Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

timestamp: add fuzzer #101

Closed
wants to merge 1 commit into from
Closed

timestamp: add fuzzer #101

wants to merge 1 commit into from

Conversation

AdamKorcz
Copy link
Contributor

@AdamKorcz AdamKorcz commented Jan 7, 2023
edited
Loading

Adds a simple fuzzer for FuzzParseSignedToken.

Once merged, I will instruct OSS-Fuzz to run this fuzzer continuously.

Signed-off-by: AdamKorcz [email protected]

@AdamKorcz
timestamp: add fuzzer
690d721 
Signed-off-by: AdamKorcz <[email protected]>
@codecov-commenter
Copy link

codecov-commenter commented Jan 10, 2023
edited
Loading

Codecov Report

Merging #101 (690d721) into main (cd56ef6) will decrease coverage by 0.02%.
The diff coverage is 78.50%.

@@            Coverage Diff             @@
##             main     #101      +/-   ##
==========================================
- Coverage   78.76%   78.73%   -0.03%     
==========================================
  Files          28       28              
  Lines        2067     2140      +73     
==========================================
+ Hits         1628     1685      +57     
- Misses        336      346      +10     
- Partials      103      109       +6
Impacted Files Coverage Δ
signature/internal/base/envelope.go 97.72% <ø> (ø)
signature/types.go 0.00% <ø> (ø)
signature/cose/envelope.go 93.24% <78.30%> (-2.99%) ⬇️
signature/envelope.go 100.00% <100.00%> (ø)

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

priteshbandi
priteshbandi reviewed Jan 13, 2023
View reviewed changes
timestamp/fuzz_test.go

func FuzzParseSignedToken(f *testing.F) {
f.Fuzz(func(t *testing.T, data []byte) {
_, _ = ParseSignedToken(data)
Copy link
Contributor

@priteshbandi priteshbandi Jan 13, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just an callout: As of now we are not performing timestamping so ParseSignedToken method is dead code. But we will be adding time-stamping support in future so it doesnt hurts to add a fuzzer.

qq: How are we validating that the outcome of ParseSignedToken is expected one or not?

@shizhMSFT
Copy link
Contributor

The timestamp package has been cleaned up by #102

@AdamKorcz
Copy link
Contributor Author

Closing since the target code has been removed.

@AdamKorcz AdamKorcz closed this Mar 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@priteshbandi priteshbandi priteshbandi left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@AdamKorcz @codecov-commenter @shizhMSFT @priteshbandi