Skip to content

Improve fuzzing for all extensions#805

Open
theodorsm wants to merge 12 commits intomainfrom
extension_fuzzing
Open

Improve fuzzing for all extensions#805
theodorsm wants to merge 12 commits intomainfrom
extension_fuzzing

Conversation

@theodorsm
Copy link
Copy Markdown
Member

@theodorsm theodorsm commented Feb 25, 2026

Description

This PR aims to add fuzz testing of the umarshal functions of all extensions.

@codecov
Copy link
Copy Markdown

codecov bot commented Feb 25, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 56.52174% with 30 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.50%. Comparing base (977de19) to head (1902120).

Files with missing lines Patch % Lines
...kg/protocol/extension/supported_elliptic_curves.go 40.00% 5 Missing and 1 partial ⚠️
pkg/protocol/extension/supported_point_formats.go 40.00% 5 Missing and 1 partial ⚠️
pkg/protocol/extension/server_name.go 0.00% 2 Missing and 2 partials ⚠️
pkg/protocol/extension/pre_shared_key.go 0.00% 1 Missing and 2 partials ⚠️
pkg/protocol/extension/alpn.go 50.00% 1 Missing and 1 partial ⚠️
pkg/protocol/extension/certificate_auth.go 66.66% 1 Missing and 1 partial ⚠️
pkg/protocol/extension/post_handshake_auth.go 50.00% 2 Missing ⚠️
pkg/protocol/extension/supported_versions.go 0.00% 1 Missing and 1 partial ⚠️
pkg/protocol/extension/use_master_secret.go 60.00% 2 Missing ⚠️
pkg/protocol/extension/renegotiation_info.go 80.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #805      +/-   ##
==========================================
- Coverage   82.52%   82.50%   -0.02%     
==========================================
  Files         121      121              
  Lines        6868     6906      +38     
==========================================
+ Hits         5668     5698      +30     
- Misses        786      800      +14     
+ Partials      414      408       -6
Flag Coverage Δ
go 82.50% <56.52%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@theodorsm theodorsm force-pushed the extension_fuzzing branch 4 times, most recently from 110dedb to 3d9e777 Compare March 19, 2026 14:12
@theodorsm
Copy link
Copy Markdown
Member Author

theodorsm commented Mar 19, 2026

The fuzzing discovered multiple discreprencies in how we handle declared length and trailing bytes. Multiple extension parsers does not verify the declared length or extra trailing bytes in the extension data, this PR also fixes that.

@theodorsm theodorsm marked this pull request as ready for review March 19, 2026 14:29
@theodorsm theodorsm requested review from JoTurk and philipch07 March 23, 2026 20:17
@theodorsm
Copy link
Copy Markdown
Member Author

theodorsm commented Mar 24, 2026
edited
Loading

This PR should also add extended fuzzing for #814 when it's merged. Done, all extension parser fuzzers are now added.

@JoTurk
Copy link
Copy Markdown
Member

JoTurk commented Apr 7, 2026

Sorry I lost track of this, I'll try to finish my review tonight.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JoTurk JoTurk Awaiting requested review from JoTurk

@philipch07 philipch07 Awaiting requested review from philipch07

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@theodorsm @JoTurk