From f1bdc9a42a7d75f90cc0c1e4191f4ef1a016a11a Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Mon, 11 Dec 2017 09:33:01 +0000 Subject: [PATCH] tests: add http client fuzz test --- contrib/epee/include/net/http_client.h | 17 ++++- contrib/fuzz_testing/fuzz.sh | 6 +- tests/data/fuzz/http-client/RESP1 | 8 +++ tests/fuzz/CMakeLists.txt | 14 ++++ tests/fuzz/http-client.cpp | 98 ++++++++++++++++++++++++++ 5 files changed, 137 insertions(+), 6 deletions(-) create mode 100644 tests/data/fuzz/http-client/RESP1 create mode 100644 tests/fuzz/http-client.cpp diff --git a/contrib/epee/include/net/http_client.h b/contrib/epee/include/net/http_client.h index 1a9d5d064..5c448fcb3 100644 --- a/contrib/epee/include/net/http_client.h +++ b/contrib/epee/include/net/http_client.h @@ -236,7 +236,8 @@ namespace net_utils namespace http { - class http_simple_client: public i_target_handler + template + class http_simple_client_template: public i_target_handler { private: enum reciev_machine_state @@ -259,7 +260,7 @@ namespace net_utils }; - blocked_mode_client m_net_client; + net_client_type m_net_client; std::string m_host_buff; std::string m_port; http_client_auth m_auth; @@ -276,7 +277,7 @@ namespace net_utils bool m_ssl; public: - explicit http_simple_client() + explicit http_simple_client_template() : i_target_handler() , m_net_client() , m_host_buff() @@ -428,6 +429,15 @@ namespace net_utils CRITICAL_REGION_LOCAL(m_lock); return invoke(uri, "POST", body, timeout, ppresponse_info, additional_params); } + //--------------------------------------------------------------------------- + bool test(const std::string &s, std::chrono::milliseconds timeout) // TEST FUNC ONLY + { + CRITICAL_REGION_LOCAL(m_lock); + m_net_client.set_test_data(s); + m_state = reciev_machine_state_header; + return handle_reciev(timeout); + } + //--------------------------------------------------------------------------- private: //--------------------------------------------------------------------------- inline bool handle_reciev(std::chrono::milliseconds timeout) @@ -957,6 +967,7 @@ namespace net_utils return true; } }; + typedef http_simple_client_template http_simple_client; } } } diff --git a/contrib/fuzz_testing/fuzz.sh b/contrib/fuzz_testing/fuzz.sh index 5be16a7d6..a97713510 100755 --- a/contrib/fuzz_testing/fuzz.sh +++ b/contrib/fuzz_testing/fuzz.sh @@ -10,12 +10,12 @@ fi type="$1" if test -z "$type" then - echo "usage: $0 block|transaction|signature|cold-outputs|cold-transaction|load-from-binary|load-from-json|base58|parse-url" + echo "usage: $0 block|transaction|signature|cold-outputs|cold-transaction|load-from-binary|load-from-json|base58|parse-url|http-client" exit 1 fi case "$type" in - block|transaction|signature|cold-outputs|cold-transaction|load-from-binary|load-from-json|base58|parse-url) ;; - *) echo "usage: $0 block|transaction|signature|cold-outputs|cold-transaction|load-from-binary|load-from-json|base58|parse-url"; exit 1 ;; + block|transaction|signature|cold-outputs|cold-transaction|load-from-binary|load-from-json|base58|parse-url|http-client) ;; + *) echo "usage: $0 block|transaction|signature|cold-outputs|cold-transaction|load-from-binary|load-from-json|base58|parse-url|http-client"; exit 1 ;; esac if test -d "fuzz-out/$type" diff --git a/tests/data/fuzz/http-client/RESP1 b/tests/data/fuzz/http-client/RESP1 new file mode 100644 index 000000000..3046dc886 --- /dev/null +++ b/tests/data/fuzz/http-client/RESP1 @@ -0,0 +1,8 @@ +HTTP/1.1 200 Ok +Server: Epee-based +Content-Length: 5 +Content-Type: text/plain +Last-Modified: Mon, 11 Dec 2017 09:03:03 GMT +Accept-Ranges: bytes + +foo diff --git a/tests/fuzz/CMakeLists.txt b/tests/fuzz/CMakeLists.txt index 8090b465a..2184ae48a 100644 --- a/tests/fuzz/CMakeLists.txt +++ b/tests/fuzz/CMakeLists.txt @@ -138,3 +138,17 @@ set_property(TARGET parse-url_fuzz_tests PROPERTY FOLDER "tests") +add_executable(http-client_fuzz_tests http-client.cpp fuzzer.cpp) +target_link_libraries(http-client_fuzz_tests + PRIVATE + epee + ${Boost_THREAD_LIBRARY} + ${Boost_REGEX_LIBRARY} + ${Boost_PROGRAM_OPTIONS_LIBRARY} + ${Boost_SYSTEM_LIBRARY} + ${CMAKE_THREAD_LIBS_INIT} + ${EXTRA_LIBRARIES}) +set_property(TARGET http-client_fuzz_tests + PROPERTY + FOLDER "tests") + diff --git a/tests/fuzz/http-client.cpp b/tests/fuzz/http-client.cpp new file mode 100644 index 000000000..21560df21 --- /dev/null +++ b/tests/fuzz/http-client.cpp @@ -0,0 +1,98 @@ +// Copyright (c) 2017, The Monero Project +// +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, are +// permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, this list of +// conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, this list +// of conditions and the following disclaimer in the documentation and/or other +// materials provided with the distribution. +// +// 3. Neither the name of the copyright holder nor the names of its contributors may be +// used to endorse or promote products derived from this software without specific +// prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#include "include_base_utils.h" +#include "file_io_utils.h" +#include "net/http_client.h" +#include "fuzzer.h" + +class dummy_client +{ +public: + bool connect(const std::string& addr, int port, std::chrono::milliseconds timeout, bool ssl = false, const std::string& bind_ip = "0.0.0.0") { return true; } + bool connect(const std::string& addr, const std::string& port, std::chrono::milliseconds timeout, bool ssl = false, const std::string& bind_ip = "0.0.0.0") { return true; } + bool disconnect() { return true; } + bool send(const std::string& buff, std::chrono::milliseconds timeout) { return true; } + bool send(const void* data, size_t sz) { return true; } + bool is_connected() { return true; } + bool recv(std::string& buff, std::chrono::milliseconds timeout) + { + buff = data; + data.clear(); + return true; + } + + void set_test_data(const std::string &s) { data = s; } + +private: + std::string data; +}; + +class HTTPClientFuzzer: public Fuzzer +{ +public: + HTTPClientFuzzer() {} + virtual int init(); + virtual int run(const std::string &filename); + +private: + epee::net_utils::http::http_simple_client_template client; +}; + +int HTTPClientFuzzer::init() +{ + return 0; +} + +int HTTPClientFuzzer::run(const std::string &filename) +{ + std::string s; + + if (!epee::file_io_utils::load_file_to_string(filename, s)) + { + std::cout << "Error: failed to load file " << filename << std::endl; + return 1; + } + try + { + client.test(s, std::chrono::milliseconds(1000)); + } + catch (const std::exception &e) + { + std::cerr << "Failed to test http client: " << e.what() << std::endl; + return 1; + } + return 0; +} + +int main(int argc, const char **argv) +{ + HTTPClientFuzzer fuzzer; + return run_fuzzer(argc, argv, fuzzer); +} +