[Fuzz] Add fuzz testing for Hosts (#37516)

* add hostsfile fuzztests templates code * modify typos of hostsfile * add hosts file * add hosts fuzz to pipeline * modify varify depjson rule * fuzz validIPv4 * update .net7 to .net 8 * add valid6/validhosts tests on hosts * catch all exception * update onefuzzconfig.json to add 3 test cases * add fuzz writeasync tests and fill exception * add writeasync onefuzz config * add dll of writeasync in job dependencies * for testing az * change file * use mock filesystem in hosts tests projct * fix spell erro * fix spell erro and change notations * update test * fix space erro in code * install python * update * test * use powershell * remove unused dll in oneconfig.json * change download artifacts * update * test * add * test * merge * az * change * update * test cli * add debug * test large * fix * use templete * remove pdb file filter in job test project * fix x64 python install * for testing * add * fix * use 3.11.1 * change for test * revert some testing file * update the file name for spelling check * use azure cli zip * use aka.ms * rename the zip file * remove test artifactname * add exception and job dependencies * Remove the limitation of fuzzing only on hosts * add fuzz readme * remove unused changes and space * fix x86 in sln and remove newtonsoft.json.dll in oneconfig.json * readd wrapper.dll in oneconfig.json * drop randomsplit when fuzz writeasync and remove unuseful package ---------
2026-04-07 03:36:44 +02:00 · 2025-02-20 10:39:42 +08:00
parent 0592e74d3d
commit a1a02889d5
8 changed files with 387 additions and 607 deletions
--- a/src/modules/Hosts/Hosts.FuzzTests/FuzzTests.cs
+++ b/src/modules/Hosts/Hosts.FuzzTests/FuzzTests.cs
@@ -0,0 +1,101 @@
+// Copyright (c) Microsoft Corporation
+// The Microsoft Corporation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+using System;
+using System.IO;
+using System.IO.Abstractions.TestingHelpers;
+using System.Text.RegularExpressions;
+using System.Threading.Tasks;
+
+using Hosts.Tests.Mocks;
+using HostsUILib.Helpers;
+using HostsUILib.Models;
+using HostsUILib.Settings;
+using Moq;
+
+namespace Hosts.FuzzTests
+{
+    public class FuzzTests
+    {
+        private static Mock<IUserSettings> _userSettings;
+        private static Mock<IElevationHelper> _elevationHelper;
+
+        // Case1： Fuzzing method for ValidIPv4
+        public static void FuzzValidIPv4(ReadOnlySpan<byte> input)
+        {
+            try
+            {
+                string address = System.Text.Encoding.UTF8.GetString(input);
+                bool isValid = ValidationHelper.ValidIPv4(address);
+            }
+            catch (Exception ex) when (ex is RegexMatchTimeoutException)
+            {
+                throw;
+            }
+        }
+
+        // Case2: fuzzing method for ValidIPv6
+        public static void FuzzValidIPv6(ReadOnlySpan<byte> input)
+        {
+            try
+            {
+                string address = System.Text.Encoding.UTF8.GetString(input);
+                bool isValid = ValidationHelper.ValidIPv6(address);
+            }
+            catch (Exception ex) when (ex is RegexMatchTimeoutException)
+            {
+                throw;
+            }
+        }
+
+        // Case3: fuzzing method for ValidHosts
+        public static void FuzzValidHosts(ReadOnlySpan<byte> input)
+        {
+            try
+            {
+                string hosts = System.Text.Encoding.UTF8.GetString(input);
+                bool isValid = ValidationHelper.ValidHosts(hosts, true);
+            }
+            catch (Exception ex) when (ex is RegexMatchTimeoutException)
+            {
+                // It's important to filter out any *expected* exceptions from our code here.
+                // However, catching all exceptions is considered an anti-pattern because it may suppress legitimate
+                // issues, such as a NullReferenceException thrown by our code. In this case, we still re-throw
+                // the exception, as the ToJsonFromXmlOrCsvAsync method is not expected to throw any exceptions.
+                throw;
+            }
+        }
+
+        public static void FuzzWriteAsync(ReadOnlySpan<byte> data)
+        {
+            try
+            {
+                _userSettings = new Mock<IUserSettings>();
+                _elevationHelper = new Mock<IElevationHelper>();
+                _elevationHelper.Setup(m => m.IsElevated).Returns(true);
+
+                var fileSystem = new CustomMockFileSystem();
+                var service = new HostsService(fileSystem, _userSettings.Object, _elevationHelper.Object);
+
+                string input = System.Text.Encoding.UTF8.GetString(data);
+
+                // Since the WriteAsync method does not involve content parsing, we won't fuzz the additionalLines in the hosts file.
+                string additionalLines = " ";
+                string hosts = input;
+                string address = input;
+                string comments = input;
+                var entries = new List<Entry>
+                {
+                    new Entry(1, hosts, address, comments, true),
+                };
+
+                // fuzzing WriteAsync
+                _ = Task.Run(async () => await service.WriteAsync(additionalLines, entries));
+            }
+            catch (Exception ex) when (ex is ArgumentException)
+            {
+                throw;
+            }
+        }
+    }
+}