diff options
9 files changed, 394 insertions, 133 deletions
diff --git a/ b/
index 84b79e822..f09947819 100644
--- a/
+++ b/
@@ -2,6 +2,7 @@ Caddy 2 Development Branch
[![Build Status](](
This is the development branch for Caddy 2. This code (version 2) is not yet feature-complete or production-ready, but is already being used in production, and we encourage you to deploy it today on sites that are not very visible or important so that it can obtain crucial experience in the field.
diff --git a/admin_fuzz.go b/admin_fuzz.go
new file mode 100644
index 000000000..6d8095d6e
--- /dev/null
+++ b/admin_fuzz.go
@@ -0,0 +1,30 @@
+// Copyright 2015 Matthew Holt and The Caddy Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// +build gofuzz
+// +build gofuzz_libfuzzer
+package caddy
+import (
+ "bytes"
+func FuzzAdmin(data []byte) (score int) {
+ err := Load(bytes.NewReader(data))
+ if err != nil {
+ return 0
+ }
+ return 1
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index e0418541e..58ce4f0d1 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -2,21 +2,15 @@
-- v2
- matrix:
- linux:
- imageName: ubuntu-16.04
- gorootDir: /usr/local
- mac:
- imageName: macos-10.13
- gorootDir: /usr/local
- windows:
- imageName: windows-2019
- gorootDir: C:\
- vmImage: $(imageName)
+ - v2
+- cron: "0 0 * * *"
+ displayName: Daily midnight fuzzing
+ branches:
+ include:
+ - v2
+ always: true
GOROOT: $(gorootDir)/go
@@ -26,121 +20,224 @@ variables:
# TODO: Remove once it's enabled by default
-- bash: |
- latestGo=$(curl "")
- echo "##vso[task.setvariable variable=LATEST_GO]$latestGo"
- echo "Latest Go version: $latestGo"
- displayName: "Get latest Go version"
-- bash: |
- sudo rm -f $(which go)
- echo '##vso[task.prependpath]$(GOBIN)'
- echo '##vso[task.prependpath]$(GOROOT)/bin'
- mkdir -p '$(modulePath)'
- shopt -s extglob
- shopt -s dotglob
- mv !(gopath) '$(modulePath)'
- displayName: Remove old Go, set GOBIN/GOROOT, and move project into GOPATH
-# Install Go (this varies by platform)
-- bash: |
- wget "$(LATEST_GO).linux-amd64.tar.gz"
- sudo tar -C $(gorootDir) -xzf "$(LATEST_GO).linux-amd64.tar.gz"
- condition: eq( variables['Agent.OS'], 'Linux' )
- displayName: Install Go on Linux
-- bash: |
- wget "$(LATEST_GO).darwin-amd64.tar.gz"
- sudo tar -C $(gorootDir) -xzf "$(LATEST_GO).darwin-amd64.tar.gz"
- condition: eq( variables['Agent.OS'], 'Darwin' )
- displayName: Install Go on macOS
-# The low performance is partly due to PowerShell's attempt to update the progress bar. Disabling it speeds up the process.
-# Reference:
-- powershell: |
- $ProgressPreference = 'SilentlyContinue'
- Write-Host "Downloading Go..."
- (New-Object System.Net.WebClient).DownloadFile("$(LATEST_GO)", "$(LATEST_GO)")
- Write-Host "Extracting Go... (I'm slow too)"
- 7z x "$(LATEST_GO)" -o"$(gorootDir)"
- condition: eq( variables['Agent.OS'], 'Windows_NT' )
- displayName: Install Go on Windows
-- bash: curl -sfL | sh -s -- -b $(go env GOPATH)/bin v1.19.1
- displayName: Install golangci-lint
-- script: |
- go get
- go get
- go get -u
- displayName: Install test and coverage analysis tools
-- bash: |
- printf "Using go at: $(which go)\n"
- printf "Go version: $(go version)\n"
- printf "\n\nGo environment:\n\n"
- go env
- printf "\n\nSystem environment:\n\n"
- env
- displayName: Print Go version and environment
-- script: |
- go get -v -t -d ./...
- mkdir test-results
- workingDirectory: '$(modulePath)'
- displayName: Get dependencies
-# its behavior is governed by .golangci.yml
-- script: |
- (golangci-lint run --out-format junit-xml) > test-results/lint-result.xml
- exit 0
- workingDirectory: '$(modulePath)'
- continueOnError: true
- displayName: Run lint check
-- script: |
- (go test -v -coverprofile=cover-profile.out -race ./... 2>&1) > test-results/test-result.out
- workingDirectory: '$(modulePath)'
- continueOnError: true
- displayName: Run tests
-- script: |
- mkdir coverage
- gocov convert cover-profile.out > coverage/coverage.json
- # Because Windows doesn't work with input redirection like *nix, but output redirection works.
- (cat ./coverage/coverage.json | gocov-xml) > coverage/coverage.xml
- workingDirectory: '$(modulePath)'
- displayName: Prepare coverage reports
-- script: |
- (cat ./test-results/test-result.out | go-junit-report) > test-results/test-result.xml
- workingDirectory: '$(modulePath)'
- displayName: Prepare test report
-- task: PublishCodeCoverageResults@1
- displayName: Publish test coverage report
- inputs:
- codeCoverageTool: Cobertura
- summaryFileLocation: $(modulePath)/coverage/coverage.xml
-- task: PublishTestResults@2
- displayName: Publish unit test
- inputs:
- testResultsFormat: 'JUnit'
- testResultsFiles: $(modulePath)/test-results/test-result.xml
- testRunTitle: $(agent.OS) Unit Test
- mergeTestResults: false
-- task: PublishTestResults@2
- displayName: Publish lint results
- inputs:
- testResultsFormat: 'JUnit'
- testResultsFiles: $(modulePath)/test-results/lint-result.xml
- testRunTitle: $(agent.OS) Lint
- mergeTestResults: false
-- bash: |
- exit 1
- condition: eq(variables['Agent.JobStatus'], 'SucceededWithIssues')
- displayName: Coerce correct build result \ No newline at end of file
+- job: crossPlatformTest
+ displayName: "Cross-Platform Tests"
+ strategy:
+ matrix:
+ linux:
+ imageName: ubuntu-16.04
+ gorootDir: /usr/local
+ mac:
+ imageName: macos-10.13
+ gorootDir: /usr/local
+ windows:
+ imageName: windows-2019
+ gorootDir: C:\
+ pool:
+ vmImage: $(imageName)
+ steps:
+ - bash: |
+ latestGo=$(curl "")
+ echo "##vso[task.setvariable variable=LATEST_GO]$latestGo"
+ echo "Latest Go version: $latestGo"
+ displayName: "Get latest Go version"
+ - bash: |
+ sudo rm -f $(which go)
+ echo '##vso[task.prependpath]$(GOBIN)'
+ echo '##vso[task.prependpath]$(GOROOT)/bin'
+ mkdir -p '$(modulePath)'
+ shopt -s extglob
+ shopt -s dotglob
+ mv !(gopath) '$(modulePath)'
+ displayName: Remove old Go, set GOBIN/GOROOT, and move project into GOPATH
+ # Install Go (this varies by platform)
+ - bash: |
+ wget "$(LATEST_GO).linux-amd64.tar.gz"
+ sudo tar -C $(gorootDir) -xzf "$(LATEST_GO).linux-amd64.tar.gz"
+ condition: eq( variables['Agent.OS'], 'Linux' )
+ displayName: Install Go on Linux
+ - bash: |
+ wget "$(LATEST_GO).darwin-amd64.tar.gz"
+ sudo tar -C $(gorootDir) -xzf "$(LATEST_GO).darwin-amd64.tar.gz"
+ condition: eq( variables['Agent.OS'], 'Darwin' )
+ displayName: Install Go on macOS
+ # The low performance is partly due to PowerShell's attempt to update the progress bar. Disabling it speeds up the process.
+ # Reference:
+ - powershell: |
+ $ProgressPreference = 'SilentlyContinue'
+ Write-Host "Downloading Go..."
+ (New-Object System.Net.WebClient).DownloadFile("$(LATEST_GO)", "$(LATEST_GO)")
+ Write-Host "Extracting Go... (I'm slow too)"
+ 7z x "$(LATEST_GO)" -o"$(gorootDir)"
+ condition: eq( variables['Agent.OS'], 'Windows_NT' )
+ displayName: Install Go on Windows
+ - bash: curl -sfL | sh -s -- -b $(go env GOPATH)/bin v1.19.1
+ displayName: Install golangci-lint
+ - script: |
+ go get
+ go get
+ go get -u
+ displayName: Install test and coverage analysis tools
+ - bash: |
+ printf "Using go at: $(which go)\n"
+ printf "Go version: $(go version)\n"
+ printf "\n\nGo environment:\n\n"
+ go env
+ printf "\n\nSystem environment:\n\n"
+ env
+ displayName: Print Go version and environment
+ - script: |
+ go get -v -t -d ./...
+ mkdir test-results
+ workingDirectory: '$(modulePath)'
+ displayName: Get dependencies
+ # its behavior is governed by .golangci.yml
+ - script: |
+ (golangci-lint run --out-format junit-xml) > test-results/lint-result.xml
+ exit 0
+ workingDirectory: '$(modulePath)'
+ continueOnError: true
+ displayName: Run lint check
+ - script: |
+ (go test -v -coverprofile=cover-profile.out -race ./... 2>&1) > test-results/test-result.out
+ workingDirectory: '$(modulePath)'
+ continueOnError: true
+ displayName: Run tests
+ - script: |
+ mkdir coverage
+ gocov convert cover-profile.out > coverage/coverage.json
+ # Because Windows doesn't work with input redirection like *nix, but output redirection works.
+ (cat ./coverage/coverage.json | gocov-xml) > coverage/coverage.xml
+ workingDirectory: '$(modulePath)'
+ displayName: Prepare coverage reports
+ - script: |
+ (cat ./test-results/test-result.out | go-junit-report) > test-results/test-result.xml
+ workingDirectory: '$(modulePath)'
+ displayName: Prepare test report
+ - task: PublishCodeCoverageResults@1
+ displayName: Publish test coverage report
+ inputs:
+ codeCoverageTool: Cobertura
+ summaryFileLocation: $(modulePath)/coverage/coverage.xml
+ - task: PublishTestResults@2
+ displayName: Publish unit test
+ inputs:
+ testResultsFormat: 'JUnit'
+ testResultsFiles: $(modulePath)/test-results/test-result.xml
+ testRunTitle: $(agent.OS) Unit Test
+ mergeTestResults: false
+ - task: PublishTestResults@2
+ displayName: Publish lint results
+ inputs:
+ testResultsFormat: 'JUnit'
+ testResultsFiles: $(modulePath)/test-results/lint-result.xml
+ testRunTitle: $(agent.OS) Lint
+ mergeTestResults: false
+ - bash: |
+ exit 1
+ condition: eq(variables['Agent.JobStatus'], 'SucceededWithIssues')
+ displayName: Coerce correct build result
+- job: fuzzing
+ displayName: 'Scheduled Fuzzing'
+ # Only run this job on schedules, not PRs.
+ condition: eq(variables['Build.Reason'], 'Schedule')
+ strategy:
+ matrix:
+ linux:
+ imageName: ubuntu-16.04
+ gorootDir: /usr/local
+ pool:
+ vmImage: $(imageName)
+ steps:
+ - bash: |
+ latestGo=$(curl "")
+ echo "##vso[task.setvariable variable=LATEST_GO]$latestGo"
+ echo "Latest Go version: $latestGo"
+ displayName: "Get latest Go version"
+ - bash: |
+ sudo rm -f $(which go)
+ echo '##vso[task.prependpath]$(GOBIN)'
+ echo '##vso[task.prependpath]$(GOROOT)/bin'
+ mkdir -p '$(modulePath)'
+ shopt -s extglob
+ shopt -s dotglob
+ mv !(gopath) '$(modulePath)'
+ displayName: Remove old Go, set GOBIN/GOROOT, and move project into GOPATH
+ - bash: |
+ wget "$(LATEST_GO).linux-amd64.tar.gz"
+ sudo tar -C $(gorootDir) -xzf "$(LATEST_GO).linux-amd64.tar.gz"
+ condition: eq( variables['Agent.OS'], 'Linux' )
+ displayName: Install Go on Linux
+ - bash: |
+ # Install Clang
+ sudo add-apt-repository "deb llvm-toolchain-xenial main"
+ wget -O - | sudo apt-key add -
+ sudo apt update && sudo apt install -y clang lldb lld
+ go get -v
+ wget -q -O fuzzit
+ chmod a+x fuzzit
+ mv fuzzit $(GOBIN)
+ displayName: Download go-fuzz tools and the Fuzzit CLI, and move Fuzzit CLI to GOBIN
+ condition: and(eq(variables['System.PullRequest.IsFork'], 'False') , eq( variables['Agent.OS'], 'Linux' ))
+ - script: fuzzit auth ${FUZZIT_API_KEY}
+ condition: and(eq(variables['System.PullRequest.IsFork'], 'False') , eq( variables['Agent.OS'], 'Linux' ))
+ displayName: Authenticate with Fuzzit
+ env:
+ - bash: |
+ declare -A fuzzers_funcs=(\
+ ["./admin_fuzz.go"]="FuzzAdmin" \
+ ["./caddyconfig/httpcaddyfile/adapter_fuzz.go"]="FuzzHTTPCaddyfileAdapter" \
+ ["./caddyconfig/httpcaddyfile/addresses_fuzz.go"]="FuzzParseAddress" \
+ ["./caddyconfig/caddyfile/parse_fuzz.go"]="FuzzParseCaddyfile" \
+ ["./listeners_fuzz.go"]="FuzzParseNetworkAddress" \
+ ["./replacer_fuzz.go"]="FuzzReplacer" \
+ )
+ declare -A fuzzers_targets=(\
+ ["./admin_fuzz.go"]="admin" \
+ ["./caddyconfig/httpcaddyfile/adapter_fuzz.go"]="caddyfile-adapter" \
+ ["./caddyconfig/httpcaddyfile/addresses_fuzz.go"]="parse-address" \
+ ["./caddyconfig/caddyfile/parse_fuzz.go"]="parse-caddyfile" \
+ ["./listeners_fuzz.go"]="parse-listen-addr" \
+ ["./replacer_fuzz.go"]="replacer" \
+ )
+ fuzz_type="fuzzing"
+ for f in $(find . -name \*_fuzz.go); do
+ FUZZER_DIRECTORY=$(dirname $f)
+ echo "go-fuzz-build func ${fuzzers_funcs[$f]} residing in $f"
+ go-fuzz-build -func "${fuzzers_funcs[$f]}" -libfuzzer -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.a" $FUZZER_DIRECTORY
+ echo "Generating fuzzer binary of func ${fuzzers_funcs[$f]} which resides in $f"
+ clang -fsanitize=fuzzer "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.a" -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.fuzzer"
+ fuzzit create job --type "${fuzz_type}" --branch "${SYSTEM_PULLREQUEST_SOURCEBRANCH}" --revision "${BUILD_SOURCEVERSION}" caddyserver/${fuzzers_targets[$f]} $FUZZER_DIRECTORY/${fuzzers_targets[$f]}.fuzzer
+ echo "Completed $f"
+ done
+ workingDirectory: '$(modulePath)'
+ displayName: Generate fuzzers & submit them to Fuzzit
diff --git a/caddyconfig/httpcaddyfile/adapter_fuzz.go b/caddyconfig/httpcaddyfile/adapter_fuzz.go
new file mode 100644
index 000000000..1748b668e
--- /dev/null
+++ b/caddyconfig/httpcaddyfile/adapter_fuzz.go
@@ -0,0 +1,49 @@
+// Copyright 2015 Matthew Holt and The Caddy Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// +build gofuzz
+// +build gofuzz_libfuzzer
+package httpcaddyfile
+import (
+ "bytes"
+ ""
+ ""
+func FuzzHTTPCaddyfileAdapter(data []byte) int {
+ adapter := caddyfile.Adapter{
+ ServerType: ServerType{},
+ }
+ b, warns, err := adapter.Adapt(data, nil)
+ // Adapt func calls the Setup() func of the ServerType,
+ // thus it's going across multiple layers, each can
+ // return warnings or errors. Marking the presence of
+ // errors or warnings as interesting in this case
+ // could push the fuzzer towards a path where we only
+ // catch errors. Let's push the fuzzer to where it passes
+ // but breaks.
+ if (err != nil) || (warns != nil && len(warns) > 0) {
+ return 0
+ }
+ // adapted Caddyfile should be parseable by the configuration loader in admin.go
+ err = caddy.Load(bytes.NewReader(b))
+ if err != nil {
+ return 0
+ }
+ return 1
diff --git a/caddyconfig/httpcaddyfile/addresses_fuzz.go b/caddyconfig/httpcaddyfile/addresses_fuzz.go
new file mode 100644
index 000000000..26f369633
--- /dev/null
+++ b/caddyconfig/httpcaddyfile/addresses_fuzz.go
@@ -0,0 +1,29 @@
+// Copyright 2015 Matthew Holt and The Caddy Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// +build gofuzz
+// +build gofuzz_libfuzzer
+package httpcaddyfile
+func FuzzParseAddress(data []byte) int {
+ addr, err := ParseAddress(string(data))
+ if err != nil {
+ if addr == (Address{}) {
+ return 1
+ }
+ return 0
+ }
+ return 1
diff --git a/go.mod b/go.mod
index be5f485dd..0ab0c8b83 100644
--- a/go.mod
+++ b/go.mod
@@ -6,6 +6,7 @@ require ( v3.0.0 v0.0.0-20190821151343-b60f0d972eeb v1.0.0
+ v0.0.0-20191022152526-8cb203812681 // indirect v3.1.0 v0.0.0-20191002201903-404acd9df4cc v1.0.1
diff --git a/go.sum b/go.sum
index 4ecf4835e..8023c8d92 100644
--- a/go.sum
+++ b/go.sum
@@ -59,6 +59,8 @@ v0.0.0-20180814043457-aafff18a5cc2/go.mod h1:aBB1+wY4s9 v0.30.0/go.mod h1:O5TJ0/U6r7AfT8niYNlmohpLbCSG+c71tQlGr9SeGrg= v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= v0.0.0-20191022152526-8cb203812681 h1:3WV5aRRj1ELP3RcLlBp/v0WJTuy47OQMkL9GIQq8QEE= v0.0.0-20191022152526-8cb203812681/go.mod h1:11Gm+ccJnvAhCNLlf5+cS9KjtbaD5I5zaZpFMsTHWTw= v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
diff --git a/listeners_fuzz.go b/listeners_fuzz.go
new file mode 100644
index 000000000..98465fd2d
--- /dev/null
+++ b/listeners_fuzz.go
@@ -0,0 +1,26 @@
+// Copyright 2015 Matthew Holt and The Caddy Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// +build gofuzz
+// +build gofuzz_libfuzzer
+package caddy
+func FuzzParseNetworkAddress(data []byte) int {
+ _, _, err := ParseNetworkAddress(string(data))
+ if err != nil {
+ return 0
+ }
+ return 1
diff --git a/replacer_fuzz.go b/replacer_fuzz.go
new file mode 100644
index 000000000..6d40cf73d
--- /dev/null
+++ b/replacer_fuzz.go
@@ -0,0 +1,26 @@
+// Copyright 2015 Matthew Holt and The Caddy Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// +build gofuzz
+// +build gofuzz_libfuzzer
+package caddy
+func FuzzReplacer(data []byte) (score int) {
+ NewReplacer().ReplaceAll(string(data), "")
+ NewReplacer().ReplaceAll(NewReplacer().ReplaceAll(string(data), ""), "")
+ NewReplacer().ReplaceAll(NewReplacer().ReplaceAll(string(data), ""), NewReplacer().ReplaceAll(string(data), ""))
+ NewReplacer().ReplaceAll(string(data[:len(data)/2]), string(data[len(data)/2:]))
+ return 0