Extend fuzzing for ctap1 and ctap2 requests

Previously, we only fuzzed the deserialization of PublicKeyCredentialUserEntity. This patch replaces that fuzz target with the deserialization of entire ctap1 and ctap2 requests.
trussed-dev · Jun 26, 2024 · 6325217 · 6325217
1 parent 8a48754
commit 6325217
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 16 deletions.
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
@@ -1,16 +1,15 @@
-
 [package]
 name = "ctap-types-fuzz"
 version = "0.0.0"
-authors = ["Automatically generated"]
 publish = false
-edition = "2018"
+edition = "2021"
 
 [package.metadata]
 cargo-fuzz = true
 
 [dependencies]
-libfuzzer-sys = "0.3"
+iso7816 = "0.1.2"
+libfuzzer-sys = "0.4"
 
 [dependencies.ctap-types]
 path = ".."
@@ -20,5 +19,15 @@ path = ".."
 members = ["."]
 
 [[bin]]
-name = "example"
-path = "fuzz_targets/example.rs"
+name = "ctap1"
+path = "fuzz_targets/ctap1.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "ctap2"
+path = "fuzz_targets/ctap2.rs"
+test = false
+doc = false
+bench = false
diff --git a/fuzz/fuzz_targets/ctap1.rs b/fuzz/fuzz_targets/ctap1.rs
@@ -0,0 +1,11 @@
+#![no_main]
+
+use ctap_types::ctap1::Request;
+use iso7816::command::Command;
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &[u8]| {
+    if let Ok(command) = Command::<7609>::try_from(data) {
+        Request::try_from(&command).ok();
+    }
+});
diff --git a/fuzz/fuzz_targets/ctap2.rs b/fuzz/fuzz_targets/ctap2.rs
@@ -0,0 +1,8 @@
+#![no_main]
+
+use ctap_types::ctap2::Request;
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &[u8]| {
+    Request::deserialize(data).ok();
+});
diff --git a/fuzz/fuzz_targets/example.rs b/fuzz/fuzz_targets/example.rs