MCPcopy Index your code
hub / github.com/php/frankenphp / FuzzRequest

Function FuzzRequest

frankenphp_test.go:1085–1117  ·  view source on GitHub ↗

To run this fuzzing test use: go test -fuzz FuzzRequest TODO: Cover more potential cases

(f *testing.F)

Source from the content-addressed store, hash-verified

1083// To run this fuzzing test use: go test -fuzz FuzzRequest
1084// TODO: Cover more potential cases
1085func FuzzRequest(f *testing.F) {
1086 absPath, _ := fastabs.FastAbs("./testdata/")
1087
1088 f.Add("hello world")
1089 f.Add("😀😅🙃🤩🥲🤪😘😇😉🐘🧟")
1090 f.Add("%00%11%%22%%33%%44%%55%%66%%77%%88%%99%%aa%%bb%%cc%%dd%%ee%%ff")
1091 f.Add("\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f")
1092 f.Fuzz(func(t *testing.T, fuzzedString string) {
1093 runTest(t, func(handler func(http.ResponseWriter, *http.Request), _ *httptest.Server, _ int) {
1094 req := httptest.NewRequest("GET", "http://example.com/server-variable", nil)
1095 req.URL = &url.URL{RawQuery: "test=" + fuzzedString, Path: "/server-variable.php/" + fuzzedString}
1096 req.Header.Add(strings.Clone("Fuzzed"), strings.Clone(fuzzedString))
1097 req.Header.Add(strings.Clone("Content-Type"), fuzzedString)
1098 body, resp := testRequest(req, handler, t)
1099
1100 // The response status must be 400 if the request path contains null bytes
1101 if strings.Contains(req.URL.Path, "\x00") {
1102 assert.Equal(t, 400, resp.StatusCode)
1103 assert.Contains(t, body, "invalid request path")
1104
1105 return
1106 }
1107
1108 // The fuzzed string must be present in the path
1109 assert.Contains(t, body, fmt.Sprintf("[PATH_INFO] => /%s", fuzzedString))
1110 assert.Contains(t, body, fmt.Sprintf("[PATH_TRANSLATED] => %s", filepath.Join(absPath, fuzzedString)))
1111
1112 // Headers should always be present even if empty
1113 assert.Contains(t, body, fmt.Sprintf("[CONTENT_TYPE] => %s", fuzzedString))
1114 assert.Contains(t, body, fmt.Sprintf("[HTTP_FUZZED] => %s", fuzzedString))
1115 }, &testOptions{workerScript: "request-headers.php"})
1116 })
1117}
1118
1119func TestSessionHandlerReset_worker(t *testing.T) {
1120 runTest(t, func(_ func(http.ResponseWriter, *http.Request), ts *httptest.Server, i int) {

Callers

nothing calls this directly

Calls 3

FastAbsFunction · 0.92
runTestFunction · 0.85
testRequestFunction · 0.85

Tested by

no test coverage detected