From f0f8092d60bb96737fa096c29ec6d8adb5810390 Mon Sep 17 00:00:00 2001 From: Filippo Valsorda Date: Wed, 25 Mar 2020 02:15:30 -0400 Subject: [PATCH] internal/format: update fuzzing target Fixes #96 --- go.mod | 5 +++- go.sum | 21 ++++++++++++++++ internal/format/Dockerfile.go-fuzz | 21 ++++++++++++++++ internal/format/armor.go | 2 +- internal/format/format_gofuzz.go | 39 ++++++++++++++++++++++++------ 5 files changed, 79 insertions(+), 9 deletions(-) create mode 100644 internal/format/Dockerfile.go-fuzz diff --git a/go.mod b/go.mod index 71f50f1..2573f8e 100644 --- a/go.mod +++ b/go.mod @@ -2,4 +2,7 @@ module filippo.io/age go 1.13 -require golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 +require ( + github.com/sergi/go-diff v1.1.0 + golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 +) diff --git a/go.sum b/go.sum index 112faf0..89822ea 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,18 @@ +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= +github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 h1:3zb4D3T4G8jdExgVU/95+vQXfpEPiMdCaZgmGVxjNHM= golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -6,3 +21,9 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/internal/format/Dockerfile.go-fuzz b/internal/format/Dockerfile.go-fuzz new file mode 100644 index 0000000..589e510 --- /dev/null +++ b/internal/format/Dockerfile.go-fuzz @@ -0,0 +1,21 @@ +# Copyright 2019 Google LLC +# +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file or at +# https://developers.google.com/open-source/licenses/bsd + +# docker run --rm -v $PWD/workdir:/workdir $(docker build -q -f internal/format/Dockerfile.go-fuzz .) + +FROM golang:1.14-alpine3.11 + +RUN apk add --no-cache git +RUN go get github.com/dvyukov/go-fuzz/... + +ADD . $GOPATH/src/filippo.io/age/ +WORKDIR $GOPATH/src/filippo.io/age + +RUN go-fuzz-build ./internal/format + +VOLUME /workdir + +ENTRYPOINT ["go-fuzz", "-workdir", "/workdir", "-bin", "format-fuzz.zip"] diff --git a/internal/format/armor.go b/internal/format/armor.go index 89953a5..6058c89 100644 --- a/internal/format/armor.go +++ b/internal/format/armor.go @@ -148,7 +148,7 @@ func (r *armoredReader) Read(p []byte) (int, error) { r.unread = r.buf[:] n, err := base64.StdEncoding.Strict().Decode(r.unread, line) if err != nil { - return 0, r.setErr(err) + return 0, r.setErr(errors.New("invalid armor: " + err.Error())) } r.unread = r.unread[:n] diff --git a/internal/format/format_gofuzz.go b/internal/format/format_gofuzz.go index 4203a82..674f8eb 100644 --- a/internal/format/format_gofuzz.go +++ b/internal/format/format_gofuzz.go @@ -1,3 +1,9 @@ +// Copyright 2019 Google LLC +// +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file or at +// https://developers.google.com/open-source/licenses/bsd + // +build gofuzz package format @@ -6,10 +12,13 @@ import ( "bytes" "fmt" "io" - "os" + "strings" + + "github.com/sergi/go-diff/diffmatchpatch" ) func Fuzz(data []byte) int { + isArmored := bytes.HasPrefix(data, []byte("-----BEGIN AGE ENCRYPTED FILE-----")) h, payload, err := Parse(bytes.NewReader(data)) if err != nil { if h != nil { @@ -21,14 +30,30 @@ func Fuzz(data []byte) int { return 0 } w := &bytes.Buffer{} - if err := h.Marshal(w); err != nil { - panic(err) - } - if _, err := io.Copy(w, payload); err != nil { - panic(err) + if isArmored { + w := ArmoredWriter(w) + if err := h.Marshal(w); err != nil { + panic(err) + } + if _, err := io.Copy(w, payload); err != nil { + if strings.Contains(err.Error(), "invalid armor") { + return 0 + } + panic(err) + } + w.Close() + } else { + if err := h.Marshal(w); err != nil { + panic(err) + } + if _, err := io.Copy(w, payload); err != nil { + panic(err) + } } if !bytes.Equal(w.Bytes(), data) { - fmt.Fprintf(os.Stderr, "%s\n%q\n%q\n\n", w, data, w) + dmp := diffmatchpatch.New() + diffs := dmp.DiffMain(string(data), string(w.Bytes()), false) + fmt.Println(dmp.DiffToDelta(diffs)) panic("Marshal output different from input") } return 1