/src/crow/tests/fuzz/request_fuzzer.cpp

Source (jump to first uncovered line)
#include <cstdint>
#include <fuzzer/FuzzedDataProvider.h>

#include  <sys/socket.h>

#include "crow.h"

constexpr const int SERVER_PORT = 18080;

/**
 * To be run in a separate thread,
 *
 * Starts up the web-server, configures a dummy route, and serves incoming requests
 */
static void start_web_server()
{
    crow::SimpleApp app{};

    CROW_ROUTE(app, "/test/<string>/<int>")
      ([](const crow::request& req, std::string a, int b)
       {
         std::string resp{};
         for (const auto & param : req.get_body_params().keys())
         {
            resp += param;
         }
         return resp;
       });

    crow::logger::setLogLevel(crow::LogLevel::CRITICAL);
    app.bindaddr("127.0.0.1")
      .port(SERVER_PORT)
      .multithreaded()
      .run();
}

/**
 * Called once at fuzzer start-up, initializes the web-server
 * @return True,
 */
static bool initialize_web_server()
{
    static std::thread ws_th{start_web_server};
    return true;
}

static int send_request_to_web_server(FuzzedDataProvider &fdp)
{
    int rc = -1;

    int sock = socket(AF_INET, SOCK_STREAM, 0);
    auto http_msg = fdp.ConsumeRemainingBytesAsString();
    sockaddr_in ws_addr{.sin_family=AF_INET, .sin_port= htons(SERVER_PORT)};
    ws_addr.sin_addr.s_addr = INADDR_ANY;

    if (-1 == sock)
    {
        goto done;
    }

    if (-1 == connect(sock, (struct sockaddr*) &ws_addr, sizeof(ws_addr)))
    {
        close(sock);
        goto done;
    }
    http_msg.insert(0, "GET / HTTP/1.1\r\n");

    send(sock, http_msg.c_str(), http_msg.length(), 0);
    close(sock);
    rc = 0;
done:
    return rc;
}

extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t* data, const std::size_t size)
{
    static bool initialized = initialize_web_server();
    FuzzedDataProvider fdp{data, size};

    send_request_to_web_server(fdp);
    return 0;
}

Line	Count	Source (jump to first uncovered line)
1		#include <cstdint>
2		#include <fuzzer/FuzzedDataProvider.h>
3
4		#include <sys/socket.h>
5
6		#include "crow.h"
7
8		constexpr const int SERVER_PORT = 18080;
9
10		/**
11		* To be run in a separate thread,
12		*
13		* Starts up the web-server, configures a dummy route, and serves incoming requests
14		*/
15		static void start_web_server()
16	0	{
17	0	crow::SimpleApp app{};
18
19	0	CROW_ROUTE(app, "/test/<string>/<int>")
20	0	([](const crow::request& req, std::string a, int b)
21	0	{
22	0	std::string resp{};
23	0	for (const auto & param : req.get_body_params().keys())
24	0	{
25	0	resp += param;
26	0	}
27	0	return resp;
28	0	});
29
30	0	crow::logger::setLogLevel(crow::LogLevel::CRITICAL);
31	0	app.bindaddr("127.0.0.1")
32	0	.port(SERVER_PORT)
33	0	.multithreaded()
34	0	.run();
35	0	}
36
37		/**
38		* Called once at fuzzer start-up, initializes the web-server
39		* @return True,
40		*/
41		static bool initialize_web_server()
42	0	{
43	0	static std::thread ws_th{start_web_server};
44	0	return true;
45	0	}
46
47		static int send_request_to_web_server(FuzzedDataProvider &fdp)
48	0	{
49	0	int rc = -1;
50
51	0	int sock = socket(AF_INET, SOCK_STREAM, 0);
52	0	auto http_msg = fdp.ConsumeRemainingBytesAsString();
53	0	sockaddr_in ws_addr{.sin_family=AF_INET, .sin_port= htons(SERVER_PORT)};
54	0	ws_addr.sin_addr.s_addr = INADDR_ANY;
55
56	0	if (-1 == sock)
57	0	{
58	0	goto done;
59	0	}
60
61	0	if (-1 == connect(sock, (struct sockaddr*) &ws_addr, sizeof(ws_addr)))
62	0	{
63	0	close(sock);
64	0	goto done;
65	0	}
66	0	http_msg.insert(0, "GET / HTTP/1.1\r\n");
67
68	0	send(sock, http_msg.c_str(), http_msg.length(), 0);
69	0	close(sock);
70	0	rc = 0;
71	0	done:
72	0	return rc;
73	0	}
74
75		extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t* data, const std::size_t size)
76		{
77		static bool initialized = initialize_web_server();
78		FuzzedDataProvider fdp{data, size};
79
80		send_request_to_web_server(fdp);
81		return 0;
82		}

Coverage Report

Created: 2024-09-11 06:20