From 518dd71de6e3874f84467b0bfe797fce1c50241f Mon Sep 17 00:00:00 2001 From: Jonathan White Date: Sun, 9 Feb 2025 09:15:20 -0500 Subject: [PATCH] Update fuzz testing instructions * Also fix env var name --- src/cli/Utils.cpp | 2 +- docs/FuzzTest.md => utils/fuzz-testing/README.md | 8 ++++---- {share => utils/fuzz-testing}/empty3.kdbx | Bin {share => utils/fuzz-testing}/empty4.kdbx | Bin 4 files changed, 5 insertions(+), 5 deletions(-) rename docs/FuzzTest.md => utils/fuzz-testing/README.md (91%) rename {share => utils/fuzz-testing}/empty3.kdbx (100%) rename {share => utils/fuzz-testing}/empty4.kdbx (100%) diff --git a/src/cli/Utils.cpp b/src/cli/Utils.cpp index de12e6ba6..ae4874c43 100644 --- a/src/cli/Utils.cpp +++ b/src/cli/Utils.cpp @@ -226,7 +226,7 @@ namespace Utils #ifdef __AFL_COMPILER // Fuzz test build takes password from environment variable to // allow non-interactive operation - const auto env = getenv("KEYPASSXC_AFL_PASSWORD"); + const auto env = getenv("KEEPASSXC_AFL_PASSWORD"); return env ? env : ""; #else auto& in = STDIN; diff --git a/docs/FuzzTest.md b/utils/fuzz-testing/README.md similarity index 91% rename from docs/FuzzTest.md rename to utils/fuzz-testing/README.md index cb73fbd27..9f2c1fc27 100644 --- a/docs/FuzzTest.md +++ b/utils/fuzz-testing/README.md @@ -27,7 +27,7 @@ A special "instrumented build" is used that allows the fuzzer to look into the p $ CXX=afl-g++ AFL_HARDEN=1 cmake -DWITH_XC_ALL=ON .. $ make -In the source code, special behavior for fuzz testing can be implemented with `#ifdef __AFL_COMPILER`. For example, in fuzz builds, the KeePassXC CLI takes the database password from environment variable `KEYPASSXC_AFL_PASSWORD` to allow non-interactive operation. +In the source code, special behavior for fuzz testing can be implemented with `#ifdef __AFL_COMPILER`. For example, in fuzz builds, the KeePassXC CLI takes the database password from environment variable `KEEPASSXC_AFL_PASSWORD` to allow non-interactive operation. ## Prepare Fuzzer Input @@ -35,18 +35,18 @@ To get the fuzzer started, we provide empty password database files (the passwor $ cd buildafl $ mkdir -p findings/testcases - $ cp ../share/empty*.kdbx findings/testcases + $ cp ../utils/fuzz-testing/empty*.kdbx findings/testcases The fuzzer works by running KeePassXC with variations of this input, mutated in ways that make the program crash or hang. ## Run The Fuzzer $ cd buildafl - $ KEYPASSXC_AFL_PASSWORD=secret afl-fuzz -i findings/testcases -o findings -m 2000 -t 1000 src/cli/keepassxc-cli ls @@ + $ KEEPASSXC_AFL_PASSWORD=secret afl-fuzz -i findings/testcases -o findings -m 2000 -t 1000 src/cli/keepassxc-cli ls @@ This fuzz-tests the `ls` command of the KeePassXC CLI, which loads and decrypts a database file and then lists its contents. The parameters mean: -* `KEYPASSXC_AFL_PASSWORD=secret`: In fuzz test builds, the KeePassXC CLI takes the database password from this environment variable. +* `KEEPASSXC_AFL_PASSWORD=secret`: In fuzz test builds, the KeePassXC CLI takes the database password from this environment variable. * `-i findings/testcases`: The directory which contains the initial fuzzer input. * `-o findings`: The directory in which to store fuzzer results. * `-m 2000`: Fuzzer memory (in megabytes). Adjust as required if the fuzzer fails to start up. diff --git a/share/empty3.kdbx b/utils/fuzz-testing/empty3.kdbx similarity index 100% rename from share/empty3.kdbx rename to utils/fuzz-testing/empty3.kdbx diff --git a/share/empty4.kdbx b/utils/fuzz-testing/empty4.kdbx similarity index 100% rename from share/empty4.kdbx rename to utils/fuzz-testing/empty4.kdbx