0 .../ext_authz_1 | 0 .../ext_authz_2 | 0 .../local_ratelimit_1 | 0 .../local_ratelimit_time_overflow | 0 .../redis_proxy_1 | 0 .../sni_cluster_1 | 0 .../sni_cluster_2 | 0 ...zz.proto => network_readfilter_fuzz.proto} | 0 ...est.cc => network_readfilter_fuzz_test.cc} | 4 ++-- ...r_per_filter.cc => uber_per_readfilter.cc} | 2 +- .../{uber_filter.cc => uber_readfilter.cc} | 2 +- .../fuzz/{uber_filter.h => uber_readfilter.h} | 2 +- 20 files changed, 16 insertions(+), 16 deletions(-) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/client_sslL_auth_2 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/client_ssl_authz_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/direct_response_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/direct_response_open_file (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/dubbo_proxy_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/echo_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/empty (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/ext_authz_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/ext_authz_2 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/local_ratelimit_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/local_ratelimit_time_overflow (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/redis_proxy_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/sni_cluster_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/sni_cluster_2 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_fuzz.proto => network_readfilter_fuzz.proto} (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_fuzz_test.cc => network_readfilter_fuzz_test.cc} (94%) rename test/extensions/filters/network/common/fuzz/{uber_per_filter.cc => uber_per_readfilter.cc} (98%) rename test/extensions/filters/network/common/fuzz/{uber_filter.cc => uber_readfilter.cc} (98%) rename test/extensions/filters/network/common/fuzz/{uber_filter.h => uber_readfilter.h} (95%) diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index cac5d5722bde8..1e6ba2c4bbfc1 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -15,8 +15,8 @@ licenses(["notice"]) # Apache 2 envoy_package() envoy_proto_library( - name = "network_filter_fuzz_proto", - srcs = ["network_filter_fuzz.proto"], + name = "network_readfilter_fuzz_proto", + srcs = ["network_readfilter_fuzz.proto"], deps = [ "//test/fuzz:common_proto", "@envoy_api//envoy/config/listener/v3:pkg", @@ -24,14 +24,14 @@ envoy_proto_library( ) envoy_cc_test_library( - name = "uber_filter_lib", + name = "uber_readfilter_lib", srcs = [ - "uber_filter.cc", - "uber_per_filter.cc", + "uber_readfilter.cc", + "uber_per_readfilter.cc", ], - hdrs = ["uber_filter.h"], + hdrs = ["uber_readfilter.h"], deps = [ - ":network_filter_fuzz_proto_cc_proto", + ":network_readfilter_fuzz_proto_cc_proto", "//source/common/config:utility_lib", "//source/extensions/filters/network:well_known_names", "//source/extensions/filters/network/common:utility_lib", @@ -45,13 +45,13 @@ envoy_cc_test_library( ) envoy_cc_fuzz_test( - name = "network_filter_fuzz_test", - srcs = ["network_filter_fuzz_test.cc"], - corpus = "network_filter_corpus", + name = "network_readfilter_fuzz_test", + srcs = ["network_readfilter_fuzz_test.cc"], + corpus = "network_readfilter_corpus", # All Envoy network filters must be linked to the test in order for the fuzzer to pick # these up via the NamedNetworkFilterConfigFactory. deps = [ - ":uber_filter_lib", + ":uber_readfilter_lib", "//source/common/config:utility_lib", "//test/config:utility_lib", ] + envoy_all_network_filters(), diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_sslL_auth_2 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/client_sslL_auth_2 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/client_sslL_auth_2 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/client_sslL_auth_2 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/client_ssl_authz_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/client_ssl_authz_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/direct_response_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/direct_response_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_open_file b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/direct_response_open_file similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_open_file rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/direct_response_open_file diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/dubbo_proxy_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/dubbo_proxy_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/echo_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/echo_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/empty b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/empty similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/empty rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/empty diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/ext_authz_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/ext_authz_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/ext_authz_2 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/ext_authz_2 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/local_ratelimit_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/local_ratelimit_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_time_overflow b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/local_ratelimit_time_overflow similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_time_overflow rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/local_ratelimit_time_overflow diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/redis_proxy_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/redis_proxy_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/sni_cluster_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/sni_cluster_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_2 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/sni_cluster_2 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_2 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/sni_cluster_2 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto b/test/extensions/filters/network/common/fuzz/network_readfilter_fuzz.proto similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto rename to test/extensions/filters/network/common/fuzz/network_readfilter_fuzz.proto diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_readfilter_fuzz_test.cc similarity index 94% rename from test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc rename to test/extensions/filters/network/common/fuzz/network_readfilter_fuzz_test.cc index f67d5f1fcf8ac..cacff3aa8938e 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_readfilter_fuzz_test.cc @@ -4,8 +4,8 @@ #include "extensions/filters/network/well_known_names.h" #include "test/config/utility.h" -#include "test/extensions/filters/network/common/fuzz/network_filter_fuzz.pb.validate.h" -#include "test/extensions/filters/network/common/fuzz/uber_filter.h" +#include "test/extensions/filters/network/common/fuzz/network_readfilter_fuzz.pb.validate.h" +#include "test/extensions/filters/network/common/fuzz/uber_readfilter.h" #include "test/fuzz/fuzz_runner.h" namespace Envoy { diff --git a/test/extensions/filters/network/common/fuzz/uber_per_filter.cc b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc similarity index 98% rename from test/extensions/filters/network/common/fuzz/uber_per_filter.cc rename to test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc index 87d60efb423a0..b13ef4bfb44c3 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc @@ -5,7 +5,7 @@ #include "extensions/filters/network/well_known_names.h" #include "test/extensions/filters/common/ext_authz/test_common.h" -#include "test/extensions/filters/network/common/fuzz/uber_filter.h" +#include "test/extensions/filters/network/common/fuzz/uber_readfilter.h" namespace Envoy { namespace Extensions { diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_readfilter.cc similarity index 98% rename from test/extensions/filters/network/common/fuzz/uber_filter.cc rename to test/extensions/filters/network/common/fuzz/uber_readfilter.cc index ed159570e6a45..abdfb3a70bcf1 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_readfilter.cc @@ -1,4 +1,4 @@ -#include "test/extensions/filters/network/common/fuzz/uber_filter.h" +#include "test/extensions/filters/network/common/fuzz/uber_readfilter.h" #include "envoy/common/exception.h" diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_readfilter.h similarity index 95% rename from test/extensions/filters/network/common/fuzz/uber_filter.h rename to test/extensions/filters/network/common/fuzz/uber_readfilter.h index 0413eb087c7ae..462f7303cf4d5 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_readfilter.h @@ -2,7 +2,7 @@ #include "common/protobuf/protobuf.h" -#include "test/extensions/filters/network/common/fuzz/network_filter_fuzz.pb.validate.h" +#include "test/extensions/filters/network/common/fuzz/network_readfilter_fuzz.pb.validate.h" #include "test/extensions/filters/network/common/fuzz/utils/fakes.h" #include "test/mocks/network/mocks.h" From 44358da21ab79a09e13adfe400cdffd0e74007f5 Mon Sep 17 00:00:00 2001 From: jianwen Date: Wed, 22 Jul 2020 12:15:42 -0500 Subject: [PATCH 50/76] fixed code style Signed-off-by: jianwen --- test/extensions/filters/network/common/fuzz/BUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index 1e6ba2c4bbfc1..a97370781cbcb 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -26,8 +26,8 @@ envoy_proto_library( envoy_cc_test_library( name = "uber_readfilter_lib", srcs = [ - "uber_readfilter.cc", "uber_per_readfilter.cc", + "uber_readfilter.cc", ], hdrs = ["uber_readfilter.h"], deps = [ From e17c103fb60a34f5550cdfc4d58b5577802098ee Mon Sep 17 00:00:00 2001 From: jianwen Date: Wed, 22 Jul 2020 12:55:45 -0500 Subject: [PATCH 51/76] merged generic fuzzer(rename) Signed-off-by: jianwen --- .../filters/network/common/fuzz/BUILD | 22 +++++----- .../client_ssl_authz_1_copy | 44 ------------------- ...492d3dff68c09e6a8b22e558e3fe865b78895_copy | 40 ----------------- .../direct_response_1_copy | 32 -------------- .../network_filter_corpus/dubbo_proxy_1_copy | 39 ---------------- .../fuzz/network_filter_corpus/echo_1_copy | 34 -------------- .../network_filter_corpus/ext_authz_2_copy | 12 ----- .../local_ratelimit_1_copy | 39 ---------------- .../network_filter_corpus/redis_proxy_1_copy | 43 ------------------ .../network_filter_corpus/sni_cluster_1_copy | 35 --------------- .../sni_dynamic_forward_proxy_1_copy | 36 --------------- .../network_filter_corpus/tcp_proxy_1_copy | 34 -------------- .../client_sslL_auth_2 | 0 .../client_ssl_authz_1 | 0 .../direct_response_1 | 0 .../direct_response_open_file | 0 .../dubbo_proxy_1 | 0 .../echo_1 | 0 .../empty | 0 .../ext_authz_1 | 0 .../ext_authz_2 | 0 .../http_connection_manager_1 | 0 .../http_connection_manager_2 | 0 .../http_connection_manager_3 | 0 .../http_connection_manager_4 | 0 .../http_connection_manager_5 | 0 .../kafka_1 | 0 .../local_ratelimit_1 | 0 .../local_ratelimit_time_overflow | 0 .../ratelimit_1 | 0 .../redis_proxy_1 | 0 .../rocketmq_proxy_1 | 0 .../rocketmq_proxy_crash | 0 .../sni_cluster_1 | 0 .../sni_cluster_2 | 0 .../sni_dynamic_forward_proxy_1 | 0 .../tcp_proxy_1 | 0 .../thrift_proxy_1 | 0 .../thrift_proxy_2 | 0 .../thrift_proxy_3 | 0 .../zookeeper_proxy_1 | 0 ...zz.proto => network_readfilter_fuzz.proto} | 0 ...est.cc => network_readfilter_fuzz_test.cc} | 4 +- ...r_per_filter.cc => uber_per_readfilter.cc} | 2 +- .../{uber_filter.cc => uber_readfilter.cc} | 2 +- .../fuzz/{uber_filter.h => uber_readfilter.h} | 2 +- 46 files changed, 16 insertions(+), 404 deletions(-) delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1_copy delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895_copy delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1_copy delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1_copy delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1_copy delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2_copy delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_1_copy delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1_copy delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1_copy delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1_copy delete mode 100644 test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1_copy rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/client_sslL_auth_2 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/client_ssl_authz_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/direct_response_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/direct_response_open_file (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/dubbo_proxy_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/echo_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/empty (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/ext_authz_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/ext_authz_2 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/http_connection_manager_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/http_connection_manager_2 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/http_connection_manager_3 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/http_connection_manager_4 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/http_connection_manager_5 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/kafka_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/local_ratelimit_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/local_ratelimit_time_overflow (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/ratelimit_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/redis_proxy_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/rocketmq_proxy_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/rocketmq_proxy_crash (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/sni_cluster_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/sni_cluster_2 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/sni_dynamic_forward_proxy_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/tcp_proxy_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/thrift_proxy_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/thrift_proxy_2 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/thrift_proxy_3 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_corpus => network_readfilter_corpus}/zookeeper_proxy_1 (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_fuzz.proto => network_readfilter_fuzz.proto} (100%) rename test/extensions/filters/network/common/fuzz/{network_filter_fuzz_test.cc => network_readfilter_fuzz_test.cc} (94%) rename test/extensions/filters/network/common/fuzz/{uber_per_filter.cc => uber_per_readfilter.cc} (98%) rename test/extensions/filters/network/common/fuzz/{uber_filter.cc => uber_readfilter.cc} (98%) rename test/extensions/filters/network/common/fuzz/{uber_filter.h => uber_readfilter.h} (95%) diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index e21df9136ba70..c51969b66af22 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -15,8 +15,8 @@ licenses(["notice"]) # Apache 2 envoy_package() envoy_proto_library( - name = "network_filter_fuzz_proto", - srcs = ["network_filter_fuzz.proto"], + name = "network_readfilter_fuzz_proto", + srcs = ["network_readfilter_fuzz.proto"], deps = [ "//test/fuzz:common_proto", "@envoy_api//envoy/config/listener/v3:pkg", @@ -24,14 +24,14 @@ envoy_proto_library( ) envoy_cc_test_library( - name = "uber_filter_lib", + name = "uber_readfilter_lib", srcs = [ - "uber_filter.cc", - "uber_per_filter.cc", + "uber_per_readfilter.cc", + "uber_readfilter.cc", ], - hdrs = ["uber_filter.h"], + hdrs = ["uber_readfilter.h"], deps = [ - ":network_filter_fuzz_proto_cc_proto", + ":network_readfilter_fuzz_proto_cc_proto", "//source/common/config:utility_lib", "//source/extensions/filters/network:well_known_names", "//source/extensions/filters/network/common:utility_lib", @@ -47,14 +47,14 @@ envoy_cc_test_library( ) envoy_cc_fuzz_test( - name = "network_filter_fuzz_test", - srcs = ["network_filter_fuzz_test.cc"], - corpus = "network_filter_corpus", + name = "network_readfilter_fuzz_test", + srcs = ["network_readfilter_fuzz_test.cc"], + corpus = "network_readfilter_corpus", dictionaries = ["network_filter_fuzz_test.dict"], # All Envoy network filters must be linked to the test in order for the fuzzer to pick # these up via the NamedNetworkFilterConfigFactory. deps = [ - ":uber_filter_lib", + ":uber_readfilter_lib", "//source/common/config:utility_lib", "//test/config:utility_lib", "//source/extensions/filters/network/thrift_proxy/router:config", diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1_copy deleted file mode 100644 index 44f4dfaf34d18..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1_copy +++ /dev/null @@ -1,44 +0,0 @@ -config { - name: "envoy.filters.network.client_ssl_auth" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.client_ssl_auth.v3.ClientSSLAuth" - value: "\n%envoy.filters.network.client_ssl_auth\022\0011" - } -} -actions { - on_new_connection { - } -} -actions { - advance_time { - milliseconds: 4 - } -} -actions { - on_data { - data: "u\360" - } -} -actions { - on_data { - data: "u\360" - } -} -actions { - on_data { - data: "u\360" - } -} -actions { - advance_time { - milliseconds: 4 - } -} -actions { - on_new_connection { - } -} -actions { - on_new_connection { - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895_copy deleted file mode 100644 index 3a6b385654b01..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/crash-a54492d3dff68c09e6a8b22e558e3fe865b78895_copy +++ /dev/null @@ -1,40 +0,0 @@ -config { - name: "envoy.filters.network.local_ratelimit" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit" - value: "\nVtype.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit\022\013\010\001\032\007\010\200^\020\200\306\001" - } -} -actions { - on_new_connection { - } -} -actions { - on_data { - data: "\000" - } -} -actions { - on_data { - data: "\000\000" - } -} -actions { - advance_time { - milliseconds: 12035000 - } -} -actions { - advance_time { - milliseconds: 12035000 - } -} -actions { - advance_time { - milliseconds: 268435456 - } -} -actions { - on_new_connection { - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1_copy deleted file mode 100644 index 14e4b24d92bb2..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1_copy +++ /dev/null @@ -1,32 +0,0 @@ -config { - name: "envoy.filters.network.direct_response" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.direct_response.v3.Config" - } -} -actions { - on_data { - } -} -actions { - on_data { - data: "y" - } -} -actions { - on_data { - } -} -actions { - on_data { - } -} -actions { - on_data { - data: "\006" - } -} -actions { - on_data { - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1_copy deleted file mode 100644 index 13fc32667c5ec..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1_copy +++ /dev/null @@ -1,39 +0,0 @@ -config { - name: "envoy.filters.network.dubbo_proxy" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.dubbo_proxy.v3.DubboProxy" - value: "\n!envoy.filters.network.dubbo_proxy" - } -} -actions { - on_new_connection { - } -} -actions { - on_data { - data: "\000\013" - } -} -actions { - on_data { - data: "\000\013" - } -} -actions { - on_data { - data: "\000\013" - } -} -actions { - on_data { - data: "\000\013" - } -} -actions { - on_new_connection { - } -} -actions { - on_new_connection { - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1_copy deleted file mode 100644 index 5eb88e52693ba..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1_copy +++ /dev/null @@ -1,34 +0,0 @@ -config { - name: "envoy.filters.network.echo" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.echo.v3.Echo" - } -} -actions { - on_new_connection { - } -} -actions { - advance_time { - milliseconds: 2097152 - } -} -actions { - advance_time { - milliseconds: 4194304 - } -} -actions { - on_data { - } -} -actions { - advance_time { - milliseconds: 2097152 - } -} -actions { - advance_time { - milliseconds: 778793567 - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2_copy deleted file mode 100644 index 2587626b13169..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2_copy +++ /dev/null @@ -1,12 +0,0 @@ -config { - name: "envoy.filters.network.ext_authz" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.ext_authz.v3.ExtAuthz" - value: "\n\037envoy.filters.network.ext_authz\030\001(\001" - } -} -actions { - on_data { - data: ":" - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_1_copy deleted file mode 100644 index ab8d73afbd8f8..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_1_copy +++ /dev/null @@ -1,39 +0,0 @@ -config { - name: "envoy.filters.network.local_ratelimit" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit" - value: "\nVtype.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit\022\013\010\001\032\007\010\200^\020\200\306\001" - } -} -actions { - on_new_connection { - } -} -actions { - on_data { - data: "\000\000" - } -} -actions { - on_data { - data: "\000\000" - } -} -actions { - on_new_connection { - } -} -actions { - advance_time { - milliseconds: 12035000 - } -} -actions { - on_data { - data: "\000\000" - } -} -actions { - on_new_connection { - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1_copy deleted file mode 100644 index ea0f08e12ffb3..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1_copy +++ /dev/null @@ -1,43 +0,0 @@ -config { - name: "envoy.filters.network.redis_proxy" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.redis_proxy.v3.RedisProxy" - value: "\n\001N\032\032\n\005\020\200\200\200\030\030\001 \377\377\377\337\017*\005\020\200\200\200\0302\000@\001*\010\n\006\032\004\001\000\000\010" - } -} -actions { - advance_time { - milliseconds: 1862270976 - } -} -actions { - on_new_connection { - - } -} -actions { - advance_time { - milliseconds: 455213056 - } -} -actions { - on_new_connection { - } -} -actions { - on_data { - data: "0" - end_stream: true - } -} -actions { - on_data { - data: "0" - end_stream: true - } -} -actions { - advance_time { - milliseconds: 1862270976 - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1_copy deleted file mode 100644 index 9452cb8d6074a..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1_copy +++ /dev/null @@ -1,35 +0,0 @@ -config { - name: "envoy.filters.network.sni_cluster" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } -} -actions { - on_new_connection { - } -} -actions { - advance_time { - milliseconds: 268435456 - } -} -actions { - on_data { - data: "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" - } -} -actions { - on_data { - data: "IIIIIIIIIIIIIIIIIIII\000\000\000\000\000\000\000;IIIIIIIIIIIIIIIIIIIIIIIIIIIIII" - } -} -actions { - advance_time { - milliseconds: 16384 - } -} -actions { - advance_time { - milliseconds: 13 - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1_copy deleted file mode 100644 index 21ad6d880835a..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1_copy +++ /dev/null @@ -1,36 +0,0 @@ -config { - name: "envoy.filters.network.sni_dynamic_forward_proxy" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.sni_dynamic_forward_proxy.v3alpha.FilterConfig" - value: "\nP\nFenvoy.network.sni_dynamic_fo.filters.network.sni_dynamic_forward_proxy*\006\010\200\200\200\260\002" - } -} -actions { - on_new_connection { - } -} -actions { - advance_time { - milliseconds: 30976 - } -} -actions { - advance_time { - milliseconds: 262144 - } -} -actions { - on_data { - data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" - } -} -actions { - on_data { - data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" - } -} -actions { - on_data { - data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1_copy b/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1_copy deleted file mode 100644 index 1c4cce16fa644..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1_copy +++ /dev/null @@ -1,34 +0,0 @@ -config { - name: "envoy.filters.network.tcp_proxy" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy" - value: "\n\002AZ\022\320\001\n\001Z\022y\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\032J(\n&\n\"envoy.config.core.v3.SocketAddress\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\022\000J(\n&\n\"envoy.config.core.v3.SocketAddress\022\000" - } -} -actions { - on_new_connection { - } -} -actions { - on_data { - data: "u\360" - } -} -actions { - on_new_connection { - } -} -actions { - on_new_connection { - } -} -actions { - on_data { - data: "u\360" - } -} -actions { - advance_time { - milliseconds: 12288 - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_sslL_auth_2 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/client_sslL_auth_2 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/client_sslL_auth_2 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/client_sslL_auth_2 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/client_ssl_authz_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/client_ssl_authz_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/client_ssl_authz_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/direct_response_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/direct_response_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_open_file b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/direct_response_open_file similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/direct_response_open_file rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/direct_response_open_file diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/dubbo_proxy_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/dubbo_proxy_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/dubbo_proxy_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/echo_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/echo_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/echo_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/empty b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/empty similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/empty rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/empty diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/ext_authz_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/ext_authz_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/ext_authz_2 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/ext_authz_2 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/ext_authz_2 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_2 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_2 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_2 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_2 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_3 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_3 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_3 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_3 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_4 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_4 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_4 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_4 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_5 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_5 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/http_connection_manager_5 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_5 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/kafka_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/kafka_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/kafka_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/kafka_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/local_ratelimit_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/local_ratelimit_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_time_overflow b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/local_ratelimit_time_overflow similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/local_ratelimit_time_overflow rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/local_ratelimit_time_overflow diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/ratelimit_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/ratelimit_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/ratelimit_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/ratelimit_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/redis_proxy_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/redis_proxy_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/redis_proxy_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/rocketmq_proxy_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/rocketmq_proxy_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/rocketmq_proxy_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/rocketmq_proxy_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/rocketmq_proxy_crash b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/rocketmq_proxy_crash similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/rocketmq_proxy_crash rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/rocketmq_proxy_crash diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/sni_cluster_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/sni_cluster_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_2 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/sni_cluster_2 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_cluster_2 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/sni_cluster_2 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/sni_dynamic_forward_proxy_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/sni_dynamic_forward_proxy_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/sni_dynamic_forward_proxy_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/tcp_proxy_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/tcp_proxy_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/tcp_proxy_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/thrift_proxy_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/thrift_proxy_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_2 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/thrift_proxy_2 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_2 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/thrift_proxy_2 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_3 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/thrift_proxy_3 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/thrift_proxy_3 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/thrift_proxy_3 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_corpus/zookeeper_proxy_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/zookeeper_proxy_1 similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_corpus/zookeeper_proxy_1 rename to test/extensions/filters/network/common/fuzz/network_readfilter_corpus/zookeeper_proxy_1 diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto b/test/extensions/filters/network/common/fuzz/network_readfilter_fuzz.proto similarity index 100% rename from test/extensions/filters/network/common/fuzz/network_filter_fuzz.proto rename to test/extensions/filters/network/common/fuzz/network_readfilter_fuzz.proto diff --git a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_readfilter_fuzz_test.cc similarity index 94% rename from test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc rename to test/extensions/filters/network/common/fuzz/network_readfilter_fuzz_test.cc index 5357af2a6bac9..38b4814882ae0 100644 --- a/test/extensions/filters/network/common/fuzz/network_filter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_readfilter_fuzz_test.cc @@ -4,8 +4,8 @@ #include "extensions/filters/network/well_known_names.h" #include "test/config/utility.h" -#include "test/extensions/filters/network/common/fuzz/network_filter_fuzz.pb.validate.h" -#include "test/extensions/filters/network/common/fuzz/uber_filter.h" +#include "test/extensions/filters/network/common/fuzz/network_readfilter_fuzz.pb.validate.h" +#include "test/extensions/filters/network/common/fuzz/uber_readfilter.h" #include "test/fuzz/fuzz_runner.h" namespace Envoy { diff --git a/test/extensions/filters/network/common/fuzz/uber_per_filter.cc b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc similarity index 98% rename from test/extensions/filters/network/common/fuzz/uber_per_filter.cc rename to test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc index ac244f97970d3..744a72e7907c8 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc @@ -6,7 +6,7 @@ #include "extensions/filters/network/well_known_names.h" #include "test/extensions/filters/common/ext_authz/test_common.h" -#include "test/extensions/filters/network/common/fuzz/uber_filter.h" +#include "test/extensions/filters/network/common/fuzz/uber_readfilter.h" namespace Envoy { namespace Extensions { diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.cc b/test/extensions/filters/network/common/fuzz/uber_readfilter.cc similarity index 98% rename from test/extensions/filters/network/common/fuzz/uber_filter.cc rename to test/extensions/filters/network/common/fuzz/uber_readfilter.cc index 2c2303a2d5b4e..fc12a191c45ea 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_readfilter.cc @@ -1,4 +1,4 @@ -#include "test/extensions/filters/network/common/fuzz/uber_filter.h" +#include "test/extensions/filters/network/common/fuzz/uber_readfilter.h" #include "envoy/common/exception.h" diff --git a/test/extensions/filters/network/common/fuzz/uber_filter.h b/test/extensions/filters/network/common/fuzz/uber_readfilter.h similarity index 95% rename from test/extensions/filters/network/common/fuzz/uber_filter.h rename to test/extensions/filters/network/common/fuzz/uber_readfilter.h index 69a57b44c06e6..2efed06823d8d 100644 --- a/test/extensions/filters/network/common/fuzz/uber_filter.h +++ b/test/extensions/filters/network/common/fuzz/uber_readfilter.h @@ -2,7 +2,7 @@ #include "common/protobuf/protobuf.h" -#include "test/extensions/filters/network/common/fuzz/network_filter_fuzz.pb.validate.h" +#include "test/extensions/filters/network/common/fuzz/network_readfilter_fuzz.pb.validate.h" #include "test/extensions/filters/network/common/fuzz/utils/fakes.h" #include "test/mocks/network/mocks.h" From 7e6e148b24042e34c7640d77dc28822d446b4886 Mon Sep 17 00:00:00 2001 From: jianwen Date: Thu, 23 Jul 2020 09:40:37 -0500 Subject: [PATCH 52/76] added rbac Signed-off-by: jianwen --- .../filters/network/common/fuzz/BUILD | 2 +- .../fuzz/network_readfilter_corpus/rbac_1 | 20 ++++ .../rocketmq_proxy_1 | 29 ----- .../rocketmq_proxy_crash | 29 ----- .../fuzz/network_readfilter_fuzz_test.cc | 2 +- .../common/fuzz/uber_per_readfilter.cc | 112 ++++++++++-------- .../network/common/fuzz/uber_readfilter.cc | 21 ++-- .../network/common/fuzz/uber_readfilter.h | 7 +- 8 files changed, 96 insertions(+), 126 deletions(-) create mode 100644 test/extensions/filters/network/common/fuzz/network_readfilter_corpus/rbac_1 delete mode 100644 test/extensions/filters/network/common/fuzz/network_readfilter_corpus/rocketmq_proxy_1 delete mode 100644 test/extensions/filters/network/common/fuzz/network_readfilter_corpus/rocketmq_proxy_crash diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index c51969b66af22..b6c6336f7d41a 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -33,6 +33,7 @@ envoy_cc_test_library( deps = [ ":network_readfilter_fuzz_proto_cc_proto", "//source/common/config:utility_lib", + "//source/extensions/filters/common/ratelimit:ratelimit_lib", "//source/extensions/filters/network:well_known_names", "//source/extensions/filters/network/common:utility_lib", "//test/extensions/filters/common/ext_authz:ext_authz_test_common", @@ -41,7 +42,6 @@ envoy_cc_test_library( "//test/mocks/network:network_mocks", "@envoy_api//envoy/extensions/filters/network/direct_response/v3:pkg_cc_proto", "@envoy_api//envoy/extensions/filters/network/local_ratelimit/v3:pkg_cc_proto", - "@envoy_api//envoy/extensions/filters/network/http_connection_manager/v3:pkg_cc_proto", "@envoy_api//envoy/extensions/filters/network/thrift_proxy/v3:pkg_cc_proto", ], ) diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/rbac_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/rbac_1 new file mode 100644 index 0000000000000..61f1adaedc4d8 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/rbac_1 @@ -0,0 +1,20 @@ +config { + name: "envoy.filters.network.rbac" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC" + value: "\032\010\177\177\177\177\177\177\177\177" + } +} +actions { + on_new_connection { + } +} +actions { + on_data { + } +} +actions { + on_data { + end_stream: true + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/rocketmq_proxy_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/rocketmq_proxy_1 deleted file mode 100644 index ecd0e74f21107..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/rocketmq_proxy_1 +++ /dev/null @@ -1,29 +0,0 @@ -config { - name: "envoy.filters.network.rocketmq_proxy" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.rocketmq_proxy.v3.RocketmqProxy" - value: "\n\004\341\200\200Y" - } -} -actions { - on_new_connection { - - } -} -actions { - on_data { - data: "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" - end_stream: true - } -} -actions { - on_data { - data: "\377j" - end_stream: true - } -} -actions { - on_data { - end_stream: true - } -} \ No newline at end of file diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/rocketmq_proxy_crash b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/rocketmq_proxy_crash deleted file mode 100644 index 919d40f5bd37d..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/rocketmq_proxy_crash +++ /dev/null @@ -1,29 +0,0 @@ -config { - name: "envoy.filters.network.rocketmq_proxy" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.rocketmq_proxy.v3.RocketmqProxy" - value: "\n \022\034\n\032__________________________ \001 \001" - } -} -actions { - on_new_connection { - - } -} -actions { - on_data { - data: "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" - end_stream: true - } -} -actions { - on_data { - data: "\377j" - end_stream: true - } -} -actions { - on_data { - end_stream: true - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_readfilter_fuzz_test.cc index 38b4814882ae0..5567a39d1c2b8 100644 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_readfilter_fuzz_test.cc @@ -30,7 +30,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase if (std::find(filter_names.begin(), filter_names.end(), input->config().name()) == std::end(filter_names)) { absl::string_view filter_name = filter_names[seed % filter_names.size()]; - filter_name = NetworkFilterNames::get().RateLimit; + filter_name = NetworkFilterNames::get().Rbac; input->mutable_config()->set_name(std::string(filter_name)); } // Set the corresponding type_url for Any. diff --git a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc index 744a72e7907c8..827f51a0954f7 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc @@ -2,6 +2,7 @@ #include "envoy/extensions/filters/network/local_ratelimit/v3/local_rate_limit.pb.h" #include "envoy/extensions/filters/network/thrift_proxy/v3/thrift_proxy.pb.h" +#include "extensions/filters/common/ratelimit/ratelimit_impl.h" #include "extensions/filters/network/common/utility.h" #include "extensions/filters/network/well_known_names.h" @@ -11,35 +12,38 @@ namespace Envoy { namespace Extensions { namespace NetworkFilters { - + // Limit the fill_interval in the config of local_ratelimit filter prevent overflow in + // std::chrono::time_point. +static const int SecondsPerDay = 86400; std::vector UberFilterFuzzer::filterNames() { // These filters have already been covered by this fuzzer. // Will extend to cover other network filters one by one. static ::std::vector filter_names_; if (filter_names_.empty()) { - filter_names_ = {NetworkFilterNames::get().ExtAuthorization, - NetworkFilterNames::get().LocalRateLimit, - NetworkFilterNames::get().RedisProxy, - NetworkFilterNames::get().ClientSslAuth, - NetworkFilterNames::get().Echo, - NetworkFilterNames::get().DirectResponse, - NetworkFilterNames::get().DubboProxy, - NetworkFilterNames::get().SniCluster, + filter_names_ = { + NetworkFilterNames::get().ExtAuthorization, + NetworkFilterNames::get().LocalRateLimit, + NetworkFilterNames::get().RedisProxy, + NetworkFilterNames::get().ClientSslAuth, + NetworkFilterNames::get().Echo, + NetworkFilterNames::get().DirectResponse, + NetworkFilterNames::get().DubboProxy, + NetworkFilterNames::get().SniCluster, - NetworkFilterNames::get().ThriftProxy, - NetworkFilterNames::get().ZooKeeperProxy, - NetworkFilterNames::get().HttpConnectionManager, - NetworkFilterNames::get().SniDynamicForwardProxy, - NetworkFilterNames::get().KafkaBroker, - NetworkFilterNames::get().RocketmqProxy, //fix the assert - NetworkFilterNames::get().RateLimit//ratelimit - //rbac + NetworkFilterNames::get().ThriftProxy, + NetworkFilterNames::get().ZooKeeperProxy, + NetworkFilterNames::get().HttpConnectionManager, + NetworkFilterNames::get().SniDynamicForwardProxy, + NetworkFilterNames::get().KafkaBroker, + NetworkFilterNames::get().RocketmqProxy, // fix the assert + NetworkFilterNames::get().RateLimit, // ratelimit + NetworkFilterNames::get().Rbac - // mongo_proxy - // mysql_proxy - // postgres_proxy - //tcp_proxy - }; + // mongo_proxy + // mysql_proxy + // postgres_proxy + // tcp_proxy + }; } return filter_names_; } @@ -75,15 +79,37 @@ void UberFilterFuzzer::perFilterSetup(const std::string& filter_name) { .WillOnce(Invoke([&](const envoy::config::core::v3::GrpcService&, Stats::Scope&, bool) { return std::move(async_client_factory_); })); - read_filter_callbacks_->connection_.local_address_ = - ext_authz_addr_; - read_filter_callbacks_->connection_.remote_address_ = - ext_authz_addr_; - }else if(filter_name == NetworkFilterNames::get().HttpConnectionManager){ - read_filter_callbacks_->connection_.local_address_ = - http_conn_manager_addr_; - read_filter_callbacks_->connection_.remote_address_ = - http_conn_manager_addr_; + read_filter_callbacks_->connection_.local_address_ = pipe_addr_; + read_filter_callbacks_->connection_.remote_address_ = pipe_addr_; + } else if (filter_name == NetworkFilterNames::get().HttpConnectionManager) { + read_filter_callbacks_->connection_.local_address_ = ipv4_addr_; + read_filter_callbacks_->connection_.remote_address_ = ipv4_addr_; + } else if (filter_name == NetworkFilterNames::get().RateLimit) { + async_client_factory_ = std::make_unique(); + async_client_ = std::make_unique(); + // TODO(jianwendong): consider testing on different kinds of responses. + ON_CALL(*async_client_, sendRaw(_, _, _, _, _, _)) + .WillByDefault(testing::WithArgs<3>(Invoke([&](Grpc::RawAsyncRequestCallbacks& callbacks) { + Filters::Common::RateLimit::GrpcClientImpl* grpc_client_impl = + dynamic_cast(&callbacks); + // Response OK + auto response = std::make_unique(); + // Give response to the grpc_client by calling onSuccess(). + grpc_client_impl->onSuccess(std::move(response), span_); + return async_request_.get(); + }))); + + EXPECT_CALL(*async_client_factory_, create()).WillOnce(Invoke([&] { + return std::move(async_client_); + })); + + EXPECT_CALL(factory_context_.cluster_manager_.async_client_manager_, + factoryForGrpcService(_, _, _)) + .WillOnce(Invoke([&](const envoy::config::core::v3::GrpcService&, Stats::Scope&, bool) { + return std::move(async_client_factory_); + })); + read_filter_callbacks_->connection_.local_address_ = pipe_addr_; + read_filter_callbacks_->connection_.remote_address_ = pipe_addr_; } } @@ -95,17 +121,17 @@ void UberFilterFuzzer::checkInvalidInputForFuzzer(const std::string& filter_name std::string(filter_name)); if (filter_name == NetworkFilterNames::get().DirectResponse) { envoy::extensions::filters::network::direct_response::v3::Config& config = - dynamic_cast( - *config_message); + dynamic_cast( + *config_message); if (config.response().specifier_case() == envoy::config::core::v3::DataSource::SpecifierCase::kFilename) { throw EnvoyException( - fmt::format("direct_response trying to open a file. Config:\n{}", config.DebugString())); + fmt::format("direct_response trying to open a file. Config:\n{}", config.DebugString())); } } else if (filter_name == NetworkFilterNames::get().LocalRateLimit) { envoy::extensions::filters::network::local_ratelimit::v3::LocalRateLimit& config = - dynamic_cast( - *config_message); + dynamic_cast( + *config_message); if (config.token_bucket().fill_interval().seconds() > seconds_in_one_day_) { // Too large fill_interval may cause "c++/v1/chrono" overflow when simulated_time_system_ is // converting it to a smaller unit. Constraining fill_interval to no greater than one day is @@ -117,20 +143,6 @@ void UberFilterFuzzer::checkInvalidInputForFuzzer(const std::string& filter_name } } -void UberFilterFuzzer::setThriftFilters(envoy::config::listener::v3::Filter*){ - envoy::extensions::filters::network::thrift_proxy::v3::ThriftProxy config; - *(config.mutable_stat_prefix())="thrift"; - *(config.mutable_route_config()->mutable_name())="local_route"; - auto filter1 = config.mutable_thrift_filters()->Add(); - *(filter1->mutable_name())="envoy.filters.thrift.router"; - auto filter2 = config.mutable_thrift_filters()->Add(); - *(filter2->mutable_name())="envoy.filters.thrift.rate_limit"; - ProtobufWkt::Any out_config; - out_config.PackFrom(config); - std::cout<<"debug_string:\n"<connection_.bytes_sent_callbacks_.clear(); read_filter_callbacks_->connection_.state_ = Network::Connection::State::Open; // Clear the pointers inside the mock_dispatcher - Event::MockDispatcher& mock_dispatcher = dynamic_cast(read_filter_callbacks_->connection_.dispatcher_); + Event::MockDispatcher& mock_dispatcher = + dynamic_cast(read_filter_callbacks_->connection_.dispatcher_); mock_dispatcher.to_delete_.clear(); read_filter_.reset(); } @@ -31,13 +32,13 @@ void UberFilterFuzzer::fuzzerSetup() { read_filter_callbacks_ = std::make_shared>(); ON_CALL(read_filter_callbacks_->connection_, addReadFilter(_)) .WillByDefault(Invoke([&](Network::ReadFilterSharedPtr read_filter) -> void { - std::cout<<"add readFilter"<initializeReadFilterCallbacks(*read_filter_callbacks_); })); ON_CALL(read_filter_callbacks_->connection_, addFilter(_)) .WillByDefault(Invoke([&](Network::FilterSharedPtr read_filter) -> void { - std::cout<<"add filter"<initializeReadFilterCallbacks(*read_filter_callbacks_); })); @@ -47,11 +48,9 @@ void UberFilterFuzzer::fuzzerSetup() { // Prepare time source for filters such as local_ratelimit filter. factory_context_.prepareSimulatedSystemTime(); // Prepare address for filters such as ext_authz filter. - ext_authz_addr_ = std::make_shared("/test/test.sock"); - http_conn_manager_addr_ = std::make_shared("127.0.0.1"); + pipe_addr_ = std::make_shared("/test/test.sock"); + ipv4_addr_ = std::make_shared("127.0.0.1"); async_request_ = std::make_unique(); - // Prepare protocol for http_connection_manager - // read_filter_callbacks_->connection_.stream_info_.protocol_ = Http::Protocol::Http2; } UberFilterFuzzer::UberFilterFuzzer() : time_source_(factory_context_.simulatedTimeSystem()) { @@ -82,10 +81,10 @@ void UberFilterFuzzer::fuzz( perFilterSetup(proto_config.name()); // Add filter to connection_. cb_(read_filter_callbacks_->connection_); - std::cout<<"passed validation!"< 2) { - PANIC("A case is found!"); - } + std::cout << "passed validation!" << std::endl; + // if (actions.size() > 2) { + // PANIC("A case is found!"); + // } for (const auto& action : actions) { ENVOY_LOG_MISC(trace, "action {}", action.DebugString()); switch (action.action_selector_case()) { diff --git a/test/extensions/filters/network/common/fuzz/uber_readfilter.h b/test/extensions/filters/network/common/fuzz/uber_readfilter.h index 2efed06823d8d..ac9789b38136b 100644 --- a/test/extensions/filters/network/common/fuzz/uber_readfilter.h +++ b/test/extensions/filters/network/common/fuzz/uber_readfilter.h @@ -36,17 +36,14 @@ class UberFilterFuzzer { Server::Configuration::FakeFactoryContext factory_context_; Network::ReadFilterSharedPtr read_filter_; Network::FilterFactoryCb cb_; - Network::Address::InstanceConstSharedPtr ext_authz_addr_; - Network::Address::InstanceConstSharedPtr http_conn_manager_addr_; + Network::Address::InstanceConstSharedPtr pipe_addr_; + Network::Address::InstanceConstSharedPtr ipv4_addr_; Event::SimulatedTimeSystem& time_source_; std::shared_ptr> read_filter_callbacks_; std::unique_ptr async_request_; std::unique_ptr async_client_; std::unique_ptr async_client_factory_; Tracing::MockSpan span_; - // Limit the fill_interval in the config of local_ratelimit filter prevent overflow in - // std::chrono::time_point. - int seconds_in_one_day_ = 86400; }; } // namespace NetworkFilters From 2ffa96f36b36e7f7df88615eb34e931f7bbfde35 Mon Sep 17 00:00:00 2001 From: jianwen Date: Thu, 23 Jul 2020 10:12:23 -0500 Subject: [PATCH 53/76] fix nits Signed-off-by: jianwen --- .../common/fuzz/uber_per_readfilter.cc | 39 +++++++++++-------- .../network/common/fuzz/uber_readfilter.cc | 4 +- .../network/common/fuzz/uber_readfilter.h | 3 -- 3 files changed, 23 insertions(+), 23 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc index b13ef4bfb44c3..7507dd72d4e3a 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc @@ -10,22 +10,26 @@ namespace Envoy { namespace Extensions { namespace NetworkFilters { - +namespace { +// Limit the fill_interval in the config of local_ratelimit filter prevent overflow in +// std::chrono::time_point. +static const int SecondsPerDay = 86400; +} // namespace std::vector UberFilterFuzzer::filterNames() { // These filters have already been covered by this fuzzer. // Will extend to cover other network filters one by one. - static ::std::vector filter_names_; - if (filter_names_.empty()) { - filter_names_ = {NetworkFilterNames::get().ExtAuthorization, - NetworkFilterNames::get().LocalRateLimit, - NetworkFilterNames::get().RedisProxy, - NetworkFilterNames::get().ClientSslAuth, - NetworkFilterNames::get().Echo, - NetworkFilterNames::get().DirectResponse, - NetworkFilterNames::get().DubboProxy, - NetworkFilterNames::get().SniCluster}; + static std::vector filter_names; + if (filter_names.empty()) { + filter_names = {NetworkFilterNames::get().ExtAuthorization, + NetworkFilterNames::get().LocalRateLimit, + NetworkFilterNames::get().RedisProxy, + NetworkFilterNames::get().ClientSslAuth, + NetworkFilterNames::get().Echo, + NetworkFilterNames::get().DirectResponse, + NetworkFilterNames::get().DubboProxy, + NetworkFilterNames::get().SniCluster}; } - return filter_names_; + return filter_names; } void UberFilterFuzzer::perFilterSetup(const std::string& filter_name) { @@ -65,7 +69,8 @@ void UberFilterFuzzer::perFilterSetup(const std::string& filter_name) { void UberFilterFuzzer::checkInvalidInputForFuzzer(const std::string& filter_name, Protobuf::Message* config_message) { // System calls such as reading files are prohibited in this fuzzer. Some input that crashes the - // mock/fake objects are also prohibited. + // mock/fake objects are also prohibited. For now there are only two filters {DirectResponse, + // LocalRateLimit} on which we have constraints. const std::string name = Extensions::NetworkFilters::Common::FilterNameUtil::canonicalFilterName( std::string(filter_name)); if (filter_name == NetworkFilterNames::get().DirectResponse) { @@ -75,19 +80,19 @@ void UberFilterFuzzer::checkInvalidInputForFuzzer(const std::string& filter_name if (config.response().specifier_case() == envoy::config::core::v3::DataSource::SpecifierCase::kFilename) { throw EnvoyException( - fmt::format("direct_response trying to open a file. Config:\n{}", config.DebugString())); + absl::StrCat("direct_response trying to open a file. Config:\n{}", config.DebugString())); } } else if (filter_name == NetworkFilterNames::get().LocalRateLimit) { envoy::extensions::filters::network::local_ratelimit::v3::LocalRateLimit& config = dynamic_cast( *config_message); - if (config.token_bucket().fill_interval().seconds() > seconds_in_one_day_) { + if (config.token_bucket().fill_interval().seconds() > SecondsPerDay) { // Too large fill_interval may cause "c++/v1/chrono" overflow when simulated_time_system_ is // converting it to a smaller unit. Constraining fill_interval to no greater than one day is // reasonable. throw EnvoyException( - fmt::format("local_ratelimit trying to set a large fill_interval. Config:\n{}", - config.DebugString())); + absl::StrCat("local_ratelimit trying to set a large fill_interval. Config:\n{}", + config.DebugString())); } } } diff --git a/test/extensions/filters/network/common/fuzz/uber_readfilter.cc b/test/extensions/filters/network/common/fuzz/uber_readfilter.cc index abdfb3a70bcf1..cd984f47351b1 100644 --- a/test/extensions/filters/network/common/fuzz/uber_readfilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_readfilter.cc @@ -1,7 +1,5 @@ #include "test/extensions/filters/network/common/fuzz/uber_readfilter.h" -#include "envoy/common/exception.h" - #include "common/config/utility.h" #include "common/config/version_converter.h" @@ -66,7 +64,7 @@ void UberFilterFuzzer::fuzz( cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); } catch (const EnvoyException& e) { - ENVOY_LOG_MISC(debug, "Controlled exception in filter setup{}", e.what()); + ENVOY_LOG_MISC(debug, "Controlled exception in filter setup {}", e.what()); return; } perFilterSetup(proto_config.name()); diff --git a/test/extensions/filters/network/common/fuzz/uber_readfilter.h b/test/extensions/filters/network/common/fuzz/uber_readfilter.h index 462f7303cf4d5..31a5bbc1d91e0 100644 --- a/test/extensions/filters/network/common/fuzz/uber_readfilter.h +++ b/test/extensions/filters/network/common/fuzz/uber_readfilter.h @@ -42,9 +42,6 @@ class UberFilterFuzzer { std::unique_ptr async_client_; std::unique_ptr async_client_factory_; Tracing::MockSpan span_; - // Limit the fill_interval in the config of local_ratelimit filter prevent overflow in - // std::chrono::time_point. - int seconds_in_one_day_ = 86400; }; } // namespace NetworkFilters From 28b23d2d16270d8738e8d4bf959675a36ff93926 Mon Sep 17 00:00:00 2001 From: jianwen Date: Thu, 23 Jul 2020 13:14:17 -0500 Subject: [PATCH 54/76] fixed style Signed-off-by: jianwen --- .../filters/network/common/fuzz/uber_per_readfilter.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc index 827f51a0954f7..4c396fe8e17d3 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc @@ -12,8 +12,8 @@ namespace Envoy { namespace Extensions { namespace NetworkFilters { - // Limit the fill_interval in the config of local_ratelimit filter prevent overflow in - // std::chrono::time_point. +// Limit the fill_interval in the config of local_ratelimit filter prevent overflow in +// std::chrono::time_point. static const int SecondsPerDay = 86400; std::vector UberFilterFuzzer::filterNames() { // These filters have already been covered by this fuzzer. From 51f4e0b3c0fb5c87925eced598a36235e387fc75 Mon Sep 17 00:00:00 2001 From: jianwen Date: Thu, 23 Jul 2020 14:14:22 -0500 Subject: [PATCH 55/76] fix style Signed-off-by: jianwen --- test/extensions/filters/network/common/fuzz/uber_readfilter.h | 1 - 1 file changed, 1 deletion(-) diff --git a/test/extensions/filters/network/common/fuzz/uber_readfilter.h b/test/extensions/filters/network/common/fuzz/uber_readfilter.h index ac9789b38136b..5194375ac0ddd 100644 --- a/test/extensions/filters/network/common/fuzz/uber_readfilter.h +++ b/test/extensions/filters/network/common/fuzz/uber_readfilter.h @@ -22,7 +22,6 @@ class UberFilterFuzzer { // Check whether the filter's config is invalid for fuzzer(e.g. system call). void checkInvalidInputForFuzzer(const std::string& filter_name, Protobuf::Message* config_message); - static void setThriftFilters(envoy::config::listener::v3::Filter* config_message); protected: // Set-up filter specific mock expectations in constructor. From f34bcc679d844900fc77518a07a64cd45ffcbc6c Mon Sep 17 00:00:00 2001 From: jianwen Date: Thu, 23 Jul 2020 14:22:26 -0500 Subject: [PATCH 56/76] removed several test cases Signed-off-by: jianwen --- .../http_connection_manager_2 | 13 +++++++++++-- .../http_connection_manager_3 | 7 ------- .../http_connection_manager_4 | 12 ------------ .../http_connection_manager_5 | 12 ------------ 4 files changed, 11 insertions(+), 33 deletions(-) delete mode 100644 test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_3 delete mode 100644 test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_4 delete mode 100644 test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_5 diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_2 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_2 index 552f13f9fb800..d4012d30d3847 100644 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_2 +++ b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_2 @@ -2,11 +2,20 @@ config { name: "envoy.filters.network.http_connection_manager" typed_config { type_url: "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager" - value: "\022-\361\255\205\257\363\265\215\251\360\276\223\261\364\212\242\212\361\256\204\235\362\274\244\223\360\247\252\220\361\266\265\204\361\266\200\256\360\270\202\223\361\200\200\254\005\"\004:\002\010\001r\000\362\001\002\010\001\210\002\001" + value: "\010\002\022\001-\"5\n\001\000\032\001~\032\'envoy.type.matcher.v3.ListStringMatcherB\001-B\001~:\013\"\t\t\000\000\000\004\000\000\000\000B\002(\001\312\001\000\362\001\002\010\001" } } actions { on_data { - data: "\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'" + data: "y" + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 655360 } } diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_3 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_3 deleted file mode 100644 index 8255592394145..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_3 +++ /dev/null @@ -1,7 +0,0 @@ -config { - name: "envoy.filters.network.http_connection_manager" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager" - value: "\010\001\022\002B\001\"\004:\002\010\001:\026\032\t\t\000\001\t\000\000\000\000\000*\t\t\000\000\000\000\010\000\000\000Retype.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager" - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_4 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_4 deleted file mode 100644 index eda8aaf4378f4..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_4 +++ /dev/null @@ -1,12 +0,0 @@ -config { - name: "envoy.filters.network.http_connection_manager" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager" - value: "\022-\361\255\205\257\363\265\215\251\360\276\223\261\364\212\242\212\361\256\204\235\362\274\244\223\360\247\252\220\361\266\265\204\361\266\200\256\360\270\202\223\361\200\200\254\005\"\000r\000\212\001\010\n\002\010\001\030\001 \001\362\001\002\010\001\210\002\001" - } -} -actions { - on_data { - data: "\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'\'" - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_5 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_5 deleted file mode 100644 index 75b9e1497e520..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_5 +++ /dev/null @@ -1,12 +0,0 @@ -config { - name: "envoy.filters.network.http_connection_manager" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager" - value: "\010\002\022\001-\"5\n\001\000\032\001~\032\'envoy.type.matcher.v3.ListStringMatcherB\001-B\001~:\013\"\t\t\000\000\000\004\000\000\000\000B\002(\001\312\001\000\362\001\002\010\001" - } -} -actions { - advance_time { - milliseconds: 2151284736 - } -} From ffe8fc01470151c5d7238e9f4576b0898787e991 Mon Sep 17 00:00:00 2001 From: jianwen Date: Thu, 23 Jul 2020 14:22:58 -0500 Subject: [PATCH 57/76] removed several test cases Signed-off-by: jianwen --- .../http_connection_manager_1 | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_1 index 4573a43430555..cae9fbab67007 100644 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_1 +++ b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_1 @@ -5,3 +5,17 @@ config { value: "\022\002B\001\"\000J\004(\001J\000z\002\010\001\220\001\001" } } +actions { + on_data { + data: "y" + } +} +actions { + on_new_connection { + } +} +actions { + advance_time { + milliseconds: 655360 + } +} \ No newline at end of file From d1d03a17ae33bb631a27c94b3701684bbc5d970a Mon Sep 17 00:00:00 2001 From: jianwen Date: Fri, 24 Jul 2020 14:36:19 -0500 Subject: [PATCH 58/76] adde comments Signed-off-by: jianwen --- .../filters/network/common/fuzz/uber_per_readfilter.cc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc index ef6c0c68af810..24f0635f96efe 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc @@ -48,8 +48,10 @@ std::vector UberFilterFuzzer::filterNames() { // mysql_proxy // postgres_proxy // tcp_proxy + }; } return filter_names; + } void UberFilterFuzzer::perFilterSetup(const std::string& filter_name) { From 042ee99bc56e15a2e32bbf8009422b7e0d980adb Mon Sep 17 00:00:00 2001 From: jianwen Date: Mon, 27 Jul 2020 09:23:54 -0500 Subject: [PATCH 59/76] added writefilter fuzzer and a crash testcase for zookeeperproxy Signed-off-by: jianwen --- .../filters/network/common/fuzz/BUILD | 45 ++++++++ .../fuzz/network_writefilter_corpus/empty | 0 .../zookeeper_proxy_1 | 17 +++ .../zookeeper_proxy_assert_failure_onwrite | 22 ++++ .../fuzz/network_writefilter_fuzz.proto | 25 +++++ .../fuzz/network_writefilter_fuzz_test.cc | 60 ++++++++++ .../common/fuzz/uber_per_readfilter.cc | 4 +- .../common/fuzz/uber_per_writefilter.cc | 43 ++++++++ .../network/common/fuzz/uber_writefilter.cc | 104 ++++++++++++++++++ .../network/common/fuzz/uber_writefilter.h | 52 +++++++++ 10 files changed, 370 insertions(+), 2 deletions(-) create mode 100644 test/extensions/filters/network/common/fuzz/network_writefilter_corpus/empty create mode 100644 test/extensions/filters/network/common/fuzz/network_writefilter_corpus/zookeeper_proxy_1 create mode 100644 test/extensions/filters/network/common/fuzz/network_writefilter_corpus/zookeeper_proxy_assert_failure_onwrite create mode 100644 test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.proto create mode 100644 test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc create mode 100644 test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc create mode 100644 test/extensions/filters/network/common/fuzz/uber_writefilter.cc create mode 100644 test/extensions/filters/network/common/fuzz/uber_writefilter.h diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index b6c6336f7d41a..24128609bff41 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -23,6 +23,15 @@ envoy_proto_library( ], ) +envoy_proto_library( + name = "network_writefilter_fuzz_proto", + srcs = ["network_writefilter_fuzz.proto"], + deps = [ + "//test/fuzz:common_proto", + "@envoy_api//envoy/config/listener/v3:pkg", + ], +) + envoy_cc_test_library( name = "uber_readfilter_lib", srcs = [ @@ -61,3 +70,39 @@ envoy_cc_fuzz_test( "//source/extensions/filters/network/thrift_proxy/filters/ratelimit:config", ] + envoy_all_network_filters(), ) + +envoy_cc_test_library( + name = "uber_writefilter_lib", + srcs = [ + "uber_per_writefilter.cc", + "uber_writefilter.cc", + ], + hdrs = ["uber_writefilter.h"], + deps = [ + ":network_writefilter_fuzz_proto_cc_proto", + "//source/common/config:utility_lib", + "//source/extensions/filters/network:well_known_names", + "//source/extensions/filters/network/common:utility_lib", + "//test/extensions/filters/network/common/fuzz/utils:network_filter_fuzzer_fakes_lib", + "//test/fuzz:utility_lib", + "//test/mocks/network:network_mocks", + ], +) + +envoy_cc_fuzz_test( + name = "network_writefilter_fuzz_test", + srcs = ["network_writefilter_fuzz_test.cc"], + corpus = "network_writefilter_corpus", + # All Envoy network filters must be linked to the test in order for the fuzzer to pick + # these up via the NamedNetworkFilterConfigFactory. + deps = [ + ":uber_writefilter_lib", + "//source/common/config:utility_lib", + "//test/config:utility_lib", + "//source/extensions/filters/network/kafka:kafka_broker_config_lib", + "//source/extensions/filters/network/mongo_proxy:config", + "//source/extensions/filters/network/mysql_proxy:config", + "//source/extensions/filters/network/postgres_proxy:config", + "//source/extensions/filters/network/zookeeper_proxy:config", + ] +) diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/empty b/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/empty new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/zookeeper_proxy_1 b/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/zookeeper_proxy_1 new file mode 100644 index 0000000000000..2e2e6c1bfb8dc --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/zookeeper_proxy_1 @@ -0,0 +1,17 @@ +config { + name: "envoy.filters.network.zookeeper_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.zookeeper_proxy.v3.ZooKeeperProxy" + value: "\nVtype.googleapis.com/envoy.extensions.filters.network.zookeeper_proxy.v3.ZooKeeperProxy\032\000" + } +} +actions { + on_write { + data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" + } +} +actions { + on_write { + } +} + diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/zookeeper_proxy_assert_failure_onwrite b/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/zookeeper_proxy_assert_failure_onwrite new file mode 100644 index 0000000000000..6f671e701c84d --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/zookeeper_proxy_assert_failure_onwrite @@ -0,0 +1,22 @@ +config { + name: "envoy.filters.network.zookeeper_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.zookeeper_proxy.v3.ZooKeeperProxy" + value: "\nVtype.googleapis.com/envoy.extensions.filters.network.zookeeper_proxy.v3.ZooKeeperProxy\022\001!\032\006\010\377\376\377\317\017" + } +} +actions { + on_write { + data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.google*s.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" + } +} +actions { + on_write { + } +} +actions { + on_write { + data: "\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223" + end_stream: true + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.proto b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.proto new file mode 100644 index 0000000000000..9d39f34ab5757 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.proto @@ -0,0 +1,25 @@ +syntax = "proto3"; + +package test.extensions.filters.network; +import "google/protobuf/empty.proto"; +import "validate/validate.proto"; +import "envoy/config/listener/v3/listener_components.proto"; + +message OnData { + bytes data = 1; + bool end_stream = 2; +} + +message WriteAction { + oneof action_selector { + option (validate.required) = true; + // Call onData() + OnData on_write = 2; + } +} + +message FilterFuzzTestCase { + // This is actually a protobuf type for the config of network filters. + envoy.config.listener.v3.Filter config = 1; + repeated WriteAction actions = 2; +} diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc new file mode 100644 index 0000000000000..c745d7dbf0084 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc @@ -0,0 +1,60 @@ +#include "common/config/utility.h" +#include "common/protobuf/utility.h" + +#include "extensions/filters/network/well_known_names.h" + +#include "test/config/utility.h" +#include "test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.pb.validate.h" +#include "test/extensions/filters/network/common/fuzz/uber_writefilter.h" +#include "test/fuzz/fuzz_runner.h" + +namespace Envoy { +namespace Extensions { +namespace NetworkFilters { +DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase& input) { + ABSL_ATTRIBUTE_UNUSED static PostProcessorRegistration reg = { + [](test::extensions::filters::network::FilterFuzzTestCase* input, unsigned int seed) { + // This post-processor mutation is applied only when libprotobuf-mutator + // calls mutate on an input, and *not* during fuzz target execution. + // Replaying a corpus through the fuzzer will not be affected by the + // post-processor mutation. + + // TODO(jianwendong): Use a factory or a bazel library list to store the names of all writefilters. + static const auto filter_names = UberWriteFilterFuzzer::filterNames(); + static const auto factories = Registry::FactoryRegistry< + Server::Configuration::NamedNetworkFilterConfigFactory>::factories(); + // Choose a valid filter name. + if (std::find(filter_names.begin(), filter_names.end(), input->config().name()) == + std::end(filter_names)) { + absl::string_view filter_name = filter_names[seed % filter_names.size()]; + filter_name = NetworkFilterNames::get().KafkaBroker; + input->mutable_config()->set_name(std::string(filter_name)); + } + // Set the corresponding type_url for Any. + auto& factory = factories.at(input->config().name()); + input->mutable_config()->mutable_typed_config()->set_type_url( + absl::StrCat("type.googleapis.com/", + factory->createEmptyConfigProto()->GetDescriptor()->full_name())); + }}; + // UberFilterFuzzer::setThriftFilters(nullptr); + try { + TestUtility::validate(input); + // Check the filter's name in case some filters are not supported yet. + // TODO(jianwendong): remove this check after all filters are supported. + static const auto filter_names = UberWriteFilterFuzzer::filterNames(); + // TODO(jianwendong): remove this if block after covering all the filters. + if (std::find(filter_names.begin(), filter_names.end(), input.config().name()) == + std::end(filter_names)) { + ENVOY_LOG_MISC(debug, "Test case with unsupported filter type: {}", input.config().name()); + return; + } + static UberWriteFilterFuzzer fuzzer; + fuzzer.fuzz(input.config(), input.actions()); + } catch (const ProtoValidationException& e) { + ENVOY_LOG_MISC(debug, "ProtoValidationException: {}", e.what()); + } +} + +} // namespace NetworkFilters +} // namespace Extensions +} // namespace Envoy \ No newline at end of file diff --git a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc index 24f0635f96efe..bb5bde6facff8 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc @@ -40,8 +40,8 @@ std::vector UberFilterFuzzer::filterNames() { NetworkFilterNames::get().HttpConnectionManager, NetworkFilterNames::get().SniDynamicForwardProxy, NetworkFilterNames::get().KafkaBroker, - NetworkFilterNames::get().RocketmqProxy, // fix the assert - NetworkFilterNames::get().RateLimit, // ratelimit + NetworkFilterNames::get().RocketmqProxy, // need to fix the assert + NetworkFilterNames::get().RateLimit, NetworkFilterNames::get().Rbac // mongo_proxy diff --git a/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc b/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc new file mode 100644 index 0000000000000..30daad9d4da06 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc @@ -0,0 +1,43 @@ +#include "extensions/filters/network/common/utility.h" +#include "extensions/filters/network/well_known_names.h" + +#include "test/extensions/filters/network/common/fuzz/uber_writefilter.h" + +namespace Envoy { +namespace Extensions { +namespace NetworkFilters { + +std::vector UberWriteFilterFuzzer::filterNames() { + // These filters have already been covered by this fuzzer. + // Will extend to cover other network filters one by one. + static std::vector filter_names; + if (filter_names.empty()) { + filter_names = { + NetworkFilterNames::get().ZooKeeperProxy,//assert error in onWrite() + NetworkFilterNames::get().KafkaBroker, + NetworkFilterNames::get().MongoProxy, + NetworkFilterNames::get().MySQLProxy, + NetworkFilterNames::get().Postgres + }; + } + return filter_names; + +} + +void UberWriteFilterFuzzer::perFilterSetup(const std::string& filter_name) { + std::cout<connection_.raiseEvent(Network::ConnectionEvent::LocalClose); + // Clear the filter's raw pointer stored inside the connection_ and reset the connection_'s state. + write_filter_callbacks_->connection_.callbacks_.clear(); + write_filter_callbacks_->connection_.bytes_sent_callbacks_.clear(); + write_filter_callbacks_->connection_.state_ = Network::Connection::State::Open; + // Clear the pointers inside the mock_dispatcher + Event::MockDispatcher& mock_dispatcher = + dynamic_cast(write_filter_callbacks_->connection_.dispatcher_); + mock_dispatcher.to_delete_.clear(); + write_filter_.reset(); +} + +void UberWriteFilterFuzzer::fuzzerSetup() { + // Setup process when this fuzzer object is constructed. + // For a static fuzzer, this will only be executed once. + + // Get the pointer of write_filter when the write_filter is being added to connection_. + write_filter_callbacks_ = std::make_shared>(); + read_filter_callbacks_ = std::make_shared>(); + ON_CALL(write_filter_callbacks_->connection_, addWriteFilter(_)) + .WillByDefault(Invoke([&](Network::WriteFilterSharedPtr write_filter) -> void { + std::cout << "add writeFilter" << write_filter.use_count() << std::endl; + write_filter->initializeWriteFilterCallbacks(*write_filter_callbacks_); + write_filter_ = write_filter; + })); + ON_CALL(write_filter_callbacks_->connection_, addFilter(_)) + .WillByDefault(Invoke([&](Network::FilterSharedPtr filter) -> void { + std::cout << "add filter" << filter.use_count() << std::endl; + filter->initializeReadFilterCallbacks(*read_filter_callbacks_); + filter->initializeWriteFilterCallbacks(*write_filter_callbacks_); + write_filter_ = filter; + })); + factory_context_.prepareSimulatedSystemTime(); + // write_filter_callbacks_->connection_.stream_info_.metadata_ +} + +UberWriteFilterFuzzer::UberWriteFilterFuzzer(){ + fuzzerSetup(); +} + +void UberWriteFilterFuzzer::fuzz( + const envoy::config::listener::v3::Filter& proto_config, + const Protobuf::RepeatedPtrField<::test::extensions::filters::network::WriteAction>& actions) { + try { + // Try to create the filter callback(cb_). Exit early if the config is invalid or violates PGV + // constraints. + const std::string& filter_name = proto_config.name(); + ENVOY_LOG_MISC(info, "filter name {}", filter_name); + auto& factory = Config::Utility::getAndCheckFactoryByName< + Server::Configuration::NamedNetworkFilterConfigFactory>(filter_name); + ProtobufTypes::MessagePtr message = Config::Utility::translateToFactoryConfig( + proto_config, factory_context_.messageValidationVisitor(), factory); + // Make sure no invalid system calls are executed in fuzzer. + checkInvalidInputForFuzzer(filter_name, message.get()); + ENVOY_LOG_MISC(info, "Config content after decoded: {}", message->DebugString()); + cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); + perFilterSetup(proto_config.name()); + // Add filter to connection_. + cb_(write_filter_callbacks_->connection_); + } catch (const EnvoyException& e) { + ENVOY_LOG_MISC(debug, "Controlled exception in filter setup {}", e.what()); + return; + } + + std::cout << "passed validation!" << std::endl; + // if (actions.size() > 2) { + // PANIC("A case is found!"); + // } + for (const auto& action : actions) { + ENVOY_LOG_MISC(trace, "action {}", action.DebugString()); + switch (action.action_selector_case()) { + case test::extensions::filters::network::WriteAction::kOnWrite: { + ASSERT(write_filter_ != nullptr); + Buffer::OwnedImpl buffer(action.on_write().data()); + write_filter_->onWrite(buffer, action.on_write().end_stream()); + + break; + } + default: { + // Unhandled actions. + ENVOY_LOG_MISC(debug, "Action support is missing for:\n{}", action.DebugString()); + PANIC("A case is missing for an action"); + } + } + } + + reset(); +} + +} // namespace NetworkFilters +} // namespace Extensions +} // namespace Envoy diff --git a/test/extensions/filters/network/common/fuzz/uber_writefilter.h b/test/extensions/filters/network/common/fuzz/uber_writefilter.h new file mode 100644 index 0000000000000..87c2395e1ea60 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/uber_writefilter.h @@ -0,0 +1,52 @@ +#include "envoy/network/filter.h" + +#include "common/protobuf/protobuf.h" + +#include "test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.pb.validate.h" +#include "test/extensions/filters/network/common/fuzz/utils/fakes.h" +#include "test/mocks/network/mocks.h" + +namespace Envoy { +namespace Extensions { +namespace NetworkFilters { + +class UberWriteFilterFuzzer { +public: + UberWriteFilterFuzzer(); + // This creates the filter config and runs the fuzzed data against the filter. + void + fuzz(const envoy::config::listener::v3::Filter& proto_config, + const Protobuf::RepeatedPtrField<::test::extensions::filters::network::WriteAction>& actions); + // Get the name of filters which has been covered by this fuzzer. + static std::vector filterNames(); + // Check whether the filter's config is invalid for fuzzer(e.g. system call). + void checkInvalidInputForFuzzer(const std::string& filter_name, + Protobuf::Message* config_message); + +protected: + // Set-up filter specific mock expectations in constructor. + void fuzzerSetup(); + // Reset the states of the mock objects. + void reset(); + // Mock behaviors for specific filters. + void perFilterSetup(const std::string& filter_name); + +private: + Server::Configuration::FakeFactoryContext factory_context_; + Network::WriteFilterSharedPtr write_filter_; + Network::FilterFactoryCb cb_; + // Network::Address::InstanceConstSharedPtr pipe_addr_; + // Network::Address::InstanceConstSharedPtr ipv4_addr_; + // Event::SimulatedTimeSystem& time_source_; + std::shared_ptr> write_filter_callbacks_; + std::shared_ptr> read_filter_callbacks_; + // NiceMock stream_info_; + // std::unique_ptr async_request_; + // std::unique_ptr async_client_; + // std::unique_ptr async_client_factory_; + // Tracing::MockSpan span_; +}; + +} // namespace NetworkFilters +} // namespace Extensions +} // namespace Envoy From 6770c7b6580682041a0439a8386dde50eda4d0c5 Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 28 Jul 2020 15:46:12 -0500 Subject: [PATCH 60/76] covered all the filters Signed-off-by: jianwen --- .../network_writefilter_corpus/kafka_broker_1 | 105 ++++++++++++++++++ .../mongodb_proxy_1 | 91 +++++++++++++++ .../network_writefilter_corpus/mysql_proxy_1 | 86 ++++++++++++++ .../postgres_assert_failure_onwrite | 12 ++ .../zookeeper_proxy_assert_failure_onwrite | 12 +- .../fuzz/network_writefilter_fuzz_test.cc | 3 +- .../network/common/fuzz/uber_writefilter.cc | 2 +- 7 files changed, 297 insertions(+), 14 deletions(-) create mode 100644 test/extensions/filters/network/common/fuzz/network_writefilter_corpus/kafka_broker_1 create mode 100644 test/extensions/filters/network/common/fuzz/network_writefilter_corpus/mongodb_proxy_1 create mode 100644 test/extensions/filters/network/common/fuzz/network_writefilter_corpus/mysql_proxy_1 create mode 100644 test/extensions/filters/network/common/fuzz/network_writefilter_corpus/postgres_assert_failure_onwrite diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/kafka_broker_1 b/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/kafka_broker_1 new file mode 100644 index 0000000000000..0ba5e6e1b38f8 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/kafka_broker_1 @@ -0,0 +1,105 @@ +config { + name: "envoy.filters.network.kafka_broker" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.kafka_broker.v3.KafkaBroker" + value: "\n}\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177" + } +} +actions { + on_write { + data: "-" + end_stream: true + } +} +actions { + on_write { + data: "-" + end_stream: true + } +} +actions { + on_write { + data: "\312\312\312\312\312\312\312\312\312\312\312\312\315\312\312\312\312\312\312\312\312\312\312" + end_stream: true + } +} +actions { + on_write { + data: "-" + } +} +actions { + on_write { + data: "\312\312\312\312\312\312\312\312\312\312\312\312\312\312\312\312\312\312\312\312\312\312\312" + end_stream: true + } +} +actions { + on_write { + data: "-" + end_stream: true + } +} +actions { + on_write { + data: "-" + end_stream: true + } +} +actions { + on_write { + data: "-" + } +} +actions { + on_write { + data: "-" + } +} +actions { + on_write { + data: "\n\002\315\265" + } +} +actions { + on_write { + end_stream: true + } +} +actions { + on_write { + data: "\020\000\000\000" + } +} +actions { + on_write { + data: "-" + end_stream: true + } +} +actions { + on_write { + data: "-" + end_stream: true + } +} +actions { + on_write { + data: "p" + } +} +actions { + on_write { + data: "-" + } +} +actions { + on_write { + data: "-" + end_stream: true + } +} +actions { + on_write { + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/mongodb_proxy_1 b/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/mongodb_proxy_1 new file mode 100644 index 0000000000000..27e39c4eba392 --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/mongodb_proxy_1 @@ -0,0 +1,91 @@ +config { + name: "envoy.filters.network.mongo_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.mongo_proxy.v3.MongoProxy" + value: "\032\t\"\005\010\240\300\364S*\000 \001" + } +} +actions { + on_write { + data: "v\000" + } +} +actions { + on_write { + data: "\004\000" + end_stream: true + } +} +actions { + on_write { + data: "type.googleapis.com/envoy.extensions.filtN\000\000\000network.mongo_proxy.v3.MongoProxy" + end_stream: true + } +} +actions { + on_write { + data: "\004\000" + end_stream: true + } +} +actions { + on_write { + end_stream: true + } +} +actions { + on_write { + data: "\004\000" + end_stream: true + } +} +actions { + on_write { + data: "\004\000" + end_stream: true + } +} +actions { + on_write { + data: "\004\000" + end_stream: true + } +} +actions { + on_write { + data: "\004\000" + end_stream: true + } +} +actions { + on_write { + data: "type.googleapis.com/envoy.extensions.filters.network.mongo_proxy.v3.MongoProxy" + end_stream: true + } +} +actions { + on_write { + data: "type.googleapis.com/envoy.extensions.filters.ne\000\000\000Nk.mongo_proxy.v3.MongoProxy" + end_stream: true + } +} +actions { + on_write { + data: "pH\037\000 `\000\000" + end_stream: true + } +} +actions { + on_write { + data: "\004\000" + end_stream: true + } +} +actions { +} +actions { + on_write { + data: "=" + end_stream: true + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/mysql_proxy_1 b/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/mysql_proxy_1 new file mode 100644 index 0000000000000..f58ad110b8b9d --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/mysql_proxy_1 @@ -0,0 +1,86 @@ +config { + name: "envoy.filters.network.mysql_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.mysql_proxy.v3.MySQLProxy" + value: "\n\006#\336\215\302\246\001" + } +} +actions { + on_write { + data: "\031\031\031\031" + } +} +actions { + on_write { + data: "\031\031\031\031\031\031\031\031" + end_stream: true + } +} +actions { + on_write { + data: "3" + } +} +actions { + on_write { + data: "#" + } +} +actions { + on_write { + data: "#" + end_stream: true + } +} +actions { + on_write { + data: "3" + } +} +actions { + on_write { + data: "#" + end_stream: true + } +} +actions { + on_write { + data: "#" + } +} +actions { + on_write { + data: "#" + } +} +actions { + on_write { + data: "\031\031\031\031\031\031\031\031" + end_stream: true + } +} +actions { + on_write { + end_stream: true + } +} +actions { + on_write { + end_stream: true + } +} +actions { + on_write { + data: "3" + } +} +actions { + on_write { + end_stream: true + } +} +actions { + on_write { + data: "3" + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/postgres_assert_failure_onwrite b/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/postgres_assert_failure_onwrite new file mode 100644 index 0000000000000..12fb84985ea6d --- /dev/null +++ b/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/postgres_assert_failure_onwrite @@ -0,0 +1,12 @@ +config { + name: "envoy.filters.network.postgres_proxy" + typed_config { + type_url: "type.googleapis.com/envoy.extensions.filters.network.postgres_proxy.v3alpha.PostgresProxy" + value: "\n\002v\031" + } +} +actions { + on_write { + data: "\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001" + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/zookeeper_proxy_assert_failure_onwrite b/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/zookeeper_proxy_assert_failure_onwrite index 6f671e701c84d..ae270c6fe26cc 100644 --- a/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/zookeeper_proxy_assert_failure_onwrite +++ b/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/zookeeper_proxy_assert_failure_onwrite @@ -7,16 +7,6 @@ config { } actions { on_write { - data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.google*s.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" - } -} -actions { - on_write { - } -} -actions { - on_write { - data: "\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223\223" - end_stream: true + data: "\030\030\030\030\030\030\030\030" } } diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc index c745d7dbf0084..86d847157c668 100644 --- a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc @@ -27,7 +27,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase if (std::find(filter_names.begin(), filter_names.end(), input->config().name()) == std::end(filter_names)) { absl::string_view filter_name = filter_names[seed % filter_names.size()]; - filter_name = NetworkFilterNames::get().KafkaBroker; + filter_name = NetworkFilterNames::get().Postgres; input->mutable_config()->set_name(std::string(filter_name)); } // Set the corresponding type_url for Any. @@ -36,7 +36,6 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase absl::StrCat("type.googleapis.com/", factory->createEmptyConfigProto()->GetDescriptor()->full_name())); }}; - // UberFilterFuzzer::setThriftFilters(nullptr); try { TestUtility::validate(input); // Check the filter's name in case some filters are not supported yet. diff --git a/test/extensions/filters/network/common/fuzz/uber_writefilter.cc b/test/extensions/filters/network/common/fuzz/uber_writefilter.cc index 860a9f942b671..6e7e4f2cfac40 100644 --- a/test/extensions/filters/network/common/fuzz/uber_writefilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_writefilter.cc @@ -79,7 +79,7 @@ void UberWriteFilterFuzzer::fuzz( // PANIC("A case is found!"); // } for (const auto& action : actions) { - ENVOY_LOG_MISC(trace, "action {}", action.DebugString()); + ENVOY_LOG_MISC(info, "action {}", action.DebugString()); switch (action.action_selector_case()) { case test::extensions::filters::network::WriteAction::kOnWrite: { ASSERT(write_filter_ != nullptr); From 8a7d094ee91f25f97962195fbedce99ac935a14c Mon Sep 17 00:00:00 2001 From: jianwen Date: Wed, 29 Jul 2020 13:25:00 -0500 Subject: [PATCH 61/76] added a comment for postgres_proxy Signed-off-by: jianwen --- .../filters/network/common/fuzz/uber_per_writefilter.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc b/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc index 30daad9d4da06..47e71ed998f36 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc @@ -17,7 +17,7 @@ std::vector UberWriteFilterFuzzer::filterNames() { NetworkFilterNames::get().KafkaBroker, NetworkFilterNames::get().MongoProxy, NetworkFilterNames::get().MySQLProxy, - NetworkFilterNames::get().Postgres + //TODO(Jianwen Dong) Add "NetworkFilterNames::get().Postgres" after its issues are fixed. }; } return filter_names; From 7928d238ffd86223a5e3a58809211e829e10b31a Mon Sep 17 00:00:00 2001 From: jianwen Date: Wed, 29 Jul 2020 13:25:55 -0500 Subject: [PATCH 62/76] fixed style Signed-off-by: jianwen --- .../common/fuzz/uber_per_writefilter.cc | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc b/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc index 47e71ed998f36..1f74e51e64d75 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc @@ -12,30 +12,28 @@ std::vector UberWriteFilterFuzzer::filterNames() { // Will extend to cover other network filters one by one. static std::vector filter_names; if (filter_names.empty()) { - filter_names = { - NetworkFilterNames::get().ZooKeeperProxy,//assert error in onWrite() - NetworkFilterNames::get().KafkaBroker, - NetworkFilterNames::get().MongoProxy, - NetworkFilterNames::get().MySQLProxy, - //TODO(Jianwen Dong) Add "NetworkFilterNames::get().Postgres" after its issues are fixed. + filter_names = { + NetworkFilterNames::get().ZooKeeperProxy, // assert error in onWrite() + NetworkFilterNames::get().KafkaBroker, NetworkFilterNames::get().MongoProxy, + NetworkFilterNames::get().MySQLProxy, + // TODO(Jianwen Dong) Add "NetworkFilterNames::get().Postgres" after its issues are fixed. }; } return filter_names; - } void UberWriteFilterFuzzer::perFilterSetup(const std::string& filter_name) { - std::cout< Date: Wed, 29 Jul 2020 13:27:06 -0500 Subject: [PATCH 63/76] fixed TODO name Signed-off-by: jianwen --- .../filters/network/common/fuzz/uber_per_writefilter.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc b/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc index 1f74e51e64d75..0e056c46e47f9 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc @@ -16,7 +16,7 @@ std::vector UberWriteFilterFuzzer::filterNames() { NetworkFilterNames::get().ZooKeeperProxy, // assert error in onWrite() NetworkFilterNames::get().KafkaBroker, NetworkFilterNames::get().MongoProxy, NetworkFilterNames::get().MySQLProxy, - // TODO(Jianwen Dong) Add "NetworkFilterNames::get().Postgres" after its issues are fixed. + // TODO(jianwendong) Add "NetworkFilterNames::get().Postgres" after its issues are fixed. }; } return filter_names; From 4bb5dd2b40fd522338e29fa9a1dd2a121b21658d Mon Sep 17 00:00:00 2001 From: jianwen Date: Wed, 29 Jul 2020 13:45:08 -0500 Subject: [PATCH 64/76] removed unrelevant changes Signed-off-by: jianwen --- .../http_connection_manager_1 | 21 ----- .../http_connection_manager_2 | 21 ----- .../fuzz/network_readfilter_corpus/kafka_1 | 20 ----- .../network_readfilter_corpus/ratelimit_1 | 26 ------ .../fuzz/network_readfilter_corpus/rbac_1 | 20 ----- .../sni_dynamic_forward_proxy_1 | 36 --------- .../network_readfilter_corpus/tcp_proxy_1 | 34 -------- .../network_readfilter_corpus/thrift_proxy_1 | 7 -- .../network_readfilter_corpus/thrift_proxy_2 | 7 -- .../network_readfilter_corpus/thrift_proxy_3 | 34 -------- .../zookeeper_proxy_1 | 34 -------- .../fuzz/network_readfilter_fuzz_test.cc | 12 --- .../common/fuzz/uber_per_readfilter.cc | 80 ------------------- 13 files changed, 352 deletions(-) delete mode 100644 test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_1 delete mode 100644 test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_2 delete mode 100644 test/extensions/filters/network/common/fuzz/network_readfilter_corpus/kafka_1 delete mode 100644 test/extensions/filters/network/common/fuzz/network_readfilter_corpus/ratelimit_1 delete mode 100644 test/extensions/filters/network/common/fuzz/network_readfilter_corpus/rbac_1 delete mode 100644 test/extensions/filters/network/common/fuzz/network_readfilter_corpus/sni_dynamic_forward_proxy_1 delete mode 100644 test/extensions/filters/network/common/fuzz/network_readfilter_corpus/tcp_proxy_1 delete mode 100644 test/extensions/filters/network/common/fuzz/network_readfilter_corpus/thrift_proxy_1 delete mode 100644 test/extensions/filters/network/common/fuzz/network_readfilter_corpus/thrift_proxy_2 delete mode 100644 test/extensions/filters/network/common/fuzz/network_readfilter_corpus/thrift_proxy_3 delete mode 100644 test/extensions/filters/network/common/fuzz/network_readfilter_corpus/zookeeper_proxy_1 diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_1 deleted file mode 100644 index cae9fbab67007..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_1 +++ /dev/null @@ -1,21 +0,0 @@ -config { - name: "envoy.filters.network.http_connection_manager" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager" - value: "\022\002B\001\"\000J\004(\001J\000z\002\010\001\220\001\001" - } -} -actions { - on_data { - data: "y" - } -} -actions { - on_new_connection { - } -} -actions { - advance_time { - milliseconds: 655360 - } -} \ No newline at end of file diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_2 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_2 deleted file mode 100644 index d4012d30d3847..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/http_connection_manager_2 +++ /dev/null @@ -1,21 +0,0 @@ -config { - name: "envoy.filters.network.http_connection_manager" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager" - value: "\010\002\022\001-\"5\n\001\000\032\001~\032\'envoy.type.matcher.v3.ListStringMatcherB\001-B\001~:\013\"\t\t\000\000\000\004\000\000\000\000B\002(\001\312\001\000\362\001\002\010\001" - } -} -actions { - on_data { - data: "y" - } -} -actions { - on_new_connection { - } -} -actions { - advance_time { - milliseconds: 655360 - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/kafka_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/kafka_1 deleted file mode 100644 index dd8c619f9d2f6..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/kafka_1 +++ /dev/null @@ -1,20 +0,0 @@ -config { - name: "envoy.filters.network.kafka_broker" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.kafka_broker.v3.KafkaBroker" - value: "\n\"envoy.filters.network.kafka_broker" - } -} -actions { - on_new_connection { - } -} -actions { - on_data { - } -} -actions { - advance_time { - milliseconds: 10000 - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/ratelimit_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/ratelimit_1 deleted file mode 100644 index 967d64df713d0..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/ratelimit_1 +++ /dev/null @@ -1,26 +0,0 @@ -config { - name: "envoy.filters.network.ratelimit" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.ratelimit.v3.RateLimit" - value: "\nP\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\022Y\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\032W\nU\n\001[\022P\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\"\005\020\200\200\214\001(\0012e\022c\022Y\n\010\001\000\000\000\000\000\000\002\"M\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\032\006\010\200\200\204\360\002" - } -} -actions { - on_new_connection { - } -} -actions { - on_data { - data: "\000" - } -} -actions { - on_data { - data: "\000\000" - } -} -actions { - advance_time { - milliseconds: 7299840 - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/rbac_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/rbac_1 deleted file mode 100644 index 61f1adaedc4d8..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/rbac_1 +++ /dev/null @@ -1,20 +0,0 @@ -config { - name: "envoy.filters.network.rbac" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC" - value: "\032\010\177\177\177\177\177\177\177\177" - } -} -actions { - on_new_connection { - } -} -actions { - on_data { - } -} -actions { - on_data { - end_stream: true - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/sni_dynamic_forward_proxy_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/sni_dynamic_forward_proxy_1 deleted file mode 100644 index 21ad6d880835a..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/sni_dynamic_forward_proxy_1 +++ /dev/null @@ -1,36 +0,0 @@ -config { - name: "envoy.filters.network.sni_dynamic_forward_proxy" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.sni_dynamic_forward_proxy.v3alpha.FilterConfig" - value: "\nP\nFenvoy.network.sni_dynamic_fo.filters.network.sni_dynamic_forward_proxy*\006\010\200\200\200\260\002" - } -} -actions { - on_new_connection { - } -} -actions { - advance_time { - milliseconds: 30976 - } -} -actions { - advance_time { - milliseconds: 262144 - } -} -actions { - on_data { - data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" - } -} -actions { - on_data { - data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" - } -} -actions { - on_data { - data: "\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030c.googlers.com\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030\030" - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/tcp_proxy_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/tcp_proxy_1 deleted file mode 100644 index 1c4cce16fa644..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/tcp_proxy_1 +++ /dev/null @@ -1,34 +0,0 @@ -config { - name: "envoy.filters.network.tcp_proxy" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy" - value: "\n\002AZ\022\320\001\n\001Z\022y\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\362\232\232\232\032J(\n&\n\"envoy.config.core.v3.SocketAddress\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\022\000J(\n&\n\"envoy.config.core.v3.SocketAddress\022\000" - } -} -actions { - on_new_connection { - } -} -actions { - on_data { - data: "u\360" - } -} -actions { - on_new_connection { - } -} -actions { - on_new_connection { - } -} -actions { - on_data { - data: "u\360" - } -} -actions { - advance_time { - milliseconds: 12288 - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/thrift_proxy_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/thrift_proxy_1 deleted file mode 100644 index a194b7f990310..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/thrift_proxy_1 +++ /dev/null @@ -1,7 +0,0 @@ -config { - name: "envoy.filters.network.thrift_proxy" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxy" - value: "\nYtype.googleapis.com/envoy.extensions.filters.network.thrift_proxy.vLLLLLLLLL3.ThriftProxy\020\003\030\003\"\231\002\022\226\002\n\003\n\001A\022\216\002\032\201\002\n\361\001\n\010@\000\000\000\000\000\000\000\022\344\001\nc\n_*]\032[\nPtype.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxy\022\007\020\002\"\003\n\001A\022\000\n}\nyenvoy.filters.network.thrift_prox\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177y\022\000\n\013\n\000\022\007\n\005\n\001#\022\0002\010A\177\177\177\177\177\177\177" - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/thrift_proxy_2 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/thrift_proxy_2 deleted file mode 100644 index ca2772ee0e71d..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/thrift_proxy_2 +++ /dev/null @@ -1,7 +0,0 @@ -config { - name: "envoy.filters.network.thrift_proxy" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxy" - value: "\nYtype.googleapis.com/envoy.extensions.filters.network.thrift_proxy.vLLLLLLLLL3.ThriftProxy\020\003\030\003\"\231\002\022\226\002\n\003\n\001A\022\216\002\032\201\002\n\361\001\n\010@\000\000\000\000\000\000\000\022\344\001\nc\n_*]\032[\nPtype.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxy\022\007\020\002\"\003\n\001A\022\000\n}\nyenvoy.filters.network.thrift_prox\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177y\022\000\n\013\n\000\022\007\n\005\n\001#\022\0002\010A\000\000\000\000\000\000\000" - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/thrift_proxy_3 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/thrift_proxy_3 deleted file mode 100644 index 78a87924ae34e..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/thrift_proxy_3 +++ /dev/null @@ -1,34 +0,0 @@ -config { - name: "envoy.filters.network.thrift_proxy" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxy" - value: "\nz\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177\177" - } -} -actions { - on_new_connection { - } -} -actions { - advance_time { - milliseconds: 10 - } -} -actions { - on_new_connection { - } -} -actions { - on_new_connection { - } -} -actions { - on_data { - } -} -actions { - on_data { - data: "type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.Thrif~tProxy" - end_stream: true - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/zookeeper_proxy_1 b/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/zookeeper_proxy_1 deleted file mode 100644 index fb16dbd750df4..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_corpus/zookeeper_proxy_1 +++ /dev/null @@ -1,34 +0,0 @@ -config { - name: "envoy.filters.network.zookeeper_proxy" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.zookeeper_proxy.v3.ZooKeeperProxy" - value: "\nVtype.googleapis.com/envoy.extensions.filters.network.zookeeper_proxy.v3.ZooKeeperProxy\032\000" - } -} -actions { - advance_time { - milliseconds: 8257536 - } -} -actions { - on_new_connection { - } -} -actions { - on_new_connection { - } -} -actions { - advance_time { - milliseconds: 8257536 - } -} -actions { - on_data { - } -} -actions { - advance_time { - milliseconds: 83886080 - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_readfilter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_readfilter_fuzz_test.cc index adeaf19bcdfc6..cacff3aa8938e 100644 --- a/test/extensions/filters/network/common/fuzz/network_readfilter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_readfilter_fuzz_test.cc @@ -30,10 +30,6 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase if (std::find(filter_names.begin(), filter_names.end(), input->config().name()) == std::end(filter_names)) { absl::string_view filter_name = filter_names[seed % filter_names.size()]; -<<<<<<< HEAD - filter_name = NetworkFilterNames::get().Rbac; -======= ->>>>>>> upstream/master input->mutable_config()->set_name(std::string(filter_name)); } // Set the corresponding type_url for Any. @@ -42,18 +38,10 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase absl::StrCat("type.googleapis.com/", factory->createEmptyConfigProto()->GetDescriptor()->full_name())); }}; -<<<<<<< HEAD - // UberFilterFuzzer::setThriftFilters(nullptr); - try { - TestUtility::validate(input); - // Check the filter's name in case some filters are not supported yet. - // TODO(jianwendong): remove this check after all filters are supported. -======= try { TestUtility::validate(input); // Check the filter's name in case some filters are not supported yet. ->>>>>>> upstream/master static const auto filter_names = UberFilterFuzzer::filterNames(); // TODO(jianwendong): remove this if block after covering all the filters. if (std::find(filter_names.begin(), filter_names.end(), input.config().name()) == diff --git a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc index c69d2d2a7e656..9da91bb7b3902 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc @@ -1,12 +1,5 @@ #include "envoy/extensions/filters/network/direct_response/v3/config.pb.h" #include "envoy/extensions/filters/network/local_ratelimit/v3/local_rate_limit.pb.h" -<<<<<<< HEAD -#include "envoy/extensions/filters/network/thrift_proxy/v3/thrift_proxy.pb.h" - -#include "extensions/filters/common/ratelimit/ratelimit_impl.h" -======= - ->>>>>>> upstream/master #include "extensions/filters/network/common/utility.h" #include "extensions/filters/network/well_known_names.h" @@ -16,54 +9,16 @@ namespace Envoy { namespace Extensions { namespace NetworkFilters { -<<<<<<< HEAD -// Limit the fill_interval in the config of local_ratelimit filter prevent overflow in -// std::chrono::time_point. -======= ->>>>>>> upstream/master namespace { // Limit the fill_interval in the config of local_ratelimit filter prevent overflow in // std::chrono::time_point. static const int SecondsPerDay = 86400; } // namespace -<<<<<<< HEAD - -======= ->>>>>>> upstream/master std::vector UberFilterFuzzer::filterNames() { // These filters have already been covered by this fuzzer. // Will extend to cover other network filters one by one. static std::vector filter_names; if (filter_names.empty()) { -<<<<<<< HEAD - filter_names = { - NetworkFilterNames::get().ExtAuthorization, - NetworkFilterNames::get().LocalRateLimit, - NetworkFilterNames::get().RedisProxy, - NetworkFilterNames::get().ClientSslAuth, - NetworkFilterNames::get().Echo, - NetworkFilterNames::get().DirectResponse, - NetworkFilterNames::get().DubboProxy, - NetworkFilterNames::get().SniCluster, - - NetworkFilterNames::get().ThriftProxy, - NetworkFilterNames::get().ZooKeeperProxy, - NetworkFilterNames::get().HttpConnectionManager, - NetworkFilterNames::get().SniDynamicForwardProxy, - NetworkFilterNames::get().KafkaBroker, - NetworkFilterNames::get().RocketmqProxy, // need to fix the assert - NetworkFilterNames::get().RateLimit, - NetworkFilterNames::get().Rbac - - // mongo_proxy - // mysql_proxy - // postgres_proxy - // tcp_proxy - }; - } - return filter_names; - -======= filter_names = {NetworkFilterNames::get().ExtAuthorization, NetworkFilterNames::get().LocalRateLimit, NetworkFilterNames::get().RedisProxy, @@ -74,7 +29,6 @@ std::vector UberFilterFuzzer::filterNames() { NetworkFilterNames::get().SniCluster}; } return filter_names; ->>>>>>> upstream/master } void UberFilterFuzzer::perFilterSetup(const std::string& filter_name) { @@ -108,40 +62,6 @@ void UberFilterFuzzer::perFilterSetup(const std::string& filter_name) { .WillOnce(Invoke([&](const envoy::config::core::v3::GrpcService&, Stats::Scope&, bool) { return std::move(async_client_factory_); })); -<<<<<<< HEAD - read_filter_callbacks_->connection_.local_address_ = pipe_addr_; - read_filter_callbacks_->connection_.remote_address_ = pipe_addr_; - } else if (filter_name == NetworkFilterNames::get().HttpConnectionManager) { - read_filter_callbacks_->connection_.local_address_ = ipv4_addr_; - read_filter_callbacks_->connection_.remote_address_ = ipv4_addr_; - } else if (filter_name == NetworkFilterNames::get().RateLimit) { - async_client_factory_ = std::make_unique(); - async_client_ = std::make_unique(); - // TODO(jianwendong): consider testing on different kinds of responses. - ON_CALL(*async_client_, sendRaw(_, _, _, _, _, _)) - .WillByDefault(testing::WithArgs<3>(Invoke([&](Grpc::RawAsyncRequestCallbacks& callbacks) { - Filters::Common::RateLimit::GrpcClientImpl* grpc_client_impl = - dynamic_cast(&callbacks); - // Response OK - auto response = std::make_unique(); - // Give response to the grpc_client by calling onSuccess(). - grpc_client_impl->onSuccess(std::move(response), span_); - return async_request_.get(); - }))); - - EXPECT_CALL(*async_client_factory_, create()).WillOnce(Invoke([&] { - return std::move(async_client_); - })); - - EXPECT_CALL(factory_context_.cluster_manager_.async_client_manager_, - factoryForGrpcService(_, _, _)) - .WillOnce(Invoke([&](const envoy::config::core::v3::GrpcService&, Stats::Scope&, bool) { - return std::move(async_client_factory_); - })); - read_filter_callbacks_->connection_.local_address_ = pipe_addr_; - read_filter_callbacks_->connection_.remote_address_ = pipe_addr_; -======= ->>>>>>> upstream/master } } From 09f031a10cd1491845a574de3e010fa81672115e Mon Sep 17 00:00:00 2001 From: jianwen Date: Wed, 29 Jul 2020 13:56:05 -0500 Subject: [PATCH 65/76] fixed proto Signed-off-by: jianwen --- .../network/common/fuzz/network_writefilter_fuzz.proto | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.proto b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.proto index 9d39f34ab5757..6e59ef7870997 100644 --- a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.proto +++ b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.proto @@ -5,7 +5,7 @@ import "google/protobuf/empty.proto"; import "validate/validate.proto"; import "envoy/config/listener/v3/listener_components.proto"; -message OnData { +message OnWrite { bytes data = 1; bool end_stream = 2; } @@ -14,7 +14,7 @@ message WriteAction { oneof action_selector { option (validate.required) = true; // Call onData() - OnData on_write = 2; + OnWrite on_write = 2; } } From df6d54e0746a301fd65929f555d0d6daff105533 Mon Sep 17 00:00:00 2001 From: jianwen Date: Wed, 29 Jul 2020 14:11:59 -0500 Subject: [PATCH 66/76] restore the changes Signed-off-by: jianwen --- .../filters/network/common/fuzz/uber_per_readfilter.cc | 1 + .../filters/network/common/fuzz/uber_readfilter.cc | 1 + .../extensions/filters/network/common/fuzz/uber_readfilter.h | 5 +++++ 3 files changed, 7 insertions(+) diff --git a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc index 9da91bb7b3902..7507dd72d4e3a 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_readfilter.cc @@ -1,5 +1,6 @@ #include "envoy/extensions/filters/network/direct_response/v3/config.pb.h" #include "envoy/extensions/filters/network/local_ratelimit/v3/local_rate_limit.pb.h" + #include "extensions/filters/network/common/utility.h" #include "extensions/filters/network/well_known_names.h" diff --git a/test/extensions/filters/network/common/fuzz/uber_readfilter.cc b/test/extensions/filters/network/common/fuzz/uber_readfilter.cc index 9981cab545c60..1c9d2bf2e9e2b 100644 --- a/test/extensions/filters/network/common/fuzz/uber_readfilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_readfilter.cc @@ -6,6 +6,7 @@ namespace Envoy { namespace Extensions { namespace NetworkFilters { + void UberFilterFuzzer::reset() { // Reset some changes made by current filter on some mock objects. diff --git a/test/extensions/filters/network/common/fuzz/uber_readfilter.h b/test/extensions/filters/network/common/fuzz/uber_readfilter.h index 8d73269804649..31a5bbc1d91e0 100644 --- a/test/extensions/filters/network/common/fuzz/uber_readfilter.h +++ b/test/extensions/filters/network/common/fuzz/uber_readfilter.h @@ -35,7 +35,12 @@ class UberFilterFuzzer { Server::Configuration::FakeFactoryContext factory_context_; Network::ReadFilterSharedPtr read_filter_; Network::FilterFactoryCb cb_; + Network::Address::InstanceConstSharedPtr addr_; + Event::SimulatedTimeSystem& time_source_; + std::shared_ptr> read_filter_callbacks_; + std::unique_ptr async_request_; std::unique_ptr async_client_; + std::unique_ptr async_client_factory_; Tracing::MockSpan span_; }; From b31f553b6a61cd61f0c09da483cd2cc9f1628b63 Mon Sep 17 00:00:00 2001 From: jianwen Date: Thu, 30 Jul 2020 14:23:39 -0500 Subject: [PATCH 67/76] trying to add coverage for mongodb Signed-off-by: jianwen --- .../network/common/fuzz/network_writefilter_fuzz_test.cc | 2 +- .../filters/network/common/fuzz/uber_per_writefilter.cc | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc index 86d847157c668..57109de17f4b9 100644 --- a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc @@ -27,7 +27,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase if (std::find(filter_names.begin(), filter_names.end(), input->config().name()) == std::end(filter_names)) { absl::string_view filter_name = filter_names[seed % filter_names.size()]; - filter_name = NetworkFilterNames::get().Postgres; + filter_name = NetworkFilterNames::get().MongoProxy; input->mutable_config()->set_name(std::string(filter_name)); } // Set the corresponding type_url for Any. diff --git a/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc b/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc index 0e056c46e47f9..4b53249a03e13 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc @@ -14,7 +14,8 @@ std::vector UberWriteFilterFuzzer::filterNames() { if (filter_names.empty()) { filter_names = { NetworkFilterNames::get().ZooKeeperProxy, // assert error in onWrite() - NetworkFilterNames::get().KafkaBroker, NetworkFilterNames::get().MongoProxy, + NetworkFilterNames::get().KafkaBroker, + NetworkFilterNames::get().MongoProxy, NetworkFilterNames::get().MySQLProxy, // TODO(jianwendong) Add "NetworkFilterNames::get().Postgres" after its issues are fixed. }; From 7d5211060b6a367b40e97494e06cff87bf7543e0 Mon Sep 17 00:00:00 2001 From: jianwen Date: Mon, 3 Aug 2020 12:18:58 -0500 Subject: [PATCH 68/76] fixed style and removed cout Signed-off-by: jianwen --- .../filters/network/common/fuzz/BUILD | 4 ++-- .../fuzz/network_writefilter_fuzz_test.cc | 6 +++--- .../common/fuzz/uber_per_writefilter.cc | 20 ++----------------- .../network/common/fuzz/uber_readfilter.cc | 2 +- .../network/common/fuzz/uber_writefilter.cc | 18 ++++------------- .../network/common/fuzz/uber_writefilter.h | 20 ++++--------------- 6 files changed, 16 insertions(+), 54 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index a1e19e12f2a8c..22e2b593f65f4 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -94,11 +94,11 @@ envoy_cc_fuzz_test( deps = [ ":uber_writefilter_lib", "//source/common/config:utility_lib", - "//test/config:utility_lib", "//source/extensions/filters/network/kafka:kafka_broker_config_lib", "//source/extensions/filters/network/mongo_proxy:config", "//source/extensions/filters/network/mysql_proxy:config", "//source/extensions/filters/network/postgres_proxy:config", "//source/extensions/filters/network/zookeeper_proxy:config", - ] + "//test/config:utility_lib", + ], ) diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc index 57109de17f4b9..bc8165dd4e823 100644 --- a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc @@ -19,7 +19,8 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase // Replaying a corpus through the fuzzer will not be affected by the // post-processor mutation. - // TODO(jianwendong): Use a factory or a bazel library list to store the names of all writefilters. + // TODO(jianwendong): Use a factory or a bazel library list to store the names of all + // writefilters. static const auto filter_names = UberWriteFilterFuzzer::filterNames(); static const auto factories = Registry::FactoryRegistry< Server::Configuration::NamedNetworkFilterConfigFactory>::factories(); @@ -39,9 +40,8 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase try { TestUtility::validate(input); // Check the filter's name in case some filters are not supported yet. - // TODO(jianwendong): remove this check after all filters are supported. - static const auto filter_names = UberWriteFilterFuzzer::filterNames(); // TODO(jianwendong): remove this if block after covering all the filters. + static const auto filter_names = UberWriteFilterFuzzer::filterNames(); if (std::find(filter_names.begin(), filter_names.end(), input.config().name()) == std::end(filter_names)) { ENVOY_LOG_MISC(debug, "Test case with unsupported filter type: {}", input.config().name()); diff --git a/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc b/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc index 4b53249a03e13..d76b898a59caa 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc @@ -13,30 +13,14 @@ std::vector UberWriteFilterFuzzer::filterNames() { static std::vector filter_names; if (filter_names.empty()) { filter_names = { - NetworkFilterNames::get().ZooKeeperProxy, // assert error in onWrite() - NetworkFilterNames::get().KafkaBroker, - NetworkFilterNames::get().MongoProxy, - NetworkFilterNames::get().MySQLProxy, + NetworkFilterNames::get().ZooKeeperProxy, NetworkFilterNames::get().KafkaBroker, + NetworkFilterNames::get().MongoProxy, NetworkFilterNames::get().MySQLProxy, // TODO(jianwendong) Add "NetworkFilterNames::get().Postgres" after its issues are fixed. }; } return filter_names; } -void UberWriteFilterFuzzer::perFilterSetup(const std::string& filter_name) { - std::cout << filter_name << std::endl; -} - -void UberWriteFilterFuzzer::checkInvalidInputForFuzzer(const std::string& filter_name, - Protobuf::Message*) { - // System calls such as reading files are prohibited in this fuzzer. Some input that crashes the - // mock/fake objects are also prohibited. For now there are only two filters {DirectResponse, - // LocalRateLimit} on which we have constraints. - const std::string name = Extensions::NetworkFilters::Common::FilterNameUtil::canonicalFilterName( - std::string(filter_name)); - std::cout << "check:" << name << std::endl; -} - } // namespace NetworkFilters } // namespace Extensions } // namespace Envoy diff --git a/test/extensions/filters/network/common/fuzz/uber_readfilter.cc b/test/extensions/filters/network/common/fuzz/uber_readfilter.cc index 1c9d2bf2e9e2b..cd984f47351b1 100644 --- a/test/extensions/filters/network/common/fuzz/uber_readfilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_readfilter.cc @@ -6,7 +6,7 @@ namespace Envoy { namespace Extensions { namespace NetworkFilters { - + void UberFilterFuzzer::reset() { // Reset some changes made by current filter on some mock objects. diff --git a/test/extensions/filters/network/common/fuzz/uber_writefilter.cc b/test/extensions/filters/network/common/fuzz/uber_writefilter.cc index 6e7e4f2cfac40..01a6da24813fc 100644 --- a/test/extensions/filters/network/common/fuzz/uber_writefilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_writefilter.cc @@ -31,24 +31,19 @@ void UberWriteFilterFuzzer::fuzzerSetup() { read_filter_callbacks_ = std::make_shared>(); ON_CALL(write_filter_callbacks_->connection_, addWriteFilter(_)) .WillByDefault(Invoke([&](Network::WriteFilterSharedPtr write_filter) -> void { - std::cout << "add writeFilter" << write_filter.use_count() << std::endl; write_filter->initializeWriteFilterCallbacks(*write_filter_callbacks_); write_filter_ = write_filter; })); ON_CALL(write_filter_callbacks_->connection_, addFilter(_)) .WillByDefault(Invoke([&](Network::FilterSharedPtr filter) -> void { - std::cout << "add filter" << filter.use_count() << std::endl; filter->initializeReadFilterCallbacks(*read_filter_callbacks_); filter->initializeWriteFilterCallbacks(*write_filter_callbacks_); write_filter_ = filter; })); factory_context_.prepareSimulatedSystemTime(); - // write_filter_callbacks_->connection_.stream_info_.metadata_ } -UberWriteFilterFuzzer::UberWriteFilterFuzzer(){ - fuzzerSetup(); -} +UberWriteFilterFuzzer::UberWriteFilterFuzzer() { fuzzerSetup(); } void UberWriteFilterFuzzer::fuzz( const envoy::config::listener::v3::Filter& proto_config, @@ -66,18 +61,13 @@ void UberWriteFilterFuzzer::fuzz( checkInvalidInputForFuzzer(filter_name, message.get()); ENVOY_LOG_MISC(info, "Config content after decoded: {}", message->DebugString()); cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); - perFilterSetup(proto_config.name()); - // Add filter to connection_. - cb_(write_filter_callbacks_->connection_); + perFilterSetup(proto_config.name()); + // Add filter to connection_. + cb_(write_filter_callbacks_->connection_); } catch (const EnvoyException& e) { ENVOY_LOG_MISC(debug, "Controlled exception in filter setup {}", e.what()); return; } - - std::cout << "passed validation!" << std::endl; - // if (actions.size() > 2) { - // PANIC("A case is found!"); - // } for (const auto& action : actions) { ENVOY_LOG_MISC(info, "action {}", action.DebugString()); switch (action.action_selector_case()) { diff --git a/test/extensions/filters/network/common/fuzz/uber_writefilter.h b/test/extensions/filters/network/common/fuzz/uber_writefilter.h index 87c2395e1ea60..27e5d1e5dcb6c 100644 --- a/test/extensions/filters/network/common/fuzz/uber_writefilter.h +++ b/test/extensions/filters/network/common/fuzz/uber_writefilter.h @@ -14,37 +14,25 @@ class UberWriteFilterFuzzer { public: UberWriteFilterFuzzer(); // This creates the filter config and runs the fuzzed data against the filter. - void - fuzz(const envoy::config::listener::v3::Filter& proto_config, - const Protobuf::RepeatedPtrField<::test::extensions::filters::network::WriteAction>& actions); + void fuzz( + const envoy::config::listener::v3::Filter& proto_config, + const Protobuf::RepeatedPtrField<::test::extensions::filters::network::WriteAction>& actions); // Get the name of filters which has been covered by this fuzzer. static std::vector filterNames(); - // Check whether the filter's config is invalid for fuzzer(e.g. system call). - void checkInvalidInputForFuzzer(const std::string& filter_name, - Protobuf::Message* config_message); protected: // Set-up filter specific mock expectations in constructor. void fuzzerSetup(); // Reset the states of the mock objects. void reset(); - // Mock behaviors for specific filters. - void perFilterSetup(const std::string& filter_name); private: Server::Configuration::FakeFactoryContext factory_context_; Network::WriteFilterSharedPtr write_filter_; Network::FilterFactoryCb cb_; - // Network::Address::InstanceConstSharedPtr pipe_addr_; - // Network::Address::InstanceConstSharedPtr ipv4_addr_; - // Event::SimulatedTimeSystem& time_source_; std::shared_ptr> write_filter_callbacks_; std::shared_ptr> read_filter_callbacks_; - // NiceMock stream_info_; - // std::unique_ptr async_request_; - // std::unique_ptr async_client_; - // std::unique_ptr async_client_factory_; - // Tracing::MockSpan span_; + }; } // namespace NetworkFilters From 3fba60241ba7b3b7ac88e5c0b6a2544ca3d2ca7b Mon Sep 17 00:00:00 2001 From: jianwen Date: Mon, 3 Aug 2020 12:52:18 -0500 Subject: [PATCH 69/76] added time source Signed-off-by: jianwen --- .../common/fuzz/network_writefilter_corpus/empty | 0 .../fuzz/network_writefilter_corpus/kafka_broker_1 | 5 +++++ .../common/fuzz/network_writefilter_fuzz.proto | 7 +++++++ .../network/common/fuzz/uber_per_writefilter.cc | 12 ++++++++++-- .../network/common/fuzz/uber_writefilter.cc | 14 ++++++++++---- .../filters/network/common/fuzz/uber_writefilter.h | 2 +- 6 files changed, 33 insertions(+), 7 deletions(-) delete mode 100644 test/extensions/filters/network/common/fuzz/network_writefilter_corpus/empty diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/empty b/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/empty deleted file mode 100644 index e69de29bb2d1d..0000000000000 diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/kafka_broker_1 b/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/kafka_broker_1 index 0ba5e6e1b38f8..a20c58dd2d4a1 100644 --- a/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/kafka_broker_1 +++ b/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/kafka_broker_1 @@ -11,6 +11,11 @@ actions { end_stream: true } } +actions { + advance_time { + milliseconds: 268435 + } +} actions { on_write { data: "-" diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.proto b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.proto index 6e59ef7870997..1b08974d083ad 100644 --- a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.proto +++ b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.proto @@ -10,11 +10,18 @@ message OnWrite { bool end_stream = 2; } +message AdvanceTime { + // Advance the system time by (0,24] hours. + uint32 milliseconds = 1 [(validate.rules).uint32 = {gt: 0 lt: 86400000}]; +} + message WriteAction { oneof action_selector { option (validate.required) = true; // Call onData() OnWrite on_write = 2; + // Advance time_source_ + AdvanceTime advance_time = 3; } } diff --git a/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc b/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc index d76b898a59caa..fe226bf641489 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc @@ -6,17 +6,25 @@ namespace Envoy { namespace Extensions { namespace NetworkFilters { - std::vector UberWriteFilterFuzzer::filterNames() { // These filters have already been covered by this fuzzer. // Will extend to cover other network filters one by one. static std::vector filter_names; if (filter_names.empty()) { - filter_names = { + const auto factories = Registry::FactoryRegistry< + Server::Configuration::NamedNetworkFilterConfigFactory>::factories(); + const std::vector supported_filter_names = { NetworkFilterNames::get().ZooKeeperProxy, NetworkFilterNames::get().KafkaBroker, NetworkFilterNames::get().MongoProxy, NetworkFilterNames::get().MySQLProxy, // TODO(jianwendong) Add "NetworkFilterNames::get().Postgres" after its issues are fixed. }; + for (auto& filter_name : supported_filter_names) { + if (factories.contains(filter_name)) { + filter_names.push_back(filter_name); + } else { + ENVOY_LOG_MISC(debug, "Filter name not found in the factory: {}", filter_name); + } + } } return filter_names; } diff --git a/test/extensions/filters/network/common/fuzz/uber_writefilter.cc b/test/extensions/filters/network/common/fuzz/uber_writefilter.cc index 01a6da24813fc..aea1ebe9c225e 100644 --- a/test/extensions/filters/network/common/fuzz/uber_writefilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_writefilter.cc @@ -43,7 +43,10 @@ void UberWriteFilterFuzzer::fuzzerSetup() { factory_context_.prepareSimulatedSystemTime(); } -UberWriteFilterFuzzer::UberWriteFilterFuzzer() { fuzzerSetup(); } +UberWriteFilterFuzzer::UberWriteFilterFuzzer() + : time_source_(factory_context_.simulatedTimeSystem()) { + fuzzerSetup(); +} void UberWriteFilterFuzzer::fuzz( const envoy::config::listener::v3::Filter& proto_config, @@ -57,11 +60,8 @@ void UberWriteFilterFuzzer::fuzz( Server::Configuration::NamedNetworkFilterConfigFactory>(filter_name); ProtobufTypes::MessagePtr message = Config::Utility::translateToFactoryConfig( proto_config, factory_context_.messageValidationVisitor(), factory); - // Make sure no invalid system calls are executed in fuzzer. - checkInvalidInputForFuzzer(filter_name, message.get()); ENVOY_LOG_MISC(info, "Config content after decoded: {}", message->DebugString()); cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); - perFilterSetup(proto_config.name()); // Add filter to connection_. cb_(write_filter_callbacks_->connection_); } catch (const EnvoyException& e) { @@ -78,6 +78,12 @@ void UberWriteFilterFuzzer::fuzz( break; } + case test::extensions::filters::network::WriteAction::kAdvanceTime: { + time_source_.advanceTimeAsync( + std::chrono::milliseconds(action.advance_time().milliseconds())); + factory_context_.dispatcher().run(Event::Dispatcher::RunType::NonBlock); + break; + } default: { // Unhandled actions. ENVOY_LOG_MISC(debug, "Action support is missing for:\n{}", action.DebugString()); diff --git a/test/extensions/filters/network/common/fuzz/uber_writefilter.h b/test/extensions/filters/network/common/fuzz/uber_writefilter.h index 27e5d1e5dcb6c..9f6c34eb60e93 100644 --- a/test/extensions/filters/network/common/fuzz/uber_writefilter.h +++ b/test/extensions/filters/network/common/fuzz/uber_writefilter.h @@ -28,11 +28,11 @@ class UberWriteFilterFuzzer { private: Server::Configuration::FakeFactoryContext factory_context_; + Event::SimulatedTimeSystem& time_source_; Network::WriteFilterSharedPtr write_filter_; Network::FilterFactoryCb cb_; std::shared_ptr> write_filter_callbacks_; std::shared_ptr> read_filter_callbacks_; - }; } // namespace NetworkFilters From 4841b6520b9153fd62a60fe7081ee0a2a2c5116e Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 4 Aug 2020 09:37:48 -0500 Subject: [PATCH 70/76] added a test case for mongo, fixed style problem Signed-off-by: jianwen --- .../filters/network/common/fuzz/BUILD | 1 - .../mongodb_proxy_1 | 40 +++++++++++++------ .../fuzz/network_writefilter_fuzz.proto | 1 - .../fuzz/network_writefilter_fuzz_test.cc | 4 +- .../common/fuzz/uber_per_writefilter.cc | 5 ++- .../network/common/fuzz/uber_writefilter.cc | 21 ++++++++++ 6 files changed, 54 insertions(+), 18 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index 22e2b593f65f4..f9d1c1dd219b4 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -97,7 +97,6 @@ envoy_cc_fuzz_test( "//source/extensions/filters/network/kafka:kafka_broker_config_lib", "//source/extensions/filters/network/mongo_proxy:config", "//source/extensions/filters/network/mysql_proxy:config", - "//source/extensions/filters/network/postgres_proxy:config", "//source/extensions/filters/network/zookeeper_proxy:config", "//test/config:utility_lib", ], diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/mongodb_proxy_1 b/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/mongodb_proxy_1 index 27e39c4eba392..20a344f8fe351 100644 --- a/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/mongodb_proxy_1 +++ b/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/mongodb_proxy_1 @@ -2,12 +2,12 @@ config { name: "envoy.filters.network.mongo_proxy" typed_config { type_url: "type.googleapis.com/envoy.extensions.filters.network.mongo_proxy.v3.MongoProxy" - value: "\032\t\"\005\010\240\300\364S*\000 \001" + value: "\n\001\\\032\007\"\003\010\200t*\000 \001" } } actions { on_write { - data: "v\000" + data: "]\000" } } actions { @@ -17,9 +17,8 @@ actions { } } actions { - on_write { - data: "type.googleapis.com/envoy.extensions.filtN\000\000\000network.mongo_proxy.v3.MongoProxy" - end_stream: true + advance_time { + milliseconds: 14848 } } actions { @@ -29,32 +28,35 @@ actions { } } actions { - on_write { - end_stream: true + advance_time { + milliseconds: 14848 } } actions { on_write { - data: "\004\000" + data: "\004\000\001\000\000\000\000\000\000\001" end_stream: true } } actions { on_write { - data: "\004\000" + data: "<" end_stream: true } } actions { on_write { data: "\004\000" - end_stream: true } } actions { on_write { data: "\004\000" - end_stream: true + } +} +actions { + advance_time { + milliseconds: 14848 } } actions { @@ -65,10 +67,15 @@ actions { } actions { on_write { - data: "type.googleapis.com/envoy.extensions.filters.ne\000\000\000Nk.mongo_proxy.v3.MongoProxy" + data: "\004\000" end_stream: true } } +actions { + on_write { + data: "\004\000" + } +} actions { on_write { data: "pH\037\000 `\000\000" @@ -82,6 +89,9 @@ actions { } } actions { + advance_time { + milliseconds: 14848 + } } actions { on_write { @@ -89,3 +99,9 @@ actions { end_stream: true } } +actions { + on_write { + data: "\004\000" + end_stream: true + } +} diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.proto b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.proto index 1b08974d083ad..18d4e45757798 100644 --- a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.proto +++ b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.proto @@ -1,7 +1,6 @@ syntax = "proto3"; package test.extensions.filters.network; -import "google/protobuf/empty.proto"; import "validate/validate.proto"; import "envoy/config/listener/v3/listener_components.proto"; diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc index bc8165dd4e823..fdea3196bcac2 100644 --- a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc @@ -19,7 +19,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase // Replaying a corpus through the fuzzer will not be affected by the // post-processor mutation. - // TODO(jianwendong): Use a factory or a bazel library list to store the names of all + // TODO(jianwendong): consider using a factory to store the names of all // writefilters. static const auto filter_names = UberWriteFilterFuzzer::filterNames(); static const auto factories = Registry::FactoryRegistry< @@ -40,7 +40,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase try { TestUtility::validate(input); // Check the filter's name in case some filters are not supported yet. - // TODO(jianwendong): remove this if block after covering all the filters. + // TODO(jianwendong): remove this if block when we have a factory for writefilters. static const auto filter_names = UberWriteFilterFuzzer::filterNames(); if (std::find(filter_names.begin(), filter_names.end(), input.config().name()) == std::end(filter_names)) { diff --git a/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc b/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc index fe226bf641489..911caa250c522 100644 --- a/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_per_writefilter.cc @@ -15,8 +15,9 @@ std::vector UberWriteFilterFuzzer::filterNames() { Server::Configuration::NamedNetworkFilterConfigFactory>::factories(); const std::vector supported_filter_names = { NetworkFilterNames::get().ZooKeeperProxy, NetworkFilterNames::get().KafkaBroker, - NetworkFilterNames::get().MongoProxy, NetworkFilterNames::get().MySQLProxy, - // TODO(jianwendong) Add "NetworkFilterNames::get().Postgres" after its issues are fixed. + NetworkFilterNames::get().MongoProxy, NetworkFilterNames::get().MySQLProxy + // TODO(jianwendong) Add "NetworkFilterNames::get().Postgres" after it supports untrusted + // data. }; for (auto& filter_name : supported_filter_names) { if (factories.contains(filter_name)) { diff --git a/test/extensions/filters/network/common/fuzz/uber_writefilter.cc b/test/extensions/filters/network/common/fuzz/uber_writefilter.cc index aea1ebe9c225e..bdf1e490aa2da 100644 --- a/test/extensions/filters/network/common/fuzz/uber_writefilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_writefilter.cc @@ -3,6 +3,9 @@ #include "common/config/utility.h" #include "common/config/version_converter.h" +using testing::_; +using testing::Return; + namespace Envoy { namespace Extensions { namespace NetworkFilters { @@ -41,6 +44,24 @@ void UberWriteFilterFuzzer::fuzzerSetup() { write_filter_ = filter; })); factory_context_.prepareSimulatedSystemTime(); + // Set featureEnabled for mongo_proxy + ON_CALL(factory_context_.runtime_loader_.snapshot_, featureEnabled("mongo.proxy_enabled", 100)) + .WillByDefault(Return(true)); + ON_CALL(factory_context_.runtime_loader_.snapshot_, + featureEnabled("mongo.connection_logging_enabled", 100)) + .WillByDefault(Return(true)); + ON_CALL(factory_context_.runtime_loader_.snapshot_, featureEnabled("mongo.logging_enabled", 100)) + .WillByDefault(Return(true)); + // Set featureEnabled for thrift_proxy + ON_CALL(factory_context_.runtime_loader_.snapshot_, + featureEnabled("ratelimit.thrift_filter_enabled", 100)) + .WillByDefault(Return(true)); + ON_CALL(factory_context_.runtime_loader_.snapshot_, + featureEnabled("ratelimit.thrift_filter_enforcing", 100)) + .WillByDefault(Return(true)); + ON_CALL(factory_context_.runtime_loader_.snapshot_, + featureEnabled("ratelimit.test_key.thrift_filter_enabled", 100)) + .WillByDefault(Return(true)); } UberWriteFilterFuzzer::UberWriteFilterFuzzer() From 7ebb9456499d29779fcc3f709b997f87417902f6 Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 4 Aug 2020 09:38:43 -0500 Subject: [PATCH 71/76] fixed a spelling problem Signed-off-by: jianwen --- .../network/common/fuzz/network_writefilter_fuzz_test.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc index fdea3196bcac2..644ae03ff3287 100644 --- a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc @@ -20,7 +20,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase // post-processor mutation. // TODO(jianwendong): consider using a factory to store the names of all - // writefilters. + // writeFilters. static const auto filter_names = UberWriteFilterFuzzer::filterNames(); static const auto factories = Registry::FactoryRegistry< Server::Configuration::NamedNetworkFilterConfigFactory>::factories(); @@ -40,7 +40,7 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase try { TestUtility::validate(input); // Check the filter's name in case some filters are not supported yet. - // TODO(jianwendong): remove this if block when we have a factory for writefilters. + // TODO(jianwendong): remove this if block when we have a factory for writeFilters. static const auto filter_names = UberWriteFilterFuzzer::filterNames(); if (std::find(filter_names.begin(), filter_names.end(), input.config().name()) == std::end(filter_names)) { From 8739130f793541e031e08de0cf527940f5a82c75 Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 4 Aug 2020 10:10:57 -0500 Subject: [PATCH 72/76] removed the test case for postgres_proxy Signed-off-by: jianwen --- .../postgres_assert_failure_onwrite | 12 ------------ .../common/fuzz/network_writefilter_fuzz.proto | 2 +- 2 files changed, 1 insertion(+), 13 deletions(-) delete mode 100644 test/extensions/filters/network/common/fuzz/network_writefilter_corpus/postgres_assert_failure_onwrite diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/postgres_assert_failure_onwrite b/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/postgres_assert_failure_onwrite deleted file mode 100644 index 12fb84985ea6d..0000000000000 --- a/test/extensions/filters/network/common/fuzz/network_writefilter_corpus/postgres_assert_failure_onwrite +++ /dev/null @@ -1,12 +0,0 @@ -config { - name: "envoy.filters.network.postgres_proxy" - typed_config { - type_url: "type.googleapis.com/envoy.extensions.filters.network.postgres_proxy.v3alpha.PostgresProxy" - value: "\n\002v\031" - } -} -actions { - on_write { - data: "\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001" - } -} diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.proto b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.proto index 18d4e45757798..77de32b5858f8 100644 --- a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.proto +++ b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz.proto @@ -17,7 +17,7 @@ message AdvanceTime { message WriteAction { oneof action_selector { option (validate.required) = true; - // Call onData() + // Call onWrite() OnWrite on_write = 2; // Advance time_source_ AdvanceTime advance_time = 3; From 1bef133ec523af48e724377afd360d3b96143aa7 Mon Sep 17 00:00:00 2001 From: jianwen Date: Tue, 4 Aug 2020 16:53:44 -0500 Subject: [PATCH 73/76] added new lines and made the comment clearer Signed-off-by: jianwen --- .../filters/network/common/fuzz/uber_writefilter.cc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/extensions/filters/network/common/fuzz/uber_writefilter.cc b/test/extensions/filters/network/common/fuzz/uber_writefilter.cc index bdf1e490aa2da..62cd8171d1117 100644 --- a/test/extensions/filters/network/common/fuzz/uber_writefilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_writefilter.cc @@ -10,7 +10,7 @@ namespace Envoy { namespace Extensions { namespace NetworkFilters { void UberWriteFilterFuzzer::reset() { - // Reset some changes made by current filter on some mock objects. + // Reset the state of dependancies so that a new fuzz input starts in a clean state. // Close the connection to make sure the filter's callback is set to nullptr. write_filter_callbacks_->connection_.raiseEvent(Network::ConnectionEvent::LocalClose); @@ -44,6 +44,7 @@ void UberWriteFilterFuzzer::fuzzerSetup() { write_filter_ = filter; })); factory_context_.prepareSimulatedSystemTime(); + // Set featureEnabled for mongo_proxy ON_CALL(factory_context_.runtime_loader_.snapshot_, featureEnabled("mongo.proxy_enabled", 100)) .WillByDefault(Return(true)); @@ -52,6 +53,7 @@ void UberWriteFilterFuzzer::fuzzerSetup() { .WillByDefault(Return(true)); ON_CALL(factory_context_.runtime_loader_.snapshot_, featureEnabled("mongo.logging_enabled", 100)) .WillByDefault(Return(true)); + // Set featureEnabled for thrift_proxy ON_CALL(factory_context_.runtime_loader_.snapshot_, featureEnabled("ratelimit.thrift_filter_enabled", 100)) From 65101669068f92bab0a536fd04902c7f07f969c8 Mon Sep 17 00:00:00 2001 From: jianwen Date: Wed, 5 Aug 2020 19:08:56 -0500 Subject: [PATCH 74/76] fixed a spelling problem Signed-off-by: jianwen --- test/extensions/filters/network/common/fuzz/uber_writefilter.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/extensions/filters/network/common/fuzz/uber_writefilter.cc b/test/extensions/filters/network/common/fuzz/uber_writefilter.cc index 62cd8171d1117..c31a749f8fd4f 100644 --- a/test/extensions/filters/network/common/fuzz/uber_writefilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_writefilter.cc @@ -10,7 +10,7 @@ namespace Envoy { namespace Extensions { namespace NetworkFilters { void UberWriteFilterFuzzer::reset() { - // Reset the state of dependancies so that a new fuzz input starts in a clean state. + // Reset the state of dependencies so that a new fuzz input starts in a clean state. // Close the connection to make sure the filter's callback is set to nullptr. write_filter_callbacks_->connection_.raiseEvent(Network::ConnectionEvent::LocalClose); From 36129caa7a8339dd19523afdb0e0665d36d26d6c Mon Sep 17 00:00:00 2001 From: jianwen Date: Thu, 6 Aug 2020 15:26:11 -0500 Subject: [PATCH 75/76] removed a hardcoded debug code, used debug log in writefilter fuzzer. Signed-off-by: jianwen --- .../network/common/fuzz/network_writefilter_fuzz_test.cc | 1 - .../filters/network/common/fuzz/uber_writefilter.cc | 8 ++++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc index 644ae03ff3287..702cb4078db46 100644 --- a/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc +++ b/test/extensions/filters/network/common/fuzz/network_writefilter_fuzz_test.cc @@ -28,7 +28,6 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::network::FilterFuzzTestCase if (std::find(filter_names.begin(), filter_names.end(), input->config().name()) == std::end(filter_names)) { absl::string_view filter_name = filter_names[seed % filter_names.size()]; - filter_name = NetworkFilterNames::get().MongoProxy; input->mutable_config()->set_name(std::string(filter_name)); } // Set the corresponding type_url for Any. diff --git a/test/extensions/filters/network/common/fuzz/uber_writefilter.cc b/test/extensions/filters/network/common/fuzz/uber_writefilter.cc index c31a749f8fd4f..517429a1dd4bd 100644 --- a/test/extensions/filters/network/common/fuzz/uber_writefilter.cc +++ b/test/extensions/filters/network/common/fuzz/uber_writefilter.cc @@ -21,7 +21,7 @@ void UberWriteFilterFuzzer::reset() { // Clear the pointers inside the mock_dispatcher Event::MockDispatcher& mock_dispatcher = dynamic_cast(write_filter_callbacks_->connection_.dispatcher_); - mock_dispatcher.to_delete_.clear(); + mock_dispatcher.clearDeferredDeleteList(); write_filter_.reset(); } @@ -78,12 +78,12 @@ void UberWriteFilterFuzzer::fuzz( // Try to create the filter callback(cb_). Exit early if the config is invalid or violates PGV // constraints. const std::string& filter_name = proto_config.name(); - ENVOY_LOG_MISC(info, "filter name {}", filter_name); + ENVOY_LOG_MISC(debug, "filter name {}", filter_name); auto& factory = Config::Utility::getAndCheckFactoryByName< Server::Configuration::NamedNetworkFilterConfigFactory>(filter_name); ProtobufTypes::MessagePtr message = Config::Utility::translateToFactoryConfig( proto_config, factory_context_.messageValidationVisitor(), factory); - ENVOY_LOG_MISC(info, "Config content after decoded: {}", message->DebugString()); + ENVOY_LOG_MISC(debug, "Config content after decoded: {}", message->DebugString()); cb_ = factory.createFilterFactoryFromProto(*message, factory_context_); // Add filter to connection_. cb_(write_filter_callbacks_->connection_); @@ -92,7 +92,7 @@ void UberWriteFilterFuzzer::fuzz( return; } for (const auto& action : actions) { - ENVOY_LOG_MISC(info, "action {}", action.DebugString()); + ENVOY_LOG_MISC(debug, "action {}", action.DebugString()); switch (action.action_selector_case()) { case test::extensions::filters::network::WriteAction::kOnWrite: { ASSERT(write_filter_ != nullptr); From b85d48e3fcc86cbcc1d939bae08aafd868fbb490 Mon Sep 17 00:00:00 2001 From: jianwen Date: Thu, 6 Aug 2020 15:29:49 -0500 Subject: [PATCH 76/76] removed unnecessary BUILD deps. Signed-off-by: jianwen --- test/extensions/filters/network/common/fuzz/BUILD | 1 - 1 file changed, 1 deletion(-) diff --git a/test/extensions/filters/network/common/fuzz/BUILD b/test/extensions/filters/network/common/fuzz/BUILD index 96ad4832e509b..8f54f57e5de81 100644 --- a/test/extensions/filters/network/common/fuzz/BUILD +++ b/test/extensions/filters/network/common/fuzz/BUILD @@ -66,7 +66,6 @@ envoy_cc_fuzz_test( ":uber_readfilter_lib", "//source/common/config:utility_lib", "//test/config:utility_lib", - "//source/extensions/filters/network/thrift_proxy/filters/ratelimit:config", ] + envoy_all_network_filters(), )