#48821 Implement hooks to allow AFL testing
Closed: wontfix 15 days ago by spichugi. Opened 4 years ago by firstyear.

Afl, American Fuzzy Lop (http://lcamtuf.coredump.cx/afl/) is a tool that fuzzes applications using instrumentation and learning to find paths through branches.

Combined with a tool like ASAN, we can detect and find issues we would never think to investigate.

I would like to make a basic start on being able to us AFL with DS. QE already wants to pursue this.

-- What would we need to do for DS?

AFL relies on an application having stdin / stdout. As a result, we would need a new ns-slapd mode which accepts BER on stdin and then returns the result to stdout, and shuts down. This would involve some work on main() to achieve this, as ns-slapd would start, process one operation, then shutdown again.

-- What benefit would this get us?

Pre-emptive discovery of security issues and stability issues in DS.

-- Won't this take a long time to setup?

Yes, it probably will take me a good few weeks to make all the plumbing for this work.

However, I would rather find these issues in our test envs, with debugging, asan, and nice repeatable tooling, than in a customer environment at scale. What we spend in time now, we save in trying to chase complex issues later.

-- Can we test replication protocols and other things?

Yes, later we can. Again, it's just BER send to port 389, so we drop in some data into the test cases, and we can even fuzz our replication subsystem.

-- What about ACI's etc? Doesn't this rely on a database existing?

Yes, but that would all be part of the setup. We would likely need a prebuilt skeleton dse.ldif and database with data in it, then have a special DS mode that copies the skeleton to a temporary location, and uses it. Afterwards we discard it. This way we have the identical DB and config for each test, so we have repeat-ability. It would be worth enabling all our plugins, and trying to have example data for each of them in this skeleton so we can explore all the branches.

Setting the milestone to 1.3.6.

William, please feel free to reset it if you think differently.


I may have some help on this from abartlett of samba who has partially done this.

Metadata Update from @nhosoi:
- Issue assigned to firstyear
- Issue set to the milestone: FUTURE

3 years ago

Metadata Update from @firstyear:
- Custom field reviewstatus adjusted to new
- Issue close_status updated to: None
- Issue tagged with: Complex, Security

3 years ago

Metadata Update from @firstyear:
- Assignee reset

3 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1881

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

15 days ago

Login to comment on this ticket.