Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add docs for fuzzing #181

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: add docs for fuzzing #181

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
66da00d
feat: add fuzzing info
adithyaakrishna Oct 21, 2023
7735896
feat: add docs for fuzzing
adithyaakrishna Oct 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
97 changes: 94 additions & 3 deletions docs/contribute/fuzzing.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,98 @@ sidebar_position: 5

# Fuzzing

<!-- prettier-ignore -->
:::info
Work in Progress
Fuzzing is a dynamic code analysis technique used to discover coding errors and security loopholes in software applications. It involves providing invalid, unexpected, or random data as inputs to a software program. This guide will walk you through the process of setting up and running fuzz tests on WasmEdge applications.

## Prerequisites

- WasmEdge Runtime and API
- C++ Compiler (e.g., GCC or Clang)
- Fuzzing tool (e.g., AFL, libFuzzer)
- Basic knowledge of C++ and WebAssembly

## How to Fuzz Test

### Step 1: Install Fuzzing Tool

For this guide, we'll use [AFL (American Fuzzy Lop)](https://github.com/google/AFL) as the fuzzing tool. Install it using the package manager for your OS.

For Ubuntu:

```bash
sudo apt-get install afl
```

### Step 2: Prepare the WasmEdge Application

Ensure that your WasmEdge application is compiled and ready for testing. Identify the functions that you want to fuzz. These are typically functions that handle file I/O, data parsing, or any form of external input.

### Step 3: Write a Fuzzing Target

Create a C++ file that will serve as your fuzzing target. This file should include the WasmEdge API and should call the function you want to fuzz.

```cpp
#include <wasmedge.h>

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
WasmEdge::Configure Conf;
WasmEdge::VM VM(Conf);

if (VM.loadWasm(Data, Size)) {
VM.validate();
VM.instantiate();
VM.execute("your_function", {/* optional args */});
}

return 0;
}
```

### Step 4: Compile the Fuzzing Target

Compile the fuzzing target with AFL's version of the compiler and enable the fuzzing mode.

```bash
afl-g++ -o fuzz_target fuzz_target.cpp -lwasmedge_c_api
```

### Step 5: Run the Fuzzer

Run AFL to start fuzzing.

```bash
afl-fuzz -i input_dir/ -o output_dir/ ./fuzz_target @@
```

Here, `input_dir` is a directory containing sample input files, and `output_dir` is where AFL will store the results.

### Step 6: Analyze Results

AFL will generate a lot of data, including:

- Queue: Test cases that exhibit new behaviors.
- Crashes: Inputs that caused the program to crash.
- Hangs: Inputs where the program took too long to execute.

Review these files to understand the vulnerabilities or bugs in your application.

## Best Practices

- **Start Small:** Use simple input files initially to help the fuzzer understand the basic program behavior.
- **Code Coverage:** Use tools like afl-cov to measure code coverage and ensure that the fuzzer is exercising all code paths.
- **Continuous Fuzzing:** Integrate fuzzing into your CI/CD pipeline to catch issues early.


Fuzzing is an effective way to discover vulnerabilities and bugs that might not be apparent through conventional testing methods. By following this guide, you can set up a robust fuzzing workflow for your WasmEdge applications, thereby enhancing their security and reliability.

:::note
If you need a Wasm specific fuzzer, this https://github.com/wasmerio/wasm-fuzz/ can give more infomation and details pertaining to your use cases
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't need this one. Thanks.

:::

### Further References
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't need this one. Thanks.


- https://github.com/wasmerio/wasm-fuzz/blob/master/afl.md
- https://github.com/rust-fuzz/afl.rs
- https://rust-fuzz.github.io/book/introduction.html
- https://lcamtuf.coredump.cx/afl/
- https://afl-1.readthedocs.io/en/latest/
- https://en.wikipedia.org/wiki/American_fuzzy_lop_(fuzzer)
97 changes: 94 additions & 3 deletions i18n/zh/docusaurus-plugin-content-docs/current/contribute/fuzzing.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,98 @@ sidebar_position: 5

# Fuzzing

<!-- prettier-ignore -->
:::info
Work in Progress
Fuzzing is a dynamic code analysis technique used to discover coding errors and security loopholes in software applications. It involves providing invalid, unexpected, or random data as inputs to a software program. This guide will walk you through the process of setting up and running fuzz tests on WasmEdge applications.

## Prerequisites

- WasmEdge Runtime and API
- C++ Compiler (e.g., GCC or Clang)
- Fuzzing tool (e.g., AFL, libFuzzer)
- Basic knowledge of C++ and WebAssembly

## How to Fuzz Test

### Step 1: Install Fuzzing Tool

For this guide, we'll use [AFL (American Fuzzy Lop)](https://github.com/google/AFL) as the fuzzing tool. Install it using the package manager for your OS.

For Ubuntu:

```bash
sudo apt-get install afl
```

### Step 2: Prepare the WasmEdge Application

Ensure that your WasmEdge application is compiled and ready for testing. Identify the functions that you want to fuzz. These are typically functions that handle file I/O, data parsing, or any form of external input.

### Step 3: Write a Fuzzing Target

Create a C++ file that will serve as your fuzzing target. This file should include the WasmEdge API and should call the function you want to fuzz.

```cpp
#include <wasmedge.h>

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
WasmEdge::Configure Conf;
WasmEdge::VM VM(Conf);

if (VM.loadWasm(Data, Size)) {
VM.validate();
VM.instantiate();
VM.execute("your_function", {/* optional args */});
}

return 0;
}
```

### Step 4: Compile the Fuzzing Target

Compile the fuzzing target with AFL's version of the compiler and enable the fuzzing mode.

```bash
afl-g++ -o fuzz_target fuzz_target.cpp -lwasmedge_c_api
```

### Step 5: Run the Fuzzer

Run AFL to start fuzzing.

```bash
afl-fuzz -i input_dir/ -o output_dir/ ./fuzz_target @@
```

Here, `input_dir` is a directory containing sample input files, and `output_dir` is where AFL will store the results.

### Step 6: Analyze Results

AFL will generate a lot of data, including:

- Queue: Test cases that exhibit new behaviors.
- Crashes: Inputs that caused the program to crash.
- Hangs: Inputs where the program took too long to execute.

Review these files to understand the vulnerabilities or bugs in your application.

## Best Practices

- **Start Small:** Use simple input files initially to help the fuzzer understand the basic program behavior.
- **Code Coverage:** Use tools like afl-cov to measure code coverage and ensure that the fuzzer is exercising all code paths.
- **Continuous Fuzzing:** Integrate fuzzing into your CI/CD pipeline to catch issues early.


Fuzzing is an effective way to discover vulnerabilities and bugs that might not be apparent through conventional testing methods. By following this guide, you can set up a robust fuzzing workflow for your WasmEdge applications, thereby enhancing their security and reliability.

:::note
If you need a Wasm specific fuzzer, this https://github.com/wasmerio/wasm-fuzz/ can give more infomation and details pertaining to your use cases
:::

### Further References

- https://github.com/wasmerio/wasm-fuzz/blob/master/afl.md
- https://github.com/rust-fuzz/afl.rs
- https://rust-fuzz.github.io/book/introduction.html
- https://lcamtuf.coredump.cx/afl/
- https://afl-1.readthedocs.io/en/latest/
- https://en.wikipedia.org/wiki/American_fuzzy_lop_(fuzzer)