Add Windows client packaging and recovery tools
ci / test (push) Has been cancelled
ci / fuzz-smoke (push) Has been cancelled
ci / windows-client (push) Has been cancelled
ci / package-release (linux-x86_64, ubuntu-latest) (push) Has been cancelled
ci / package-release (macos-aarch64, macos-14) (push) Has been cancelled
ci / package-release (macos-x86_64, macos-13) (push) Has been cancelled
ci / package-release (windows-x86_64, windows-latest) (push) Has been cancelled
ci / remote-bench (push) Has been cancelled
ci / test (push) Has been cancelled
ci / fuzz-smoke (push) Has been cancelled
ci / windows-client (push) Has been cancelled
ci / package-release (linux-x86_64, ubuntu-latest) (push) Has been cancelled
ci / package-release (macos-aarch64, macos-14) (push) Has been cancelled
ci / package-release (macos-x86_64, macos-13) (push) Has been cancelled
ci / package-release (windows-x86_64, windows-latest) (push) Has been cancelled
ci / remote-bench (push) Has been cancelled
This commit is contained in:
@@ -1,67 +0,0 @@
|
||||
# dosh fuzz targets
|
||||
|
||||
cargo-fuzz / libFuzzer harnesses for the `dosh` parsers and handshake verifiers
|
||||
(spec milestone 5 / §16: "Fuzz packet parsing, authorized-key parsing,
|
||||
known-host parsing, and handshake state", "Fuzz targets run in CI").
|
||||
|
||||
This is a **standalone crate** (its own `[workspace]`) so it never affects the
|
||||
main crate's `cargo build` / `cargo test` / `cargo fmt --check`.
|
||||
|
||||
## Targets
|
||||
|
||||
| Target | Parser(s) exercised |
|
||||
| --- | --- |
|
||||
| `packet_decode` | `protocol::Header::parse`, `protocol::decode`, `protocol::decrypt_body` |
|
||||
| `from_body` | `protocol::from_body::<T>` for every protocol & native wire struct |
|
||||
| `authorized_keys` | `native::parse_authorized_keys`, `native::parse_ssh_ed25519_public_blob` |
|
||||
| `known_hosts` | `native::parse_known_hosts`, `native::parse_host_public_key_line` |
|
||||
| `handshake_structs` | handshake struct decode + `verify_server_hello`, `user_auth_transcript`, `verify_native_user_auth` |
|
||||
| `attach_ticket` | `auth::open_attach_ticket`, `auth::verify_attach_ticket`, `auth::decode_bootstrap` |
|
||||
|
||||
Every target's objective is the same: **no panics on any input** (a panic on
|
||||
untrusted bytes is a robustness/DoS bug per threat model §5).
|
||||
|
||||
## Prerequisites
|
||||
|
||||
```sh
|
||||
rustup toolchain install nightly
|
||||
cargo install cargo-fuzz
|
||||
```
|
||||
|
||||
cargo-fuzz requires a nightly toolchain (it builds with `-Z sanitizer=address`).
|
||||
|
||||
## Run
|
||||
|
||||
From the repository root:
|
||||
|
||||
```sh
|
||||
# Run all targets for a short smoke pass
|
||||
make fuzz-smoke
|
||||
|
||||
# Run all targets for the pre-launch deep pass (default: 300s each)
|
||||
make fuzz-deep
|
||||
|
||||
# List targets
|
||||
cargo +nightly fuzz list --fuzz-dir fuzz
|
||||
|
||||
# Run a single target indefinitely
|
||||
cargo +nightly fuzz run --fuzz-dir fuzz packet_decode
|
||||
|
||||
# Short, CI-style smoke run of one target (10 seconds)
|
||||
cargo +nightly fuzz run --fuzz-dir fuzz packet_decode -- -max_total_time=10
|
||||
```
|
||||
|
||||
Or from inside `fuzz/`:
|
||||
|
||||
```sh
|
||||
cd fuzz
|
||||
cargo +nightly fuzz run packet_decode -- -max_total_time=10
|
||||
```
|
||||
|
||||
## CI
|
||||
|
||||
`.github/workflows/ci.yml` has a `fuzz-smoke` job that installs nightly +
|
||||
cargo-fuzz and runs each target. Push/PR runs use a short 20-second-per-target
|
||||
smoke pass. Weekly scheduled and manual workflow runs use a 300-second-per-target
|
||||
deep pass by default. The job is tolerant if the toolchain/tooling is unavailable
|
||||
so it never blocks the main test gate.
|
||||
Reference in New Issue
Block a user