Closed catenacyber closed 4 years ago
Thanks for the submission. I was not aware of this handy fuzzer: quite simple to use and looking efficient.
Regarding exception handling within the ASN.1 runtime, some errors are caught by pycrate, some errors happen within the Python runtime. I am not willing to catch and re-emit all proper Python runtime exceptions that could happen. On the other side, I realize there are many assert() (from the initial release) that should now be moved to proper exception handling. I have to check that carefully, because there are (too) many of them (around 60)...
In case you are willing to help, you are welcome. Thanks.
I modified slightly the fuzz testing done here: https://github.com/P1sec/pycrate/blob/master/test/fuzz/fuzz_asn1rt.py. It found some uncaught Exception or assert, what led to some fixes commited into the ASN.1 runtime.
This PR is a draft for discussion
cc @H21lab cf https://github.com/P1sec/pycrate/blob/master/test/test_tcapmap.py#L75 cc @yevgenypats for usage of python-fuzz https://github.com/fuzzitdev/pythonfuzz
The big question is where (and which) exceptions should be handled (in the library or in the application)
More targets can easily be written.