-
-
Notifications
You must be signed in to change notification settings - Fork 184
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Helper to deal with dangerous strings #484
Comments
|
Please note that such construct will need to be able to shrink constant values in case of failure, filter them depending on the parameters passed to the string constructor.. |
Can you explain this further? Would this just be implemented using |
One of the remaining questions for this arbitrary is: Should it offer shrinking capabilities? The other one is: Should it offer options to deal with SQL keywords for instance? |
I also wonder (not being a property-based testing expert): should this also be part of the bias of the normal |
It will be the default for the I'm currently POC-ing a new way to build the core arbitraries of fast-check (#1631). One of the aim is to be able to shrink easily any entry even some that were not directly generated through normal generators of fast-check. As a consequence, the string generator will be able to receive any string and shrink it to smaller cases. I hope to be able to unlock this issue with this rework. (for the moment just a POC, it may never be merged). The consequence will be that magic strings like proto could be shrunk by fast-check, which is not the case today if the string was not produced by it. |
Sliced based generators will make it possible to implement features like the long awaited one: "Helper to deal with dangerous strings" #484. Indeed they will make arrays able to generate pre-defined values so that some barely impossible to generate values like `['_','_','p','r','o','t','o','_','_']` will be more likely for strings. The current PR mostly adds the internals to make it possible within arrays. But there is for the moment nothing to connect it, neither externally for fast-check's users nor internally for our strings. Here we mostly pave the way for it without really making it real. So from an external point of view, this PR mostly deals with refactoring internals.
Sliced based generators will make it possible to implement features like the long awaited one: "Helper to deal with dangerous strings" #484. Indeed they will make arrays able to generate pre-defined values so that some barely impossible to generate values like `['_','_','p','r','o','t','o','_','_']` will be more likely for strings. The current PR mostly adds the internals to make it possible within arrays. But there is for the moment nothing to connect it, neither externally for fast-check's users nor internally for our strings. Here we mostly pave the way for it without really making it real. So from an external point of view, this PR mostly deals with refactoring internals.
This new constraint not officially exposed to fast-check's users (in other words, name might change in patch, minor... without any precise warning), should unlock the feature "Helper to deal with dangerous strings" #484 by making it feasible. So far, it only provides an extra constraint on the API of `array` but it will soon be leveraged for arbitraries on strings.
This new constraint not officially exposed to fast-check's users (in other words, name might change in patch, minor... without any precise warning), should unlock the feature "Helper to deal with dangerous strings" #484 by making it feasible. So far, it only provides an extra constraint on the API of `array` but it will soon be leveraged for arbitraries on strings.
Will be the default for strings starting in v3.1 |
🚀 Feature Request
JavaScript is subject to very strange bugs when using keys like
__proto__
or reserved keywords.The aim of this feature will be to come with a nice helper able to generate strings including various keywords such as:
proto and related plus reserved keywords listed in https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Lexical_grammar
It might also includes known vulnerabilities or keywords coming from other langages:
SELECT
,FROM
...Bugs like the one of
letrec
- see #483 - would have been easier to detect with such helper.The text was updated successfully, but these errors were encountered: