Fuzzing (#3, #4)

- fix panic on escaping character with width more than 1 byte
- organize fuzzing targets in a `cucumber-expressions-fuzz` sub-crate
- add `fuzz` command to `Makefile`
- add `fuzz` job to CI pipeline

Author: ilslv

.github/workflows/ci.yml

@@ -79,13 +79,40 @@ jobs:
 
       - run: cargo +nightly update -Z minimal-versions
 
-      - run: cargo check --no-default-features
+      - run: cargo check -p cucumber-expressions --no-default-features
                    ${{ matrix.feature != '<none>'
                        && format('--features {0}', matrix.feature)
                        || '' }}
         env:
           RUSTFLAGS: -D warnings
 
+  fuzz:
+    name: Fuzzing
+    if: ${{ github.ref == 'refs/heads/main'
+            || startsWith(github.ref, 'refs/tags/v')
+            || !contains(github.event.head_commit.message, '[skip ci]') }}
+    strategy:
+      fail-fast: false
+      matrix:
+        target:
+          - alternation
+          - expression
+          - into-regex
+          - optional
+          - parameter
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: nightly
+
+      - run: cargo install cargo-fuzz
+
+      - name: Fuzz for 1 minute
+        run: make cargo.fuzz target=${{ matrix.target }} time=60
+
   msrv:
     name: MSRV
     if: ${{ github.ref == 'refs/heads/main'
@@ -144,7 +171,6 @@ jobs:
 
 
 
-
   #################
   # Documentation #
   #################

CHANGELOG.md

@@ -13,9 +13,11 @@ All user visible changes to `cucumber-expressions` crate will be documented in t
 
 - [Cucumber Expressions] AST and parser. ([#1])
 - Expansion of [Cucumber Expressions] AST into [`Regex`] behind `into-regex` feature flag. ([#2])
+- Fuzzzing. ([#3])
 
 [#1]: /../../pull/1
 [#2]: /../../pull/2
+[#3]: /../../pull/3
 
 
 

Cargo.toml

@@ -36,3 +36,6 @@ regex = { version = "1.5", optional = true }
 
 # TODO: Remove once `derive_more` 0.99.17 is released.
 syn = "1.0.81"
+
+[workspace]
+members = ["fuzz"]

Makefile

@@ -22,6 +22,9 @@ docs: cargo.doc
 fmt: cargo.fmt
 
 
+fuzz: cargo.fuzz
+
+
 lint: cargo.lint
 
 
@@ -44,7 +47,7 @@ cargo.doc:
 ifeq ($(clean),yes)
 	@rm -rf target/doc/
 endif
-	cargo doc --all-features \
+	cargo doc -p cucumber-expressions --all-features \
 		$(if $(call eq,$(private),no),,--document-private-items) \
 		$(if $(call eq,$(open),no),,--open)
 
@@ -55,7 +58,17 @@ endif
 #	make cargo.fmt [check=(no|yes)]
 
 cargo.fmt:
-	cargo +nightly fmt $(if $(call eq,$(check),yes),-- --check,)
+	cargo +nightly fmt --all $(if $(call eq,$(check),yes),-- --check,)
+
+
+# Fuzz Rust sources with cargo-fuzz.
+#
+# Usage:
+#	make cargo.fuzz target=<fuzz-target> [time=<timeout>]
+
+cargo.fuzz:
+	cargo +nightly fuzz run $(target) \
+		$(if $(call eq,$(time),),,-- -max_total_time=$(time))
 
 
 # Lint Rust sources with Clippy.
@@ -64,7 +77,7 @@ cargo.fmt:
 #	make cargo.lint
 
 cargo.lint:
-	cargo clippy --all-features -- -D warnings
+	cargo clippy -p cucumber-expressions --all-features -- -D warnings
 
 
 cargo.test: test.cargo
@@ -82,7 +95,7 @@ cargo.test: test.cargo
 #	make test.cargo
 
 test.cargo:
-	cargo test --all-features
+	cargo test -p cucumber-expressions --all-features
 
 
 
@@ -91,6 +104,6 @@ test.cargo:
 # .PHONY section #
 ##################
 
-.PHONY: docs fmt lint test \
-        cargo.doc cargo.fmt cargo.lint cargo.test \
+.PHONY: docs fmt fuzz lint test \
+        cargo.doc cargo.fmt cargo.fuzz cargo.lint cargo.test \
         test.cargo

README.md

@@ -71,7 +71,7 @@ name-to-escape          = '{' | '}' | '(' | '/' | '\'
 
 ## [`Regex`] Production Rules
 
-Follows original [production rules].
+Follows original [production rules][2].
 
 
 

fuzz/.gitignore

@@ -0,0 +1,2 @@
+/artifacts/
+/corpus/

fuzz/Cargo.toml

@@ -0,0 +1,49 @@
+[package]
+name = "cucumber-expressions-fuzz"
+version = "0.0.0"
+edition = "2021"
+rust-version = "1.56"
+description = "Fuzz testing for `cucumber-expressions` crate."
+license = "MIT OR Apache-2.0"
+authors = [
+    "Ilya Solovyiov <ilya.solovyiov@gmail.com>",
+    "Kai Ren <tyranron@gmail.com>",
+]
+publish = false
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+cucumber-expressions = { path = "..", features = ["into-regex"] }
+libfuzzer-sys = "0.4"
+
+[[bin]]
+name = "expression"
+path = "fuzz_targets/expression.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "parameter"
+path = "fuzz_targets/parameter.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "optional"
+path = "fuzz_targets/optional.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "alternation"
+path = "fuzz_targets/alternation.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "into-regex"
+path = "fuzz_targets/into_regex.rs"
+test = false
+doc = false

fuzz/fuzz_targets/alternation.rs

@@ -0,0 +1,8 @@
+#![no_main]
+
+use cucumber_expressions::parse;
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &str| {
+    let _ = parse::alternation(data);
+});

fuzz/fuzz_targets/expression.rs

@@ -0,0 +1,8 @@
+#![no_main]
+
+use cucumber_expressions::parse;
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &str| {
+    let _ = parse::expression(data);
+});

fuzz/fuzz_targets/into_regex.rs

@@ -0,0 +1,8 @@
+#![no_main]
+
+use cucumber_expressions::Expression;
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &str| {
+    let _ = Expression::regex(data);
+});