istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/fuzz/pilot_security_fuzzer.go

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/fuzz/pilot_security_fuzzer.go (about)

     1  // Copyright Istio Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package fuzz
    16  
    17  import (
    18  	"fmt"
    19  
    20  	fuzz "github.com/AdaLogics/go-fuzz-headers"
    21  
    22  	"istio.io/istio/pilot/pkg/networking/util"
    23  	"istio.io/istio/pilot/pkg/security/authz/matcher"
    24  )
    25  
    26  func FuzzCidrRange(data []byte) int {
    27  	_, _ = util.AddrStrToCidrRange(string(data))
    28  	return 1
    29  }
    30  
    31  func FuzzHeaderMatcher(data []byte) int {
    32  	k, v, err := getKandV(data)
    33  	if err != nil {
    34  		return 0
    35  	}
    36  	_ = matcher.HeaderMatcher(k, v)
    37  	return 1
    38  }
    39  
    40  func FuzzHostMatcherWithRegex(data []byte) int {
    41  	k, v, err := getKandV(data)
    42  	if err != nil {
    43  		return 0
    44  	}
    45  	_ = matcher.HostMatcherWithRegex(k, v)
    46  	return 1
    47  }
    48  
    49  func FuzzHostMatcher(data []byte) int {
    50  	k, v, err := getKandV(data)
    51  	if err != nil {
    52  		return 0
    53  	}
    54  	_ = matcher.HostMatcher(k, v)
    55  	return 1
    56  }
    57  
    58  func FuzzMetadataListMatcher(data []byte) int {
    59  	f := fuzz.NewConsumer(data)
    60  	filter, err := f.GetString()
    61  	if err != nil {
    62  		return 0
    63  	}
    64  	number, err := f.GetInt()
    65  	if err != nil {
    66  		return 0
    67  	}
    68  	maxKeys := number % 100
    69  	keys := make([]string, 0, maxKeys)
    70  	for i := 0; i < maxKeys; i++ {
    71  		key, err := f.GetString()
    72  		if err != nil {
    73  			return 0
    74  		}
    75  		keys = append(keys, key)
    76  	}
    77  	value, err := f.GetString()
    78  	if err != nil {
    79  		return 0
    80  	}
    81  	_ = matcher.MetadataListMatcher(filter, keys, matcher.StringMatcher(value), false)
    82  	return 1
    83  }
    84  
    85  func getKandV(data []byte) (string, string, error) {
    86  	if len(data) < 10 {
    87  		return "", "", fmt.Errorf("not enough bytes")
    88  	}
    89  	if len(data)%2 != 0 {
    90  		return "", "", fmt.Errorf("not correct amount of bytes")
    91  	}
    92  	k := string(data[:len(data)/2])
    93  	v := string(data[(len(data)/2)+1:])
    94  	return k, v, nil
    95  }