Revive the fuzz testing framework

This commit updates the fuzz testing framework to adapt to recent changes in the Parsec service code, allowing us to run the fuzzer within the same container that we use for CI. Signed-off-by: Ionut Mihalcea <[email protected]>
parallaxsecond · May 19, 2021 · 9d4d36d · 9d4d36d
1 parent 92b7a7c
commit 9d4d36d
Show file tree

Hide file tree

Showing 8 changed files with 794 additions and 888 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -83,6 +83,20 @@ jobs:
       # When running the container built on the CI
       # run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t parsec-service-test-all /tmp/parsec/ci.sh cryptoauthlib --no-stress-test
 
+  fuzz-test-checker:
+    name: Check that the fuzz testing framework is still working
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      # Use the following step when updating the `parsec-service-test-all` image
+      # - name: Build the container
+      #   run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
+      - name: Run the fuzz test script
+        # Not running stress tests because rust-cryptoauthlib test-interface does not support required calls
+        run: ./fuzz.sh test
+      # When running the container built on the CI
+      # run: CONTAINER_TAG=parsec-service-test-all ./fuzz.sh test
+
   cross-compilation:
     # Currently only the Mbed Crypto, PKCS 11, and TPM providers are tested as the other ones need to cross-compile other libraries.
     name: Cross-compile Parsec to various targets

diff --git a/fuzz.sh b/fuzz.sh
@@ -9,19 +9,16 @@ CLEANUP_CONTAINER_NAME=parsec_fuzzer_cleanup
 set -e
 
 if [[ "$1" == "run" ]]
-then
-    # Build Docker image
-    docker build fuzz/docker -t parsec/fuzz
-
+then    
     # Set up fuzz folder
-    docker run --rm -v $(pwd):/parsec -w /parsec/fuzz --name $CLEANUP_CONTAINER_NAME parsec/fuzz ./cleanup.sh
+    docker run --rm -v $(pwd):/parsec -w /parsec/fuzz --name $CLEANUP_CONTAINER_NAME ghcr.io/parallaxsecond/parsec-service-test-all ./cleanup.sh
     # A copy of the config file is used because the file is modified during the run
     cp fuzz/config.toml fuzz/run_config.toml
 
     # Stop previous container and run fuzzer
     docker kill $FUZZ_CONTAINER_NAME || true
     sleep 5s
-    docker run -d --rm -v $(pwd):/parsec -w /parsec/fuzz --name $FUZZ_CONTAINER_NAME parsec/fuzz ./run_fuzz.sh
+    docker run -d --rm -v $(pwd):/parsec -w /parsec/fuzz --name $FUZZ_CONTAINER_NAME ghcr.io/parallaxsecond/parsec-service-test-all ./run_fuzz.sh
 elif [[ "$1" == "stop" ]]
 then
     docker kill $FUZZ_CONTAINER_NAME
@@ -33,10 +30,20 @@ then
     # Cleanup is done via Docker because on some systems ACL settings prevent the user who
     # created a container from removing the files created by said container. Another one
     # is needed to do the cleanup.
-    docker run -d --rm -v $(pwd):/parsec -w /parsec/fuzz --name $CLEANUP_CONTAINER_NAME parsec/fuzz ./cleanup.sh
+    docker run -d --rm -v $(pwd):/parsec -w /parsec/fuzz --name $CLEANUP_CONTAINER_NAME ghcr.io/parallaxsecond/parsec-service-test-all ./cleanup.sh
 elif [[ "$1" == "erase" ]]
 then
-    docker run -d --rm -v $(pwd):/parsec -w /parsec/fuzz -e "ERASE=true" --name $CLEANUP_CONTAINER_NAME parsec/fuzz ./cleanup.sh
+    docker run -d --rm -v $(pwd):/parsec -w /parsec/fuzz -e "ERASE=true" --name $CLEANUP_CONTAINER_NAME ghcr.io/parallaxsecond/parsec-service-test-all ./cleanup.sh
+elif [[ "$1" == "test" ]]
+then
+    if [[ -z "$CONTAINER_TAG" ]]
+    then
+        CONTAINER_TAG=ghcr.io/parallaxsecond/parsec-service-test-all
+    fi
+    # A copy of the config file is used because the file is modified during the run
+    cp fuzz/config.toml fuzz/run_config.toml
+    # Run the fuzzer in test mode
+    docker run --rm -v $(pwd):/parsec -w /parsec/fuzz --name $FUZZ_CONTAINER_NAME $CONTAINER_TAG ./run_fuzz.sh test
 else
     echo "usage: ./fuzz.sh [COMMAND]