feat: add initial fuzz testing #271
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Pull Request Test Coverage Report for Build 16808127177Details
💛 - Coveralls |
oleonardolima
force-pushed
the
feat/add-initial-fuzz-testing
branch
2 times, most recently
from
31f422f to
2b885dc
Compare
|
Could you include the rationale for having a separate crate for fuzzing? Is it because we need to use nightly cargo? |
|
Rather than requiring use of |
oleonardolima
force-pushed
the
feat/add-initial-fuzz-testing
branch
3 times, most recently
from
1166295 to
8422bc6
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
oleonardolima
force-pushed
the
feat/add-initial-fuzz-testing
branch
from
8422bc6 to
f309e1d
Compare
| persist-credentials: false | ||
|
|
||
| - name: Install the nightly Rust channel | ||
| uses: actions-rs/toolchain@v1 |
Check failure
Code scanning / zizmor
action is not pinned to a hash (required by blanket policy) Error
oleonardolima
force-pushed
the
feat/add-initial-fuzz-testing
branch
from
f309e1d to
3b70fa6
Compare
- creates a new `fuzz` crate, it's meant to run fuzz testing over bdk_wallet targets, with `cargo fuzz` (libFuzzer). - creates an initial `wallet_update` fuzz target for `bdk_wallet`. - creates an initial `fuzzed_data_provider` and `fuzz_utils` files with useful methods to consume the fuzzed data into `bdk_wallet` API-specific types.
- renames the fuzz target to `bdk_wallet`. - add the `WalletAction` enum, in order to fuzz test different behaviors: wallet update, persistance/load, and tx creation. - use macros (e.g `try_consume_*`) in `fuzzed_data_provider` and `fuzz_utils` in order to properly handle an exhausted fuzzer byte stream, returning early. - update `Wallet::ApplyUpdate` target to use the newly added macros.
- update `bdk_wallet_fuzz` to use `rusqlite` feature. - update the created wallet in `bdk_wallet` fuzz target to use an in-memory sqlite database connection, initializing wallet with persistance. - add the `PersistAndLoad` scenario to `bdk_wallet` fuzz target.
- add the `CreateTx` scenario to `bdk_wallet` fuzz target. - add two new macros: `try_consume_tx_builder` and `try_consume_sign_options`, in order to build the specific structures and types required for tx creation, signing and applying to wallet.
- adds a new daily CI fuzz job, it runs every day at 5am UTC and uploads the artifacts on failures. - it currently only uses the `cargo fuzz`, as it's the only supported harness at the moment.
oleonardolima
force-pushed
the
feat/add-initial-fuzz-testing
branch
from
47ecc5f to
7f1fa74
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
It's an initial work towards the goal of #61, it adds a new
fuzzcrate to the project which is meant to be used to add new fuzz target in order to increase the fuzz coverage.It's built on top of and with inspiration from previous Antoine's work through the most recent BDK Audit.
So far, this PR:
fuzzcrate withcargo fuzzrelying on LibFuzzer engine.UpdatetoWallet.fuzzed_data_providerandfuzz_utilswith common used fns to build BDK's-specific types from fuzzed bytes.Still to be done by this PR:
Notes to the reviewers
Are there any other BDK usage scenarios you'd like to see covered by a fuzz target ? Let's discuss it either on the issue or under this PR comments.
Changelog notice
TBD
Checklists
All Submissions:
just pbefore pushing