noth/surrealpatch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Adds an executor fuzzer and corresponding dictionaries (#1891)

Browse source
This commit is contained in:
Nathaniel Brough 2023-04-30 00:49:03 -07:00 committed by GitHub
parent c7e3b927ac
commit 7a86ed3a3d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 812 additions and 401 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

456
lib/fuzz/Cargo.lock generated
View file

@ -53,6 +53,12 @@ dependencies = [
"derive_arbitrary",
]
[[package]]
name = "arc-swap"
version = "1.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bddcadddf5e9015d310179a59bb28c4d4b9920ad0f11e8e14dbadf654890c9a6"
[[package]]
name = "argon2"
version = "0.5.0"
@ -150,12 +156,6 @@ version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
[[package]]
name = "base64"
version = "0.13.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
[[package]]
name = "base64"
version = "0.21.0"
@ -174,7 +174,7 @@ version = "0.14.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9df288bec72232f78c1ec5fe4e8f1d108aa0265476e93097593c803c8c02062a"
dependencies = [
"base64 0.21.0",
"base64",
"blowfish",
"getrandom",
"subtle",
@ -199,6 +199,12 @@ version = "1.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
[[package]]
name = "bitmaps"
version = "3.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "703642b98a00b3b90513279a8ede3fcfa479c126c5fb46e78f3051522f021403"
[[package]]
name = "bitvec"
version = "1.0.1"
@ -445,12 +451,15 @@ dependencies = [
]
[[package]]
name = "encoding_rs"
version = "0.8.32"
name = "echodb"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "071a31f4ee85403370b58aca746f01041ede6f0da2730960ad001edc2b71b394"
checksum = "312221c0bb46e82cd250c818404ef9dce769a4d5a62915c0249b577762eec34a"
dependencies = [
"cfg-if",
"arc-swap",
"imbl",
"thiserror",
"tokio",
]
[[package]]
@ -484,15 +493,9 @@ dependencies = [
"futures-sink",
"nanorand",
"pin-project",
"spin 0.9.8",
"spin",
]
[[package]]
name = "fnv"
version = "1.0.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
[[package]]
name = "form_urlencoded"
version = "1.1.0"
@ -692,25 +695,6 @@ dependencies = [
"wasm-bindgen",
]
[[package]]
name = "h2"
version = "0.3.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "17f8a914c2987b688368b5138aa05321db91f4090cf26118185672ad588bce21"
dependencies = [
"bytes",
"fnv",
"futures-core",
"futures-sink",
"futures-util",
"http",
"indexmap",
"slab",
"tokio",
"tokio-util",
"tracing",
]
[[package]]
name = "hash32"
version = "0.2.1"
@ -735,7 +719,7 @@ dependencies = [
"atomic-polyfill",
"hash32",
"rustc_version",
"spin 0.9.8",
"spin",
"stable_deref_trait",
]
@ -757,77 +741,6 @@ dependencies = [
"digest",
]
[[package]]
name = "http"
version = "0.2.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bd6effc99afb63425aff9b05836f029929e345a6148a14b7ecd5ab67af944482"
dependencies = [
"bytes",
"fnv",
"itoa",
]
[[package]]
name = "http-body"
version = "0.4.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d5f38f16d184e36f2408a55281cd658ecbd3ca05cce6d6510a176eca393e26d1"
dependencies = [
"bytes",
"http",
"pin-project-lite",
]
[[package]]
name = "httparse"
version = "1.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d897f394bad6a705d5f4104762e116a75639e470d80901eed05a860a95cb1904"
[[package]]
name = "httpdate"
version = "1.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c4a1e36c821dbe04574f602848a19f742f4fb3c98d40449f11bcad18d6b17421"
[[package]]
name = "hyper"
version = "0.14.26"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ab302d72a6f11a3b910431ff93aae7e773078c769f0a3ef15fb9ec692ed147d4"
dependencies = [
"bytes",
"futures-channel",
"futures-core",
"futures-util",
"h2",
"http",
"http-body",
"httparse",
"httpdate",
"itoa",
"pin-project-lite",
"socket2",
"tokio",
"tower-service",
"tracing",
"want",
]
[[package]]
name = "hyper-rustls"
version = "0.23.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1788965e61b367cd03a62950836d5cd41560c3577d90e40e0819373194d1661c"
dependencies = [
"http",
"hyper",
"rustls",
"tokio",
"tokio-rustls",
]
[[package]]
name = "iana-time-zone"
version = "0.1.56"
@ -862,6 +775,28 @@ dependencies = [
"unicode-normalization",
]
[[package]]
name = "imbl"
version = "2.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c2806b69cd9f4664844027b64465eacb444c67c1db9c778e341adff0c25cdb0d"
dependencies = [
"bitmaps",
"imbl-sized-chunks",
"rand_core",
"rand_xoshiro",
"version_check",
]
[[package]]
name = "imbl-sized-chunks"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e6957ea0b2541c5ca561d3ef4538044af79f8a05a1eb3a3b148936aaceaa1076"
dependencies = [
"bitmaps",
]
[[package]]
name = "indexmap"
version = "1.9.3"
@ -891,12 +826,6 @@ dependencies = [
"cfg-if",
]
[[package]]
name = "ipnet"
version = "2.7.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "12b6ee2129af8d4fb011108c73d99a1b83a85977f23b82460c0ae2e25bb4b57f"
[[package]]
name = "itoa"
version = "1.0.6"
@ -1002,30 +931,12 @@ version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d"
[[package]]
name = "mime"
version = "0.3.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
[[package]]
name = "minimal-lexical"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
[[package]]
name = "mio"
version = "0.8.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5b9d9a46eff5b4ff64b45a9e316a6d1e0bc719ef429cbec4dc630684212bfdf9"
dependencies = [
"libc",
"log",
"wasi 0.11.0+wasi-snapshot-preview1",
"windows-sys",
]
[[package]]
name = "nanoid"
version = "0.4.0"
@ -1273,6 +1184,15 @@ dependencies = [
"getrandom",
]
[[package]]
name = "rand_xoshiro"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6f97cdb2a36ed4183de61b2f824cc45c9f1037f28afe0a322e9fff4c108b5aaa"
dependencies = [
"rand_core",
]
[[package]]
name = "redox_syscall"
version = "0.2.16"
@ -1299,62 +1219,6 @@ version = "0.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a5996294f19bd3aae0453a862ad728f60e6600695733dd5df01da90c54363a3c"
[[package]]
name = "reqwest"
version = "0.11.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "27b71749df584b7f4cac2c426c127a7c785a5106cc98f7a8feb044115f0fa254"
dependencies = [
"base64 0.21.0",
"bytes",
"encoding_rs",
"futures-core",
"futures-util",
"h2",
"http",
"http-body",
"hyper",
"hyper-rustls",
"ipnet",
"js-sys",
"log",
"mime",
"once_cell",
"percent-encoding",
"pin-project-lite",
"rustls",
"rustls-pemfile",
"serde",
"serde_json",
"serde_urlencoded",
"tokio",
"tokio-rustls",
"tokio-util",
"tower-service",
"url",
"wasm-bindgen",
"wasm-bindgen-futures",
"wasm-streams",
"web-sys",
"webpki-roots",
"winreg",
]
[[package]]
name = "ring"
version = "0.16.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
dependencies = [
"cc",
"libc",
"once_cell",
"spin 0.5.2",
"untrusted",
"web-sys",
"winapi",
]
[[package]]
name = "rmp"
version = "0.8.11"
@ -1392,27 +1256,6 @@ dependencies = [
"semver",
]
[[package]]
name = "rustls"
version = "0.20.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fff78fc74d175294f4e83b28343315ffcfb114b156f0185e9741cb5570f50e2f"
dependencies = [
"log",
"ring",
"sct",
"webpki",
]
[[package]]
name = "rustls-pemfile"
version = "1.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d194b56d58803a43635bdc398cd17e383d6f71f9182b9a192c127ca42494a59b"
dependencies = [
"base64 0.21.0",
]
[[package]]
name = "ryu"
version = "1.0.13"
@ -1452,16 +1295,6 @@ dependencies = [
"sha2",
]
[[package]]
name = "sct"
version = "0.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4"
dependencies = [
"ring",
"untrusted",
]
[[package]]
name = "semver"
version = "1.0.17"
@ -1508,18 +1341,6 @@ dependencies = [
"serde",
]
[[package]]
name = "serde_urlencoded"
version = "0.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd"
dependencies = [
"form_urlencoded",
"itoa",
"ryu",
"serde",
]
[[package]]
name = "sha-1"
version = "0.10.1"
@ -1531,17 +1352,6 @@ dependencies = [
"digest",
]
[[package]]
name = "sha1"
version = "0.10.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f04293dc80c3993519f2d7f6f511707ee7094fe0c6d3406feb330cdb3540eba3"
dependencies = [
"cfg-if",
"cpufeatures",
"digest",
]
[[package]]
name = "sha2"
version = "0.10.6"
@ -1568,22 +1378,6 @@ version = "1.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0"
[[package]]
name = "socket2"
version = "0.4.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "64a4a911eed85daf18834cfaa86a79b7d266ff93ff5ba14005426219480ed662"
dependencies = [
"libc",
"winapi",
]
[[package]]
name = "spin"
version = "0.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
[[package]]
name = "spin"
version = "0.9.8"
@ -1631,6 +1425,7 @@ dependencies = [
"bung",
"chrono",
"dmp",
"echodb",
"flume",
"futures",
"futures-concurrency",
@ -1648,8 +1443,6 @@ dependencies = [
"pin-project-lite",
"rand",
"regex",
"reqwest",
"rustls",
"scrypt",
"semver",
"serde",
@ -1660,7 +1453,6 @@ dependencies = [
"surrealdb-derive",
"thiserror",
"tokio",
"tokio-tungstenite",
"tracing",
"trice",
"ulid",
@ -1686,6 +1478,7 @@ name = "surrealdb-fuzz"
version = "0.0.0"
dependencies = [
"arbitrary",
"futures",
"libfuzzer-sys",
"surrealdb",
]
@ -1791,11 +1584,8 @@ checksum = "d0de47a4eecbe11f498978a9b29d792f0d2692d1dd003650c24c76510e3bc001"
dependencies = [
"autocfg",
"bytes",
"libc",
"mio",
"num_cpus",
"pin-project-lite",
"socket2",
"tokio-macros",
"windows-sys",
]
@ -1811,52 +1601,6 @@ dependencies = [
"syn 2.0.15",
]
[[package]]
name = "tokio-rustls"
version = "0.23.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c43ee83903113e03984cb9e5cebe6c04a5116269e900e3ddba8f068a62adda59"
dependencies = [
"rustls",
"tokio",
"webpki",
]
[[package]]
name = "tokio-tungstenite"
version = "0.18.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "54319c93411147bced34cb5609a80e0a8e44c5999c93903a81cd866630ec0bfd"
dependencies = [
"futures-util",
"log",
"rustls",
"tokio",
"tokio-rustls",
"tungstenite",
"webpki",
]
[[package]]
name = "tokio-util"
version = "0.7.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5427d89453009325de0d8f342c9490009f76e999cb7672d77e46267448f7e6b2"
dependencies = [
"bytes",
"futures-core",
"futures-sink",
"pin-project-lite",
"tokio",
"tracing",
]
[[package]]
name = "tower-service"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52"
[[package]]
name = "tracing"
version = "0.1.37"
@ -1900,33 +1644,6 @@ dependencies = [
"web-sys",
]
[[package]]
name = "try-lock"
version = "0.2.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3528ecfd12c466c6f163363caf2d02a71161dd5e1cc6ae7b34207ea2d42d81ed"
[[package]]
name = "tungstenite"
version = "0.18.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "30ee6ab729cd4cf0fd55218530c4522ed30b7b6081752839b68fcec8d0960788"
dependencies = [
"base64 0.13.1",
"byteorder",
"bytes",
"http",
"httparse",
"log",
"rand",
"rustls",
"sha1",
"thiserror",
"url",
"utf-8",
"webpki",
]
[[package]]
name = "typenum"
version = "1.16.0"
@ -1970,12 +1687,6 @@ version = "0.1.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b"
[[package]]
name = "untrusted"
version = "0.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
[[package]]
name = "url"
version = "2.3.1"
@ -1993,12 +1704,6 @@ version = "2.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e8db7427f936968176eaa7cdf81b7f98b980b18495ec28f1b5791ac3bfe3eea9"
[[package]]
name = "utf-8"
version = "0.7.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9"
[[package]]
name = "uuid"
version = "1.3.1"
@ -2023,16 +1728,6 @@ version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9d5b2c62b4012a3e1eca5a7e077d13b3bf498c4073e33ccd58626607748ceeca"
[[package]]
name = "want"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1ce8a968cb1cd110d136ff8b819a556d6fb6d919363c61534f6860c7eb172ba0"
dependencies = [
"log",
"try-lock",
]
[[package]]
name = "wasi"
version = "0.10.0+wasi-snapshot-preview1"
@ -2111,19 +1806,6 @@ version = "0.2.84"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d"
[[package]]
name = "wasm-streams"
version = "0.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6bbae3363c08332cadccd13b67db371814cd214c2524020932f0804b8cf7c078"
dependencies = [
"futures-util",
"js-sys",
"wasm-bindgen",
"wasm-bindgen-futures",
"web-sys",
]
[[package]]
name = "wasmtimer"
version = "0.2.0"
@ -2147,25 +1829,6 @@ dependencies = [
"wasm-bindgen",
]
[[package]]
name = "webpki"
version = "0.22.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f095d78192e208183081cc07bc5515ef55216397af48b873e5edcd72637fa1bd"
dependencies = [
"ring",
"untrusted",
]
[[package]]
name = "webpki-roots"
version = "0.22.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b6c71e40d7d2c34a5106301fb632274ca37242cd0c9d3e64dbece371a40a2d87"
dependencies = [
"webpki",
]
[[package]]
name = "winapi"
version = "0.3.9"
@ -2329,15 +1992,6 @@ version = "0.48.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1a515f5799fe4961cb532f983ce2b23082366b898e52ffbce459c86f67c8378a"
[[package]]
name = "winreg"
version = "0.10.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "80d0f4e272c85def139476380b12f9ac60926689dd2e01d4923222f40580869d"
dependencies = [
"winapi",
]
[[package]]
name = "ws_stream_wasm"
version = "0.7.4"

9
lib/fuzz/Cargo.toml
View file

@ -10,9 +10,12 @@ cargo-fuzz = true
[dependencies]
libfuzzer-sys = { version= "0.4", features = ["arbitrary-derive"] }
arbitrary = { version = "1", features = ["derive"] }
futures = "0.3.28"
[dependencies.surrealdb]
path = ".."
features = ["kv-mem"]
default-features = false
# Prevent this from interfering with workspaces
[workspace]
@ -26,3 +29,9 @@ name = "fuzz_sql_parser"
path = "fuzz_targets/fuzz_sql_parser.rs"
test = false
doc = false
[[bin]]
name = "fuzz_executor"
path = "fuzz_targets/fuzz_executor.rs"
test = false
doc = false

68
lib/fuzz/README.md Normal file
View file

@ -0,0 +1,68 @@
# Fuzzing
Surrealdb maintains a set of fuzz testing harnesses that are managed by
[cargo-fuzz](https://github.com/rust-fuzz/cargo-fuzz).
To build and run the fuzzer we will need to;
- Install a specific version of the nightly compiler
- Install cargo fuzz
- Build a fuzz friendly version of surrealdb with our harnesses
## Installing nightly
One of the key requirements for high-performance fuzzing is the ability
to collect code-coverage feedback at runtime. With the current stable
version of rustc we can't instrument our fuzz-harnesses with coverage feedback.
Because of this we need to use some of the more bleeding edge features
available in the nightly release.
Unfortunately for us the nightly release is a little unstable and there
was a [bug](https://github.com/rust-lang/rust/issues/110475) in the
latest version of the nightly compiler that prevents use from compiling
some of surrealdb's depdendencies. To workaround this issue we've carefully
picked a version of the nightly compiler that works with both cargo-fuzz
and our dependencies. This version is `nightly-2023-04-21`. To install
this version we simply need to run;
`rustup install nightly-2023-04-21`
## Installing cargo-fuzz
Full details on the different install options are available, in the
[cargo-fuzz book](https://rust-fuzz.github.io/book/cargo-fuzz/setup.html).
but for the sake of brevity you can just install the basics with the
command below.
`cargo +nightly-2023-04-21 install cargo-fuzz`
## Building the fuzzers
Now that we've install cargo-fuzz we can go ahead and build our fuzzers.
```
cd lib
# -O: Optimised build
# --debug-assertions: Catch common bugs, e.g. integer overflow.
cargo +nightly-2023-04-21 fuzz build -O --debug-assertions
````
## Running the fuzzer
Now that the fuzzer has successfully built we can actually run them. To
list the available fuzz harnesses we can use the command.
```
cargo +nightly-2023-04-21 fuzz list
```
Once we know what fuzzer (in this case fuzz_executor) we want to run we
can it using the command;
```
cargo +nightly-2023-04-21 fuzz run -O --debug-assertions fuzz_executor
```
The previous command will run the fuzzer in libfuzzer's default mode,
which means as a single thread. If you would like to speed fuzzing
up we can make use of all cores, and use a dictionary file. e.g.
```
# -fork: Run N seperate process fuzzing in parralell in this case we
# use nproc to match the number of processors on our local
# machine.
# -dict: Make use the fuzzer specific dictionary file.
cargo +nightly-2023-04-21 fuzz run -O --debug-assertions \
fuzz_executor -- -fork=$(nproc) \
-dict=fuzz/fuzz_targets/fuzz_executor.dict
```

327
lib/fuzz/fuzz_targets/fuzz_executor.dict Normal file
View file

@ -0,0 +1,327 @@
"AFTER"
"ALL"
"ALLINSIDE"
"AND"
"ANYINSIDE"
"AS"
"ASC"
"ASSERT"
"AT"
"BEFORE"
"BEGIN"
"BY"
"CANCEL"
"COLLATE"
"COLUMNS"
"COMMIT"
"CONTAINS"
"CONTAINSALL"
"CONTAINSANY"
"CONTAINSNONE"
"CONTAINSNOT"
"CONTENT"
"CREATE"
"DATABASE"
"DB"
"DEFINE"
"DELETE"
"DESC"
"DIFF"
"DROP"
"EDDSA"
"ELSE"
"END"
"ERR"
"EVENT"
"EVENTS"
"FALSE"
"FETCH"
"FIELD"
"FIELDS"
"FLEX"
"FLEXI"
"FLEXIBLE"
"FOR"
"FORCE"
"FROM"
"FULL"
"FUNCTION"
"GBR"
"GROUP"
"HEAD"
"ID"
"IF"
"IGNORE"
"IMPORT"
"IN"
"INDEX"
"INFO"
"INSERT"
"INSIDE"
"INTERSECTS"
"INTO"
"IS"
"KILL"
"KV"
"LET"
"LICENSE"
"LIMIT"
"LOGIN"
"MERGE"
"NAMESPACE"
"NONE"
"NONEINSIDE"
"NOTINSIDE"
"NS"
"NULL"
"NUMERIC"
"OK"
"ON"
"OPTION"
"OR"
"ORDER"
"OUTSIDE"
"PARALLEL"
"PARAM"
"PASSHASH"
"PASSWORD"
"PATCH"
"PATH"
"PERMISSIONS"
"PI"
"RELATE"
"REMOVE"
"REPLACE"
"RETURN"
"SC"
"SCHEMAFUL"
"SCHEMAFULL"
"SCHEMALESS"
"SCOPE"
"SELECT"
"SESSION"
"SET"
"SIGHUP"
"SIGINT"
"SIGNIN"
"SIGNUP"
"SIGQUIT"
"SIGTERM"
"SLEEP"
"SPLIT"
"START"
"TABLE"
"TABLES"
"TAU"
"TB"
"THEN"
"TIMEOUT"
"TK"
"TOKEN"
"TRANSACTION"
"TRUE"
"TYPE"
"UNIQUE"
"UPDATE"
"UPPERCASE"
"USE"
"VALUE"
"VALUES"
"VERSION"
"WHEN"
"WHERE"
"&&"
"||"
"??"
"?:"
"!="
"=="
"?="
"*="
"!~"
"?~"
"*~"
"<="
">="
"**"
"::"
"array"
"array::"
"array::add("
"array::all("
"array::any("
"array::append("
"array::combine("
"array::complement("
"array::concat("
"array::difference("
"array::distinct("
"array::flatten("
"array::group("
"array::insert("
"array::intersect("
"array::len("
"array::max("
"array::min("
"array::pop("
"array::prepend("
"array::push("
"array::remove("
"array::reverse("
"array::sort("
"array::sort::asc("
"array::sort::desc("
"array::union("
"count("
"crypto"
"crypto::"
"crypto::md5("
"crypto::sha1("
"crypto::sha256("
"crypto::argon2::compare("
"crypto::argon2::generate("
"crypto::pbkdf2::compare("
"crypto::pbkdf2::generate("
"crypto::bcrypt::compare("
"crypto::bcrypt::generate("
"crypto::scrypt::compare("
"crypto::scrypt::generate("
"geo"
"geo::"
"geo::area("
"geo::bearing("
"geo::centroid("
"geo::distance("
"geo::hash"
"hash"
"geo::hash::decode("
"geo::hash::encode("
"http"
"http::"
"http::head("
"http::get("
"http::put("
"http::post("
"http::patch("
"http::delete("
"is"
"is::"
"is::alphanum("
"is::alpha("
"is::ascii("
"is::datetime("
"is::domain("
"is::email("
"is::hexadecimal("
"is::latitude("
"is::longitude("
"is::numeric("
"is::semver("
"is::url("
"is::uuid("
"math"
"math::"
"math::abs("
"math::ceil("
"math::fixed("
"math::floor("
"math::max("
"math::mean("
"math::median("
"math::min("
"math::product("
"math::round("
"math::sqrt("
"math::sum("
"meta"
"meta::"
"meta::id("
"meta::tb("
"parse"
"parse::"
"parse::email"
"email"
"parse::email::host("
"parse::email::user("
"parse::email::domain("
"parse::email::fragments("
"parse::url::host("
"parse::url::path("
"parse::url::port("
"parse::url::query("
"rand("
"rand"
"rand::bool("
"rand::enum("
"rand::float("
"rand::guid("
"rand::int("
"rand::string("
"rand::time("
"rand::uuid("
"uuid"
"rand::uuid::v4("
"rand::uuid::v7("
"session"
"session::"
"session::db("
"session::id("
"session::ip("
"session::ns("
"session::origin("
"session::sc"
# Sleep is just going to slow the fuzzer down
# "sleep("
"string"
"string::concat("
"string::endsWith("
"string::join("
"string::len("
"string::lowercase("
"string::repeat("
"string::replace("
"string::reverse("
"string::slice("
"string::slug("
"string::split("
"string::startsWith("
"string::trim("
"string::uppercase("
"string::words("
"time"
"time::"
"time::day("
"time::floor("
"time::format("
"time::group("
"time::hour("
"time::minute("
"time::month("
"time::nano("
"time::now("
"time::round("
"time::second("
"time::timezone("
"time::unix("
"time::wday("
"time::week("
"time::yday("
"time::year("
"type"
"type::"
"type::bool("
"type::datetime("
"type::decimal("
"type::duration("
"type::float("
"type::int("
"type::number("
"type::point("
# Avoid regex in the fuzzer as it will just slow things down.
# the rust regex crate is already fuzzed.
# "type::regex("
"type::string("
"type::table("
"type::thing("
# TODO: Add Javascript keywords

29
lib/fuzz/fuzz_targets/fuzz_executor.rs Normal file
View file

@ -0,0 +1,29 @@
#![no_main]
use libfuzzer_sys::fuzz_target;
fuzz_target!(|commands: Vec<&str>| {
let blacklisted_command_strings = ["sleep"];
use surrealdb::{dbs::Session, kvs::Datastore};
let max_commands = 500;
if commands.len() > max_commands {
return;
}
futures::executor::block_on(async {
let dbs = Datastore::new("memory").await.unwrap();
let ses = Session::for_kv().with_ns("test").with_db("test");
for command in commands.iter() {
for blacklisted_string in blacklisted_command_strings.iter() {
if command.contains(blacklisted_string) {
return;
}
}
let _ignore_the_result = dbs.execute(command, &ses, None, false).await;
// TODO: Add some async timeout and `tokio::select!` between it and the query
// Alternatively, wrap future in `tokio::time::Timeout`.
}
});
});

324
lib/fuzz/fuzz_targets/fuzz_sql_parser.dict Normal file
View file

@ -0,0 +1,324 @@
"AFTER"
"ALL"
"ALLINSIDE"
"AND"
"ANYINSIDE"
"AS"
"ASC"
"ASSERT"
"AT"
"BEFORE"
"BEGIN"
"BY"
"CANCEL"
"COLLATE"
"COLUMNS"
"COMMIT"
"CONTAINS"
"CONTAINSALL"
"CONTAINSANY"
"CONTAINSNONE"
"CONTAINSNOT"
"CONTENT"
"CREATE"
"DATABASE"
"DB"
"DEFINE"
"DELETE"
"DESC"
"DIFF"
"DROP"
"EDDSA"
"ELSE"
"END"
"ERR"
"EVENT"
"EVENTS"
"FALSE"
"FETCH"
"FIELD"
"FIELDS"
"FLEX"
"FLEXI"
"FLEXIBLE"
"FOR"
"FORCE"
"FROM"
"FULL"
"FUNCTION"
"GBR"
"GROUP"
"HEAD"
"ID"
"IF"
"IGNORE"
"IMPORT"
"IN"
"INDEX"
"INFO"
"INSERT"
"INSIDE"
"INTERSECTS"
"INTO"
"IS"
"KILL"
"KV"
"LET"
"LICENSE"
"LIMIT"
"LOGIN"
"MERGE"
"NAMESPACE"
"NONE"
"NONEINSIDE"
"NOTINSIDE"
"NS"
"NULL"
"NUMERIC"
"OK"
"ON"
"OPTION"
"OR"
"ORDER"
"OUTSIDE"
"PARALLEL"
"PARAM"
"PASSHASH"
"PASSWORD"
"PATCH"
"PATH"
"PERMISSIONS"
"PI"
"RELATE"
"REMOVE"
"REPLACE"
"RETURN"
"SC"
"SCHEMAFUL"
"SCHEMAFULL"
"SCHEMALESS"
"SCOPE"
"SELECT"
"SESSION"
"SET"
"SIGHUP"
"SIGINT"
"SIGNIN"
"SIGNUP"
"SIGQUIT"
"SIGTERM"
"SLEEP"
"SPLIT"
"START"
"TABLE"
"TABLES"
"TAU"
"TB"
"THEN"
"TIMEOUT"
"TK"
"TOKEN"
"TRANSACTION"
"TRUE"
"TYPE"
"UNIQUE"
"UPDATE"
"UPPERCASE"
"USE"
"VALUE"
"VALUES"
"VERSION"
"WHEN"
"WHERE"
"&&"
"||"
"??"
"?:"
"!="
"=="
"?="
"*="
"!~"
"?~"
"*~"
"<="
">="
"**"
"::"
"array"
"array::"
"array::add("
"array::all("
"array::any("
"array::append("
"array::combine("
"array::complement("
"array::concat("
"array::difference("
"array::distinct("
"array::flatten("
"array::group("
"array::insert("
"array::intersect("
"array::len("
"array::max("
"array::min("
"array::pop("
"array::prepend("
"array::push("
"array::remove("
"array::reverse("
"array::sort("
"array::sort::asc("
"array::sort::desc("
"array::union("
"count("
"crypto"
"crypto::"
"crypto::md5("
"crypto::sha1("
"crypto::sha256("
"crypto::argon2::compare("
"crypto::argon2::generate("
"crypto::pbkdf2::compare("
"crypto::pbkdf2::generate("
"crypto::bcrypt::compare("
"crypto::bcrypt::generate("
"crypto::scrypt::compare("
"crypto::scrypt::generate("
"geo"
"geo::"
"geo::area("
"geo::bearing("
"geo::centroid("
"geo::distance("
"geo::hash"
"hash"
"geo::hash::decode("
"geo::hash::encode("
"http"
"http::"
"http::head("
"http::get("
"http::put("
"http::post("
"http::patch("
"http::delete("
"is"
"is::"
"is::alphanum("
"is::alpha("
"is::ascii("
"is::datetime("
"is::domain("
"is::email("
"is::hexadecimal("
"is::latitude("
"is::longitude("
"is::numeric("
"is::semver("
"is::url("
"is::uuid("
"math"
"math::"
"math::abs("
"math::ceil("
"math::fixed("
"math::floor("
"math::max("
"math::mean("
"math::median("
"math::min("
"math::product("
"math::round("
"math::sqrt("
"math::sum("
"meta"
"meta::"
"meta::id("
"meta::tb("
"parse"
"parse::"
"parse::email"
"email"
"parse::email::host("
"parse::email::user("
"parse::email::domain("
"parse::email::fragments("
"parse::url::host("
"parse::url::path("
"parse::url::port("
"parse::url::query("
"rand("
"rand"
"rand::bool("
"rand::enum("
"rand::float("
"rand::guid("
"rand::int("
"rand::string("
"rand::time("
"rand::uuid("
"uuid"
"rand::uuid::v4("
"rand::uuid::v7("
"session"
"session::"
"session::db("
"session::id("
"session::ip("
"session::ns("
"session::origin("
"session::sc"
"sleep("
"string"
"string::concat("
"string::endsWith("
"string::join("
"string::len("
"string::lowercase("
"string::repeat("
"string::replace("
"string::reverse("
"string::slice("
"string::slug("
"string::split("
"string::startsWith("
"string::trim("
"string::uppercase("
"string::words("
"time"
"time::"
"time::day("
"time::floor("
"time::format("
"time::group("
"time::hour("
"time::minute("
"time::month("
"time::nano("
"time::now("
"time::round("
"time::second("
"time::timezone("
"time::unix("
"time::wday("
"time::week("
"time::yday("
"time::year("
"type"
"type::"
"type::bool("
"type::datetime("
"type::decimal("
"type::duration("
"type::float("
"type::int("
"type::number("
"type::point("
"type::regex("
"type::string("
"type::table("
"type::thing("
# TODO: Add Javascript keywords