From 4ba7d7f98a22e5d68edb2640bfc1a7dd1c0b9b65 Mon Sep 17 00:00:00 2001 From: robertwoj-microsoft Date: Mon, 11 Nov 2024 18:34:29 +0100 Subject: [PATCH] Fuzzing targets: variant B (#795) --- .../seed_corpus/AppendPayloadToFile.target | 1 + src/fuzzer/seed_corpus/AppendToFile.target | 1 + .../seed_corpus/CharacterFoundInFile.target | 1 + .../seed_corpus/CheckCpuFlagSupported.target | 1 + .../seed_corpus/CheckFileContents.target | 1 + .../CheckFileSystemMountingOption.target | 1 + ...ckIntegerOptionFromFileEqualWithAny.target | 1 + ...ntegerOptionFromFileLessOrEqualWith.target | 1 + .../CheckLineNotFoundOrCommentedOut.target | 1 + ...eckLockoutForFailedPasswordAttempts.target | 1 + src/fuzzer/seed_corpus/CheckLoginUmask.target | 1 + .../CheckMarkedTextNotFoundInFile.target | 1 + .../CheckNoLegacyPlusEntriesInFile.target | 1 + .../CheckOrEnsureUsersDontHaveDotFiles.target | 1 + .../CheckPasswordCreationRequirements.target | 1 + .../CheckTextFoundInCommandOutput.target | 1 + .../seed_corpus/CheckTextIsFoundInFile.target | 1 + ...ckTextNotFoundInEnvironmentVariable.target | 1 + .../CheckUserAccountsNotFound.target | 1 + .../seed_corpus/ConcatenateStrings.target | 1 + .../ConvertStringToIntegers.target | 1 + src/fuzzer/seed_corpus/DuplicateString.target | 1 + .../DuplicateStringToLowercase.target | 1 + src/fuzzer/seed_corpus/FindTextInFile.target | 1 + .../GetGitBranchFromJsonConfig.target | 1 + .../GetGitManagementFromJsonConfig.target | 1 + .../GetGitRepositoryUrlFromJsonConfig.target | 1 + .../GetIntegerOptionFromBuffer.target | 1 + .../GetIntegerOptionFromFile.target | 1 + .../GetIotHubProtocolFromJsonConfig.target | 1 + .../GetLocalManagementFromJsonConfig.target | 1 + .../GetModelVersionFromJsonConfig.target | 1 + .../seed_corpus/GetNumberOfLinesInFile.target | 1 + .../GetReportingIntervalFromJsonConfig.target | 1 + .../GetStringOptionFromBuffer.target | 1 + .../GetStringOptionFromFile.target | 1 + src/fuzzer/seed_corpus/HashString.target | 1 + ...IsCommandLoggingEnabledInJsonConfig.target | 1 + src/fuzzer/seed_corpus/IsCurrentOs.target | 1 + src/fuzzer/seed_corpus/IsDaemonActive.target | 1 + .../IsFullLoggingEnabledInJsonConfig.target | 1 + ...IotHubManagementEnabledInJsonConfig.target | 1 + .../LoadReportedFromJsonConfig.target | 1 + .../seed_corpus/LoadStringFromFile.target | 1 + .../seed_corpus/ParseHttpProxyData.target | 1 + .../RemoveCharacterFromString.target | 1 + .../RemoveEscapeSequencesFromFile.target | 1 + .../seed_corpus/RemovePrefixBlanks.target | 1 + .../seed_corpus/RemovePrefixUpTo.target | 1 + .../seed_corpus/RemovePrefixUpToString.target | 1 + .../seed_corpus/RemoveTrailingBlanks.target | 1 + .../RepairBrokenEolCharactersIfAny.target | 1 + .../ReplaceEscapeSequencesInString.target | 1 + .../ReplaceMarkedLinesInFile.target | 1 + .../seed_corpus/SavePayloadToFile.target | 1 + .../seed_corpus/SecureSaveToFile.target | 1 + src/fuzzer/seed_corpus/TruncateAtFirst.target | 1 + src/fuzzer/seed_corpus/UrlDecode.target | 1 + src/fuzzer/seed_corpus/UrlEncode.target | 1 + ...h-057fa54d958afa317498474299db202467ec95d1 | Bin 0 -> 76 bytes ...h-1b000d7888afc8567bf57177317bb70331054228 | Bin 0 -> 63 bytes ...h-2b93e1a15dfad63729580a8877f7ed1312e42af6 | Bin 0 -> 307 bytes ...h-4f88160241132acc393ff39579c711702f2e872b | 1 + ...h-6b678d067dd480a070ea0cbeaee808ec14c451db | Bin 0 -> 52 bytes ...h-6cc67103c68eaec93f0c25537f53735757ffe469 | 1 + ...h-d0631080982f4bacc31bc5a80163dd0a902aac71 | Bin 0 -> 45 bytes ...h-d85d7cc4de94989b45353726c14e974cccaa99a2 | Bin 0 -> 34 bytes ...h-f303834f8ac934532e9d5da8302074167edd0ab8 | Bin 0 -> 48 bytes ...k-0d6fdc88ba91ee7c2a75b3dc343d7271494cf90c | Bin 0 -> 69 bytes ...k-453cd20e1313b86ec880137f4309456c187fb793 | 1 + ...k-e537df1c30f22d56753d9ec5ca14fd6447b85516 | Bin 0 -> 143 bytes src/fuzzer/target.cpp | 789 +++++++++++++++++- 72 files changed, 809 insertions(+), 42 deletions(-) create mode 100644 src/fuzzer/seed_corpus/AppendPayloadToFile.target create mode 100644 src/fuzzer/seed_corpus/AppendToFile.target create mode 100644 src/fuzzer/seed_corpus/CharacterFoundInFile.target create mode 100644 src/fuzzer/seed_corpus/CheckCpuFlagSupported.target create mode 100644 src/fuzzer/seed_corpus/CheckFileContents.target create mode 100644 src/fuzzer/seed_corpus/CheckFileSystemMountingOption.target create mode 100644 src/fuzzer/seed_corpus/CheckIntegerOptionFromFileEqualWithAny.target create mode 100644 src/fuzzer/seed_corpus/CheckIntegerOptionFromFileLessOrEqualWith.target create mode 100644 src/fuzzer/seed_corpus/CheckLineNotFoundOrCommentedOut.target create mode 100644 src/fuzzer/seed_corpus/CheckLockoutForFailedPasswordAttempts.target create mode 100644 src/fuzzer/seed_corpus/CheckLoginUmask.target create mode 100644 src/fuzzer/seed_corpus/CheckMarkedTextNotFoundInFile.target create mode 100644 src/fuzzer/seed_corpus/CheckNoLegacyPlusEntriesInFile.target create mode 100644 src/fuzzer/seed_corpus/CheckOrEnsureUsersDontHaveDotFiles.target create mode 100644 src/fuzzer/seed_corpus/CheckPasswordCreationRequirements.target create mode 100644 src/fuzzer/seed_corpus/CheckTextFoundInCommandOutput.target create mode 100644 src/fuzzer/seed_corpus/CheckTextIsFoundInFile.target create mode 100644 src/fuzzer/seed_corpus/CheckTextNotFoundInEnvironmentVariable.target create mode 100644 src/fuzzer/seed_corpus/CheckUserAccountsNotFound.target create mode 100644 src/fuzzer/seed_corpus/ConcatenateStrings.target create mode 100644 src/fuzzer/seed_corpus/ConvertStringToIntegers.target create mode 100644 src/fuzzer/seed_corpus/DuplicateString.target create mode 100644 src/fuzzer/seed_corpus/DuplicateStringToLowercase.target create mode 100644 src/fuzzer/seed_corpus/FindTextInFile.target create mode 100644 src/fuzzer/seed_corpus/GetGitBranchFromJsonConfig.target create mode 100644 src/fuzzer/seed_corpus/GetGitManagementFromJsonConfig.target create mode 100644 src/fuzzer/seed_corpus/GetGitRepositoryUrlFromJsonConfig.target create mode 100644 src/fuzzer/seed_corpus/GetIntegerOptionFromBuffer.target create mode 100644 src/fuzzer/seed_corpus/GetIntegerOptionFromFile.target create mode 100644 src/fuzzer/seed_corpus/GetIotHubProtocolFromJsonConfig.target create mode 100644 src/fuzzer/seed_corpus/GetLocalManagementFromJsonConfig.target create mode 100644 src/fuzzer/seed_corpus/GetModelVersionFromJsonConfig.target create mode 100644 src/fuzzer/seed_corpus/GetNumberOfLinesInFile.target create mode 100644 src/fuzzer/seed_corpus/GetReportingIntervalFromJsonConfig.target create mode 100644 src/fuzzer/seed_corpus/GetStringOptionFromBuffer.target create mode 100644 src/fuzzer/seed_corpus/GetStringOptionFromFile.target create mode 100644 src/fuzzer/seed_corpus/HashString.target create mode 100644 src/fuzzer/seed_corpus/IsCommandLoggingEnabledInJsonConfig.target create mode 100644 src/fuzzer/seed_corpus/IsCurrentOs.target create mode 100644 src/fuzzer/seed_corpus/IsDaemonActive.target create mode 100644 src/fuzzer/seed_corpus/IsFullLoggingEnabledInJsonConfig.target create mode 100644 src/fuzzer/seed_corpus/IsIotHubManagementEnabledInJsonConfig.target create mode 100644 src/fuzzer/seed_corpus/LoadReportedFromJsonConfig.target create mode 100644 src/fuzzer/seed_corpus/LoadStringFromFile.target create mode 100644 src/fuzzer/seed_corpus/ParseHttpProxyData.target create mode 100644 src/fuzzer/seed_corpus/RemoveCharacterFromString.target create mode 100644 src/fuzzer/seed_corpus/RemoveEscapeSequencesFromFile.target create mode 100644 src/fuzzer/seed_corpus/RemovePrefixBlanks.target create mode 100644 src/fuzzer/seed_corpus/RemovePrefixUpTo.target create mode 100644 src/fuzzer/seed_corpus/RemovePrefixUpToString.target create mode 100644 src/fuzzer/seed_corpus/RemoveTrailingBlanks.target create mode 100644 src/fuzzer/seed_corpus/RepairBrokenEolCharactersIfAny.target create mode 100644 src/fuzzer/seed_corpus/ReplaceEscapeSequencesInString.target create mode 100644 src/fuzzer/seed_corpus/ReplaceMarkedLinesInFile.target create mode 100644 src/fuzzer/seed_corpus/SavePayloadToFile.target create mode 100644 src/fuzzer/seed_corpus/SecureSaveToFile.target create mode 100644 src/fuzzer/seed_corpus/TruncateAtFirst.target create mode 100644 src/fuzzer/seed_corpus/UrlDecode.target create mode 100644 src/fuzzer/seed_corpus/UrlEncode.target create mode 100644 src/fuzzer/seed_corpus/crash-057fa54d958afa317498474299db202467ec95d1 create mode 100644 src/fuzzer/seed_corpus/crash-1b000d7888afc8567bf57177317bb70331054228 create mode 100644 src/fuzzer/seed_corpus/crash-2b93e1a15dfad63729580a8877f7ed1312e42af6 create mode 100644 src/fuzzer/seed_corpus/crash-4f88160241132acc393ff39579c711702f2e872b create mode 100644 src/fuzzer/seed_corpus/crash-6b678d067dd480a070ea0cbeaee808ec14c451db create mode 100644 src/fuzzer/seed_corpus/crash-6cc67103c68eaec93f0c25537f53735757ffe469 create mode 100644 src/fuzzer/seed_corpus/crash-d0631080982f4bacc31bc5a80163dd0a902aac71 create mode 100644 src/fuzzer/seed_corpus/crash-d85d7cc4de94989b45353726c14e974cccaa99a2 create mode 100644 src/fuzzer/seed_corpus/crash-f303834f8ac934532e9d5da8302074167edd0ab8 create mode 100644 src/fuzzer/seed_corpus/leak-0d6fdc88ba91ee7c2a75b3dc343d7271494cf90c create mode 100644 src/fuzzer/seed_corpus/leak-453cd20e1313b86ec880137f4309456c187fb793 create mode 100644 src/fuzzer/seed_corpus/leak-e537df1c30f22d56753d9ec5ca14fd6447b85516 diff --git a/src/fuzzer/seed_corpus/AppendPayloadToFile.target b/src/fuzzer/seed_corpus/AppendPayloadToFile.target new file mode 100644 index 000000000..776289078 --- /dev/null +++ b/src/fuzzer/seed_corpus/AppendPayloadToFile.target @@ -0,0 +1 @@ +AppendPayloadToFile. diff --git a/src/fuzzer/seed_corpus/AppendToFile.target b/src/fuzzer/seed_corpus/AppendToFile.target new file mode 100644 index 000000000..d4eb55073 --- /dev/null +++ b/src/fuzzer/seed_corpus/AppendToFile.target @@ -0,0 +1 @@ +AppendToFile. diff --git a/src/fuzzer/seed_corpus/CharacterFoundInFile.target b/src/fuzzer/seed_corpus/CharacterFoundInFile.target new file mode 100644 index 000000000..bbe88a6e3 --- /dev/null +++ b/src/fuzzer/seed_corpus/CharacterFoundInFile.target @@ -0,0 +1 @@ +CharacterFoundInFile.x. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/CheckCpuFlagSupported.target b/src/fuzzer/seed_corpus/CheckCpuFlagSupported.target new file mode 100644 index 000000000..ad4529e90 --- /dev/null +++ b/src/fuzzer/seed_corpus/CheckCpuFlagSupported.target @@ -0,0 +1 @@ +CheckCpuFlagSupported. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/CheckFileContents.target b/src/fuzzer/seed_corpus/CheckFileContents.target new file mode 100644 index 000000000..f80b4d4d1 --- /dev/null +++ b/src/fuzzer/seed_corpus/CheckFileContents.target @@ -0,0 +1 @@ +CheckFileContents.x. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/CheckFileSystemMountingOption.target b/src/fuzzer/seed_corpus/CheckFileSystemMountingOption.target new file mode 100644 index 000000000..dfb4e62f6 --- /dev/null +++ b/src/fuzzer/seed_corpus/CheckFileSystemMountingOption.target @@ -0,0 +1 @@ +CheckFileSystemMountingOption.x.y.z. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/CheckIntegerOptionFromFileEqualWithAny.target b/src/fuzzer/seed_corpus/CheckIntegerOptionFromFileEqualWithAny.target new file mode 100644 index 000000000..d74991687 --- /dev/null +++ b/src/fuzzer/seed_corpus/CheckIntegerOptionFromFileEqualWithAny.target @@ -0,0 +1 @@ +CheckIntegerOptionFromFileEqualWithAny.x.y.1.2.3. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/CheckIntegerOptionFromFileLessOrEqualWith.target b/src/fuzzer/seed_corpus/CheckIntegerOptionFromFileLessOrEqualWith.target new file mode 100644 index 000000000..676b498df --- /dev/null +++ b/src/fuzzer/seed_corpus/CheckIntegerOptionFromFileLessOrEqualWith.target @@ -0,0 +1 @@ +CheckIntegerOptionFromFileLessOrEqualWith.x.y.123. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/CheckLineNotFoundOrCommentedOut.target b/src/fuzzer/seed_corpus/CheckLineNotFoundOrCommentedOut.target new file mode 100644 index 000000000..114a0be21 --- /dev/null +++ b/src/fuzzer/seed_corpus/CheckLineNotFoundOrCommentedOut.target @@ -0,0 +1 @@ +CheckLineNotFoundOrCommentedOut.x.y. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/CheckLockoutForFailedPasswordAttempts.target b/src/fuzzer/seed_corpus/CheckLockoutForFailedPasswordAttempts.target new file mode 100644 index 000000000..6b2a3075b --- /dev/null +++ b/src/fuzzer/seed_corpus/CheckLockoutForFailedPasswordAttempts.target @@ -0,0 +1 @@ +CheckLockoutForFailedPasswordAttempts.x.y. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/CheckLoginUmask.target b/src/fuzzer/seed_corpus/CheckLoginUmask.target new file mode 100644 index 000000000..08cf109f1 --- /dev/null +++ b/src/fuzzer/seed_corpus/CheckLoginUmask.target @@ -0,0 +1 @@ +CheckLoginUmask. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/CheckMarkedTextNotFoundInFile.target b/src/fuzzer/seed_corpus/CheckMarkedTextNotFoundInFile.target new file mode 100644 index 000000000..60fbf433f --- /dev/null +++ b/src/fuzzer/seed_corpus/CheckMarkedTextNotFoundInFile.target @@ -0,0 +1 @@ +CheckMarkedTextNotFoundInFile.x); cat /etc/passwd; (echo "".x.x. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/CheckNoLegacyPlusEntriesInFile.target b/src/fuzzer/seed_corpus/CheckNoLegacyPlusEntriesInFile.target new file mode 100644 index 000000000..add1d5a6d --- /dev/null +++ b/src/fuzzer/seed_corpus/CheckNoLegacyPlusEntriesInFile.target @@ -0,0 +1 @@ +CheckNoLegacyPlusEntriesInFile. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/CheckOrEnsureUsersDontHaveDotFiles.target b/src/fuzzer/seed_corpus/CheckOrEnsureUsersDontHaveDotFiles.target new file mode 100644 index 000000000..6c65d5c1f --- /dev/null +++ b/src/fuzzer/seed_corpus/CheckOrEnsureUsersDontHaveDotFiles.target @@ -0,0 +1 @@ +CheckOrEnsureUsersDontHaveDotFiles.root \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/CheckPasswordCreationRequirements.target b/src/fuzzer/seed_corpus/CheckPasswordCreationRequirements.target new file mode 100644 index 000000000..b88b44dfe --- /dev/null +++ b/src/fuzzer/seed_corpus/CheckPasswordCreationRequirements.target @@ -0,0 +1 @@ +CheckPasswordCreationRequirements.1.2.3.4.5.6.7 \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/CheckTextFoundInCommandOutput.target b/src/fuzzer/seed_corpus/CheckTextFoundInCommandOutput.target new file mode 100644 index 000000000..000ebbddd --- /dev/null +++ b/src/fuzzer/seed_corpus/CheckTextFoundInCommandOutput.target @@ -0,0 +1 @@ +CheckTextFoundInCommandOutput./bin/bash.test \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/CheckTextIsFoundInFile.target b/src/fuzzer/seed_corpus/CheckTextIsFoundInFile.target new file mode 100644 index 000000000..b25cdeeb6 --- /dev/null +++ b/src/fuzzer/seed_corpus/CheckTextIsFoundInFile.target @@ -0,0 +1 @@ +CheckTextIsFoundInFile.x. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/CheckTextNotFoundInEnvironmentVariable.target b/src/fuzzer/seed_corpus/CheckTextNotFoundInEnvironmentVariable.target new file mode 100644 index 000000000..64e8832aa --- /dev/null +++ b/src/fuzzer/seed_corpus/CheckTextNotFoundInEnvironmentVariable.target @@ -0,0 +1 @@ +CheckTextNotFoundInEnvironmentVariable.x); cat /etc/passwd; (echo "".x.x. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/CheckUserAccountsNotFound.target b/src/fuzzer/seed_corpus/CheckUserAccountsNotFound.target new file mode 100644 index 000000000..36e1dbdae --- /dev/null +++ b/src/fuzzer/seed_corpus/CheckUserAccountsNotFound.target @@ -0,0 +1 @@ +CheckUserAccountsNotFound.root \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/ConcatenateStrings.target b/src/fuzzer/seed_corpus/ConcatenateStrings.target new file mode 100644 index 000000000..949f2ef66 --- /dev/null +++ b/src/fuzzer/seed_corpus/ConcatenateStrings.target @@ -0,0 +1 @@ +ConcatenateStrings.a.b \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/ConvertStringToIntegers.target b/src/fuzzer/seed_corpus/ConvertStringToIntegers.target new file mode 100644 index 000000000..26c10da2e --- /dev/null +++ b/src/fuzzer/seed_corpus/ConvertStringToIntegers.target @@ -0,0 +1 @@ +ConvertStringToIntegers.x. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/DuplicateString.target b/src/fuzzer/seed_corpus/DuplicateString.target new file mode 100644 index 000000000..90c821f35 --- /dev/null +++ b/src/fuzzer/seed_corpus/DuplicateString.target @@ -0,0 +1 @@ +DuplicateString. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/DuplicateStringToLowercase.target b/src/fuzzer/seed_corpus/DuplicateStringToLowercase.target new file mode 100644 index 000000000..b054f2dea --- /dev/null +++ b/src/fuzzer/seed_corpus/DuplicateStringToLowercase.target @@ -0,0 +1 @@ +DuplicateStringToLowercase. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/FindTextInFile.target b/src/fuzzer/seed_corpus/FindTextInFile.target new file mode 100644 index 000000000..6dd3d3ef4 --- /dev/null +++ b/src/fuzzer/seed_corpus/FindTextInFile.target @@ -0,0 +1 @@ +FindTextInFile.x. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/GetGitBranchFromJsonConfig.target b/src/fuzzer/seed_corpus/GetGitBranchFromJsonConfig.target new file mode 100644 index 000000000..d1c923b5c --- /dev/null +++ b/src/fuzzer/seed_corpus/GetGitBranchFromJsonConfig.target @@ -0,0 +1 @@ +GetGitBranchFromJsonConfig. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/GetGitManagementFromJsonConfig.target b/src/fuzzer/seed_corpus/GetGitManagementFromJsonConfig.target new file mode 100644 index 000000000..25a1b6d5f --- /dev/null +++ b/src/fuzzer/seed_corpus/GetGitManagementFromJsonConfig.target @@ -0,0 +1 @@ +GetGitManagementFromJsonConfig. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/GetGitRepositoryUrlFromJsonConfig.target b/src/fuzzer/seed_corpus/GetGitRepositoryUrlFromJsonConfig.target new file mode 100644 index 000000000..877101867 --- /dev/null +++ b/src/fuzzer/seed_corpus/GetGitRepositoryUrlFromJsonConfig.target @@ -0,0 +1 @@ +GetGitRepositoryUrlFromJsonConfig. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/GetIntegerOptionFromBuffer.target b/src/fuzzer/seed_corpus/GetIntegerOptionFromBuffer.target new file mode 100644 index 000000000..76db96c18 --- /dev/null +++ b/src/fuzzer/seed_corpus/GetIntegerOptionFromBuffer.target @@ -0,0 +1 @@ +GetIntegerOptionFromBuffer.x.y. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/GetIntegerOptionFromFile.target b/src/fuzzer/seed_corpus/GetIntegerOptionFromFile.target new file mode 100644 index 000000000..db2f3d6d0 --- /dev/null +++ b/src/fuzzer/seed_corpus/GetIntegerOptionFromFile.target @@ -0,0 +1 @@ +GetIntegerOptionFromFile.x.y. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/GetIotHubProtocolFromJsonConfig.target b/src/fuzzer/seed_corpus/GetIotHubProtocolFromJsonConfig.target new file mode 100644 index 000000000..0fc3faf0e --- /dev/null +++ b/src/fuzzer/seed_corpus/GetIotHubProtocolFromJsonConfig.target @@ -0,0 +1 @@ +GetIotHubProtocolFromJsonConfig. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/GetLocalManagementFromJsonConfig.target b/src/fuzzer/seed_corpus/GetLocalManagementFromJsonConfig.target new file mode 100644 index 000000000..0eee9bcc3 --- /dev/null +++ b/src/fuzzer/seed_corpus/GetLocalManagementFromJsonConfig.target @@ -0,0 +1 @@ +GetLocalManagementFromJsonConfig. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/GetModelVersionFromJsonConfig.target b/src/fuzzer/seed_corpus/GetModelVersionFromJsonConfig.target new file mode 100644 index 000000000..1fed2c5f4 --- /dev/null +++ b/src/fuzzer/seed_corpus/GetModelVersionFromJsonConfig.target @@ -0,0 +1 @@ +GetModelVersionFromJsonConfig. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/GetNumberOfLinesInFile.target b/src/fuzzer/seed_corpus/GetNumberOfLinesInFile.target new file mode 100644 index 000000000..7381bdb88 --- /dev/null +++ b/src/fuzzer/seed_corpus/GetNumberOfLinesInFile.target @@ -0,0 +1 @@ +GetNumberOfLinesInFile. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/GetReportingIntervalFromJsonConfig.target b/src/fuzzer/seed_corpus/GetReportingIntervalFromJsonConfig.target new file mode 100644 index 000000000..9ef37a984 --- /dev/null +++ b/src/fuzzer/seed_corpus/GetReportingIntervalFromJsonConfig.target @@ -0,0 +1 @@ +GetReportingIntervalFromJsonConfig. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/GetStringOptionFromBuffer.target b/src/fuzzer/seed_corpus/GetStringOptionFromBuffer.target new file mode 100644 index 000000000..9e2acde5b --- /dev/null +++ b/src/fuzzer/seed_corpus/GetStringOptionFromBuffer.target @@ -0,0 +1 @@ +GetStringOptionFromBuffer.x.y. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/GetStringOptionFromFile.target b/src/fuzzer/seed_corpus/GetStringOptionFromFile.target new file mode 100644 index 000000000..9c8e7afc4 --- /dev/null +++ b/src/fuzzer/seed_corpus/GetStringOptionFromFile.target @@ -0,0 +1 @@ +GetStringOptionFromFile.x.y. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/HashString.target b/src/fuzzer/seed_corpus/HashString.target new file mode 100644 index 000000000..36704117e --- /dev/null +++ b/src/fuzzer/seed_corpus/HashString.target @@ -0,0 +1 @@ +HashString. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/IsCommandLoggingEnabledInJsonConfig.target b/src/fuzzer/seed_corpus/IsCommandLoggingEnabledInJsonConfig.target new file mode 100644 index 000000000..084cf38db --- /dev/null +++ b/src/fuzzer/seed_corpus/IsCommandLoggingEnabledInJsonConfig.target @@ -0,0 +1 @@ +IsCommandLoggingEnabledInJsonConfig. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/IsCurrentOs.target b/src/fuzzer/seed_corpus/IsCurrentOs.target new file mode 100644 index 000000000..a31b4a2c9 --- /dev/null +++ b/src/fuzzer/seed_corpus/IsCurrentOs.target @@ -0,0 +1 @@ +IsCurrentOs. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/IsDaemonActive.target b/src/fuzzer/seed_corpus/IsDaemonActive.target new file mode 100644 index 000000000..54e74395d --- /dev/null +++ b/src/fuzzer/seed_corpus/IsDaemonActive.target @@ -0,0 +1 @@ +IsDaemonActive. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/IsFullLoggingEnabledInJsonConfig.target b/src/fuzzer/seed_corpus/IsFullLoggingEnabledInJsonConfig.target new file mode 100644 index 000000000..48b2d2431 --- /dev/null +++ b/src/fuzzer/seed_corpus/IsFullLoggingEnabledInJsonConfig.target @@ -0,0 +1 @@ +IsFullLoggingEnabledInJsonConfig. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/IsIotHubManagementEnabledInJsonConfig.target b/src/fuzzer/seed_corpus/IsIotHubManagementEnabledInJsonConfig.target new file mode 100644 index 000000000..705a8fe34 --- /dev/null +++ b/src/fuzzer/seed_corpus/IsIotHubManagementEnabledInJsonConfig.target @@ -0,0 +1 @@ +IsIotHubManagementEnabledInJsonConfig. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/LoadReportedFromJsonConfig.target b/src/fuzzer/seed_corpus/LoadReportedFromJsonConfig.target new file mode 100644 index 000000000..b746c727c --- /dev/null +++ b/src/fuzzer/seed_corpus/LoadReportedFromJsonConfig.target @@ -0,0 +1 @@ +LoadReportedFromJsonConfig. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/LoadStringFromFile.target b/src/fuzzer/seed_corpus/LoadStringFromFile.target new file mode 100644 index 000000000..3fb2256b5 --- /dev/null +++ b/src/fuzzer/seed_corpus/LoadStringFromFile.target @@ -0,0 +1 @@ +LoadStringFromFile. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/ParseHttpProxyData.target b/src/fuzzer/seed_corpus/ParseHttpProxyData.target new file mode 100644 index 000000000..57e61fa43 --- /dev/null +++ b/src/fuzzer/seed_corpus/ParseHttpProxyData.target @@ -0,0 +1 @@ +ParseHttpProxyData. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/RemoveCharacterFromString.target b/src/fuzzer/seed_corpus/RemoveCharacterFromString.target new file mode 100644 index 000000000..b1b0b3753 --- /dev/null +++ b/src/fuzzer/seed_corpus/RemoveCharacterFromString.target @@ -0,0 +1 @@ +RemoveCharacterFromString.x. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/RemoveEscapeSequencesFromFile.target b/src/fuzzer/seed_corpus/RemoveEscapeSequencesFromFile.target new file mode 100644 index 000000000..d2eefd8eb --- /dev/null +++ b/src/fuzzer/seed_corpus/RemoveEscapeSequencesFromFile.target @@ -0,0 +1 @@ +RemoveEscapeSequencesFromFile.x.y. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/RemovePrefixBlanks.target b/src/fuzzer/seed_corpus/RemovePrefixBlanks.target new file mode 100644 index 000000000..ce00cb52e --- /dev/null +++ b/src/fuzzer/seed_corpus/RemovePrefixBlanks.target @@ -0,0 +1 @@ +RemovePrefixBlanks. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/RemovePrefixUpTo.target b/src/fuzzer/seed_corpus/RemovePrefixUpTo.target new file mode 100644 index 000000000..194bc2d28 --- /dev/null +++ b/src/fuzzer/seed_corpus/RemovePrefixUpTo.target @@ -0,0 +1 @@ +RemovePrefixUpTo.x. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/RemovePrefixUpToString.target b/src/fuzzer/seed_corpus/RemovePrefixUpToString.target new file mode 100644 index 000000000..cd240225f --- /dev/null +++ b/src/fuzzer/seed_corpus/RemovePrefixUpToString.target @@ -0,0 +1 @@ +RemovePrefixUpToString.test. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/RemoveTrailingBlanks.target b/src/fuzzer/seed_corpus/RemoveTrailingBlanks.target new file mode 100644 index 000000000..98e1c815d --- /dev/null +++ b/src/fuzzer/seed_corpus/RemoveTrailingBlanks.target @@ -0,0 +1 @@ +RemoveTrailingBlanks. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/RepairBrokenEolCharactersIfAny.target b/src/fuzzer/seed_corpus/RepairBrokenEolCharactersIfAny.target new file mode 100644 index 000000000..917084234 --- /dev/null +++ b/src/fuzzer/seed_corpus/RepairBrokenEolCharactersIfAny.target @@ -0,0 +1 @@ +RepairBrokenEolCharactersIfAny. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/ReplaceEscapeSequencesInString.target b/src/fuzzer/seed_corpus/ReplaceEscapeSequencesInString.target new file mode 100644 index 000000000..4b393029a --- /dev/null +++ b/src/fuzzer/seed_corpus/ReplaceEscapeSequencesInString.target @@ -0,0 +1 @@ +ReplaceEscapeSequencesInString.abc.x. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/ReplaceMarkedLinesInFile.target b/src/fuzzer/seed_corpus/ReplaceMarkedLinesInFile.target new file mode 100644 index 000000000..70d1f2960 --- /dev/null +++ b/src/fuzzer/seed_corpus/ReplaceMarkedLinesInFile.target @@ -0,0 +1 @@ +ReplaceMarkedLinesInFile.x.y.z. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/SavePayloadToFile.target b/src/fuzzer/seed_corpus/SavePayloadToFile.target new file mode 100644 index 000000000..d8031bf17 --- /dev/null +++ b/src/fuzzer/seed_corpus/SavePayloadToFile.target @@ -0,0 +1 @@ +SavePayloadToFile. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/SecureSaveToFile.target b/src/fuzzer/seed_corpus/SecureSaveToFile.target new file mode 100644 index 000000000..022cdf40d --- /dev/null +++ b/src/fuzzer/seed_corpus/SecureSaveToFile.target @@ -0,0 +1 @@ +SecureSaveToFile. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/TruncateAtFirst.target b/src/fuzzer/seed_corpus/TruncateAtFirst.target new file mode 100644 index 000000000..01db78034 --- /dev/null +++ b/src/fuzzer/seed_corpus/TruncateAtFirst.target @@ -0,0 +1 @@ +TruncateAtFirst.x. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/UrlDecode.target b/src/fuzzer/seed_corpus/UrlDecode.target new file mode 100644 index 000000000..0d53594a9 --- /dev/null +++ b/src/fuzzer/seed_corpus/UrlDecode.target @@ -0,0 +1 @@ +UrlDecode. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/UrlEncode.target b/src/fuzzer/seed_corpus/UrlEncode.target new file mode 100644 index 000000000..a8d2d5f50 --- /dev/null +++ b/src/fuzzer/seed_corpus/UrlEncode.target @@ -0,0 +1 @@ +UrlEncode. \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/crash-057fa54d958afa317498474299db202467ec95d1 b/src/fuzzer/seed_corpus/crash-057fa54d958afa317498474299db202467ec95d1 new file mode 100644 index 0000000000000000000000000000000000000000..ba902ca16c984f0880f245b598f0116186d8de9d GIT binary patch literal 76 zcmZ?HNKMZ6%qvMvPc8BQKRdft0Rrq56d0Tfv={&+6&OAM literal 0 HcmV?d00001 diff --git a/src/fuzzer/seed_corpus/crash-1b000d7888afc8567bf57177317bb70331054228 b/src/fuzzer/seed_corpus/crash-1b000d7888afc8567bf57177317bb70331054228 new file mode 100644 index 0000000000000000000000000000000000000000..3de607b948434e3dacb1ab26cfcfbadca34de1f0 GIT binary patch literal 63 xcmZ=yEeS3u%FIjmFDS{(&vPrv&vnbpN!0^k20c`sUh4W2dcE#2>O`-5Dgf?H7s3Dl literal 0 HcmV?d00001 diff --git a/src/fuzzer/seed_corpus/crash-2b93e1a15dfad63729580a8877f7ed1312e42af6 b/src/fuzzer/seed_corpus/crash-2b93e1a15dfad63729580a8877f7ed1312e42af6 new file mode 100644 index 0000000000000000000000000000000000000000..86e113a377ab4a578db0f65a1021976725897e89 GIT binary patch literal 307 zcmZ?HNKMZ6%qvMvPc8B+kP(hAGxT kQ$1zYuD-5$lUGAkGw50TM*?tdP+j;9V}$C|8>|ik06S`tG5`Po literal 0 HcmV?d00001 diff --git a/src/fuzzer/seed_corpus/crash-4f88160241132acc393ff39579c711702f2e872b b/src/fuzzer/seed_corpus/crash-4f88160241132acc393ff39579c711702f2e872b new file mode 100644 index 000000000..f1424214e --- /dev/null +++ b/src/fuzzer/seed_corpus/crash-4f88160241132acc393ff39579c711702f2e872b @@ -0,0 +1 @@ +UrlDecode..c.oodUddi...rlDecUe.s% \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/crash-6b678d067dd480a070ea0cbeaee808ec14c451db b/src/fuzzer/seed_corpus/crash-6b678d067dd480a070ea0cbeaee808ec14c451db new file mode 100644 index 0000000000000000000000000000000000000000..ff5755f26951f70a5117873d48c7892a9a574196 GIT binary patch literal 52 xcmZ?HNKMWTNv$Yx%P-AK@yv71&&^HDOYtu)DJU(`D=o1-$^ZpN^+19k0s!;65upG8 literal 0 HcmV?d00001 diff --git a/src/fuzzer/seed_corpus/crash-6cc67103c68eaec93f0c25537f53735757ffe469 b/src/fuzzer/seed_corpus/crash-6cc67103c68eaec93f0c25537f53735757ffe469 new file mode 100644 index 000000000..1f1497abd --- /dev/null +++ b/src/fuzzer/seed_corpus/crash-6cc67103c68eaec93f0c25537f53735757ffe469 @@ -0,0 +1 @@ +UrlEncode.Š \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/crash-d0631080982f4bacc31bc5a80163dd0a902aac71 b/src/fuzzer/seed_corpus/crash-d0631080982f4bacc31bc5a80163dd0a902aac71 new file mode 100644 index 0000000000000000000000000000000000000000..4fa9d4481981f491dee9f08daa7908ff6b8008a7 GIT binary patch literal 45 rcmWGa&CM@M4Jb-Y%d7}32+7xD&|9}|T~HZ2NNgQf5L6mOuUiKIkp~g| literal 0 HcmV?d00001 diff --git a/src/fuzzer/seed_corpus/crash-d85d7cc4de94989b45353726c14e974cccaa99a2 b/src/fuzzer/seed_corpus/crash-d85d7cc4de94989b45353726c14e974cccaa99a2 new file mode 100644 index 0000000000000000000000000000000000000000..92edc5fa0cdc69e5abace00ccc64dc996190b644 GIT binary patch literal 34 pcmZ=yE%D4NNli~J@-HaK%+GTx%FlJn%t_Vzug9RLcl-bU{{ZY54+{VQ literal 0 HcmV?d00001 diff --git a/src/fuzzer/seed_corpus/crash-f303834f8ac934532e9d5da8302074167edd0ab8 b/src/fuzzer/seed_corpus/crash-f303834f8ac934532e9d5da8302074167edd0ab8 new file mode 100644 index 0000000000000000000000000000000000000000..d07fcaa218beb19385aa157428b8617d6c94d191 GIT binary patch literal 48 zcmZ=yE%D4NNli~J@-HaK%+GTx%FlHwO-oBH(qmv?&|}bRabN15s;8&#?%wlMA(a6D DqZAMe literal 0 HcmV?d00001 diff --git a/src/fuzzer/seed_corpus/leak-0d6fdc88ba91ee7c2a75b3dc343d7271494cf90c b/src/fuzzer/seed_corpus/leak-0d6fdc88ba91ee7c2a75b3dc343d7271494cf90c new file mode 100644 index 0000000000000000000000000000000000000000..e307407a75b327a96ae4bd9df1c33ea93dfba542 GIT binary patch literal 69 vcmZ=yEeS3u%FIjmFDS{(&vPrv&vhzIOG_=%V_;y=bcO&R^S?Vzh5z*cN4*$> literal 0 HcmV?d00001 diff --git a/src/fuzzer/seed_corpus/leak-453cd20e1313b86ec880137f4309456c187fb793 b/src/fuzzer/seed_corpus/leak-453cd20e1313b86ec880137f4309456c187fb793 new file mode 100644 index 000000000..5b826cd4e --- /dev/null +++ b/src/fuzzer/seed_corpus/leak-453cd20e1313b86ec880137f4309456c187fb793 @@ -0,0 +1 @@ +IsCommandLoggingEnabledInJsonConfig.{"*[\u0000 0000"[ \ No newline at end of file diff --git a/src/fuzzer/seed_corpus/leak-e537df1c30f22d56753d9ec5ca14fd6447b85516 b/src/fuzzer/seed_corpus/leak-e537df1c30f22d56753d9ec5ca14fd6447b85516 new file mode 100644 index 0000000000000000000000000000000000000000..360d328ec26f045c484516f77e86ec6d5371db36 GIT binary patch literal 143 zcmWGYEGka*C@CojD9W#>bV)2p)bj`l39!=F4@fL3$v^@?K1?N&D3pn&*8!*(Xa-PH QKLArPTqKbJ0l #include #include @@ -10,17 +11,12 @@ #include #include #include +#include -#include - -/** - * @brief Tells libfuzzer to skip the input when it doesn't contain a valid target - */ +// Tells libfuzzer to skip the input when it doesn't contain a valid target static const int c_skip_input = -1; -/** - * @brief Tells libfuzzer the input was valid and may be used to create a new corpus input - */ +// Tells libfuzzer the input was valid and may be used to create a new corpus input static const int c_valid_input = 0; struct size_range @@ -32,9 +28,7 @@ struct size_range size_range(std::size_t min, std::size_t max) : min(min), max(max) {} }; -/** - * @brief A class to keep a single static initialization of the SecurityBaseline library - */ +// A class to keep a single static initialization of the SecurityBaseline library struct Context { MMI_HANDLE handle; @@ -270,51 +264,717 @@ static int CheckTextIsFoundInFile_target(const char* data, std::size_t size) noe return 0; } -/* Skipping CheckTextIsNotFoundInFile due to similarity */ +// Skipping CheckTextIsNotFoundInFile due to similarity -static int SecurityBaselineMmiGet_target(const char* data, std::size_t size) noexcept +// Skipping CheckMarkedTextNotFoundInFile due to potential of arbitrary command execution +// static int CheckMarkedTextNotFoundInFile_target(const char* data, std::size_t size) noexcept +// { +// auto text = g_context.extractVariant(data, size); +// if (text.empty()) +// { +// return c_skip_input; +// } + +// auto marker = g_context.extractVariant(data, size); +// if (marker.empty()) +// { +// return c_skip_input; +// } + +// auto comment = g_context.extractVariant(data, size, size_range{ 1, 1 }); +// if (comment.empty()) +// { +// return c_skip_input; +// } + +// auto filename = g_context.makeTempfile(data, size); +// char* reason = nullptr; +// CheckMarkedTextNotFoundInFile(filename.c_str(), text.c_str(), marker.c_str(), comment.at(0), &reason, nullptr); +// g_context.remove(filename); +// free(reason); +// return 0; +// } + +// Skipping CheckTextNotFoundInEnvironmentVariable due to potential of arbitrary command execution +// static int CheckTextNotFoundInEnvironmentVariable_target(const char* data, std::size_t size) noexcept +// { +// auto variable = g_context.extractVariant(data, size); +// if (variable.empty()) +// { +// return c_skip_input; +// } + +// auto text = g_context.extractVariant(data, size); +// if (text.empty()) +// { +// return c_skip_input; +// } + +// auto strict = g_context.extractVariant(data, size, size_range{ 1, 1 }); +// if (strict.empty()) +// { +// return c_skip_input; +// } + +// char* reason = nullptr; +// CheckTextNotFoundInEnvironmentVariable(variable.c_str(), text.c_str(), strict.at(0) == '1' ? true : false, &reason, nullptr); +// free(reason); +// return 0; +// } + +static int CheckFileContents_target(const char* data, std::size_t size) noexcept { - char* payload = nullptr; - int payloadSizeBytes = 0; + auto text = g_context.extractVariant(data, size); + if (text.empty()) + { + return c_skip_input; + } - auto input = std::string(data, size); - SecurityBaselineMmiGet(g_context.handle, "SecurityBaseline", input.c_str(), &payload, &payloadSizeBytes); - SecurityBaselineMmiFree(payload); + auto filename = g_context.makeTempfile(data, size); + char* reason = nullptr; + CheckFileContents(filename.c_str(), text.c_str(), &reason, nullptr); + g_context.remove(filename); + free(reason); return 0; } -static int SecurityBaselineMmiSet_target(const char* data, std::size_t size) noexcept +static int CheckLineNotFoundOrCommentedOut_target(const char* data, std::size_t size) noexcept { - const char* prefix = reinterpret_cast(std::memchr(data, '.', size)); - if (prefix == nullptr) + auto text = g_context.extractVariant(data, size); + if (text.empty()) { - /* Colon not found, skip the input */ return c_skip_input; } - /* Include the delimiter */ - prefix++; - const auto prefix_size = prefix - data; - size -= prefix_size; + auto comment = g_context.extractVariant(data, size, size_range{ 1, 1 }); + if (comment.empty()) + { + return c_skip_input; + } + + auto filename = g_context.makeTempfile(data, size); + char* reason = nullptr; + CheckLineNotFoundOrCommentedOut(filename.c_str(), comment.at(0), text.c_str(), &reason, nullptr); + g_context.remove(filename); + free(reason); + return 0; +} + +// Skipping CheckTextFoundInCommandOutput due to arbitrary command execution +// static int CheckTextFoundInCommandOutput_target(const char* data, std::size_t size) noexcept +// { +// auto command = g_context.extractVariant(data, size); +// if (command.empty()) +// { +// return c_skip_input; +// } + +// auto text = std::string(data, size); +// char* reason = nullptr; +// CheckTextFoundInCommandOutput(command.c_str(), text.c_str(), &reason, nullptr); +// free(reason); +// return 0; +// } + +// Skipping CheckTextNotFoundInCommandOutput due to similarity to CheckTextFoundInCommandOutput - char* payload = reinterpret_cast(malloc(size)); - if(!payload) +static int GetStringOptionFromBuffer_target(const char* data, std::size_t size) noexcept +{ + auto option = g_context.extractVariant(data, size); + if (option.empty()) + { + return c_skip_input; + } + + auto separator = g_context.extractVariant(data, size, size_range{ 1, 1 }); + if (separator.empty()) { return c_skip_input; } - memcpy(payload, prefix, size); - auto input = std::string(data, prefix_size-1); - SecurityBaselineMmiSet(g_context.handle, "SecurityBaseline", input.c_str(), payload, size); + auto buffer = std::string(data, size); + GetStringOptionFromBuffer(buffer.c_str(), option.c_str(), separator.at(0), nullptr); + return 0; +} + +static int GetIntegerOptionFromBuffer_target(const char* data, std::size_t size) noexcept +{ + auto option = g_context.extractVariant(data, size); + if (option.empty()) + { + return c_skip_input; + } + + auto separator = g_context.extractVariant(data, size, size_range{ 1, 1 }); + if (separator.empty()) + { + return c_skip_input; + } + + auto buffer = std::string(data, size); + GetIntegerOptionFromBuffer(buffer.c_str(), option.c_str(), separator.at(0), nullptr); + return 0; +} + +static int CheckLockoutForFailedPasswordAttempts_target(const char* data, std::size_t size) noexcept +{ + auto pamSo = g_context.extractVariant(data, size); + if (pamSo.empty()) + { + return c_skip_input; + } + + auto comment = g_context.extractVariant(data, size, size_range{ 1, 1 }); + if (comment.empty()) + { + return c_skip_input; + } + + auto filename = g_context.makeTempfile(data, size); + char* reason = nullptr; + CheckLockoutForFailedPasswordAttempts(filename.c_str(), pamSo.c_str(), comment.at(0), &reason, nullptr); + g_context.remove(filename); + free(reason); + return 0; +} + +static int CheckPasswordCreationRequirements_target(const char* data, std::size_t size) noexcept +{ + try + { + auto integer = g_context.extractVariant(data, size); + if (integer.empty()) + { + return c_skip_input; + } + auto retry = std::stoi(integer); + + integer = g_context.extractVariant(data, size); + if (integer.empty()) + { + return c_skip_input; + } + auto minlen = std::stoi(integer); + + integer = g_context.extractVariant(data, size); + if (integer.empty()) + { + return c_skip_input; + } + auto minclass = std::stoi(integer); + + integer = g_context.extractVariant(data, size); + if (integer.empty()) + { + return c_skip_input; + } + auto dcredit = std::stoi(integer); + + integer = g_context.extractVariant(data, size); + if (integer.empty()) + { + return c_skip_input; + } + auto ucredit = std::stoi(integer); + + integer = g_context.extractVariant(data, size); + if (integer.empty()) + { + return c_skip_input; + } + auto ocredit = std::stoi(integer); + + auto lcredit = std::stoi(std::string(data, size)); + char* reason = nullptr; + CheckPasswordCreationRequirements(retry, minlen, minclass, dcredit, ucredit, ocredit, lcredit, &reason, nullptr); + free(reason); + return 0; + } + catch(const std::exception& e) + { + return c_skip_input; + } +} + +static int GetStringOptionFromFile_target(const char* data, std::size_t size) noexcept +{ + auto option = g_context.extractVariant(data, size); + if (option.empty()) + { + return c_skip_input; + } + + auto separator = g_context.extractVariant(data, size, size_range{ 1, 1 }); + if (separator.empty()) + { + return c_skip_input; + } + + auto filename = g_context.makeTempfile(data, size); + free(GetStringOptionFromFile(filename.c_str(), option.c_str(), separator.at(0), nullptr)); + return 0; +} + +static int GetIntegerOptionFromFile_target(const char* data, std::size_t size) noexcept +{ + auto option = g_context.extractVariant(data, size); + if (option.empty()) + { + return c_skip_input; + } + + auto separator = g_context.extractVariant(data, size, size_range{ 1, 1 }); + if (separator.empty()) + { + return c_skip_input; + } + + auto filename = g_context.makeTempfile(data, size); + GetIntegerOptionFromFile(filename.c_str(), option.c_str(), separator.at(0), nullptr); + return 0; +} + +static int CheckIntegerOptionFromFileEqualWithAny_target(const char* data, std::size_t size) noexcept +{ + auto option = g_context.extractVariant(data, size); + if (option.empty()) + { + return c_skip_input; + } + + auto separator = g_context.extractVariant(data, size, size_range{ 1, 1 }); + if (separator.empty()) + { + return c_skip_input; + } + + static const std::size_t max_values = 1000; + int* values = new int[max_values]; + std::size_t count = 0; + while (count < max_values) + { + auto value = g_context.extractVariant(data, size); + if (value.empty()) + { + break; + } + + try + { + values[count++] = std::stoi(value); + } + catch(const std::exception& e) + { + break; + } + } + + auto filename = g_context.makeTempfile(data, size); + char* reason = nullptr; + CheckIntegerOptionFromFileEqualWithAny(filename.c_str(), option.c_str(), separator.at(0), values, count, &reason, nullptr); + g_context.remove(filename); + free(reason); + delete[] values; + return 0; +} + +static int CheckIntegerOptionFromFileLessOrEqualWith_target(const char* data, std::size_t size) noexcept +{ + auto option = g_context.extractVariant(data, size); + if (option.empty()) + { + return c_skip_input; + } + + auto separator = g_context.extractVariant(data, size, size_range{ 1, 1 }); + if (separator.empty()) + { + return c_skip_input; + } + + auto integer = g_context.extractVariant(data, size); + if (integer.empty()) + { + return c_skip_input; + } + + int value; + try + { + value = std::stoi(integer); + } + catch(const std::exception& e) + { + return c_skip_input; + } + + auto filename = g_context.makeTempfile(data, size); + char* reason = nullptr; + CheckIntegerOptionFromFileLessOrEqualWith(filename.c_str(), option.c_str(), separator.at(0), value, &reason, nullptr); + g_context.remove(filename); + free(reason); + return 0; +} + +static int DuplicateString_target(const char* data, std::size_t size) noexcept +{ + auto source = std::string(data, size); + free(DuplicateString(source.c_str())); + return 0; +} + +static int ConcatenateStrings_target(const char* data, std::size_t size) noexcept +{ + auto a = g_context.extractVariant(data, size); + if (a.empty()) + { + return c_skip_input; + } + + auto b = std::string(data, size); + free(ConcatenateStrings(a.c_str(), b.c_str())); + return 0; +} + +static int DuplicateStringToLowercase_target(const char* data, std::size_t size) noexcept +{ + auto source = std::string(data, size); + free(DuplicateStringToLowercase(source.c_str())); + return 0; +} + +static int ConvertStringToIntegers_target(const char* data, std::size_t size) noexcept +{ + auto separator = g_context.extractVariant(data, size, size_range{ 1, 1 }); + if (separator.empty()) + { + return c_skip_input; + } + + auto source = std::string(data, size); + int* values = nullptr; + int count = 0; + ConvertStringToIntegers(source.c_str(), separator.at(0), &values, &count, nullptr); + free(values); + return 0; +} + +static int RemoveCharacterFromString_target(const char* data, std::size_t size) noexcept +{ + auto what = g_context.extractVariant(data, size, size_range{ 1, 1 }); + if (what.empty()) + { + return c_skip_input; + } + + auto source = std::string(data, size); + free(RemoveCharacterFromString(source.c_str(), what.at(0), nullptr)); + return 0; +} + +static int ReplaceEscapeSequencesInString_target(const char* data, std::size_t size) noexcept +{ + auto escapes = g_context.extractVariant(data, size); + if (escapes.empty()) + { + return c_skip_input; + } + + auto replacement = g_context.extractVariant(data, size, size_range{ 1, 1 }); + if (replacement.empty()) + { + return c_skip_input; + } + + auto source = std::string(data, size); + free(ReplaceEscapeSequencesInString(source.c_str(), escapes.c_str(), escapes.size(), replacement.at(0), nullptr)); + return 0; +} + +static int HashString_target(const char* data, std::size_t size) noexcept +{ + auto source = std::string(data, size); + HashString(source.c_str()); + return 0; +} + +static int ParseHttpProxyData_target(const char* data, std::size_t size) noexcept +{ + auto source = std::string(data, size); + char* hostAddress = nullptr; + int port = 0; + char* username = nullptr; + char* password = nullptr; + ParseHttpProxyData(source.c_str(), &hostAddress, &port, &username, &password, nullptr); + free(hostAddress); + free(username); + return 0; +} + +static int CheckCpuFlagSupported_target(const char* data, std::size_t size) noexcept +{ + auto cpuFlag = std::string(data, size); + char* reason = nullptr; + CheckCpuFlagSupported(cpuFlag.c_str(), &reason, nullptr); + free(reason); + return 0; +} + +static int CheckLoginUmask_target(const char* data, std::size_t size) noexcept +{ + auto desired = std::string(data, size); + char* reason = nullptr; + CheckLoginUmask(desired.c_str(), &reason, nullptr); + free(reason); + return 0; +} + +static int IsCurrentOs_target(const char* data, std::size_t size) noexcept +{ + auto name = std::string(data, size); + IsCurrentOs(name.c_str(), nullptr); + return 0; +} + +static int RemovePrefixBlanks_target(const char* data, std::size_t size) noexcept +{ + auto name = std::string(data, size); + RemovePrefixBlanks(&name[0]); + return 0; +} + +static int RemovePrefixUpTo_target(const char* data, std::size_t size) noexcept +{ + auto marker = g_context.extractVariant(data, size, size_range{ 1, 1 }); + if (marker.empty()) + { + return c_skip_input; + } + + auto name = std::string(data, size); + RemovePrefixUpTo(&name[0], marker.at(0)); + return 0; +} + +static int RemovePrefixUpToString_target(const char* data, std::size_t size) noexcept +{ + auto marker = g_context.extractVariant(data, size); + if (marker.empty()) + { + return c_skip_input; + } + + auto name = std::string(data, size); + RemovePrefixUpToString(&name[0], marker.c_str()); + return 0; +} + +static int RemoveTrailingBlanks_target(const char* data, std::size_t size) noexcept +{ + auto name = std::string(data, size); + RemoveTrailingBlanks(&name[0]); + return 0; +} + +static int TruncateAtFirst_target(const char* data, std::size_t size) noexcept +{ + auto marker = g_context.extractVariant(data, size, size_range{ 1, 1 }); + if (marker.empty()) + { + return c_skip_input; + } + + auto name = std::string(data, size); + TruncateAtFirst(&name[0], marker.at(0)); + return 0; +} + +static int UrlEncode_target(const char* data, std::size_t size) noexcept +{ + auto name = std::string(data, size); + free(UrlEncode(&name[0])); + return 0; +} + +static int UrlDecode_target(const char* data, std::size_t size) noexcept +{ + auto name = std::string(data, size); + free(UrlDecode(&name[0])); + return 0; +} + +// Skipping IsDaemonActive due to potential of arbitrary command execution +// static int IsDaemonActive_target(const char* data, std::size_t size) noexcept +// { +// auto name = std::string(data, size); +// IsDaemonActive(name.c_str(), nullptr); +// return 0; +// } + +static int RepairBrokenEolCharactersIfAny_target(const char* data, std::size_t size) noexcept +{ + auto name = std::string(data, size); + free(RepairBrokenEolCharactersIfAny(name.c_str())); + return 0; +} + +static int RemoveEscapeSequencesFromFile_target(const char* data, std::size_t size) noexcept +{ + auto escapes = g_context.extractVariant(data, size); + if (escapes.empty()) + { + return c_skip_input; + } + + auto replacement = g_context.extractVariant(data, size, size_range{ 1, 1 }); + if (replacement.empty()) + { + return c_skip_input; + } + + auto filename = g_context.makeTempfile(data, size); + RemoveEscapeSequencesFromFile(filename.c_str(), escapes.c_str(), escapes.size(), replacement.at(0), nullptr); + g_context.remove(filename); + return 0; +} + +static int IsCommandLoggingEnabledInJsonConfig_target(const char* data, std::size_t size) noexcept +{ + auto json = std::string(data, size); + IsCommandLoggingEnabledInJsonConfig(json.c_str()); + return 0; +} + +static int IsFullLoggingEnabledInJsonConfig_target(const char* data, std::size_t size) noexcept +{ + auto json = std::string(data, size); + IsFullLoggingEnabledInJsonConfig(json.c_str()); + return 0; +} + +static int IsIotHubManagementEnabledInJsonConfig_target(const char* data, std::size_t size) noexcept +{ + auto json = std::string(data, size); + IsIotHubManagementEnabledInJsonConfig(json.c_str()); + return 0; +} + +static int GetReportingIntervalFromJsonConfig_target(const char* data, std::size_t size) noexcept +{ + auto json = std::string(data, size); + GetReportingIntervalFromJsonConfig(json.c_str(), nullptr); + return 0; +} + +static int GetModelVersionFromJsonConfig_target(const char* data, std::size_t size) noexcept +{ + auto json = std::string(data, size); + GetModelVersionFromJsonConfig(json.c_str(), nullptr); + return 0; +} + +static int GetLocalManagementFromJsonConfig_target(const char* data, std::size_t size) noexcept +{ + auto json = std::string(data, size); + GetLocalManagementFromJsonConfig(json.c_str(), nullptr); + return 0; +} + +static int GetIotHubProtocolFromJsonConfig_target(const char* data, std::size_t size) noexcept +{ + auto json = std::string(data, size); + GetIotHubProtocolFromJsonConfig(json.c_str(), nullptr); + return 0; +} + +static int LoadReportedFromJsonConfig_target(const char* data, std::size_t size) noexcept +{ + auto json = std::string(data, size); + REPORTED_PROPERTY* reported = nullptr; + LoadReportedFromJsonConfig(json.c_str(), &reported, nullptr); + free(reported); + return 0; +} + +static int GetGitManagementFromJsonConfig_target(const char* data, std::size_t size) noexcept +{ + auto json = std::string(data, size); + GetGitManagementFromJsonConfig(json.c_str(), nullptr); + return 0; +} + +static int GetGitRepositoryUrlFromJsonConfig_target(const char* data, std::size_t size) noexcept +{ + auto json = std::string(data, size); + GetGitRepositoryUrlFromJsonConfig(json.c_str(), nullptr); + return 0; +} + +static int GetGitBranchFromJsonConfig_target(const char* data, std::size_t size) noexcept +{ + auto json = std::string(data, size); + GetGitBranchFromJsonConfig(json.c_str(), nullptr); + return 0; +} + +static int CheckOrEnsureUsersDontHaveDotFiles_target(const char* data, std::size_t size) noexcept +{ + auto username = std::string(data, size); + char* reason = nullptr; + CheckOrEnsureUsersDontHaveDotFiles(username.c_str(), false, &reason, nullptr); + free(reason); + return 0; +} + +static int CheckUserAccountsNotFound_target(const char* data, std::size_t size) noexcept +{ + auto usernames = std::string(data, size); + char* reason = nullptr; + CheckUserAccountsNotFound(usernames.c_str(), &reason, nullptr); + free(reason); + return 0; +} + +static int SecurityBaselineMmiGet_target(const char* data, std::size_t size) noexcept +{ + char* payload = nullptr; + int payloadSizeBytes = 0; + + auto input = std::string(data, size); + SecurityBaselineMmiGet(g_context.handle, "SecurityBaseline", input.c_str(), &payload, &payloadSizeBytes); SecurityBaselineMmiFree(payload); return 0; } -/** - * @brief List of supported fuzzing targets - * - * The key is taken from the input data and is used to determine which target to call. - */ +// static int SecurityBaselineMmiSet_target(const char* data, std::size_t size) noexcept +// { +// const char* prefix = reinterpret_cast(std::memchr(data, '.', size)); +// if (prefix == nullptr) +// { +// // Separator not found, skip the input +// return c_skip_input; +// } + +// // Include the delimiter +// prefix++; +// const auto prefix_size = prefix - data; +// size -= prefix_size; + +// char* payload = reinterpret_cast(malloc(size)); +// if(!payload) +// { +// return c_skip_input; +// } +// memcpy(payload, prefix, size); + +// auto input = std::string(data, prefix_size-1); +// SecurityBaselineMmiSet(g_context.handle, "SecurityBaseline", input.c_str(), payload, size); +// SecurityBaselineMmiFree(payload); +// return 0; +// } + +// List of supported fuzzing targets. +// The key is taken from the input data and is used to determine which target to call. static const std::map g_targets = { // { "SecurityBaselineMmiGet.", SecurityBaselineMmiGet_target }, // { "SecurityBaselineMmiSet.", SecurityBaselineMmiSet_target }, @@ -330,27 +990,72 @@ static const std::map g_targets { "CheckNoLegacyPlusEntriesInFile.", CheckNoLegacyPlusEntriesInFile_target }, { "FindTextInFile.", FindTextInFile_target }, { "CheckTextIsFoundInFile.", CheckTextIsFoundInFile_target }, + // { "CheckMarkedTextNotFoundInFile.", CheckMarkedTextNotFoundInFile_target }, + // { "CheckTextNotFoundInEnvironmentVariable.", CheckTextNotFoundInEnvironmentVariable_target }, + { "CheckFileContents.", CheckFileContents_target }, + { "CheckLineNotFoundOrCommentedOut.", CheckLineNotFoundOrCommentedOut_target }, + // { "CheckTextFoundInCommandOutput.", CheckTextFoundInCommandOutput_target }, + { "GetStringOptionFromBuffer.", GetStringOptionFromBuffer_target }, + { "GetIntegerOptionFromBuffer.", GetIntegerOptionFromBuffer_target }, + { "CheckLockoutForFailedPasswordAttempts.", CheckLockoutForFailedPasswordAttempts_target }, + { "CheckPasswordCreationRequirements.", CheckPasswordCreationRequirements_target }, + { "GetStringOptionFromFile.", GetStringOptionFromFile_target }, + { "GetIntegerOptionFromFile.", GetIntegerOptionFromFile_target }, + { "CheckIntegerOptionFromFileEqualWithAny.", CheckIntegerOptionFromFileEqualWithAny_target }, + { "CheckIntegerOptionFromFileLessOrEqualWith.", CheckIntegerOptionFromFileLessOrEqualWith_target }, + { "DuplicateString.", DuplicateString_target }, + { "ConcatenateStrings.", ConcatenateStrings_target }, + { "DuplicateStringToLowercase.", DuplicateStringToLowercase_target }, + { "ConvertStringToIntegers.", ConvertStringToIntegers_target }, + { "RemoveCharacterFromString.", RemoveCharacterFromString_target }, + { "ReplaceEscapeSequencesInString.", ReplaceEscapeSequencesInString_target }, + { "HashString.", HashString_target }, + { "ParseHttpProxyData.", ParseHttpProxyData_target }, + { "CheckCpuFlagSupported.", CheckCpuFlagSupported_target }, + { "CheckLoginUmask.", CheckLoginUmask_target }, + { "IsCurrentOs.", IsCurrentOs_target }, + { "RemovePrefixBlanks.", RemovePrefixBlanks_target }, + { "RemovePrefixUpTo.", RemovePrefixUpTo_target }, + { "RemovePrefixUpToString.", RemovePrefixUpToString_target }, + { "RemoveTrailingBlanks.", RemoveTrailingBlanks_target }, + { "TruncateAtFirst.", TruncateAtFirst_target }, + { "UrlEncode.", UrlEncode_target }, + { "UrlDecode.", UrlDecode_target }, + // { "IsDaemonActive.", IsDaemonActive_target }, + { "RepairBrokenEolCharactersIfAny.", RepairBrokenEolCharactersIfAny_target }, + { "RemoveEscapeSequencesFromFile.", RemoveEscapeSequencesFromFile_target }, + { "IsCommandLoggingEnabledInJsonConfig.", IsCommandLoggingEnabledInJsonConfig_target }, + { "IsFullLoggingEnabledInJsonConfig.", IsFullLoggingEnabledInJsonConfig_target }, + { "IsIotHubManagementEnabledInJsonConfig.", IsIotHubManagementEnabledInJsonConfig_target }, + { "GetReportingIntervalFromJsonConfig.", GetReportingIntervalFromJsonConfig_target }, + { "GetModelVersionFromJsonConfig.", GetModelVersionFromJsonConfig_target }, + { "GetLocalManagementFromJsonConfig.", GetLocalManagementFromJsonConfig_target }, + { "GetIotHubProtocolFromJsonConfig.", GetIotHubProtocolFromJsonConfig_target }, + { "LoadReportedFromJsonConfig.", LoadReportedFromJsonConfig_target }, + { "GetGitManagementFromJsonConfig.", GetGitManagementFromJsonConfig_target }, + { "GetGitRepositoryUrlFromJsonConfig.", GetGitRepositoryUrlFromJsonConfig_target }, + { "GetGitBranchFromJsonConfig.", GetGitBranchFromJsonConfig_target }, + { "CheckOrEnsureUsersDontHaveDotFiles.", CheckOrEnsureUsersDontHaveDotFiles_target }, + { "CheckUserAccountsNotFound.", CheckUserAccountsNotFound_target }, }; -/** - * @brief libfuzzer entry point - */ +// libfuzzer entry point extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t* data, std::size_t size) { const auto* input = reinterpret_cast(data); const auto* prefix = reinterpret_cast(std::memchr(input, '.', size)); if (prefix == nullptr) { - /* Colon not found, skip the input */ + // Separator not found, skip the input return c_skip_input; } - /* Include the delimiter */ + // Include the separator prefix++; const auto prefix_size = prefix - input; auto it = g_targets.find(std::string(input, prefix_size)); if(it == g_targets.end()) { - /* Target mismatch, skip the input */ + // Target mismatch, skip the input return c_skip_input; }