From b7966a85381bdf5772ace8b9b52d5d584b094f26 Mon Sep 17 00:00:00 2001
From: Nick Babcock <nbabcock19@hotmail.com>
Date: Mon, 25 Apr 2022 07:00:27 -0500
Subject: [PATCH] Add read fuzzing module

As someone who has personal projects that take untrusted zips as input,
it is important to me to be able to fuzz the zip project to simulate
possible inputs and to ensure the projects are not vulnerable.

This commit adds a cargo fuzz module for reading and extracting input.

The `fuzz` directory was scaffolded with a `cargo fuzz init`

I added a CI step to guard against the fuzz module decaying over time.
---
 .github/workflows/ci.yaml      | 16 ++++++++++++++++
 README.md                      | 21 +++++++++++++++++++++
 fuzz/.gitignore                |  3 +++
 fuzz/Cargo.toml                | 25 +++++++++++++++++++++++++
 fuzz/fuzz_targets/fuzz_read.rs | 20 ++++++++++++++++++++
 5 files changed, 85 insertions(+)
 create mode 100644 fuzz/.gitignore
 create mode 100644 fuzz/Cargo.toml
 create mode 100644 fuzz/fuzz_targets/fuzz_read.rs

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 6f0e4b9d..b808179e 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -74,3 +74,19 @@ jobs:
 
     - name: Docs
       run: cargo doc
+
+  fuzz:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: nightly
+          override: true
+
+      - run: cargo install cargo-fuzz
+      - name: compile fuzz
+        run: |
+          cargo fuzz build fuzz_read
diff --git a/README.md b/README.md
index 7db31d45..f6a0eac9 100644
--- a/README.md
+++ b/README.md
@@ -75,3 +75,24 @@ See the [examples directory](examples) for:
    * How to extract a zip file.
    * How to extract a single file from a zip.
    * How to read a zip from the standard input.
+
+Fuzzing
+-------
+
+Fuzzing support is through [cargo fuzz](https://github.com/rust-fuzz/cargo-fuzz). To install cargo fuzz:
+
+```bash
+cargo install cargo-fuzz
+```
+
+To list fuzz targets:
+
+```bash
+cargo +nightly fuzz list
+```
+
+To start fuzzing zip extraction:
+
+```bash
+cargo +nightly fuzz run fuzz_read
+```
diff --git a/fuzz/.gitignore b/fuzz/.gitignore
new file mode 100644
index 00000000..a0925114
--- /dev/null
+++ b/fuzz/.gitignore
@@ -0,0 +1,3 @@
+target
+corpus
+artifacts
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
new file mode 100644
index 00000000..bfdb764c
--- /dev/null
+++ b/fuzz/Cargo.toml
@@ -0,0 +1,25 @@
+[package]
+name = "zip-fuzz"
+version = "0.0.0"
+authors = ["Automatically generated"]
+publish = false
+edition = "2018"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.4"
+
+[dependencies.zip]
+path = ".."
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[[bin]]
+name = "fuzz_read"
+path = "fuzz_targets/fuzz_read.rs"
+test = false
+doc = false
diff --git a/fuzz/fuzz_targets/fuzz_read.rs b/fuzz/fuzz_targets/fuzz_read.rs
new file mode 100644
index 00000000..97fbdd3b
--- /dev/null
+++ b/fuzz/fuzz_targets/fuzz_read.rs
@@ -0,0 +1,20 @@
+#![no_main]
+use libfuzzer_sys::fuzz_target;
+
+fn decompress_all(data: &[u8]) -> Result<(), Box<dyn std::error::Error>> {
+    let reader = std::io::Cursor::new(data);
+    let mut zip = zip::ZipArchive::new(reader)?;
+
+    for i in 0..zip.len() {
+        let mut file = zip.by_index(i)?;
+        if file.size() < 1 << 20 {
+            let _ = std::io::copy(&mut file, &mut std::io::sink());
+        }
+    }
+
+    Ok(())
+}
+
+fuzz_target!(|data: &[u8]| {
+    let _ = decompress_all(data);
+});