secfuzz

Documentation

Overview

Package secfuzz allows fuzz-based testing of seccomp-bpf programs.

Index

• type DiffFuzzer
  • func NewDiffFuzzer(f FuzzLike, fuzzee1, fuzzee2 *Fuzzee) (*DiffFuzzer, error)
  • func (df *DiffFuzzer) AddSeed(scData linux.SeccompData)
  • func (df *DiffFuzzer) DeriveCorpusFromRuleSets(ruleSets []seccomp.RuleSet)
  • func (df *DiffFuzzer) Fuzz()
• type FuzzLike
• type Fuzzee
  • func (f *Fuzzee) String() string
• type StaticCorpus
  • func (s *StaticCorpus) Add(seed ...any)
  • func (s *StaticCorpus) Errorf(message string, values ...any)
  • func (s *StaticCorpus) Fatalf(message string, values ...any)
  • func (s *StaticCorpus) Fuzz(fn any)
  • func (s *StaticCorpus) Helper()
  • func (s *StaticCorpus) Logf(message string, values ...any)

Types

type DiffFuzzer

type DiffFuzzer struct {
	// contains filtered or unexported fields
}

DiffFuzzer fuzzes two seccomp programs.

func NewDiffFuzzer

func NewDiffFuzzer(f FuzzLike, fuzzee1, fuzzee2 *Fuzzee) (*DiffFuzzer, error)

NewDiffFuzzer creates a fuzzer that verifies that two seccomp-bpf programs are equivalent by fuzzing both of them with the same inputs and checking that they output the same result.

func (*DiffFuzzer) AddSeed

func (df *DiffFuzzer) AddSeed(scData linux.SeccompData)

AddSeed adds the given syscall data to the fuzzer's seed corpus.

func (*DiffFuzzer) DeriveCorpusFromRuleSets

func (df *DiffFuzzer) DeriveCorpusFromRuleSets(ruleSets []seccomp.RuleSet)

DeriveCorpusFromRuleSets attempts to extract useful seed corpus rules out of the given `RuleSet`s.

func (*DiffFuzzer) Fuzz

func (df *DiffFuzzer) Fuzz()

Fuzz runs the fuzzer.

type FuzzLike

type FuzzLike interface {
	Helper()
	Add(seed ...any)
	Errorf(message string, values ...any)
	Fatalf(message string, values ...any)
	Logf(message string, values ...any)
	Fuzz(fn any)
}

FuzzLike represents a fuzzer. It is the subset of `testing.F` that secfuzz uses.

type Fuzzee

type Fuzzee struct {
	// Name is a human-friendly name for the program.
	Name string

	// If `EnforceFullCoverage` is set, the fuzz test will
	// fail if any instruction in the program is not covered.
	// The caller must ensure that the seed corpus is sufficient
	// to fully cover the program.
	EnforceFullCoverage bool

	// Instructions is the set of instructions in the program.
	Instructions []bpf.Instruction
	// contains filtered or unexported fields
}

Fuzzee wraps a program for the purpose of fuzzing.

func (*Fuzzee) String

func (f *Fuzzee) String() string

String returns the program's name.

type StaticCorpus

type StaticCorpus struct {
	T *testing.T
	// contains filtered or unexported fields
}

StaticCorpus allows a unit test to use secfuzz by using a static corpus. This allows checking for coverage and consistency between programs, but no new inputs beyond those explicitly added will be tested.

func (*StaticCorpus) Add

func (s *StaticCorpus) Add(seed ...any)

Add implements `FuzzLike.Add`.

func (*StaticCorpus) Errorf

func (s *StaticCorpus) Errorf(message string, values ...any)

Errorf implements `FuzzLike.Errorf`.

func (*StaticCorpus) Fatalf

func (s *StaticCorpus) Fatalf(message string, values ...any)

Fatalf implements `FuzzLike.Fatalf`.

func (*StaticCorpus) Fuzz

func (s *StaticCorpus) Fuzz(fn any)

Fuzz implements `FuzzLike.Fuzz`.

func (*StaticCorpus) Helper

func (s *StaticCorpus) Helper()

Helper implements `FuzzLike.Helper`.

func (*StaticCorpus) Logf

func (s *StaticCorpus) Logf(message string, values ...any)

Logf implements `FuzzLike.Logf`.