vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-28 06:59:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
ntopng/fuzz/README.md
Riccardo Mori 151a047760
Add first fuzzing harness (#7430) 
* First sketch of fuzzing

* Add m4 script

The script is used in the fuzzing build

* Add stub sources in the makefile

* [Fuzz] Add RedisStub

* Add gitignore for fuzz dir

* Remove definition of non-implemented method

* [Fuzz] Refactoring code

* [Fuzz] Separate the protobuf support in the makefile

* Clean fuzzing related object files

* [Fuzz] Fix makefile

* Change gitignore

* [Fuzz] Separate headers

* [Fuzz] Add README.md

* [Fuzz] Change make target

* [Fuzz] Update README.md

* Add compatibilty with autoconf < 2.71

* Optionally disable hiredis integration

* Include hiredis only for production build

* [Fuzz] Disable period activities

* Remove unused dependencies for librrd

* Optionally use static linking for zmq library

* Add debug output regarding the linking of libzmq

* [Fuzz] Do not run on empty input

* Optionally use static linking for libjson-c

* Optionally use static linking for libmaxminddb

* Make mysqlclient dependency as optional

* Change gitignore

* [Fuzz] Add corpus for fuzz_dissect_packet

* [Fuzz] Refactor fuzz_dissect_packet

* Change gitignore

* [Fuzz] Use correct naming for corpus

* [Fuzz] Add dictionary

* [Fuzz] Fix declaration of LLVMFuzzerInitialize

* [Fuzz] Refactor onefile

* [Fuzz] Fix the initialization memory leaks

* [Fuzz] Fix invocation of LLVMFuzzerInitialize

* Remove double githooks folder

* [Fuzz] Set interface pcap_data_link

* Change gitignore

* Use pkg-config for detecting protobuf libraries

* Add license

* Improve error message
2023-05-02 16:06:52 +02:00

2.8 KiB
Raw Blame History

Fuzzing targets

The targets are meant to be run by google oss-fuzz however you can test it locally by configuring all the required flags.

Flags

These are all the flags that can be passed to the C/C++ compiler:

  • [REQUIRED] FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  • IS_AFL: Used only for local testing when using AFL++. It adds the main function that calls LLVMFuzzerTestOneInput. Note that it is not needed when fuzzing on ClusterFuzz.

These are all the env variables that can be passed to the configuration script:

  • LIB_FUZZING_ENGINE: the flag used by the fuzzing engine (afl, libfuzzer, ...)

Additionally there are some options that can be passed to ./configure

  • --enable-fuzztargets: Enable all the fuzzing targets. It is used in the ClusterFuzz environment
  • --enable-fuzztargets-local: Enable all the fuzzing targets, used for local testing
  • --with-fuzz-protobuf: Use libprotobuf-mutator.

Additional sanitizers can be enabled by passing the specific flags in CFLAGS and CXXFLAGS

Runtime configuration

Some of the fuzzing targets require a particular directory structure to run correctly. In order to satisfy all the targets it is strongly suggested to create the following directories in the same path where the targets are launched:

  • install
  • data-dir
  • docs
  • scripts
  • scripts/callbacks

Examples

Remember to run all the commands from the project root directory

Libfuzzer

./autogen.sh

CC=clang CXX=clang++ CPPFLAGS="-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" \
	CFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only -fsanitize=fuzzer-no-link" \
	CXXFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only -fsanitize=fuzzer-no-link" \
	LIB_FUZZING_ENGINE="-fsanitize=fuzzer" \
	NDPI_HOME=/path/to/nDPI \
	./configure --enable-fuzztargets --with-fuzz-protobuf

make -j$(nproc) fuzz_all

Libfuzzer + address sanitizer

./autogen.sh

CC=clang CXX=clang++ CPPFLAGS="-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" \
	CFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link" \
	CXXFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link" \
	LIB_FUZZING_ENGINE="-fsanitize=fuzzer" \
	NDPI_HOME=/path/to/nDPI \
	./configure --enable-fuzztargets --with-fuzz-protobuf

make -j$(nproc) fuzz_all

AFL++

./auogen.sh

CC=afl-clang-fast CXX=afl-clang-fast++ CPPFLAGS="-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -DIS_AFL" \
	CFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only" \
	CXXFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only -stdlib=libc++" \
	NDPI_HOME=/path/to/nDPI \
	./configure --enable-fuzztargets-local

make -j$(nproc) fuzz_all