This folder contains code for fuzzing, property-based testing, and differential testing of Cedar.
See the README in the toplevel directory .. for instructions on how to run.
The table below lists all available fuzz targets, including which component of the code they test and whether they perform differential testing of the Rust code against the Lean spec (DRT) or property-based testing of the Rust code (PBT). The latter properties are subdivided in the table as round trip properties and general properties.
| Name | Component(s) tested | Type | Description |
|---|---|---|---|
abac-type-directed |
Authorizer | DRT | Diff test authorizer on ABAC policies using (mostly) well-typed inputs |
abac |
Authorizer | DRT | Diff test authorizer on ABAC policies |
eval-type-directed |
Evaluator | DRT | Diff test evaluator on (mostly) well-typed expressions |
rbac-authorizer |
Authorizer | DRT | Test for correct authorization responses over a set of simple policies |
rbac |
Authorizer | DRT | Diff test authorizer on sets of RBAC policies, including template instantiations |
validation-drt-type-directed |
Validator | DRT | Diff test validation using (mostly) well-typed inputs |
validation-drt |
Validator | DRT | Diff test validation |
entity-validation |
Entity Validator | DRT | Diff test entity validation |
request-validation |
Request Validator | DRT | Diff test request validation |
formatter |
Policy formatter, Pretty printer, Parser | PBT | Test round trip property: parse ∘ format ∘ pretty-print == id for ASTs |
formatter-bytes |
Policy formatter, Parser | PBT | The same as formatter, but we start with an arbitrary string instead of pretty-printing a policy AST |
json-schema-roundtrip |
Schema parser | PBT | Test round trip property: parse ∘ pretty-print ∘ parse-json ∘ print-json == id for schemas |
roundtrip |
Pretty printer, Parser, Conversion to JSON | PBT | Test round trip property: parse ∘ pretty-print == deserialize ∘ serialize == id for ASTs |
schema-roundtrip |
Schema parser | PBT | Test round trip property: parse ∘ pretty-print == id for schemas |
convert-schema-json-to-human |
Schema parser | PBT | Test we can convert all human schemas to equivalent JSON. parse == parse-json ∘ print-json ∘ parse |
convert-schema-human-to-json |
Schema parser | PBT | Test we can convert all JSON schemas to an equivalent human format schema. parse-json == parse ∘ pretty-print ∘ parse-json |
convert-policy-cedar-to-json |
Parser, Conversion to JSON | PBT | Test we can convert all policies to an equivalent EST. parse-ast ∘ parse-cst == deserialize ∘ serialize ∘ parse-cst |
convert-policy-json-to-cedar |
Parser, JSON Parser | PBT | Test we can convert all EST to an equivalent policy in the human-readable cedar syntax. deserialize == parse-ast ∘ pretty-print ∘ deserialize |
roundtrip-entities |
Entity parser | PBT | Test round trip property for entity data. parse-entity-json ∘ serialize-entity == id for entities |
roundtrip-entities-bytes |
Entity parser | PBT | Test the same round trip property for entity data, starting from an arbitrary string instead of generating the entities data structure |
partial-eval |
Partial evaluator | PBT | Test that residual policies with unknowns substituted are equivalent to original policies with unknowns replaced |
simple-parser |
Parser | PBT | Test that parsing doesn't crash with random input strings |
validation-pbt |
Validator | PBT | Test that validated policies do not result in type errors |
validation-pbt-type-directed |
Validator | PBT | Test that validated policies do not result in type errors using (mostly) well-typed inputs |
entity-manifest-drt-type-directed |
Entity Slicing | DRT | Test that entity slicing produces the same authorization response as without it. |
wildcard-matching |
String matching algorithm used for the like operator |
PBT | Test algorithm against a regex-based implementation |
If the fuzz targets are compiled with the log features, then they will log their entire corpus to the file pointed at in the LOGFILE environment variable.
The sampling rate can be controlled by the RATE environment variable, which defaults to 100% if not set.
When using the abac or abac-type-directed targets, you can set DUMP_TEST_DIR and DUMP_TEST_NAME to have the fuzzer write out inputs in the format used by our integration tests.
The create_corpus.sh script will run the fuzzer for a set amount of time and then write the (minimized) corpus inputs into a folder using the integration test format.
You can adjust the script's behavior using the following environment variables:
FUZZ_TARGET:abacorabac-type-directed(default =abac)TIMEOUT: how long to run (default = 15m)JOBS: number of jobs (default = 4)DUMP_DIR: where to write the results (default =./corpus_tests)
If you run into weird build issues,
- Make sure you have run
source set_env_vars.sh, which sets all the environment variables needed to run the Lean definitional code. - Make sure you have built the Lean library with
( cd ../cedar-lean && ../cedar-drt/build_lean_lib.sh ). See the cedar-lean README if this command doesn't work. - Try a
cargo cleanand rebuild. - If the steps above don't help, then file an issue.
If everything builds, but the integration tests are failing, then it may be helpful to set RUST_BACKTRACE=1 and run cargo test -- --nocapture to print additional test information.
The integration tests are run by default in CI (e.g., as a part of each pull request), but you can also run them locally.
In order to do this, you need to have the cedar and cedar-integration-tests repositories cloned locally.
cedar should be in the toplevel directory (so ../cedar) and cedar-integration-tests should be in the cedar directory (so ../cedar/cedar-integration-tests).
Then, run cargo test --features "integration-testing".
# starting in the top-level directory (..)
git clone --depth 1 https://github.com/cedar-policy/cedar
cd cedar
rm -rf cedar-integration-tests
git clone --depth 1 https://github.com/cedar-policy/cedar-integration-tests
cd cedar-integration-tests
tar xzf corpus-tests.tar.gz
cd ../../cedar-drt
cargo test --features "integration-testing"