Mitigate CLI argument type conversion

bertschneider · bertschneider · commit 8d8f64f4dd76 · 2023-08-01T09:23:50.000+02:00
Yargs automatically converts numeric CLI arguments to numbers. As the
fuzzer argument handling only expects strings, enforce the argument
types.
diff --git a/packages/core/cli.ts b/packages/core/cli.ts
@@ -17,7 +17,7 @@
 
 import yargs, { Argv } from "yargs";
 import { startFuzzing } from "./core";
-import { ensureFilepath } from "./utils";
+import { prepareArgs } from "./utils";
 import { defaultOptions, processOptions, fromSnakeCase } from "./options";
 
 // Use yargs to parse command line arguments and provide a nice CLI experience.
@@ -227,17 +227,7 @@ yargs(process.argv.slice(2))
 		},
 		// eslint-disable-next-line @typescript-eslint/no-explicit-any
 		(args: any) => {
-			// Transform arguments to common format, add compound properties and
-			// remove framework specific ones.
-			const options = {
-				...args,
-				fuzz_target: ensureFilepath(args.fuzz_target),
-				fuzzer_options: (args.corpus ?? []).concat(args._),
-			};
-			delete options._;
-			delete options.corpus;
-			delete options.$0;
-
+			const options = prepareArgs(args);
 			// noinspection JSIgnoredPromiseFromCall
 			startFuzzing(processOptions(options, fromSnakeCase));
 		},
diff --git a/packages/core/utils.test.ts b/packages/core/utils.test.ts
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-import { ensureFilepath } from "./utils";
+import { ensureFilepath, prepareArgs } from "./utils";
 
 import path from "path";
 
@@ -35,4 +35,24 @@ describe("core", () => {
 			expect(ensureFilepath("filename.js")).toMatch(expectedPath);
 		});
 	});
+	describe("prepareArgs", () => {
+		it("converts fuzzer args to strings", () => {
+			const args = {
+				_: ["-some_arg=value", "-other_arg", 123],
+				corpus: ["directory1", "directory2"],
+				fuzz_target: "filename.js",
+			};
+			const options = prepareArgs(args);
+			expect(options).toEqual({
+				fuzz_target: "file://" + path.join(process.cwd(), "filename.js"),
+				fuzzer_options: [
+					"directory1",
+					"directory2",
+					"-some_arg=value",
+					"-other_arg",
+					"123",
+				],
+			});
+		});
+	});
 });
diff --git a/packages/core/utils.ts b/packages/core/utils.ts
@@ -39,3 +39,26 @@ export function ensureFilepath(filePath: string): string {
 		? fullPath
 		: fullPath + ".js";
 }
+
+/**
+ * Transform arguments to common format, add compound properties and
+ * remove framework specific ones, so that the result can be passed on to the
+ * regular option handling code.
+ *
+ * The function is extracted to "utils" as importing "cli" in tests directly
+ * tries to parse command line arguments.
+ */
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export function prepareArgs(args: any) {
+	const options = {
+		...args,
+		fuzz_target: ensureFilepath(args.fuzz_target),
+		fuzzer_options: (args.corpus ?? [])
+			.concat(args._)
+			.map((e: unknown) => e + ""),
+	};
+	delete options._;
+	delete options.corpus;
+	delete options.$0;
+	return options;
+}
