Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add fuzzer for Convert.To/FromBase64 APIs #108247

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add fuzzer for Convert.To/FromBase64 APIs #108247

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
439782d
Add fuzzer for Convert.To/FromBase64 APIs
buyaa-n Sep 25, 2024
bf27f3f
Remove asserting invalid chars, decoding logic should detect that
buyaa-n Sep 25, 2024
9547c72
Apply suggestions from code review
buyaa-n Sep 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions eng/pipelines/libraries/fuzzing/deploy-to-onefuzz.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,14 @@ extends:
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
displayName: Send Base64UrlFuzzer to OneFuzz

- task: onefuzz-task@0
inputs:
onefuzzOSes: 'Windows'
env:
onefuzzDropDirectory: $(fuzzerProject)/deployment/ConvertToBase64Fuzzer
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
displayName: Send ConvertToBase64Fuzzer to OneFuzz

- task: onefuzz-task@0
inputs:
onefuzzOSes: 'Windows'
Expand Down
17 changes: 17 additions & 0 deletions src/libraries/Fuzzing/DotnetFuzzing/Assert.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,23 @@ static void ThrowNull() =>
throw new Exception("Value is null");
}

public static void SequenceEqual<T>(Span<T> expected, Span<T> actual)
{
if (!expected.SequenceEqual(actual))
{
Throw(expected, actual);
}

static void Throw(Span<T> expected, Span<T> actual)
{
Equal(expected.Length, actual.Length);

int diffIndex = expected.CommonPrefixLength(actual);

throw new Exception($"Expected={expected[diffIndex]} Actual={actual[diffIndex]} at index {diffIndex}");
}
}
buyaa-n marked this conversation as resolved.
Show resolved Hide resolved

public static void SequenceEqual<T>(ReadOnlySpan<T> expected, ReadOnlySpan<T> actual)
{
if (!expected.SequenceEqual(actual))
Expand Down
64 changes: 64 additions & 0 deletions src/libraries/Fuzzing/DotnetFuzzing/Fuzzers/ConvertToBase64Fuzzer.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.

using System.Buffers;

namespace DotnetFuzzing.Fuzzers
{
internal sealed class ConvertToBase64Fuzzer : IFuzzer
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't covering that much logic, and the interesting inputs are the same as with Base64Fuzzer. Can we move the extra asserts into that one instead?

Copy link
Member Author

@buyaa-n buyaa-n Sep 25, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only Base64FormattingOptions.None path uses Base64 encoder, it has its own logic for other cases and also has logic for widening encoded char after calling Base64.EncodeTo***(...).

i.e there is some logic we want to be covered, plus I assume other Conver APIs fuzz tests will be added to this one

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But the inputs are base64, so the interesting corner cases will be similar between base64 APIs on Convert, or on the Base64 class.

If we were to add more fuzz testing for other APIs on Convert, I don't think we'd want them to share the fuzz target with this one as the inputs for base64 parsing have nothing in common with interesting inputs for parsing an int32.

{
private const int Base64LineBreakPosition = 76;

public string[] TargetAssemblies => [];

public string[] TargetCoreLibPrefixes { get; } = ["System.Convert"];

public void FuzzTarget(ReadOnlySpan<byte> bytes)
{
TestToStringToCharArray(bytes, Base64FormattingOptions.None, PoisonPagePlacement.Before);
TestToStringToCharArray(bytes, Base64FormattingOptions.InsertLineBreaks, PoisonPagePlacement.Before);
TestToStringToCharArray(bytes, Base64FormattingOptions.None, PoisonPagePlacement.After);
TestToStringToCharArray(bytes, Base64FormattingOptions.InsertLineBreaks, PoisonPagePlacement.After);
}

private static void TestToStringToCharArray(ReadOnlySpan<byte> bytes, Base64FormattingOptions options, PoisonPagePlacement poison)
{
using PooledBoundedMemory<byte> inputPoisoned = PooledBoundedMemory<byte>.Rent(bytes, poison);
int encodedLength = ToBase64_CalculateOutputLength(bytes.Length, options == Base64FormattingOptions.InsertLineBreaks);
using PooledBoundedMemory<char> destPoisoned = PooledBoundedMemory<char>.Rent(encodedLength, poison);
Span<byte> input = inputPoisoned.Span;
char[] dest = destPoisoned.Span.ToArray();
buyaa-n marked this conversation as resolved.
Show resolved Hide resolved

string toStringResult = Convert.ToBase64String(input, options);
byte[] decoded = Convert.FromBase64String(toStringResult);

Assert.SequenceEqual(input, decoded);

int written = Convert.ToBase64CharArray(input.ToArray(), 0, input.Length, dest, 0, options);
decoded = Convert.FromBase64CharArray(dest, 0, written);

Assert.SequenceEqual(input, decoded);
Assert.Equal(toStringResult, new string(dest, 0, written));
buyaa-n marked this conversation as resolved.
Show resolved Hide resolved
}

private static int ToBase64_CalculateOutputLength(int inputLength, bool insertLineBreaks)
{
uint outlen = ((uint)inputLength + 2) / 3 * 4;

if (outlen == 0)
return 0;

if (insertLineBreaks)
{
(uint newLines, uint remainder) = Math.DivRem(outlen, Base64LineBreakPosition);
if (remainder == 0)
{
--newLines;
}
outlen += newLines * 2; // 2 line break chars added: "\r\n"
}

return (int)outlen;
}
}
}
Loading