jacobpascual/keepassxc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add fuzz test support

Browse Source 
Describe how to invoke the AFL fuzz tester on the KeePassXC
CLI tool. As suggested in #2729.

Fuzz test build of keepassxc-cli takes database password from
environment variable instead of requiring it to be empty.
Provide two empty kdbx files as initial fuzzer input, one
kdbx 3 and one kdbx 4, both with minimal number of decryption
rounds to speed up the test.
This commit is contained in:
Wolfram Rösler
2020-04-21 23:36:31 +02:00
committed by Jonathan White
parent 48d9fb3e79
commit 34b44e7496
4 changed files with 75 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/cli/Utils.cpp
View File

@@ -191,6 +191,12 @@ namespace Utils
*/
QString getPassword(bool quiet)
{
#ifdef __AFL_COMPILER
// Fuzz test build takes password from environment variable to
// allow non-interactive operation
const auto env = getenv("KEYPASSXC_AFL_PASSWORD");
return env ? env : "";
#else
auto& in = STDIN;
auto& out = quiet ? DEVNULL : STDERR;
@@ -200,6 +206,7 @@ namespace Utils
out << endl;
return line;
#endif // __AFL_COMPILER
}
/**