search

hardbyte / python-can

The can package provides controller area network support for Python developers
https://python-can.readthedocs.io
GNU Lesser General Public License v3.0
1.27k stars 597 forks source link

can.io Log Parsing Exceptions #822

Open karlding opened 4 years ago

karlding commented 4 years ago

I've been playing around with AFL lately to see what sorts of things I can break. I threw together a fuzzer harness for fun using py-afl-fuzz and pointed it at a few of the can.io modules, in the hopes of checking any assumptions we were making about valid input when parsing.

What is the expected behaviour when parsing log files? Is it that python-can should only raise Exceptions that it itself is raising?

For example, in a lot of places, we assume that we can do int(val), despite val potentially being an invalid literal. As such, we currently raise ValueError when we can't parse these. Do we expect to handle situations like this and raise a separate Exception saying that the file format was invalid?

As a data point, json does the following when an invalid JSON object is passed to json.load:

 → TITANIC@~ $ python
Python 3.8.0 (default, Dec  1 2019, 19:49:20)
[GCC 7.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import json
>>> from io import StringIO
>>> json.load(StringIO("{"))
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/karl/.pyenv/versions/3.8.0/lib/python3.8/json/__init__.py", line 293, in load
    return loads(fp.read(),
  File "/home/karl/.pyenv/versions/3.8.0/lib/python3.8/json/__init__.py", line 357, in loads
    return _default_decoder.decode(s)
  File "/home/karl/.pyenv/versions/3.8.0/lib/python3.8/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/home/karl/.pyenv/versions/3.8.0/lib/python3.8/json/decoder.py", line 353, in raw_decode
    obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Expecting property name enclosed in double quotes: line 1 column 2 (char 1)
karlding commented 4 years ago

Here's another data point from pyyaml:

 → TITANIC@~ $ python
Python 3.8.0 (default, Dec  1 2019, 19:49:20)
[GCC 7.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import yaml
>>> yaml.safe_load("[")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/karl/.virtualenvs/python-can-fuzzing/lib/python3.9/site-packages/yaml/__init__.py", line 162, in safe_load
    return load(stream, SafeLoader)
  File "/home/karl/.virtualenvs/python-can-fuzzing/lib/python3.9/site-packages/yaml/__init__.py", line 114, in load
    return loader.get_single_data()
  File "/home/karl/.virtualenvs/python-can-fuzzing/lib/python3.9/site-packages/yaml/constructor.py", line 49, in get_single_data
    node = self.get_single_node()
  File "/home/karl/.virtualenvs/python-can-fuzzing/lib/python3.9/site-packages/yaml/composer.py", line 36, in get_single_node
    document = self.compose_document()
  File "/home/karl/.virtualenvs/python-can-fuzzing/lib/python3.9/site-packages/yaml/composer.py", line 55, in compose_document
    node = self.compose_node(None, None)
  File "/home/karl/.virtualenvs/python-can-fuzzing/lib/python3.9/site-packages/yaml/composer.py", line 82, in compose_node
    node = self.compose_sequence_node(anchor)
  File "/home/karl/.virtualenvs/python-can-fuzzing/lib/python3.9/site-packages/yaml/composer.py", line 110, in compose_sequence_node
    while not self.check_event(SequenceEndEvent):
  File "/home/karl/.virtualenvs/python-can-fuzzing/lib/python3.9/site-packages/yaml/parser.py", line 98, in check_event
    self.current_event = self.state()
  File "/home/karl/.virtualenvs/python-can-fuzzing/lib/python3.9/site-packages/yaml/parser.py", line 474, in parse_flow_sequence_first_entry
    return self.parse_flow_sequence_entry(first=True)
  File "/home/karl/.virtualenvs/python-can-fuzzing/lib/python3.9/site-packages/yaml/parser.py", line 495, in parse_flow_sequence_entry
    return self.parse_flow_node()
  File "/home/karl/.virtualenvs/python-can-fuzzing/lib/python3.9/site-packages/yaml/parser.py", line 268, in parse_flow_node
    return self.parse_node()
  File "/home/karl/.virtualenvs/python-can-fuzzing/lib/python3.9/site-packages/yaml/parser.py", line 369, in parse_node
    raise ParserError("while parsing a %s node" % node, start_mark,
yaml.parser.ParserError: while parsing a flow node
expected the node content, but found '<stream end>'
  in "<unicode string>", line 1, column 2:
    [
     ^