5. Testing Guidelines

To be filled.

5.1. Testplan for releases

Explain release numbers. major, minor. developer releases. etc.

  1. Remove any existing rpm with rpm -e

  2. Remove any file that was left over. This includes (but is not limited to)

    • /var/log/privoxy

    • /etc/privoxy

    • /usr/sbin/privoxy

    • /etc/init.d/privoxy

    • /usr/doc/privoxy*

  3. Install the rpm. Any error messages?

  4. start,stop,status Privoxy with the specific script (e.g. /etc/rc.d/init/privoxy stop). Reboot your machine. Does autostart work?

  5. Start browsing. Does Privoxy work? Logfile written?

  6. Remove the rpm. Any error messages? All files removed?

5.2. Fuzzing Privoxy

To make fuzzing more convenient, Privoxy can be configured with --enable-fuzz which will result in the --fuzz option becoming available.

Example (tested on ElectroBSD):

            # Compile Privoxy with instrumentation for afl
$ export CC=afl-clang
$ export CFLAGS="-fsanitize=address -ggdb"
$ export CPPFLAGS=-I/usr/local/include/
$ export LDFLAGS="-fsanitize=address -L/usr/local/lib"
$ export AFL_USE_ASAN=1
$ export AFL_HARDEN=1
$ ./configure --with-debug --enable-extended-host-patterns --enable-accept-filter --enable-no-gifs --enable-compression --enable-strptime-sanity-checks --enable-external-filters --enable-fuzz

$ ./privoxy --fuzz
Privoxy version 3.0.24 (http://www.privoxy.org/)
Usage: ./privoxy [--config-test] [--chroot] [--help] [--no-daemon] [--pidfile pidfile] [--pre-chroot-nslookup hostname] [--user user[.group]] [--version] [configfile]
       ./privoxy --fuzz fuzz-mode ./path/to/fuzzed/input [--stfu]

Supported fuzz modes and the expected input:
 action: Text to parse as action file.
 client-request: Client request to parse. Currently incomplete
 client-header: Client header to parse.
 chunked-transfer-encoding: Chunk-encoded data to dechunk.
 deflate: deflate-compressed data to decompress.
 filter: Text to parse as filter file.
 gif: gif to deanimate.
 gzip: gzip-compressed data to decompress.
 pcrs-substitute: A pcrs-substitute to compile. Not a whole pcrs job! Example: Bla $1 bla C $3 blah.
 server-header: Server header to parse.
 server-response: Server response to parse.

The following fuzz modes read data from stdin if the 'file' is '-'
 client-request
 client-header
 chunked-transfer-encoding
 deflate
 gif
 gzip
 pcrs-substitute
 server-header
 server-response

Aborting

$ export ASAN_OPTIONS='abort_on_error=1'
$ mkdir input output
$ echo '$1 bla fasel $2' > input/pcrs
$ afl-fuzz -i input -o output -m none ~/git/privoxy/privoxy --fuzz pcrs-substitute - --stfu

$ cat >input/pcrs.txt
FILTER: bla fasel
s@(.{1})[432](\d+)@$1$2$hostname@UgisT

$ afl-fuzz -i input/ -o output/ -f bla.filter -m none privoxy --fuzz filter bla.filter --stfu