fix: issues caught by fuzzer

2020-05-31 14:11:28 -07:00
parent 6102f1d66e
commit e82e97a9d7
10 changed files with 197 additions and 91 deletions
--- a/core/init.go
+++ b/core/init.go
@ -74,7 +74,7 @@ func (sg *SuperGraph) initConfig() error {
 	}

 	if c.RolesQuery == "" {
-		sg.log.Printf("WRN roles_query not defined: attribute based access control disabled")
+		sg.log.Printf("INF roles_query not defined: attribute based access control disabled")
 	}

 	_, userExists := sg.roles["user"]
--- a/core/internal/psql/fuzz.go
+++ b/core/internal/psql/fuzz.go
@ -11,7 +11,7 @@ import (
 var (
 	qcompileTest, _ = qcode.NewCompiler(qcode.Config{})

-	schema = GetTestSchema()
+	schema, _ = GetTestSchema()

 	vars = map[string]string{
 		"admin_account_id": "5",
@ -25,6 +25,37 @@ var (

 // FuzzerEntrypoint for Fuzzbuzz
 func Fuzz(data []byte) int {
+	err1 := query(data)
+	err2 := insert(data)
+	err3 := update(data)
+	err4 := delete(data)
+
+	if err1 != nil || err2 != nil || err3 != nil || err4 != nil {
+		return 0
+	}
+
+	return 1
+}
+
+func query(data []byte) error {
+	gql := data
+
+	qc, err1 := qcompileTest.Compile(gql, "user")
+
+	vars := map[string]json.RawMessage{
+		"data": json.RawMessage(data),
+	}
+
+	_, _, err2 := pcompileTest.CompileEx(qc, vars)
+
+	if err1 != nil {
+		return err1
+	} else {
+		return err2
+	}
+}
+
+func insert(data []byte) error {
 	gql := `mutation {
 		product(insert: $data) {
 			id
@ -47,9 +78,57 @@ func Fuzz(data []byte) int {
 	}

 	_, _, err = pcompileTest.CompileEx(qc, vars)
+	return err
+}
+
+func update(data []byte) error {
+	gql := `mutation {
+		product(insert: $data) {
+			id
+			name
+			user {
+				id
+				full_name
+				email
+			}
+		}
+	}`
+
+	qc, err := qcompileTest.Compile([]byte(gql), "user")
 	if err != nil {
-		return 0
+		panic("qcompile can't fail")
 	}

-	return 1
+	vars := map[string]json.RawMessage{
+		"data": json.RawMessage(data),
+	}
+
+	_, _, err = pcompileTest.CompileEx(qc, vars)
+	return err
+}
+
+func delete(data []byte) error {
+	gql := `mutation {
+		product(insert: $data) {
+			id
+			name
+			user {
+				id
+				full_name
+				email
+			}
+		}
+	}`
+
+	qc, err := qcompileTest.Compile([]byte(gql), "user")
+	if err != nil {
+		panic("qcompile can't fail")
+	}
+
+	vars := map[string]json.RawMessage{
+		"data": json.RawMessage(data),
+	}
+
+	_, _, err = pcompileTest.CompileEx(qc, vars)
+	return err
 }
--- a/core/internal/psql/fuzz_test.go
+++ b/core/internal/psql/fuzz_test.go
@ -0,0 +1,20 @@
+// +build gofuzz
+
+package psql
+
+import (
+	"testing"
+)
+
+var ret int
+
+func TestFuzzCrashers(t *testing.T) {
+	var crashers = []string{
+		"{\"connect\":{}}",
+		"q(q{q{q{q{q{q{q{q{",
+	}
+
+	for _, f := range crashers {
+		ret = Fuzz([]byte(f))
+	}
+}
--- a/core/internal/psql/mutate.go
+++ b/core/internal/psql/mutate.go
@ -542,6 +542,10 @@ func (c *compilerContext) renderConnectStmt(qc *qcode.QCode, w io.Writer,

 	rel := item.relPC

+	if rel == nil {
+		return errors.New("invalid connect value")
+	}
+
 	// Render only for parent-to-child relationship of one-to-one
 	// For this to work the child needs to found first so it's primary key
 	// can be set in the related column on the parent object.
--- a/core/internal/psql/query.go
+++ b/core/internal/psql/query.go
@ -80,6 +80,10 @@ func (co *Compiler) CompileEx(qc *qcode.QCode, vars Variables) (Metadata, []byte
 }

 func (co *Compiler) Compile(w io.Writer, qc *qcode.QCode, vars Variables) (Metadata, error) {
+	if qc == nil {
+		return Metadata{}, fmt.Errorf("qcode is nil")
+	}
+
 	switch qc.Type {
 	case qcode.QTQuery:
 		return co.compileQuery(w, qc, vars)
@ -1353,8 +1357,6 @@ func squoted(w io.Writer, identifier string) {
 	io.WriteString(w, `'`)
 }

-const charset = "0123456789"
-
 func int32String(w io.Writer, val int32) {
 	io.WriteString(w, strconv.FormatInt(int64(val), 10))
 }
--- a/core/internal/qcode/parse.go
+++ b/core/internal/qcode/parse.go
@ -201,6 +201,7 @@ func (p *Parser) peek(types ...itemType) bool {
 	// if p.items[n]._type == itemEOF {
 	// 	return false
 	// }
+
 	if n >= len(p.items) {
 		return false
 	}
@ -299,7 +300,7 @@ func (p *Parser) parseFields(fields []Field) ([]Field, error) {
 			return nil, fmt.Errorf("too many fields (max %d)", maxFields)
 		}

-		if p.peek(itemObjClose) {
+		if p.peek(itemEOF, itemObjClose) {
 			p.ignore()
 			st.Pop()

@ -385,7 +386,7 @@ func (p *Parser) parseOpParams(args []Arg) ([]Arg, error) {
 			return nil, fmt.Errorf("too many args (max %d)", maxArgs)
 		}

-		if p.peek(itemArgsClose) {
+		if p.peek(itemEOF, itemArgsClose) {
 			p.ignore()
 			break
 		}
@ -403,7 +404,7 @@ func (p *Parser) parseArgs(args []Arg) ([]Arg, error) {
 			return nil, fmt.Errorf("too many args (max %d)", maxArgs)
 		}

-		if p.peek(itemArgsClose) {
+		if p.peek(itemEOF, itemArgsClose) {
 			p.ignore()
 			break
 		}
@ -470,7 +471,7 @@ func (p *Parser) parseObj() (*Node, error) {
 	parent.Reset()

 	for {
-		if p.peek(itemObjClose) {
+		if p.peek(itemEOF, itemObjClose) {
 			p.ignore()
 			break
 		}