/src/fluent-bit/tests/internal/fuzzers/aws_credentials_fuzzer.c

Source
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */

/*  Fluent Bit
 *  ==========
 *  Copyright (C) 2023 The Fluent Bit Authors
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */

#include <stdint.h>
#include <fluent-bit.h>
#include <fluent-bit/flb_sds.h>
#include <fluent-bit/flb_aws_credentials.h>
#include <fluent-bit/flb_mem.h>
#include "flb_fuzz_header.h"

int initialization_crutch()
{
    struct flb_config *config;
    config = flb_config_init();
    if (config == NULL) {
        return -1;
    }
    flb_config_exit(config);
    return 0;
}


void fuzz_sts(const uint8_t *data, size_t size) {
    char *sks_response = get_null_terminated(150, &data, &size);

    struct flb_aws_credentials *creds;
    time_t expiration;

    creds = flb_parse_sts_resp(sks_response, &expiration);
    if (creds != NULL) {
        flb_aws_credentials_destroy(creds);
    }

    if (size > 300) {
        char *action = get_null_terminated(50, &data, &size);
        char *role_arn = get_null_terminated(50, &data, &size);
        char *session_name = get_null_terminated(50, &data, &size);
        char *external_id = get_null_terminated(50, &data, &size);
        char *identity_token = get_null_terminated(50, &data, &size);

        flb_sds_t s1 = flb_sts_uri(action, role_arn, session_name,
                                   external_id, identity_token);
        if (s1 != NULL) {
            flb_sds_destroy(s1);                
        }

        flb_free(action);
        flb_free(role_arn);
        flb_free(session_name);
        flb_free(external_id);
        flb_free(identity_token);
    }

    if (sks_response != NULL) {
        flb_free(sks_response);
    }
}


void fuzz_http(const uint8_t *data, size_t size) {
    time_t expiration;
    struct flb_aws_credentials *creds = NULL;

    char *response = get_null_terminated(250, &data, &size);
    creds = flb_parse_http_credentials(response, 250, &expiration);
    if (creds != NULL) {
        flb_aws_credentials_destroy(creds);
    }
    flb_free(response);
}


void fuzz_process(const uint8_t *data, size_t size) {
    char** tokens = NULL;
    char *input = get_null_terminated(250, &data, &size);
    tokens = parse_credential_process(input);
    if (tokens != NULL) {
        flb_free(tokens);
    }
    flb_free(input);
}


int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
    /* Set flb_malloc_mod to be fuzzer-data dependent */
    if (size < 304) {
        return 0;
    }
    flb_malloc_p = 0;
    flb_malloc_mod = *(int*)data;
    data += 4;
    size -= 4;

    /* Avoid division by zero for modulo operations */
    if (flb_malloc_mod == 0) {
        flb_malloc_mod = 1;
    }
    if (initialization_crutch() == -1) {
        return 0;
    }

    const uint8_t *data_copy = data;
    size_t size_copy = size;
    fuzz_sts(data_copy, size_copy);

    data_copy = data;
    size_copy = size;
    fuzz_http(data_copy, size_copy);

    data_copy = data;
    size_copy = size;
    fuzz_process(data_copy, size_copy);

    return 0;
}

Line	Count	Source
1		/* -- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -- */
2
3		/* Fluent Bit
4		* ==========
5		* Copyright (C) 2023 The Fluent Bit Authors
6		*
7		* Licensed under the Apache License, Version 2.0 (the "License");
8		* you may not use this file except in compliance with the License.
9		* You may obtain a copy of the License at
10		*
11		* http://www.apache.org/licenses/LICENSE-2.0
12		*
13		* Unless required by applicable law or agreed to in writing, software
14		* distributed under the License is distributed on an "AS IS" BASIS,
15		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16		* See the License for the specific language governing permissions and
17		* limitations under the License.
18		*/
19
20		#include <stdint.h>
21		#include <fluent-bit.h>
22		#include <fluent-bit/flb_sds.h>
23		#include <fluent-bit/flb_aws_credentials.h>
24		#include <fluent-bit/flb_mem.h>
25		#include "flb_fuzz_header.h"
26
27		int initialization_crutch()
28	950	{
29	950	struct flb_config *config;
30	950	config = flb_config_init();
31	950	if (config == NULL) {
32	280	return -1;
33	280	}
34	670	flb_config_exit(config);
35	670	return 0;
36	950	}
37
38
39	364	void fuzz_sts(const uint8_t *data, size_t size) {
40	364	char *sks_response = get_null_terminated(150, &data, &size);
41
42	364	struct flb_aws_credentials *creds;
43	364	time_t expiration;
44
45	364	creds = flb_parse_sts_resp(sks_response, &expiration);
46	364	if (creds != NULL) {
47	2	flb_aws_credentials_destroy(creds);
48	2	}
49
50	364	if (size > 300) {
51	54	char *action = get_null_terminated(50, &data, &size);
52	54	char *role_arn = get_null_terminated(50, &data, &size);
53	54	char *session_name = get_null_terminated(50, &data, &size);
54	54	char *external_id = get_null_terminated(50, &data, &size);
55	54	char *identity_token = get_null_terminated(50, &data, &size);
56
57	54	flb_sds_t s1 = flb_sts_uri(action, role_arn, session_name,
58	54	external_id, identity_token);
59	54	if (s1 != NULL) {
60	53	flb_sds_destroy(s1);
61	53	}
62
63	54	flb_free(action);
64	54	flb_free(role_arn);
65	54	flb_free(session_name);
66	54	flb_free(external_id);
67	54	flb_free(identity_token);
68	54	}
69
70	364	if (sks_response != NULL) {
71	364	flb_free(sks_response);
72	364	}
73	364	}
74
75
76	364	void fuzz_http(const uint8_t *data, size_t size) {
77	364	time_t expiration;
78	364	struct flb_aws_credentials *creds = NULL;
79
80	364	char *response = get_null_terminated(250, &data, &size);
81	364	creds = flb_parse_http_credentials(response, 250, &expiration);
82	364	if (creds != NULL) {
83	3	flb_aws_credentials_destroy(creds);
84	3	}
85	364	flb_free(response);
86	364	}
87
88
89	364	void fuzz_process(const uint8_t *data, size_t size) {
90	364	char** tokens = NULL;
91	364	char *input = get_null_terminated(250, &data, &size);
92	364	tokens = parse_credential_process(input);
93	364	if (tokens != NULL) {
94	98	flb_free(tokens);
95	98	}
96	364	flb_free(input);
97	364	}
98
99
100		int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
101	517	{
102		/* Set flb_malloc_mod to be fuzzer-data dependent */
103	517	if (size < 304) {
104	17	return 0;
105	17	}
106	500	flb_malloc_p = 0;
107	500	flb_malloc_mod = (int)data;
108	500	data += 4;
109	500	size -= 4;
110
111		/* Avoid division by zero for modulo operations */
112	500	if (flb_malloc_mod == 0) {
113	2	flb_malloc_mod = 1;
114	2	}
115	500	if (initialization_crutch() == -1) {
116	136	return 0;
117	136	}
118
119	364	const uint8_t *data_copy = data;
120	364	size_t size_copy = size;
121	364	fuzz_sts(data_copy, size_copy);
122
123	364	data_copy = data;
124	364	size_copy = size;
125	364	fuzz_http(data_copy, size_copy);
126
127	364	data_copy = data;
128	364	size_copy = size;
129	364	fuzz_process(data_copy, size_copy);
130
131	364	return 0;
132	500	}

Coverage Report

Created: 2024-09-19 07:08