diff --git a/.gitignore b/.gitignore index eccbd71e12..2d53f11cbe 100644 --- a/.gitignore +++ b/.gitignore @@ -49,3 +49,5 @@ stage/* snap/.snapcraft/* squashfs-root/ +# result files +fuzz_results/* diff --git a/Dockerfile.fuzz b/Dockerfile.fuzz new file mode 100644 index 0000000000..524e3cbaf5 --- /dev/null +++ b/Dockerfile.fuzz @@ -0,0 +1,41 @@ +# ---------------------------------------------------------------------------------- +# Copyright 2023 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ---------------------------------------------------------------------------------- + +FROM mcr.microsoft.com/dotnet/sdk:6.0-alpine as builder + +RUN apk add --no-cache python3 py3-pip bash coreutils + +WORKDIR /restler-fuzzer +RUN wget -q -O - https://github.com/microsoft/restler-fuzzer/archive/refs/tags/v9.2.2.tar.gz | \ + tar xz --strip-components 1 && \ + mkdir -p restler_bin + +RUN python3 ./build-restler.py --dest_dir ./restler_bin/ + +COPY fuzzing_docker.sh /restler-fuzzer/fuzzing.sh +COPY /openapi/v3/* /restler-fuzzer/openapi/ + +ENTRYPOINT ["/restler-fuzzer/fuzzing.sh"] +# CMD core-data below only do fuzz-lean for core-data +# This can take about 2 minutes to finish +# You may swap out core-data to other server to perform fuzz-lean +CMD ["core-data", "/restler-fuzzer/openapi/core-data.yaml"] +# CMD of "all" will do fuzz-lean test for core-commmand, core-data, core-metadata, support-notifications, and support-scheduler, +# basically all services under openapi/v3/ directory +# This can take more than 20 minutes to finish +# Comment out above CMD and uncomment below CMD of "all" to fuzz all services +# CMD ["all"] diff --git a/Makefile b/Makefile index fbb14d6dcd..f7ae0e711c 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ # SPDX-License-Identifier: Apache-2.0 # -.PHONY: build clean unittest hadolint lint test docker run sbom +.PHONY: build clean unittest hadolint lint test docker run sbom docker-fuzz fuzz-test # change the following boolean flag to include or exclude the delayed start libs for builds for most of core services except support services INCLUDE_DELAYED_START_BUILD_CORE:="false" @@ -367,3 +367,9 @@ sbom: docker run -it --rm \ -v "$$PWD:/edgex-go" -v "$$PWD/sbom:/sbom" \ spdx/spdx-sbom-generator -p /edgex-go/ -o /sbom/ --include-license-text true + +docker-fuzz: + docker build -f Dockerfile.fuzz -t fuzz-edgex-go:latest . + +fuzz-test: + docker run --net host --rm -v "$$PWD/fuzz_results:/fuzz_results" fuzz-edgex-go:latest \ No newline at end of file diff --git a/fuzzing_docker.sh b/fuzzing_docker.sh new file mode 100755 index 0000000000..38a9624b45 --- /dev/null +++ b/fuzzing_docker.sh @@ -0,0 +1,73 @@ +#!/usr/bin/env bash +# /******************************************************************************* +# * Copyright 2023 Intel Corporation. +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except +# * in compliance with the License. You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software distributed under the License +# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# * or implied. See the License for the specific language governing permissions and limitations under +# * the License. +# *******************************************************************************/ + + +EDGEX_PROJECT_NAME=${1} +echo $EDGEX_PROJECT_NAME +SWAGGER_FILE_NAME_PATH=${2} +echo $SWAGGER_FILE_NAME_PATH + +SWAGGER_FILE_PATH="/restler-fuzzer/openapi" + +usage() +{ + echo "Usage:" + echo "./fuzzing_docker.sh " + echo + echo " is required, options: all|core-data|core-command|core-metadata|support-notifications|support-scheduler" + echo " is required for NOT \"all\" EDGEX_PROJECT_NAME, it is the path and filename of a project swagger file" + exit 1 +} + +runFuzzLeanPerSwagger() { + echo "--compile from swagger file: $2" + ./restler_bin/restler/Restler compile --api_spec "$2" + + echo "--test the grammar" + ./restler_bin/restler/Restler test --grammar_file ./Compile/grammar.py --dictionary_file ./Compile/dict.json --settings ./Compile/engine_settings.json --no_ssl + + # assuming edgex service is already running on host + echo "--run fuzz-lean" + ./restler_bin/restler/Restler fuzz-lean --grammar_file ./Compile/grammar.py --dictionary_file ./Compile/dict.json --settings ./Compile/engine_settings.json --no_ssl + + echo "--copy result logs into $1" + mkdir -p /fuzz_results/"$1" + cp -r ./Test/ /fuzz_results/"$1"/ +} + +if [ "$EDGEX_PROJECT_NAME" == "" ] +then + echo "Please provide a valid project name." + usage +fi +if [ "$EDGEX_PROJECT_NAME" == "all" ] +then + echo "fuzz-lean for all swagger files" + + for swagger in "$SWAGGER_FILE_PATH"/* + do + projectname=$(basename "$swagger" .yaml) + echo "$projectname" + echo "$swagger" + if [[ "$projectname" != *"."* ]] + then + runFuzzLeanPerSwagger $projectname $swagger + fi + done +else + echo "fuzz-lean a specific swagger file only" + runFuzzLeanPerSwagger $EDGEX_PROJECT_NAME $SWAGGER_FILE_NAME_PATH +fi +