Attempt to rune bruteforce test

evilaliv3 · evilaliv3 · commit f9f496901c1b · 2025-03-14T00:23:32.000+01:00
diff --git a/.github/workflows/cflite.yml b/.github/workflows/cflite.yml
@@ -13,13 +13,39 @@ jobs:
       matrix:
         sanitizer: [address]
     steps:
+      - name: Check out repository code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 1
+
+      - name: Cache npm dependencies
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 #v4.2.0
+        with:
+        path: ~/.npm
+          key: ${{ runner.os }}-npm-${{ hashFiles('client/npm-shrinkwrap.json') }}
+          restore-keys: |
+            ${{ runner.os }}-npm-
+
+      - name: Cache pip dependencies
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('backend/requirements.txt') }}
+          restore-keys: |
+            ${{ runner.os }}-pip-
+
+     - name: Start application
+        run: |
+          cd backend && ./bin/globaleaks -z
+
     - name: Build Fuzzers (${{ matrix.sanitizer }})
       id: build
       uses: google/clusterfuzzlite/actions/build_fuzzers@v1
       with:
         sanitizer: ${{ matrix.sanitizer }}
         language: c
         bad-build-check: false
+
     - name: Run Fuzzers (${{ matrix.sanitizer }})
       id: run
       uses: google/clusterfuzzlite/actions/run_fuzzers@v1
diff --git a/backend/globaleaks/tests/fuzzer_clusterfuzzlite.py b/backend/globaleaks/tests/fuzzer_clusterfuzzlite.py
@@ -1,24 +1,145 @@
 import atheris
+import random
+import string
 import sys
-from globaleaks.rest import api
+from twisted.internet import protocol, ssl, reactor
+from twisted.protocols import basic
 
-def fuzz_test_resolve_handler(fuzz_input: str):
-    # Call the resolve_handler method with the fuzzed input
-    match, handler = api.APIResourceWrapper().resolve_handler(fuzz_input)
 
-def fuzz_target(input_data: bytes):
-    # Convert the fuzzed byte input to a string
+class HTTPSClientProtocol(basic.Int32StringReceiver):
+    """
+    Custom Protocol to handle sending HTTP requests over TLS.
+    """
+
+    def connectionMade(self):
+        """
+        This is called when the connection is established.
+        Continuously send random requests.
+        """
+        self.send_random_request()
+
+    def dataReceived(self, data):
+        """
+        This is called when we receive a response from the server.
+        Print out the response and send a new request.
+        """
+        print(f"Received response: {data[:100]}...")  # Print first 100 chars of the response
+        self.send_random_request()
+
+    def send_random_request(self):
+        """Generate and send a random HTTP request."""
+        random_http_request = self.generate_random_http_request()
+        print(f"Sending request: {random_http_request[:50]}...")  # Print first 50 chars of request
+        self.sendString(random_http_request.encode('utf-8'))
+
+    def generate_random_string(self, length: int) -> str:
+        """Generate a random string of given length."""
+        return ''.join(random.choices(string.ascii_letters + string.digits, k=length))
+
+    def generate_random_http_request(self) -> str:
+        """Generate a random HTTP request (GET, POST, etc.) with random headers and path."""
+        methods = ["GET", "POST", "PUT", "DELETE", "PATCH"]
+        method = random.choice(methods)
+
+        path = '/' + self.generate_random_string(random.randint(5, 20))
+        http_version = "HTTP/1.1"
+
+        headers = {
+            "Host": "localhost:8443",
+            "User-Agent": "FuzzingBot/1.0",
+            "Content-Type": random.choice(["text/plain", "application/json", "text/html"]),
+        }
+
+        headers_str = "\r\n".join([f"{key}: {value}" for key, value in headers.items()])
+        
+        body = ""
+        if method in ["POST", "PUT"]:
+            body = f"\r\n\r\n{self.generate_random_string(50)}"
+        
+        request = f"{method} {path} {http_version}\r\n{headers_str}{body}\r\n\r\n"
+        return request
+
+
+class HTTPSClientFactory(protocol.ClientFactory):
+    """Factory for creating a new HTTPSClientProtocol instance."""
+
+    def buildProtocol(self, addr):
+        return HTTPSClientProtocol()
+
+    def clientConnectionFailed(self, connector, reason):
+        """This is called when a connection attempt fails."""
+        print(f"Connection failed: {reason}")
+        # Retry the connection after a delay
+        connector.connect()
+
+    def clientConnectionLost(self, connector, reason):
+        """This is called when a connection is lost."""
+        print(f"Connection lost: {reason}")
+        # Retry the connection after a delay
+        connector.connect()
+
+
+def fuzz_test_request(input_data: bytes):
+    """
+    Fuzzing function for Atheris. The input data is used to generate random HTTP requests.
+    """
+
+    # Convert the fuzzed byte input into a string
     fuzz_input = input_data.decode(errors="ignore")
 
-    # Call the fuzz test handler function with the decoded string
-    fuzz_test_resolve_handler(fuzz_input)
+    # Generate a random HTTP request using fuzzed data
+    random_http_request = generate_random_http_request_with_fuzzed_input(fuzz_input)
 
-def main():
-    # Set up Atheris and pass the fuzz target function
-    atheris.Setup(sys.argv, fuzz_target)
+    print(f"Sending fuzzed request: {random_http_request[:50]}...")  # Print first 50 chars
 
-    # Start fuzzing
+    # Initiate a real connection to the server
+    context_factory = ssl.ClientContextFactory()
+    factory = HTTPSClientFactory()
+
+    reactor.connectSSL('127.0.0.1', 8443, factory, context_factory)  # Connect to the server
+
+    # Send the fuzzed HTTP request over TLS
+    factory.buildProtocol(None).sendString(random_http_request.encode('utf-8'))
+
+
+def generate_random_string(length: int) -> str:
+    """Generate a random string of given length."""
+    return ''.join(random.choices(string.ascii_letters + string.digits, k=length))
+
+
+def generate_random_http_request_with_fuzzed_input(fuzz_input: str) -> str:
+    """
+    Generate an HTTP request with the fuzzed input, potentially modifying the request.
+    """
+    methods = ["GET", "POST", "PUT", "DELETE", "PATCH"]
+    method = random.choice(methods)
+
+    path = '/' + generate_random_string(random.randint(5, 20))
+    http_version = "HTTP/1.1"
+
+    headers = {
+        "Host": "localhost:8443",
+        "User-Agent": "FuzzingBot/1.0",
+        "Content-Type": "text/plain",
+    }
+
+    headers_str = "\r\n".join([f"{key}: {value}" for key, value in headers.items()])
+
+    # Using fuzz input in the body or headers
+    body = f"\r\n\r\n{fuzz_input}"
+
+    request = f"{method} {path} {http_version}\r\n{headers_str}{body}\r\n\r\n"
+    return request
+
+
+def main():
+    """
+    Set up Atheris for fuzzing, while making use of the `fuzz_test_request` function.
+    """
+    atheris.Setup(sys.argv, fuzz_test_request)
     atheris.Fuzz()
 
+
 if __name__ == "__main__":
     main()
+
