Initial implementation of Mayhem and fuzzing

.github/workflows/mayhem.yaml

@@ -0,0 +1,61 @@
+name: Mayhem
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+  MAYHEMFILE: Mayhemfile
+  PROJECTNAME: kdl-rs
+
+jobs:
+  build:
+    name: '${{ matrix.os }} shared=${{ matrix.shared }} ${{ matrix.build_type }}'
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+        shared: [false]
+        build_type: [Release]
+        include:
+          - os: ubuntu-latest
+            triplet: x64-linux
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          file: Dockerfile.mayhem
+
+      - name: Start analysis of kdl-rs parse
+        uses: ForAllSecure/mcode-action@v1
+        with:
+          mayhem-token: ${{ secrets.MAYHEM_TOKEN }}
+          args: --image ${{ steps.meta.outputs.tags }} --project ${{ env.PROJECTNAME }} --file ${{ env.MAYHEMFILE }}
+          sarif-output: sarif
+
+      - name: Upload SARIF file(s)
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: sarif

Dockerfile.mayhem

@@ -0,0 +1,21 @@
+# Use the example in Mayhem Docs as an example/starting point
+FROM rust:1.60-buster as rust-builder
+RUN cargo install afl
+
+# Add the source code to the image and build the target
+ADD . /kdl-rs
+WORKDIR /kdl-rs/fuzz
+RUN cargo afl build
+# Built target is: /kdl-rs/fuzz/target/debug/fuzz
+
+# To simplify matters, we'll copy the compiled target as well as
+# the fuzz input folder to a new image with AFL. This helps save some space.
+FROM --platform=linux/amd64 rust:1.60-buster
+RUN cargo install afl
+
+# Copy the compiled target and the input cases
+COPY --from=rust-builder /kdl-rs/fuzz/target/debug/fuzz /kdl-rs/fuzz/in /
+
+# Set to fuzz!
+ENTRYPOINT ["cargo", "afl", "fuzz", "-i", "/in", "-o", "/out"]
+CMD ["/fuzz"]

Mayhemfile

@@ -0,0 +1,9 @@
+project: kdl-rs
+target: kdl-rs-parse
+duration: 300
+
+cmds:
+  - cmd: /fuzz
+    env:
+      DISABLE_SMOKETEST: '1'
+    afl: true

fuzz/.gitignore

@@ -0,0 +1,2 @@
+target
+out

fuzz/Cargo.toml

@@ -0,0 +1,10 @@
+[package]
+name = "fuzz"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+afl = "*"
+kdl = { path = ".." }

fuzz/in/all_escapes.kdl

@@ -0,0 +1 @@
+node "\"\\\/\b\f\n\r\t"

fuzz/in/all_node_fields.kdl

@@ -0,0 +1,3 @@
+node "arg" prop="val" {
+    inner_node
+}

fuzz/in/arg_and_prop_same_name.kdl

@@ -0,0 +1 @@
+node "arg" arg="val"

fuzz/in/arg_false_type.kdl

@@ -0,0 +1 @@
+node (type)false

fuzz/in/arg_float_type.kdl

@@ -0,0 +1 @@
+node (type)2.5

fuzz/in/arg_hex_type.kdl

@@ -0,0 +1 @@
+node (type)0x10

fuzz/in/arg_null_type.kdl

@@ -0,0 +1 @@
+node (type)null

fuzz/in/arg_raw_string_type.kdl

@@ -0,0 +1 @@
+node (type)"str"

fuzz/in/arg_string_type.kdl

@@ -0,0 +1 @@
+node (type)"str"

fuzz/in/arg_true_type.kdl

@@ -0,0 +1 @@
+node (type)true

fuzz/in/arg_type.kdl

@@ -0,0 +1 @@
+node (type)"arg"

fuzz/in/arg_zero_type.kdl

@@ -0,0 +1 @@
+node (type)0

fuzz/in/asterisk_in_block_comment.kdl

@@ -0,0 +1 @@
+node /* * */

fuzz/in/backslash_in_bare_id.kdl

@@ -0,0 +1 @@
+foo123\bar "weeee"

fuzz/in/bare_arg.kdl

@@ -0,0 +1 @@
+node a

fuzz/in/bare_emoji.kdl

@@ -0,0 +1 @@
+😁 "happy!"

fuzz/in/binary.kdl

@@ -0,0 +1 @@
+node 0b10

fuzz/in/binary_trailing_underscore.kdl

@@ -0,0 +1 @@
+node 0b10_

fuzz/in/binary_underscore.kdl

@@ -0,0 +1 @@
+node 0b1_0

fuzz/in/blank_arg_type.kdl

@@ -0,0 +1 @@
+node ("")10

fuzz/in/blank_node_type.kdl

@@ -0,0 +1 @@
+("")node

fuzz/in/blank_prop_type.kdl

@@ -0,0 +1 @@
+node key=("")true

fuzz/in/block_comment.kdl

@@ -0,0 +1 @@
+node /* comment */ "arg"

fuzz/in/block_comment_after_node.kdl

@@ -0,0 +1 @@
+node /* hey */ "arg"

fuzz/in/block_comment_before_node.kdl

@@ -0,0 +1 @@
+/* hey */ node

fuzz/in/block_comment_before_node_no_space.kdl

@@ -0,0 +1 @@
+/* hey*/node

fuzz/in/block_comment_newline.kdl

@@ -0,0 +1 @@
+/* hey */

fuzz/in/boolean_arg.kdl

@@ -0,0 +1 @@
+node false true

fuzz/in/boolean_prop.kdl

@@ -0,0 +1 @@
+node prop1=true prop2=false

fuzz/in/brackets_in_bare_id.kdl

@@ -0,0 +1 @@
+foo123{bar}foo "weeee"

fuzz/in/chevrons_in_bare_id.kdl

@@ -0,0 +1 @@
+foo123<bar>foo "weeee"

fuzz/in/comma_in_bare_id.kdl

@@ -0,0 +1 @@
+foo123,bar "weeee"

fuzz/in/comment_after_arg_type.kdl

@@ -0,0 +1 @@
+node (type)/*huh*/10

fuzz/in/comment_after_node_type.kdl

@@ -0,0 +1 @@
+(type)/*huh*/node

fuzz/in/comment_after_prop_type.kdl

@@ -0,0 +1 @@
+node key=(type)/*huh*/10

fuzz/in/comment_in_arg_type.kdl

@@ -0,0 +1 @@
+node (type/*huh*/)10

fuzz/in/comment_in_node_type.kdl

@@ -0,0 +1 @@
+(type/*huh*/)node

fuzz/in/comment_in_prop_type.kdl

@@ -0,0 +1 @@
+node key=(type/*huh*/)10

fuzz/in/commented_arg.kdl

@@ -0,0 +1 @@
+node /- "arg1" "arg2"

fuzz/in/commented_child.kdl

@@ -0,0 +1,3 @@
+node "arg" /- {
+     inner_node
+}

fuzz/in/commented_line.kdl

@@ -0,0 +1,2 @@
+// node_1
+node_2

fuzz/in/commented_node.kdl

@@ -0,0 +1,2 @@
+/- node_1
+node_2

fuzz/in/commented_prop.kdl

@@ -0,0 +1 @@
+node /- prop="val" "arg"

fuzz/in/crlf_between_nodes.kdl

@@ -0,0 +1,2 @@
+node1
+node2

fuzz/in/dash_dash.kdl

@@ -0,0 +1 @@
+node --

fuzz/in/dot_but_no_fraction.kdl

@@ -0,0 +1 @@
+node 1.

fuzz/in/dot_but_no_fraction_before_exponent.kdl

@@ -0,0 +1 @@
+node 1.e7

fuzz/in/dot_in_exponent.kdl

@@ -0,0 +1 @@
+node 1.0.0

fuzz/in/dot_zero.kdl

@@ -0,0 +1 @@
+node .0

fuzz/in/emoji.kdl

@@ -0,0 +1 @@
+node "😀"

fuzz/in/empty_arg_type.kdl

@@ -0,0 +1 @@
+node ()10

fuzz/in/empty_child.kdl

@@ -0,0 +1,2 @@
+node {
+}

fuzz/in/empty_child_different_lines.kdl

@@ -0,0 +1,2 @@
+node {
+}

fuzz/in/empty_child_same_line.kdl

@@ -0,0 +1 @@
+node {}

fuzz/in/empty_child_whitespace.kdl

@@ -0,0 +1,3 @@
+node {
+
+     }

fuzz/in/empty_node_type.kdl

@@ -0,0 +1 @@
+()node

fuzz/in/empty_prop_type.kdl

@@ -0,0 +1 @@
+node key=()false

fuzz/in/empty_quoted_node_id.kdl

@@ -0,0 +1 @@
+"" "arg"

fuzz/in/empty_quoted_prop_key.kdl

@@ -0,0 +1 @@
+node ""="empty"

fuzz/in/empty_string_arg.kdl

@@ -0,0 +1 @@
+node ""

fuzz/in/esc_newline_in_string.kdl

@@ -0,0 +1 @@
+node "hello\nworld"

fuzz/in/esc_unicode_in_string.kdl

@@ -0,0 +1 @@
+node "hello\u{0a}world"

fuzz/in/escline.kdl

@@ -0,0 +1,2 @@
+node \
+    "arg"

fuzz/in/escline_comment_node.kdl

@@ -0,0 +1,3 @@
+node1
+  \// hey
+   node2

fuzz/in/escline_line_comment.kdl

@@ -0,0 +1,4 @@
+node \   // comment
+    "arg" \// comment
+    "arg2
+"

fuzz/in/escline_node.kdl

@@ -0,0 +1,2 @@
+node1
+node2

fuzz/in/false_prefix_in_bare_id.kdl

@@ -0,0 +1 @@
+false_id

fuzz/in/false_prefix_in_prop_key.kdl

@@ -0,0 +1 @@
+node false_id=1

fuzz/in/false_prop_key.kdl

@@ -0,0 +1 @@
+node false=1

fuzz/in/hex.kdl

@@ -0,0 +1 @@
+node 0x1234567890abcdef

fuzz/in/hex_int.kdl

@@ -0,0 +1 @@
+node 0x1234567890ABCDEF

fuzz/in/hex_int_underscores.kdl

@@ -0,0 +1 @@
+node 0xABC_def_0123

fuzz/in/hex_leading_zero.kdl

@@ -0,0 +1 @@
+node 0x01

fuzz/in/illegal_char_in_binary.kdl

@@ -0,0 +1 @@
+node 0bx01

fuzz/in/illegal_char_in_hex.kdl

@@ -0,0 +1 @@
+node 0x10g10

fuzz/in/illegal_char_in_octal.kdl

@@ -0,0 +1 @@
+node 0o45678

fuzz/in/int_multiple_underscore.kdl

@@ -0,0 +1 @@
+node 1_2_3_4

fuzz/in/just_block_comment.kdl

@@ -0,0 +1 @@
+/* hey */

fuzz/in/just_child.kdl

@@ -0,0 +1,3 @@
+node {
+    inner_node
+}

fuzz/in/just_newline.kdl

@@ -0,0 +1 @@
+

fuzz/in/just_node_id.kdl

@@ -0,0 +1 @@
+node

fuzz/in/just_space.kdl

@@ -0,0 +1 @@
+

fuzz/in/just_space_in_arg_type.kdl

@@ -0,0 +1 @@
+node ( )false

fuzz/in/just_space_in_node_type.kdl

@@ -0,0 +1 @@
+( )node

fuzz/in/just_space_in_prop_type.kdl

@@ -0,0 +1 @@
+node key=()0x10

fuzz/in/just_type_no_arg.kdl

@@ -0,0 +1 @@
+node (type)

fuzz/in/just_type_no_node_id.kdl

@@ -0,0 +1 @@
+(type)

fuzz/in/just_type_no_prop.kdl

@@ -0,0 +1 @@
+node key=(type)

fuzz/in/leading_newline.kdl

@@ -0,0 +1,2 @@
+
+node

fuzz/in/leading_zero_binary.kdl

@@ -0,0 +1 @@
+node 0b01

fuzz/in/leading_zero_int.kdl

@@ -0,0 +1 @@
+node 011

fuzz/in/leading_zero_oct.kdl

@@ -0,0 +1 @@
+node 0o01

fuzz/in/multiline_comment.kdl

@@ -0,0 +1,4 @@
+node /*
+some
+comments
+*/ "arg"

fuzz/in/multiline_nodes.kdl

@@ -0,0 +1,3 @@
+node \
+    "arg1" \// comment
+    "arg2"

fuzz/in/multiline_string.kdl

@@ -0,0 +1,4 @@
+node " hey
+everyone
+how goes?
+"

fuzz/in/multiple_dots_in_float.kdl

@@ -0,0 +1 @@
+node 1.0.0

fuzz/in/multiple_dots_in_float_before_exponent.kdl

@@ -0,0 +1 @@
+node 1.0.0e7

fuzz/in/multiple_es_in_float.kdl

@@ -0,0 +1 @@
+node 1.0E10e10

fuzz/in/multiple_x_in_hex.kdl

@@ -0,0 +1 @@
+node 0xx10

fuzz/in/negative_exponent.kdl

@@ -0,0 +1 @@
+node 1.0e-10

fuzz/in/negative_float.kdl

@@ -0,0 +1 @@
+node -1.0 key=-10.0

fuzz/in/negative_int.kdl

@@ -0,0 +1 @@
+node -10 prop=-15

fuzz/in/nested_block_comment.kdl

@@ -0,0 +1 @@
+node /* hi /* there */ everyone */ "arg"

fuzz/in/nested_children.kdl

@@ -0,0 +1,5 @@
+node1 {
+    node2 {
+        node
+    }
+}

fuzz/in/nested_comments.kdl

@@ -0,0 +1 @@
+node /*/* nested */*/ "arg"

fuzz/in/nested_multiline_block_comment.kdl

@@ -0,0 +1,6 @@
+node /*
+hey /*
+how's
+*/
+    it going
+    */ "arg"