fix dockerfile, add retry for fuzzserver and add dictionary for fuzzs…

…erver Signed-off-by: Sepehrdad Sh <[email protected]>
zalando · Nov 21, 2023 · a49531f · a49531f
1 parent a8f05b9
commit a49531f
Show file tree

Hide file tree

Showing 3 changed files with 236 additions and 5 deletions.
diff --git a/fuzz/Dockerfile b/fuzz/Dockerfile
@@ -4,14 +4,13 @@ WORKDIR /workspace
 
 COPY . .
 
-ENV DEBIAN_FRONTEND=noninteractive \
-    CC=clang
+ENV DEBIAN_FRONTEND=noninteractive
 
-RUN apt-get update && apt-get install -y make clang && \
+RUN apt-get update && apt-get install -y make clang-11 && \
     go install github.com/mdempsky/go114-fuzz-build@latest && \
     apt-get autoremove --purge -y && apt-get autoclean && \
     go mod init fuzz && go mod tidy && \
-    /usr/bin/make all
+    make all CC=clang-11 -j $(nproc)
 
 ENTRYPOINT [ "/usr/bin/make" ]
 

diff --git a/fuzz/dictionaries/FuzzServer.dict b/fuzz/dictionaries/FuzzServer.dict
@@ -0,0 +1,217 @@
+# Sources: https://github.com/google/fuzzing/blob/master/dictionaries/http.dict
+" *"
+" -"
+" \""
+"../"
+"/.."
+"/./"
+"//"
+"///"
+": "
+":/"
+"; "
+"<?"
+"%00"
+"00"
+"0-9"
+"1.0"
+"127.0.0.1"
+"-18446744073709551615"
+"18446744073709551615"
+"18446744073709551615\x0D\x0A"
+"%20"
+"%2E"
+"67000"
+"67000\x0D\x0A"
+"-9"
+"-9,"
+"923472498234723498324724298234792348234792348234792497234998234792349823479234983247923498234972349234247294723942394724218446"
+"923472498234723498324724298234792348234792348234792497234998234792349823479234983247923498234972349234247294723942394724218446\x0D\x0A"
+"98000123"
+"98000123\x0D\x0A"
+"Accept"
+"Accept-Charset"
+"Accept-Datetime"
+"Accept-Encoding"
+"Accept-Language"
+"Accept-Patch"
+"Accept-Ranges"
+"Access-Control-Allow-Credentials"
+"Access-Control-Allow-Headers"
+"Access-Control-Allow-Methods"
+"Access-Control-Allow-Origin"
+"Access-Control-Expose-Headers"
+"Access-Control-Max-Age"
+"Access-Control-Request-Headers"
+"Access-Control-Request-Method"
+"ACL"
+"Age"
+"A-IM"
+"Allow"
+"Alt-Svc"
+"Authorization"
+"BASELINE-CONTROL"
+"Basic"
+"BIND"
+"bo"
+"Cache-Control"
+"CHECKIN"
+"CHECKOUT"
+"CONNECT"
+"Connection"
+"Connection:"
+"Content-Disposition"
+"Content-Encoding"
+"Content-Language"
+"Content-Length"
+"Content-Location"
+"Content-MD5"
+"Content-Range"
+"Content-Security-Policy"
+"Content-Type"
+"Cookie"
+"COPY"
+"/d"
+"<d:"
+"Date"
+"dav"
+"DELETE"
+"Delta-Base"
+"DNT"
+"ETag"
+"exclusive"
+"Expect"
+"Expires"
+"foo"
+"foo.example"
+"Forwarded"
+"From"
+"Front-End-Https"
+"GET"
+"gzip"
+"HEAD"
+"Host"
+"href"
+"</html>"
+"<html>"
+"html"
+"http"
+"HTTP/1.0"
+"HTTP/1.1"
+"HTTP2-Settings"
+"https"
+"If-Match"
+"If-Modified-Since"
+"If-None-Match"
+"If-Range"
+"If-Unmodified-Since"
+"IM"
+"keep-alive"
+"LABEL"
+"Last-Modified"
+"Link"
+"LINK"
+"Location"
+"LOCK"
+"lockinfo"
+"lockscope"
+"locktype"
+"Lynx"
+"Max-Forwards"
+"me"
+"MERGE"
+"mi"
+"MKACTIVITY"
+"MKCALENDAR"
+"MKCOL"
+"MKREDIRECTREF"
+"MKWORKSPACE"
+"MOVE"
+"Negotiate"
+"nokeepalive"
+"only-if-cached"
+"OPTIONS"
+"ORDERPATCH"
+"Origin"
+"owner"
+"P3P	"
+"P3P"
+"pa"
+"PATCH"
+"POST"
+"Pragma"
+"PRI"
+"private area"
+"PROPFIND"
+"PROPPATCH"
+"Proxy-Authenticate"
+"Proxy-Authorization"
+"Proxy-Connection"
+"Public-Key-Pins"
+"PUT"
+"q=0.000"
+"Range"
+"re"
+"REBIND"
+"Referer"
+"Refresh"
+"REPORT"
+"Retry-After"
+"Save-Data"
+"SEARCH"
+"secret"
+"Server"
+"session="
+"Set-Cookie"
+"shared"
+"Status"
+"Strict-Transport-Security"
+"TE"
+"test"
+"Timing-Allow-Origin"
+"Tk"
+"TRACE"
+"Trailer"
+"trans"
+"Transfer-Encoding"
+"UNBIND"
+"UNCHECKOUT"
+"UNLINK"
+"UNLOCK"
+"UPDATE"
+"UPDATEREDIRECTREF"
+"Upgrade"
+"Upgrade-Insecure-Requests"
+"us"
+"User-Agent"
+"Vary"
+"VERSION-CONTROL"
+"Via"
+"Warning"
+"write"
+"WWW-Authenticate"
+"*\x00"
+"\x0D\x0A"
+"\x1F\x8B"
+"X-ATT-DeviceId"
+"X-Content-Duration"
+"X-Content-Security-Policy"
+"X-Content-Type-Options"
+"X-Correlation-ID"
+"X-Csrf-Token"
+"X-Forwarded-For"
+"X-Forwarded-Host"
+"X-Forwarded-Proto"
+"X-Frame-Options"
+"x-gzip"
+"X-Http-Method-Override"
+"<?xml"
+"xmlns"
+"X-Powered-By"
+"X-Requested-With"
+"X-Request-ID"
+"X-UA-Compatible"
+"X-UIDH"
+"X-Wap-Profile"
+"X-WebKit-CSP"
+"X-XSS-Protection"
diff --git a/fuzz/fuzz_targets/FuzzServer.go b/fuzz/fuzz_targets/FuzzServer.go
@@ -4,6 +4,7 @@
 package fuzz
 
 import (
+	"errors"
 	"log"
 	"net"
 
@@ -14,6 +15,20 @@ import (
 
 var initialized = false
 
+func connect(host string) (net.Conn, error) {
+	for i := 0; i < 15; i++ {
+		conn, err := net.Dial("tcp", host)
+
+		if err != nil {
+			continue
+		}
+
+		return conn, err
+	}
+
+	return nil, errors.New("unable to connect")
+}
+
 func FuzzServer(data []byte) int {
 	if !initialized {
 		cfg := config.NewConfig()
@@ -29,7 +44,7 @@ func FuzzServer(data []byte) int {
 		initialized = true
 	}
 
-	conn, err := net.Dial("tcp", "localhost:9090")
+	conn, err := connect("localhost:9090")
 
 	if err != nil {
 		log.Printf("failed to dial: %v\n", err)