wpetit
/
super-graph
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add fuzz testing to 'serv' for the GQL hash parser

This commit is contained in:
Vikram Rangnekar 2019-10-26 15:43:40 -04:00
parent c74226208d
commit 4a8af69dd0
7 changed files with 53 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
jsn/fuzz.go
View File

@ -2,7 +2,6 @@ package jsn
import "bytes" import "bytes"
// FuzzerEntrypoint for Fuzzbuzz
func Fuzz(data []byte) int { func Fuzz(data []byte) int {
err1 := Validate(string(data)) err1 := Validate(string(data))

1
jsn/fuzz_test.go
View File

@ -3,7 +3,6 @@ package jsn
import "testing" import "testing"
func TestFuzzCrashers(t *testing.T) { func TestFuzzCrashers(t *testing.T) {
var crashers = []string{ var crashers = []string{
"00\"0000\"0{", "00\"0000\"0{",
"6\",\n\t\t\t\"something\": " + "6\",\n\t\t\t\"something\": " +

40
qcode/parse_test.go
View File

@ -5,46 +5,6 @@ import (
"testing" "testing"
) )
/*
func compareOp(op1, op2 Operation) error {
if op1.Type != op2.Type {
return errors.New("operator type mismatch")
}
if op1.Name != op2.Name {
return errors.New("operator name mismatch")
}
if len(op1.Args) != len(op2.Args) {
return errors.New("operator args length mismatch")
}
for i := range op1.Args {
if !reflect.DeepEqual(op1.Args[i], op2.Args[i]) {
return fmt.Errorf("operator args: %v != %v", op1.Args[i], op2.Args[i])
}
}
if len(op1.Fields) != len(op2.Fields) {
return errors.New("operator field length mismatch")
}
for i := range op1.Fields {
if !reflect.DeepEqual(op1.Fields[i].Args, op2.Fields[i].Args) {
return fmt.Errorf("operator field args: %v != %v", op1.Fields[i].Args, op2.Fields[i].Args)
}
}
for i := range op1.Fields {
if !reflect.DeepEqual(op1.Fields[i].Children, op2.Fields[i].Children) {
return fmt.Errorf("operator field fields: %v != %v", op1.Fields[i].Children, op2.Fields[i].Children)
}
}
return nil
}
*/
func TestCompile1(t *testing.T) { func TestCompile1(t *testing.T) {
qc, _ := NewCompiler(Config{}) qc, _ := NewCompiler(Config{})
qc.AddRole("user", "product", TRConfig{ qc.AddRole("user", "product", TRConfig{

21
serv/corpus/001.gql Normal file
View File

@ -0,0 +1,21 @@
query {
products(
# returns only 30 items
limit: 30,
# starts from item 10, commented out for now
# offset: 10,
# orders the response items by highest price
order_by: { price: desc },
# no duplicate prices returned
distinct: [ price ]
# only items with an id >= 30 and < 30 are returned
where: { id: { and: { greater_or_equals: 20, lt: 28 } } }) {
id
name
price
}
}

9
serv/fuzz.go Normal file
View File

@ -0,0 +1,9 @@
package serv
func Fuzz(data []byte) int {
gql := string(data)
isMutation(gql)
gqlHash(gql, nil, "")
return 1
}

16
serv/fuzz_test.go Normal file
View File

@ -0,0 +1,16 @@
package serv
import "testing"
func TestFuzzCrashers(t *testing.T) {
var crashers = []string{
"query",
"q",
"que",
}
for _, f := range crashers {
isMutation(f)
gqlHash(f, nil, "")
}
}

7
serv/utils.go
View File

@ -32,6 +32,10 @@ func gqlHash(b string, vars []byte, role string) string {
var b0, b1 byte var b0, b1 byte
if len(b) == 0 {
return ""
}
for { for {
if starting && b[e] == 'q' { if starting && b[e] == 'q' {
n := 0 n := 0
@ -44,6 +48,9 @@ func gqlHash(b string, vars []byte, role string) string {
io.WriteString(h, strings.ToLower(b[se:e])) io.WriteString(h, strings.ToLower(b[se:e]))
} }
} }
if e >= len(b) {
break
}
if ws(b[e]) { if ws(b[e]) {
for e < len(b) && ws(b[e]) { for e < len(b) && ws(b[e]) {
e++ e++