forked from TrueCloudLab/frostfs-s3-gw
93 lines
1.8 KiB
Go
93 lines
1.8 KiB
Go
//go:build gofuzz
|
|
// +build gofuzz
|
|
|
|
package auth
|
|
|
|
import (
|
|
"context"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
|
|
oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
|
|
"github.com/aws/aws-sdk-go-v2/aws"
|
|
utils "github.com/trailofbits/go-fuzz-utils"
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
const (
|
|
fuzzSuccessExitCode = 0
|
|
fuzzFailExitCode = -1
|
|
)
|
|
|
|
func InitFuzzAuthenticate() {
|
|
}
|
|
|
|
func DoFuzzAuthenticate(input []byte) int {
|
|
// FUZZER INIT
|
|
if len(input) < 100 {
|
|
return fuzzFailExitCode
|
|
}
|
|
|
|
tp, err := utils.NewTypeProvider(input)
|
|
if err != nil {
|
|
return fuzzFailExitCode
|
|
}
|
|
|
|
var accessKeyAddr oid.Address
|
|
err = tp.Fill(accessKeyAddr)
|
|
if err != nil {
|
|
return fuzzFailExitCode
|
|
}
|
|
|
|
accessKeyID := strings.ReplaceAll(accessKeyAddr.String(), "/", "0")
|
|
secretKey, err := tp.GetString()
|
|
if err != nil {
|
|
return fuzzFailExitCode
|
|
}
|
|
awsCreds := aws.Credentials{AccessKeyID: accessKeyID, SecretAccessKey: secretKey}
|
|
|
|
reqData := RequestData{
|
|
Method: "GET",
|
|
Endpoint: "http://localhost:8084",
|
|
Bucket: "my-bucket",
|
|
Object: "@obj/name",
|
|
}
|
|
presignData := PresignData{
|
|
Service: "s3",
|
|
Region: "spb",
|
|
Lifetime: 10 * time.Minute,
|
|
SignTime: time.Now().UTC(),
|
|
}
|
|
|
|
req, err := PresignRequest(context.Background(), awsCreds, reqData, presignData, zap.NewNop())
|
|
if req == nil {
|
|
return fuzzFailExitCode
|
|
}
|
|
|
|
expBox := &accessbox.Box{
|
|
Gate: &accessbox.GateData{
|
|
SecretKey: secretKey,
|
|
},
|
|
}
|
|
|
|
mock := newTokensFrostfsMock()
|
|
mock.addBox(accessKeyAddr, expBox)
|
|
|
|
c := &Center{
|
|
cli: mock,
|
|
reg: NewRegexpMatcher(AuthorizationFieldRegexp),
|
|
postReg: NewRegexpMatcher(postPolicyCredentialRegexp),
|
|
}
|
|
|
|
_, _ = c.Authenticate(req)
|
|
|
|
return fuzzSuccessExitCode
|
|
}
|
|
|
|
func FuzzAuthenticate(f *testing.F) {
|
|
f.Fuzz(func(t *testing.T, data []byte) {
|
|
DoFuzzAuthenticate(data)
|
|
})
|
|
}
|