support/fuzz: Add xdr.ClaimPredicate JSON fuzzing #3181
There are no files selected for viewing
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,81 @@ | ||
| // +build gofuzz | ||
|
|
||
| package jsonclaimpredicate | ||
|
|
||
| import ( | ||
| "bytes" | ||
| "encoding/json" | ||
|
|
||
| "github.com/stellar/go/xdr" | ||
| ) | ||
|
|
||
| // Fuzz is go-fuzz function for fuzzing xdr.ClaimPredicate JSON | ||
| // marshaller and unmarshaller. To run: | ||
| // 1. Install go-fuzz: https://github.com/dvyukov/go-fuzz | ||
| // 2. go-fuzz-build | ||
| // 3. go-fuzz | ||
| func Fuzz(data []byte) int { | ||
| // Ignore malformed ClaimPredicate | ||
| var p xdr.ClaimPredicate | ||
| err := xdr.SafeUnmarshal(data, &p) | ||
| if err != nil { | ||
| return -1 | ||
| } | ||
|
|
||
| // Ignore invalid predicates: (and/or length != 2, nil not) | ||
| if !validate(p) { | ||
| return -1 | ||
| } | ||
|
|
||
| j, err := json.Marshal(p) | ||
| if err != nil { | ||
| panic(err) | ||
| } | ||
|
|
||
| var p2 xdr.ClaimPredicate | ||
| err = json.Unmarshal(j, &p2) | ||
| if err != nil { | ||
| panic(err) | ||
| } | ||
|
|
||
| j2, err := json.Marshal(p2) | ||
| if err != nil { | ||
| panic(err) | ||
| } | ||
|
|
||
| if !bytes.Equal(j, j2) { | ||
| panic("not equal " + string(j) + " " + string(j2)) | ||
| } | ||
|
|
||
| return 1 | ||
| } | ||
|
|
||
| func validate(p xdr.ClaimPredicate) bool { | ||
| switch p.Type { | ||
| case xdr.ClaimPredicateTypeClaimPredicateUnconditional: | ||
| return true | ||
| case xdr.ClaimPredicateTypeClaimPredicateAnd: | ||
| and := *p.AndPredicates | ||
| if len(and) != 2 { | ||
| return false | ||
| } | ||
| return validate(and[0]) && validate(and[1]) | ||
| case xdr.ClaimPredicateTypeClaimPredicateOr: | ||
| or := *p.OrPredicates | ||
| if len(or) != 2 { | ||
| return false | ||
| } | ||
| return validate(or[0]) && validate(or[1]) | ||
| case xdr.ClaimPredicateTypeClaimPredicateNot: | ||
| if *p.NotPredicate == nil { | ||
| return false | ||
| } | ||
| return validate(**p.NotPredicate) | ||
| case xdr.ClaimPredicateTypeClaimPredicateBeforeAbsoluteTime: | ||
| return *p.AbsBefore >= 0 | ||
| case xdr.ClaimPredicateTypeClaimPredicateBeforeRelativeTime: | ||
| return *p.RelBefore >= 0 | ||
| } | ||
|
|
||
| panic("Invalid type") | ||
|
There was a problem hiding this comment. ❓ What's the motivation for panicing here? Should this return false rather than panicing given that it is not valid? There was a problem hiding this comment. This line should never be executed because |
||
| } | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Can you place these commands in a
gofuzz.shfile in the repo root in a similar fashion asgovet.sh? The shell script can install the go-fuzz tool at a specific version, then run the commands. It'll mean easy for others to get going without having to stumble on this comment, and we can include the fuzz test in a CI run, which I think will be important because the build tag means we don't verify this code compiles anywhere in tests.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a great idea but I'd like to do it in a separate PR. We won't run fuzzer in Circle-CI, we probably need to use our internal infra for this. There are multiple reasons:
go-fuzzruns indefinitely, we need to update the corpus when new files are generated and it's better to run fuzzing on a powerful machine. I'll create a script but when we agree when we want to run fuzzing.