Add 2 fuzzers for nu-path, nu-parser (#10376)

# Description This PR adds a fuzzer for the nu-path and the nu-parser crate. Now you can go to `crates/nu-path/fuzz`/`crates/nu-parser/fuzz` and run `cargo fuzz` to find crashes. #10365 and #9417 was found by this --------- Co-authored-by: sholderbach <[email protected]>
nushell · Sep 16, 2023 · bc7736b · bc7736b
1 parent 19d732f
commit bc7736b
Show file tree

Hide file tree

Showing 13 changed files with 138 additions and 0 deletions.
diff --git a/crates/nu-parser/Cargo.toml b/crates/nu-parser/Cargo.toml
@@ -6,6 +6,7 @@ edition = "2021"
 license = "MIT"
 name = "nu-parser"
 version = "0.84.1"
+exclude = ["/fuzz"]
 
 [lib]
 bench = false

diff --git a/crates/nu-parser/fuzz/.gitignore b/crates/nu-parser/fuzz/.gitignore
@@ -0,0 +1,8 @@
+target
+corpus
+artifacts
+coverage
+Cargo.lock
+out
+seeds
+
diff --git a/crates/nu-parser/fuzz/Cargo.toml b/crates/nu-parser/fuzz/Cargo.toml
@@ -0,0 +1,29 @@
+[package]
+name = "nu-parser-fuzz"
+version = "0.0.0"
+publish = false
+edition = "2021"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.4"
+nu-protocol = { path = "../../nu-protocol" }
+
+
+[dependencies.nu-parser]
+path = ".."
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[profile.release]
+debug = 1
+
+[[bin]]
+name = "parse"
+path = "fuzz_targets/parse.rs"
+test = false
+doc = false
diff --git a/crates/nu-parser/fuzz/README.md b/crates/nu-parser/fuzz/README.md
@@ -0,0 +1,9 @@
+# Fuzzer for `nu-parser`
+
+- For detailed info, please look at [cargo-fuzz](https://github.com/rust-fuzz/cargo-fuzz)
+
+# Quick start guide
+- Install cargo-fuzz by `cargo install cargo-fuzz`
+- Run `gather_seeds.nu` for preparing the initial seeds corpus
+- Make output directory `mkdir out`
+- Run the fuzzer with `cargo fuzz run parse out seeds`
diff --git a/crates/nu-parser/fuzz/fuzz_targets/parse.rs b/crates/nu-parser/fuzz/fuzz_targets/parse.rs
@@ -0,0 +1,13 @@
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+
+use nu_parser::*;
+use nu_protocol::engine::{EngineState, StateWorkingSet};
+
+fuzz_target!(|data: &[u8]| {
+ let engine_state = EngineState::new();
+ let mut working_set = StateWorkingSet::new(&engine_state);
+
+ let _block = parse(&mut working_set, None, &data, true);
+});
diff --git a/crates/nu-parser/fuzz/gather_seeds.nu b/crates/nu-parser/fuzz/gather_seeds.nu
@@ -0,0 +1,6 @@
+# Check if 'seeds' directory exists. If not, create one.
+let seeds_exists = "./seeds" | path exists
+if $seeds_exists == false { mkdir seeds }
+
+# Gather all "*.nu" files from '../..' and copy them into 'seeds'
+ls ../../**/*.nu | get name | each {|f| cp $f ./seeds/}
diff --git a/crates/nu-parser/fuzz/rust-toolchain.toml b/crates/nu-parser/fuzz/rust-toolchain.toml
@@ -0,0 +1,2 @@
+[toolchain]
+channel = "nightly"
diff --git a/crates/nu-path/Cargo.toml b/crates/nu-path/Cargo.toml
@@ -6,6 +6,7 @@ edition = "2021"
 license = "MIT"
 name = "nu-path"
 version = "0.84.1"
+exclude = ["/fuzz"]
 
 [lib]
 bench = false

diff --git a/crates/nu-path/fuzz/.gitignore b/crates/nu-path/fuzz/.gitignore
@@ -0,0 +1,7 @@
+target
+corpus
+artifacts
+coverage
+Cargo.lock
+out
+
diff --git a/crates/nu-path/fuzz/Cargo.toml b/crates/nu-path/fuzz/Cargo.toml
@@ -0,0 +1,27 @@
+[package]
+name = "nu-path-fuzz"
+version = "0.0.0"
+publish = false
+edition = "2021"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.4"
+
+[dependencies.nu-path]
+path = ".."
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[profile.release]
+debug = 1
+
+[[bin]]
+name = "path"
+path = "fuzz_targets/path_fuzzer.rs"
+test = false
+doc = false
diff --git a/crates/nu-path/fuzz/README.md b/crates/nu-path/fuzz/README.md
@@ -0,0 +1,8 @@
+# Fuzzer for `nu-path`
+
+- For detailed info, please look at [cargo-fuzz](https://github.com/rust-fuzz/cargo-fuzz)
+
+# Quick start guide
+- Install cargo-fuzz by `cargo install cargo-fuzz`
+- Make output directory `mkdir out`
+- Run the fuzzer with `cargo fuzz run parse out`
diff --git a/crates/nu-path/fuzz/fuzz_targets/path_fuzzer.rs b/crates/nu-path/fuzz/fuzz_targets/path_fuzzer.rs
@@ -0,0 +1,25 @@
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+use nu_path::{expand_path_with, expand_tilde, expand_to_real_path, trim_trailing_slash};
+
+fuzz_target!(|data: &[u8]| {
+ if let Ok(s) = std::str::from_utf8(data) {
+ let path = std::path::Path::new(s);
+
+ // Fuzzing expand_to_real_path function
+ let _ = expand_to_real_path(path);
+
+ // Fuzzing trim_trailing_slash function
+ let _ = trim_trailing_slash(s);
+
+ // Fuzzing expand_tilde function
+ let _ = expand_tilde(path);
+
+ // Fuzzing expand_path_with function
+ // Here, we're assuming a second path for the "relative to" aspect.
+ // For simplicity, we're just using the current directory.
+ let current_dir = std::path::Path::new(".");
+ let _ = expand_path_with(path, &current_dir);
+ }
+});
diff --git a/crates/nu-path/fuzz/rust-toolchain.toml b/crates/nu-path/fuzz/rust-toolchain.toml
@@ -0,0 +1,2 @@
+[toolchain]
+channel = "nightly"