forked from extern/nushell
Add 2 fuzzers for nu-path, nu-parser (#10376)
# Description This PR adds a fuzzer for the nu-path and the nu-parser crate. Now you can go to `crates/nu-path/fuzz`/`crates/nu-parser/fuzz` and run `cargo fuzz` to find crashes. https://github.com/nushell/nushell/issues/10365 and #9417 was found by this --------- Co-authored-by: sholderbach <sholderbach@users.noreply.github.com>
This commit is contained in:
parent
19d732f313
commit
bc7736bc99
@ -6,6 +6,7 @@ edition = "2021"
|
||||
license = "MIT"
|
||||
name = "nu-parser"
|
||||
version = "0.84.1"
|
||||
exclude = ["/fuzz"]
|
||||
|
||||
[lib]
|
||||
bench = false
|
||||
|
8
crates/nu-parser/fuzz/.gitignore
vendored
Normal file
8
crates/nu-parser/fuzz/.gitignore
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
target
|
||||
corpus
|
||||
artifacts
|
||||
coverage
|
||||
Cargo.lock
|
||||
out
|
||||
seeds
|
||||
|
29
crates/nu-parser/fuzz/Cargo.toml
Normal file
29
crates/nu-parser/fuzz/Cargo.toml
Normal file
@ -0,0 +1,29 @@
|
||||
[package]
|
||||
name = "nu-parser-fuzz"
|
||||
version = "0.0.0"
|
||||
publish = false
|
||||
edition = "2021"
|
||||
|
||||
[package.metadata]
|
||||
cargo-fuzz = true
|
||||
|
||||
[dependencies]
|
||||
libfuzzer-sys = "0.4"
|
||||
nu-protocol = { path = "../../nu-protocol" }
|
||||
|
||||
|
||||
[dependencies.nu-parser]
|
||||
path = ".."
|
||||
|
||||
# Prevent this from interfering with workspaces
|
||||
[workspace]
|
||||
members = ["."]
|
||||
|
||||
[profile.release]
|
||||
debug = 1
|
||||
|
||||
[[bin]]
|
||||
name = "parse"
|
||||
path = "fuzz_targets/parse.rs"
|
||||
test = false
|
||||
doc = false
|
9
crates/nu-parser/fuzz/README.md
Normal file
9
crates/nu-parser/fuzz/README.md
Normal file
@ -0,0 +1,9 @@
|
||||
# Fuzzer for `nu-parser`
|
||||
|
||||
- For detailed info, please look at [cargo-fuzz](https://github.com/rust-fuzz/cargo-fuzz)
|
||||
|
||||
# Quick start guide
|
||||
- Install cargo-fuzz by `cargo install cargo-fuzz`
|
||||
- Run `gather_seeds.nu` for preparing the initial seeds corpus
|
||||
- Make output directory `mkdir out`
|
||||
- Run the fuzzer with `cargo fuzz run parse out seeds`
|
13
crates/nu-parser/fuzz/fuzz_targets/parse.rs
Normal file
13
crates/nu-parser/fuzz/fuzz_targets/parse.rs
Normal file
@ -0,0 +1,13 @@
|
||||
#![no_main]
|
||||
|
||||
use libfuzzer_sys::fuzz_target;
|
||||
|
||||
use nu_parser::*;
|
||||
use nu_protocol::engine::{EngineState, StateWorkingSet};
|
||||
|
||||
fuzz_target!(|data: &[u8]| {
|
||||
let engine_state = EngineState::new();
|
||||
let mut working_set = StateWorkingSet::new(&engine_state);
|
||||
|
||||
let _block = parse(&mut working_set, None, &data, true);
|
||||
});
|
6
crates/nu-parser/fuzz/gather_seeds.nu
Executable file
6
crates/nu-parser/fuzz/gather_seeds.nu
Executable file
@ -0,0 +1,6 @@
|
||||
# Check if 'seeds' directory exists. If not, create one.
|
||||
let seeds_exists = "./seeds" | path exists
|
||||
if $seeds_exists == false { mkdir seeds }
|
||||
|
||||
# Gather all "*.nu" files from '../..' and copy them into 'seeds'
|
||||
ls ../../**/*.nu | get name | each {|f| cp $f ./seeds/}
|
2
crates/nu-parser/fuzz/rust-toolchain.toml
Normal file
2
crates/nu-parser/fuzz/rust-toolchain.toml
Normal file
@ -0,0 +1,2 @@
|
||||
[toolchain]
|
||||
channel = "nightly"
|
@ -6,6 +6,7 @@ edition = "2021"
|
||||
license = "MIT"
|
||||
name = "nu-path"
|
||||
version = "0.84.1"
|
||||
exclude = ["/fuzz"]
|
||||
|
||||
[lib]
|
||||
bench = false
|
||||
|
7
crates/nu-path/fuzz/.gitignore
vendored
Normal file
7
crates/nu-path/fuzz/.gitignore
vendored
Normal file
@ -0,0 +1,7 @@
|
||||
target
|
||||
corpus
|
||||
artifacts
|
||||
coverage
|
||||
Cargo.lock
|
||||
out
|
||||
|
27
crates/nu-path/fuzz/Cargo.toml
Normal file
27
crates/nu-path/fuzz/Cargo.toml
Normal file
@ -0,0 +1,27 @@
|
||||
[package]
|
||||
name = "nu-path-fuzz"
|
||||
version = "0.0.0"
|
||||
publish = false
|
||||
edition = "2021"
|
||||
|
||||
[package.metadata]
|
||||
cargo-fuzz = true
|
||||
|
||||
[dependencies]
|
||||
libfuzzer-sys = "0.4"
|
||||
|
||||
[dependencies.nu-path]
|
||||
path = ".."
|
||||
|
||||
# Prevent this from interfering with workspaces
|
||||
[workspace]
|
||||
members = ["."]
|
||||
|
||||
[profile.release]
|
||||
debug = 1
|
||||
|
||||
[[bin]]
|
||||
name = "path"
|
||||
path = "fuzz_targets/path_fuzzer.rs"
|
||||
test = false
|
||||
doc = false
|
8
crates/nu-path/fuzz/README.md
Normal file
8
crates/nu-path/fuzz/README.md
Normal file
@ -0,0 +1,8 @@
|
||||
# Fuzzer for `nu-path`
|
||||
|
||||
- For detailed info, please look at [cargo-fuzz](https://github.com/rust-fuzz/cargo-fuzz)
|
||||
|
||||
# Quick start guide
|
||||
- Install cargo-fuzz by `cargo install cargo-fuzz`
|
||||
- Make output directory `mkdir out`
|
||||
- Run the fuzzer with `cargo fuzz run parse out`
|
25
crates/nu-path/fuzz/fuzz_targets/path_fuzzer.rs
Normal file
25
crates/nu-path/fuzz/fuzz_targets/path_fuzzer.rs
Normal file
@ -0,0 +1,25 @@
|
||||
#![no_main]
|
||||
|
||||
use libfuzzer_sys::fuzz_target;
|
||||
use nu_path::{expand_path_with, expand_tilde, expand_to_real_path, trim_trailing_slash};
|
||||
|
||||
fuzz_target!(|data: &[u8]| {
|
||||
if let Ok(s) = std::str::from_utf8(data) {
|
||||
let path = std::path::Path::new(s);
|
||||
|
||||
// Fuzzing expand_to_real_path function
|
||||
let _ = expand_to_real_path(path);
|
||||
|
||||
// Fuzzing trim_trailing_slash function
|
||||
let _ = trim_trailing_slash(s);
|
||||
|
||||
// Fuzzing expand_tilde function
|
||||
let _ = expand_tilde(path);
|
||||
|
||||
// Fuzzing expand_path_with function
|
||||
// Here, we're assuming a second path for the "relative to" aspect.
|
||||
// For simplicity, we're just using the current directory.
|
||||
let current_dir = std::path::Path::new(".");
|
||||
let _ = expand_path_with(path, ¤t_dir);
|
||||
}
|
||||
});
|
2
crates/nu-path/fuzz/rust-toolchain.toml
Normal file
2
crates/nu-path/fuzz/rust-toolchain.toml
Normal file
@ -0,0 +1,2 @@
|
||||
[toolchain]
|
||||
channel = "nightly"
|
Loading…
Reference in New Issue
Block a user