-
Notifications
You must be signed in to change notification settings - Fork 37
Expand file tree
/
Copy pathapi-fuzz-test.sh
More file actions
executable file
·180 lines (149 loc) · 5.45 KB
/
api-fuzz-test.sh
File metadata and controls
executable file
·180 lines (149 loc) · 5.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
#!/bin/bash
# Go native fuzz testing — runs fuzz tests for crypto, auth, and mission import
# handlers to detect crashes, panics, and edge cases.
#
# Usage:
# ./scripts/api-fuzz-test.sh # Run all fuzz tests (30s each)
# ./scripts/api-fuzz-test.sh --duration 60s # Custom duration per target
#
# Prerequisites:
# - Go 1.18+ installed (native fuzzing support)
#
# Output:
# /tmp/fuzz-report.json — JSON results
# /tmp/fuzz-summary.md — human-readable summary
#
# Exit code:
# 0 — no crashes found
# 1 — one or more fuzz targets crashed
set -euo pipefail
cd "$(dirname "$0")/.."
# ============================================================================
# Colors & argument parsing
# ============================================================================
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[0;33m'
BOLD='\033[1m'
DIM='\033[2m'
NC='\033[0m'
FUZZ_DURATION="30s"
for arg in "$@"; do
case "$arg" in
--duration) shift; FUZZ_DURATION="${1:-30s}" ;;
esac
done
if ! command -v go &>/dev/null; then
echo -e "${RED}ERROR: Go is not installed${NC}"
exit 1
fi
# ============================================================================
# Fuzz targets
# ============================================================================
REPORT_JSON="/tmp/fuzz-report.json"
REPORT_MD="/tmp/fuzz-summary.md"
TMPDIR_FUZZ=$(mktemp -d)
trap 'rm -rf "$TMPDIR_FUZZ"' EXIT
echo -e "${BOLD}═══════════════════════════════════════════════════${NC}"
echo -e "${BOLD} Go Fuzz Testing (${FUZZ_DURATION} per target)${NC}"
echo -e "${BOLD}═══════════════════════════════════════════════════${NC}"
echo ""
declare -a TARGETS=(
"pkg/settings:FuzzDecrypt"
"pkg/settings:FuzzEncryptDecrypt"
"pkg/api/middleware:FuzzValidateJWT"
)
TOTAL=0
PASSED=0
FAILED=0
RESULTS=""
for target in "${TARGETS[@]}"; do
PKG=$(echo "$target" | cut -d: -f1)
FUNC=$(echo "$target" | cut -d: -f2)
TOTAL=$((TOTAL + 1))
echo -e " ${DIM}[$TOTAL/${#TARGETS[@]}]${NC} Fuzzing ${BOLD}${PKG}/${FUNC}${NC} ..."
OUTPUT_FILE="$TMPDIR_FUZZ/${FUNC}.txt"
FUZZ_EXIT=0
go test "./${PKG}/..." -fuzz="^${FUNC}$" -fuzztime="$FUZZ_DURATION" -fuzzminimizetime=10s > "$OUTPUT_FILE" 2>&1 || FUZZ_EXIT=$?
# A non-zero exit from `go test -fuzz` can mean:
# 1. An actual crash (output contains "Failing input" or "panic")
# 2. A build failure (output contains "build failed")
# 3. A normal timeout (output contains "context deadline exceeded" with no crash)
# Only #1 and #2 are real failures. #3 means the fuzzer ran for the full
# duration without finding any issues — that's a pass.
HAS_CRASH=$(grep -c "Failing input\|panic:" "$OUTPUT_FILE" 2>/dev/null) || HAS_CRASH=0
HAS_BUILD_FAIL=$(grep -c "build failed" "$OUTPUT_FILE" 2>/dev/null) || HAS_BUILD_FAIL=0
if [ "$FUZZ_EXIT" -eq 0 ] || ([ "$HAS_CRASH" -eq 0 ] && [ "$HAS_BUILD_FAIL" -eq 0 ]); then
echo -e " ${GREEN}✓ PASS${NC} — no crashes"
PASSED=$((PASSED + 1))
RESULTS="${RESULTS}{\"target\":\"${PKG}/${FUNC}\",\"status\":\"pass\",\"details\":\"no crashes\"},"
else
echo -e " ${RED}❌ CRASH${NC} — fuzz target found an input that causes failure"
# Show crash details
grep -A 5 "FAIL\|panic\|runtime error" "$OUTPUT_FILE" 2>/dev/null | head -10 | while IFS= read -r line; do
echo -e " ${DIM}${line}${NC}"
done
FAILED=$((FAILED + 1))
CRASH_DETAIL=$(grep "FAIL\|panic" "$OUTPUT_FILE" 2>/dev/null | head -1 | tr '"' "'")
RESULTS="${RESULTS}{\"target\":\"${PKG}/${FUNC}\",\"status\":\"fail\",\"details\":\"${CRASH_DETAIL}\"},"
fi
done
echo ""
# ============================================================================
# Generate reports
# ============================================================================
# Remove trailing comma from RESULTS
RESULTS="${RESULTS%,}"
cat > "$REPORT_JSON" << EOF
{
"timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
"fuzzDuration": "${FUZZ_DURATION}",
"summary": {
"total": ${TOTAL},
"passed": ${PASSED},
"failed": ${FAILED}
},
"results": [${RESULTS}]
}
EOF
cat > "$REPORT_MD" << EOF
# Go Fuzz Test Results
**Date:** $(date -u +%Y-%m-%dT%H:%M:%SZ)
**Duration per target:** ${FUZZ_DURATION}
## Summary
| Metric | Count |
|----------|-------|
| Total | ${TOTAL} |
| Passed | ${PASSED} |
| Failed | ${FAILED} |
## Targets
| Target | Status |
|--------|--------|
EOF
for target in "${TARGETS[@]}"; do
PKG=$(echo "$target" | cut -d: -f1)
FUNC=$(echo "$target" | cut -d: -f2)
OUTPUT_FILE="$TMPDIR_FUZZ/${FUNC}.txt"
if grep -q "FAIL" "$OUTPUT_FILE" 2>/dev/null; then
echo "| \`${PKG}/${FUNC}\` | FAIL |" >> "$REPORT_MD"
else
echo "| \`${PKG}/${FUNC}\` | PASS |" >> "$REPORT_MD"
fi
done
# ============================================================================
# Summary
# ============================================================================
if [ "$TOTAL" -eq 0 ]; then
echo -e "${RED}${BOLD}No fuzz targets were executed${NC}"
elif [ "$FAILED" -eq 0 ]; then
echo -e "${GREEN}${BOLD}All ${TOTAL} fuzz targets passed${NC}"
else
echo -e "${RED}${BOLD}${FAILED}/${TOTAL} fuzz targets found crashes${NC}"
fi
echo ""
echo "Reports:"
echo " JSON: $REPORT_JSON"
echo " Summary: $REPORT_MD"
[ "$TOTAL" -eq 0 ] && exit 1
[ "$FAILED" -gt 0 ] && exit 1
exit 0