Skip to content

chore: exclude potentially dangerous tests by default #996

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 28, 2025
Merged

chore: exclude potentially dangerous tests by default #996

merged 1 commit into from
Oct 28, 2025

Conversation

@simonresch
Copy link
Contributor

@simonresch simonresch commented Oct 24, 2025
edited
Loading

All tests that can perform potentially harmful side effects are tagged and excluded by default. The CI still tests all.

Closes #971

@simonresch simonresch force-pushed the tag-tests-with-potential-sideeffects branch from cdea77a to f010e09 Compare October 24, 2025 13:13
@simonresch simonresch marked this pull request as ready for review October 24, 2025 13:27
@simonresch simonresch requested review from Copilot and oetr October 24, 2025 13:27
Copilot AI reviewed Oct 24, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces safety guardrails for potentially dangerous tests by tagging them with "dangerous" and excluding them from local test runs by default. The CI pipeline continues to execute all tests including the dangerous ones.

Key changes:

  • Tagged 11 test targets that exercise vulnerable code (deserialization, OS command injection, SSRF, etc.) with "dangerous"
  • Modified .bazelrc to exclude "dangerous" tests by default locally while ensuring CI runs all tests
  • Added documentation explaining the dangerous test handling and how to run all tests when needed

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File Description
sanitizers/src/test/java/com/example/BUILD.bazel Tagged 9 security-related fuzz tests (deserialization, command injection, SSRF) as "dangerous"
examples/BUILD.bazel Added "dangerous" tag to SpringCloudFunctionRoutingFuzzer test
CONTRIBUTING.md Documented the dangerous test tagging system and how to run all tests locally
.bazelrc Configured default test filters to exclude dangerous tests locally and override in CI

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@simonresch simonresch force-pushed the tag-tests-with-potential-sideeffects branch from f010e09 to d04be6c Compare October 24, 2025 14:09
kyakdan
kyakdan reviewed Oct 27, 2025
View reviewed changes
@simonresch simonresch force-pushed the tag-tests-with-potential-sideeffects branch from d04be6c to f5c97d8 Compare October 27, 2025 15:43
@simonresch simonresch requested a review from kyakdan October 27, 2025 15:43
@simonresch
chore: exclude potentially dangerous tests by default
a34193f 
All tests that can perform potentially harmful side effects are tagged
and excluded by default. The CI still tests all.

Closes #971
@simonresch simonresch force-pushed the tag-tests-with-potential-sideeffects branch from f5c97d8 to a34193f Compare October 28, 2025 07:38
@kyakdan kyakdan merged commit da56919 into main Oct 28, 2025
9 checks passed
@kyakdan kyakdan deleted the tag-tests-with-potential-sideeffects branch October 28, 2025 09:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@kyakdan kyakdan kyakdan approved these changes

@oetr oetr Awaiting requested review from oetr

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Make Jazzer tests safer / make dangerous tests opt-in

3 participants

@simonresch @kyakdan