feat (FuzzTest): Add basic fuzz test runner as per example from sebas…

…tienros#148 from metalnem.

Fluid.Fuzz.Tests/Fluid.Fuzz.Tests.csproj

@@ -0,0 +1,16 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>netcoreapp2.2</TargetFramework>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="SharpFuzz" Version="1.6.1" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\Fluid\Fluid.csproj" />
+  </ItemGroup>
+
+</Project>

Fluid.Fuzz.Tests/Program.cs

@@ -0,0 +1,43 @@
+using System;
+using System.Collections.Generic;
+using SharpFuzz;
+
+namespace Fluid.Fuzz.Tests
+{
+    public class User
+    {
+        public string String { get; set; }
+        public int Integer { get; set; }
+        public List<double> Doubles { get; set; }
+    }
+
+    public class Program
+    {
+        public static void Main(string[] args)
+        {
+            var user = new User
+            {
+                String = "ABC",
+                Integer = 123,
+                Doubles = new List<double> { 1.1, 2.2, 3.3 }
+            };
+
+            Fuzzer.OutOfProcess.Run(text =>
+            {
+                try
+                {
+                    if (FluidTemplate.TryParse(text, out var template))
+                    {
+                        TemplateContext.GlobalMemberAccessStrategy.Register<User>();
+                        template.Render(new TemplateContext { Model = user });
+                    }
+                }
+                catch (ArgumentOutOfRangeException) { }
+                catch (ArgumentException) { }
+                catch (DivideByZeroException) { }
+                catch (NullReferenceException) { }
+                catch (OverflowException) { }
+            });
+        }
+    }
+}

Fluid.Fuzz.Tests/TestCases/test.liquid

@@ -0,0 +1,7 @@
+<p>{{ String }}</p>
+<p>{{ Integer }}</p>
+<ul>
+{% for item in Doubles -%}
+  <li>{{ item }}</li>
+{% endfor -%}
+</ul>

Fluid.Fuzz.Tests/dictionaries/liquid.dict

@@ -0,0 +1,116 @@
+example="{{ "
+example=" }}"
+example="{% "
+example=" -%}"
+example="for"
+example="break"
+example="continue"
+example="endfor"
+example="if"
+example="elseif"
+example="else"
+example="endif"
+example="comment"
+example="endcomment"
+example="unless"
+example="endunless"
+example="case"
+example="when"
+example="tablerow"
+example="endtablerow"
+example="=="
+example="!="
+example=">"
+example="<"
+example=">="
+example="<="
+example="or"
+example="and"
+example="true"
+example="false"
+example=" | "
+example=" = "
+example="increment"
+example="decrement"
+example="in"
+example="contains"
+example="assign"
+example="capture"
+example="[0]"
+example="limit"
+example="offset"
+example="range"
+example="reversed"
+example="cycle"
+example="raw"
+example="abs"
+example="append"
+example="at_least"
+example="at_most"
+example="capitalize"
+example="ceil"
+example="compact"
+example="concat"
+example="date"
+example="default"
+example="divided_by"
+example="downcase"
+example="escape"
+example="escape_once"
+example="first"
+example="floor"
+example="join"
+example="last"
+example="lstrip"
+example="map"
+example="minus"
+example="modulo"
+example="newline_to_br"
+example="plus"
+example="prepend"
+example="remove"
+example="remove_first"
+example="replace"
+example="replace_first"
+example="reverse"
+example="round"
+example="rstrip"
+example="size"
+example="slice"
+example="sort"
+example="sort_natural"
+example="split"
+example="strip"
+example="strip_html"
+example="strip_newlines"
+example="times"
+example="truncate"
+example="truncatewords"
+example="uniq"
+example="upcase"
+example="url_decode"
+example="url_encode"
+example="<a>"
+example="<body>"
+example="<br>"
+example="<div>"
+example="<h1>"
+example="<h2>"
+example="<head>"
+example="<html>"
+example="<input>"
+example="<li>"
+example="<meta>"
+example="<ol>"
+example="<p>"
+example="<script>"
+example="<span>"
+example="<table>"
+example="<td>"
+example="<th>"
+example="<tr>"
+example="<ul>"
+example="item"
+example="String"
+example="Integer"
+example="Doubles"

Fluid.Fuzz.Tests/install.cmd

@@ -0,0 +1,6 @@
+dotnet tool install --global SharpFuzz.Commandline
+REM https://github.com/Metalnem/sharpfuzz#installation
+
+REM Buildthe app
+
+sharpfuzz bin\debug\netcoreapp2.2\fluid.dll

Fluid.Fuzz.Tests/readme.md

@@ -0,0 +1,8 @@
+
+## Problems running afl-fuzz
+
+If afl-fuzz it complains about the size of the dictionary, check the file in ANSI not UTF-8
+Check unix line endines not windows.
+
+
+

Fluid.Fuzz.Tests/setup.sh

@@ -0,0 +1,24 @@
+#/bin/sh
+set -eux
+
+# Download and extract the latest afl-fuzz source package
+wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz
+tar -xvf afl-latest.tgz
+
+rm afl-latest.tgz
+cd afl-2.52b/
+
+# Patch afl-fuzz so that it doesn't check whether the binary
+# being fuzzed is instrumented (we have to do this because
+# we are going to run our programs with the dotnet run command,
+# and the dotnet binary would fail this check)
+wget https://github.com/Metalnem/sharpfuzz/raw/master/patches/RemoveInstrumentationCheck.diff
+patch < RemoveInstrumentationCheck.diff
+
+# Install afl-fuzz
+make install
+cd ..
+rm -rf afl-2.52b/
+
+# Install SharpFuzz.CommandLine global .NET tool
+dotnet tool install --global SharpFuzz.CommandLine

Fluid.sln

@@ -13,6 +13,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Fluid.MvcSample", "Fluid.Mv
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Fluid.MvcViewEngine", "Fluid.MvcViewEngine\Fluid.MvcViewEngine.csproj", "{8387DE36-8B53-4437-B16F-40C6FD525A1D}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Fluid.Fuzz.Tests", "Fluid.Fuzz.Tests\Fluid.Fuzz.Tests.csproj", "{E94EEC3B-893F-4CA4-8095-F936D32BE832}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -39,6 +41,10 @@ Global
 		{8387DE36-8B53-4437-B16F-40C6FD525A1D}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{8387DE36-8B53-4437-B16F-40C6FD525A1D}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{8387DE36-8B53-4437-B16F-40C6FD525A1D}.Release|Any CPU.Build.0 = Release|Any CPU
+		{E94EEC3B-893F-4CA4-8095-F936D32BE832}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{E94EEC3B-893F-4CA4-8095-F936D32BE832}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{E94EEC3B-893F-4CA4-8095-F936D32BE832}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{E94EEC3B-893F-4CA4-8095-F936D32BE832}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE