diff options
author | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2017-06-24 12:38:41 +0100 |
---|---|---|
committer | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2017-06-24 16:46:18 +0100 |
commit | 841231e5bd0d90e8a57d6fd997701a70ef520730 (patch) | |
tree | 0fc42786a1302b126187bc12b935f6f4accca10c /tests/fuzz/cold-transaction.cpp | |
parent | Merge pull request #2087 (diff) | |
download | monero-841231e5bd0d90e8a57d6fd997701a70ef520730.tar.xz |
Add fuzz testing using american fuzzy lop
Existing tests: block, transaction, signature, cold outputs,
cold transaction.
Data for these is in tests/data/fuzz.
A convenience shell script is in contrib/fuzz_testing/fuzz.sh, eg:
contrib/fuzz_testing/fuzz.sh signature
The fuzzer will run indefinitely, ^C to stop.
Fuzzing is currently supported for GCC only. I can't get CLANG
to build Monero here as it dies on some system headers, so if
someone wants to make it work on both, that'd be great.
In particular, the __AFL_LOOP construct should be made to work
so that a given run can fuzz multiple inputs, as the C++ load
time is substantial.
Diffstat (limited to 'tests/fuzz/cold-transaction.cpp')
-rw-r--r-- | tests/fuzz/cold-transaction.cpp | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/tests/fuzz/cold-transaction.cpp b/tests/fuzz/cold-transaction.cpp new file mode 100644 index 000000000..c35d604a8 --- /dev/null +++ b/tests/fuzz/cold-transaction.cpp @@ -0,0 +1,110 @@ +// Copyright (c) 2017, The Monero Project +// +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, are +// permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, this list of +// conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, this list +// of conditions and the following disclaimer in the documentation and/or other +// materials provided with the distribution. +// +// 3. Neither the name of the copyright holder nor the names of its contributors may be +// used to endorse or promote products derived from this software without specific +// prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#include "include_base_utils.h" +#include "common/command_line.h" +#include "file_io_utils.h" +#include "cryptonote_protocol/blobdatatype.h" +#include "cryptonote_basic/cryptonote_basic.h" +#include "cryptonote_basic/cryptonote_format_utils.h" +#include "wallet/wallet2.h" +#include "fuzzer.h" + +class ColdTransactionFuzzer: public Fuzzer +{ +public: + ColdTransactionFuzzer(): wallet(true) {} + virtual int init(); + virtual int run(const std::string &filename); + +private: + tools::wallet2 wallet; +}; + + +int ColdTransactionFuzzer::init() +{ + static const char * const spendkey_hex = "0b4f47697ec99c3de6579304e5f25c68b07afbe55b71d99620bf6cbf4e45a80f"; + crypto::secret_key spendkey; + epee::string_tools::hex_to_pod(spendkey_hex, spendkey); + + try + { + boost::filesystem::remove("/tmp/cold-transaction-test.keys"); + boost::filesystem::remove("/tmp/cold-transaction-test.address.txt"); + boost::filesystem::remove("/tmp/cold-transaction-test"); + + wallet.init(""); + wallet.generate("/tmp/cold-transaction-test", "", spendkey, true, false); + + boost::filesystem::remove("/tmp/cold-transaction-test.keys"); + boost::filesystem::remove("/tmp/cold-transaction-test.address.txt"); + boost::filesystem::remove("/tmp/cold-transaction-test"); + } + catch (const std::exception &e) + { + std::cerr << "Error on ColdTransactionFuzzer::init: " << e.what() << std::endl; + return 1; + } + return 0; +} + +int ColdTransactionFuzzer::run(const std::string &filename) +{ + std::string s; + + if (!epee::file_io_utils::load_file_to_string(filename, s)) + { + std::cout << "Error: failed to load file " << filename << std::endl; + return 1; + } + s = std::string("\x01\x16serialization::archive") + s; + try + { + tools::wallet2::unsigned_tx_set exported_txs; + std::stringstream iss; + iss << s; + boost::archive::portable_binary_iarchive ar(iss); + ar >> exported_txs; + std::vector<tools::wallet2::pending_tx> ptx; + bool success = wallet.sign_tx(exported_txs, "/tmp/cold-transaction-test-signed", ptx); + std::cout << (success ? "signed" : "error") << std::endl; + } + catch (const std::exception &e) + { + std::cerr << "Failed to sign transaction: " << e.what() << std::endl; + return 1; + } + return 0; +} + +int main(int argc, const char **argv) +{ + ColdTransactionFuzzer fuzzer; + return run_fuzzer(argc, argv, fuzzer); +} |