Merge pull request #1209 from silvergasp/fuzz-gix-url

Fuzz more of gix_url::Url
GitoxideLabs · Dec 24, 2023 · 5e84453 · 5e84453
2 parents 0f71709 + 8d4f9d7
commit 5e84453
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/gix-url/fuzz/Cargo.toml b/gix-url/fuzz/Cargo.toml
@@ -9,6 +9,7 @@ edition = "2021"
 cargo-fuzz = true
 
 [dependencies]
+anyhow = "1.0.76"
 libfuzzer-sys = "0.4"
 
 [dependencies.gix-url]

diff --git a/gix-url/fuzz/fuzz_targets/parse.rs b/gix-url/fuzz/fuzz_targets/parse.rs
@@ -1,6 +1,29 @@
 #![no_main]
+use anyhow::Result;
 use libfuzzer_sys::fuzz_target;
+use std::hint::black_box;
+use std::path::Path;
+
+fn fuzz(data: &[u8]) -> Result<()> {
+    let url = gix_url::parse(data.into())?;
+    _ = black_box(url.user());
+    _ = black_box(url.password());
+    _ = black_box(url.password());
+    if let Some(safe_host) = black_box(url.host_argument_safe()) {
+        // Ensure malicious host paths can't be returned see;
+        // https://secure.phabricator.com/T12961
+        assert!(!safe_host.starts_with("ssh://-"));
+    }
+    _ = black_box(url.path_argument_safe());
+    _ = black_box(url.path_is_root());
+    _ = black_box(url.port_or_default());
+    _ = black_box(url.canonicalized(Path::new("/cwd")));
+    _ = black_box(url.to_bstring());
+
+    _ = black_box(gix_url::expand_path::parse(data.into()));
+    Ok(())
+}
 
 fuzz_target!(|data: &[u8]| {
-    let _a = gix_url::parse(data.into());
+    _ = black_box(fuzz(data));
 });