Merge pull request #3448 from buildkite/replacer-fuzz-test-corpus

Add replacer fuzz test corpus to repo, with fix

Author: DrJosh9000

internal/replacer/replacer_test.go

@@ -354,9 +354,9 @@ func TestAddingNeedles(t *testing.T) {
 }
 
 func BenchmarkReplacer(b *testing.B) {
-	b.ResetTimer()
+
 	r := replacer.New(io.Discard, bigLipsumSecrets, redact.Redacted)
-	for range b.N {
+	for b.Loop() {
 		if _, err := fmt.Fprintln(r, bigLipsum); err != nil {
 			b.Errorf("fmt.Fprintln(r, bigLipsum) error = %v", err)
 		}
@@ -376,14 +376,15 @@ func FuzzReplacer(f *testing.F) {
 	f.Add(lipsum, 10, "ipsum", "dolor", "sit", "amet")
 	f.Add(lipsum, 10, "a", "e", "i", "o")
 	f.Fuzz(func(t *testing.T, plaintext string, split int, a, b, c, d string) {
-		// Don't allow empty secrets, or secrets containing a character from
-		// the redaction substitution.
+		// Don't allow empty secrets, whitespace only secrets, or secrets
+		// containing a character from the redaction substitution.
 		//  - Replacing a secret with '[REDACTED]' may create text that happens
 		//    to be another secret.
 		//  - Unless disallowed, the fuzzer tends to rapidly find secrets like
 		//    "A" (one of the characters in REDACTED).
 		secrets := make([]string, 0, 4)
 		for _, s := range []string{a, b, c, d} {
+			s = strings.TrimSpace(s)
 			if s == "" || strings.ContainsAny(s, "[REDACTED]") {
 				continue
 			}

internal/replacer/testdata/fuzz/FuzzReplacer/0010ddb7d72c4594

@@ -0,0 +1,7 @@
+go test fuzz v1
+string("000000000000000000000000000000000000000000000")
+int(-8)
+string("00")
+string("0")
+string("0")
+string("000")

internal/replacer/testdata/fuzz/FuzzReplacer/01a2be68c0040a83

@@ -0,0 +1,7 @@
+go test fuzz v1
+string("0")
+int(10)
+string("0")
+string("0")
+string("\xc6 ")
+string("0")

internal/replacer/testdata/fuzz/FuzzReplacer/01ba2ce4b332ace4

@@ -0,0 +1,7 @@
+go test fuzz v1
+string("0")
+int(10)
+string("0")
+string("0")
+string("0\u0085")
+string("")

internal/replacer/testdata/fuzz/FuzzReplacer/02ec3e55c58188c8

@@ -0,0 +1,7 @@
+go test fuzz v1
+string("000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
+int(-19)
+string("0")
+string("0")
+string("0")
+string("0")

internal/replacer/testdata/fuzz/FuzzReplacer/047e4fe3fee5f6eb

@@ -0,0 +1,7 @@
+go test fuzz v1
+string("0000000000000000000000000000000000000000000000000000000000000000")
+int(10)
+string("0")
+string("0")
+string("0")
+string("0")

internal/replacer/testdata/fuzz/FuzzReplacer/04c2d136a3cb00d9

@@ -0,0 +1,7 @@
+go test fuzz v1
+string("0")
+int(10)
+string("")
+string("")
+string("0A")
+string(" ")

internal/replacer/testdata/fuzz/FuzzReplacer/05267e515a68c25a

@@ -0,0 +1,7 @@
+go test fuzz v1
+string("0")
+int(10)
+string("\xc3\xdc")
+string("0")
+string("")
+string("0")

internal/replacer/testdata/fuzz/FuzzReplacer/06002262bd842c0e

@@ -0,0 +1,7 @@
+go test fuzz v1
+string("0")
+int(10)
+string("")
+string("A")
+string("")
+string("")

internal/replacer/testdata/fuzz/FuzzReplacer/072ddb617a939995

@@ -0,0 +1,7 @@
+go test fuzz v1
+string("00000000000000000")
+int(28)
+string("0")
+string("00")
+string("0")
+string("")