Fuzz Test Parsing Logic

[jonathan-g-davis]

High level description

Currently, ANISE does not gracefully handle parsing errors and may panic on malformed input. To enhance the robustness and security of ANISE, we are introducing fuzz testing of critical inputs.

Fuzz testing helps uncover edge cases, unexpected inputs, and potential vulnerabilities by automatically generating and feeding random, malformed, or unexpected data into critical functions. By integrating fuzz testing with cargo-fuzz, we can identify and address these failure points, improving error handling and overall resilience.

Requirements

• Integrate cargo-fuzz for Rust-native fuzz testing
• Create directory for containing fuzzing targets
• Populate fuzzing directory with example targets
• Provide documentation describing fuzzing, recommended practice, and how to extend it in the future

Test plans

• Identify and fuzz parsing functions containing panic!, unwrap, expect, or unreachable!
• Confirm that the panic can be reached within a reasonable amount of time (e.g. 15 minutes of fuzzing)

Design

• Create fuzzing directory within the ANISE core library
  • anise/anise/fuzz
• Include shared fuzzing code under fuzz library
  • anise/anise/fuzz/src/lib.rs
• Where required, refactor parsing functions and methods to make them easier to target for fuzzing