Skip to content
Merged
Show file tree
Hide file tree
Changes from 15 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions cedar-drt/fuzz/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -271,6 +271,12 @@ path = "fuzz_targets/symcc-cex-pbt.rs"
test = false
doc = false

[[bin]]
name = "input-generation"
path = "fuzz_targets/input-generation.rs"
test = false
doc = false

[[bin]]
name = "batched-evaluation-drt"
path = "fuzz_targets/batched-evaluation-drt.rs"
Expand Down
5 changes: 4 additions & 1 deletion cedar-drt/fuzz/fuzz_targets/entity-validation.rs
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,10 @@ use cedar_policy::{Entities, Schema};
use cedar_testing::cedar_test_impl::time_function;

use cedar_policy_generators::{
hierarchy::Hierarchy, hierarchy::HierarchyGenerator, schema, settings::ABACSettings,
hierarchy::{Hierarchy, HierarchyGenerator},
schema,
schema_gen::SchemaGen,
settings::ABACSettings,
};
use libfuzzer_sys::arbitrary::{self, Arbitrary, Unstructured};
use log::{debug, info};
Expand Down
2 changes: 1 addition & 1 deletion cedar-drt/fuzz/fuzz_targets/eval-type-directed.rs
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,11 @@ use cedar_drt_inner::fuzz_target;

use cedar_policy::Entities;
use cedar_policy_core::ast::Expr;
use cedar_policy_generators::err::Error;
use cedar_policy_generators::hierarchy::HierarchyGenerator;
use cedar_policy_generators::schema::{arbitrary_schematype_with_bounded_depth, Schema};
use cedar_policy_generators::settings::ABACSettings;
use cedar_policy_generators::{abac::ABACRequest, schema::schematype_to_type};
use cedar_policy_generators::{err::Error, schema_gen::SchemaGen};
use libfuzzer_sys::arbitrary::{self, Arbitrary, Unstructured};
use log::debug;
use std::convert::TryFrom;
Expand Down
1 change: 1 addition & 0 deletions cedar-drt/fuzz/fuzz_targets/formatter.rs
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ use cedar_policy_core::ast::{StaticPolicy, Template};
use cedar_policy_core::parser::{self, parse_policy};
use cedar_policy_formatter::token::{Comment, Token, WrappedToken};
use cedar_policy_formatter::{policies_str_to_pretty, Config};
use cedar_policy_generators::schema_gen::SchemaGen;
use cedar_policy_generators::{
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema::Schema, settings::ABACSettings,
};
Expand Down
126 changes: 126 additions & 0 deletions cedar-drt/fuzz/fuzz_targets/input-generation.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
/*
* Copyright Cedar Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

#![no_main]
use cedar_drt::logger::initialize_log;

use cedar_drt_inner::{fuzz_target, schemas};

use cedar_policy::{Authorizer, Entities, PolicySet, Schema};
use std::str::FromStr;
use std::sync::LazyLock;

use cedar_policy_generators::{
abac::ABACRequest,
err::Error,
hierarchy::HierarchyGenerator,
schema,
schema_gen::{SchemaGen, ValidatorSchema},
settings::ABACSettings,
};

use libfuzzer_sys::arbitrary::{self, Arbitrary, MaxRecursionReached, Unstructured};
use log::debug;
use std::convert::TryFrom;

/// Input expected by this fuzz target:
/// An ABAC hierarchy and 8 associated requests
#[derive(Debug, Clone)]
pub struct FuzzTargetInput {
/// generated entity slice
pub entities: Entities,
/// the requests to try for this hierarchy and policy. We try 8 requests per
/// policy/hierarchy
pub requests: [ABACRequest; 8],
}

static SCHEMA: LazyLock<Schema> = LazyLock::new(|| {
let schema_file =
std::env::var("CEDAR_SCHEMA_FILE").expect("CEDAR_SCHEMA_FILE environment variable not set");
let schema_content = std::fs::read_to_string(schema_file).expect("Failed to read schema file");
Schema::from_str(&schema_content).expect("Failed to parse schema")
});

static POLICY_SET: LazyLock<PolicySet> = LazyLock::new(|| {
let policy_file =
std::env::var("CEDAR_POLICY_FILE").expect("CEDAR_POLICY_FILE environment variable not set");
let policy_content = std::fs::read_to_string(policy_file).expect("Failed to read policy file");
PolicySet::from_str(&policy_content).expect("Failed to parse policy set")
});

/// settings for this fuzz target
/// settings for this fuzz target
const SETTINGS: ABACSettings = ABACSettings {
enable_additional_attributes: true,
..ABACSettings::type_directed()
};

impl<'a> Arbitrary<'a> for FuzzTargetInput {
fn arbitrary(u: &mut Unstructured<'a>) -> arbitrary::Result<Self> {
let schema: ValidatorSchema = ValidatorSchema::new(SCHEMA.as_ref(), &SETTINGS, u)?;
let hierarchy = schema.arbitrary_hierarchy(u)?;

let requests = [
schema.arbitrary_request(&hierarchy, u)?,
schema.arbitrary_request(&hierarchy, u)?,
schema.arbitrary_request(&hierarchy, u)?,
schema.arbitrary_request(&hierarchy, u)?,
schema.arbitrary_request(&hierarchy, u)?,
schema.arbitrary_request(&hierarchy, u)?,
schema.arbitrary_request(&hierarchy, u)?,
schema.arbitrary_request(&hierarchy, u)?,
];
let entities = Entities::try_from(hierarchy).map_err(|_| Error::NotEnoughData)?;
let entities = schemas::add_actions_to_entities(&SCHEMA, entities)?;
Ok(Self { entities, requests })
}

fn try_size_hint(
depth: usize,
) -> std::result::Result<(usize, Option<usize>), MaxRecursionReached> {
Ok(arbitrary::size_hint::and_all(&[
HierarchyGenerator::size_hint(depth),
schema::Schema::arbitrary_request_size_hint(depth),
schema::Schema::arbitrary_request_size_hint(depth),
schema::Schema::arbitrary_request_size_hint(depth),
schema::Schema::arbitrary_request_size_hint(depth),
schema::Schema::arbitrary_request_size_hint(depth),
schema::Schema::arbitrary_request_size_hint(depth),
schema::Schema::arbitrary_request_size_hint(depth),
schema::Schema::arbitrary_request_size_hint(depth),
]))
}
}

// Type-directed fuzzing of ABAC hierarchy/policy/requests.
Comment thread
shaobo-he-aws marked this conversation as resolved.
Outdated
fuzz_target!(|input: FuzzTargetInput| {
initialize_log();

let requests = input
.requests
.into_iter()
.map(Into::into)
.collect::<Vec<_>>();

let entities = input.entities.into();

for request in requests.iter() {
debug!("Request : {request}");

let authorizer = Authorizer::new();
authorizer.is_authorized(request, &*POLICY_SET, &entities);
}
});
4 changes: 2 additions & 2 deletions cedar-drt/fuzz/fuzz_targets/level-validation-drt.rs
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@ use cedar_drt_inner::fuzz_target;
use cedar_policy::{Policy, PolicySet, Schema, ValidationMode};

use cedar_policy_generators::{
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, settings::ABACSettings,
size_hint_utils::size_hint_for_range,
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, schema_gen::SchemaGen,
settings::ABACSettings, size_hint_utils::size_hint_for_range,
};
use libfuzzer_sys::arbitrary::{self, Arbitrary, Unstructured};

Expand Down
2 changes: 1 addition & 1 deletion cedar-drt/fuzz/fuzz_targets/policy-set-roundtrip.rs
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ use cedar_drt::{check_policy_set_equivalence, logger::initialize_log, policy_set
use cedar_drt_inner::fuzz_target;

use cedar_policy_generators::{
policy_set::GeneratedPolicySet, schema::Schema, settings::ABACSettings,
policy_set::GeneratedPolicySet, schema::Schema, schema_gen::SchemaGen, settings::ABACSettings,
};
use itertools::Itertools;
use libfuzzer_sys::arbitrary::{self, Arbitrary, Unstructured};
Expand Down
1 change: 1 addition & 0 deletions cedar-drt/fuzz/fuzz_targets/protobuf-roundtrip.rs
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ use cedar_drt_inner::{fuzz_target, schemas::Equiv};

use cedar_policy::{proto, Entities, Entity, Policy, PolicySet, Request, Schema};

use cedar_policy_generators::schema_gen::SchemaGen;
use libfuzzer_sys::arbitrary::{self, MaxRecursionReached};
use prost::Message;

Expand Down
5 changes: 4 additions & 1 deletion cedar-drt/fuzz/fuzz_targets/request-validation.rs
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,10 @@ use cedar_policy::{Request, Schema};
use cedar_testing::cedar_test_impl::time_function;

use cedar_policy_generators::{
abac::ABACRequest, hierarchy::Hierarchy, hierarchy::HierarchyGenerator, schema,
abac::ABACRequest,
hierarchy::{Hierarchy, HierarchyGenerator},
schema,
schema_gen::SchemaGen,
settings::ABACSettings,
};
use libfuzzer_sys::arbitrary::{self, Arbitrary, Unstructured};
Expand Down
4 changes: 3 additions & 1 deletion cedar-drt/fuzz/fuzz_targets/roundtrip-entities.rs
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,9 @@ use cedar_drt_inner::{fuzz_target, roundtrip_entities};

use cedar_policy::{Entities, Schema};

use cedar_policy_generators::{hierarchy::HierarchyGenerator, schema, settings::ABACSettings};
use cedar_policy_generators::{
hierarchy::HierarchyGenerator, schema, schema_gen::SchemaGen, settings::ABACSettings,
};
use libfuzzer_sys::arbitrary::{self, Arbitrary, MaxRecursionReached, Unstructured};

#[derive(Debug)]
Expand Down
1 change: 1 addition & 0 deletions cedar-drt/fuzz/fuzz_targets/roundtrip.rs
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ use cedar_drt_inner::fuzz_target;
use cedar_policy_core::ast::{self, StaticPolicy, Template};
use cedar_policy_core::est;
use cedar_policy_core::parser::{self, parse_policy};
use cedar_policy_generators::schema_gen::SchemaGen;
use cedar_policy_generators::{
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema::Schema, settings::ABACSettings,
};
Expand Down
3 changes: 2 additions & 1 deletion cedar-drt/fuzz/fuzz_targets/symcc-cex-pbt.rs
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@ use cedar_drt_inner::{
use cedar_policy::{Authorizer, Decision, Policy, PolicySet, Schema};

use cedar_policy_generators::{
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, settings::ABACSettings,
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, schema_gen::SchemaGen,
settings::ABACSettings,
};

use libfuzzer_sys::arbitrary::{self, Arbitrary, MaxRecursionReached, Unstructured};
Expand Down
3 changes: 2 additions & 1 deletion cedar-drt/fuzz/fuzz_targets/symcc-check-always-allows-ok.rs
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@ use cedar_drt_inner::{
use cedar_policy::{PolicySet, Schema};

use cedar_policy_generators::{
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, settings::ABACSettings,
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, schema_gen::SchemaGen,
settings::ABACSettings,
};

use libfuzzer_sys::arbitrary::{self, Arbitrary, MaxRecursionReached, Unstructured};
Expand Down
3 changes: 2 additions & 1 deletion cedar-drt/fuzz/fuzz_targets/symcc-check-always-denies-ok.rs
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@ use cedar_drt_inner::{
use cedar_policy::{PolicySet, Schema};

use cedar_policy_generators::{
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, settings::ABACSettings,
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, schema_gen::SchemaGen,
settings::ABACSettings,
};

use libfuzzer_sys::arbitrary::{self, Arbitrary, MaxRecursionReached, Unstructured};
Expand Down
3 changes: 2 additions & 1 deletion cedar-drt/fuzz/fuzz_targets/symcc-check-disjoint-ok.rs
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@ use cedar_drt_inner::{
use cedar_policy::{PolicySet, Schema};

use cedar_policy_generators::{
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, settings::ABACSettings,
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, schema_gen::SchemaGen,
settings::ABACSettings,
};

use libfuzzer_sys::arbitrary::{self, Arbitrary, MaxRecursionReached, Unstructured};
Expand Down
3 changes: 2 additions & 1 deletion cedar-drt/fuzz/fuzz_targets/symcc-check-equivalent-ok.rs
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@ use cedar_drt_inner::{
use cedar_policy::{PolicySet, Schema};

use cedar_policy_generators::{
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, settings::ABACSettings,
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, schema_gen::SchemaGen,
settings::ABACSettings,
};

use libfuzzer_sys::arbitrary::{self, Arbitrary, MaxRecursionReached, Unstructured};
Expand Down
3 changes: 2 additions & 1 deletion cedar-drt/fuzz/fuzz_targets/symcc-check-implies-ok.rs
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@ use cedar_drt_inner::{
use cedar_policy::{PolicySet, Schema};

use cedar_policy_generators::{
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, settings::ABACSettings,
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, schema_gen::SchemaGen,
settings::ABACSettings,
};

use libfuzzer_sys::arbitrary::{self, Arbitrary, MaxRecursionReached, Unstructured};
Expand Down
3 changes: 2 additions & 1 deletion cedar-drt/fuzz/fuzz_targets/symcc-check-never-errors-ok.rs
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@ use cedar_drt_inner::{
use cedar_policy::Schema;

use cedar_policy_generators::{
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, settings::ABACSettings,
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, schema_gen::SchemaGen,
settings::ABACSettings,
};

use libfuzzer_sys::arbitrary::{self, Arbitrary, MaxRecursionReached, Unstructured};
Expand Down
3 changes: 2 additions & 1 deletion cedar-drt/fuzz/fuzz_targets/symcc-smt-script-drt.rs
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@ use cedar_drt_inner::{
use cedar_policy::{Policy, PolicySet, Schema};

use cedar_policy_generators::{
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, settings::ABACSettings,
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, schema_gen::SchemaGen,
settings::ABACSettings,
};

use libfuzzer_sys::arbitrary::{self, Arbitrary, MaxRecursionReached, Unstructured};
Expand Down
3 changes: 2 additions & 1 deletion cedar-drt/fuzz/fuzz_targets/symcc-term-drt.rs
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@ use cedar_drt_inner::{
use cedar_policy::{Policy, PolicySet, Schema};

use cedar_policy_generators::{
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, settings::ABACSettings,
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, schema_gen::SchemaGen,
settings::ABACSettings,
};

use libfuzzer_sys::arbitrary::{self, Arbitrary, MaxRecursionReached, Unstructured};
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@ use cedar_drt_inner::{fuzz_target, symcc::total_action_request_env_limit};
use cedar_policy::{Policy, PolicySet, Schema};

use cedar_policy_generators::{
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, settings::ABACSettings,
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, schema_gen::SchemaGen,
settings::ABACSettings,
};

use libfuzzer_sys::arbitrary::{self, Arbitrary, MaxRecursionReached, Unstructured};
Expand Down
1 change: 1 addition & 0 deletions cedar-drt/fuzz/src/abac.rs
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ use cedar_policy_generators::{
abac::{ABACPolicy, ABACRequest},
hierarchy::HierarchyGenerator,
schema,
schema_gen::SchemaGen,
settings::ABACSettings,
};
use libfuzzer_sys::arbitrary::{self, Arbitrary, Error, MaxRecursionReached, Unstructured};
Expand Down
3 changes: 2 additions & 1 deletion cedar-drt/fuzz/src/validation_drt.rs
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@ use cedar_drt::{
use cedar_policy::{Policy, PolicySet, Schema, ValidationMode};

use cedar_policy_generators::{
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, settings::ABACSettings,
abac::ABACPolicy, hierarchy::HierarchyGenerator, schema, schema_gen::SchemaGen,
settings::ABACSettings,
};
use cedar_testing::cedar_test_impl::time_function;
use libfuzzer_sys::arbitrary::{self, Arbitrary, Unstructured};
Expand Down
Loading