test: fuzz targets for query binder, error writer, roster enum parse#192
Merged
Conversation
Coverage-guided fuzzing of the three panic-prone pure-function seams the PRD flags as the lenient surface: - FuzzQueryBinder: no accessor panics; first-failure-wins is monotone (a later successful read never clears an earlier 400). - FuzzWriteError: arbitrary user-derived message bytes (control chars, invalid UTF-8) always yield valid gRPC-status contract JSON with the code echoed, details=[], and the code->status mapping intact. - FuzzParseRosterType: never panics; any clean parse round-trips through its enum name. Real test assets — independent of the smoke wiring, land separately. ~870k execs across the three, zero crashes. This was generated by AI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Coverage-guided Go fuzz targets for the three panic-prone pure-function seams PRD #112 flags as the lenient request surface:
FuzzQueryBinder(rest) — no accessor panics on anyurl.Values; first-failure-wins is monotone (a later successful read never clears an earlier 400, the invariant that makes the "bind everything, checkErr()once" handler protocol safe).FuzzWriteError(rest) — arbitrary user-derived message bytes (control chars, invalid UTF-8) always yield valid gRPC-status contract JSON: code echoed,details: [], code→HTTP-status mapping intact,Content-Type: application/json.FuzzParseRosterType(types) — never panics on the base-0 name-or-number enum forms (hex/octal/binary/underscore/overflow/negative/empty); any clean parse round-trips through its enum name.Why
These exercise the binding/error seams at millions of cases/sec in-process — coverage the golden corpus (recorded inputs) and Schemathesis (network edge) can't reach. They surfaced during a live smoke of the new stack; the network side came back clean, and these lock the unit seams down permanently.
Cost
Standard
testing.Ftargets: a normalgo test ./...runs only their seed corpora as fast deterministic unit tests — no fuzzing cost in CI unless-fuzzis invoked explicitly. CI can optionally add a bounded-fuzztimepass.Verification
~870k execs across the three during the smoke, zero crashes, zero invariant violations. Seed corpora green on a clean
developbase.This was generated by AI