improve fuzz tests (#571)

2025-11-03 03:03:31 +08:00 · 2024-05-17 19:19:15 +02:00
parent f283abc2e7
commit ef60c8c755
20 changed files with 250 additions and 234 deletions
--- a/pkg/auth/sender_test.go
+++ b/pkg/auth/sender_test.go
@@ -7,80 +7,82 @@ import (
 	"github.com/stretchr/testify/require"
 )

+var casesSender = []struct {
+	name            string
+	wwwAuthenticate base.HeaderValue
+	authorization   base.HeaderValue
+}{
+	{
+		"basic",
+		base.HeaderValue{
+			"Basic realm=testrealm",
+		},
+		base.HeaderValue{
+			"Basic bXl1c2VyOm15cGFzcw==",
+		},
+	},
+	{
+		"digest md5 implicit",
+		base.HeaderValue{
+			`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce"`,
+		},
+		base.HeaderValue{
+			"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+				"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\"",
+		},
+	},
+	{
+		"digest md5 explicit",
+		base.HeaderValue{
+			`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce", algorithm="MD5"`,
+		},
+		base.HeaderValue{
+			"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+				"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\", " +
+				"algorithm=\"MD5\"",
+		},
+	},
+	{
+		"digest sha256",
+		base.HeaderValue{
+			`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce", algorithm="SHA-256"`,
+		},
+		base.HeaderValue{
+			"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+				"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", " +
+				"response=\"e298296ce35c9ab79699c8f3f9508944c1be9395e892f8205b6d66f1b8e663ee\", " +
+				"algorithm=\"SHA-256\"",
+		},
+	},
+	{
+		"multiple 1",
+		base.HeaderValue{
+			"Basic realm=testrealm",
+			`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce"`,
+		},
+		base.HeaderValue{
+			"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+				"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\"",
+		},
+	},
+	{
+		"multiple 2",
+		base.HeaderValue{
+			"Basic realm=testrealm",
+			`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce", algorithm="MD5"`,
+			`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce", algorithm="SHA-256"`,
+		},
+		base.HeaderValue{
+			"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+				"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", " +
+				"response=\"e298296ce35c9ab79699c8f3f9508944c1be9395e892f8205b6d66f1b8e663ee\", " +
+				"algorithm=\"SHA-256\"",
+		},
+	},
+}
+
 func TestSender(t *testing.T) {
-	for _, ca := range []struct {
-		name            string
-		wwwAuthenticate base.HeaderValue
-		authorization   base.HeaderValue
-	}{
-		{
-			"basic",
-			base.HeaderValue{
-				"Basic realm=testrealm",
-			},
-			base.HeaderValue{
-				"Basic bXl1c2VyOm15cGFzcw==",
-			},
-		},
-		{
-			"digest md5 implicit",
-			base.HeaderValue{
-				`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce"`,
-			},
-			base.HeaderValue{
-				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
-					"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\"",
-			},
-		},
-		{
-			"digest md5 explicit",
-			base.HeaderValue{
-				`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce", algorithm="MD5"`,
-			},
-			base.HeaderValue{
-				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
-					"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\", " +
-					"algorithm=\"MD5\"",
-			},
-		},
-		{
-			"digest sha256",
-			base.HeaderValue{
-				`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce", algorithm="SHA-256"`,
-			},
-			base.HeaderValue{
-				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
-					"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", " +
-					"response=\"e298296ce35c9ab79699c8f3f9508944c1be9395e892f8205b6d66f1b8e663ee\", " +
-					"algorithm=\"SHA-256\"",
-			},
-		},
-		{
-			"multiple 1",
-			base.HeaderValue{
-				"Basic realm=testrealm",
-				`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce"`,
-			},
-			base.HeaderValue{
-				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
-					"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\"",
-			},
-		},
-		{
-			"multiple 2",
-			base.HeaderValue{
-				"Basic realm=testrealm",
-				`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce", algorithm="MD5"`,
-				`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce", algorithm="SHA-256"`,
-			},
-			base.HeaderValue{
-				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
-					"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", " +
-					"response=\"e298296ce35c9ab79699c8f3f9508944c1be9395e892f8205b6d66f1b8e663ee\", " +
-					"algorithm=\"SHA-256\"",
-			},
-		},
-	} {
+	for _, ca := range casesSender {
 		t.Run(ca.name, func(t *testing.T) {
 			se, err := NewSender(ca.wwwAuthenticate, "myuser", "mypass")
 			require.NoError(t, err)
@@ -97,12 +99,9 @@ func TestSender(t *testing.T) {
 }

 func FuzzSender(f *testing.F) {
-	f.Add(`Invalid`)
-	f.Add(`Digest`)
-	f.Add(`Digest nonce=123`)
-	f.Add(`Digest realm=123`)
-	f.Add(`Basic`)
-	f.Add(`Basic nonce=123`)
+	for _, ca := range casesSender {
+		f.Add(ca.authorization[0])
+	}

 	f.Fuzz(func(_ *testing.T, a string) {
 		NewSender(base.HeaderValue{a}, "myuser", "mypass") //nolint:errcheck
--- a/pkg/auth/testdata/fuzz/FuzzValidate/771e938e4458e983
+++ b/pkg/auth/testdata/fuzz/FuzzValidate/771e938e4458e983
@@ -0,0 +1,2 @@
+go test fuzz v1
+string("0")
--- a/pkg/auth/validate_test.go
+++ b/pkg/auth/validate_test.go
@@ -1,56 +1,57 @@
 package auth

 import (
-	"fmt"
 	"testing"

 	"github.com/bluenviron/gortsplib/v4/pkg/base"
 	"github.com/stretchr/testify/require"
 )

+var casesValidate = []struct {
+	name          string
+	authorization base.HeaderValue
+}{
+	{
+		"basic",
+		base.HeaderValue{
+			"Basic bXl1c2VyOm15cGFzcw==",
+		},
+	},
+	{
+		"digest md5 implicit",
+		base.HeaderValue{
+			"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+				"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\"",
+		},
+	},
+	{
+		"digest md5 explicit",
+		base.HeaderValue{
+			"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+				"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\", " +
+				"algorithm=\"MD5\"",
+		},
+	},
+	{
+		"digest sha256",
+		base.HeaderValue{
+			"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+				"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", " +
+				"response=\"e298296ce35c9ab79699c8f3f9508944c1be9395e892f8205b6d66f1b8e663ee\", " +
+				"algorithm=\"SHA-256\"",
+		},
+	},
+	{
+		"digest vlc",
+		base.HeaderValue{
+			"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+				"uri=\"rtsp://myhost/mypath?key=val/\", response=\"5ca5ceeca20a05e9a3f49ecde4b42655\"",
+		},
+	},
+}
+
 func TestValidate(t *testing.T) {
-	for _, ca := range []struct {
-		name          string
-		authorization base.HeaderValue
-	}{
-		{
-			"basic",
-			base.HeaderValue{
-				"Basic bXl1c2VyOm15cGFzcw==",
-			},
-		},
-		{
-			"digest md5 implicit",
-			base.HeaderValue{
-				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
-					"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\"",
-			},
-		},
-		{
-			"digest md5 explicit",
-			base.HeaderValue{
-				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
-					"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\", " +
-					"algorithm=\"MD5\"",
-			},
-		},
-		{
-			"digest sha256",
-			base.HeaderValue{
-				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
-					"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", " +
-					"response=\"e298296ce35c9ab79699c8f3f9508944c1be9395e892f8205b6d66f1b8e663ee\", " +
-					"algorithm=\"SHA-256\"",
-			},
-		},
-		{
-			"digest vlc",
-			base.HeaderValue{
-				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
-					"uri=\"rtsp://myhost/mypath?key=val/\", response=\"5ca5ceeca20a05e9a3f49ecde4b42655\"",
-			},
-		},
-	} {
+	for _, ca := range casesValidate {
 		t.Run(ca.name, func(t *testing.T) {
 			se, err := NewSender(
 				GenerateWWWAuthenticate([]ValidateMethod{ValidateMethodDigestMD5}, "myrealm", "f49ac6dd0ba708d4becddc9692d1f2ce"),
@@ -62,7 +63,6 @@ func TestValidate(t *testing.T) {
 				URL:    mustParseURL("rtsp://myhost/mypath?key=val/"),
 			}
 			se.AddAuthorization(req1)
-			fmt.Println(req1.Header)

 			req := &base.Request{
 				Method: base.Setup,
@@ -84,14 +84,9 @@ func TestValidate(t *testing.T) {
 }

 func FuzzValidate(f *testing.F) {
-	f.Add(`Invalid`)
-	f.Add(`Digest `)
-	f.Add(`Digest realm=123`)
-	f.Add(`Digest realm=123,nonce=123`)
-	f.Add(`Digest realm=123,nonce=123,username=123`)
-	f.Add(`Digest realm=123,nonce=123,username=123,uri=123`)
-	f.Add(`Digest realm=123,nonce=123,username=123,uri=123,response=123`)
-	f.Add(`Digest realm=123,nonce=abcde,username=123,uri=123,response=123`)
+	for _, ca := range casesValidate {
+		f.Add(ca.authorization[0])
+	}

 	f.Fuzz(func(_ *testing.T, a string) {
 		Validate( //nolint:errcheck
@@ -106,7 +101,7 @@ func FuzzValidate(f *testing.F) {
 			"mypass",
 			nil,
 			"IPCAM",
-			"abcde",
+			"f49ac6dd0ba708d4becddc9692d1f2ce",
 		)
 	})
 }