From 2b29b4eef4e4fbad296c3c96b974396b133ddc32 Mon Sep 17 00:00:00 2001 From: Alon Ohana <82659761+alonohana627@users.noreply.github.com> Date: Wed, 10 Jul 2024 11:11:23 +0300 Subject: [PATCH] Adjusted fuzzing to Go 1.18 native fuzzing (#157) --- fuzz.go | 18 ------------------ fuzz_test.go | 22 ++++++++++++++++++++++ 2 files changed, 22 insertions(+), 18 deletions(-) delete mode 100644 fuzz.go create mode 100644 fuzz_test.go diff --git a/fuzz.go b/fuzz.go deleted file mode 100644 index e87831c..0000000 --- a/fuzz.go +++ /dev/null @@ -1,18 +0,0 @@ -//go:build gofuzz - -// To run the fuzzer, run the following commands: -// $ GO111MODULE=off go get -u github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-build -// $ cd $GOPATH/src/github.com/cristalhq/jwt/ -// $ go-fuzz-build -// $ go-fuzz -// Note: go-fuzz doesn't support go modules, so you must have your local -// installation of jwt under $GOPATH. - -package jwt - -func Fuzz(data []byte) int { - if _, err := ParseNoVerify(data); err != nil { - return 0 - } - return 1 -} diff --git a/fuzz_test.go b/fuzz_test.go new file mode 100644 index 0000000..ba93b67 --- /dev/null +++ b/fuzz_test.go @@ -0,0 +1,22 @@ +package jwt + +import ( + "testing" +) + +// How to run: `go test -fuzz=FuzzParseNoVerify -parallel=32` +func FuzzParseNoVerify(f *testing.F) { + f.Add([]byte("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1MDUxODI5Mzg2ODc2NTc3MTIzIiwibmFtZSI6IjdNZUNSbG9xSXAiLCJpYXQiOjE3MjA1NTM4NDV9.QW7kzr70jrbZpPV4")) + f.Add([]byte("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c")) + f.Add([]byte("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.invalid_signature")) + f.Add([]byte("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9")) + f.Add([]byte("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.")) + f.Add([]byte("")) + f.Add([]byte("random bytes")) + + f.Fuzz(func(t *testing.T, data []byte) { + if _, err := ParseNoVerify(data); err != nil { + t.Skip() + } + }) +}