internal/format: update fuzzing target

Fixes #96
2026-01-06 20:16:20 +00:00 · 2020-03-25 02:15:30 -04:00
parent f28f85d87b
commit f0f8092d60
5 changed files with 79 additions and 9 deletions
--- a/go.mod
+++ b/go.mod
@@ -2,4 +2,7 @@ module filippo.io/age

 go 1.13

-require golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59
+require (
+	github.com/sergi/go-diff v1.1.0
+	golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59
+)
--- a/go.sum
+++ b/go.sum
@@ -1,3 +1,18 @@
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
+github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 h1:3zb4D3T4G8jdExgVU/95+vQXfpEPiMdCaZgmGVxjNHM=
 golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -6,3 +21,9 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
--- a/internal/format/Dockerfile.go-fuzz
+++ b/internal/format/Dockerfile.go-fuzz
@@ -0,0 +1,21 @@
+# Copyright 2019 Google LLC
+#
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file or at
+# https://developers.google.com/open-source/licenses/bsd
+
+# docker run --rm -v $PWD/workdir:/workdir $(docker build -q -f internal/format/Dockerfile.go-fuzz .)
+
+FROM golang:1.14-alpine3.11
+
+RUN apk add --no-cache git
+RUN go get github.com/dvyukov/go-fuzz/...
+
+ADD . $GOPATH/src/filippo.io/age/
+WORKDIR $GOPATH/src/filippo.io/age
+
+RUN go-fuzz-build ./internal/format
+
+VOLUME /workdir
+
+ENTRYPOINT ["go-fuzz", "-workdir", "/workdir", "-bin", "format-fuzz.zip"]
--- a/internal/format/armor.go
+++ b/internal/format/armor.go
@@ -148,7 +148,7 @@ func (r *armoredReader) Read(p []byte) (int, error) {
 	r.unread = r.buf[:]
 	n, err := base64.StdEncoding.Strict().Decode(r.unread, line)
 	if err != nil {
-		return 0, r.setErr(err)
+		return 0, r.setErr(errors.New("invalid armor: " + err.Error()))
 	}
 	r.unread = r.unread[:n]

--- a/internal/format/format_gofuzz.go
+++ b/internal/format/format_gofuzz.go
@@ -1,3 +1,9 @@
+// Copyright 2019 Google LLC
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file or at
+// https://developers.google.com/open-source/licenses/bsd
+
 // +build gofuzz

 package format
@@ -6,10 +12,13 @@ import (
 	"bytes"
 	"fmt"
 	"io"
-	"os"
+	"strings"
+
+	"github.com/sergi/go-diff/diffmatchpatch"
 )

 func Fuzz(data []byte) int {
+	isArmored := bytes.HasPrefix(data, []byte("-----BEGIN AGE ENCRYPTED FILE-----"))
 	h, payload, err := Parse(bytes.NewReader(data))
 	if err != nil {
 		if h != nil {
@@ -21,14 +30,30 @@ func Fuzz(data []byte) int {
 		return 0
 	}
 	w := &bytes.Buffer{}
-	if err := h.Marshal(w); err != nil {
-		panic(err)
-	}
-	if _, err := io.Copy(w, payload); err != nil {
-		panic(err)
+	if isArmored {
+		w := ArmoredWriter(w)
+		if err := h.Marshal(w); err != nil {
+			panic(err)
+		}
+		if _, err := io.Copy(w, payload); err != nil {
+			if strings.Contains(err.Error(), "invalid armor") {
+				return 0
+			}
+			panic(err)
+		}
+		w.Close()
+	} else {
+		if err := h.Marshal(w); err != nil {
+			panic(err)
+		}
+		if _, err := io.Copy(w, payload); err != nil {
+			panic(err)
+		}
 	}
 	if !bytes.Equal(w.Bytes(), data) {
-		fmt.Fprintf(os.Stderr, "%s\n%q\n%q\n\n", w, data, w)
+		dmp := diffmatchpatch.New()
+		diffs := dmp.DiffMain(string(data), string(w.Bytes()), false)
+		fmt.Println(dmp.DiffToDelta(diffs))
 		panic("Marshal output different from input")
 	}
 	return 1