Improve fuzz targets (#318)

* Stop not dealing with newlines for most fuzzing

Update most fuzz targets so that they now try out arguments containing
newlines. The exceptions to this are the fuzz targets with interpolation
set to true, these still ignore newlines (this is because in this
scenario newlines are not handled well yet, further work required); and
whenever fuzzing with cmd.exe (this is because cmd.exe does not handle
newlines well even when arguments are quoted, further work required) (a
item, "ec246439...", was added to the fuzz corpus for this).

* Align exec fuzz target with exec/execSync recipes

Expand the fuzz target for child_process.exec to include a check for
usage without having a shell specified (both with and without the
interpolation option set). Also, be more methodical about the checks,
following the "design" of the other fuzz targets.

* Fix incorrect argument preparation and expected output

Update the `prepareArg` and `getExpectedOutput` to take more inputs to
better understand how to respond. In particular, the inclusion of the
`shell` value ensures the correct return value is provided when a shell
**is** configured for fuzzing, but the particular fuzz check intents to
test without specifying a shell.

* Stop not dealing with (most) whitespace for most fuzzing interpolation

Update the fuzz checks that set interpolation to true to mostly start
fuzzing with whitespace, except for newline (see first paragraph). This
required some changes to the implementation (fixed in other branches
merged prior to this one). Multiple fuzz targets where added as a result
of this, namely:

- Related to whitespace between arguments
  - "377f0b03272b8e006a7ba3fb993328a87e7914075caae18209c7c8c1be205e14"
  - "38af29e913078ad07fc8d4156c2dfa3942e159bfcebe18e7e562ea3d82fce781"
  - "cb41f974ee87bf382bc82a4e275bea2ffb99d9bb8d502826f5b6d231250e20b7"
- Related to (shell-dependent) special characters after whitespace
  - "74cd192a0b85f46497a85e0b229630c55c306ce8904ca3d7e362c0ad81fa1088"
  - "ec246439c059f17f708aa39f76f88ec8d8eaee7ccca2f07d4c09ef57ae6503d8"
- Related to trimming whitespace at the start and end of the argumens
  - "bb9310963784ca202fd80f96f12a3cd13ee11f96a226d7cff5a921902a6b6324"
  - "f5520c691959b1105525b46c01e6055916ea029f439a5ccefd17b03742adef64"

Author: ericcornelissen

test/fuzz/_common.cjs

@@ -11,75 +11,102 @@ require("dotenv").config();
 const constants = require("../_constants.cjs");
 
 const ECHO_SCRIPT = constants.echoScript;
-const WHITESPACE_REGEX = /\s|\u0085/gu;
-
-function getExpectedOutput(arg) {
-  return (
-    arg
-      .replace(/[\n\r]+/g, "") // Avoid dealing with newlines
-      .replace(/\u{0}/gu, "") + // Remove null characters
-    "\n" // Append a newline, like the echo script
-  );
+
+function isWindows() {
+  return os.platform() === "win32";
+}
+
+function isShellCmd(shell) {
+  return (isWindows() && shell === undefined) || /cmd\.exe$/.test(shell);
+}
+
+function isShellPowerShell(shell) {
+  return /powershell\.exe$/.test(shell);
+}
+
+function getExpectedOutput({ arg, shell }, normalizeWhitespace) {
+  if (isShellCmd(shell)) {
+    arg = arg.replace(/[\n\r]+/g, ""); // Remove newline characters, like prep
+  }
+
+  arg = arg.replace(/\u{0}/gu, ""); // Remove null characters, like Shescape
+
+  if (normalizeWhitespace) {
+    // The characters to normalize depend on the shell
+    // Trim the string like any shell would
+    if (isShellPowerShell(shell)) {
+      arg = arg.replace(/^[\s\u0085]+|[\s\u0085]+$/g, "");
+    } else {
+      arg = arg.replace(/^[ \t]+|[ \t]+$/g, "");
+    }
+
+    // Convert spacing between arguments to a single space, like the shell would
+    if (isShellPowerShell(shell)) {
+      arg = arg.replace(/(\s|\u0085)+/g, " ");
+    } else {
+      arg = arg.replace(/[ \t]+/g, " ");
+    }
+  }
+
+  arg = `${arg}\n`; // Append a newline, like the echo script
+  return arg;
 }
 
 function getFuzzShell() {
   return process.env.FUZZ_SHELL;
 }
 
-function prepareArg(arg, quoted, disableExtraWindowsPreparations) {
-  WHITESPACE_REGEX.lastIndex = 0;
-
-  const shell = getFuzzShell();
-  const isWindows = () => os.platform() === "win32";
-  const isShellCmd = () => shell === undefined || /cmd\.exe$/.test(shell);
-  const isShellPowerShell = () => /powershell\.exe$/.test(shell);
+function prepareArg({ arg, quoted, shell }, disableExtraWindowsPreparations) {
+  if (isShellCmd(shell)) {
+    // In CMD ignores everything after a newline (\n) character. This alteration
+    // is required even when `disableExtraWindowsPreparations` is true.
+    arg = arg.replace(/[\n\r]+/g, "");
+  }
 
-  let result = arg.replace(/[\n\r]+/g, ""); // Avoid dealing with newlines
   if (isWindows() && !disableExtraWindowsPreparations) {
     // Node on Windows ...
-    if (isShellCmd()) {
+    if (isShellCmd(shell)) {
       // ... in CMD, depending on if the argument is quotes ...
       if (quoted) {
         // ... interprets arguments with `\"` as `"` (even if there's a
         // null character between `\` and `"`) so we escape the `\`.
-        result = result.replace(/((\\\u{0}*)+)(?=\u{0}*("|$))/gu, "$1$1");
+        arg = arg.replace(/((\\\u{0}*)+)(?=\u{0}*("|$))/gu, "$1$1");
       } else {
         // ... interprets arguments with `\"` as `"` so we escape the `\` ...
-        result = result.replace(/((\\\u{0}*)+)(?=\u{0}*")/gu, "$1$1");
+        arg = arg.replace(/((\\\u{0}*)+)(?=\u{0}*")/gu, "$1$1");
 
         // ... interprets arguments with `"` as `` so we escape it with `\`.
-        result = result.replace(/"/g, `\\"`);
+        arg = arg.replace(/"/g, `\\"`);
       }
-    } else if (isShellPowerShell()) {
+    } else if (isShellPowerShell(shell)) {
       // ... in PowerShell, depending on if there's whitespace in the
       // argument ...
-      if (WHITESPACE_REGEX.test(result)) {
+      if (/\s|\u0085/g.test(arg) && quoted) {
         // ... interprets arguments with `""` as nothing so we escape it with
         // extra double quotes as `""""` ...
-        result = result.replace(/"/g, `""`);
+        arg = arg.replace(/"/g, `""`);
 
         // ... and interprets arguments with `\"` as `"` (even if there's a null
         // character between `\` and `"`) so we escape the `\`.
-        result = result.replace(/((\\\u{0}*)+)(?=\u{0}*("|$))/gu, "$1$1");
+        arg = arg.replace(/((\\\u{0}*)+)(?=\u{0}*("|$))/gu, "$1$1");
       } else {
         // ... interprets arguments with `\"` as `"` (even if there's a null
         // character between `\` and `"`) so we escape the `\`, except that the
         // quote closing the argument cannot be escaped ...
-        result = result.replace(/((\\\u{0}*)+)(?=\u{0}*("))/gu, "$1$1");
+        arg = arg.replace(/((\\\u{0}*)+)(?=\u{0}*("))/gu, "$1$1");
 
         // ... and interprets arguments with `""` as nothing so we escape it
         // with `\"`.
-        result = result.replace(/"/g, `\\"`);
+        arg = arg.replace(/"/g, `\\"`);
       }
     }
   }
 
-  return result;
+  return arg;
 }
 
 module.exports = {
   ECHO_SCRIPT,
-  WHITESPACE_REGEX,
   getExpectedOutput,
   getFuzzShell,
   prepareArg,

test/fuzz/corpus/377f0b03272b8e006a7ba3fb993328a87e7914075caae18209c7c8c1be205e14

@@ -0,0 +1 @@
+��n'Y.	 �0�

test/fuzz/corpus/38af29e913078ad07fc8d4156c2dfa3942e159bfcebe18e7e562ea3d82fce781

@@ -0,0 +1 @@
+#��(�
"�1Ww�

test/fuzz/corpus/74cd192a0b85f46497a85e0b229630c55c306ce8904ca3d7e362c0ad81fa1088

@@ -0,0 +1 @@
+��n'Y.	�0�

test/fuzz/corpus/bb9310963784ca202fd80f96f12a3cd13ee11f96a226d7cff5a921902a6b6324

@@ -0,0 +1 @@
+#����"
3Ww��

test/fuzz/corpus/cb41f974ee87bf382bc82a4e275bea2ffb99d9bb8d502826f5b6d231250e20b7

@@ -0,0 +1 @@
+��K����l����

test/fuzz/corpus/ec246439c059f17f708aa39f76f88ec8d8eaee7ccca2f07d4c09ef57ae6503d8

@@ -11,43 +11,84 @@ const common = require("./_common.cjs");
 
 const shescape = require("../../index.cjs");
 
-function checkEscapesCorrectly(arg, options) {
-  arg = arg.replace(common.WHITESPACE_REGEX, "");
+function checkWithoutShell(arg) {
+  const argInfo = { arg, shell: undefined, quoted: true };
 
-  const preparedArg = common.prepareArg(arg, false);
+  const preparedArg = common.prepareArg(argInfo);
+  const quotedArg = shescape.quote(preparedArg);
+
+  const stdout = execSync(`node ${common.ECHO_SCRIPT} ${quotedArg}`);
+
+  const result = stdout.toString();
+  const expected = common.getExpectedOutput(argInfo);
+  assert.strictEqual(result, expected);
+}
+
+function checkWithShell(arg) {
+  const shell = common.getFuzzShell() || true;
+  const argInfo = { arg, shell, quoted: true };
+  const execOptions = { shell };
+
+  const preparedArg = common.prepareArg(argInfo);
+  const quotedArg = shescape.quote(preparedArg, execOptions);
+
+  const stdout = execSync(
+    `node ${common.ECHO_SCRIPT} ${quotedArg}`,
+    execOptions
+  );
+
+  const result = stdout.toString();
+  const expected = common.getExpectedOutput(argInfo);
+  assert.strictEqual(result, expected);
+}
+
+function checkWithoutShellUsingInterpolation(arg) {
+  arg = arg.replace(/[\n\r]+/g, "");
+
+  const argInfo = { arg, shell: undefined, quoted: false };
+
+  const preparedArg = common.prepareArg(argInfo);
   const escapedArg = shescape.escape(preparedArg, {
-    ...options,
     interpolation: true,
   });
 
-  const stdout = execSync(`node ${common.ECHO_SCRIPT} ${escapedArg}`, options);
+  const stdout = execSync(`node ${common.ECHO_SCRIPT} ${escapedArg}`);
 
   const result = stdout.toString();
-  const expected = common.getExpectedOutput(arg);
+  const expected = common.getExpectedOutput(argInfo, true);
   assert.strictEqual(result, expected);
 }
 
-function checkQuotesAndEscapesCorrectly(arg, options) {
-  const preparedArg = common.prepareArg(arg, true);
-  const quotedArg = shescape.quote(preparedArg, {
-    ...options,
+function checkWithShellUsingInterpolation(arg) {
+  arg = arg.replace(/[\n\r]+/g, "");
+
+  const shell = common.getFuzzShell() || true;
+  const argInfo = { arg, shell, quoted: false };
+  const execOptions = { shell };
+
+  const preparedArg = common.prepareArg(argInfo);
+  const escapedArg = shescape.escape(preparedArg, {
+    ...execOptions,
+    interpolation: true,
   });
 
-  const stdout = execSync(`node ${common.ECHO_SCRIPT} ${quotedArg}`, options);
+  const stdout = execSync(
+    `node ${common.ECHO_SCRIPT} ${escapedArg}`,
+    execOptions
+  );
 
   const result = stdout.toString();
-  const expected = common.getExpectedOutput(arg);
+  const expected = common.getExpectedOutput(argInfo, true);
   assert.strictEqual(result, expected);
 }
 
 function fuzz(buf) {
   const arg = buf.toString();
-  const options = {
-    shell: common.getFuzzShell(),
-  };
 
-  checkEscapesCorrectly(arg, options);
-  checkQuotesAndEscapesCorrectly(arg, options);
+  checkWithoutShell(arg);
+  checkWithShell(arg);
+  checkWithoutShellUsingInterpolation(arg);
+  checkWithShellUsingInterpolation(arg);
 }
 
 module.exports = {

test/fuzz/corpus/f5520c691959b1105525b46c01e6055916ea029f439a5ccefd17b03742adef64

@@ -12,24 +12,26 @@ const common = require("./_common.cjs");
 const shescape = require("../../index.cjs");
 
 function checkWithoutShell(arg) {
-  const preparedArg = common.prepareArg(arg, false, true);
+  const argInfo = { arg, shell: undefined, quoted: false };
+
+  const preparedArg = common.prepareArg(argInfo, true);
 
   const stdout = execFileSync(
     "node",
     shescape.escapeAll([common.ECHO_SCRIPT, preparedArg])
   );
 
   const result = stdout.toString();
-  const expected = common.getExpectedOutput(arg);
+  const expected = common.getExpectedOutput(argInfo);
   assert.strictEqual(result, expected);
 }
 
 function checkWithShell(arg) {
-  const spawnOptions = {
-    shell: common.getFuzzShell() || true,
-  };
+  const shell = common.getFuzzShell() || true;
+  const argInfo = { arg, shell, quoted: true };
+  const spawnOptions = { shell };
 
-  const preparedArg = common.prepareArg(arg, true, true);
+  const preparedArg = common.prepareArg(argInfo, true);
 
   const stdout = execFileSync(
     "node",
@@ -38,7 +40,7 @@ function checkWithShell(arg) {
   );
 
   const result = stdout.toString();
-  const expected = common.getExpectedOutput(arg);
+  const expected = common.getExpectedOutput(argInfo);
   assert.strictEqual(result, expected);
 }