Página inicial Explorar Ajuda
Entrar
thomas
/
open62541
Observar 1
Favorito 0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Ver código fonte

Use cmake on oss-fuzz

Stefan Profanter 7 anos atrás
pai
ff95247766
commit
2bcaaa248a
6 arquivos alterados com 65 adições e 88 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 6 1
      CMakeLists.txt
  2. 27 25
      tests/fuzz/CMakeLists.txt
  3. 5 2
      tests/fuzz/fuzz_binary_message.cc
  4. 0 60
      tests/fuzz/fuzz_common.h
  5. 19 0
      tests/fuzz/oss-fuzz-copy.sh
  6. 8 0
      tests/testing_networklayers.h

+ 6 - 1
CMakeLists.txt
Ver arquivo 

@@ -114,6 +114,8 @@ endif()
 
 option(UA_BUILD_EXAMPLES "Build example servers and clients" OFF)
 
 option(UA_BUILD_UNIT_TESTS "Build the unit tests" OFF)
 
 option(UA_BUILD_FUZZING "Build the fuzzing executables" OFF)
 
+option(UA_BUILD_OSS_FUZZ "Special build switch used in oss-fuzz" OFF)
 
+mark_as_advanced(UA_BUILD_OSS_FUZZ)
 
 option(UA_BUILD_EXAMPLES_NODESET_COMPILER "Generate an OPC UA information model from a nodeset XML (experimental)" OFF)
 
 
 # Advanced Build Targets
 
@@ -511,7 +513,10 @@ if(UA_BUILD_UNIT_TESTS)
 
     add_subdirectory(tests)
 
 endif()
 
 
-if(UA_BUILD_FUZZING)
 
+if(UA_BUILD_FUZZING OR UA_BUILD_OSS_FUZZ)
 
+    # Force enable discovery, to also fuzzy-test this code
 
+    set(UA_ENABLE_DISCOVERY ON CACHE STRING "" FORCE)
 
+    set(UA_ENABLE_DISCOVERY_MULTICAST ON CACHE STRING "" FORCE)
 
     add_subdirectory(tests/fuzz)
 
 endif()

+ 27 - 25
tests/fuzz/CMakeLists.txt
Ver arquivo 

@@ -3,36 +3,39 @@ include_directories(${PROJECT_SOURCE_DIR}/deps)
 
 include_directories(${PROJECT_SOURCE_DIR}/src)
 
 include_directories(${PROJECT_SOURCE_DIR}/src/server)
 
 include_directories(${PROJECT_SOURCE_DIR}/plugins)
 
+include_directories(${PROJECT_SOURCE_DIR}/tests)
 
 include_directories(${PROJECT_BINARY_DIR}/src_generated)
 
 
 remove_definitions(-std=c99 -Wmissing-prototypes -Wstrict-prototypes)
 
 set (CMAKE_CXX_STANDARD 11)
 
 
-if(NOT "x${CMAKE_C_COMPILER_ID}" STREQUAL "xClang")
 
-    MESSAGE(FATAL_ERROR "To build fuzzing, you need to use Clang as the compiler")
 
-endif()
 
-
 
-if (CMAKE_CXX_COMPILER_VERSION VERSION_LESS 5.0)
 
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address")
 
-    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address")
 
+if (NOT UA_BUILD_OSS_FUZZ)
 
+
 
+    if(NOT "x${CMAKE_C_COMPILER_ID}" STREQUAL "xClang")
 
+        MESSAGE(FATAL_ERROR "To build fuzzing, you need to use Clang as the compiler")
 
+    endif()
 
+
 
+    # oss-fuzz builds already include these flags
 
+    if (CMAKE_CXX_COMPILER_VERSION VERSION_LESS 5.0)
 
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address")
 
+        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address")
 
+    else()
 
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address -fsanitize-coverage=trace-pc-guard")
 
+        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fsanitize-coverage=trace-pc-guard")
 
+    endif()
 
+    set(LIBS Fuzzer)
 
+    set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_RUNTIME_OUTPUT_DIRECTORY})
 
 else()
 
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address -fsanitize-coverage=trace-pc-guard")
 
-    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fsanitize-coverage=trace-pc-guard")
 
+    set(LIBS $ENV{LIB_FUZZING_ENGINE})
 
+    set(CMAKE_RUNTIME_OUTPUT_DIRECTORY $ENV{OUT})
 
 endif()
 
-
 
-set(LIBS Fuzzer ${open62541_LIBRARIES})
 
-
 
-#############################
 
-# Compiled binaries folders #
 
-#############################
 
-
 
-set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin/fuzz)
 
-
 
+list(APPEND $LIBS ${open62541_LIBRARIES})
 
 
 
 # Use different plugins for testing
 
 set(fuzzing_plugin_sources ${PROJECT_SOURCE_DIR}/plugins/ua_network_tcp.c
 
         ${PROJECT_SOURCE_DIR}/plugins/ua_clock.c
 
+        ${PROJECT_SOURCE_DIR}/tests/testing_networklayers.c
 
         ${PROJECT_SOURCE_DIR}/plugins/ua_log_stdout.c
 
         ${PROJECT_SOURCE_DIR}/plugins/ua_config_standard.c
 
         ${PROJECT_SOURCE_DIR}/plugins/ua_accesscontrol_default.c)
 
@@ -40,7 +43,6 @@ set(fuzzing_plugin_sources ${PROJECT_SOURCE_DIR}/plugins/ua_network_tcp.c
 
 add_library(open62541-fuzzplugins OBJECT ${fuzzing_plugin_sources})
 
 add_dependencies(open62541-fuzzplugins open62541)
 
 
-
 
 # the fuzzer test are built directly on the open62541 object files. so they can
 
 # access symbols that are hidden/not exported to the shared library
 
 
@@ -50,12 +52,12 @@ target_link_libraries(fuzz_binary_message ${LIBS})
 
 
 add_custom_target(
 
         run_fuzzer
 
-        COMMAND ${CMAKE_BINARY_DIR}/bin/fuzz/fuzz_binary_message ${CMAKE_CURRENT_SOURCE_DIR}/fuzz_binary_message_corpus/client_Browse.bin
 
-        COMMAND ${CMAKE_BINARY_DIR}/bin/fuzz/fuzz_binary_message ${CMAKE_CURRENT_SOURCE_DIR}/fuzz_binary_message_corpus/client_CLO.bin
 
-        COMMAND ${CMAKE_BINARY_DIR}/bin/fuzz/fuzz_binary_message ${CMAKE_CURRENT_SOURCE_DIR}/fuzz_binary_message_corpus/client_CreateActivateSession.bin
 
-        COMMAND ${CMAKE_BINARY_DIR}/bin/fuzz/fuzz_binary_message ${CMAKE_CURRENT_SOURCE_DIR}/fuzz_binary_message_corpus/client_HELOPN.bin
 
-        COMMAND ${CMAKE_BINARY_DIR}/bin/fuzz/fuzz_binary_message ${CMAKE_CURRENT_SOURCE_DIR}/fuzz_binary_message_corpus/client_Read.bin
 
-        COMMAND ${CMAKE_BINARY_DIR}/bin/fuzz/fuzz_binary_message ${CMAKE_CURRENT_SOURCE_DIR}/fuzz_binary_message_corpus/client_Write.bin
 
+        COMMAND ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/fuzz_binary_message ${CMAKE_CURRENT_SOURCE_DIR}/fuzz_binary_message_corpus/client_Browse.bin
 
+        COMMAND ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/fuzz_binary_message ${CMAKE_CURRENT_SOURCE_DIR}/fuzz_binary_message_corpus/client_CLO.bin
 
+        COMMAND ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/fuzz_binary_message ${CMAKE_CURRENT_SOURCE_DIR}/fuzz_binary_message_corpus/client_CreateActivateSession.bin
 
+        COMMAND ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/fuzz_binary_message ${CMAKE_CURRENT_SOURCE_DIR}/fuzz_binary_message_corpus/client_HELOPN.bin
 
+        COMMAND ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/fuzz_binary_message ${CMAKE_CURRENT_SOURCE_DIR}/fuzz_binary_message_corpus/client_Read.bin
 
+        COMMAND ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/fuzz_binary_message ${CMAKE_CURRENT_SOURCE_DIR}/fuzz_binary_message_corpus/client_Write.bin
 
         WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
 
         DEPENDS fuzz_binary_message
 
         ${MAYBE_USES_TERMINAL})

+ 5 - 2
tests/fuzz/fuzz_binary_message.cc
Ver arquivo 

@@ -2,8 +2,11 @@
 
  * License, v. 2.0. If a copy of the MPL was not distributed with this
 
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 
-
 
-#include "fuzz_common.h"
 
+#include "ua_server_internal.h"
 
+#include "ua_config_standard.h"
 
+#include "ua_log_stdout.h"
 
+#include "ua_plugin_log.h"
 
+#include "testing_networklayers.h"
 
 
 /*
 
 ** Main entry point.  The fuzzer invokes this function with each

+ 0 - 60
tests/fuzz/fuzz_common.h
Ver arquivo 

@@ -1,60 +0,0 @@
 
-/* This Source Code Form is subject to the terms of the Mozilla Public
 
- * License, v. 2.0. If a copy of the MPL was not distributed with this
 
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-
 
-#ifndef OPEN62541_FUZZ_COMMON_H_H
 
-#define OPEN62541_FUZZ_COMMON_H_H
 
-
 
-#include "ua_server_internal.h"
 
-#include "ua_config_standard.h"
 
-#include "ua_log_stdout.h"
 
-#include "ua_plugin_log.h"
 
-
 
-static UA_INLINE UA_StatusCode
 
-dummyGetSendBuffer(UA_Connection *connection, size_t length, UA_ByteString *buf) {
 
-    buf->data = (UA_Byte*)malloc(length);
 
-    buf->length = length;
 
-    return UA_STATUSCODE_GOOD;
 
-}
 
-
 
-static UA_INLINE void
 
-dummyReleaseSendBuffer(UA_Connection *connection, UA_ByteString *buf) {
 
-    free(buf->data);
 
-}
 
-
 
-static UA_INLINE UA_StatusCode
 
-dummySend(UA_Connection *connection, UA_ByteString *buf) {
 
-    UA_ByteString_deleteMembers(buf);
 
-    return UA_STATUSCODE_GOOD;
 
-}
 
-
 
-static UA_INLINE void
 
-dummyReleaseRecvBuffer(UA_Connection *connection, UA_ByteString *buf) {
 
-    return;
 
-}
 
-
 
-static UA_INLINE void
 
-dummyClose(UA_Connection *connection) {
 
-    return;
 
-}
 
-
 
-
 
-UA_Connection createDummyConnection(void) {
 
-    UA_Connection c;
 
-    c.state = UA_CONNECTION_ESTABLISHED;
 
-    c.localConf = UA_ConnectionConfig_standard;
 
-    c.remoteConf = UA_ConnectionConfig_standard;
 
-    c.channel = NULL;
 
-    c.sockfd = 0;
 
-    c.handle = NULL;
 
-    c.incompleteMessage = UA_BYTESTRING_NULL;
 
-    c.getSendBuffer = dummyGetSendBuffer;
 
-    c.releaseSendBuffer = dummyReleaseSendBuffer;
 
-    c.send = dummySend;
 
-    c.recv = NULL;
 
-    c.releaseRecvBuffer = dummyReleaseRecvBuffer;
 
-    c.close = dummyClose;
 
-    return c;
 
-}
 
-
 
-#endif //OPEN62541_FUZZ_COMMON_H_H

+ 19 - 0
tests/fuzz/oss-fuzz-copy.sh
Ver arquivo 

@@ -0,0 +1,19 @@
 
+#!/usr/bin/env bash
 
+set -e
 
+
 
+# --------------------------------------------------------------------
 
+# Copies all the corpus files, dict and options to the $OUT directory.
 
+# This script is only used on oss-fuzz directly
 
+# --------------------------------------------------------------------
 
+
 
+fuzzerFiles=$(find $SRC/open62541/tests/fuzz/ -name "*.cc")
 
+
 
+for F in $fuzzerFiles; do
 
+	fuzzerName=$(basename $F .cc)
 
+
 
+	if [ -d "$SRC/open62541/tests/fuzz/${fuzzerName}_corpus" ]; then
 
+		zip -j $OUT/${fuzzerName}_seed_corpus.zip $SRC/open62541/tests/fuzz/${fuzzerName}_corpus/*
 
+	fi
 
+done
 
+
 
+cp $SRC/open62541/tests/fuzz/*.dict $SRC/open62541/tests/fuzz/*.options $OUT/

+ 8 - 0
tests/testing_networklayers.h
Ver arquivo 

@@ -7,7 +7,15 @@
 
 
 #include "ua_server.h"
 
 
+#ifdef __cplusplus
 
+extern "C" {
 
+#endif
 
+
 
 /** @brief Create the TCP networklayer and listen to the specified port */
 
 UA_Connection createDummyConnection(void);
 
 
+#ifdef __cplusplus
 
+}
 
+#endif
 
+
 
 #endif /* TESTING_NETWORKLAYERS_H_ */