From 009ffc23f9ff6e426a45a72e2dde944b014ccc40 Mon Sep 17 00:00:00 2001 From: Saranya-jena Date: Fri, 23 Feb 2024 15:05:11 +0530 Subject: [PATCH 1/6] Added fuzzers in utils and authorization Signed-off-by: Saranya-jena --- .../pkg/authorization/tests/fuzz_test.go | 129 ++++++++++++++++++ .../fuzz/FuzzGetUsername/771e938e4458e983 | 2 + .../fuzz/FuzzGetUsername/f7d774048ada30d0 | 2 + .../server/pkg/authorization/user_jwt.go | 25 +--- .../{handler => test}/handler_test.go | 9 +- chaoscenter/graphql/server/utils/misc.go | 17 ++- .../graphql/server/utils/tests/fuzz_test.go | 80 +++++++++++ .../fuzz/FuzzRandomString/6397b820ae00f953 | 2 + 8 files changed, 233 insertions(+), 33 deletions(-) create mode 100644 chaoscenter/graphql/server/pkg/authorization/tests/fuzz_test.go create mode 100644 chaoscenter/graphql/server/pkg/authorization/tests/testdata/fuzz/FuzzGetUsername/771e938e4458e983 create mode 100644 chaoscenter/graphql/server/pkg/authorization/tests/testdata/fuzz/FuzzGetUsername/f7d774048ada30d0 rename chaoscenter/graphql/server/pkg/environment/{handler => test}/handler_test.go (96%) create mode 100644 chaoscenter/graphql/server/utils/tests/fuzz_test.go create mode 100644 chaoscenter/graphql/server/utils/tests/testdata/fuzz/FuzzRandomString/6397b820ae00f953 diff --git a/chaoscenter/graphql/server/pkg/authorization/tests/fuzz_test.go b/chaoscenter/graphql/server/pkg/authorization/tests/fuzz_test.go new file mode 100644 index 00000000000..1a51b8c1aaf --- /dev/null +++ b/chaoscenter/graphql/server/pkg/authorization/tests/fuzz_test.go @@ -0,0 +1,129 @@ +package tests + +import ( + "fmt" + fuzz "github.com/AdaLogics/go-fuzz-headers" + "github.com/golang-jwt/jwt" + "github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/authorization" + "github.com/litmuschaos/litmus/chaoscenter/graphql/server/utils" + "testing" + "time" +) + +// generateExpiredFakeJWTToken generates a fake JWT token with expiration time set to the past +func generateExpiredFakeJWTToken(username string) string { + token := jwt.New(jwt.SigningMethodHS256) + claims := token.Claims.(jwt.MapClaims) + claims["username"] = username + claims["exp"] = time.Now().Add(-time.Hour).Unix() // Set expiration time to 1 hour ago + signedToken, _ := token.SignedString([]byte("your-secret-key")) // Sign the token with a secret key + return signedToken +} + +// generateFakeJWTTokenWithInvalidSignature generates a fake JWT token with an invalid signature +func generateFakeJWTTokenWithInvalidSignature(username string) string { + token := jwt.New(jwt.SigningMethodHS256) + claims := token.Claims.(jwt.MapClaims) + claims["username"] = username + claims["exp"] = time.Now().Add(time.Hour * 24).Unix() // Set expiration time to 24 hours from now + signedToken, _ := token.SignedString([]byte("invalid-secret-key")) // Sign the token with an invalid secret key + return signedToken +} + +// generateFakeJWTToken generates a fake JWT token with predefined claims +func generateFakeJWTToken(username string) string { + token := jwt.NewWithClaims(jwt.SigningMethodHS512, jwt.MapClaims{ + "username": username, + "exp": time.Now().Add(time.Hour * 24).Unix(), // Set expiration time to 24 hours from now + }) + + signedToken, _ := token.SignedString([]byte(utils.Config.JwtSecret)) // No signature is needed for testing + return signedToken +} + +func FuzzGetUsername(f *testing.F) { + f.Fuzz(func(t *testing.T, input string) { + // Create a fake JWT token with predefined claims + + // Invalid token format check + _, err := authorization.GetUsername(input) + if err == nil { + t.Error("Expected error for invalid token format") + } + + // Generating fake jwt token for testing + token := generateFakeJWTToken(input) + + // Run the test with the fake JWT token + username, err := authorization.GetUsername(token) + if err != nil { + t.Errorf("Error encountered: %v", err) + } + + // Check if the decoded username matches the input string + if username != input { + t.Errorf("Expected username: %s, got: %s", input, username) + } + + // Additional checks + // Expiration check + expiredToken := generateExpiredFakeJWTToken(input) + _, err = authorization.GetUsername(expiredToken) + if err == nil { + t.Error("Expected error for expired token") + } + + // Token signature check (invalid secret key) + invalidSignatureToken := generateFakeJWTTokenWithInvalidSignature(input) + _, err = authorization.GetUsername(invalidSignatureToken) + if err == nil { + t.Error("Expected error for token with invalid signature") + } + + }) +} + +// generateJWTToken generates a JWT token with the given claims +func generateJWTTokenFromClaims(claims jwt.MapClaims) (string, error) { + // Set expiration time to 24 hours from now + claims["exp"] = time.Now().Add(time.Hour * 24).Unix() + + // Create a new token with the claims + token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) + + // Sign the token with a secret key + tokenString, err := token.SignedString([]byte(utils.Config.JwtSecret)) + if err != nil { + return "", fmt.Errorf("failed to sign JWT token: %v", err) + } + + return tokenString, nil +} + +func FuzzUserValidateJWT(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + fuzzConsumer := fuzz.NewConsumer(data) + inputClaims := &jwt.MapClaims{} + err := fuzzConsumer.GenerateStruct(inputClaims) + if err != nil { + return + } + // Generate a JWT token with fuzzed claims + tokenString, err := generateJWTTokenFromClaims(*inputClaims) + if err != nil { + t.Fatalf("Error generating JWT token: %v", err) + } + + // Run the test with the generated JWT token + claims, err := authorization.UserValidateJWT(tokenString) + if err != nil { + t.Errorf("Error encountered: %v", err) + } + + // Optionally, check if claims are nil when there's an error + if claims == nil && err == nil { + t.Errorf("Claims are nil while no error is returned") + } + + }) +} diff --git a/chaoscenter/graphql/server/pkg/authorization/tests/testdata/fuzz/FuzzGetUsername/771e938e4458e983 b/chaoscenter/graphql/server/pkg/authorization/tests/testdata/fuzz/FuzzGetUsername/771e938e4458e983 new file mode 100644 index 00000000000..ee3f33997f9 --- /dev/null +++ b/chaoscenter/graphql/server/pkg/authorization/tests/testdata/fuzz/FuzzGetUsername/771e938e4458e983 @@ -0,0 +1,2 @@ +go test fuzz v1 +string("0") diff --git a/chaoscenter/graphql/server/pkg/authorization/tests/testdata/fuzz/FuzzGetUsername/f7d774048ada30d0 b/chaoscenter/graphql/server/pkg/authorization/tests/testdata/fuzz/FuzzGetUsername/f7d774048ada30d0 new file mode 100644 index 00000000000..4f97796359d --- /dev/null +++ b/chaoscenter/graphql/server/pkg/authorization/tests/testdata/fuzz/FuzzGetUsername/f7d774048ada30d0 @@ -0,0 +1,2 @@ +go test fuzz v1 +string("\x88") diff --git a/chaoscenter/graphql/server/pkg/authorization/user_jwt.go b/chaoscenter/graphql/server/pkg/authorization/user_jwt.go index e34f4a28ec6..90d81bf1e27 100644 --- a/chaoscenter/graphql/server/pkg/authorization/user_jwt.go +++ b/chaoscenter/graphql/server/pkg/authorization/user_jwt.go @@ -21,11 +21,11 @@ func UserValidateJWT(token string) (jwt.MapClaims, error) { if err != nil { log.Print("USER JWT ERROR: ", err) - return nil, errors.New("Invalid Token") + return nil, errors.New("invalid Token") } if !tkn.Valid { - return nil, errors.New("Invalid Token") + return nil, errors.New("invalid Token") } claims, ok := tkn.Claims.(jwt.MapClaims) @@ -33,7 +33,7 @@ func UserValidateJWT(token string) (jwt.MapClaims, error) { return claims, nil } - return nil, errors.New("Invalid Token") + return nil, errors.New("invalid Token") } // GetUsername returns the username from the jwt token @@ -54,22 +54,3 @@ func GetUsername(token string) (string, error) { return "", errors.New("invalid Token") } - -// GetUserID returns the GetUserID from the jwt token -func GetUserID(token string) (string, error) { - tkn, err := jwt.Parse(token, func(token *jwt.Token) (interface{}, error) { - return []byte(utils.Config.JwtSecret), nil - }) - - if err != nil { - log.Print("USER JWT ERROR: ", err) - return "", errors.New("invalid Token") - } - - claims, ok := tkn.Claims.(jwt.MapClaims) - if ok { - return claims["uid"].(string), nil - } - - return "", errors.New("invalid Token") -} diff --git a/chaoscenter/graphql/server/pkg/environment/handler/handler_test.go b/chaoscenter/graphql/server/pkg/environment/test/handler_test.go similarity index 96% rename from chaoscenter/graphql/server/pkg/environment/handler/handler_test.go rename to chaoscenter/graphql/server/pkg/environment/test/handler_test.go index 2231ee6ca8c..c1b44dc5441 100644 --- a/chaoscenter/graphql/server/pkg/environment/handler/handler_test.go +++ b/chaoscenter/graphql/server/pkg/environment/test/handler_test.go @@ -1,8 +1,9 @@ -package handler +package test import ( "context" "errors" + "github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/environment/handler" "testing" "time" @@ -99,7 +100,7 @@ func TestCreateEnvironment(t *testing.T) { token := tc.given() ctx := context.WithValue(context.Background(), authorization.AuthKey, token) mockOperator := environmentOperator - service := NewEnvironmentService(mockOperator) + service := handler.NewEnvironmentService(mockOperator) env, err := service.CreateEnvironment(ctx, tc.projectID, tc.input) if (err != nil && tc.expectedErr == nil) || @@ -176,7 +177,7 @@ func TestDeleteEnvironment(t *testing.T) { ctx := context.WithValue(context.Background(), authorization.AuthKey, token) mockOperator := environmentOperator - service := NewEnvironmentService(mockOperator) + service := handler.NewEnvironmentService(mockOperator) _, err := service.DeleteEnvironment(ctx, tc.projectID, tc.environmentID) if (err != nil && tc.expectedErr == nil) || @@ -211,7 +212,7 @@ func FuzzTestGetEnvironment(f *testing.F) { }} singleResult := mongo.NewSingleResultFromDocument(findResult[0], nil, nil) mongodbMockOperator.On("Get", mock.Anything, mongodb.EnvironmentCollection, mock.Anything).Return(singleResult, nil).Once() - service := NewEnvironmentService(environmentOperator) + service := handler.NewEnvironmentService(environmentOperator) env, err := service.GetEnvironment(projectID, environmentID) if err != nil { diff --git a/chaoscenter/graphql/server/utils/misc.go b/chaoscenter/graphql/server/utils/misc.go index 5678786545d..49986e8b79f 100644 --- a/chaoscenter/graphql/server/utils/misc.go +++ b/chaoscenter/graphql/server/utils/misc.go @@ -29,14 +29,17 @@ func WriteHeaders(w *gin.ResponseWriter, statusCode int) { // RandomString generates random strings, can be used to create ids or random secrets func RandomString(n int) string { - var letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-") - rand.Seed(time.Now().UnixNano()) - s := make([]rune, n) - for i := range s { - s[i] = letters[rand.Intn(len(letters))] - } + if n > 0 { + var letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-") + rand.Seed(time.Now().UnixNano()) + s := make([]rune, n) + for i := range s { + s[i] = letters[rand.Intn(len(letters))] + } - return string(s) + return string(s) + } + return "" } func AddRootIndent(b []byte, n int) []byte { diff --git a/chaoscenter/graphql/server/utils/tests/fuzz_test.go b/chaoscenter/graphql/server/utils/tests/fuzz_test.go new file mode 100644 index 00000000000..a7873661515 --- /dev/null +++ b/chaoscenter/graphql/server/utils/tests/fuzz_test.go @@ -0,0 +1,80 @@ +package tests + +import ( + fuzz "github.com/AdaLogics/go-fuzz-headers" + "github.com/litmuschaos/litmus/chaoscenter/graphql/server/utils" + "strings" + "testing" +) + +func isValidString(s string) bool { + // Define the set of valid characters + validChars := "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-" + + // Iterate over each character in the string + for _, char := range s { + // Check if the character is not in the set of valid characters + if !strings.ContainsRune(validChars, char) { + return false + } + } + return true +} + +func FuzzRandomString(f *testing.F) { + f.Add(10) + f.Fuzz(func(t *testing.T, n int) { + randomString := utils.RandomString(n) + // Perform checks on the generated string + // Check if the length matches the expected length + if n >= 0 && len(randomString) != n { + t.Errorf("Generated string length doesn't match expected length") + } + + // Check if the string contains only valid characters + if !isValidString(randomString) { + t.Errorf("Generated string contains invalid characters") + } + }) + +} + +func FuzzContainsString(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + fuzzConsumer := fuzz.NewConsumer(data) + targetStruct := &struct { + s []string + str string + }{} + err := fuzzConsumer.GenerateStruct(targetStruct) + if err != nil { + return + } + // Perform checks on the ContainsString function + // Check if ContainsString returns true when the target string is in the array + if utils.ContainsString(targetStruct.s, targetStruct.str) { + found := false + for _, v := range targetStruct.s { + if v == targetStruct.str { + found = true + break + } + } + if !found { + t.Errorf("ContainsString returned true for target '%s' not present in the array", targetStruct.str) + } + } else { + // Check if ContainsString returns false when the target string is not in the array + found := false + for _, v := range targetStruct.s { + if v == targetStruct.str { + found = true + break + } + } + if found { + t.Errorf("ContainsString returned false for target '%s' present in the array", targetStruct.str) + } + } + }) +} diff --git a/chaoscenter/graphql/server/utils/tests/testdata/fuzz/FuzzRandomString/6397b820ae00f953 b/chaoscenter/graphql/server/utils/tests/testdata/fuzz/FuzzRandomString/6397b820ae00f953 new file mode 100644 index 00000000000..5ad17818142 --- /dev/null +++ b/chaoscenter/graphql/server/utils/tests/testdata/fuzz/FuzzRandomString/6397b820ae00f953 @@ -0,0 +1,2 @@ +go test fuzz v1 +int(-57) From 8a0f124533ec6631204aa3bb6279835d3e7ab9f2 Mon Sep 17 00:00:00 2001 From: Saranya-jena Date: Mon, 26 Feb 2024 12:22:43 +0530 Subject: [PATCH 2/6] fixed imports Signed-off-by: Saranya-jena --- .../graphql/server/pkg/authorization/tests/fuzz_test.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/chaoscenter/graphql/server/pkg/authorization/tests/fuzz_test.go b/chaoscenter/graphql/server/pkg/authorization/tests/fuzz_test.go index 1a51b8c1aaf..4b259378ff8 100644 --- a/chaoscenter/graphql/server/pkg/authorization/tests/fuzz_test.go +++ b/chaoscenter/graphql/server/pkg/authorization/tests/fuzz_test.go @@ -2,12 +2,13 @@ package tests import ( "fmt" + "testing" + "time" + fuzz "github.com/AdaLogics/go-fuzz-headers" "github.com/golang-jwt/jwt" "github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/authorization" "github.com/litmuschaos/litmus/chaoscenter/graphql/server/utils" - "testing" - "time" ) // generateExpiredFakeJWTToken generates a fake JWT token with expiration time set to the past From 03ea1ad6fe26fd1d02e674bb89b0e177e9f48012 Mon Sep 17 00:00:00 2001 From: Saranya-jena Date: Mon, 26 Feb 2024 12:28:35 +0530 Subject: [PATCH 3/6] fixed imports Signed-off-by: Saranya-jena --- .../graphql/server/pkg/environment/test/handler_test.go | 3 ++- chaoscenter/graphql/server/utils/tests/fuzz_test.go | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/chaoscenter/graphql/server/pkg/environment/test/handler_test.go b/chaoscenter/graphql/server/pkg/environment/test/handler_test.go index c1b44dc5441..7f5fd3a9dc2 100644 --- a/chaoscenter/graphql/server/pkg/environment/test/handler_test.go +++ b/chaoscenter/graphql/server/pkg/environment/test/handler_test.go @@ -3,10 +3,11 @@ package test import ( "context" "errors" - "github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/environment/handler" "testing" "time" + "github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/environment/handler" + "github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/database/mongodb" "go.mongodb.org/mongo-driver/mongo" diff --git a/chaoscenter/graphql/server/utils/tests/fuzz_test.go b/chaoscenter/graphql/server/utils/tests/fuzz_test.go index a7873661515..bb42fae9cf5 100644 --- a/chaoscenter/graphql/server/utils/tests/fuzz_test.go +++ b/chaoscenter/graphql/server/utils/tests/fuzz_test.go @@ -1,10 +1,11 @@ package tests import ( - fuzz "github.com/AdaLogics/go-fuzz-headers" - "github.com/litmuschaos/litmus/chaoscenter/graphql/server/utils" "strings" "testing" + + fuzz "github.com/AdaLogics/go-fuzz-headers" + "github.com/litmuschaos/litmus/chaoscenter/graphql/server/utils" ) func isValidString(s string) bool { From c99e7eeb239a9b023d4f801893ae89b0289b6560 Mon Sep 17 00:00:00 2001 From: Saranya-jena Date: Mon, 26 Feb 2024 12:30:58 +0530 Subject: [PATCH 4/6] go mod changes Signed-off-by: Saranya-jena --- chaoscenter/graphql/server/go.mod | 1 + chaoscenter/graphql/server/go.sum | 2 ++ 2 files changed, 3 insertions(+) diff --git a/chaoscenter/graphql/server/go.mod b/chaoscenter/graphql/server/go.mod index 41134b1053f..80fbb615243 100644 --- a/chaoscenter/graphql/server/go.mod +++ b/chaoscenter/graphql/server/go.mod @@ -4,6 +4,7 @@ go 1.20 require ( github.com/99designs/gqlgen v0.17.42 + github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 github.com/argoproj/argo-workflows/v3 v3.3.1 github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 github.com/gin-contrib/cors v1.3.1 diff --git a/chaoscenter/graphql/server/go.sum b/chaoscenter/graphql/server/go.sum index db42a522707..63277f3f4cf 100644 --- a/chaoscenter/graphql/server/go.sum +++ b/chaoscenter/graphql/server/go.sum @@ -43,6 +43,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/99designs/gqlgen v0.17.42 h1:BVWDOb2VVHQC5k3m6oa0XhDnxltLLrU4so7x/u39Zu4= github.com/99designs/gqlgen v0.17.42/go.mod h1:GQ6SyMhwFbgHR0a8r2Wn8fYgEwPxxmndLFPhU63+cJE= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= github.com/Azure/azure-sdk-for-go v32.5.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v35.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v43.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= From c17062f49f78a615b637cdaff999fcba0f5daff6 Mon Sep 17 00:00:00 2001 From: Saranya-jena Date: Tue, 12 Mar 2024 11:10:20 +0530 Subject: [PATCH 5/6] updated directories Signed-off-by: Saranya-jena --- .../fuzz_test.go => authorization_fuzz_test.go} | 13 ++++++------- .../testdata/fuzz/FuzzGetUsername/771e938e4458e983 | 0 .../testdata/fuzz/FuzzGetUsername/f7d774048ada30d0 | 0 3 files changed, 6 insertions(+), 7 deletions(-) rename chaoscenter/graphql/server/pkg/authorization/{tests/fuzz_test.go => authorization_fuzz_test.go} (91%) rename chaoscenter/graphql/server/pkg/authorization/{tests => }/testdata/fuzz/FuzzGetUsername/771e938e4458e983 (100%) rename chaoscenter/graphql/server/pkg/authorization/{tests => }/testdata/fuzz/FuzzGetUsername/f7d774048ada30d0 (100%) diff --git a/chaoscenter/graphql/server/pkg/authorization/tests/fuzz_test.go b/chaoscenter/graphql/server/pkg/authorization/authorization_fuzz_test.go similarity index 91% rename from chaoscenter/graphql/server/pkg/authorization/tests/fuzz_test.go rename to chaoscenter/graphql/server/pkg/authorization/authorization_fuzz_test.go index 4b259378ff8..655e0e45f82 100644 --- a/chaoscenter/graphql/server/pkg/authorization/tests/fuzz_test.go +++ b/chaoscenter/graphql/server/pkg/authorization/authorization_fuzz_test.go @@ -1,4 +1,4 @@ -package tests +package authorization import ( "fmt" @@ -7,7 +7,6 @@ import ( fuzz "github.com/AdaLogics/go-fuzz-headers" "github.com/golang-jwt/jwt" - "github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/authorization" "github.com/litmuschaos/litmus/chaoscenter/graphql/server/utils" ) @@ -47,7 +46,7 @@ func FuzzGetUsername(f *testing.F) { // Create a fake JWT token with predefined claims // Invalid token format check - _, err := authorization.GetUsername(input) + _, err := GetUsername(input) if err == nil { t.Error("Expected error for invalid token format") } @@ -56,7 +55,7 @@ func FuzzGetUsername(f *testing.F) { token := generateFakeJWTToken(input) // Run the test with the fake JWT token - username, err := authorization.GetUsername(token) + username, err := GetUsername(token) if err != nil { t.Errorf("Error encountered: %v", err) } @@ -69,14 +68,14 @@ func FuzzGetUsername(f *testing.F) { // Additional checks // Expiration check expiredToken := generateExpiredFakeJWTToken(input) - _, err = authorization.GetUsername(expiredToken) + _, err = GetUsername(expiredToken) if err == nil { t.Error("Expected error for expired token") } // Token signature check (invalid secret key) invalidSignatureToken := generateFakeJWTTokenWithInvalidSignature(input) - _, err = authorization.GetUsername(invalidSignatureToken) + _, err = GetUsername(invalidSignatureToken) if err == nil { t.Error("Expected error for token with invalid signature") } @@ -116,7 +115,7 @@ func FuzzUserValidateJWT(f *testing.F) { } // Run the test with the generated JWT token - claims, err := authorization.UserValidateJWT(tokenString) + claims, err := UserValidateJWT(tokenString) if err != nil { t.Errorf("Error encountered: %v", err) } diff --git a/chaoscenter/graphql/server/pkg/authorization/tests/testdata/fuzz/FuzzGetUsername/771e938e4458e983 b/chaoscenter/graphql/server/pkg/authorization/testdata/fuzz/FuzzGetUsername/771e938e4458e983 similarity index 100% rename from chaoscenter/graphql/server/pkg/authorization/tests/testdata/fuzz/FuzzGetUsername/771e938e4458e983 rename to chaoscenter/graphql/server/pkg/authorization/testdata/fuzz/FuzzGetUsername/771e938e4458e983 diff --git a/chaoscenter/graphql/server/pkg/authorization/tests/testdata/fuzz/FuzzGetUsername/f7d774048ada30d0 b/chaoscenter/graphql/server/pkg/authorization/testdata/fuzz/FuzzGetUsername/f7d774048ada30d0 similarity index 100% rename from chaoscenter/graphql/server/pkg/authorization/tests/testdata/fuzz/FuzzGetUsername/f7d774048ada30d0 rename to chaoscenter/graphql/server/pkg/authorization/testdata/fuzz/FuzzGetUsername/f7d774048ada30d0 From 37fa00e3845db86013f3d6c2ae01ae39e4cf3be8 Mon Sep 17 00:00:00 2001 From: Saranya-jena Date: Thu, 14 Mar 2024 18:05:38 +0530 Subject: [PATCH 6/6] updated file strucuture Signed-off-by: Saranya-jena --- .../pkg/authorization/authorization_fuzz_test.go | 11 +++++++++-- .../graphql/server/utils/{tests => }/fuzz_test.go | 7 +++---- .../testdata/fuzz/FuzzRandomString/6397b820ae00f953 | 0 3 files changed, 12 insertions(+), 6 deletions(-) rename chaoscenter/graphql/server/utils/{tests => }/fuzz_test.go (91%) rename chaoscenter/graphql/server/utils/{tests => }/testdata/fuzz/FuzzRandomString/6397b820ae00f953 (100%) diff --git a/chaoscenter/graphql/server/pkg/authorization/authorization_fuzz_test.go b/chaoscenter/graphql/server/pkg/authorization/authorization_fuzz_test.go index 655e0e45f82..8c62733fca4 100644 --- a/chaoscenter/graphql/server/pkg/authorization/authorization_fuzz_test.go +++ b/chaoscenter/graphql/server/pkg/authorization/authorization_fuzz_test.go @@ -1,6 +1,7 @@ package authorization import ( + "encoding/base64" "fmt" "testing" "time" @@ -52,7 +53,7 @@ func FuzzGetUsername(f *testing.F) { } // Generating fake jwt token for testing - token := generateFakeJWTToken(input) + token := generateFakeJWTToken(base64.StdEncoding.EncodeToString([]byte(input))) // Run the test with the fake JWT token username, err := GetUsername(token) @@ -60,8 +61,14 @@ func FuzzGetUsername(f *testing.F) { t.Errorf("Error encountered: %v", err) } + // Decode the username back from base64 + decodedUsername, err := base64.StdEncoding.DecodeString(username) + if err != nil { + t.Errorf("Error decoding username: %v", err) + } + // Check if the decoded username matches the input string - if username != input { + if string(decodedUsername) != input { t.Errorf("Expected username: %s, got: %s", input, username) } diff --git a/chaoscenter/graphql/server/utils/tests/fuzz_test.go b/chaoscenter/graphql/server/utils/fuzz_test.go similarity index 91% rename from chaoscenter/graphql/server/utils/tests/fuzz_test.go rename to chaoscenter/graphql/server/utils/fuzz_test.go index bb42fae9cf5..d9841a269e5 100644 --- a/chaoscenter/graphql/server/utils/tests/fuzz_test.go +++ b/chaoscenter/graphql/server/utils/fuzz_test.go @@ -1,11 +1,10 @@ -package tests +package utils import ( "strings" "testing" fuzz "github.com/AdaLogics/go-fuzz-headers" - "github.com/litmuschaos/litmus/chaoscenter/graphql/server/utils" ) func isValidString(s string) bool { @@ -25,7 +24,7 @@ func isValidString(s string) bool { func FuzzRandomString(f *testing.F) { f.Add(10) f.Fuzz(func(t *testing.T, n int) { - randomString := utils.RandomString(n) + randomString := RandomString(n) // Perform checks on the generated string // Check if the length matches the expected length if n >= 0 && len(randomString) != n { @@ -53,7 +52,7 @@ func FuzzContainsString(f *testing.F) { } // Perform checks on the ContainsString function // Check if ContainsString returns true when the target string is in the array - if utils.ContainsString(targetStruct.s, targetStruct.str) { + if ContainsString(targetStruct.s, targetStruct.str) { found := false for _, v := range targetStruct.s { if v == targetStruct.str { diff --git a/chaoscenter/graphql/server/utils/tests/testdata/fuzz/FuzzRandomString/6397b820ae00f953 b/chaoscenter/graphql/server/utils/testdata/fuzz/FuzzRandomString/6397b820ae00f953 similarity index 100% rename from chaoscenter/graphql/server/utils/tests/testdata/fuzz/FuzzRandomString/6397b820ae00f953 rename to chaoscenter/graphql/server/utils/testdata/fuzz/FuzzRandomString/6397b820ae00f953