Keycloak: Fix fuzzer for removed API call (#460)

Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>
cncf · Nov 2, 2023 · 6141f51 · 6141f51
1 parent dea154f
commit 6141f51
Showing 1 changed file with 16 additions and 13 deletions.
diff --git a/projects/keycloak/ServicesUtilsFuzzer.java b/projects/keycloak/ServicesUtilsFuzzer.java
@@ -28,7 +28,6 @@
 import java.util.regex.Pattern;
 import java.util.regex.PatternSyntaxException;
 import java.util.stream.Stream;
-import org.keycloak.authorization.policy.evaluation.DefaultPolicyEvaluator;
 import org.keycloak.models.GroupModel;
 import org.keycloak.models.OTPPolicy;
 import org.keycloak.models.RealmModel;
@@ -43,10 +42,7 @@
 import org.keycloak.utils.TotpUtils;
 import org.mockito.Mockito;
 
-/**
- * This fuzzer targets the methods in different util
- * classes in the services utils package.
- */
+/** This fuzzer targets the methods in different util classes in the services utils package. */
 public class ServicesUtilsFuzzer {
   private static CertificateFactory cf;
   private static DefaultKeycloakSession session;
@@ -74,8 +70,10 @@ public static void fuzzerTestOneInput(FuzzedDataProvider data) {
           // Create certificate and crl from random data
           X509Certificate[] certs = new X509Certificate[3];
           for (int i = 0; i < 3; i++) {
-            certs[i] = (X509Certificate) cf.generateCertificate(
-                new ByteArrayInputStream(data.consumeBytes(data.remainingBytes() / 2)));
+            certs[i] =
+                (X509Certificate)
+                    cf.generateCertificate(
+                        new ByteArrayInputStream(data.consumeBytes(data.remainingBytes() / 2)));
           }
           X509CRL crl =
               (X509CRL) cf.generateCRL(new ByteArrayInputStream(data.consumeRemainingAsBytes()));
@@ -94,7 +92,8 @@ public static void fuzzerTestOneInput(FuzzedDataProvider data) {
           Mockito.when(group.getSubGroupsStream()).thenReturn(builder.build());
 
           Map<String, List<String>> attributeMap = new HashMap<String, List<String>>();
-          attributeMap.put(data.consumeString(data.remainingBytes() / 2),
+          attributeMap.put(
+              data.consumeString(data.remainingBytes() / 2),
               List.of(data.consumeString(data.remainingBytes() / 2)));
           Mockito.when(group.getAttributes()).thenReturn(attributeMap);
 
@@ -119,25 +118,29 @@ public static void fuzzerTestOneInput(FuzzedDataProvider data) {
           set.add(data.consumeString(data.remainingBytes() / 2));
           Mockito.when(groupPermissions.getGroupsWithViewPermission()).thenReturn(set);
 
+          // Create and mock RealmModel instance with default policy and random data
+          RealmModel realm = Mockito.mock(RealmModel.class);
+
           // Retrieve random boolean data
-          Boolean exact = data.consumeBoolean();
           Boolean full = data.consumeBoolean();
 
           // Call target method
           try {
-            GroupUtils.toGroupHierarchy(
-                groupPermissions, group, data.consumeRemainingAsString(), exact, full);
+            GroupUtils.populateGroupHierarchyFromSubGroups(
+                session, realm, Stream.of(group), full, groupPermissions);
           } catch (NullPointerException e) {
             // Handle the case when the execution environment don't have any profile instance
-            if (!e.toString().contains(
+            if (!e.toString()
+                .contains(
                     "the return value of \"org.keycloak.common.Profile.getInstance()\" is null")) {
               throw e;
             }
           }
           break;
         case 3:
           // Call target method
-          RegexUtils.valueMatchesRegex(Pattern.quote(data.consumeString(data.remainingBytes() / 2)),
+          RegexUtils.valueMatchesRegex(
+              Pattern.quote(data.consumeString(data.remainingBytes() / 2)),
               data.consumeRemainingAsString());
           break;
         case 4: