projects / ceph.git / blame
| Commit | Line | Data |
|---|---|---|
| 1e59de90 TL |
1 | For fuzz testing civetweb, perform the following steps:\r |
| 2 | \r | |
| 3 | - Switch to civetweb root directory\r | |
| 4 | - make clean\r | |
| 5 | \r | |
| 6 | First fuzz target: vary URI for HTTP1 server\r | |
| 7 | - make WITH_ALL=1 TEST_FUZZ=1\r | |
| 8 | - mv civetweb civetweb_fuzz1\r | |
| 9 | - sudo ./civetweb_fuzz1 -max_len=2048 fuzztest/url/\r | |
| 10 | \r | |
| 11 | Second fuzz target: vary HTTP1 request for HTTP1 server\r | |
| 12 | - make WITH_ALL=1 TEST_FUZZ=2\r | |
| 13 | - mv civetweb civetweb_fuzz2\r | |
| 14 | - sudo ./civetweb_fuzz2 -max_len=2048 -dict=fuzztest/http1.dict fuzztest/http1/\r | |
| 15 | \r | |
| 16 | Third fuzz target: vary HTTP1 response for HTTP1 client API\r | |
| 17 | - make WITH_ALL=1 TEST_FUZZ=3\r | |
| 18 | - mv civetweb civetweb_fuzz3\r | |
| 19 | - sudo ./civetweb_fuzz3 -max_len=2048 -dict=fuzztest/http1.dict fuzztest/http1c/\r | |
| 20 | \r | |
| 21 | \r | |
| 22 | \r | |
| 23 | Open issues:\r | |
| 24 | * Need "sudo" for container? (ASAN seems to needs it on WSL test)\r | |
| 25 | * let "make" create "civetweb_fuzz#" instead of "mv"\r | |
| 26 | * useful initial corpus and directory\r | |
| 27 | * Planned additional fuzz test:\r | |
| 28 | * vary HTTP2 request for HTTP2 server (in HTTP2 feature branch)\r | |
| 29 | * use internal function to bypass socket (bottleneck)\r | |
| 30 | * where to put fuzz corpus?\r | |
| 31 | \r | |
| 32 | Note:\r | |
| 33 | This test first starts a server, then launches an attack to this local server.\r | |
| 34 | If you run this test on a system with endpoint protection software or some web traffic inspector installed,\r | |
| 35 | this protection software may detect thousands of alarms during this test.\r |