-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfuzz_test.go
More file actions
51 lines (46 loc) · 1.27 KB
/
fuzz_test.go
File metadata and controls
51 lines (46 loc) · 1.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
package keep_test
import (
"os"
"path/filepath"
"testing"
"github.com/majorcontext/keep"
)
func FuzzValidateRuleBytes(f *testing.F) {
// Seed with valid rule files from testdata.
seedDirs := []string{
"testdata/rules",
"testdata/rules-with-defs",
}
for _, dir := range seedDirs {
entries, err := os.ReadDir(dir)
if err != nil {
continue
}
for _, entry := range entries {
if !entry.Type().IsRegular() {
continue
}
ext := filepath.Ext(entry.Name())
if ext != ".yaml" && ext != ".yml" {
continue
}
data, err := os.ReadFile(filepath.Join(dir, entry.Name()))
if err != nil {
continue
}
f.Add(data)
}
}
// Additional hand-crafted seeds.
f.Add([]byte(""))
f.Add([]byte(nil))
f.Add([]byte("{{{}}}"))
f.Add([]byte("scope: fuzz\nmode: enforce\nrules:\n - name: r\n action: deny\n match:\n operation: \"*\"\n message: \"blocked\"\n"))
f.Add([]byte("scope: fuzz\nrules:\n - name: cel-rule\n match:\n operation: \"foo\"\n when: \"params.x == 1\"\n action: deny\n message: \"no\"\n"))
f.Add([]byte("not yaml \x00\xff"))
f.Fuzz(func(t *testing.T, data []byte) {
// ValidateRuleBytes must never panic, regardless of input.
// Errors are expected and acceptable.
_ = keep.ValidateRuleBytes(data)
})
}