fuzz

package module
v1.2.1-0...-ae9e176 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 23, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

README

gofuzz

gofuzz is a library for populating go objects with random values.

GoDoc Travis

This is useful for testing:

  • Do your project's objects really serialize/unserialize correctly in all cases?
  • Is there an incorrectly formatted object that will cause your project to panic?

Import with import "github.com/google/gofuzz"

You can use it on single variables:

f := fuzz.New()
var myInt int
f.Fuzz(&myInt) // myInt gets a random value.

You can use it on maps:

f := fuzz.New().NilChance(0).NumElements(1, 1)
var myMap map[ComplexKeyType]string
f.Fuzz(&myMap) // myMap will have exactly one element.

Customize the chance of getting a nil pointer:

f := fuzz.New().NilChance(.5)
var fancyStruct struct {
  A, B, C, D *string
}
f.Fuzz(&fancyStruct) // About half the pointers should be set.

You can even customize the randomization completely if needed:

type MyEnum string
const (
        A MyEnum = "A"
        B MyEnum = "B"
)
type MyInfo struct {
        Type MyEnum
        AInfo *string
        BInfo *string
}

f := fuzz.New().NilChance(0).Funcs(
        func(e *MyInfo, c fuzz.Continue) {
                switch c.Intn(2) {
                case 0:
                        e.Type = A
                        c.Fuzz(&e.AInfo)
                case 1:
                        e.Type = B
                        c.Fuzz(&e.BInfo)
                }
        },
)

var myObject MyInfo
f.Fuzz(&myObject) // Type will correspond to whether A or B info is set.

See more examples in example_test.go.

You can use this library for easier go-fuzzing. go-fuzz provides the user a byte-slice, which should be converted to different inputs for the tested function. This library can help convert the byte slice. Consider for example a fuzz test for a the function mypackage.MyFunc that takes an int arguments:

// +build gofuzz
package mypackage

import fuzz "github.com/google/gofuzz"

func Fuzz(data []byte) int {
        var i int
        fuzz.NewFromGoFuzz(data).Fuzz(&i)
        MyFunc(i)
        return 0
}

Happy testing!

Documentation

Overview

Package fuzz is a library for populating go objects with random values.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Continue

type Continue struct {

	// For convenience, Continue implements rand.Rand via embedding.
	// Use this for generating any randomness if you want your fuzzing
	// to be repeatable for a given seed.
	*rand.Rand
	// contains filtered or unexported fields
}

Continue can be passed to custom fuzzing functions to allow them to use the correct source of randomness and to continue fuzzing their members.

func (Continue) Fuzz

func (c Continue) Fuzz(obj interface{})

Fuzz continues fuzzing obj. obj must be a pointer or a reflect.Value of a pointer.

func (Continue) FuzzNoCustom

func (c Continue) FuzzNoCustom(obj interface{})

FuzzNoCustom continues fuzzing obj, except that any custom fuzz function for obj's type will not be called and obj will not be tested for fuzz.Interface conformance. This applies only to obj and not other instances of obj's type.

func (Continue) RandBool

func (c Continue) RandBool() (bool, error)

RandBool returns true or false randomly.

func (Continue) RandString

func (c Continue) RandString() (string, error)

RandString makes a random string up to 20 characters long. The returned string may include a variety of (valid) UTF-8 encodings.

func (Continue) RandUint64

func (c Continue) RandUint64() (uint64, error)

RandUint64 makes random 64 bit numbers. Weirdly, rand doesn't have a function that gives you 64 random bits.

type Fuzzer

type Fuzzer struct {
	// contains filtered or unexported fields
}

Fuzzer knows how to fill any object with random fields.

func New

func New() *Fuzzer

New returns a new Fuzzer. Customize your Fuzzer further by calling Funcs, RandSource, NilChance, or NumElements in any order.

func NewFromGoFuzz

func NewFromGoFuzz(data []byte) *Fuzzer

NewFromGoFuzz is a helper function that enables using gofuzz (this project) with go-fuzz (https://github.com/dvyukov/go-fuzz) for continuous fuzzing. Essentially, it enables translating the fuzzing bytes from go-fuzz to any Go object using this library.

This implementation promises a constant translation from a given slice of bytes to the fuzzed objects. This promise will remain over future versions of Go and of this library.

Note: the returned Fuzzer should not be shared between multiple goroutines, as its deterministic output will no longer be available.

Example: use go-fuzz to test the function `MyFunc(int)` in the package `mypackage`. Add the file: "mypacakge_fuzz.go" with the content:

// +build gofuzz package mypacakge import fuzz "github.com/google/gofuzz"

func Fuzz(data []byte) int {
	var i int
	fuzz.NewFromGoFuzz(data).Fuzz(&i)
	MyFunc(i)
	return 0
}

func NewWithSeed

func NewWithSeed(seed int64) *Fuzzer

func (*Fuzzer) Funcs

func (f *Fuzzer) Funcs(fuzzFuncs ...interface{}) *Fuzzer

Funcs adds each entry in fuzzFuncs as a custom fuzzing function.

Each entry in fuzzFuncs must be a function taking two parameters. The first parameter must be a pointer or map. It is the variable that function will fill with random data. The second parameter must be a fuzz.Continue, which will provide a source of randomness and a way to automatically continue fuzzing smaller pieces of the first parameter.

These functions are called sensibly, e.g., if you wanted custom string fuzzing, the function `func(s *string, c fuzz.Continue)` would get called and passed the address of strings. Maps and pointers will always be made/new'd for you, ignoring the NilChange option. For slices, it doesn't make much sense to pre-create them--Fuzzer doesn't know how long you want your slice--so take a pointer to a slice, and make it yourself. (If you don't want your map/pointer type pre-made, take a pointer to it, and make it yourself.) See the examples for a range of custom functions.

func (*Fuzzer) Fuzz

func (f *Fuzzer) Fuzz(obj interface{})

Fuzz recursively fills all of obj's fields with something random. First this tries to find a custom fuzz function (see Funcs). If there is no custom function this tests whether the object implements fuzz.Interface and, if so, calls Fuzz on it to fuzz itself. If that fails, this will see if there is a default fuzz function provided by this package. If all of that fails, this will generate random values for all primitive fields and then recurse for all non-primitives.

This is safe for cyclic or tree-like structs, up to a limit. Use the MaxDepth method to adjust how deep you need it to recurse.

obj must be a pointer. Only exported (public) fields can be set (thanks, golang :/ ) Intended for tests, so will panic on bad input or unimplemented fields.

func (*Fuzzer) FuzzNoCustom

func (f *Fuzzer) FuzzNoCustom(obj interface{})

FuzzNoCustom is just like Fuzz, except that any custom fuzz function for obj's type will not be called and obj will not be tested for fuzz.Interface conformance. This applies only to obj and not other instances of obj's type. Not safe for cyclic or tree-like structs! obj must be a pointer. Only exported (public) fields can be set (thanks, golang :/ ) Intended for tests, so will panic on bad input or unimplemented fields.

func (*Fuzzer) MaxDepth

func (f *Fuzzer) MaxDepth(d int) *Fuzzer

MaxDepth sets the maximum number of recursive fuzz calls that will be made before stopping. This includes struct members, pointers, and map and slice elements.

func (*Fuzzer) NilChance

func (f *Fuzzer) NilChance(p float64) *Fuzzer

NilChance sets the probability of creating a nil pointer, map, or slice to 'p'. 'p' should be between 0 (no nils) and 1 (all nils), inclusive.

func (*Fuzzer) NumElements

func (f *Fuzzer) NumElements(atLeast, atMost int) *Fuzzer

NumElements sets the minimum and maximum number of elements that will be added to a non-nil map or slice.

func (*Fuzzer) RandSource

func (f *Fuzzer) RandSource(s rand.Source) *Fuzzer

RandSource causes f to get values from the given source of randomness. Use if you want deterministic fuzzing.

func (*Fuzzer) SkipFieldsWithPattern

func (f *Fuzzer) SkipFieldsWithPattern(pattern *regexp.Regexp) *Fuzzer

Skip fields which match the supplied pattern. Call this multiple times if needed This is useful to skip XXX_ fields generated by protobuf

type Interface

type Interface interface {
	Fuzz(c Continue)
}

Interface represents an object that knows how to fuzz itself. Any time we find a type that implements this interface we will delegate the act of fuzzing itself.

type UnicodeRange

type UnicodeRange struct {
	First, Last rune
}

UnicodeRange describes a sequential range of unicode characters. Last must be numerically greater than First.

func (UnicodeRange) CustomStringFuzzFunc

func (ur UnicodeRange) CustomStringFuzzFunc() func(s *string, c Continue)

CustomStringFuzzFunc constructs a FuzzFunc which produces random strings. Each character is selected from the range ur. If there are no characters in the range (cr.Last < cr.First), this will panic.

type UnicodeRanges

type UnicodeRanges []UnicodeRange

UnicodeRanges describes an arbitrary number of sequential ranges of unicode characters. To be useful, each range must have at least one character (First <= Last) and there must be at least one range.

func (UnicodeRanges) CustomStringFuzzFunc

func (ur UnicodeRanges) CustomStringFuzzFunc() func(s *string, c Continue)

CustomStringFuzzFunc constructs a FuzzFunc which produces random strings. Each character is selected from one of the ranges of ur(UnicodeRanges). Each range has an equal probability of being chosen. If there are no ranges, or a selected range has no characters (.Last < .First), this will panic. Do not modify any of the ranges in ur after calling this function.

Directories

Path Synopsis
Package bytesource provides a rand.Source64 that is determined by a slice of bytes.
Package bytesource provides a rand.Source64 that is determined by a slice of bytes.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL