From 8e5d127dd323decaf68323bb99d1960af3df186f Mon Sep 17 00:00:00 2001
From: Arjun Singh <ajsinghyadav00@gmail.com>
Date: Fri, 21 Jul 2023 13:38:53 +0530
Subject: [PATCH] [Fuzzing] Add fuzz testing

Signed-off-by: Arjun Singh <ajsinghyadav00@gmail.com>
---
 Makefile       |  6 ++++++
 dn_test.go     | 13 +++++++++++++
 filter_test.go | 13 +++++++++++++
 ldap_test.go   | 25 +++++++++++++++++++++++++
 4 files changed, 57 insertions(+)

diff --git a/Makefile b/Makefile
index c4966472..ccbeeb1a 100644
--- a/Makefile
+++ b/Makefile
@@ -55,6 +55,12 @@ test:
 quicktest:
 	go test ./...
 
+fuzz:
+	go test -fuzz=FuzzParseDN				-fuzztime=10s $(PWD)/
+	go test -fuzz=FuzzDecodeEscapedSymbols	-fuzztime=10s $(PWD)/
+	go test -fuzz=FuzzEscapeFilter 			-fuzztime=10s $(PWD)/
+	go test -fuzz=FuzzEscapeDN 				-fuzztime=10s $(PWD)/
+
 # Capture output and force failure when there is non-empty output
 fmt:
 	@echo gofmt -l .
diff --git a/dn_test.go b/dn_test.go
index a937f498..5babf93e 100644
--- a/dn_test.go
+++ b/dn_test.go
@@ -290,3 +290,16 @@ func TestDNAncestor(t *testing.T) {
 		}
 	}
 }
+
+func FuzzParseDN(f *testing.F) {
+
+	f.Add("*")
+	f.Add("cn=Jim\\0Test")
+	f.Add("cn=Jim\\0")
+	f.Add("DC=example,=net")
+	f.Add("o=a+o=B")
+
+	f.Fuzz(func(t *testing.T, input_data string) {
+		_, _ = ParseDN(input_data)
+	})
+}
diff --git a/filter_test.go b/filter_test.go
index 4c88eb1a..7157e2c1 100644
--- a/filter_test.go
+++ b/filter_test.go
@@ -289,3 +289,16 @@ func BenchmarkFilterDecompile(b *testing.B) {
 		_, _ = DecompileFilter(filters[i%maxIdx])
 	}
 }
+
+func FuzzDecodeEscapedSymbols(f *testing.F) {
+
+	f.Add([]byte("a\u0100\x80"))
+	f.Add([]byte(`start\d`))
+	f.Add([]byte(`\`))
+	f.Add([]byte(`start\--end`))
+	f.Add([]byte(`start\d0\hh`))
+
+	f.Fuzz(func(t *testing.T, input_data []byte) {
+		_, _ = decodeEscapedSymbols(input_data)
+	})
+}
diff --git a/ldap_test.go b/ldap_test.go
index 5b96e039..3cddd47d 100644
--- a/ldap_test.go
+++ b/ldap_test.go
@@ -410,3 +410,28 @@ func TestSearchAsyncAndCancel(t *testing.T) {
 	}
 	t.Logf("TestSearchAsyncAndCancel: %s -> num of entries = %d", searchRequest.Filter, len(srs))
 }
+
+func FuzzEscapeFilter(f *testing.F) {
+
+	f.Add("a\x00b(c)d*e\\f")
+	f.Add("Lučić")
+
+	f.Fuzz(func(t *testing.T, input_data string) {
+		_ = EscapeFilter(input_data)
+	})
+}
+
+func FuzzEscapeDN(f *testing.F) {
+
+	f.Add("test,user")
+	f.Add("#test#user#")
+	f.Add("\\test\\user\\")
+	f.Add("  test user  ")
+	f.Add("\u0000te\x00st\x00user" + string(rune(0)))
+	f.Add("test\"+,;<>\\-_user")
+	f.Add("test\u0391user ")
+
+	f.Fuzz(func(t *testing.T, input_data string) {
+		_ = EscapeDN(input_data)
+	})
+}