From 5c470e821e6bc01a90ab138324ade8279375d2b9 Mon Sep 17 00:00:00 2001 From: Cameron Ackerman Date: Tue, 14 May 2024 01:05:49 +0000 Subject: [PATCH 01/10] added two fuzz tests for parser functionality --- fuzz.go | 48 ---------------- fuzz_test.go | 57 +++++++++++++++++++ .../1416586f4a34d02bcb506f6107b40df512b9f2f9 | 1 - ...3b46a7e7b02ec193581e6c9fa2c8a72f50a64e08-1 | 1 - ...50c54bb75fcfdc488f162bf2f0c6dec6103bfa18-5 | 1 - ...69c581ab749cbd56be8684d3a58ac2cfab9af0f4-5 | 1 - ...752bf000e0bff06777dd0d6f0be6353844de678a-3 | 1 - ...a4483762d4ece8466d82cca5cacd35a0829c4e60-2 | 1 - ...d0952c45e0c823fc5cc12bcf7d9b877d150ab523-1 | 1 - .../da39a3ee5e6b4b0d3255bfef95601890afd80709 | 0 ...e2b84d2065846891f18ae109b12e01d224e1c7c3-4 | 1 - ...e320d749435115e874f77420e17d0937e07f69f3-2 | 1 - ...ed132d47d757f6468443a22df8a2a965efb34098-7 | 1 - ...eeefb01f7bb3c627aedb292c994b20f739ffd613-6 | 1 - testdata/corpus/seed_invalid_0 | 1 - testdata/corpus/seed_invalid_1 | 1 - testdata/corpus/seed_invalid_10 | 1 - testdata/corpus/seed_invalid_11 | 1 - testdata/corpus/seed_invalid_12 | 1 - testdata/corpus/seed_invalid_13 | 1 - testdata/corpus/seed_invalid_14 | 1 - testdata/corpus/seed_invalid_15 | 1 - testdata/corpus/seed_invalid_16 | 1 - testdata/corpus/seed_invalid_17 | 1 - testdata/corpus/seed_invalid_18 | 1 - testdata/corpus/seed_invalid_19 | 1 - testdata/corpus/seed_invalid_2 | 1 - testdata/corpus/seed_invalid_20 | 1 - testdata/corpus/seed_invalid_21 | 1 - testdata/corpus/seed_invalid_22 | 1 - testdata/corpus/seed_invalid_23 | 1 - testdata/corpus/seed_invalid_3 | 1 - testdata/corpus/seed_invalid_4 | 1 - testdata/corpus/seed_invalid_5 | 1 - testdata/corpus/seed_invalid_6 | 1 - testdata/corpus/seed_invalid_7 | 1 - testdata/corpus/seed_invalid_8 | 1 - testdata/corpus/seed_invalid_9 | 1 - testdata/corpus/seed_valid_BracedCanonical | 1 - testdata/corpus/seed_valid_BracedHashlike | 1 - testdata/corpus/seed_valid_Canonical | 1 - testdata/corpus/seed_valid_Hashlike | 1 - testdata/corpus/seed_valid_URNCanonical | 1 - testdata/corpus/seed_valid_URNHashlike | 1 - 44 files changed, 57 insertions(+), 89 deletions(-) delete mode 100644 fuzz.go create mode 100644 fuzz_test.go delete mode 100644 testdata/corpus/1416586f4a34d02bcb506f6107b40df512b9f2f9 delete mode 100644 testdata/corpus/3b46a7e7b02ec193581e6c9fa2c8a72f50a64e08-1 delete mode 100644 testdata/corpus/50c54bb75fcfdc488f162bf2f0c6dec6103bfa18-5 delete mode 100644 testdata/corpus/69c581ab749cbd56be8684d3a58ac2cfab9af0f4-5 delete mode 100644 testdata/corpus/752bf000e0bff06777dd0d6f0be6353844de678a-3 delete mode 100644 testdata/corpus/a4483762d4ece8466d82cca5cacd35a0829c4e60-2 delete mode 100644 testdata/corpus/d0952c45e0c823fc5cc12bcf7d9b877d150ab523-1 delete mode 100644 testdata/corpus/da39a3ee5e6b4b0d3255bfef95601890afd80709 delete mode 100644 testdata/corpus/e2b84d2065846891f18ae109b12e01d224e1c7c3-4 delete mode 100644 testdata/corpus/e320d749435115e874f77420e17d0937e07f69f3-2 delete mode 100644 testdata/corpus/ed132d47d757f6468443a22df8a2a965efb34098-7 delete mode 100644 testdata/corpus/eeefb01f7bb3c627aedb292c994b20f739ffd613-6 delete mode 100755 testdata/corpus/seed_invalid_0 delete mode 100755 testdata/corpus/seed_invalid_1 delete mode 100755 testdata/corpus/seed_invalid_10 delete mode 100755 testdata/corpus/seed_invalid_11 delete mode 100755 testdata/corpus/seed_invalid_12 delete mode 100755 testdata/corpus/seed_invalid_13 delete mode 100755 testdata/corpus/seed_invalid_14 delete mode 100755 testdata/corpus/seed_invalid_15 delete mode 100755 testdata/corpus/seed_invalid_16 delete mode 100755 testdata/corpus/seed_invalid_17 delete mode 100755 testdata/corpus/seed_invalid_18 delete mode 100755 testdata/corpus/seed_invalid_19 delete mode 100755 testdata/corpus/seed_invalid_2 delete mode 100755 testdata/corpus/seed_invalid_20 delete mode 100755 testdata/corpus/seed_invalid_21 delete mode 100755 testdata/corpus/seed_invalid_22 delete mode 100755 testdata/corpus/seed_invalid_23 delete mode 100755 testdata/corpus/seed_invalid_3 delete mode 100755 testdata/corpus/seed_invalid_4 delete mode 100755 testdata/corpus/seed_invalid_5 delete mode 100755 testdata/corpus/seed_invalid_6 delete mode 100755 testdata/corpus/seed_invalid_7 delete mode 100755 testdata/corpus/seed_invalid_8 delete mode 100755 testdata/corpus/seed_invalid_9 delete mode 100755 testdata/corpus/seed_valid_BracedCanonical delete mode 100755 testdata/corpus/seed_valid_BracedHashlike delete mode 100755 testdata/corpus/seed_valid_Canonical delete mode 100755 testdata/corpus/seed_valid_Hashlike delete mode 100755 testdata/corpus/seed_valid_URNCanonical delete mode 100755 testdata/corpus/seed_valid_URNHashlike diff --git a/fuzz.go b/fuzz.go deleted file mode 100644 index ccf8d4c..0000000 --- a/fuzz.go +++ /dev/null @@ -1,48 +0,0 @@ -// Copyright (c) 2018 Andrei Tudor Călin -// -// Permission is hereby granted, free of charge, to any person obtaining -// a copy of this software and associated documentation files (the -// "Software"), to deal in the Software without restriction, including -// without limitation the rights to use, copy, modify, merge, publish, -// distribute, sublicense, and/or sell copies of the Software, and to -// permit persons to whom the Software is furnished to do so, subject to -// the following conditions: -// -// The above copyright notice and this permission notice shall be -// included in all copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -//go:build gofuzz -// +build gofuzz - -package uuid - -// Fuzz implements a simple fuzz test for FromString / UnmarshalText. -// -// To run: -// -// $ go get github.com/dvyukov/go-fuzz/... -// $ cd $GOPATH/src/github.com/gofrs/uuid -// $ go-fuzz-build github.com/gofrs/uuid -// $ go-fuzz -bin=uuid-fuzz.zip -workdir=./testdata -// -// If you make significant changes to FromString / UnmarshalText and add -// new cases to fromStringTests (in codec_test.go), please run -// -// $ go test -seed_fuzz_corpus -// -// to seed the corpus with the new interesting inputs, then run the fuzzer. -func Fuzz(data []byte) int { - _, err := FromString(string(data)) - if err != nil { - return 0 - } - return 1 -} diff --git a/fuzz_test.go b/fuzz_test.go new file mode 100644 index 0000000..a2cb045 --- /dev/null +++ b/fuzz_test.go @@ -0,0 +1,57 @@ +package uuid + +import ( + "regexp" + "testing" +) + +var seeds = []string{ + "6ba7b810-9dad-11d1-80b4-00c04fd430c8", + "{6ba7b810-9dad-11d1-80b4-00c04fd430c8}", + "urn:uuid:6ba7b810-9dad-11d1-80b4-00c04fd430c8", + "6ba7b8109dad11d180b400c04fd430c8", + "{6ba7b8109dad11d180b400c04fd430c8}", + "urn:uuid:6ba7b8109dad11d180b400c04fd430c8", +} + +const uuidPattern = "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" + +// FuzzFromStringFunc is a fuzz testing suite that exercises the FromString functionn +func FuzzFromStringFunc(f *testing.F) { + for _, seed := range seeds { + f.Add(seed) + } + uuidRegexp, err := regexp.Compile(uuidPattern) + if err != nil { + f.Error("uuid regexp failed to compile") + } + f.Fuzz(func(t *testing.T, payload string) { + u, err := FromString(payload) + if err != nil { + if !uuidRegexp.MatchString(u.String()) { + t.Errorf("%s resulted in invalid uuid %s", payload, u.String()) + } + } + // otherwise, allow to pass if no panic + }) +} + +// FuzzFromStringOrNil is a fuzz testing suite that exercises the FromStringOrNil functionn +func FuzzFromStringOrNilFunc(f *testing.F) { + for _, seed := range seeds { + f.Add(seed) + } + uuidRegexp, err := regexp.Compile(uuidPattern) + if err != nil { + f.Error("uuid regexp failed to compile") + } + f.Fuzz(func(t *testing.T, payload string) { + u := FromStringOrNil(payload) + if u != Nil { + if !uuidRegexp.MatchString(u.String()) { + t.Errorf("%s resulted in invalid uuid %s", payload, u.String()) + } + } + // otherwise, allow to pass if no panic + }) +} diff --git a/testdata/corpus/1416586f4a34d02bcb506f6107b40df512b9f2f9 b/testdata/corpus/1416586f4a34d02bcb506f6107b40df512b9f2f9 deleted file mode 100644 index cfb2480..0000000 --- a/testdata/corpus/1416586f4a34d02bcb506f6107b40df512b9f2f9 +++ /dev/null @@ -1 +0,0 @@ -zba7b810-9dad-11d1-80b4-00c04fd4 \ No newline at end of file diff --git a/testdata/corpus/3b46a7e7b02ec193581e6c9fa2c8a72f50a64e08-1 b/testdata/corpus/3b46a7e7b02ec193581e6c9fa2c8a72f50a64e08-1 deleted file mode 100644 index 77b9420..0000000 --- a/testdata/corpus/3b46a7e7b02ec193581e6c9fa2c8a72f50a64e08-1 +++ /dev/null @@ -1 +0,0 @@ -6ba7b810-9dad-11d1-80F4-00c"4fd430c8 \ No newline at end of file diff --git a/testdata/corpus/50c54bb75fcfdc488f162bf2f0c6dec6103bfa18-5 b/testdata/corpus/50c54bb75fcfdc488f162bf2f0c6dec6103bfa18-5 deleted file mode 100644 index 17e57ce..0000000 --- a/testdata/corpus/50c54bb75fcfdc488f162bf2f0c6dec6103bfa18-5 +++ /dev/null @@ -1 +0,0 @@ -6ad1DdE8dda91DdE80F400c0Bool30t: \ No newline at end of file diff --git a/testdata/corpus/69c581ab749cbd56be8684d3a58ac2cfab9af0f4-5 b/testdata/corpus/69c581ab749cbd56be8684d3a58ac2cfab9af0f4-5 deleted file mode 100644 index f53c1bd..0000000 --- a/testdata/corpus/69c581ab749cbd56be8684d3a58ac2cfab9af0f4-5 +++ /dev/null @@ -1 +0,0 @@ -6ba7b810Edad1DdE80F400c0Bool30c8 \ No newline at end of file diff --git a/testdata/corpus/752bf000e0bff06777dd0d6f0be6353844de678a-3 b/testdata/corpus/752bf000e0bff06777dd0d6f0be6353844de678a-3 deleted file mode 100644 index 6bcb9a1..0000000 --- a/testdata/corpus/752bf000e0bff06777dd0d6f0be6353844de678a-3 +++ /dev/null @@ -1 +0,0 @@ -6ba7b8109dad1Dd180F400c0Bool30c8 \ No newline at end of file diff --git a/testdata/corpus/a4483762d4ece8466d82cca5cacd35a0829c4e60-2 b/testdata/corpus/a4483762d4ece8466d82cca5cacd35a0829c4e60-2 deleted file mode 100644 index 88427b7..0000000 --- a/testdata/corpus/a4483762d4ece8466d82cca5cacd35a0829c4e60-2 +++ /dev/null @@ -1 +0,0 @@ -6ba7b810-9dad-11d1-80F4-F0c"4fd430c8 \ No newline at end of file diff --git a/testdata/corpus/d0952c45e0c823fc5cc12bcf7d9b877d150ab523-1 b/testdata/corpus/d0952c45e0c823fc5cc12bcf7d9b877d150ab523-1 deleted file mode 100644 index b3b8228..0000000 --- a/testdata/corpus/d0952c45e0c823fc5cc12bcf7d9b877d150ab523-1 +++ /dev/null @@ -1 +0,0 @@ -6ba7b8109dad11d180b400c0Bool30c8 \ No newline at end of file diff --git a/testdata/corpus/da39a3ee5e6b4b0d3255bfef95601890afd80709 b/testdata/corpus/da39a3ee5e6b4b0d3255bfef95601890afd80709 deleted file mode 100644 index e69de29..0000000 diff --git a/testdata/corpus/e2b84d2065846891f18ae109b12e01d224e1c7c3-4 b/testdata/corpus/e2b84d2065846891f18ae109b12e01d224e1c7c3-4 deleted file mode 100644 index abff4da..0000000 --- a/testdata/corpus/e2b84d2065846891f18ae109b12e01d224e1c7c3-4 +++ /dev/null @@ -1 +0,0 @@ -6ba7b8109dad1DdE80F400c0Bool30c8 \ No newline at end of file diff --git a/testdata/corpus/e320d749435115e874f77420e17d0937e07f69f3-2 b/testdata/corpus/e320d749435115e874f77420e17d0937e07f69f3-2 deleted file mode 100644 index b71e8b2..0000000 --- a/testdata/corpus/e320d749435115e874f77420e17d0937e07f69f3-2 +++ /dev/null @@ -1 +0,0 @@ -6ba7b8109dad1Dd180b400c0Bool30c8 \ No newline at end of file diff --git a/testdata/corpus/ed132d47d757f6468443a22df8a2a965efb34098-7 b/testdata/corpus/ed132d47d757f6468443a22df8a2a965efb34098-7 deleted file mode 100644 index a40ccde..0000000 --- a/testdata/corpus/ed132d47d757f6468443a22df8a2a965efb34098-7 +++ /dev/null @@ -1 +0,0 @@ -6ba1DdE8dDAE8DdE80F400c0BoUl30to \ No newline at end of file diff --git a/testdata/corpus/eeefb01f7bb3c627aedb292c994b20f739ffd613-6 b/testdata/corpus/eeefb01f7bb3c627aedb292c994b20f739ffd613-6 deleted file mode 100644 index 4117221..0000000 --- a/testdata/corpus/eeefb01f7bb3c627aedb292c994b20f739ffd613-6 +++ /dev/null @@ -1 +0,0 @@ -6ad1DdE8dDdE8DdE80F400c0Bool30t: \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_0 b/testdata/corpus/seed_invalid_0 deleted file mode 100755 index 02965f8..0000000 --- a/testdata/corpus/seed_invalid_0 +++ /dev/null @@ -1 +0,0 @@ -6ba7b810-9dad-11d1-80b4-00c04fd430c \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_1 b/testdata/corpus/seed_invalid_1 deleted file mode 100755 index 3c7f5f6..0000000 --- a/testdata/corpus/seed_invalid_1 +++ /dev/null @@ -1 +0,0 @@ -6ba7b8109dad11d180b400c04fd430c \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_10 b/testdata/corpus/seed_invalid_10 deleted file mode 100755 index ec890f3..0000000 --- a/testdata/corpus/seed_invalid_10 +++ /dev/null @@ -1 +0,0 @@ -uuid:urn:6ba7b810-9dad-11d1-80b4-00c04fd430c8 \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_11 b/testdata/corpus/seed_invalid_11 deleted file mode 100755 index 266a823..0000000 --- a/testdata/corpus/seed_invalid_11 +++ /dev/null @@ -1 +0,0 @@ -uuid:urn:6ba7b8109dad11d180b400c04fd430c8 \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_12 b/testdata/corpus/seed_invalid_12 deleted file mode 100755 index 06f8ad2..0000000 --- a/testdata/corpus/seed_invalid_12 +++ /dev/null @@ -1 +0,0 @@ -6ba7b8109-dad-11d1-80b4-00c04fd430c8 \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_13 b/testdata/corpus/seed_invalid_13 deleted file mode 100755 index 302b9c3..0000000 --- a/testdata/corpus/seed_invalid_13 +++ /dev/null @@ -1 +0,0 @@ -6ba7b810-9dad1-1d1-80b4-00c04fd430c8 \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_14 b/testdata/corpus/seed_invalid_14 deleted file mode 100755 index c37896c..0000000 --- a/testdata/corpus/seed_invalid_14 +++ /dev/null @@ -1 +0,0 @@ -6ba7b810-9dad-11d18-0b4-00c04fd430c8 \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_15 b/testdata/corpus/seed_invalid_15 deleted file mode 100755 index bb279bd..0000000 --- a/testdata/corpus/seed_invalid_15 +++ /dev/null @@ -1 +0,0 @@ -6ba7b810-9dad-11d1-80b40-0c04fd430c8 \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_16 b/testdata/corpus/seed_invalid_16 deleted file mode 100755 index 2c8be7d..0000000 --- a/testdata/corpus/seed_invalid_16 +++ /dev/null @@ -1 +0,0 @@ -6ba7b810+9dad+11d1+80b4+00c04fd430c8 \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_17 b/testdata/corpus/seed_invalid_17 deleted file mode 100755 index 129f752..0000000 --- a/testdata/corpus/seed_invalid_17 +++ /dev/null @@ -1 +0,0 @@ -(6ba7b810-9dad-11d1-80b4-00c04fd430c8} \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_18 b/testdata/corpus/seed_invalid_18 deleted file mode 100755 index ed41a50..0000000 --- a/testdata/corpus/seed_invalid_18 +++ /dev/null @@ -1 +0,0 @@ -{6ba7b810-9dad-11d1-80b4-00c04fd430c8> \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_19 b/testdata/corpus/seed_invalid_19 deleted file mode 100755 index a296f9e..0000000 --- a/testdata/corpus/seed_invalid_19 +++ /dev/null @@ -1 +0,0 @@ -zba7b810-9dad-11d1-80b4-00c04fd430c8 \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_2 b/testdata/corpus/seed_invalid_2 deleted file mode 100755 index e294615..0000000 --- a/testdata/corpus/seed_invalid_2 +++ /dev/null @@ -1 +0,0 @@ -6ba7b8109dad11d180b400c04fd430q8 \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_20 b/testdata/corpus/seed_invalid_20 deleted file mode 100755 index 6e5d2d5..0000000 --- a/testdata/corpus/seed_invalid_20 +++ /dev/null @@ -1 +0,0 @@ -6ba7b810-9dad11d180b400c04fd430c8 \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_21 b/testdata/corpus/seed_invalid_21 deleted file mode 100755 index 53ebad9..0000000 --- a/testdata/corpus/seed_invalid_21 +++ /dev/null @@ -1 +0,0 @@ -6ba7b8109dad-11d180b400c04fd430c8 \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_22 b/testdata/corpus/seed_invalid_22 deleted file mode 100755 index c08019c..0000000 --- a/testdata/corpus/seed_invalid_22 +++ /dev/null @@ -1 +0,0 @@ -6ba7b8109dad11d1-80b400c04fd430c8 \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_23 b/testdata/corpus/seed_invalid_23 deleted file mode 100755 index 8c32062..0000000 --- a/testdata/corpus/seed_invalid_23 +++ /dev/null @@ -1 +0,0 @@ -6ba7b8109dad11d180b4-00c04fd430c8 \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_3 b/testdata/corpus/seed_invalid_3 deleted file mode 100755 index 2afa5c9..0000000 --- a/testdata/corpus/seed_invalid_3 +++ /dev/null @@ -1 +0,0 @@ -6ba7b810-9dad-11d1-80b4-00c04fd430c8= \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_4 b/testdata/corpus/seed_invalid_4 deleted file mode 100755 index a5f4d4e..0000000 --- a/testdata/corpus/seed_invalid_4 +++ /dev/null @@ -1 +0,0 @@ -6ba7b810-9dad-11d1-80b4-00c04fd430c8} \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_5 b/testdata/corpus/seed_invalid_5 deleted file mode 100755 index a78e7ed..0000000 --- a/testdata/corpus/seed_invalid_5 +++ /dev/null @@ -1 +0,0 @@ -{6ba7b810-9dad-11d1-80b4-00c04fd430c8}f \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_6 b/testdata/corpus/seed_invalid_6 deleted file mode 100755 index f14ded5..0000000 --- a/testdata/corpus/seed_invalid_6 +++ /dev/null @@ -1 +0,0 @@ -6ba7b810-9dad-11d1-80b4-00c04fd430c800c04fd430c8 \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_7 b/testdata/corpus/seed_invalid_7 deleted file mode 100755 index 76e0980..0000000 --- a/testdata/corpus/seed_invalid_7 +++ /dev/null @@ -1 +0,0 @@ -ba7b8109dad11d180b400c04fd430c8} \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_8 b/testdata/corpus/seed_invalid_8 deleted file mode 100755 index f89e744..0000000 --- a/testdata/corpus/seed_invalid_8 +++ /dev/null @@ -1 +0,0 @@ -6ba7b8109dad11d180b400c04fd430c86ba7b8109dad11d180b400c04fd430c8 \ No newline at end of file diff --git a/testdata/corpus/seed_invalid_9 b/testdata/corpus/seed_invalid_9 deleted file mode 100755 index 80ad554..0000000 --- a/testdata/corpus/seed_invalid_9 +++ /dev/null @@ -1 +0,0 @@ -urn:uuid:{6ba7b810-9dad-11d1-80b4-00c04fd430c8} \ No newline at end of file diff --git a/testdata/corpus/seed_valid_BracedCanonical b/testdata/corpus/seed_valid_BracedCanonical deleted file mode 100755 index 23918e3..0000000 --- a/testdata/corpus/seed_valid_BracedCanonical +++ /dev/null @@ -1 +0,0 @@ -{6ba7b810-9dad-11d1-80b4-00c04fd430c8} \ No newline at end of file diff --git a/testdata/corpus/seed_valid_BracedHashlike b/testdata/corpus/seed_valid_BracedHashlike deleted file mode 100755 index 726e1df..0000000 --- a/testdata/corpus/seed_valid_BracedHashlike +++ /dev/null @@ -1 +0,0 @@ -{6ba7b8109dad11d180b400c04fd430c8} \ No newline at end of file diff --git a/testdata/corpus/seed_valid_Canonical b/testdata/corpus/seed_valid_Canonical deleted file mode 100755 index 719471c..0000000 --- a/testdata/corpus/seed_valid_Canonical +++ /dev/null @@ -1 +0,0 @@ -6ba7b810-9dad-11d1-80b4-00c04fd430c8 \ No newline at end of file diff --git a/testdata/corpus/seed_valid_Hashlike b/testdata/corpus/seed_valid_Hashlike deleted file mode 100755 index 327f806..0000000 --- a/testdata/corpus/seed_valid_Hashlike +++ /dev/null @@ -1 +0,0 @@ -6ba7b8109dad11d180b400c04fd430c8 \ No newline at end of file diff --git a/testdata/corpus/seed_valid_URNCanonical b/testdata/corpus/seed_valid_URNCanonical deleted file mode 100755 index 78981af..0000000 --- a/testdata/corpus/seed_valid_URNCanonical +++ /dev/null @@ -1 +0,0 @@ -urn:uuid:6ba7b810-9dad-11d1-80b4-00c04fd430c8 \ No newline at end of file diff --git a/testdata/corpus/seed_valid_URNHashlike b/testdata/corpus/seed_valid_URNHashlike deleted file mode 100755 index 089ec0c..0000000 --- a/testdata/corpus/seed_valid_URNHashlike +++ /dev/null @@ -1 +0,0 @@ -urn:uuid:6ba7b8109dad11d180b400c04fd430c8 \ No newline at end of file From bdf7f55bef7dcec84f0b922c43444a4335791417 Mon Sep 17 00:00:00 2001 From: Cameron Ackerman Date: Tue, 14 May 2024 01:10:43 +0000 Subject: [PATCH 02/10] ran test for v7 generation that was accidentally excluded --- generator_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/generator_test.go b/generator_test.go index 70719e4..8d046e7 100644 --- a/generator_test.go +++ b/generator_test.go @@ -611,6 +611,7 @@ func testNewV7(t *testing.T) { t.Run("FaultyRand", makeTestNewV7FaultyRand()) t.Run("FaultyRandWithOptions", makeTestNewV7FaultyRandWithOptions()) t.Run("ShortRandomRead", makeTestNewV7ShortRandomRead()) + t.Run("ShortRandomReadWithOptions", makeTestNewV7ShortRandomReadWithOptions()) t.Run("KSortable", makeTestNewV7KSortable()) t.Run("ClockSequence", makeTestNewV7ClockSequence()) } From 4825e9136f18bbbf74a03f8bc4404b2f9584e9a6 Mon Sep 17 00:00:00 2001 From: Cameron Ackerman Date: Tue, 14 May 2024 02:14:15 +0000 Subject: [PATCH 03/10] added fuzz tests for FromBinary family of functions, moved to the codec_tests.go file --- codec_test.go | 115 +++++++++++++++++++++++++++++++++++++++++--------- fuzz_test.go | 57 ------------------------- 2 files changed, 94 insertions(+), 78 deletions(-) delete mode 100644 fuzz_test.go diff --git a/codec_test.go b/codec_test.go index 684f521..dfa89db 100644 --- a/codec_test.go +++ b/codec_test.go @@ -23,10 +23,7 @@ package uuid import ( "bytes" - "flag" - "fmt" - "os" - "path/filepath" + "regexp" "strings" "testing" ) @@ -403,28 +400,104 @@ func BenchmarkParseV4(b *testing.B) { } } -var seedFuzzCorpus = flag.Bool("seed_fuzz_corpus", false, "seed fuzz test corpus") +const uuidPattern = "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" -func TestSeedFuzzCorpus(t *testing.T) { - // flag.Parse() is called for us by the test binary. - if !*seedFuzzCorpus { - t.Skip("seeding fuzz test corpus only on demand") +var fromBytesCorpus = [][]byte{ + {0x6b, 0xa7, 0xb8, 0x10, 0x9d, 0xad, 0x11, 0xd1, 0x80, 0xb4, 0x00, 0xc0, 0x4f, 0xd4, 0x30, 0xc8}, + {4, 8, 15, 16, 23, 42}, +} + +// FuzzFromBytesFunc is a fuzz testing suite that exercises the FromBytes function +func FuzzFromBytesFunc(f *testing.F) { + for _, seed := range fromBytesCorpus { + f.Add(seed) } - corpusDir := filepath.Join(".", "testdata", "corpus") - writeSeedFile := func(name, data string) error { - path := filepath.Join(corpusDir, name) - return os.WriteFile(path, []byte(data), os.ModePerm) + uuidRegexp, err := regexp.Compile(uuidPattern) + if err != nil { + f.Error("uuid regexp failed to compile") } - for _, fst := range fromStringTests { - name := "seed_valid_" + fst.variant - if err := writeSeedFile(name, fst.input); err != nil { - t.Fatal(err) + f.Fuzz(func(t *testing.T, payload []byte) { + u, err := FromBytes(payload) + if len(payload) != 16 && err == nil { + t.Errorf("%v did not result in an error", payload) + } + if u != Nil { + if !uuidRegexp.MatchString(u.String()) { + t.Errorf("%v resulted in invalid uuid %s", payload, u.String()) + } } + // otherwise, allow to pass if no panic + }) +} + +// FuzzFromBytesOrNilFunc is a fuzz testing suite that exercises the FromBytesOrNil function +func FuzzFromBytesOrNilFunc(f *testing.F) { + for _, seed := range fromBytesCorpus { + f.Add(seed) } - for i, s := range invalidFromStringInputs { - name := fmt.Sprintf("seed_invalid_%d", i) - if err := writeSeedFile(name, s); err != nil { - t.Fatal(err) + uuidRegexp, err := regexp.Compile(uuidPattern) + if err != nil { + f.Error("uuid regexp failed to compile") + } + f.Fuzz(func(t *testing.T, payload []byte) { + u := FromBytesOrNil(payload) + if len(payload) != 16 && u != Nil { + t.Errorf("%v resulted in non Nil uuid %s", payload, u.String()) + } + if u != Nil { + if !uuidRegexp.MatchString(u.String()) { + t.Errorf("%v resulted in invalid uuid %s", payload, u.String()) + } } + // otherwise, allow to pass if no panic + }) +} + +var fromStringCorpus = []string{ + "6ba7b810-9dad-11d1-80b4-00c04fd430c8", + "{6ba7b810-9dad-11d1-80b4-00c04fd430c8}", + "urn:uuid:6ba7b810-9dad-11d1-80b4-00c04fd430c8", + "6ba7b8109dad11d180b400c04fd430c8", + "{6ba7b8109dad11d180b400c04fd430c8}", + "urn:uuid:6ba7b8109dad11d180b400c04fd430c8", +} + +// FuzzFromStringFunc is a fuzz testing suite that exercises the FromString function +func FuzzFromStringFunc(f *testing.F) { + for _, seed := range fromStringCorpus { + f.Add(seed) + } + uuidRegexp, err := regexp.Compile(uuidPattern) + if err != nil { + f.Error("uuid regexp failed to compile") } + f.Fuzz(func(t *testing.T, payload string) { + u, err := FromString(payload) + if err != nil { + if !uuidRegexp.MatchString(u.String()) { + t.Errorf("%s resulted in invalid uuid %s", payload, u.String()) + } + } + // otherwise, allow to pass if no panic + }) +} + +// FuzzFromStringOrNil is a fuzz testing suite that exercises the FromStringOrNil function +func FuzzFromStringOrNilFunc(f *testing.F) { + for _, seed := range fromStringCorpus { + f.Add(seed) + } + uuidRegexp, err := regexp.Compile(uuidPattern) + if err != nil { + f.Error("uuid regexp failed to compile") + } + f.Fuzz(func(t *testing.T, payload string) { + u := FromStringOrNil(payload) + if u != Nil { + if !uuidRegexp.MatchString(u.String()) { + t.Errorf("%s resulted in invalid uuid %s", payload, u.String()) + } + } + // otherwise, allow to pass if no panic + }) } diff --git a/fuzz_test.go b/fuzz_test.go deleted file mode 100644 index a2cb045..0000000 --- a/fuzz_test.go +++ /dev/null @@ -1,57 +0,0 @@ -package uuid - -import ( - "regexp" - "testing" -) - -var seeds = []string{ - "6ba7b810-9dad-11d1-80b4-00c04fd430c8", - "{6ba7b810-9dad-11d1-80b4-00c04fd430c8}", - "urn:uuid:6ba7b810-9dad-11d1-80b4-00c04fd430c8", - "6ba7b8109dad11d180b400c04fd430c8", - "{6ba7b8109dad11d180b400c04fd430c8}", - "urn:uuid:6ba7b8109dad11d180b400c04fd430c8", -} - -const uuidPattern = "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" - -// FuzzFromStringFunc is a fuzz testing suite that exercises the FromString functionn -func FuzzFromStringFunc(f *testing.F) { - for _, seed := range seeds { - f.Add(seed) - } - uuidRegexp, err := regexp.Compile(uuidPattern) - if err != nil { - f.Error("uuid regexp failed to compile") - } - f.Fuzz(func(t *testing.T, payload string) { - u, err := FromString(payload) - if err != nil { - if !uuidRegexp.MatchString(u.String()) { - t.Errorf("%s resulted in invalid uuid %s", payload, u.String()) - } - } - // otherwise, allow to pass if no panic - }) -} - -// FuzzFromStringOrNil is a fuzz testing suite that exercises the FromStringOrNil functionn -func FuzzFromStringOrNilFunc(f *testing.F) { - for _, seed := range seeds { - f.Add(seed) - } - uuidRegexp, err := regexp.Compile(uuidPattern) - if err != nil { - f.Error("uuid regexp failed to compile") - } - f.Fuzz(func(t *testing.T, payload string) { - u := FromStringOrNil(payload) - if u != Nil { - if !uuidRegexp.MatchString(u.String()) { - t.Errorf("%s resulted in invalid uuid %s", payload, u.String()) - } - } - // otherwise, allow to pass if no panic - }) -} From 223f01f3dd073160867ea58bbeedf0c99c9f21ba Mon Sep 17 00:00:00 2001 From: Cameron Ackerman Date: Tue, 14 May 2024 02:26:07 +0000 Subject: [PATCH 04/10] refined logic for FromX fuzz functions --- codec_test.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/codec_test.go b/codec_test.go index dfa89db..6b0a286 100644 --- a/codec_test.go +++ b/codec_test.go @@ -420,8 +420,10 @@ func FuzzFromBytesFunc(f *testing.F) { u, err := FromBytes(payload) if len(payload) != 16 && err == nil { t.Errorf("%v did not result in an error", payload) - } - if u != Nil { + } else { + if u == Nil { + t.Errorf("%v resulted in Nil uuid", payload) + } if !uuidRegexp.MatchString(u.String()) { t.Errorf("%v resulted in invalid uuid %s", payload, u.String()) } @@ -474,6 +476,9 @@ func FuzzFromStringFunc(f *testing.F) { f.Fuzz(func(t *testing.T, payload string) { u, err := FromString(payload) if err != nil { + if u == Nil { + t.Errorf("%s resulted in Nil uuid", payload) + } if !uuidRegexp.MatchString(u.String()) { t.Errorf("%s resulted in invalid uuid %s", payload, u.String()) } From 26aacc506dade39986a5a78a8ab3c11ac10eecda Mon Sep 17 00:00:00 2001 From: Cameron Ackerman Date: Tue, 14 May 2024 02:37:00 +0000 Subject: [PATCH 05/10] fixed logical errors with fuzz tests --- codec_test.go | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/codec_test.go b/codec_test.go index 6b0a286..6e46474 100644 --- a/codec_test.go +++ b/codec_test.go @@ -418,15 +418,14 @@ func FuzzFromBytesFunc(f *testing.F) { } f.Fuzz(func(t *testing.T, payload []byte) { u, err := FromBytes(payload) - if len(payload) != 16 && err == nil { + if len(payload) != Size && err == nil { t.Errorf("%v did not result in an error", payload) - } else { - if u == Nil { - t.Errorf("%v resulted in Nil uuid", payload) - } - if !uuidRegexp.MatchString(u.String()) { - t.Errorf("%v resulted in invalid uuid %s", payload, u.String()) - } + } + if len(payload) == Size && u == Nil { + t.Errorf("%v resulted in Nil uuid", payload) + } + if len(payload) == Size && !uuidRegexp.MatchString(u.String()) { + t.Errorf("%v resulted in invalid uuid %s", payload, u.String()) } // otherwise, allow to pass if no panic }) @@ -443,13 +442,14 @@ func FuzzFromBytesOrNilFunc(f *testing.F) { } f.Fuzz(func(t *testing.T, payload []byte) { u := FromBytesOrNil(payload) - if len(payload) != 16 && u != Nil { + if len(payload) != Size && u != Nil { t.Errorf("%v resulted in non Nil uuid %s", payload, u.String()) } - if u != Nil { - if !uuidRegexp.MatchString(u.String()) { - t.Errorf("%v resulted in invalid uuid %s", payload, u.String()) - } + if len(payload) == Size && u == Nil { + t.Errorf("%v resulted Nil uuid", payload) + } + if len(payload) == Size && !uuidRegexp.MatchString(u.String()) { + t.Errorf("%v resulted in invalid uuid %s", payload, u.String()) } // otherwise, allow to pass if no panic }) From f8b5c5b225d19529ea0cd6fe6cc4dc1419c6f651 Mon Sep 17 00:00:00 2001 From: Cameron Ackerman Date: Tue, 14 May 2024 02:44:54 +0000 Subject: [PATCH 06/10] removed harden from some other github actions workflows --- .github/workflows/codeql.yml | 5 ----- .github/workflows/dependency-review.yml | 5 ----- .github/workflows/go.yml | 12 ------------ 3 files changed, 22 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0006b91..453afaa 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -40,11 +40,6 @@ jobs: # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: - - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 - with: - egress-policy: audit - - name: Checkout repository uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index eea3e82..029af7f 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -16,11 +16,6 @@ jobs: dependency-review: runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 - with: - egress-policy: audit - - name: 'Checkout Repository' uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: 'Dependency Review' diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 61919ed..afd8ef5 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -17,12 +17,6 @@ jobs: env: GO111MODULE: auto steps: - - - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 - with: - egress-policy: audit - - name: Build uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: @@ -46,12 +40,6 @@ jobs: env: GO111MODULE: auto steps: - - - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 - with: - egress-policy: audit - - name: Build uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: From 34e6f469271bdd207a054eb659492592471e1293 Mon Sep 17 00:00:00 2001 From: Cameron Ackerman Date: Tue, 14 May 2024 03:54:16 +0000 Subject: [PATCH 07/10] fix missing codecov token --- .github/workflows/go.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index afd8ef5..af8ad2b 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -33,7 +33,9 @@ jobs: - name: Coverage uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1 - + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + build-legacy: name: Build + Test Previous Stable runs-on: ubuntu-latest From 007c5b0a157f8c0eb7ac33a60dd374ccbf0d42c9 Mon Sep 17 00:00:00 2001 From: Cameron Ackerman Date: Tue, 14 May 2024 19:09:43 -0700 Subject: [PATCH 08/10] Apply suggestions from code review --- codec_test.go | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/codec_test.go b/codec_test.go index 6e46474..bb68ff2 100644 --- a/codec_test.go +++ b/codec_test.go @@ -400,7 +400,7 @@ func BenchmarkParseV4(b *testing.B) { } } -const uuidPattern = "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" +const uuidPattern = "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}" var fromBytesCorpus = [][]byte{ {0x6b, 0xa7, 0xb8, 0x10, 0x9d, 0xad, 0x11, 0xd1, 0x80, 0xb4, 0x00, 0xc0, 0x4f, 0xd4, 0x30, 0xc8}, @@ -457,11 +457,12 @@ func FuzzFromBytesOrNilFunc(f *testing.F) { var fromStringCorpus = []string{ "6ba7b810-9dad-11d1-80b4-00c04fd430c8", - "{6ba7b810-9dad-11d1-80b4-00c04fd430c8}", - "urn:uuid:6ba7b810-9dad-11d1-80b4-00c04fd430c8", - "6ba7b8109dad11d180b400c04fd430c8", - "{6ba7b8109dad11d180b400c04fd430c8}", - "urn:uuid:6ba7b8109dad11d180b400c04fd430c8", + "6BA7B810-9DAD-11D1-80B4-00C04FD430C8", + "{6BA7B810-9DAD-11D1-80B4-00C04FD430C8}", + "urn:uuid:6BA7B810-9DAD-11D1-80B4-00C04FD430C8", + "6BA7B8109DAD11D180B400C04FD430C8", + "{6BA7B8109DAD11D180B400C04FD430C8}", + "urn:uuid:6BA7B8109DAD11D180B400C04FD430C8", } // FuzzFromStringFunc is a fuzz testing suite that exercises the FromString function From 6fa51f69cc675f9eef21c4cf4556a8643581a861 Mon Sep 17 00:00:00 2001 From: Cameron Ackerman Date: Sun, 16 Jun 2024 15:05:44 +0000 Subject: [PATCH 09/10] fixed code review feedback --- .github/workflows/go.yml | 2 +- codec_test.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 6703de0..bb297d1 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -32,7 +32,7 @@ jobs: run: go test ./... -race -coverprofile=coverage.txt -covermode=atomic - name: Coverage - uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4.3.1 + uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4.4.1 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} diff --git a/codec_test.go b/codec_test.go index bb68ff2..e14b6ed 100644 --- a/codec_test.go +++ b/codec_test.go @@ -414,7 +414,7 @@ func FuzzFromBytesFunc(f *testing.F) { } uuidRegexp, err := regexp.Compile(uuidPattern) if err != nil { - f.Error("uuid regexp failed to compile") + f.Fatal("uuid regexp failed to compile") } f.Fuzz(func(t *testing.T, payload []byte) { u, err := FromBytes(payload) @@ -472,7 +472,7 @@ func FuzzFromStringFunc(f *testing.F) { } uuidRegexp, err := regexp.Compile(uuidPattern) if err != nil { - f.Error("uuid regexp failed to compile") + f.Fatal("uuid regexp failed to compile") } f.Fuzz(func(t *testing.T, payload string) { u, err := FromString(payload) From ecd8f5094ff4712a1ee4ed72422fc7ac022dd244 Mon Sep 17 00:00:00 2001 From: Cameron Ackerman Date: Mon, 17 Jun 2024 08:53:29 -0700 Subject: [PATCH 10/10] Update .github/workflows/go.yml --- .github/workflows/go.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index bb297d1..c1666a2 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -32,7 +32,7 @@ jobs: run: go test ./... -race -coverprofile=coverage.txt -covermode=atomic - name: Coverage - uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4.4.1 + uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}