Fuzzing

Table of Contents

• Google OSS-Fuzz
• Running tests locally
• Viewing fuzzing failures detected by OSS-Fuzz
• Reproducing fuzzing failures detected by OSS-Fuzz

Log4cxx contains fuzz tests implemented using LibFuzzer. These tests are located in the src/fuzzers directory.

Google OSS-Fuzz

OSS-Fuzz is a Google service that continuously runs fuzz tests of critical F/OSS projects on a beefy cluster and reports its findings (bugs, vulnerabilities, etc.) privately to project maintainers. Log4cxx provides OSS-Fuzz integration with following helpers:

• Dockerfile to create a container image for running tests
• oss-fuzz-build.sh to generate fuzz test runner scripts along with all necessary dependencies

Running tests locally

1. Clone the OSS-Fuzz repository:

   git clone --depth 1 https://github.com/google/oss-fuzz google-oss-fuzz && cd $_

1. Build the container image:

   python infra/helper.py build_image apache-logging-log4cxx

1. Run the container image to build the Log4cxx project and generate runner scripts along with dependencies:

   python infra/helper.py build_fuzzers \
     --sanitizer address --engine libfuzzer --architecture x86_64 \
     apache-logging-log4cxx

1. List generated runner scripts:

   ls -al build/out/apache-logging-log4cxx

1. Check one of the generated runner scripts:

   python infra/helper.py check_build \
     --sanitizer address --engine libfuzzer --architecture x86_64 \
     apache-logging-log4cxx PatternLayoutFuzzer

1. Execute one of the generated runner scripts:

   python infra/helper.py run_fuzzer \
     --sanitizer address --engine libfuzzer --architecture x86_64 \
     apache-logging-log4cxx PatternLayoutFuzzer

Viewing fuzzing failures detected by OSS-Fuzz

The system running fuzzers registered to OSS-Fuzz is called ClusterFuzz, which provides a web interface for maintainers to monitor the fuzzing results. Tests outputs and reproduction inputs for failed tests are stored in a Google Cloud Storage bucket. Access to both the web interface and the bucket is restricted, and only allowed to those configured for the project.

Reproducing fuzzing failures detected by OSS-Fuzz

Download the associated .testcase file from the Google Cloud Storage bucket, and run the following command:

python infra/helper.py reproduce \
  apache-logging-log4cxx <FUZZ-TARGET-NAME> <TESTCASE-FILE-PATH>

Refer to https://google.github.io/oss-fuzz/advanced-topics/reproducing/[the related OSS-Fuzz documentation] for details.