feat: add dockerfile and script to perform fuzzing test

feat: add dockerfile and script to perform fuzzing test on all swagger files and individual Closes: edgexfoundry#4568 Signed-off-by: Valina Li <[email protected]>
vli11 · Aug 14, 2023 · 00c7f83 · 00c7f83
1 parent 23265df
commit 00c7f83
Show file tree

Hide file tree

Showing 4 changed files with 123 additions and 1 deletion.
diff --git a/.gitignore b/.gitignore
@@ -49,3 +49,5 @@ stage/*
 snap/.snapcraft/*
 squashfs-root/
 
+# result files
+fuzz_results/*
diff --git a/Dockerfile.fuzz b/Dockerfile.fuzz
@@ -0,0 +1,41 @@
+#  ----------------------------------------------------------------------------------
+#  Copyright 2023 Intel Corporation
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#  ----------------------------------------------------------------------------------
+
+FROM mcr.microsoft.com/dotnet/sdk:6.0-alpine as builder
+
+RUN apk add --no-cache python3 py3-pip bash coreutils
+
+WORKDIR /restler-fuzzer
+RUN wget -q -O - https://github.com/microsoft/restler-fuzzer/archive/refs/tags/v9.2.2.tar.gz | \
+    tar xz --strip-components 1 && \
+    mkdir -p restler_bin
+
+RUN python3 ./build-restler.py --dest_dir ./restler_bin/
+
+COPY fuzzing_docker.sh /restler-fuzzer/fuzzing.sh
+COPY /openapi/v3/* /restler-fuzzer/openapi/
+
+ENTRYPOINT ["/restler-fuzzer/fuzzing.sh"]
+# CMD core-data below only do fuzz-lean for core-data
+# This can take about 2 minutes to finish
+# You may swap out core-data to other server to perform fuzz-lean
+CMD ["core-data", "/restler-fuzzer/openapi/core-data.yaml"]
+# CMD of "all" will do fuzz-lean test for core-commmand, core-data, core-metadata, support-notifications, and support-scheduler, 
+# basically all services under openapi/v3/ directory
+# This can take more than 20 minutes to finish
+# Comment out above CMD and uncomment below CMD of "all" to fuzz all services
+# CMD ["all"]
diff --git a/Makefile b/Makefile
@@ -5,7 +5,7 @@
 # SPDX-License-Identifier: Apache-2.0
 #
 
-.PHONY: build clean unittest hadolint lint test docker run sbom
+.PHONY: build clean unittest hadolint lint test docker run sbom docker-fuzz fuzz-test
 
 # change the following boolean flag to include or exclude the delayed start libs for builds for most of core services except support services
 INCLUDE_DELAYED_START_BUILD_CORE:="false"
@@ -367,3 +367,9 @@ sbom:
 	docker run -it --rm \
 		-v "$$PWD:/edgex-go" -v "$$PWD/sbom:/sbom" \
 		spdx/spdx-sbom-generator -p /edgex-go/ -o /sbom/ --include-license-text true
+
+docker-fuzz:
+	docker build -f Dockerfile.fuzz -t fuzz-edgex-go:latest .
+
+fuzz-test:
+	docker run --net host --rm -v "$$PWD/fuzz_results:/fuzz_results" fuzz-edgex-go:latest
diff --git a/fuzzing_docker.sh b/fuzzing_docker.sh
@@ -0,0 +1,73 @@
+#!/usr/bin/env bash
+# /*******************************************************************************
+#  * Copyright 2023 Intel Corporation.
+#  *
+#  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+#  * in compliance with the License. You may obtain a copy of the License at
+#  *
+#  * http://www.apache.org/licenses/LICENSE-2.0
+#  *
+#  * Unless required by applicable law or agreed to in writing, software distributed under the License
+#  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+#  * or implied. See the License for the specific language governing permissions and limitations under
+#  * the License.
+#  *******************************************************************************/
+
+
+EDGEX_PROJECT_NAME=${1}
+echo $EDGEX_PROJECT_NAME
+SWAGGER_FILE_NAME_PATH=${2}
+echo $SWAGGER_FILE_NAME_PATH
+
+SWAGGER_FILE_PATH="/restler-fuzzer/openapi"
+
+usage()
+{
+  echo "Usage:"
+  echo "./fuzzing_docker.sh <EDGEX_PROJECT_NAME> <SWAGGER_FILE_NAME_PATH>"
+  echo
+  echo "<EDGEX_PROJECT_NAME> is required, options: all|core-data|core-command|core-metadata|support-notifications|support-scheduler"
+  echo "<SWAGGER_FILE_NAME_PATH> is required for NOT \"all\" EDGEX_PROJECT_NAME, it is the path and filename of a project swagger file"
+  exit 1
+}
+
+runFuzzLeanPerSwagger() {
+    echo "--compile from swagger file: $2"
+    ./restler_bin/restler/Restler compile --api_spec "$2"
+
+    echo "--test the grammar"
+    ./restler_bin/restler/Restler test --grammar_file ./Compile/grammar.py --dictionary_file ./Compile/dict.json --settings ./Compile/engine_settings.json --no_ssl
+
+    # assuming edgex service is already running on host
+    echo "--run fuzz-lean"
+    ./restler_bin/restler/Restler fuzz-lean --grammar_file ./Compile/grammar.py --dictionary_file ./Compile/dict.json --settings ./Compile/engine_settings.json --no_ssl
+
+    echo "--copy result logs into $1"
+    mkdir -p /fuzz_results/"$1"
+    cp -r ./Test/ /fuzz_results/"$1"/
+}
+
+if [ "$EDGEX_PROJECT_NAME" == "" ]
+then
+    echo "Please provide a valid project name."
+    usage
+fi
+if [ "$EDGEX_PROJECT_NAME" == "all" ]
+then
+    echo "fuzz-lean for all swagger files"
+
+    for swagger in "$SWAGGER_FILE_PATH"/*
+    do
+        projectname=$(basename "$swagger" .yaml)
+        echo "$projectname"
+        echo "$swagger"
+        if [[ "$projectname" != *"."* ]]
+        then
+            runFuzzLeanPerSwagger $projectname $swagger
+        fi
+    done
+else
+    echo "fuzz-lean a specific swagger file only"
+    runFuzzLeanPerSwagger $EDGEX_PROJECT_NAME $SWAGGER_FILE_NAME_PATH
+fi
+