From 0941a4abd94fa48708f3e11a28a16b446bcad2c6 Mon Sep 17 00:00:00 2001 From: 434b Date: Tue, 20 Jun 2023 11:46:16 +0200 Subject: [PATCH] [turf] initial integration [turf] initial integration [turf] streamline onboarding [turf] fix Dockerfile [turf] add missing license header [turf] add additional vendor_ccs --- projects/turf/Dockerfile | 29 +++++++ projects/turf/build.sh | 23 ++++++ projects/turf/fuzz.js | 153 +++++++++++++++++++++++++++++++++++++ projects/turf/package.json | 12 +++ projects/turf/project.yaml | 15 ++++ 5 files changed, 232 insertions(+) create mode 100644 projects/turf/Dockerfile create mode 100644 projects/turf/build.sh create mode 100644 projects/turf/fuzz.js create mode 100644 projects/turf/package.json create mode 100644 projects/turf/project.yaml diff --git a/projects/turf/Dockerfile b/projects/turf/Dockerfile new file mode 100644 index 000000000000..e1342cfb39fa --- /dev/null +++ b/projects/turf/Dockerfile @@ -0,0 +1,29 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder-javascript + +COPY build.sh $SRC/ + +# FIXME: Building locally from source is currently abyssmally complicated/broken +# Ref: https://github.com/Turfjs/turf/issues/2229 +# RUN git clone --depth 1 https://github.com/Turfjs/turf.git +RUN mkdir -p "$SRC/turf" + +COPY package.json $SRC/turf +COPY fuzz.js $SRC/turf + +WORKDIR $SRC/turf diff --git a/projects/turf/build.sh b/projects/turf/build.sh new file mode 100644 index 000000000000..3e90b89121f4 --- /dev/null +++ b/projects/turf/build.sh @@ -0,0 +1,23 @@ +#!/bin/bash -eu +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Install dependencies. +npm install +npm install --save-dev @jazzer.js/core + +# Build Fuzzers. +compile_javascript_fuzzer turf fuzz.js -i turf --sync diff --git a/projects/turf/fuzz.js b/projects/turf/fuzz.js new file mode 100644 index 000000000000..639e32df54f4 --- /dev/null +++ b/projects/turf/fuzz.js @@ -0,0 +1,153 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +const { FuzzedDataProvider } = require("@jazzer.js/core"); +const turf = require("@turf/turf"); + +module.exports.fuzz = function(data) { + const provider = new FuzzedDataProvider(data); + try { + // Consume inputs for turf.buffer + const point = turf.point([ + provider.consumeNumberInRange(-180, 180), + provider.consumeNumberInRange(-90, 90), + ]); + const radius = provider.consumeNumber(); + const options = { + steps: provider.consumeIntegralInRange(1, 1000), + units: provider.consumeString(10), + }; + + turf.buffer(point, radius, options); + + // Consume inputs for turf.lineIntersect + const line1 = turf.lineString([ + [ + provider.consumeNumberInRange(-180, 180), + provider.consumeNumberInRange(-90, 90), + ], + [ + provider.consumeNumberInRange(-180, 180), + provider.consumeNumberInRange(-90, 90), + ], + ]); + const line2 = turf.lineString([ + [ + provider.consumeNumberInRange(-180, 180), + provider.consumeNumberInRange(-90, 90), + ], + [ + provider.consumeNumberInRange(-180, 180), + provider.consumeNumberInRange(-90, 90), + ], + ]); + + turf.lineIntersect(line1, line2); + + // Consume inputs for turf.destination + const origin = turf.point([ + provider.consumeNumberInRange(-180, 180), + provider.consumeNumberInRange(-90, 90), + ]); + const distance = provider.consumeNumberInRange(0, 100); + const bearing = provider.consumeNumberInRange(0, 360); + + turf.destination(origin, distance, bearing); + + // Consume inputs for turf.booleanContains + const polygon1 = turf.polygon([ + [ + [ + provider.consumeNumberInRange(-180, 180), + provider.consumeNumberInRange(-90, 90), + ], + [ + provider.consumeNumberInRange(-180, 180), + provider.consumeNumberInRange(-90, 90), + ], + [ + provider.consumeNumberInRange(-180, 180), + provider.consumeNumberInRange(-90, 90), + ], + [ + provider.consumeNumberInRange(-180, 180), + provider.consumeNumberInRange(-90, 90), + ], + [ + provider.consumeNumberInRange(-180, 180), + provider.consumeNumberInRange(-90, 90), + ], + ], + ]); + const polygon2 = turf.polygon([ + [ + [ + provider.consumeNumberInRange(-180, 180), + provider.consumeNumberInRange(-90, 90), + ], + [ + provider.consumeNumberInRange(-180, 180), + provider.consumeNumberInRange(-90, 90), + ], + [ + provider.consumeNumberInRange(-180, 180), + provider.consumeNumberInRange(-90, 90), + ], + [ + provider.consumeNumberInRange(-180, 180), + provider.consumeNumberInRange(-90, 90), + ], + [ + provider.consumeNumberInRange(-180, 180), + provider.consumeNumberInRange(-90, 90), + ], + ], + ]); + + turf.booleanContains(polygon1, polygon2); + + // Consume inputs for turf.bbox + const point1 = turf.point([ + provider.consumeNumberInRange(-180, 180), + provider.consumeNumberInRange(-90, 90), + ]); + const point2 = turf.point([ + provider.consumeNumberInRange(-180, 180), + provider.consumeNumberInRange(-90, 90), + ]); + const point3 = turf.point([ + provider.consumeNumberInRange(-180, 180), + provider.consumeNumberInRange(-90, 90), + ]); + const point4 = turf.point([ + provider.consumeNumberInRange(-180, 180), + provider.consumeNumberInRange(-90, 90), + ]); + + // Call turf.bbox with fuzzed inputs + turf.bbox(turf.featureCollection([point1, point2, point3, point4])); + } catch (error) { + // Ignore errors + if (!ignoredError(error)) throw error; + } +}; + +function ignoredError(error) { + return !!ignored.find((message) => error.message.indexOf(message) !== -1); +} + +const ignored = ["units is invalid"]; + diff --git a/projects/turf/package.json b/projects/turf/package.json new file mode 100644 index 000000000000..4665794d6400 --- /dev/null +++ b/projects/turf/package.json @@ -0,0 +1,12 @@ +{ + "name": "turf-fuzz", + "version": "1.0.0", + "description": "Fuzzing the geojson library turf.js", + "main": "fuzz.js", + "author": "Christopher Krah ", + "license": "ISC", + "dependencies": { + "@turf/turf": "*" + } +} + diff --git a/projects/turf/project.yaml b/projects/turf/project.yaml new file mode 100644 index 000000000000..5a6a4c2e23a1 --- /dev/null +++ b/projects/turf/project.yaml @@ -0,0 +1,15 @@ +homepage: https://turfjs.org/ +language: javascript +main_repo: https://github.com/Turfjs/turf +fuzzing_engines: +- libfuzzer +sanitizers: +- none +vendor_ccs: + - "wagner@code-intelligence.com" + - "yakdan@code-intelligence.com" + - "glendowne@code-intelligence.com" + - "patrice.salathe@code-intelligence.com" + - "hlin@code-intelligence.com" + - "christopher.krah@code-intelligence.com" + - "bug-disclosure@code-intelligence.com"