Skip to content

Improve fuzz targets #318

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ericcornelissen merged 14 commits into from
Jul 6, 2022
Merged

Improve fuzz targets #318

ericcornelissen merged 14 commits into from
Jul 6, 2022

Conversation

@ericcornelissen
Copy link
Owner

@ericcornelissen ericcornelissen commented Jul 3, 2022

No description provided.

@ericcornelissen
Stop not dealing with newlines when fuzzing
b9e55d6 
Update the fuzzing utilities to stop stripping newline characters from
arguments. This expands the fuzzing scope by including all strings that
contain newlines.
@ericcornelissen ericcornelissen added the test Relates to testing label Jul 3, 2022
@ericcornelissen
Don't deal with newlines when fuzzing CMD
92c193c 
Avoid dealing with newline characters when fuzzing cmd.exe. It appears
that, when used programatically, everything after newline characters is
ignored when invoking a command with cmd.exe. For that reason, the fuzz
targets will continue not dealing with newlines, but only for cmd.exe.

Also add a new seed to the fuzz corpus, one that contains the `\r`
(carriage return) character, that is relevant to the cmd.exe behaviour.
@ericcornelissen
Ignore newlines for CMD regardless of disableExtraWindowsPreparations
4df82f4
@ericcornelissen
Merge branch 'main' into test/improve-fuzzing
b882e91
@ericcornelissen
Align exec fuzz checks with recipes
1a7d65c 
Expand the fuzz target for child_process.exec to include a check for
usage without having a shell specified (both with and without the
interpolation option set). Also, be more methodical about the checks,
following the "design" of the other fuzz targets.
@ericcornelissen
Update fuzz/_common.cjs utilities to take shell as input
4ee5637 
This enables it to be used both with and without a shell specified from
fuzz targets. The existing approach, where _common.cjs looks up the fuzz
shell itself, didn't always work because getting a prepared argument as
well as the expected output may depend on the shell being used. In the
event where the fuzz target wanted to test without specifying a shell,
but a shell was specified for fuzzing, this would go wrong.

The API for getting the prepared arg and the expected output has been
updated to improve readability, making more of it's arguments named by
using a paramater object as first argument.

All fuzz targets have been updated accordingly.
@ericcornelissen ericcornelissen mentioned this pull request Jul 5, 2022
Closed
@ericcornelissen
Start fuzzing whitespace with interpolation:true
316108d 
Update the exec.test.cjs fuzz target to not strip out all whitespace and
instead let whitespace be in scope for fuzzing. This required some
changes to the prep and expected arg logic to accomodate the ways in
which CMD and PowerShell work with whitespace between arguments.

The additions to the fuzz corpus all relate to the way whitespace is
handled by CMD and PowerShell - they're for calibrating the fuzzing.

Unix shells were not tested as part of this commit.
@ericcornelissen ericcornelissen mentioned this pull request Jul 5, 2022
Merged
ericcornelissen
ericcornelissen commented Jul 5, 2022
View reviewed changes
@ericcornelissen
Don't deal with newlines with {interpolation:true} (yet)
d040dc8 
Newlines when not quoting the argument whatsoever is difficult to deal
with. So for now, when fuzzing  with `{interpolation:true}` don't bother
with newlines.

Note that for cmd.exe it's currently necessary to always ignore newlines
because they also cause issues when the argument is quoted.
@ericcornelissen
Update normalizeWhitespace for expected output
d0c7e40 
Change the implementation of normalizing whitespace for
`getExpectedOutput` to replace only space (` `) and tab (`\t`) for a
space on most shells, and all whitespace only for PowerShell. This is
because the (tested) shells on Unix (seem to) behave the same as CMD.
@ericcornelissen
Trim expected output rather than initial argument
5e65097 
Update the fuzzing with interpolation option implementation to maintain
any leading and trailing whitespace in the argument being tested and
just verify, through the `getExpectedOutput`, it's trimmed.

This also nicely avoids the need for a custom trim function as any null
chars are taken care of prior to trimming.
@ericcornelissen
Simplify prepareArg
325ef86 
Omit the useless assignment to `result` and put space between the if
statements for readability.
This was referenced Jul 5, 2022
Closed
Merged
@ericcornelissen ericcornelissen marked this pull request as ready for review July 6, 2022 07:24
@ericcornelissen ericcornelissen merged commit 7a4fa93 into main Jul 6, 2022
@ericcornelissen ericcornelissen deleted the test/improve-fuzzing branch July 6, 2022 08:38
@ericcornelissen ericcornelissen added fuzz Relates to fuzzing and removed test Relates to testing labels Jul 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

fuzz Relates to fuzzing

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ericcornelissen