feat: better fuzz

Author: Randoooom

Cargo.lock

@@ -16,6 +16,7 @@ COPY ./common ./common
 COPY ./codegen ./codegen
 COPY ./src ./src
 COPY ./benches ./benches
+COPY ./fuzz ./fuzz
 
 RUN cargo build --release --features $features
 

Dockerfile

@@ -13,7 +13,7 @@ tonic = "0.12.0"
 openidconnect = { version = "3.5.0", optional = true }
 prost = "0.13.0"
 prost-types = "0.13.0"
-validator = { version = "0.18.1", features = ["derive"] }
+validator = { version = "0.18.1", features = ["derive", "unic"] }
 
 [build-dependencies]
 tonic-build = "0.12.0"

common/Cargo.toml

@@ -34,10 +34,6 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
             "CreatePromptRequest",
             r#"#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]"#,
         )
-        .type_attribute(
-            "CreateFieldRequest",
-            r#"#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]"#,
-        )
         .type_attribute(
             "FieldOptions.options",
             r#"#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]"#,
@@ -79,36 +75,58 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
             r#"#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]"#,
         )
         .type_attribute("CreateTargetRequest", "#[derive(validator::Validate)]")
-        .field_attribute("CreateTargetRequest.name", "#[validate(length(max = 255))]")
+        .field_attribute(
+            "CreateTargetRequest.name",
+            "#[validate(length(min = 1, max = 255), non_control_character)]",
+        )
+        .field_attribute(
+            "CreateTargetRequest.description",
+            "#[validate(length(min = 1, max = 255), non_control_character)]",
+        )
         .type_attribute("UpdateTargetRequest", "#[derive(validator::Validate)]")
-        .field_attribute("UpdateTargetRequest.name", "#[validate(length(max = 255))]")
+        .field_attribute(
+            "UpdateTargetRequest.name",
+            "#[validate(length(min = 1, max = 255), non_control_character)]",
+        )
         .field_attribute(
             "UpdateTargetRequest.description",
-            "#[validate(length(max = 255))]",
+            "#[validate(length(min = 1, max = 255), non_control_character)]",
         )
         .type_attribute("CreatePromptRequest", "#[derive(validator::Validate)]")
-        .field_attribute("CreatePromptRequest.title", "#[validate(length(max = 32))]")
+        .field_attribute(
+            "CreatePromptRequest.title",
+            "#[validate(length(min = 1, max = 32), non_control_character)]",
+        )
         .field_attribute(
             "UpdatePromptRequest.description",
-            "#[validate(length(max = 255))]",
+            "#[validate(length(min = 1, max = 255), non_control_character)]",
         )
         .type_attribute("UpdatePromptRequest", "#[derive(validator::Validate)]")
-        .field_attribute("UpdatePromptRequest.title", "#[validate(length(max = 32))]")
+        .field_attribute(
+            "UpdatePromptRequest.title",
+            "#[validate(length(min = 1, max = 32), non_control_character)]",
+        )
         .field_attribute(
             "CreatePromptRequest.description",
-            "#[validate(length(max = 255))]",
+            "#[validate(length(min = 1, max = 255), non_control_character)]",
         )
         .type_attribute("CreateFieldRequest", "#[derive(validator::Validate)]")
-        .field_attribute("CreateFieldRequest.title", "#[validate(length(max = 32))]")
+        .field_attribute(
+            "CreateFieldRequest.title",
+            "#[validate(length(min = 1, max = 32), non_control_character)]",
+        )
         .field_attribute(
             "CreateFieldRequest.description",
-            "#[validate(length(max = 255))]",
+            "#[validate(length(min = 1, max = 255), non_control_character)]",
         )
         .type_attribute("UpdateFieldRequest", "#[derive(validator::Validate)]")
-        .field_attribute("UpdateFieldRequest.title", "#[validate(length(max = 32))]")
+        .field_attribute(
+            "UpdateFieldRequest.title",
+            "#[validate(length(min = 1, max = 32), non_control_character)]",
+        )
         .field_attribute(
             "UpdateFieldRequest.description",
-            "#[validate(length(max = 255))]",
+            "#[validate(length(min = 1, max = 255), non_control_character)]",
         )
         .type_attribute(
             "GetTargetsRequest",

common/build.rs

@@ -20,13 +20,16 @@
 //DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 //OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
+use arbitrary::Arbitrary;
 use lazy_static::lazy_static;
 use openidconnect::{
     core::{CoreClient, CoreProviderMetadata},
     reqwest::async_http_client,
     ClientId, ClientSecret, IssuerUrl, OAuth2TokenResponse, Scope,
 };
 
+use crate::proto::{field_options::Options, CreateFieldRequest, FieldType};
+
 lazy_static! {
     pub static ref GRPC_ENDPOINT: String = std::env::var("GRPC_ENDPOINT").unwrap();
 }
@@ -58,22 +61,55 @@ pub async fn authenticate() -> String {
 #[macro_export]
 macro_rules! connect {
     () => {{
-        let channel = tonic::transport::Channel::from_static(&$crate::tests::GRPC_ENDPOINT).connect().await.unwrap();
-        let token: tonic::metadata::MetadataValue<_> = format!("Bearer {}", $crate::tests::authenticate().await).parse().unwrap();
+        let channel = tonic::transport::Channel::from_static(&$crate::tests::GRPC_ENDPOINT)
+            .connect()
+            .await
+            .unwrap();
+        let token: tonic::metadata::MetadataValue<_> =
+            format!("Bearer {}", $crate::tests::authenticate().await)
+                .parse()
+                .unwrap();
 
         let client =
-            $crate::proto::feedback_fusion_v1_client::FeedbackFusionV1Client::with_interceptor(channel, move |mut request: tonic::Request<()>| {
-                request
-                    .metadata_mut()
-                    .insert("authorization", token.clone());
+            $crate::proto::feedback_fusion_v1_client::FeedbackFusionV1Client::with_interceptor(
+                channel,
+                move |mut request: tonic::Request<()>| {
+                    request
+                        .metadata_mut()
+                        .insert("authorization", token.clone());
 
-                Ok(request)
-            });
+                    Ok(request)
+                },
+            );
 
-        let public_client = $crate::proto::public_feedback_fusion_v1_client::PublicFeedbackFusionV1Client::connect($crate::tests::GRPC_ENDPOINT.as_str())
+        let public_client =
+            $crate::proto::public_feedback_fusion_v1_client::PublicFeedbackFusionV1Client::connect(
+                $crate::tests::GRPC_ENDPOINT.as_str(),
+            )
             .await
             .unwrap();
 
         (client, public_client)
     }};
 }
+
+impl Arbitrary<'_> for CreateFieldRequest {
+    fn arbitrary(u: &mut arbitrary::Unstructured<'_>) -> arbitrary::Result<Self> {
+        Ok(CreateFieldRequest {
+            prompt: "".to_owned(),
+            title: u
+                .arbitrary::<String>()?
+                .chars()
+                .take(u.int_in_range(0..=34)?)
+                .collect(),
+            description: Some(
+                u.arbitrary::<String>()?
+                    .chars()
+                    .take(u.int_in_range(0..=34)?)
+                    .collect(),
+            ),
+            field_type: u.int_in_range(0..=6)?,
+            options: Some(crate::proto::FieldOptions::arbitrary(u)?),
+        })
+    }
+}

common/src/tests.rs

@@ -11,8 +11,8 @@ cargo-fuzz = true
 feedback_fusion_common = { path = "../common", features = ["arbitrary"] }
 
 arbitrary = "1.4.1"
+lazy_static ="1.5.0"
 libfuzzer-sys = "0.4"
-serde_yaml = "0.9.34"
 tonic = "0.12.0"
 tokio = { version = "1.37.0", features = ["full"] }
 

fuzz/Cargo.toml

@@ -1,9 +1,7 @@
 #![no_main]
 use arbitrary::{Arbitrary, Unstructured};
-use feedback_fusion_common::proto::{
-    feedback_fusion_v1_client::FeedbackFusionV1Client, CreateFieldRequest, CreatePromptRequest,
-    CreateTargetRequest,
-};
+use feedback_fusion_common::proto::{CreateFieldRequest, CreatePromptRequest, CreateTargetRequest};
+use lazy_static::lazy_static;
 use libfuzzer_sys::fuzz_target;
 
 #[derive(Debug)]
@@ -25,19 +23,19 @@ struct PromptWithFields {
 
 impl Arbitrary<'_> for FuzzInput {
     fn arbitrary(u: &mut Unstructured) -> arbitrary::Result<Self> {
-        let num_targets = u.int_in_range(0..=10)?;
+        let num_targets = u.int_in_range(0..=3)?;
 
         let targets = (0..num_targets)
             .map(|_| {
                 let target_request: CreateTargetRequest = u.arbitrary()?;
 
-                let num_prompts = u.int_in_range(0..=10)?;
+                let num_prompts = u.int_in_range(0..=3)?;
 
                 let prompts = (0..num_prompts)
                     .map(|_| {
                         let prompt_request: CreatePromptRequest = u.arbitrary()?;
 
-                        let num_fields = u.int_in_range(0..=10)?;
+                        let num_fields = u.int_in_range(0..=4)?;
 
                         let fields = (0..num_fields)
                             .map(|_| u.arbitrary::<CreateFieldRequest>())
@@ -61,33 +59,34 @@ impl Arbitrary<'_> for FuzzInput {
     }
 }
 
+lazy_static! {
+    static ref RUNTIME: tokio::runtime::Runtime = tokio::runtime::Runtime::new().unwrap();
+}
+
 fuzz_target!(|data: &[u8]| {
     let mut u = Unstructured::new(data);
 
     if let Ok(fuzz_input) = FuzzInput::arbitrary(&mut u) {
-        let runtime = tokio::runtime::Runtime::new().unwrap();
-        runtime.block_on(async {
+        RUNTIME.block_on(async {
             let (mut client, _) = feedback_fusion_common::connect!();
 
-            println!("{:?}", fuzz_input.targets);
-
             for target in fuzz_input.targets {
-                match client.create_target(target.target_request).await {
+                match client.create_target(target.target_request.clone()).await {
                     Ok(target_response) => {
                         let target_id = target_response.into_inner().id;
 
                         for prompt in target.prompts {
-                            let mut prompt_request = prompt.prompt_request;
+                            let mut prompt_request = prompt.prompt_request.clone();
                             prompt_request.target = target_id.clone();
 
-                            match client.create_prompt(prompt_request).await {
+                            match client.create_prompt(prompt_request.clone()).await {
                                 Ok(prompt_response) => {
                                     let prompt_id = prompt_response.into_inner().id;
 
                                     for mut field in prompt.fields {
                                         field.prompt = prompt_id.clone();
 
-                                        if let Err(e) = client.create_field(field).await {
+                                        if let Err(e) = client.create_field(field.clone()).await {
                                             handle_grpc_error(e);
                                         }
                                     }

fuzz/fuzz_targets/fuzz_create_and_export.rs

@@ -3,7 +3,7 @@ IF NOT EXISTS (SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'targe
 BEGIN
     CREATE TABLE target (
         id           VARCHAR(32)    NOT NULL PRIMARY KEY,
-        name         VARCHAR(32)    NOT NULL,
+        name         VARCHAR(255)    NOT NULL,
         description  VARCHAR(255),
         updated_at   DATETIME,
         created_at   DATETIME
@@ -14,7 +14,7 @@ IF NOT EXISTS (SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'promp
 BEGIN
     CREATE TABLE prompt (
         id           VARCHAR(32)    NOT NULL PRIMARY KEY,
-        title        VARCHAR(32)    NOT NULL,
+        title        VARCHAR(255)    NOT NULL,
         description  VARCHAR(255)   NOT NULL,
         target       VARCHAR(32)    NOT NULL REFERENCES target(id),
         active       BIT            NOT NULL,
@@ -27,7 +27,7 @@ IF NOT EXISTS (SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'field
 BEGIN
     CREATE TABLE field (
         id           VARCHAR(32)    NOT NULL PRIMARY KEY,
-        title        VARCHAR(32)    NOT NULL,
+        title        VARCHAR(255)    NOT NULL,
         description  VARCHAR(255),
         prompt       VARCHAR(32)    NOT NULL REFERENCES prompt(id),
         field_type   VARCHAR(32)    NOT NULL,

src/database/mssql.sql

@@ -1,14 +1,14 @@
 CREATE TABLE IF NOT EXISTS target (
   id          VARCHAR(32) UNIQUE NOT NULL PRIMARY KEY,
-  name        VARCHAR(32) NOT NULL,
+  name        VARCHAR(255) NOT NULL,
   description VARCHAR(255),
   updated_at  TIMESTAMP(3),
   created_at  TIMESTAMP(3)
 );
 
 CREATE TABLE IF NOT EXISTS prompt (
   id          VARCHAR(32) UNIQUE NOT NULL PRIMARY KEY,
-  title       VARCHAR(32) NOT NULL,
+  title       VARCHAR(255) NOT NULL,
   description VARCHAR(255) NOT NULL,
   target      VARCHAR(32) NOT NULL,
   active      BOOLEAN NOT NULL,
@@ -19,7 +19,7 @@ CREATE TABLE IF NOT EXISTS prompt (
 
 CREATE TABLE IF NOT EXISTS field (
   id          VARCHAR(32) UNIQUE NOT NULL PRIMARY KEY,
-  title       VARCHAR(32) NOT NULL,
+  title       VARCHAR(255) NOT NULL,
   description VARCHAR(255),
   prompt      VARCHAR(32) NOT NULL,
   field_type  VARCHAR(32) NOT NULL,

src/database/mysql.sql

@@ -1,14 +1,14 @@
 CREATE TABLE IF NOT EXISTS target (
   id          VARCHAR(32) UNIQUE NOT NULL,
-  name        VARCHAR(32) NOT NULL,
+  name        VARCHAR(255) NOT NULL,
   description VARCHAR(255),
   updated_at  TIMESTAMP,
   created_at  TIMESTAMP
 );
 
 CREATE TABLE IF NOT EXISTS prompt (
   id          VARCHAR(32) UNIQUE NOT NULL,
-  title       VARCHAR(32) NOT NULL,
+  title       VARCHAR(255) NOT NULL,
   description VARCHAR(255) NOT NULL,
   target      VARCHAR(32) REFERENCES target(id) NOT NULL,
   active      BOOLEAN NOT NULL,
@@ -18,7 +18,7 @@ CREATE TABLE IF NOT EXISTS prompt (
 
 CREATE TABLE IF NOT EXISTS field (
   id          VARCHAR(32) UNIQUE NOT NULL,
-  title       VARCHAR(32) NOT NULL,
+  title       VARCHAR(255) NOT NULL,
   description VARCHAR(255),
   prompt      VARCHAR(32) REFERENCES prompt(id) NOT NULL,
   field_type  VARCHAR(32) NOT NULL,