]>
Commit | Line | Data |
---|---|---|
1e59de90 TL |
1 | For fuzz testing civetweb, perform the following steps:\r |
2 | \r | |
3 | - Switch to civetweb root directory\r | |
4 | - make clean\r | |
5 | \r | |
6 | First fuzz target: vary URI for HTTP1 server\r | |
7 | - make WITH_ALL=1 TEST_FUZZ=1\r | |
8 | - mv civetweb civetweb_fuzz1\r | |
9 | - sudo ./civetweb_fuzz1 -max_len=2048 fuzztest/url/\r | |
10 | \r | |
11 | Second fuzz target: vary HTTP1 request for HTTP1 server\r | |
12 | - make WITH_ALL=1 TEST_FUZZ=2\r | |
13 | - mv civetweb civetweb_fuzz2\r | |
14 | - sudo ./civetweb_fuzz2 -max_len=2048 -dict=fuzztest/http1.dict fuzztest/http1/\r | |
15 | \r | |
16 | Third fuzz target: vary HTTP1 response for HTTP1 client API\r | |
17 | - make WITH_ALL=1 TEST_FUZZ=3\r | |
18 | - mv civetweb civetweb_fuzz3\r | |
19 | - sudo ./civetweb_fuzz3 -max_len=2048 -dict=fuzztest/http1.dict fuzztest/http1c/\r | |
20 | \r | |
21 | \r | |
22 | \r | |
23 | Open issues:\r | |
24 | * Need "sudo" for container? (ASAN seems to needs it on WSL test)\r | |
25 | * let "make" create "civetweb_fuzz#" instead of "mv"\r | |
26 | * useful initial corpus and directory\r | |
27 | * Planned additional fuzz test:\r | |
28 | * vary HTTP2 request for HTTP2 server (in HTTP2 feature branch)\r | |
29 | * use internal function to bypass socket (bottleneck)\r | |
30 | * where to put fuzz corpus?\r | |
31 | \r | |
32 | Note:\r | |
33 | This test first starts a server, then launches an attack to this local server.\r | |
34 | If you run this test on a system with endpoint protection software or some web traffic inspector installed,\r | |
35 | this protection software may detect thousands of alarms during this test.\r |