Add fuzzing functionality

Closes ##370.

Author: veikkoeeva

.gitattributes

@@ -29,6 +29,8 @@
 *.docx binary
 *.pptx binary
 *.bin binary
+*.exe binary
+test/Verifiable.FuzzTests/libfuzzer-dotnet-ubuntu binary
 *.gz filter=lfs diff=lfs merge=lfs -text
 *.jffs2 filter=lfs diff=lfs merge=lfs -text
 *.zip filter=lfs diff=lfs merge=lfs -text
@@ -47,3 +49,6 @@
 *.wav filter=lfs diff=lfs merge=lfs -text
 *.myo filter=lfs diff=lfs merge=lfs -text
 *.vsmdi filter=lfs diff=lfs merge=lfs -text
+*.vsmdi filter=lfs diff=lfs merge=lfs -text
+
+

Directory.Packages.props

@@ -22,8 +22,7 @@
     <PackageVersion Include="System.Collections.Immutable" Version="8.0.0" />
     <PackageVersion Include="System.Net.Http.Json" Version="8.0.0" />
     <PackageVersion Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
-    <PackageVersion Include="System.Text.Json" Version="8.0.4" />
-    <PackageVersion Include="WinSharpFuzz" Version="1.0.0" />
+    <PackageVersion Include="System.Text.Json" Version="8.0.4" />    
     <PackageVersion Include="xunit" Version="2.9.0" />
     <PackageVersion Include="xunit.analyzers" Version="1.15.0" />
     <PackageVersion Include="xunit.extensibility.execution" Version="2.9.0" />

Verifiable.sln

@@ -70,6 +70,8 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = ".vscode", ".vscode", "{BE64
 		.vscode\tasks.json = .vscode\tasks.json
 	EndProjectSection
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Verifiable.FuzzTests", "test\Verifiable.FuzzTests\Verifiable.FuzzTests.csproj", "{A50E91E9-51A8-490D-B92B-97C547B98539}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -120,6 +122,10 @@ Global
 		{FF947DEC-29E7-4700-94A4-0E84B2917BF5}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{FF947DEC-29E7-4700-94A4-0E84B2917BF5}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{FF947DEC-29E7-4700-94A4-0E84B2917BF5}.Release|Any CPU.Build.0 = Release|Any CPU
+		{A50E91E9-51A8-490D-B92B-97C547B98539}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A50E91E9-51A8-490D-B92B-97C547B98539}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A50E91E9-51A8-490D-B92B-97C547B98539}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{A50E91E9-51A8-490D-B92B-97C547B98539}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -140,6 +146,7 @@ Global
 		{1B79A5A8-0754-4F72-AD32-E791F9A8ED23} = {737B175F-5A06-480C-B93F-42B31EF4EFA7}
 		{CD06BE0E-287F-4A01-B500-CD92465F1E2D} = {35CAB8A9-7332-4D46-BBD3-83A37A747F5E}
 		{BE64721C-A756-4078-B683-34AC9B639E28} = {35CAB8A9-7332-4D46-BBD3-83A37A747F5E}
+		{A50E91E9-51A8-490D-B92B-97C547B98539} = {942BE00F-D1A2-405C-80F3-D854D373E1FF}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {B3AC63DE-C110-4924-B7DB-FFAC4704246F}

test/Verifiable.FuzzTests/Program.cs

@@ -0,0 +1,40 @@
+using SharpFuzz;
+using System;
+using System.Diagnostics;
+using System.Text;
+using System.Text.Json;
+using static System.Runtime.InteropServices.JavaScript.JSType;
+
+
+namespace Verifiable.FuzzTests
+{
+    public class Program
+    {
+        public static void Main(string[] args)
+        {
+            Fuzzer.LibFuzzer.Run(json =>
+            {
+                try
+                {
+                    Console.WriteLine("Start");
+                    Debug.WriteLine("Start");
+                    string jsonString = Encoding.UTF8.GetString(json);
+                    if(jsonString is null)
+                    {
+                        Console.WriteLine("Fuzzer provided a null input.");
+                        return;
+                    }
+
+                    _ = JsonSerializer.Deserialize<object>(jsonString);
+                }
+                catch(JsonException)
+                {
+                }
+                catch(Exception ex)
+                {                    
+                    Console.WriteLine($"Unexpected exception occurred: {ex.Message}");
+                }
+            });
+        }
+    }
+}

test/Verifiable.FuzzTests/Verifiable.FuzzTests.csproj

@@ -0,0 +1,13 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net9.0</TargetFramework>    
+    <Nullable>disable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>    
+    <PackageReference Include="SharpFuzz" />        
+  </ItemGroup>
+
+</Project>

test/Verifiable.FuzzTests/dictionaries/json.dict

@@ -0,0 +1,73 @@
+"0"
+"7"
+","
+":"
+"2.1e24"
+
+"true"
+"false"
+"null"
+
+"\"\""
+"\"\":"
+
+"{}"
+",{}"
+":{}"
+"{\"\":0}"
+"{{}}"
+
+"[]"
+",[]"
+":[]"
+"[0]"
+"[[]]"
+
+"''"
+"\\"
+"\\b"
+"\\f"
+"\\n"
+"\\r"
+"\\t"
+"\\u0000"
+"\\x00"
+"\\0"
+"\\uD800\\uDC00"
+"\\uDBFF\\uDFFF"
+
+"\"\":0"
+"//"
+"/**/"
+
+
+# Things like geojson, json-ld, ...
+"$ref"
+"type"
+"coordinates"
+"@context"
+"@id"
+"@type"
+
+# Strings with truncated special values
+"{\"foo\":fa"
+"{\"foo\":t"
+"{\"foo\":nul"
+
+"{"
+"}"
+"\"qty\": 1, \"qty\": -1"
+"\"qty\": 1, \"qty\\ud800\": -1"
+"\"qty\": 1, \"qt\\y\": -1"
+"/*"
+"*/"
+"\""
+"1.7976931348623157e+308"
+"5e-324"
+"9007199254740991"
+"-9007199254740991"
+
+"}="
+
+",,"
+"{\"\":"

test/Verifiable.FuzzTests/direct-crash-fuzz-sample.ps1

@@ -0,0 +1 @@
+./libfuzzer-dotnet-windows.exe --target_path=bin/release/net9.0/Verifiable.FuzzTests.exe ./crash-<something> -timeout=10 -minimize_crash=1

test/Verifiable.FuzzTests/do-fuzzing.ps1

@@ -0,0 +1 @@
+.\fuzz.ps1 -libFuzzer ".\libfuzzer-dotnet-windows.exe" -project ".\Verifiable.FuzzTests.csproj" -corpus .\testcases\test-1.json -dict .\dictionaries\json.dict -timeout 10

test/Verifiable.FuzzTests/fuzz.ps1

@@ -0,0 +1,72 @@
+param (
+    [Parameter(Mandatory = $true)]
+    [string]$libFuzzer,
+    [Parameter(Mandatory = $true)]
+    [string]$project,
+    [Parameter(Mandatory = $true)]
+    [string]$corpus,
+    [string]$dict = $null,
+    [int]$timeout = 10,
+    [int]$fork = 0,
+    [int]$ignore_crashes = 0,
+    [string]$command = "sharpfuzz"
+)
+
+Set-StrictMode -Version Latest
+
+$outputDir = "bin"
+
+if (Test-Path $outputDir) {
+    Remove-Item -Recurse -Force $outputDir
+}
+
+dotnet publish $project -c release -o $outputDir
+
+$projectName = (Get-Item $project).BaseName
+$projectDll = "$projectName.dll"
+$project = Join-Path $outputDir $projectDll
+
+$exclusions = @(
+    "dnlib.dll",
+    "SharpFuzz.dll",
+    "SharpFuzz.Common.dll"
+)
+
+Write-Output "Exclusions: $($exclusions -join ', ')"
+
+$allDlls = Get-ChildItem $outputDir -Filter *.dll
+Write-Output "All DLLs: $($allDlls.Name -join ', ')"
+
+$fuzzingTargets = $allDlls `
+| Where-Object { $_.Name -notin $exclusions } `
+| Where-Object { $_.Name -notlike "System.*.dll" }
+
+Write-Output "Fuzzing Targets: $($fuzzingTargets.Name -join ', ')"
+
+if (($fuzzingTargets | Measure-Object).Count -eq 0) {
+    Write-Error "No fuzzing targets found"
+    exit 1
+}
+
+foreach ($fuzzingTarget in $fuzzingTargets) {
+    Write-Output "Instrumenting $fuzzingTarget"
+    & $command $fuzzingTarget.FullName
+    
+    if ($LastExitCode -ne 0) {
+        Write-Error "An error occurred while instrumenting $fuzzingTarget"
+        exit 1
+    }
+}
+
+# Construct the final command string
+$finalCommand = "$libFuzzer --target_path=dotnet --target_arg=$project"
+
+if ($dict) {
+    $finalCommand += " -dict=$dict"
+}
+
+# Print the final command
+Write-Output "Final Command: $finalCommand"
+
+# Execute the final command
+Invoke-Expression $finalCommand