From 36463555bb76591f89b1869161b6ef228e947d19 Mon Sep 17 00:00:00 2001 From: Arjun <36335769+0x34d@users.noreply.github.com> Date: Sat, 5 Aug 2023 21:20:59 +0530 Subject: [PATCH] [Fuzzing] Add fuzz testing (#448) * [Fuzzing] Add fuzz testing Signed-off-by: Arjun Singh * [Fuzzing] remove FuzzEscapeFilter Signed-off-by: Arjun Singh --- Makefile | 5 +++++ fuzz_test.go | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 fuzz_test.go diff --git a/Makefile b/Makefile index c4966472..0a414a0e 100644 --- a/Makefile +++ b/Makefile @@ -55,6 +55,11 @@ test: quicktest: go test ./... +fuzz: + go test -fuzz=FuzzParseDN -fuzztime=600s . + go test -fuzz=FuzzDecodeEscapedSymbols -fuzztime=600s . + go test -fuzz=FuzzEscapeDN -fuzztime=600s . + # Capture output and force failure when there is non-empty output fmt: @echo gofmt -l . diff --git a/fuzz_test.go b/fuzz_test.go new file mode 100644 index 00000000..eeee720d --- /dev/null +++ b/fuzz_test.go @@ -0,0 +1,47 @@ +//go:build go1.18 +// +build go1.18 + +package ldap + +import "testing" + +func FuzzParseDN(f *testing.F) { + + f.Add("*") + f.Add("cn=Jim\\0Test") + f.Add("cn=Jim\\0") + f.Add("DC=example,=net") + f.Add("o=a+o=B") + + f.Fuzz(func(t *testing.T, input_data string) { + _, _ = ParseDN(input_data) + }) +} + +func FuzzDecodeEscapedSymbols(f *testing.F) { + + f.Add([]byte("a\u0100\x80")) + f.Add([]byte(`start\d`)) + f.Add([]byte(`\`)) + f.Add([]byte(`start\--end`)) + f.Add([]byte(`start\d0\hh`)) + + f.Fuzz(func(t *testing.T, input_data []byte) { + _, _ = decodeEscapedSymbols(input_data) + }) +} + +func FuzzEscapeDN(f *testing.F) { + + f.Add("test,user") + f.Add("#test#user#") + f.Add("\\test\\user\\") + f.Add(" test user ") + f.Add("\u0000te\x00st\x00user" + string(rune(0))) + f.Add("test\"+,;<>\\-_user") + f.Add("test\u0391user ") + + f.Fuzz(func(t *testing.T, input_data string) { + _ = EscapeDN(input_data) + }) +}