Skip to content

Add a basic fuzzer - FuzzScopedHTML #619

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Dec 7, 2022
Merged

Add a basic fuzzer - FuzzScopedHTML #619

merged 4 commits into from
Dec 7, 2022

Conversation

jasikpark
Copy link
Contributor

@jasikpark jasikpark commented Nov 10, 2022
edited
Loading

Changes

Small bugfixes that will be eventually moved to other PRs

Testing

This PR is tracking the addition of a simple go based fuzzer to test the html parser / scoped styles generator.

I'll add fixes to bugs I discover as I go along, and then eventually I'll break out the bugs and this fuzzer into individually mergable PRs

This can be run via go test ./internal/transform -fuzz=FuzzScopeHTML from the root directory to run an ongoing fuzz test of the html scoping.

Uses https://tip.golang.org/doc/tutorial/fuzz

Docs

There should be contributor docs for how the fuzzer works, how to run it && how to update fuzz tests

@changeset-bot
Copy link

changeset-bot bot commented Nov 10, 2022
edited
Loading

⚠️ No Changeset found

Latest commit: 15dd962

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@jasikpark jasikpark changed the title Add a basic fuzzer Add a basic fuzzer - FuzzScopedHTML Nov 10, 2022
@jasikpark jasikpark mentioned this pull request Nov 16, 2022
Merged
@jasikpark jasikpark changed the base branch from main to require-a-handler-for-parse-fragment November 20, 2022 00:14
This was referenced Nov 20, 2022
Open
Merged
@jasikpark
Copy link
Contributor Author

jasikpark commented Dec 2, 2022
edited
Loading

another option that isn't blocked on updating to go 1.18 would be using fast-check: https://github.com/dubzzz/fast-check/tree/main/packages/fast-check/documentation

this allows for creating property tests to augment unit tests by generating data of a certain shape and asserting certain properties of it, like that a parse should contain only unicode strings or an error.

ex: https://github.com/dubzzz/fast-check/blob/main/examples/001-simple/fibonacci/main.spec.ts

ex closer to the compiler: https://github.com/dubzzz/fast-check/blob/main/examples/001-simple/indexOf/main.spec.ts

@jasikpark jasikpark requested a review from natemoo-re December 2, 2022 20:04
Base automatically changed from require-a-handler-for-parse-fragment to main December 2, 2022 20:19
@jasikpark
Add patch changeset
081d5ea
@jasikpark
Add FuzzScopeHTML
265fd95 
This can be run via `go test ./internal/transform -fuzz=FuzzScopeHTML` from the root directory to run an ongoing fuzz test of the html scoping.

Uses https://tip.golang.org/doc/tutorial/fuzz
@jasikpark
Fix extra sanity check
648c882
@jasikpark jasikpark marked this pull request as ready for review December 7, 2022 20:15
@jasikpark
Copy link
Contributor Author

jasikpark commented Dec 7, 2022
edited
Loading

This is ready for review now that go is > 1.18!

This can be run in CI with something like https://github.com/jidicula/go-fuzz-action or something similar, or often able to be run in person.

I'd say merge && run in person for now - though eventually hopefully all immediate bugs are found that would make this fail outright

I'd probably recc https://google.github.io/oss-fuzz/getting-started/continuous-integration/ actually, since they have the most experience running fuzzing continuously in CI. Though this would be a more of "catch bugs in recently commited code" setup

@jasikpark jasikpark mentioned this pull request Dec 7, 2022
Closed
@jasikpark jasikpark merged commit 7c36375 into main Dec 7, 2022
@jasikpark jasikpark deleted the add-a-basic-fuzzer branch December 7, 2022 20:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@natemoo-re natemoo-re natemoo-re approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jasikpark @natemoo-re