From 2f8c2d33d079867d26b1651d901e7794f21b3eba Mon Sep 17 00:00:00 2001 From: John Kastner <130772734+john-h-kastner-aws@users.noreply.github.com> Date: Wed, 6 Dec 2023 16:56:09 -0500 Subject: [PATCH] Check for internal invariant violations in simple parser target (#165) --- cedar-drt/fuzz/fuzz_targets/simple-parser.rs | 21 +++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/cedar-drt/fuzz/fuzz_targets/simple-parser.rs b/cedar-drt/fuzz/fuzz_targets/simple-parser.rs index aaf95b943..96694f8a6 100644 --- a/cedar-drt/fuzz/fuzz_targets/simple-parser.rs +++ b/cedar-drt/fuzz/fuzz_targets/simple-parser.rs @@ -17,6 +17,7 @@ #![no_main] use cedar_drt_inner::fuzz_target; +use cedar_policy_core::parser::err::{ParseError, ToASTError}; use cedar_policy_core::parser::parse_policyset; fuzz_target!(|input: String| { @@ -24,6 +25,24 @@ fuzz_target!(|input: String| { #[allow(clippy::single_match)] match parse_policyset(&input) { Ok(_) => (), - Err(_) => (), + Err(errs) => { + // Also check that we don't see a few specific errors. + // `AnnotationInvariantViolation` and `MembershipInvariantViolation` + // are documented as only being returned for internal invariant violations. It's not + // entirely clear when `MissingNodeData` might be returned, but I don't believe it + // should be possible, and, practically, it doesn't make this target fail. + assert!( + !errs.0.iter().any(|e| matches!( + e, + ParseError::ToAST( + ToASTError::AnnotationInvariantViolation + | ToASTError::MembershipInvariantViolation + | ToASTError::MissingNodeData + ) + )), + "{:?}", + errs + ) + } }; });