28 lines
762 B
Go
28 lines
762 B
Go
|
package handlers
|
||
|
|
|
||
|
|
import (
|
||
|
|
"encoding/json"
|
||
|
|
"testing"
|
||
|
|
)
|
||
|
|
|
||
|
|
// FuzzLoginPayload fuzzes the login request parsing.
|
||
|
|
// The handler should never panic on any input.
|
||
|
|
func FuzzLoginPayload(f *testing.F) {
|
||
|
|
f.Add([]byte(`{"email":"test@test.com","password":"Pass123!"}`))
|
||
|
|
f.Add([]byte(`{"email":"","password":""}`))
|
||
|
|
f.Add([]byte(`{}`))
|
||
|
|
f.Add([]byte(`invalid json`))
|
||
|
|
f.Add([]byte(""))
|
||
|
|
f.Add([]byte(`{"email":null,"password":123}`))
|
||
|
|
f.Add([]byte(`{"email":"a@b.c","password":"` + string(make([]byte, 10000)) + `"}`))
|
||
|
|
|
||
|
|
f.Fuzz(func(t *testing.T, data []byte) {
|
||
|
|
// Verify that JSON parsing of arbitrary payloads never panics
|
||
|
|
var payload struct {
|
||
|
|
Email string `json:"email"`
|
||
|
|
Password string `json:"password"`
|
||
|
|
}
|
||
|
|
_ = json.Unmarshal(data, &payload)
|
||
|
|
})
|
||
|
|
}
|