diff --git a/package.json b/package.json index 64e6cb4c..e0fdf3e2 100644 --- a/package.json +++ b/package.json @@ -47,7 +47,7 @@ "prepare": "npm run build", "test": "mocha --timeout 120000 test/unittests.js", "test-type-definitions": "node --loader ts-node/esm test/typescript/definitions.ts", - "fuzz": "jazzer test/fuzz/$TARGET.cjs -- -artifact_prefix=test/fuzz/reports/", + "fuzz": "jazzer test/fuzz/$TARGET -- -artifact_prefix=test/fuzz/reports/", "benchmark-time": "node test/benchmarks/time.js", "benchmark-memory-usage": "node test/benchmarks/memory_usage.js", "start": "http-server", diff --git a/test/fuzz/createCleartextMessage.cjs b/test/fuzz/createCleartextMessage.cjs deleted file mode 100644 index c2941db2..00000000 --- a/test/fuzz/createCleartextMessage.cjs +++ /dev/null @@ -1,15 +0,0 @@ -const { FuzzedDataProvider } = require('@jazzer.js/core'); - -const MAX_MESSAGE_LENGTH = 9000; -/** - * @param { Buffer } inputData - */ -module.exports.fuzz = function(inputData) { - import('../initOpenpgp.js').then(openpgp => { - const data = new FuzzedDataProvider(inputData); - const text = data.bufToPrintableString(inputData, 2, MAX_MESSAGE_LENGTH, 'utf-8'); - return openpgp.default.createCleartextMessage({ text }); - }); - -}; - diff --git a/test/fuzz/createCleartextMessage.js b/test/fuzz/createCleartextMessage.js new file mode 100644 index 00000000..356a5e72 --- /dev/null +++ b/test/fuzz/createCleartextMessage.js @@ -0,0 +1,15 @@ +import { FuzzedDataProvider } from '@jazzer.js/core'; + +import openpgp from '../initOpenpgp.js'; + +const MAX_MESSAGE_LENGTH = 9000; + +/** + * @param { Buffer } inputData + */ +export function fuzz (inputData) { + const data = new FuzzedDataProvider(inputData); + const text = data.bufToPrintableString(inputData, 2, MAX_MESSAGE_LENGTH, 'utf-8'); + return openpgp.createCleartextMessage({ text }); +} + diff --git a/test/fuzz/createMessageBinary.cjs b/test/fuzz/createMessageBinary.cjs deleted file mode 100644 index 7774a057..00000000 --- a/test/fuzz/createMessageBinary.cjs +++ /dev/null @@ -1,9 +0,0 @@ -/** - * @param { Buffer } inputData - */ -module.exports.fuzz = function(inputData) { - import('../initOpenpgp.js').then(openpgp => { - return openpgp.default.createMessage({ binary: new Uint8Array(inputData) }); - }); -}; - diff --git a/test/fuzz/createMessageBinary.js b/test/fuzz/createMessageBinary.js new file mode 100644 index 00000000..ef35f2c4 --- /dev/null +++ b/test/fuzz/createMessageBinary.js @@ -0,0 +1,9 @@ +import openpgp from '../initOpenpgp.js'; + +/** + * @param { Buffer } inputData + */ +export function fuzz (inputData) { + return openpgp.createMessage({ binary: new Uint8Array(inputData) }); +} + diff --git a/test/fuzz/createMessageText.cjs b/test/fuzz/createMessageText.cjs deleted file mode 100644 index 77d62446..00000000 --- a/test/fuzz/createMessageText.cjs +++ /dev/null @@ -1,13 +0,0 @@ -const { FuzzedDataProvider } = require('@jazzer.js/core'); - -const MAX_MESSAGE_LENGTH = 9000; - -/** - * @param { Buffer } inputData - */ -module.exports.fuzz = function(inputData) { - import('../initOpenpgp.js').then(openpgp => { - const data = new FuzzedDataProvider(inputData); - return openpgp.default.createMessage({ text: data.consumeString(MAX_MESSAGE_LENGTH, 'utf-8') }); - }); -}; diff --git a/test/fuzz/createMessageText.js b/test/fuzz/createMessageText.js new file mode 100644 index 00000000..37c0077e --- /dev/null +++ b/test/fuzz/createMessageText.js @@ -0,0 +1,13 @@ +import { FuzzedDataProvider } from '@jazzer.js/core'; + +import openpgp from '../initOpenpgp.js'; + +const MAX_MESSAGE_LENGTH = 9000; + +/** + * @param { Buffer } inputData + */ +export function fuzz (inputData) { + const data = new FuzzedDataProvider(inputData); + return openpgp.createMessage({ text: data.consumeString(MAX_MESSAGE_LENGTH, 'utf-8') }); +} diff --git a/test/fuzz/generateKey.cjs b/test/fuzz/generateKey.cjs deleted file mode 100644 index 4dd9660f..00000000 --- a/test/fuzz/generateKey.cjs +++ /dev/null @@ -1,25 +0,0 @@ -const { FuzzedDataProvider } = require('@jazzer.js/core'); - -const MAX_NAME_LENGTH = 30; -const MAX_COMMENT_LENGTH = 500; - -/** - * @param { Buffer } inputData - */ -module.exports.fuzz = function(inputData) { - import('../initOpenpgp.js').then(openpgp => { - const data = new FuzzedDataProvider(inputData); - const asciiString = data.consumeString(MAX_COMMENT_LENGTH); - const utf8String = data.consumeString(MAX_NAME_LENGTH, 'utf-8'); - - return openpgp.default.generateKey({ userIDs: [ - { name: utf8String }, - { email: utf8String }, - { comment: asciiString }, - { name: utf8String, email: utf8String, comment: asciiString } - ], - passphrase: asciiString, - format: 'object' }); - }); -}; - diff --git a/test/fuzz/generateKey.js b/test/fuzz/generateKey.js new file mode 100644 index 00000000..b9887a7c --- /dev/null +++ b/test/fuzz/generateKey.js @@ -0,0 +1,26 @@ +import { FuzzedDataProvider } from '@jazzer.js/core'; + +import openpgp from '../initOpenpgp.js'; + +const MAX_NAME_LENGTH = 30; +const MAX_COMMENT_LENGTH = 500; + +/** + * @param { Buffer } inputData + */ +export function fuzz (inputData) { + + const data = new FuzzedDataProvider(inputData); + const asciiString = data.consumeString(MAX_COMMENT_LENGTH); + const utf8String = data.consumeString(MAX_NAME_LENGTH, 'utf-8'); + + return openpgp.generateKey({ userIDs: [ + { name: utf8String }, + { email: utf8String }, + { comment: asciiString }, + { name: utf8String, email: utf8String, comment: asciiString } + ], + passphrase: asciiString, + format: 'object' }); +} + diff --git a/test/fuzz/readKeyArmored.cjs b/test/fuzz/readKeyArmored.cjs deleted file mode 100644 index 51b40388..00000000 --- a/test/fuzz/readKeyArmored.cjs +++ /dev/null @@ -1,27 +0,0 @@ -const { FuzzedDataProvider } = require('@jazzer.js/core'); - -const ignored = ['Misformed armored text']; -const MAX_MESSAGE_LENGTH = 9000; - -function ignoredError(error) { - return ignored.some(message => error.message.includes(message)); -} - -/** - * @param { Buffer } inputData - */ -module.exports.fuzz = function(inputData) { - import('../initOpenpgp.js').then(openpgp => { - const data = new FuzzedDataProvider(inputData); - const fuzzedText = data.consumeString(MAX_MESSAGE_LENGTH, 'utf-8'); - const armoredKey = `-----BEGIN PGP PRIVATE KEY BLOCK----- ${fuzzedText} -----END PGP PRIVATE KEY BLOCK-----`; - - return openpgp.default.readKey({ armoredKey }) - .catch(error => { - if (error.message && !ignoredError(error)) { - throw error; - } - }); - }); -}; - diff --git a/test/fuzz/readKeyArmored.js b/test/fuzz/readKeyArmored.js new file mode 100644 index 00000000..c20746d9 --- /dev/null +++ b/test/fuzz/readKeyArmored.js @@ -0,0 +1,28 @@ +import { FuzzedDataProvider } from '@jazzer.js/core'; + +import openpgp from '../initOpenpgp.js'; + +const ignored = ['Misformed armored text']; +const MAX_MESSAGE_LENGTH = 9000; + +function ignoredError(error) { + return ignored.some(message => error.message.includes(message)); +} + +/** + * @param { Buffer } inputData + */ +export function fuzz (inputData) { + + const data = new FuzzedDataProvider(inputData); + const fuzzedText = data.consumeString(MAX_MESSAGE_LENGTH, 'utf-8'); + const armoredKey = `-----BEGIN PGP PRIVATE KEY BLOCK-----\n ${fuzzedText} -----END PGP PRIVATE KEY BLOCK-----`; + + return openpgp.readKey({ armoredKey }) + .catch(error => { + if (error.message && !ignoredError(error)) { + throw error; + } + }); +} + diff --git a/test/fuzz/readKeyBinary.cjs b/test/fuzz/readKeyBinary.cjs deleted file mode 100644 index bd4102b5..00000000 --- a/test/fuzz/readKeyBinary.cjs +++ /dev/null @@ -1,22 +0,0 @@ -const ignored = ['This message / key probably does not conform to a valid OpenPGP format']; - -function ignoredError(error) { - return ignored.some(message => error.message.includes(message)); -} - -/** - * @param { Buffer } inputData - */ -module.exports.fuzz = function(inputData) { - import('../initOpenpgp.js').then(openpgp => { - const binaryKey = new Uint8Array(`-----BEGIN PGP PRIVATE KEY BLOCK----- ${inputData} -----END PGP PRIVATE KEY BLOCK-----`); - - return openpgp.default.readKey({ binaryKey }) - .catch(error => { - if (error.message && !ignoredError(error)) { - throw error; - } - }); - }); -}; - diff --git a/test/fuzz/readKeyBinary.js b/test/fuzz/readKeyBinary.js new file mode 100644 index 00000000..c837e47a --- /dev/null +++ b/test/fuzz/readKeyBinary.js @@ -0,0 +1,22 @@ +import openpgp from '../initOpenpgp.js'; + +const ignored = ['This message / key probably does not conform to a valid OpenPGP format']; + +function ignoredError(error) { + return ignored.some(message => error.message.includes(message)); +} + +/** + * @param { Buffer } inputData + */ +export function fuzz (inputData) { + const binaryKey = new Uint8Array(`-----BEGIN PGP PRIVATE KEY BLOCK-----\n ${inputData.toString('base64')} -----END PGP PRIVATE KEY BLOCK-----`); + + return openpgp.readKey({ binaryKey }) + .catch(error => { + if (error.message && !ignoredError(error)) { + throw error; + } + }); +} + diff --git a/test/fuzz/readMessageBinary.cjs b/test/fuzz/readMessageBinary.cjs deleted file mode 100644 index 38cd97ed..00000000 --- a/test/fuzz/readMessageBinary.cjs +++ /dev/null @@ -1,22 +0,0 @@ -const ignored = ['This message / key probably does not conform to a valid OpenPGP format']; - -function ignoredError(error) { - return ignored.some(message => error.message.includes(message)); -} - -/** - * @param { Buffer } inputData - */ -module.exports.fuzz = function(inputData) { - import('../initOpenpgp.js').then(openpgp => { - const binaryMessage = new Uint8Array(`-----BEGIN PGP MESSAGE----- ${inputData} -----END PGP MESSAGE-----`); - - return openpgp.default.readMessage({ binaryMessage }) - .catch(error => { - if (error.message && !ignoredError(error)) { - throw error; - } - }); - }); -}; - diff --git a/test/fuzz/readMessageBinary.js b/test/fuzz/readMessageBinary.js new file mode 100644 index 00000000..f171b1ec --- /dev/null +++ b/test/fuzz/readMessageBinary.js @@ -0,0 +1,22 @@ +import openpgp from '../initOpenpgp.js'; + +const ignored = ['This message / key probably does not conform to a valid OpenPGP format']; + +function ignoredError(error) { + return ignored.some(message => error.message.includes(message)); +} + +/** + * @param { Buffer } inputData + */ +export function fuzz (inputData) { + const binaryMessage = new Uint8Array(`-----BEGIN PGP MESSAGE-----\n ${inputData.toString('base64')} -----END PGP MESSAGE-----`); + + return openpgp.readMessage({ binaryMessage }) + .catch(error => { + if (error.message && !ignoredError(error)) { + throw error; + } + }); +} + diff --git a/test/fuzz/readMessageText.cjs b/test/fuzz/readMessageText.cjs deleted file mode 100644 index 072832b1..00000000 --- a/test/fuzz/readMessageText.cjs +++ /dev/null @@ -1,27 +0,0 @@ -const { FuzzedDataProvider } = require('@jazzer.js/core'); - -const ignored = ['Misformed armored text']; -const MAX_MESSAGE_LENGTH = 9000; - -function ignoredError(error) { - return ignored.some(message => error.message.includes(message)); -} - -/** - * @param { Buffer } inputData - */ -module.exports.fuzz = function(inputData) { - import('../initOpenpgp.js').then(openpgp => { - const data = new FuzzedDataProvider(inputData); - const fuzzedText = data.consumeString(MAX_MESSAGE_LENGTH, 'utf-8'); - const armoredMessage = `-----BEGIN PGP MESSAGE----- ${fuzzedText} -----END PGP MESSAGE-----`; - - return openpgp.default.readMessage({ armoredMessage }) - .catch(error => { - if (error.message && !ignoredError(error)) { - throw error; - } - }); - }); -}; - diff --git a/test/fuzz/readMessageText.js b/test/fuzz/readMessageText.js new file mode 100644 index 00000000..48a52a1d --- /dev/null +++ b/test/fuzz/readMessageText.js @@ -0,0 +1,27 @@ +import { FuzzedDataProvider } from '@jazzer.js/core'; + +import openpgp from '../initOpenpgp.js'; + +const ignored = ['Misformed armored text']; +const MAX_MESSAGE_LENGTH = 9000; + +function ignoredError(error) { + return ignored.some(message => error.message.includes(message)); +} + +/** + * @param { Buffer } inputData + */ +export function fuzz (inputData) { + const data = new FuzzedDataProvider(inputData); + const fuzzedText = data.consumeString(MAX_MESSAGE_LENGTH, 'utf-8'); + const armoredMessage = `-----BEGIN PGP MESSAGE-----\n ${fuzzedText} -----END PGP MESSAGE-----`; + + return openpgp.readMessage({ armoredMessage }) + .catch(error => { + if (error.message && !ignoredError(error)) { + throw error; + } + }); +} + diff --git a/test/fuzz/readme.md b/test/fuzz/readme.md index 5c77221c..3c650c41 100644 --- a/test/fuzz/readme.md +++ b/test/fuzz/readme.md @@ -11,14 +11,7 @@ To generate and run fuzz tests, we use the [Jazzer.js](https://github.com/CodeIn This directory contains fuzz targets like for example `createMessageBinary`. -You can run this fuzz target without options: -```sh -npx jazzer test/fuzz/createMessageBinary.cjs -``` -(You will notice the `.cjs` file ending. This is because jazzer does not support esm, yet) - -or with the given settings at your package.json: - +You can run this fuzz target: ```sh TARGET=createMessageBinary npm run fuzz ``` @@ -50,12 +43,12 @@ See further details in [Fuzzing using fuzz targets and the CLI](https://github.c ### Run limitations -You can pass the `-max_total_time` flag to the internal fuzzing engine to stop the fuzzing run after 10 seconds. +You can edit the npm command and pass the `-max_total_time` flag to the internal fuzzing engine to stop the fuzzing run after 10 seconds. ```sh -npx jazzer test/fuzz/createMessageBinary.cjs -- -max_total_time=10 +jazzer test/fuzz/$TARGET -- -max_total_time=10 ``` Or you can limit the number of runs: ```sh -npx jazzer test/fuzz/createMessageBinary.cjs -- -runs=4000000 +jazzer test/fuzz/$TARGET -- -runs=4000000 ``` \ No newline at end of file