Fuzz testing in Rust with Cargo-fuzz

Why fuzz testing?

#[test]
fn random_input_fails() {
fn prop(data: Vec<u8>) -> bool {
let keys = crypto::keys::Keeper::new_for_testing();
BlobReader::new(keys, crypto::CipherTextRef::new(&data[..]))
.is_err()

}
quickcheck::quickcheck(prop as fn(Vec<u8>) -> bool);
}

Fuzz testing with Cargo fuzz

cargo install cargo-fuzzcd hat-backup
rustup override set nightly
cargo fuzz init
> tree fuzz
fuzz
├── Cargo.toml
└── fuzz_targets
└── fuzz_target_1.rs

Fuzz testing the Hat backup system

fn metadata_test(info: models::FileInfo) {
if !info.name.is_empty() {
// Convert fuzzer-input to insertable file entry.
// The entry contains metadata like modified timestamp.

let entry = key::Entry::new_from_model(
None, key::Data::FilePlaceholder, info);
// Setup a testing Hat.
let (_backend, mut hat, mut fam) = setup_family();
// Backup the file entry with no data contents.
fam.snapshot_direct(entry.clone(), false, None).unwrap();
// Complete a full snapshot.
hat.commit(&mut fam, None).unwrap();
hat.meta_commit().unwrap();
hat.data_flush().unwrap();
// Setup virtual file-system and verify the snapshot.
let mut fs = Filesystem::new(hat);
if let vfs::fs::List::Dir(files) =
fs.ls(&path::PathBuf::from("familyname/1"))
.unwrap()
.expect("no files found")
{
assert_eq!(files.len(), 1);
let mut want = entry.info;
want.snapshot_ts_utc = files[0].0.info.snapshot_ts_utc;
assert_eq!(want, files[0].0.info);
} else {
panic!("familyname/1 is not a directory");
}
}
}
fn metadata_test_bincode(data: &[u8]) {
bincode::deserialize(data).ok().map(metadata_test);
}
fuzz_target!(|data: &[u8]| { metadata_test_bincode(data) });
cargo fuzz run insert_file_bincode
INFO: Seed: 3527004481
INFO: Loaded 1 modules (588119 guards): 588119
INFO: A corpus is not provided, starting from an empty corpus
#2 INITED cov: 881 ft: 877 corp: 1/1b exec/s: 0
#7 NEW cov: 1400 ft: 1472 corp: 2/54b exec/s: 0
#8 NEW cov: 2255 ft: 2743 corp: 3/89b exec/s: 0
#9 NEW cov: 2773 ft: 3749 corp: 4/159b exec/s: 0
#10 NEW cov: 2899 ft: 4179 corp: 5/195b exec/s: 0
#11 NEW cov: 4201 ft: 5638 corp: 6/4291b exec/s: 0
#19 REDUCE cov: 4201 ft: 5638 corp: 6/3226b exec/s: 0
#20 REDUCE cov: 4201 ft: 5638 corp: 6/3208b exec/s: 0
#27 REDUCE cov: 4201 ft: 5638 corp: 6/2696b exec/s: 0
#33 NEW cov: 4242 ft: 5842 corp: 7/2752b exec/s: 0
#40 REDUCE cov: 103425 ft: 103773 corp: 8/5257b exec/s: 0
#47 NEW cov: 103591 ft: 104604 corp: 9/7762b exec/s: 47
#53 NEW cov: 103619 ft: 104634 corp: 10/7808b exec/s: 53

So what is going on in this fuzz test?

What to expect

Example inputs

> hexdump fuzz/corpus/metadata_test_bincode/483ceba1... 
0000000 ffff ffff ffff ffff ffff ffff ffff ffff
*
0000020 ffff 0a0a
0000024
FileInfo {
name: "",
created_ts: 0,
modified_ts: 0,
accessed_ts: 0,
byte_length: 0,
owner: None,
permissions: None,
snapshot_ts_utc: 0
}
FileInfo {
name: "\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}"
"\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}"
"\u{4}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{4}\u{0}"
"z\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}",
created_ts: 0,
modified_ts: 0,
accessed_ts: 0,
byte_length: 0,
owner: None,
permissions: None,
snapshot_ts_utc: 0
}
FileInfo {
name: "\u{0}\u{0}\u{0}\u{0}\u{0}#...",
created_ts: 7307217257065611264,
modified_ts: 7310874267742461811,
accessed_ts: 1933205832,
byte_length: 3439329280,
owner: None,
permissions: None,
snapshot_ts_utc: 0
}

--

--

--

Start-up focused on CI with continuous fuzz testing. Visit us at https://seasoned.software.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

n to work with different CLI, different API o

Rollbacks and Pull-Request Previews using CloudFront & lambda@edge without Any Downtime

Java 學習記錄109 — Introduction to SQLite

How to unload/detach an R package without restarting R?

Docker API Abuse

Understanding OpenID Connect aka OIDC with Demo

3scale API Manager using Load Balancer for API Gateways

Things to know about Microsoft Azure

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Seasoned Software

Seasoned Software

Start-up focused on CI with continuous fuzz testing. Visit us at https://seasoned.software.

More from Medium

Tuning linux network stack - with examples - Part 1

An Extremely Basic Introduction into Websockets

HTTP PROTOCOL

WASM and SIMD with a sample (C++, TFLite)

Exchange messages with IBM MQ using Rust