Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update fuzz tests to use go fuzz features #148

Merged
merged 14 commits into from
Jun 28, 2024
Merged

Conversation

cameracker
Copy link
Collaborator

@cameracker cameracker commented May 14, 2024

This PR implements #147. Now, we use the fuzz test features built into go test.

This PR also replaces the go-fuzz tests and their accompanying corpus.

@@ -611,6 +611,7 @@ func testNewV7(t *testing.T) {
t.Run("FaultyRand", makeTestNewV7FaultyRand())
t.Run("FaultyRandWithOptions", makeTestNewV7FaultyRandWithOptions())
t.Run("ShortRandomRead", makeTestNewV7ShortRandomRead())
t.Run("ShortRandomReadWithOptions", makeTestNewV7ShortRandomReadWithOptions())
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While I was here I noticed that one of the v7 test functions weren't being run, so I added it here.

@cameracker cameracker force-pushed the feature/update-fuzz-tests branch from 5178ff4 to fe908f1 Compare May 14, 2024 02:16
}
f.Fuzz(func(t *testing.T, payload string) {
u, err := FromString(payload)
if err != nil {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the general logic for this pair is that if the function didn't return an error, we make sure the uuid matches a regex for uuids. Otherwise, we assume the error was correct for the input. This implicitly fails the fuzz test on a panic.

name := "seed_valid_" + fst.variant
if err := writeSeedFile(name, fst.input); err != nil {
t.Fatal(err)
f.Fuzz(func(t *testing.T, payload []byte) {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the general logic for this pair is that if the payload was not 16 bytes, we fail the fuzz if fan error was not returned (or put another way, we verify that the function returns an error when the payload is 16 bytes). Otherwise, if an error was not returned, we make sure it's not a Nil uuid, and we make sure it matched the uuid pattern

@cameracker cameracker changed the title Feature/update-fuzz-tests Update fuzz tests to use go fuzz features May 14, 2024
@@ -40,11 +40,6 @@ jobs:
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

steps:
- name: Harden Runner
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed harden in places that I missed it.

Copy link

codecov bot commented May 14, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (22c52c2) to head (2206317).
Report is 26 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff            @@
##            master      #148   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            4         5    +1     
  Lines          513       447   -66     
=========================================
- Hits           513       447   -66     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

codec_test.go Outdated
@@ -403,28 +400,109 @@ func BenchmarkParseV4(b *testing.B) {
}
}

var seedFuzzCorpus = flag.Bool("seed_fuzz_corpus", false, "seed fuzz test corpus")
const uuidPattern = "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this also include capital A-F in the match patterns since those would still be valid UUID strings?

Copy link
Collaborator Author

@cameracker cameracker May 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, nice catch. Should be fixed now. Also added uppered uuids to the corpus

codec_test.go Outdated Show resolved Hide resolved
codec_test.go Outdated Show resolved Hide resolved
@cameracker cameracker force-pushed the feature/update-fuzz-tests branch from 045a083 to 007c5b0 Compare May 15, 2024 02:15
@cameracker cameracker requested a review from dylan-bourque June 4, 2024 22:57
Copy link
Member

@dylan-bourque dylan-bourque left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Had a few questions/comments but I like the change. 👍

.github/workflows/go.yml Outdated Show resolved Hide resolved
codec_test.go Outdated Show resolved Hide resolved
codec_test.go Show resolved Hide resolved
@cameracker cameracker requested a review from dylan-bourque June 16, 2024 15:10
.github/workflows/go.yml Outdated Show resolved Hide resolved
Copy link
Member

@dylan-bourque dylan-bourque left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

codec_test.go Show resolved Hide resolved
@cameracker cameracker merged commit bb31fe5 into master Jun 28, 2024
7 checks passed
@cameracker cameracker deleted the feature/update-fuzz-tests branch June 28, 2024 19:46
@cameracker cameracker mentioned this pull request Jun 28, 2024
nono referenced this pull request in cozy/cozy-stack Sep 16, 2024
This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [github.com/gofrs/uuid/v5](https://redirect.github.com/gofrs/uuid) |
`v5.2.0` -> `v5.3.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgofrs%2fuuid%2fv5/v5.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fgofrs%2fuuid%2fv5/v5.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fgofrs%2fuuid%2fv5/v5.2.0/v5.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgofrs%2fuuid%2fv5/v5.2.0/v5.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>gofrs/uuid (github.com/gofrs/uuid/v5)</summary>

###
[`v5.3.0`](https://redirect.github.com/gofrs/uuid/releases/tag/v5.3.0)

[Compare
Source](https://redirect.github.com/gofrs/uuid/compare/v5.2.0...v5.3.0)

#### Summary

In this release, we updated the package to participate in OpenSSF
Scorecard and tuned several development workflows and added some fuzz
tests. Additionally, We added `AtTime` generators for V1, V6, and V7 so
that users may generate UUIDs from time stamps.

**NOTE** Technically, the additional of the `AtTime` generators is a
breaking change to the `Generator` interface. We decided to go with a
`minor` update because of the unlikelihood of this interface being
implemented by a consumer, and to reduce the impact of releasing a major
version for this feature.
 

#### What's Changed

- Add "AtTime" generators for V1, V6, and V7 by
[@&#8203;kohenkatz](https://redirect.github.com/kohenkatz) in
[https://github.com/gofrs/uuid/pull/142](https://redirect.github.com/gofrs/uuid/pull/142)
- Fix typo in URL in README by
[@&#8203;kohenkatz](https://redirect.github.com/kohenkatz) in
[https://github.com/gofrs/uuid/pull/141](https://redirect.github.com/gofrs/uuid/pull/141)
- Add OpenSSF Best Practices Badge to README by
[@&#8203;cameracker](https://redirect.github.com/cameracker) in
[https://github.com/gofrs/uuid/pull/144](https://redirect.github.com/gofrs/uuid/pull/144)
- Create SECURITY.md by
[@&#8203;cameracker](https://redirect.github.com/cameracker) in
[https://github.com/gofrs/uuid/pull/143](https://redirect.github.com/gofrs/uuid/pull/143)
- Add OpenSSF Scorecard badge to readme by
[@&#8203;cameracker](https://redirect.github.com/cameracker) in
[https://github.com/gofrs/uuid/pull/149](https://redirect.github.com/gofrs/uuid/pull/149)
- Update fuzz tests to use go fuzz features by
[@&#8203;cameracker](https://redirect.github.com/cameracker) in
[https://github.com/gofrs/uuid/pull/148](https://redirect.github.com/gofrs/uuid/pull/148)

#### New Contributors

- [@&#8203;ldez](https://redirect.github.com/ldez) made their first
contribution in
[https://github.com/gofrs/uuid/pull/168](https://redirect.github.com/gofrs/uuid/pull/168)

**Full Changelog**:
gofrs/uuid@v5.2.0...v5.3.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on Monday" in timezone
Europe/Paris, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/cozy/cozy-stack).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC43NC4xIiwidXBkYXRlZEluVmVyIjoiMzguNzQuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6W119-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants