Add fuzzers for trace propagation parsers. (#319)

Author: g-easy

CMakeLists.txt

@@ -23,6 +23,8 @@ endif()
 
 project(opencensus-cpp VERSION 0.4.0 LANGUAGES CXX)
 
+option(FUZZER "Either OFF or e.g. -fsanitize=fuzzer,address" OFF)
+
 set(CMAKE_CXX_STANDARD 11)
 set(CMAKE_CXX_STANDARD_REQUIRED ON)
 

cmake/OpenCensusHelpers.cmake

@@ -70,3 +70,16 @@ function(opencensus_lib NAME)
     add_library(${PROJECT_NAME}::${NAME} ALIAS ${_NAME})
   endif()
 endfunction()
+
+# Helper function for fuzzing. Usage:
+#
+# opencensus_fuzzer(trace_some_fuzzer internal/some_fuzzer.cc dep1 dep2...)
+function(opencensus_fuzzer NAME SRC)
+  if(FUZZER)
+    set(_NAME "opencensus_${NAME}")
+    add_executable(${_NAME} ${SRC})
+    prepend_opencensus(DEPS "${ARGN}")
+    target_link_libraries(${_NAME} "${DEPS}" ${FUZZER})
+    target_compile_options(${_NAME} PRIVATE ${FUZZER})
+  endif()
+endfunction()

opencensus/doc/fuzzing.md

@@ -0,0 +1,20 @@
+# Fuzzing
+
+To build the fuzzers and run them in test only mode:
+
+```shell
+rm -rf .build
+tools/fuzz.sh
+```
+
+To run the fuzzer and find bugs:
+
+```shell
+mkdir /tmp/fuzz
+./.build/opencensus/trace/opencensus_trace_cloud_trace_context_fuzzer \
+  /tmp/fuzz opencensus/trace/internal/cloud_trace_context_corpus
+```
+
+The corpus directories are not meant to give complete coverage, but
+rather should only contain manually generated inputs that serve as a seed
+for the fuzzer, so it can more quickly find a useful search space.

opencensus/trace/CMakeLists.txt

@@ -215,3 +215,18 @@ opencensus_benchmark(trace_with_span_benchmark
                      internal/with_span_benchmark.cc
                      trace
                      trace_with_span)
+
+opencensus_fuzzer(trace_cloud_trace_context_fuzzer
+                  internal/cloud_trace_context_fuzzer.cc
+                  trace_cloud_trace_context
+                  absl::strings)
+
+opencensus_fuzzer(trace_grpc_trace_bin_fuzzer
+                  internal/grpc_trace_bin_fuzzer.cc
+                  trace_grpc_trace_bin
+                  absl::strings)
+
+opencensus_fuzzer(trace_trace_context_fuzzer
+                  internal/trace_context_fuzzer.cc
+                  trace_trace_context
+                  absl::strings)

opencensus/trace/internal/cloud_trace_context_corpus/span_id_overflow

@@ -0,0 +1 @@
+12345678901234567890123456789012/18446744073709551616

opencensus/trace/internal/cloud_trace_context_corpus/valid

@@ -0,0 +1 @@
+12345678901234567890123456789012/12345;o=1

opencensus/trace/internal/cloud_trace_context_fuzzer.cc

@@ -0,0 +1,30 @@
+// Copyright 2019, OpenCensus Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "absl/strings/string_view.h"
+#include "opencensus/trace/propagation/cloud_trace_context.h"
+#include "opencensus/trace/span_context.h"
+
+using ::opencensus::trace::SpanContext;
+using ::opencensus::trace::propagation::FromCloudTraceContextHeader;
+using ::opencensus::trace::propagation::ToCloudTraceContextHeader;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  absl::string_view header(reinterpret_cast<const char *>(Data), Size);
+  SpanContext ctx = FromCloudTraceContextHeader(header);
+  if (ctx.IsValid()) {
+    ToCloudTraceContextHeader(ctx);
+  }
+  return 0;
+}

opencensus/trace/internal/grpc_trace_bin_corpus/valid

@@ -0,0 +1,32 @@
+// Copyright 2019, OpenCensus Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "absl/strings/string_view.h"
+#include "opencensus/trace/propagation/grpc_trace_bin.h"
+#include "opencensus/trace/span_context.h"
+
+using ::opencensus::trace::SpanContext;
+using ::opencensus::trace::propagation::FromGrpcTraceBinHeader;
+using ::opencensus::trace::propagation::ToGrpcTraceBinHeader;
+using ::opencensus::trace::propagation::kGrpcTraceBinHeaderLen;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  absl::string_view header(reinterpret_cast<const char *>(Data), Size);
+  uint8_t outbuf[kGrpcTraceBinHeaderLen];
+  SpanContext ctx = FromGrpcTraceBinHeader(header);
+  if (ctx.IsValid()) {
+    ToGrpcTraceBinHeader(ctx, outbuf);
+  }
+  return 0;
+}

opencensus/trace/internal/grpc_trace_bin_fuzzer.cc

@@ -0,0 +1 @@
+00-404142434445464748494a4b4c4d4e4f-6162636465666768-0`