Add fuzz tests for session decoding.

roblillack · May 3, 2022 · 158cecb · 158cecb
1 parent 5f23b7c
commit 158cecb
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 0 deletions.
diff --git a/session_fuzz_test.go b/session_fuzz_test.go
@@ -0,0 +1,38 @@
+//go:build go1.18
+// +build go1.18
+
+package mars
+
+//go
+
+import (
+	"fmt"
+	"net/http"
+	"testing"
+)
+
+func makeCookie(args Args) string {
+	session := make(Session)
+	session.SetDefaultExpiration()
+	for k, v := range args {
+		session[k] = fmt.Sprint(v)
+	}
+	return session.Cookie().Value
+}
+
+func FuzzSessionDecoding(f *testing.F) {
+	secretKey = generateRandomSecretKey()
+
+	f.Add(makeCookie(Args{"username": "roblillack"}))
+	f.Add(makeCookie(Args{"username": "roblillack", "lang": "de"}))
+	f.Add(makeCookie(Args{"username": "roblillack", "lang": "de", "orientation": "portrait"}))
+	f.Add(makeCookie(Args{"username": "roblillack", "bw": true}))
+	f.Add(makeCookie(Args{"no": 28963473, "bw": true}))
+
+	f.Fuzz(func(t *testing.T, cookieContent string) {
+		cookie := &http.Cookie{Value: cookieContent}
+		if session := GetSessionFromCookie(cookie); session == nil {
+			t.Fail()
+		}
+	})
+}
diff --git a/sign_fuzz_test.go b/sign_fuzz_test.go
@@ -0,0 +1,16 @@
+//go:build go1.18
+// +build go1.18
+
+package mars
+
+import (
+	"testing"
+)
+
+func FuzzSignatureVerification(f *testing.F) {
+	secretKey = generateRandomSecretKey()
+	f.Add("4UcW-3rLvaGGxmA2KUPQgS30MVK7ESKKEPhs4Gir_-E")
+	f.Fuzz(func(t *testing.T, sig string) {
+		Verify("Untouchable", sig)
+	})
+}