Add fuzz testing to 'serv' for the GQL hash parser

2019-10-26 15:43:40 -04:00 · 2019-10-26 15:43:40 -04:00 · 4a8af69dd0
parent c74226208d
commit 4a8af69dd0
7 changed files with 53 additions and 42 deletions
--- a/jsn/fuzz.go
+++ b/jsn/fuzz.go
@ -2,7 +2,6 @@ package jsn

 import "bytes"

-// FuzzerEntrypoint for Fuzzbuzz
 func Fuzz(data []byte) int {
 	err1 := Validate(string(data))

--- a/jsn/fuzz_test.go
+++ b/jsn/fuzz_test.go
@ -3,7 +3,6 @@ package jsn
 import "testing"

 func TestFuzzCrashers(t *testing.T) {
-
 	var crashers = []string{
 		"00\"0000\"0{",
 		"6\",\n\t\t\t\"something\": " +
--- a/qcode/parse_test.go
+++ b/qcode/parse_test.go
@ -5,46 +5,6 @@ import (
 	"testing"
 )

-/*
-func compareOp(op1, op2 Operation) error {
-	if op1.Type != op2.Type {
-		return errors.New("operator type mismatch")
-	}
-
-	if op1.Name != op2.Name {
-		return errors.New("operator name mismatch")
-	}
-
-	if len(op1.Args) != len(op2.Args) {
-		return errors.New("operator args length mismatch")
-	}
-
-	for i := range op1.Args {
-		if !reflect.DeepEqual(op1.Args[i], op2.Args[i]) {
-			return fmt.Errorf("operator args: %v != %v", op1.Args[i], op2.Args[i])
-		}
-	}
-
-	if len(op1.Fields) != len(op2.Fields) {
-		return errors.New("operator field length mismatch")
-	}
-
-	for i := range op1.Fields {
-		if !reflect.DeepEqual(op1.Fields[i].Args, op2.Fields[i].Args) {
-			return fmt.Errorf("operator field args: %v != %v", op1.Fields[i].Args, op2.Fields[i].Args)
-		}
-	}
-
-	for i := range op1.Fields {
-		if !reflect.DeepEqual(op1.Fields[i].Children, op2.Fields[i].Children) {
-			return fmt.Errorf("operator field fields: %v != %v", op1.Fields[i].Children, op2.Fields[i].Children)
-		}
-	}
-
-	return nil
-}
-*/
-
 func TestCompile1(t *testing.T) {
 	qc, _ := NewCompiler(Config{})
 	qc.AddRole("user", "product", TRConfig{
--- a/serv/corpus/001.gql
+++ b/serv/corpus/001.gql
@ -0,0 +1,21 @@
+query {
+  products(
+    # returns only 30 items
+    limit: 30,
+
+    # starts from item 10, commented out for now
+    # offset: 10,
+
+    # orders the response items by highest price
+    order_by: { price: desc },
+
+    # no duplicate prices returned
+    distinct: [ price ]
+    
+    # only items with an id >= 30 and < 30 are returned
+    where: { id: { and: { greater_or_equals: 20, lt: 28 } } }) {
+    id
+    name
+    price
+  }
+}
--- a/serv/fuzz.go
+++ b/serv/fuzz.go
@ -0,0 +1,9 @@
+package serv
+
+func Fuzz(data []byte) int {
+	gql := string(data)
+	isMutation(gql)
+	gqlHash(gql, nil, "")
+
+	return 1
+}
--- a/serv/fuzz_test.go
+++ b/serv/fuzz_test.go
@ -0,0 +1,16 @@
+package serv
+
+import "testing"
+
+func TestFuzzCrashers(t *testing.T) {
+	var crashers = []string{
+		"query",
+		"q",
+		"que",
+	}
+
+	for _, f := range crashers {
+		isMutation(f)
+		gqlHash(f, nil, "")
+	}
+}
--- a/serv/utils.go
+++ b/serv/utils.go
@ -32,6 +32,10 @@ func gqlHash(b string, vars []byte, role string) string {

 	var b0, b1 byte

+	if len(b) == 0 {
+		return ""
+	}
+
 	for {
 		if starting && b[e] == 'q' {
 			n := 0
@ -44,6 +48,9 @@ func gqlHash(b string, vars []byte, role string) string {
 				io.WriteString(h, strings.ToLower(b[se:e]))
 			}
 		}
+		if e >= len(b) {
+			break
+		}
 		if ws(b[e]) {
 			for e < len(b) && ws(b[e]) {
 				e++