narfindustries / http-garden Goto Github PK

Right now, control flow is collected by sending signals to afl-showmap. This is not only a hack, but inaccurate because the signal to start tracing must be sent before the fuzzed input (i.e., the request).

A better way to do this would be to make a little LD_PRELOAD library that hooks accept() and makes it automatically signal the parent process. This should cut out a lot of the noise from the coverage.

And they should not be

Disadvantages:

• People have to trust me
• People may end up finding bugs that have already been fixed

Advantages:

• No more build time
• Way less disk space used

I think this is probably worth it.

Add proxygen to the Garden.

Civetweb is a fork of Mongoose that might be vulnerable to some of the same problems as Mongoose. It could be worth adding to the Garden.

Add pen as a target in the Garden.

Add Rainbows! to the Garden.

Right now restricted to just /

Add Libhttpserver as a target to the Garden.

This could use a normalization

Add ktor to the Garden.

(Thanks to Jonathan Leitschuh for bringing this to my attention)

Every once in a while, especially if the Garden has just started, running the fuzzer will cause an assertion failure. This assertion is the one that ensures that the coverage information collected is not out of date.

Too annoying to deal with njs issues

In this commit there may be a typo in the comparison between j and i. Perhaps I am misunderstanding the intent behind this code, but it causes the grid view not to work in "both" directions?

When the line 101 = if j <=i:

When the line 101 = if j == i:

Payload was set to "payload 'POST / HTTP/1.1\r\nHost: a\r\nTransfer-Encoding: chunked\r\n\r\n0\n\r\n'"

\Tom

So it can act as an origin too

HTTP/2 support in the Garden is limited. I had a half-baked version of this at one point, but I removed it because it was distracting from HTTP/1, and I was using an external library for HPACK.

It would be nice to add proper H2 support.

https://www.mono-project.com/docs/web/aspnet/

Currently, the Garden uses a fixed timeout for each type of target. We could achieve orders of magnitude better performance by using dynamic timeouts.

I have previously played with adding H3 support to the Garden, but didn't get very far. This would be really nice to have.

Add Netty as a target in the Garden.

Some servers support only a finite set of HTTP methods. This clutters fuzzer results. We should be able to ignore these problems if we know the set of allowable methods for each server.

and figure out a way to make the build not take 100000 years

When you fuzz the Beast target for too long, it starts hogging a core. I should probably figure this out.

https://github.com/yhirose/cpp-httplib

Some UI pain points:

1. In a transducer_fanout, rejection messages are printed separately from regular output.
2. In history, alignment is weird because numbers can have different numbers of digits.

https://blog.cloudflare.com/pingora-open-source

payload: 'GET / HTTP/1.1\r\nHost: b\r\nTest: \xff\r\n\r\n'

Right now, regex highlighting only works for fanout.

this could use a normalization

Add falcon to the Garden.

The README is too long :)

Add Kestrel, the ASP.NET web server, to the Garden.

Readme is too long

The Garden doesn't support these methods because they're special cases. I should add support for them because they're probably a wellspring of interesting bugs.

Add merecat to the Garden.

https://github.com/reactphp/http

Add libsoup as a target in the Garden.