pgsql: Add built-in fuzzing harnesses for security testing.
| От | Andrew Dunstan |
|---|---|
| Тема | pgsql: Add built-in fuzzing harnesses for security testing. |
| Дата | |
| Msg-id | E1wBByO-000Iys-28@gemulon.postgresql.org обсуждение исходный текст |
| Список | pgsql-committers |
Add built-in fuzzing harnesses for security testing. Add 12 libFuzzer-compatible fuzzing harnesses behind a new -Dfuzzing=true meson option. Each harness implements LLVMFuzzerTestOneInput() and can also be built in standalone mode (reading from files) when no fuzzer engine is detected. Frontend targets (no backend dependencies): fuzz_json - non-incremental JSON parser (pg_parse_json) fuzz_json_incremental - incremental/chunked JSON parser fuzz_conninfo - libpq connection string parser (PQconninfoParse) fuzz_pglz - PGLZ decompressor (pglz_decompress) fuzz_unescapebytea - libpq bytea unescape (PQunescapeBytea) fuzz_b64decode - base64 decoder (pg_b64_decode) fuzz_saslprep - SASLprep normalization (pg_saslprep) fuzz_parsepgarray - array literal parser (parsePGArray) fuzz_pgbench_expr - pgbench expression parser (via Bison/Flex) Backend targets (link against postgres_lib): fuzz_rawparser - SQL raw parser (raw_parser) fuzz_regex - regex engine (pg_regcomp/pg_regexec) fuzz_typeinput - type input functions (numeric/date/timestamp/interval) Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/4a18907b412e77684bf888ad6d1b4844d220196a Modified Files -------------- meson_options.txt | 3 + src/test/fuzzing/fuzz_b64decode.c | 98 ++++++++++++++ src/test/fuzzing/fuzz_conninfo.c | 105 +++++++++++++++ src/test/fuzzing/fuzz_json.c | 104 +++++++++++++++ src/test/fuzzing/fuzz_json_incremental.c | 127 ++++++++++++++++++ src/test/fuzzing/fuzz_parsepgarray.c | 102 +++++++++++++++ src/test/fuzzing/fuzz_pgbench_expr.c | 211 ++++++++++++++++++++++++++++++ src/test/fuzzing/fuzz_pglz.c | 127 ++++++++++++++++++ src/test/fuzzing/fuzz_rawparser.c | 162 +++++++++++++++++++++++ src/test/fuzzing/fuzz_regex.c | 193 +++++++++++++++++++++++++++ src/test/fuzzing/fuzz_saslprep.c | 104 +++++++++++++++ src/test/fuzzing/fuzz_typeinput.c | 218 +++++++++++++++++++++++++++++++ src/test/fuzzing/fuzz_unescapebytea.c | 103 +++++++++++++++ src/test/fuzzing/meson.build | 203 ++++++++++++++++++++++++++++ src/test/meson.build | 2 + 15 files changed, 1862 insertions(+)
В списке pgsql-committers по дате отправления: