src/modules/Hosts/Hosts.FuzzTests/FuzzTests.cs

// Copyright (c) Microsoft Corporation
// The Microsoft Corporation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.
using System;
using System.IO;
using System.IO.Abstractions.TestingHelpers;
using System.Text.RegularExpressions;
using System.Threading.Tasks;

using Hosts.Tests.Mocks;
using HostsUILib.Helpers;
using HostsUILib.Models;
using HostsUILib.Settings;
using Moq;

namespace Hosts.FuzzTests
{
    public class FuzzTests
    {
        private static Mock<IUserSettings> _userSettings;
        private static Mock<IElevationHelper> _elevationHelper;

        // Case1： Fuzzing method for ValidIPv4
        public static void FuzzValidIPv4(ReadOnlySpan<byte> input)
        {
            try
            {
                string address = System.Text.Encoding.UTF8.GetString(input);
                bool isValid = ValidationHelper.ValidIPv4(address);
            }
            catch (Exception ex) when (ex is RegexMatchTimeoutException)
            {
                throw;
            }
        }

        // Case2: fuzzing method for ValidIPv6
        public static void FuzzValidIPv6(ReadOnlySpan<byte> input)
        {
            try
            {
                string address = System.Text.Encoding.UTF8.GetString(input);
                bool isValid = ValidationHelper.ValidIPv6(address);
            }
            catch (Exception ex) when (ex is RegexMatchTimeoutException)
            {
                throw;
            }
        }

        // Case3: fuzzing method for ValidHosts
        public static void FuzzValidHosts(ReadOnlySpan<byte> input)
        {
            try
            {
                string hosts = System.Text.Encoding.UTF8.GetString(input);
                bool isValid = ValidationHelper.ValidHosts(hosts, true);
            }
            catch (Exception ex) when (ex is RegexMatchTimeoutException)
            {
                // It's important to filter out any *expected* exceptions from our code here.
                // However, catching all exceptions is considered an anti-pattern because it may suppress legitimate
                // issues, such as a NullReferenceException thrown by our code. In this case, we still re-throw
                // the exception, as the ToJsonFromXmlOrCsvAsync method is not expected to throw any exceptions.
                throw;
            }
        }

        public static void FuzzWriteAsync(ReadOnlySpan<byte> data)
        {
            try
            {
                _userSettings = new Mock<IUserSettings>();
                _elevationHelper = new Mock<IElevationHelper>();
                _elevationHelper.Setup(m => m.IsElevated).Returns(true);

                var fileSystem = new CustomMockFileSystem();
                var service = new HostsService(fileSystem, _userSettings.Object, _elevationHelper.Object);

                string input = System.Text.Encoding.UTF8.GetString(data);

                // Since the WriteAsync method does not involve content parsing, we won't fuzz the additionalLines in the hosts file.
                string additionalLines = " ";
                string hosts = input;
                string address = input;
                string comments = input;
                var entries = new List<Entry>
                {
                    new Entry(1, hosts, address, comments, true),
                };

                // fuzzing WriteAsync
                _ = Task.Run(async () => await service.WriteAsync(additionalLines, entries));
            }
            catch (Exception ex) when (ex is ArgumentException)
            {
                throw;
            }
        }
    }
}
-												[Fuzz] Add fuzz testing for Hosts (#37516)

* add hostsfile fuzztests templates code

* modify  typos of hostsfile

* add hosts file

* add hosts fuzz to pipeline

* modify varify depjson rule

* fuzz validIPv4

* update  .net7 to .net 8

* add valid6/validhosts tests on hosts

* catch all exception

* update onefuzzconfig.json to add 3 test cases

* add fuzz writeasync tests and fill exception

* add writeasync onefuzz config

* add dll of writeasync in job dependencies

* for testing az

* change file

* use mock filesystem in hosts tests projct

* fix spell erro

* fix spell erro and change notations

* update test

* fix space erro in code

* install python

* update

* test

* use powershell

* remove unused dll in oneconfig.json


* change download artifacts

* update

* test

* add

* test

* merge

* az

* change

* update

* test cli

* add debug

* test large

* fix

* use templete

* remove pdb file filter in job test project

* fix x64 python install

* for testing

* add

* fix

* use 3.11.1

* change for test

* revert some testing file

* update the file name for spelling check

* use azure cli zip

* use aka.ms

* rename the zip file

* remove test artifactname

* add exception and job dependencies

* Remove the limitation of fuzzing only on hosts

* add fuzz readme

* remove unused changes and space

* fix x86 in sln and remove newtonsoft.json.dll in oneconfig.json

* readd wrapper.dll in oneconfig.json

* drop randomsplit when fuzz writeasync and remove unuseful package

---------
											
										
										
											2025-02-20 10:39:42 +08:00
+								// Copyright (c) Microsoft Corporation
 								// The Microsoft Corporation licenses this file to you under the MIT license.
 								// See the LICENSE file in the project root for more information.
 								using System;
 								using System.IO;
 								using System.IO.Abstractions.TestingHelpers;
 								using System.Text.RegularExpressions;
 								using System.Threading.Tasks;
 								using Hosts.Tests.Mocks;
 								using HostsUILib.Helpers;
 								using HostsUILib.Models;
 								using HostsUILib.Settings;
 								using Moq;
 								namespace Hosts.FuzzTests
 								{
 								    public class FuzzTests
 								    {
 								        private static Mock<IUserSettings> _userSettings;
 								        private static Mock<IElevationHelper> _elevationHelper;
 								        // Case1： Fuzzing method for ValidIPv4
 								        public static void FuzzValidIPv4(ReadOnlySpan<byte> input)
 								        {
 								            try
 								            {
 								                string address = System.Text.Encoding.UTF8.GetString(input);
 								                bool isValid = ValidationHelper.ValidIPv4(address);
 								            }
 								            catch (Exception ex) when (ex is RegexMatchTimeoutException)
 								            {
 								                throw;
 								            }
 								        }
 								        // Case2: fuzzing method for ValidIPv6
 								        public static void FuzzValidIPv6(ReadOnlySpan<byte> input)
 								        {
 								            try
 								            {
 								                string address = System.Text.Encoding.UTF8.GetString(input);
 								                bool isValid = ValidationHelper.ValidIPv6(address);
 								            }
 								            catch (Exception ex) when (ex is RegexMatchTimeoutException)
 								            {
 								                throw;
 								            }
 								        }
 								        // Case3: fuzzing method for ValidHosts
 								        public static void FuzzValidHosts(ReadOnlySpan<byte> input)
 								        {
 								            try
 								            {
 								                string hosts = System.Text.Encoding.UTF8.GetString(input);
 								                bool isValid = ValidationHelper.ValidHosts(hosts, true);
 								            }
 								            catch (Exception ex) when (ex is RegexMatchTimeoutException)
 								            {
 								                // It's important to filter out any *expected* exceptions from our code here.
 								                // However, catching all exceptions is considered an anti-pattern because it may suppress legitimate
 								                // issues, such as a NullReferenceException thrown by our code. In this case, we still re-throw
 								                // the exception, as the ToJsonFromXmlOrCsvAsync method is not expected to throw any exceptions.
 								                throw;
 								            }
 								        }
 								        public static void FuzzWriteAsync(ReadOnlySpan<byte> data)
 								        {
 								            try
 								            {
 								                _userSettings = new Mock<IUserSettings>();
 								                _elevationHelper = new Mock<IElevationHelper>();
 								                _elevationHelper.Setup(m => m.IsElevated).Returns(true);
 								                var fileSystem = new CustomMockFileSystem();
 								                var service = new HostsService(fileSystem, _userSettings.Object, _elevationHelper.Object);
 								                string input = System.Text.Encoding.UTF8.GetString(data);
 								                // Since the WriteAsync method does not involve content parsing, we won't fuzz the additionalLines in the hosts file.
 								                string additionalLines = " ";
 								                string hosts = input;
 								                string address = input;
 								                string comments = input;
 								                var entries = new List<Entry>
 								                {
 								                    new Entry(1, hosts, address, comments, true),
 								                };
 								                // fuzzing WriteAsync
 								                _ = Task.Run(async () => await service.WriteAsync(additionalLines, entries));
 								            }
 								            catch (Exception ex) when (ex is ArgumentException)
 								            {
 								                throw;
 								            }
 								        }
 								    }
 								}