Skip to content

Commit

Permalink
Merge branch 'master' into vulnerabilities-fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@SahilKr24
SahilKr24 authored Mar 7, 2024
2 parents bb50019 + c73ad1c commit 02d009e
Show file tree
Hide file tree
Showing 7 changed files with 137 additions and 45 deletions.
1 change: 1 addition & 0 deletions chaoscenter/graphql/server/go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ go 1.20

require (
github.com/99designs/gqlgen v0.17.42
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24
github.com/argoproj/argo-workflows/v3 v3.3.1
github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32
github.com/gin-contrib/cors v1.3.1
Expand Down
2 changes: 2 additions & 0 deletions chaoscenter/graphql/server/go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
github.com/99designs/gqlgen v0.17.42 h1:BVWDOb2VVHQC5k3m6oa0XhDnxltLLrU4so7x/u39Zu4=
github.com/99designs/gqlgen v0.17.42/go.mod h1:GQ6SyMhwFbgHR0a8r2Wn8fYgEwPxxmndLFPhU63+cJE=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
github.com/Azure/azure-sdk-for-go v32.5.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/azure-sdk-for-go v35.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/azure-sdk-for-go v43.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
Expand Down
126 changes: 126 additions & 0 deletions chaoscenter/graphql/server/pkg/environment/handler/handler_fuzz_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
package handler

import (
"context"
"testing"

fuzz "github.com/AdaLogics/go-fuzz-headers"
"github.com/litmuschaos/litmus/chaoscenter/graphql/server/graph/model"
"github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/authorization"
"github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/database/mongodb"
"github.com/litmuschaos/litmus/chaoscenter/graphql/server/utils"
"github.com/sirupsen/logrus"
"github.com/stretchr/testify/mock"
"go.mongodb.org/mongo-driver/bson"
"go.mongodb.org/mongo-driver/mongo"
)

func FuzzCreateEnvironment(f *testing.F) {
utils.Config.JwtSecret = JwtSecret
f.Fuzz(func(t *testing.T, data []byte) {
fuzzConsumer := fuzz.NewConsumer(data)
targetStruct := &struct {
input model.CreateEnvironmentRequest
projectID string
}{}
err := fuzzConsumer.GenerateStruct(targetStruct)
if err != nil {
return
}
mongodbMockOperator.On("Create", mock.Anything, mongodb.EnvironmentCollection, mock.Anything).Return(nil).Once()
token, err := GetSignedJWT("testUser")
if err != nil {
logrus.Errorf("Error genrating token %v", err)
}

ctx := context.WithValue(context.Background(), authorization.AuthKey, token)
service := NewEnvironmentService(environmentOperator)

env, err := service.CreateEnvironment(ctx, targetStruct.projectID, &targetStruct.input)
if err != nil {
t.Errorf("Unexpected error: %v", err)
}
if env == nil {
t.Errorf("Returned environment is nil")
}
})
}

func FuzzTestDeleteEnvironment(f *testing.F) {
utils.Config.JwtSecret = JwtSecret
testCases := []struct {
projectID string
environmentID string
}{
{
projectID: "testProject",
environmentID: "testEnvID",
},
}
for _, tc := range testCases {
f.Add(tc.projectID, tc.environmentID)
}

f.Fuzz(func(t *testing.T, projectID string, environmentID string) {

findResult := []interface{}{bson.D{
{Key: "environment_id", Value: environmentID},
{Key: "project_id", Value: projectID},
}}
singleResult := mongo.NewSingleResultFromDocument(findResult[0], nil, nil)
mongodbMockOperator.On("Get", mock.Anything, mongodb.EnvironmentCollection, mock.Anything).Return(singleResult, nil).Once()
mongodbMockOperator.On("UpdateMany", mock.Anything, mongodb.EnvironmentCollection, mock.Anything, mock.Anything, mock.Anything).Return(&mongo.UpdateResult{}, nil).Once()
token, err := GetSignedJWT("testUser")
if err != nil {
logrus.Errorf("Error genrating token %v", err)
}

ctx := context.WithValue(context.Background(), authorization.AuthKey, token)
service := NewEnvironmentService(environmentOperator)

env, err := service.DeleteEnvironment(ctx, projectID, environmentID)
if err != nil {
t.Errorf("Unexpected error: %v", err)
}

if env == "" {
t.Errorf("Returned environment is nil")
}
})
}

func FuzzTestGetEnvironment(f *testing.F) {
utils.Config.JwtSecret = JwtSecret
testCases := []struct {
projectID string
environmentID string
}{
{
projectID: "testProject",
environmentID: "testEnvID",
},
}
for _, tc := range testCases {
f.Add(tc.projectID, tc.environmentID)
}

f.Fuzz(func(t *testing.T, projectID string, environmentID string) {

findResult := []interface{}{bson.D{
{Key: "environment_id", Value: environmentID},
{Key: "project_id", Value: projectID},
}}
singleResult := mongo.NewSingleResultFromDocument(findResult[0], nil, nil)
mongodbMockOperator.On("Get", mock.Anything, mongodb.EnvironmentCollection, mock.Anything).Return(singleResult, nil).Once()
service := NewEnvironmentService(environmentOperator)

env, err := service.GetEnvironment(projectID, environmentID)
if err != nil {
t.Errorf("Unexpected error: %v", err)
}

if env == nil {
t.Errorf("Returned environment is nil")
}
})
}
47 changes: 4 additions & 43 deletions chaoscenter/graphql/server/pkg/environment/handler/handler_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,6 @@ import (
"testing"
"time"

"github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/database/mongodb"
"go.mongodb.org/mongo-driver/mongo"

"github.com/golang-jwt/jwt"
"github.com/google/uuid"
"github.com/litmuschaos/litmus/chaoscenter/graphql/server/graph/model"
Expand All @@ -26,9 +23,9 @@ var (
environmentOperator = dbOperationsEnvironment.NewEnvironmentOperator(mongodbMockOperator)
)

const JwtSecret = "testsecret"
var JwtSecret = "testsecret"

func getSignedJWT(name string) (string, error) {
func GetSignedJWT(name string) (string, error) {
token := jwt.New(jwt.SigningMethodHS512)
claims := token.Claims.(jwt.MapClaims)
claims["uid"] = uuid.NewString()
Expand Down Expand Up @@ -67,7 +64,7 @@ func TestCreateEnvironment(t *testing.T) {
expectedEnv: nil,
expectedErr: errors.New("invalid Token"),
given: func() string {
token, err := getSignedJWT("testUser")
token, err := GetSignedJWT("testUser")
if err != nil {
return token
}
Expand Down Expand Up @@ -142,7 +139,7 @@ func TestDeleteEnvironment(t *testing.T) {
},
expectedErr: errors.New("invalid Token"),
given: func() string {
token, err := getSignedJWT("testUser")
token, err := GetSignedJWT("testUser")
if err != nil {
return token
}
Expand Down Expand Up @@ -187,39 +184,3 @@ func TestDeleteEnvironment(t *testing.T) {
})
}
}

func FuzzTestGetEnvironment(f *testing.F) {
utils.Config.JwtSecret = JwtSecret
testCases := []struct {
projectID string
environmentID string
}{
{
projectID: "testProject",
environmentID: "testEnvID",
},
}
for _, tc := range testCases {
f.Add(tc.projectID, tc.environmentID)
}

f.Fuzz(func(t *testing.T, projectID string, environmentID string) {

findResult := []interface{}{bson.D{
{Key: "environment_id", Value: environmentID},
{Key: "project_id", Value: projectID},
}}
singleResult := mongo.NewSingleResultFromDocument(findResult[0], nil, nil)
mongodbMockOperator.On("Get", mock.Anything, mongodb.EnvironmentCollection, mock.Anything).Return(singleResult, nil).Once()
service := NewEnvironmentService(environmentOperator)

env, err := service.GetEnvironment(projectID, environmentID)
if err != nil {
t.Errorf("Unexpected error: %v", err)
}

if env == nil {
t.Errorf("Returned environment is nil")
}
})
}
2 changes: 2 additions & 0 deletions ...aphql/server/pkg/environment/handler/testdata/fuzz/FuzzCreateEnvironment/582528ddfad69eb5
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
go test fuzz v1
[]byte("0")
2 changes: 1 addition & 1 deletion chaoscenter/web/src/views/AccountSettingsUserManagement/AccountSettingsUserManagement.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ function MemoizedUsersTable({ users, getUsersRefetch }: MemoizedUsersTableProps)
return (
data.createdAt && (
<Text font={{ variation: FontVariation.BODY }} color={Color.GREY_600}>
{getFormattedTime(data.createdAt * 1000)}
{getFormattedTime(data.createdAt)}
</Text>
)
);
Expand Down
2 changes: 1 addition & 1 deletion chaoscenter/web/src/views/UserCreatedProjects/UserCreatedProjects.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ function MemoizedUserCreatedProjectsTable({
return (
data.updatedAt && (
<Text font={{ variation: FontVariation.BODY }} color={Color.GREY_600}>
{getFormattedTime(data.updatedAt * 1000)}
{getFormattedTime(data.updatedAt)}
</Text>
)
);
Expand Down

0 comments on commit 02d009e

Please sign in to comment.