Update fuzz tests to use go fuzz features #148
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cameracker
commented
May 14, 2024
| @@ -611,6 +611,7 @@ func testNewV7(t *testing.T) { | |||
| t.Run("FaultyRand", makeTestNewV7FaultyRand()) | |||
| t.Run("FaultyRandWithOptions", makeTestNewV7FaultyRandWithOptions()) | |||
| t.Run("ShortRandomRead", makeTestNewV7ShortRandomRead()) | |||
| t.Run("ShortRandomReadWithOptions", makeTestNewV7ShortRandomReadWithOptions()) | |||
There was a problem hiding this comment.
While I was here I noticed that one of the v7 test functions weren't being run, so I added it here.
cameracker
force-pushed
the
feature/update-fuzz-tests
branch
from
5178ff4
to
fe908f1
Compare
cameracker
commented
May 14, 2024
| } | ||
| f.Fuzz(func(t *testing.T, payload string) { | ||
| u, err := FromString(payload) | ||
| if err != nil { |
There was a problem hiding this comment.
the general logic for this pair is that if the function didn't return an error, we make sure the uuid matches a regex for uuids. Otherwise, we assume the error was correct for the input. This implicitly fails the fuzz test on a panic.
cameracker
commented
May 14, 2024
| name := "seed_valid_" + fst.variant | ||
| if err := writeSeedFile(name, fst.input); err != nil { | ||
| t.Fatal(err) | ||
| f.Fuzz(func(t *testing.T, payload []byte) { |
There was a problem hiding this comment.
the general logic for this pair is that if the payload was not 16 bytes, we fail the fuzz if fan error was not returned (or put another way, we verify that the function returns an error when the payload is 16 bytes). Otherwise, if an error was not returned, we make sure it's not a Nil uuid, and we make sure it matched the uuid pattern
cameracker
changed the title
cameracker
commented
May 14, 2024
| @@ -40,11 +40,6 @@ jobs: | |||
| # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support | |||
|
|
|||
| steps: | |||
| - name: Harden Runner | |||
There was a problem hiding this comment.
Removed harden in places that I missed it.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #148 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 4 5 +1
Lines 513 447 -66
=========================================
- Hits 513 447 -66 ☔ View full report in Codecov by Sentry. |
codec_test.go
Outdated
| @@ -403,28 +400,109 @@ func BenchmarkParseV4(b *testing.B) { | |||
| } | |||
| } | |||
|
|
|||
| var seedFuzzCorpus = flag.Bool("seed_fuzz_corpus", false, "seed fuzz test corpus") | |||
| const uuidPattern = "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" | |||
There was a problem hiding this comment.
Should this also include capital A-F in the match patterns since those would still be valid UUID strings?
There was a problem hiding this comment.
Thanks, nice catch. Should be fixed now. Also added uppered uuids to the corpus
cameracker
commented
May 14, 2024
cameracker
commented
May 15, 2024
cameracker
force-pushed
the
feature/update-fuzz-tests
branch
from
045a083
to
007c5b0
Compare
cameracker
commented
Jun 17, 2024
Closed
nono
added a commit
to cozy/cozy-stack
that referenced
this pull request
Sep 16, 2024
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [github.com/gofrs/uuid/v5](https://redirect.github.com/gofrs/uuid) | `v5.2.0` -> `v5.3.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>gofrs/uuid (github.com/gofrs/uuid/v5)</summary> ### [`v5.3.0`](https://redirect.github.com/gofrs/uuid/releases/tag/v5.3.0) [Compare Source](https://redirect.github.com/gofrs/uuid/compare/v5.2.0...v5.3.0) #### Summary In this release, we updated the package to participate in OpenSSF Scorecard and tuned several development workflows and added some fuzz tests. Additionally, We added `AtTime` generators for V1, V6, and V7 so that users may generate UUIDs from time stamps. **NOTE** Technically, the additional of the `AtTime` generators is a breaking change to the `Generator` interface. We decided to go with a `minor` update because of the unlikelihood of this interface being implemented by a consumer, and to reduce the impact of releasing a major version for this feature. #### What's Changed - Add "AtTime" generators for V1, V6, and V7 by [@​kohenkatz](https://redirect.github.com/kohenkatz) in [gofrs/uuid#142 - Fix typo in URL in README by [@​kohenkatz](https://redirect.github.com/kohenkatz) in [gofrs/uuid#141 - Add OpenSSF Best Practices Badge to README by [@​cameracker](https://redirect.github.com/cameracker) in [gofrs/uuid#144 - Create SECURITY.md by [@​cameracker](https://redirect.github.com/cameracker) in [gofrs/uuid#143 - Add OpenSSF Scorecard badge to readme by [@​cameracker](https://redirect.github.com/cameracker) in [gofrs/uuid#149 - Update fuzz tests to use go fuzz features by [@​cameracker](https://redirect.github.com/cameracker) in [gofrs/uuid#148 #### New Contributors - [@​ldez](https://redirect.github.com/ldez) made their first contribution in [gofrs/uuid#168 **Full Changelog**: gofrs/uuid@v5.2.0...v5.3.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on Monday" in timezone Europe/Paris, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/cozy/cozy-stack). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC43NC4xIiwidXBkYXRlZEluVmVyIjoiMzguNzQuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6W119-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR implements #147. Now, we use the fuzz test features built into
go test.This PR also replaces the
go-fuzztests and their accompanying corpus.