From 9415dd79b42bd07071b4a0b5da0aa8bdea04b345 Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Fri, 7 Oct 2022 18:00:18 +0100
Subject: [PATCH] fabric: add more fuzzers (#8713)

Adds more fuzzers for hyperledger fabric.

Signed-off-by: AdamKorcz <adam@adalogics.com>

Signed-off-by: AdamKorcz <adam@adalogics.com>
---
 projects/fabric/Dockerfile                    |  9 ++++-
 .../fabric/FuzzExtractFileEntries.options     |  3 ++
 .../fabric/FuzzParseChaincodePackage.options  |  3 ++
 projects/fabric/FuzzPersistence.options       |  3 ++
 projects/fabric/build.sh                      | 24 ++++++++++++++
 projects/fabric/ccprovider_fuzzer.go          | 33 +++++++++++++++++++
 projects/fabric/fabenc_fuzzer.go              | 20 +++++++++++
 projects/fabric/msp_fuzzer.go                 | 22 +++++++++++++
 projects/fabric/persistence_fuzzer.go         | 29 ++++++++++++++++
 projects/fabric/policydsl_fuzzer.go           | 20 +++++++++++
 10 files changed, 165 insertions(+), 1 deletion(-)
 create mode 100644 projects/fabric/FuzzExtractFileEntries.options
 create mode 100644 projects/fabric/FuzzParseChaincodePackage.options
 create mode 100644 projects/fabric/FuzzPersistence.options
 create mode 100644 projects/fabric/ccprovider_fuzzer.go
 create mode 100644 projects/fabric/fabenc_fuzzer.go
 create mode 100644 projects/fabric/msp_fuzzer.go
 create mode 100644 projects/fabric/policydsl_fuzzer.go

diff --git a/projects/fabric/Dockerfile b/projects/fabric/Dockerfile
index a94454a29..09b05a063 100644
--- a/projects/fabric/Dockerfile
+++ b/projects/fabric/Dockerfile
@@ -16,5 +16,12 @@
 
 FROM gcr.io/oss-fuzz-base/base-builder-go
 RUN git clone --depth 1 https://github.com/hyperledger/fabric
-COPY build.sh persistence_fuzzer.go $SRC/
+RUN git clone --depth 1 https://github.com/AdamKorcz/instrumentation
+COPY build.sh ccprovider_fuzzer.go \
+	 persistence_fuzzer.go \
+	 policydsl_fuzzer.go \
+	 fabenc_fuzzer.go \
+	 msp_fuzzer.go $SRC/
 WORKDIR $SRC/fabric
+
+COPY *.options $SRC/
\ No newline at end of file
diff --git a/projects/fabric/FuzzExtractFileEntries.options b/projects/fabric/FuzzExtractFileEntries.options
new file mode 100644
index 000000000..a1eae2327
--- /dev/null
+++ b/projects/fabric/FuzzExtractFileEntries.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 1800000
+len_control = 0
\ No newline at end of file
diff --git a/projects/fabric/FuzzParseChaincodePackage.options b/projects/fabric/FuzzParseChaincodePackage.options
new file mode 100644
index 000000000..a1eae2327
--- /dev/null
+++ b/projects/fabric/FuzzParseChaincodePackage.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 1800000
+len_control = 0
\ No newline at end of file
diff --git a/projects/fabric/FuzzPersistence.options b/projects/fabric/FuzzPersistence.options
new file mode 100644
index 000000000..a1eae2327
--- /dev/null
+++ b/projects/fabric/FuzzPersistence.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 1800000
+len_control = 0
\ No newline at end of file
diff --git a/projects/fabric/build.sh b/projects/fabric/build.sh
index 8c6d09f27..c9ae57fd5 100644
--- a/projects/fabric/build.sh
+++ b/projects/fabric/build.sh
@@ -15,5 +15,29 @@
 #
 ################################################################################
 
+rm -r $SRC/fabric/cmd/cryptogen
+
+cd $SRC/instrumentation && go run main.go $SRC/fabric && cd $SRC/fabric
+go mod tidy && go mod vendor
+
+
 cp $SRC/persistence_fuzzer.go ./core/chaincode/persistence/mock/
+go get github.com/AdaLogics/go-fuzz-headers
+go mod vendor
 compile_go_fuzzer github.com/hyperledger/fabric/core/chaincode/persistence/mock FuzzPersistence fuzz_persistence
+compile_go_fuzzer github.com/hyperledger/fabric/core/chaincode/persistence/mock FuzzChaincodePackageStreamerMetadatabytes FuzzChaincodePackageStreamerMetadatabytes
+compile_go_fuzzer github.com/hyperledger/fabric/core/chaincode/persistence/mock FuzzParseChaincodePackage FuzzParseChaincodePackage
+
+cp $SRC/ccprovider_fuzzer.go ./core/common/ccprovider/
+compile_go_fuzzer github.com/hyperledger/fabric/core/common/ccprovider FuzzExtractFileEntries FuzzExtractFileEntries
+
+cp $SRC/policydsl_fuzzer.go $SRC/fabric/common/policydsl/
+compile_go_fuzzer github.com/hyperledger/fabric/common/policydsl FuzzFromString fuzz_from_string
+
+cp $SRC/msp_fuzzer.go $SRC/fabric/msp/
+compile_go_fuzzer github.com/hyperledger/fabric/msp FuzzDeserializeIdentity fuzz_deserialize_identity
+
+cp $SRC/fabenc_fuzzer.go $SRC/fabric/common/flogging/fabenc/
+compile_go_fuzzer github.com/hyperledger/fabric/common/flogging/fabenc FuzzParseFormat fuzz_parse_format
+
+cp $SRC/*.options $OUT/
\ No newline at end of file
diff --git a/projects/fabric/ccprovider_fuzzer.go b/projects/fabric/ccprovider_fuzzer.go
new file mode 100644
index 000000000..7d67dc1cc
--- /dev/null
+++ b/projects/fabric/ccprovider_fuzzer.go
@@ -0,0 +1,33 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package ccprovider
+
+import (
+	fuzz "github.com/AdaLogics/go-fuzz-headers"
+)
+
+func FuzzExtractFileEntries(data []byte) int {
+	f := fuzz.NewConsumer(data)
+	tarBytes, err := f.TarBytes()
+	if err != nil {
+		return 0
+	}
+	databaseType, err := f.GetString()
+	if err != nil {
+		return 0
+	}
+	_, _ = ExtractFileEntries(tarBytes, databaseType)
+	return 1
+}
diff --git a/projects/fabric/fabenc_fuzzer.go b/projects/fabric/fabenc_fuzzer.go
new file mode 100644
index 000000000..4958fc6f9
--- /dev/null
+++ b/projects/fabric/fabenc_fuzzer.go
@@ -0,0 +1,20 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package fabenc
+
+func FuzzParseFormat(data []byte) int {
+	_, _ = ParseFormat(string(data))
+	return 1
+}
diff --git a/projects/fabric/msp_fuzzer.go b/projects/fabric/msp_fuzzer.go
new file mode 100644
index 000000000..11dd5aabd
--- /dev/null
+++ b/projects/fabric/msp_fuzzer.go
@@ -0,0 +1,22 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package msp
+
+func FuzzDeserializeIdentity(data []byte) int {
+	m := &mspManagerImpl{}
+	m.up = true
+	_, _ = m.DeserializeIdentity(data)
+	return 1
+}
diff --git a/projects/fabric/persistence_fuzzer.go b/projects/fabric/persistence_fuzzer.go
index 98774a21c..846d0dfa2 100644
--- a/projects/fabric/persistence_fuzzer.go
+++ b/projects/fabric/persistence_fuzzer.go
@@ -15,8 +15,12 @@
 package mock
 
 import (
+	"bytes"
+	"compress/gzip"
+	fuzz "github.com/AdaLogics/go-fuzz-headers"
 	"github.com/hyperledger/fabric/core/chaincode/persistence"
 	tm "github.com/stretchr/testify/mock"
+	"os"
 )
 
 func FuzzPersistence(data []byte) int {
@@ -27,3 +31,28 @@ func FuzzPersistence(data []byte) int {
 	_, _ = ccpp.Parse(data)
 	return 1
 }
+
+func FuzzChaincodePackageStreamerMetadatabytes(data []byte) int {
+	err := os.WriteFile("demoTar.tar", data, 0666)
+	if err != nil {
+		return 0
+	}
+	defer os.Remove("demoTar.tar")
+	cps := &persistence.ChaincodePackageStreamer{PackagePath: "demoTar.tar"}
+	_, _ = cps.MetadataBytes()
+	return 1
+}
+
+func FuzzParseChaincodePackage(data []byte) int {
+	f := fuzz.NewConsumer(data)
+	source, err := f.TarBytes()
+	if err != nil {
+		return 0
+	}
+	var b bytes.Buffer
+	w := gzip.NewWriter(&b)
+	w.Write(source)
+	w.Close()
+	_, _, _ = persistence.ParseChaincodePackage(b.Bytes())
+	return 1
+}
diff --git a/projects/fabric/policydsl_fuzzer.go b/projects/fabric/policydsl_fuzzer.go
new file mode 100644
index 000000000..8946d0554
--- /dev/null
+++ b/projects/fabric/policydsl_fuzzer.go
@@ -0,0 +1,20 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package policydsl
+
+func FuzzFromString(data []byte) int {
+	_, _ = FromString(string(data))
+	return 1
+}