From 2348f6c209513e010d52ee12d43350196525bbd5 Mon Sep 17 00:00:00 2001
From: jovid <sh.jo@ecubelabs.com>
Date: Sun, 31 May 2026 03:21:48 +0900
Subject: [PATCH 1/2] test: add fuzz tests for ChaosHub GitOps helper functions

Signed-off-by: jovid <sh.jo@ecubelabs.com>
---
 .../pkg/chaoshub/ops/gitops_fuzz_test.go      | 142 ++++++++++++++++++
 1 file changed, 142 insertions(+)
 create mode 100644 chaoscenter/graphql/server/pkg/chaoshub/ops/gitops_fuzz_test.go

diff --git a/chaoscenter/graphql/server/pkg/chaoshub/ops/gitops_fuzz_test.go b/chaoscenter/graphql/server/pkg/chaoshub/ops/gitops_fuzz_test.go
new file mode 100644
index 00000000000..64fbd17731a
--- /dev/null
+++ b/chaoscenter/graphql/server/pkg/chaoshub/ops/gitops_fuzz_test.go
@@ -0,0 +1,142 @@
+package chaoshubops
+
+import (
+	"testing"
+
+	fuzz "github.com/AdaLogics/go-fuzz-headers"
+	"github.com/litmuschaos/litmus/chaoscenter/graphql/server/graph/model"
+)
+
+// FuzzGetClonePath is used to fuzz test the GetClonePath function
+func FuzzGetClonePath(f *testing.F) {
+	f.Fuzz(func(t *testing.T, data []byte) {
+		fuzzConsumer := fuzz.NewConsumer(data)
+
+		config := ChaosHubConfig{}
+		if err := fuzzConsumer.GenerateStruct(&config); err != nil {
+			return
+		}
+
+		result := GetClonePath(config)
+
+		var expected string
+		if config.IsDefault {
+			expected = "/tmp/default/" + config.HubName
+		} else {
+			expected = DefaultPath + config.ProjectID + "/" + config.HubName
+		}
+
+		if result != expected {
+			t.Errorf("Expected %s, got %s", expected, result)
+		}
+	})
+}
+
+// FuzzGitConfigConstruct is used to fuzz test the GitConfigConstruct function
+func FuzzGitConfigConstruct(f *testing.F) {
+	f.Fuzz(func(t *testing.T, data []byte) {
+		fuzzConsumer := fuzz.NewConsumer(data)
+
+		repoData := model.CloningInput{}
+		if err := fuzzConsumer.GenerateStruct(&repoData); err != nil {
+			return
+		}
+		projectID, err := fuzzConsumer.GetString()
+		if err != nil {
+			return
+		}
+
+		config := GitConfigConstruct(repoData, projectID)
+
+		if config.ProjectID != projectID {
+			t.Errorf("Expected ProjectID %s, got %s", projectID, config.ProjectID)
+		}
+		if config.HubName != repoData.Name {
+			t.Errorf("Expected HubName %s, got %s", repoData.Name, config.HubName)
+		}
+		if config.RepositoryURL != repoData.RepoURL {
+			t.Errorf("Expected RepositoryURL %s, got %s", repoData.RepoURL, config.RepositoryURL)
+		}
+		if config.Branch != repoData.RepoBranch {
+			t.Errorf("Expected Branch %s, got %s", repoData.RepoBranch, config.Branch)
+		}
+		if config.RemoteName != "origin" {
+			t.Errorf("Expected RemoteName origin, got %s", config.RemoteName)
+		}
+		if config.IsPrivate != repoData.IsPrivate {
+			t.Errorf("Expected IsPrivate %v, got %v", repoData.IsPrivate, config.IsPrivate)
+		}
+		if config.AuthType != repoData.AuthType {
+			t.Errorf("Expected AuthType %s, got %s", repoData.AuthType, config.AuthType)
+		}
+		if config.IsDefault != repoData.IsDefault {
+			t.Errorf("Expected IsDefault %v, got %v", repoData.IsDefault, config.IsDefault)
+		}
+	})
+}
+
+// FuzzGenerateAuthMethod is used to fuzz test the generateAuthMethod function
+func FuzzGenerateAuthMethod(f *testing.F) {
+	authTypes := []model.AuthType{
+		model.AuthTypeBasic,
+		model.AuthTypeNone,
+		model.AuthTypeSSH,
+		model.AuthTypeToken,
+	}
+
+	f.Fuzz(func(t *testing.T, data []byte) {
+		fuzzConsumer := fuzz.NewConsumer(data)
+
+		token, err := fuzzConsumer.GetString()
+		if err != nil {
+			return
+		}
+		username, err := fuzzConsumer.GetString()
+		if err != nil {
+			return
+		}
+		password, err := fuzzConsumer.GetString()
+		if err != nil {
+			return
+		}
+		sshPrivateKey, err := fuzzConsumer.GetString()
+		if err != nil {
+			return
+		}
+		idx, err := fuzzConsumer.GetInt()
+		if err != nil {
+			return
+		}
+		authType := authTypes[((idx%len(authTypes))+len(authTypes))%len(authTypes)]
+
+		config := ChaosHubConfig{
+			AuthType:      authType,
+			Token:         &token,
+			UserName:      &username,
+			Password:      &password,
+			SSHPrivateKey: &sshPrivateKey,
+		}
+
+		auth, err := config.generateAuthMethod()
+
+		switch authType {
+		case model.AuthTypeToken, model.AuthTypeBasic:
+			if err != nil {
+				t.Errorf("Unexpected error for auth type %s: %v", authType, err)
+			}
+			if auth == nil {
+				t.Errorf("Expected non-nil auth method for auth type %s", authType)
+			}
+		case model.AuthTypeSSH:
+			// an arbitrary byte sequence is almost never a valid SSH key,
+			// so when parsing succeeds the auth method must not be nil
+			if err == nil && auth == nil {
+				t.Errorf("Expected non-nil auth method for valid SSH key")
+			}
+		default:
+			if auth != nil {
+				t.Errorf("Expected nil auth method for auth type %s, got %v", authType, auth)
+			}
+		}
+	})
+}

From 4c2ba7cdc65244b6fb90c32d1bd1ea89a7261c51 Mon Sep 17 00:00:00 2001
From: jovid <sh.jo@ecubelabs.com>
Date: Thu, 11 Jun 2026 03:08:47 +0900
Subject: [PATCH 2/2] test: address review feedback on chaoshub gitops fuzz
 tests

Signed-off-by: jovid <sh.jo@ecubelabs.com>
---
 .../pkg/chaoshub/ops/gitops_fuzz_test.go      | 36 ++++---------------
 1 file changed, 6 insertions(+), 30 deletions(-)

diff --git a/chaoscenter/graphql/server/pkg/chaoshub/ops/gitops_fuzz_test.go b/chaoscenter/graphql/server/pkg/chaoshub/ops/gitops_fuzz_test.go
index 64fbd17731a..e542b4dd356 100644
--- a/chaoscenter/graphql/server/pkg/chaoshub/ops/gitops_fuzz_test.go
+++ b/chaoscenter/graphql/server/pkg/chaoshub/ops/gitops_fuzz_test.go
@@ -41,10 +41,7 @@ func FuzzGitConfigConstruct(f *testing.F) {
 		if err := fuzzConsumer.GenerateStruct(&repoData); err != nil {
 			return
 		}
-		projectID, err := fuzzConsumer.GetString()
-		if err != nil {
-			return
-		}
+		projectID, _ := fuzzConsumer.GetString()
 
 		config := GitConfigConstruct(repoData, projectID)
 
@@ -87,35 +84,14 @@ func FuzzGenerateAuthMethod(f *testing.F) {
 	f.Fuzz(func(t *testing.T, data []byte) {
 		fuzzConsumer := fuzz.NewConsumer(data)
 
-		token, err := fuzzConsumer.GetString()
-		if err != nil {
-			return
-		}
-		username, err := fuzzConsumer.GetString()
-		if err != nil {
-			return
-		}
-		password, err := fuzzConsumer.GetString()
-		if err != nil {
-			return
-		}
-		sshPrivateKey, err := fuzzConsumer.GetString()
-		if err != nil {
-			return
-		}
-		idx, err := fuzzConsumer.GetInt()
-		if err != nil {
+		config := ChaosHubConfig{}
+		if err := fuzzConsumer.GenerateStruct(&config); err != nil {
 			return
 		}
+		// Override AuthType with a valid enum since GenerateStruct rarely produces one.
+		idx, _ := fuzzConsumer.GetInt()
 		authType := authTypes[((idx%len(authTypes))+len(authTypes))%len(authTypes)]
-
-		config := ChaosHubConfig{
-			AuthType:      authType,
-			Token:         &token,
-			UserName:      &username,
-			Password:      &password,
-			SSHPrivateKey: &sshPrivateKey,
-		}
+		config.AuthType = authType
 
 		auth, err := config.generateAuthMethod()