test(fuzz): turn everything into esm

since coverage does not work as expected at all, we can use esm. So if jazzer at some point, add esm support for esm, we can easily add it
neighbourhoodie · Dec 13, 2023 · 4c0a324 · 4c0a324
1 parent b29c6fc
commit 4c0a324
Show file tree

Hide file tree

Showing 18 changed files with 167 additions and 172 deletions.
diff --git a/package.json b/package.json
@@ -47,7 +47,7 @@
     "prepare": "npm run build",
     "test": "mocha --timeout 120000 test/unittests.js",
     "test-type-definitions": "node --loader ts-node/esm test/typescript/definitions.ts",
-    "fuzz": "jazzer test/fuzz/$TARGET.cjs -- -artifact_prefix=test/fuzz/reports/",
+    "fuzz": "jazzer test/fuzz/$TARGET -- -artifact_prefix=test/fuzz/reports/",
     "benchmark-time": "node test/benchmarks/time.js",
     "benchmark-memory-usage": "node test/benchmarks/memory_usage.js",
     "start": "http-server",

diff --git a/test/fuzz/createCleartextMessage.cjs b/test/fuzz/createCleartextMessage.cjs
diff --git a/test/fuzz/createCleartextMessage.js b/test/fuzz/createCleartextMessage.js
@@ -0,0 +1,15 @@
+import { FuzzedDataProvider } from '@jazzer.js/core';
+
+import openpgp from '../initOpenpgp.js';
+
+const MAX_MESSAGE_LENGTH = 9000;
+
+/**
+ * @param { Buffer } inputData
+ */
+export function fuzz (inputData) {
+  const data = new FuzzedDataProvider(inputData);
+  const text = data.bufToPrintableString(inputData, 2, MAX_MESSAGE_LENGTH, 'utf-8');
+  return openpgp.createCleartextMessage({ text });
+}
+
diff --git a/test/fuzz/createMessageBinary.cjs b/test/fuzz/createMessageBinary.cjs
diff --git a/test/fuzz/createMessageBinary.js b/test/fuzz/createMessageBinary.js
@@ -0,0 +1,9 @@
+import openpgp from '../initOpenpgp.js';
+
+/**
+ * @param { Buffer } inputData
+ */
+export function fuzz (inputData) {
+  return openpgp.createMessage({ binary: new Uint8Array(inputData) });
+}
+
diff --git a/test/fuzz/createMessageText.cjs b/test/fuzz/createMessageText.cjs
diff --git a/test/fuzz/createMessageText.js b/test/fuzz/createMessageText.js
@@ -0,0 +1,13 @@
+import { FuzzedDataProvider } from '@jazzer.js/core';
+
+import openpgp from '../initOpenpgp.js';
+
+const MAX_MESSAGE_LENGTH = 9000;
+
+/**
+ * @param { Buffer } inputData
+ */
+export function fuzz (inputData) {
+  const data = new FuzzedDataProvider(inputData);
+  return openpgp.createMessage({ text: data.consumeString(MAX_MESSAGE_LENGTH, 'utf-8') });
+}
diff --git a/test/fuzz/generateKey.cjs b/test/fuzz/generateKey.cjs
diff --git a/test/fuzz/generateKey.js b/test/fuzz/generateKey.js
@@ -0,0 +1,26 @@
+import { FuzzedDataProvider } from '@jazzer.js/core';
+
+import openpgp from '../initOpenpgp.js';
+
+const MAX_NAME_LENGTH = 30;
+const MAX_COMMENT_LENGTH = 500;
+
+/**
+ * @param { Buffer } inputData
+ */
+export function fuzz (inputData) {
+
+  const data = new FuzzedDataProvider(inputData);
+  const asciiString = data.consumeString(MAX_COMMENT_LENGTH);
+  const utf8String = data.consumeString(MAX_NAME_LENGTH, 'utf-8');
+
+  return openpgp.generateKey({ userIDs: [
+    { name: utf8String },
+    { email: utf8String },
+    { comment: asciiString },
+    { name: utf8String, email: utf8String, comment: asciiString }
+  ],
+  passphrase: asciiString,
+  format: 'object' });
+}
+
diff --git a/test/fuzz/readKeyArmored.cjs b/test/fuzz/readKeyArmored.cjs
diff --git a/test/fuzz/readKeyArmored.js b/test/fuzz/readKeyArmored.js
@@ -0,0 +1,28 @@
+import { FuzzedDataProvider } from '@jazzer.js/core';
+
+import openpgp from '../initOpenpgp.js';
+
+const ignored = ['Misformed armored text'];
+const MAX_MESSAGE_LENGTH = 9000;
+
+function ignoredError(error) {
+  return ignored.some(message => error.message.includes(message));
+}
+
+/**
+ * @param { Buffer } inputData
+ */
+export function fuzz (inputData) {
+
+  const data = new FuzzedDataProvider(inputData);
+  const fuzzedText = data.consumeString(MAX_MESSAGE_LENGTH, 'utf-8');
+  const armoredKey = `-----BEGIN PGP PRIVATE KEY BLOCK-----\n ${fuzzedText} -----END PGP PRIVATE KEY BLOCK-----`;
+
+  return openpgp.readKey({ armoredKey })
+    .catch(error => {
+      if (error.message && !ignoredError(error)) {
+        throw error;
+      }
+    });
+}
+
diff --git a/test/fuzz/readKeyBinary.cjs b/test/fuzz/readKeyBinary.cjs
diff --git a/test/fuzz/readKeyBinary.js b/test/fuzz/readKeyBinary.js
@@ -0,0 +1,22 @@
+import openpgp from '../initOpenpgp.js';
+
+const ignored = ['This message / key probably does not conform to a valid OpenPGP format'];
+
+function ignoredError(error) {
+  return ignored.some(message => error.message.includes(message));
+}
+
+/**
+ * @param { Buffer } inputData
+ */
+export function fuzz (inputData) {
+  const binaryKey = new Uint8Array(`-----BEGIN PGP PRIVATE KEY BLOCK-----\n ${inputData.toString('base64')} -----END PGP PRIVATE KEY BLOCK-----`);
+
+  return openpgp.readKey({ binaryKey })
+    .catch(error => {
+      if (error.message && !ignoredError(error)) {
+        throw error;
+      }
+    });
+}
+
diff --git a/test/fuzz/readMessageBinary.cjs b/test/fuzz/readMessageBinary.cjs
diff --git a/test/fuzz/readMessageBinary.js b/test/fuzz/readMessageBinary.js
@@ -0,0 +1,22 @@
+import openpgp from '../initOpenpgp.js';
+
+const ignored = ['This message / key probably does not conform to a valid OpenPGP format'];
+
+function ignoredError(error) {
+  return ignored.some(message => error.message.includes(message));
+}
+
+/**
+ * @param { Buffer } inputData
+ */
+export function fuzz (inputData) {
+  const binaryMessage = new Uint8Array(`-----BEGIN PGP MESSAGE-----\n ${inputData.toString('base64')} -----END PGP MESSAGE-----`);
+
+  return openpgp.readMessage({ binaryMessage })
+    .catch(error => {
+      if (error.message && !ignoredError(error)) {
+        throw error;
+      }
+    });
+}
+
diff --git a/test/fuzz/readMessageText.cjs b/test/fuzz/readMessageText.cjs
diff --git a/test/fuzz/readMessageText.js b/test/fuzz/readMessageText.js
@@ -0,0 +1,27 @@
+import { FuzzedDataProvider } from '@jazzer.js/core';
+
+import openpgp from '../initOpenpgp.js';
+
+const ignored = ['Misformed armored text'];
+const MAX_MESSAGE_LENGTH = 9000;
+
+function ignoredError(error) {
+  return ignored.some(message => error.message.includes(message));
+}
+
+/**
+ * @param { Buffer } inputData
+ */
+export function fuzz (inputData) {
+  const data = new FuzzedDataProvider(inputData);
+  const fuzzedText = data.consumeString(MAX_MESSAGE_LENGTH, 'utf-8');
+  const armoredMessage = `-----BEGIN PGP MESSAGE-----\n ${fuzzedText} -----END PGP MESSAGE-----`;
+
+  return openpgp.readMessage({ armoredMessage })
+    .catch(error => {
+      if (error.message && !ignoredError(error)) {
+        throw error;
+      }
+    });
+}
+
diff --git a/test/fuzz/readme.md b/test/fuzz/readme.md
@@ -11,14 +11,7 @@ To generate and run fuzz tests, we use the [Jazzer.js](https://github.com/CodeIn
 
 This directory contains fuzz targets like for example `createMessageBinary`.
 
-You can run this fuzz target without options:
-```sh
-npx jazzer test/fuzz/createMessageBinary.cjs
-```
-(You will notice the `.cjs` file ending. This is because jazzer does not support esm, yet)
-
-or with the given settings at your package.json:
-
+You can run this fuzz target:
 ```sh
 TARGET=createMessageBinary npm run fuzz
 ```
@@ -50,12 +43,12 @@ See further details in [Fuzzing using fuzz targets and the CLI](https://github.c
 
 ### Run limitations
 
-You can pass the `-max_total_time` flag to the internal fuzzing engine to stop the fuzzing run after 10 seconds.
+You can edit the npm command and pass the `-max_total_time` flag to the internal fuzzing engine to stop the fuzzing run after 10 seconds.
 ```sh
-npx jazzer test/fuzz/createMessageBinary.cjs -- -max_total_time=10
+jazzer test/fuzz/$TARGET -- -max_total_time=10
 ```
 
 Or you can limit the number of runs:
 ```sh
-npx jazzer test/fuzz/createMessageBinary.cjs -- -runs=4000000
+jazzer test/fuzz/$TARGET -- -runs=4000000
 ```