secfuzz

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 30, 2024 License: Apache-2.0, MIT Imports: 8 Imported by: 0

Documentation

Overview

Package secfuzz allows fuzz-based testing of seccomp-bpf programs.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type DiffFuzzer 

type DiffFuzzer struct {
	// contains filtered or unexported fields
}

DiffFuzzer fuzzes two seccomp programs.

func NewDiffFuzzer 

func NewDiffFuzzer(f FuzzLike, fuzzee1, fuzzee2 *Fuzzee) (*DiffFuzzer, error)

NewDiffFuzzer creates a fuzzer that verifies that two seccomp-bpf programs are equivalent by fuzzing both of them with the same inputs and checking that they output the same result.

func (*DiffFuzzer) AddSeed 

func (df *DiffFuzzer) AddSeed(scData linux.SeccompData)

AddSeed adds the given syscall data to the fuzzer's seed corpus.

func (*DiffFuzzer) DeriveCorpusFromRuleSets 

func (df *DiffFuzzer) DeriveCorpusFromRuleSets(ruleSets []seccomp.RuleSet)

DeriveCorpusFromRuleSets attempts to extract useful seed corpus rules out of the given `RuleSet`s.

func (*DiffFuzzer) Fuzz 

func (df *DiffFuzzer) Fuzz()

Fuzz runs the fuzzer.

type FuzzLike 

type FuzzLike interface {
	Helper()
	Add(seed ...any)
	Errorf(message string, values ...any)
	Fatalf(message string, values ...any)
	Logf(message string, values ...any)
	Fuzz(fn any)
}

FuzzLike represents a fuzzer. It is the subset of `testing.F` that secfuzz uses.

type Fuzzee 

type Fuzzee struct {
	// Name is a human-friendly name for the program.
	Name string

	// If `EnforceFullCoverage` is set, the fuzz test will
	// fail if any instruction in the program is not covered.
	// The caller must ensure that the seed corpus is sufficient
	// to fully cover the program.
	EnforceFullCoverage bool

	// Instructions is the set of instructions in the program.
	Instructions []bpf.Instruction
	// contains filtered or unexported fields
}

Fuzzee wraps a program for the purpose of fuzzing.

func (*Fuzzee) String 

func (f *Fuzzee) String() string

String returns the program's name.

type StaticCorpus 

type StaticCorpus struct {
	T *testing.T
	// contains filtered or unexported fields
}

StaticCorpus allows a unit test to use secfuzz by using a static corpus. This allows checking for coverage and consistency between programs, but no new inputs beyond those explicitly added will be tested.

func (*StaticCorpus) Add 

func (s *StaticCorpus) Add(seed ...any)

Add implements `FuzzLike.Add`.

func (*StaticCorpus) Errorf 

func (s *StaticCorpus) Errorf(message string, values ...any)

Errorf implements `FuzzLike.Errorf`.

func (*StaticCorpus) Fatalf 

func (s *StaticCorpus) Fatalf(message string, values ...any)

Fatalf implements `FuzzLike.Fatalf`.

func (*StaticCorpus) Fuzz 

func (s *StaticCorpus) Fuzz(fn any)

Fuzz implements `FuzzLike.Fuzz`.

func (*StaticCorpus) Helper 

func (s *StaticCorpus) Helper()

Helper implements `FuzzLike.Helper`.

func (*StaticCorpus) Logf 

func (s *StaticCorpus) Logf(message string, values ...any)

Logf implements `FuzzLike.Logf`.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.