Integrating C‐based OpenPrinting Projects in OSS‐Fuzz Testing (GSoC 2024)
Contributor: ttfish
Organization: OpenPrinting, The Linux Foundation
Mentors: Till Kamppeter, George-Andrei Iosif, Dongge Liu, Oliver Chang, Ira McDonald, Pratyush Ranjan
Useful Links:
- Project Page
- Source Code for Fuzz Harnesses
- OSS-Fuzz Projects
- Opportunity Open Source Conference 2024
- Ubuntu Summit 2024 - Ubuntu Summit Repo
Our goal is to integrate existing OpenPrinting projects into the Google OSS-Fuzz framework to enable continuous fuzz testing, given the lack of fuzz testing in OpenPrinting projects. This integration enhances the detection and resolution of potential issues, thereby improving the robustness of OpenPrinting projects. Based on our integration efforts, we adopt advanced fuzzing techniques to enhance fuzz testing efficiency, including providing structured fuzz inputs, integrating and repairing Fuzz Introspector, and employing Large Language Models (LLMs) frameworks such as OSS-Fuzz-Gen to assist in generating OSS-Fuzz harnesses.
The overall progress during our integration is as follows:
- Initialize project OpenPrinting fuzzing, migrate cups and libcups into OSS-Fuzz framework.
- Construct fuzz harnesses for cups-filters and libcupsfilters, which is pending for merging into OSS-Fuzz.
- Fix the fuzz-introspector building of cups and libcups for comprehensive fuzz progress analysis. The detailed report is available here: cups, libcups.
- Explores OSS-Fuzz-Gen in fuzz harness generation.
- Help integrate and enable CI test for libcupsfilters from previous work.
- Triage and help fix identified bugs in OpenPrinting projects, illustrated in here
- Present our work in open source conferences, including OOSC 2024 and Ubuntu Summit 2024
To date, integrated OSS-Fuzz harnesses have identified 41 issues with 21 resolved, leading to more than 5000 LoC changed code. The fuzzing coverage curves are shown below:
Fuzzing status for cups
Fuzzing status for libcups
- libcups master @a7a28e643cd0f84dcae785f93b72426d644c0619
- cups master @c67f4add6dfe88fe440a172f49946234694ac211
- libcups master @882adac2d4999e975a2e6ba797cb27fe10888e99
- cups master @80fe6815d5941ef8a812087af7869f4c02779f1d
- cups master @7a2d383ee59a90f41d482476edb909165ea9565d
- libcups master @83562f7c7e8e4b26da1a8c14f0c5dcdfcb062277
- Based on existing fuzzing projects, integrating more harnesses is more convenient, especially with the help of LLMs.
- More C/C++-based projects are needed to be integrated, such as cups-browsed and cups-snap
- Integrating OSS-Fuzz into OpenPrinting projects written in other languages such as Python (pyppd) and Go (ipp-usb), is feasible.
- More effective fuzzing seeds and dictionaries for specific OpenPrinting functionalities are required.
- End-to-end testing methods can help identify more exploitable bugs in OpenPrinting projects. Manual security audits can also help.
I extend my deepest gratitude to everyone who collaborated on this integration project. Specifically, Till offered crucial domain expertise in OpenPrinting, guiding the priority and direction of our integration efforts. Andrei shared his knowledge in C/C++ programming and fuzz testing. Dongge and Oliver provided essential coding insights for OSS-Fuzz and OSS-Fuzz-Gen as authors and maintainers. The integration process was smooth, and participating in open-source community events such as OOSC 2024 and the Ubuntu Summit 2024 was enjoyable. I would also like to thank Arjun for initializing some of the fuzz harnesses of cups before our integration and helping migrate the ownership of the fuzzing project under OpenPriting. Many thanks to Michael R Sweet for helping fix all the reported issues with great patience. None of the progress achieved would have been possible without the invaluable assistance from all of you.