mhlakhani commented on code in PR #3339: URL: https://github.com/apache/thrift/pull/3339#discussion_r2929037287
########## lib/rb/test/fuzz/README.md: ########## @@ -0,0 +1,99 @@ +# Ruby Fuzzing README + +The Ruby Thrift implementation uses [Ruzzy](https://github.com/trailofbits/ruzzy) for fuzzing. Ruzzy is a coverage-guided fuzzer for pure Ruby code and Ruby C extensions. + +We currently have several fuzz targets that test different aspects of the Thrift implementation: + +- `fuzz_parse_binary_protocol.rb` -- fuzzes deserialization of the Binary protocol +- `fuzz_parse_binary_protocol_accelerated.rb` -- fuzzes deserialization of the accelerated Binary protocol +- `fuzz_parse_compact_protocol.rb` -- fuzzes deserialization of the Compact protocol +- `fuzz_parse_json_protocol.rb` -- fuzzes deserialization of JSON protocol messages +- `fuzz_roundtrip_binary_protocol.rb` -- fuzzes Binary roundtrips (deserialize, serialize, deserialize, compare) +- `fuzz_roundtrip_binary_protocol_accelerated.rb` -- fuzzes accelerated Binary roundtrips +- `fuzz_roundtrip_compact_protocol.rb` -- fuzzes Compact roundtrips +- `fuzz_roundtrip_json_protocol.rb` -- fuzzes JSON message roundtrips + +The runnable files in this directory are tracer entrypoints. Ruzzy requires that pure Ruby fuzzing starts from a tracer script which then loads a separate harness, so do not invoke the matching `_harness.rb` files directly. + +The fuzzers use Ruzzy's mutation engine to generate test cases. Each target uses common testing code from `fuzz_common.rb`. + +For more information about Ruzzy and its options, see the [Ruzzy documentation](https://github.com/trailofbits/ruzzy). + +You can also use the corpus generator from the Rust implementation to generate initial Binary and Compact corpora that can be reused by the Ruby fuzzers, since those wire formats are identical between implementations. + +## Usage + +```bash Review Comment: On the oss-fuzz side it's language specific and not easy. in the thrift side I focused on linux instructions and added makefile targets that worked on linux / tested in the dockerfile. I think that's ok, if we can make it so that non-linux use cases aren't broken ########## lib/rb/test/fuzz/fuzz_common.rb: ########## @@ -0,0 +1,95 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +$:.unshift File.expand_path('../../lib', __dir__) +$:.unshift File.expand_path('../../ext', __dir__) +require 'thrift' +$:.unshift File.dirname(__FILE__) + "/gen-rb" +require 'fuzz_test_constants' + +require 'coverage' +Coverage.start(branches: true) unless Coverage.respond_to?(:running?) && Coverage.running? +require 'ruzzy' +# Ruzzy.enable_branch_coverage_hooks + +def ignorable_fuzz_exception?(error) + return true if error.is_a?(Thrift::ProtocolException) || + error.is_a?(EOFError) || + error.is_a?(Encoding::UndefinedConversionError) + + [ Review Comment: This makes a lot of sense, thank you! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
