From 922fcfb4c09f54de886239e2b3c5c561de914ba5 Mon Sep 17 00:00:00 2001
From: Jim <jlambert@hashicorp.com>
Date: Fri, 25 Aug 2023 21:17:29 -0400
Subject: [PATCH] tests (grants): add basic fuzz test for grants.Parse (#3638)

---
 .github/workflows/fuzz.yml    | 18 +++++++++++++++
 internal/perms/grants_test.go | 43 ++++++++++++++++++++++++-----------
 2 files changed, 48 insertions(+), 13 deletions(-)
 create mode 100644 .github/workflows/fuzz.yml

diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml
new file mode 100644
index 0000000000..8d5a687f08
--- /dev/null
+++ b/.github/workflows/fuzz.yml
@@ -0,0 +1,18 @@
+name: Go fuzz test
+on:
+    push:
+      paths-ignore:
+        - 'website/**'
+    workflow_call:
+    workflow_dispatch:
+jobs:
+  fuzz-grants-parse:
+    name: Fuzz grants.Parse
+    runs-on: ubuntu-latest
+    steps:
+        # commit hash == v1.2.0
+      - uses: jidicula/go-fuzz-action@4f24eed45b25214f31a9fe035ca68ea2c88c6a13
+        with:
+          packages: './internal/perms'
+          fuzz-time: 30s
+          fuzz-regexp: FuzzParse
\ No newline at end of file
diff --git a/internal/perms/grants_test.go b/internal/perms/grants_test.go
index 098ed60d2c..412de2df15 100644
--- a/internal/perms/grants_test.go
+++ b/internal/perms/grants_test.go
@@ -1123,19 +1123,36 @@ func TestHasActionOrSubaction(t *testing.T) {
 
 func FuzzParse(f *testing.F) {
 	ctx := context.Background()
-
-	f.Add("type=host-catalog;actions=create")
-	f.Add("type=*;actions=*")
-	f.Add("id=*;type=*;actions=*")
-	f.Add("ids=*;type=*;actions=*")
-	f.Add("id=*;type=*;actions=read,list")
-	f.Add("ids=*;type=*;actions=read,list")
-	f.Add("id=foobar;actions=read;output_fields=version,id,name")
-	f.Add("ids=foobar,foobaz;actions=read;output_fields=version,id,name")
-	f.Add("id={{account.id}};actions=update,read")
-	f.Add("ids={{account.id}},{{user.id}};actions=update,read")
-	f.Add(`{"id":"foobar","type":"host-catalog","actions":["create"]}`)
-	f.Add(`{"ids":["foobar"],"type":"host-catalog","actions":["create"]}`)
+	tc := []string{
+		"id=*;type=*;actions=read,list;output_fields=",
+		`{"id": "*", "type": "*", "actions": ["read", "list"], "output_fields": []}`,
+		"id=*;type=*;actions=read,list",
+		"ids=*;type=*;actions=read,list",
+		`{"type":"host-catalog","actions":["create"]}`,
+		`{"id":"u_foobar","actions":["read"]}`,
+		`{"id":"u_foobar","actions":["read"],"output_fields":["version","id","name"]}`,
+		`{"id":"u_foobar","output_fields":["version","id","name"]}`,
+		`type=host-catalog;actions=create`,
+		`ids=hcst_foobar,hcst_foobaz;actions=read;output_fields=version,ids,name`,
+		`id=hcst_foobar;actions=read`,
+		`id=acctpw_foobar;actions=read`,
+		`id={{    user.id}};actions=read,update`,
+		"type=host-catalog;actions=create",
+		"type=*;actions=*",
+		"id=*;type=*;actions=*",
+		"ids=*;type=*;actions=*",
+		"id=*;type=*;actions=read,list",
+		"ids=*;type=*;actions=read,list",
+		"id=foobar;actions=read;output_fields=version,id,name",
+		"ids=foobar,foobaz;actions=read;output_fields=version,id,name",
+		"id={{account.id}};actions=update,read",
+		"ids={{account.id}},{{user.id}};actions=update,read",
+		`{"id":"foobar","type":"host-catalog","actions":["create"]}`,
+		`{"ids":["foobar"],"type":"host-catalog","actions":["create"]}`,
+	}
+	for _, tc := range tc {
+		f.Add(tc)
+	}
 
 	f.Fuzz(func(t *testing.T, grant string) {
 		g, err := Parse(ctx, "global", grant, WithSkipFinalValidation(true))