ci: fuzz every libfuzzer target, not just three#14
Merged
Conversation
The fuzz job and the local ci-local.sh mirror both looped over a hardcoded list of three targets (parse_l2_response, decrypt_l3_result, parse_handshake_resp). Three attacker-facing decoders added later were never added to that list, so CI fuzzed none of them on any push or weekly run. The cert-store STPUB parser, the X.509 chain verifier, and the firmware-image blob decoder are exactly the inputs an attacker controls, so leaving them unfuzzed defeats the purpose of the job. Enumerate the targets with cargo fuzz list instead of naming them, in both the workflow and the local script. All six targets now run, and any target added in the future is picked up automatically without touching the CI, which is the class of drift that caused this gap. Per-target time is unchanged (60 seconds on push, 900 on the weekly schedule), so a push now spends about six minutes in the fuzz job and the weekly run about ninety. All six targets run crash free locally.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The fuzz job and the local ci-local.sh mirror both looped over a hardcoded list of three targets (parse_l2_response, decrypt_l3_result, parse_handshake_resp). Three attacker-facing decoders added later were never added to that list, so CI fuzzed none of them on any push or weekly run. The cert-store STPUB parser, the X.509 chain verifier, and the firmware-image blob decoder are exactly the inputs an attacker controls, so leaving them unfuzzed defeats the purpose of the job.
Enumerate the targets with cargo fuzz list instead of naming them, in both the workflow and the local script. All six targets now run, and any target added in the future is picked up automatically without touching the CI, which is the class of drift that caused this gap.
Per-target time is unchanged (60 seconds on push, 900 on the weekly schedule), so a push now spends about six minutes in the fuzz job and the weekly run about ninety. All six targets run crash free locally.