Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Helper to deal with dangerous strings #484

Closed
dubzzz opened this issue Nov 20, 2019 · 7 comments
Closed

Helper to deal with dangerous strings #484

dubzzz opened this issue Nov 20, 2019 · 7 comments

Comments

@dubzzz
Copy link
Owner

dubzzz commented Nov 20, 2019

🚀 Feature Request

JavaScript is subject to very strange bugs when using keys like __proto__ or reserved keywords.

The aim of this feature will be to come with a nice helper able to generate strings including various keywords such as:

'__prototype__', '__proto__' , 'proto'    , 'constructor', 'set'      , 'get'       ,
'break'        , 'case'      , 'class'    , 'catch'      , 'const'    , 'continue'  ,
'debugger'     , 'default'   , 'delete'   , 'do'         , 'else'     , 'export'    ,
'extends'      , 'finally'   , 'for'      , 'function'   , 'if'       , 'import'    ,
'in'           , 'instanceof', 'new'      , 'return'     , 'super'    , 'switch'    ,
'this'         , 'throw'     , 'try'      , 'typeof'     , 'var'      , 'void'      ,
'while'        , 'with'      , 'yield'    , 'enum'       , 'await'    , 'implements',
'let'          , 'package'   , 'protected', 'static'     , 'interface', 'private'   ,
'public'       , 'abstract'  , 'boolean'  , 'byte'       , 'char'     , 'double'    ,
'final'        , 'float'     , 'goto'     , 'int'        , 'long'     , 'native'    ,
'short'

proto and related plus reserved keywords listed in https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Lexical_grammar

It might also includes known vulnerabilities or keywords coming from other langages: SELECT, FROM...

Bugs like the one of letrec - see #483 - would have been easier to detect with such helper.

@dubzzz
Copy link
Owner Author

dubzzz commented Nov 20, 2019

toString is missing in the list

@dubzzz
Copy link
Owner Author

dubzzz commented Dec 19, 2019

Please note that such construct will need to be able to shrink constant values in case of failure, filter them depending on the parameters passed to the string constructor..

@tinydylan
Copy link
Contributor

Please note that such construct will need to be able to shrink constant values in case of failure, filter them depending on the parameters passed to the string constructor..

Can you explain this further?

Would this just be implemented using fc.constantFrom? If so, this might be an "ideal first issue".

@dubzzz
Copy link
Owner Author

dubzzz commented Jun 21, 2020

One of the remaining questions for this arbitrary is: Should it offer shrinking capabilities?

The other one is: Should it offer options to deal with SQL keywords for instance?

@ethanresnick
Copy link

I also wonder (not being a property-based testing expert): should this also be part of the bias of the normal fc.string arbitrary? I’d worry, if it’s only implemented as a separate/standalone arbitrary that a lot of people would forget to write tests with it

@dubzzz
Copy link
Owner Author

dubzzz commented Mar 28, 2021

@ethanresnick

should this also be part of the bias of the normal fc.string arbitrary

It will be the default for the string and other related structures. The target for next versions of fast-check is to consider the full scope of possible inputs and to pin-point as soon as possible when this scope is wrong. If someone says: 'my algorithm can handle any string, then it should also handle proto, otherwise it means that any is falsy'.

@tinydylan

I'm currently POC-ing a new way to build the core arbitraries of fast-check (#1631). One of the aim is to be able to shrink easily any entry even some that were not directly generated through normal generators of fast-check. As a consequence, the string generator will be able to receive any string and shrink it to smaller cases. I hope to be able to unlock this issue with this rework. (for the moment just a POC, it may never be merged).

The consequence will be that magic strings like proto could be shrunk by fast-check, which is not the case today if the string was not produced by it.

@dubzzz dubzzz pinned this issue Apr 7, 2021
dubzzz added a commit that referenced this issue Jun 24, 2022
dubzzz added a commit that referenced this issue Jul 4, 2022
Sliced based generators will make it possible to implement features like the long awaited one: "Helper to deal with dangerous strings" #484. Indeed they will make arrays able to generate pre-defined values so that some barely impossible to generate values like `['_','_','p','r','o','t','o','_','_']` will be more likely for strings.

The current PR mostly adds the internals to make it possible within arrays. But there is for the moment nothing to connect it, neither externally for fast-check's users nor internally for our strings. Here we mostly pave the way for it without really making it real. So from an external point of view, this PR mostly deals with refactoring internals.
dubzzz added a commit that referenced this issue Jul 4, 2022
Sliced based generators will make it possible to implement features like the long awaited one: "Helper to deal with dangerous strings" #484. Indeed they will make arrays able to generate pre-defined values so that some barely impossible to generate values like `['_','_','p','r','o','t','o','_','_']` will be more likely for strings.

The current PR mostly adds the internals to make it possible within arrays. But there is for the moment nothing to connect it, neither externally for fast-check's users nor internally for our strings. Here we mostly pave the way for it without really making it real. So from an external point of view, this PR mostly deals with refactoring internals.
dubzzz added a commit that referenced this issue Jul 4, 2022
This new constraint not officially exposed to fast-check's users (in other words, name might change in patch, minor... without any precise warning), should unlock the feature "Helper to deal with dangerous strings" #484 by making it feasible.

So far, it only provides an extra constraint on the API of `array` but it will soon be leveraged for arbitraries on strings.
dubzzz added a commit that referenced this issue Jul 4, 2022
This new constraint not officially exposed to fast-check's users (in other words, name might change in patch, minor... without any precise warning), should unlock the feature "Helper to deal with dangerous strings" #484 by making it feasible.

So far, it only provides an extra constraint on the API of `array` but it will soon be leveraged for arbitraries on strings.
@dubzzz
Copy link
Owner Author

dubzzz commented Jul 11, 2022

Will be the default for strings starting in v3.1

@dubzzz dubzzz closed this as completed Jul 11, 2022
@dubzzz dubzzz unpinned this issue Jul 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants