Working enough where it is usable. Still need improvements or completely replaced.

Author: ardan-bkennedy

topics/fuzzing/README.md

@@ -32,33 +32,35 @@ Review the code we want to find problems with and the existing test:
 
 Create a corpus file with the initial input data to use and that will be mutated.
 
-[Fuzzing Data](workdir/corpus/data.txt) ([Go Playground](http://play.golang.org/p/_bfeKC1A4z))
+[Fuzzing Data](workdir/corpus/data.api) ([Go Playground](http://play.golang.org/p/RkYDgyQsF8))
 
 Create a fuzzing function that takes mutated input and executes the code we care about using it.
 
-[Fuzzing Function](example1/fuzzer.go) ([Go Playground](http://play.golang.org/p/CaGCilf6Yr))
+[Fuzzing Function](example1/fuzzer.go) ([Go Playground](http://play.golang.org/p/eq8Xnba6as)
 
-Run the `go-fuzz-build` tool against the package to generate the fuzz zip file. The zip file contains all the instrumented binaries go-fuzz is going to use while fuzzing.
+Run the `go-fuzz-build` tool against the package to generate the fuzz zip file. The zip file contains all the instrumented binaries go-fuzz is going to use while fuzzing. Any time the source code changes this needs to be re-run.
 
 		go-fuzz-build github.com/ardanlabs/gotraining/topics/fuzzing/example1
 
-Perform the actual fuzzing by running the `go-fuzz` tool and find data inputs that cause panics. Run this for a few seconds.
+Perform the actual fuzzing by running the `go-fuzz` tool and find data inputs that cause panics. Run this until you see an initial crash.
 
-		go-fuzz -bin=./api-fuzz.zip -dup -workdir=workdir/corpus -v 9
+		go-fuzz -bin=./api-fuzz.zip -dup -workdir=workdir/corpus
 
-Review the `crashers` folder under the `workdir/corpus` folders. This contains panic information.
+Run the build and start fuzzing.
 
-[Output Stack Trace](example1/workdir/corpus/crashers/da39a3ee5e6b4b0d3255bfef95601890afd80709.output) ([Go Playground](http://play.golang.org/p/YajfpYyttx)
+Review the `crashers` folder under the `workdir/corpus` folders. This contains panic information. You will see an issue when the data passed into the web call is empty. Fix the `Process` function and add the table data to the test.
 
-_**NOTE: These files are empty because an empty string is causing our problems.**_
+	{"/process", http.StatusBadRequest, []byte(""), `{"Error":"The Message"}`},
 
-[Crash Data Raw](example1/workdir/corpus/crashers/da39a3ee5e6b4b0d3255bfef95601890afd80709)  
-[Crash Data Quoted](example1/workdir/corpus/crashers/da39a3ee5e6b4b0d3255bfef95601890afd80709.quoted)
+Run the build and start fuzzing.
 
-Add new table data to our test for this input case and run the test. It will panic.
+Review the `crashers` folder under the `workdir/corpus` folders. This contains panic information. You will see an issue when value of "0" is used. Fix the `Process` function and add the table data to the test.
+		
+		{"/process", http.StatusBadRequest, []byte("0"), `{"Error":"The Message"}`},
 
-		{"/process", http.StatusBadRequest, []byte(""), `{"Error":"Invalid user format"}`},
+## Exercises
+
+### Exercise 1
 
-Fix the `Process` function so this test no longer crashes. Run the tests again.
 ___
 All material is licensed under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0).

topics/fuzzing/example1/example1.go

@@ -6,13 +6,19 @@ package api
 
 import (
 	"encoding/json"
-	"errors"
 	"io/ioutil"
 	"net/http"
 	"strconv"
 	"strings"
 )
 
+// Need a named type for our user.
+type user struct {
+	Type string
+	Name string
+	Age  int
+}
+
 // Routes initializes the routes.
 func Routes() {
 	http.HandleFunc("/process", Process)
@@ -35,47 +41,47 @@ func Process(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// If we received no data return an error.
-	if len(data) == 0 {
-		SendError(w, errors.New("Empty data value"))
-		return
-	}
-
 	// Split the data by comma.
 	parts := strings.Split(string(data), ",")
 
-	// Need a named type for our user.
-	type user struct {
-		Type string
-		Name string
-		Age  int
-	}
-
 	// Create a slice of users.
 	var users []user
 
 	// Iterate over the set of users we received.
 	for _, part := range parts {
 
-		// Capture the type of user.
-		typ := part[:3]
-
-		// Capture the age and convert to integer.
-		age, err := strconv.Atoi(part[3:5])
+		// Extract the user.
+		u, err := extractUser(part)
 		if err != nil {
 			SendError(w, err)
 			return
 		}
 
-		// Capture the users name.
-		name := part[5:]
-
 		// Add a user to the slice.
-		users = append(users, user{typ, name, age})
+		users = append(users, u)
 	}
 
 	// Respond with the processed data.
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
 	json.NewEncoder(w).Encode(users)
 }
+
+// extractUser knows how to extract a user from the string.
+func extractUser(data string) (user, error) {
+
+	// Capture the age and convert to integer.
+	age, err := strconv.Atoi(data[3:5])
+	if err != nil {
+		return user{}, err
+	}
+
+	// Create the user value.
+	u := user{
+		Type: data[:3],
+		Name: data[5:],
+		Age:  age,
+	}
+
+	return u, nil
+}

topics/fuzzing/example1/fuzzer.go

@@ -18,12 +18,16 @@ func Fuzz(data []byte) int {
 	w := httptest.NewRecorder()
 	http.DefaultServeMux.ServeHTTP(w, r)
 
+	// Data which has been corrupted but "looks valid" is more likely to be
+	// able to get into other valid parts of your program without being
+	// discarded as junk.
+
 	if w.Code != 200 {
 
-		// This was not successful. It we panic it will be recorded.
-		panic(w.Body.String())
+		// Report the data that produced this error as not interesting.
+		return 0
 	}
 
-	// The data caused no issues and is not interesting.
+	// Report the data that did not cause an error as interesting.
 	return 1
 }