lua: add fuzz test for cookie parsing

Add a fuzz test comparing the clean-upstream.lua script against a reference implementation in Go.
2025-04-29 10:26:29 +02:00 · 2023-12-14 14:42:18 -08:00 · 2023-12-14 14:42:18 -08:00 · 630e2ecc23
commit 630e2ecc23
parent b66634d1e6
1 changed files with 45 additions and 0 deletions
--- a/config/envoyconfig/lua_test.go
+++ b/config/envoyconfig/lua_test.go
@ -3,8 +3,11 @@ package envoyconfig
 import (
 	"encoding/json"
 	"fmt"
 	"net/http"
 	"strings"
 	"testing"
 	"github.com/pomerium/pomerium/pkg/slices"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	lua "github.com/yuin/gopher-lua"
@ -85,6 +88,48 @@ func TestLuaRewriteHeaders(t *testing.T) {
 	assert.Equal(t, "https://frontend/one/some/uri/", headers["Location"])
 }
 func FuzzLuaRemovePomeriumCookie(f *testing.F) {
 	L := lua.NewState()
 	defer L.Close()
 	bs, err := luaFS.ReadFile("luascripts/clean-upstream.lua")
 	require.NoError(f, err)
 	err = L.DoString(string(bs))
 	require.NoError(f, err)
 	metadata := map[string]interface{}{"remove_pomerium_cookie": "_pomerium"}
 	dynamicMetadata := map[string]map[string]interface{}{}
 	f.Add("cookieA=aaa_pomerium=123; cookieb=bbb; _pomerium_other=stillhere; _pomerium=removed")
 	f.Fuzz(func(t *testing.T, s string) {
 		referenceOutput := slices.Filter(parseCookieString(s),
 			func(c *http.Cookie) bool { return c.Name != "_pomerium" })
 		referenceString := strings.Join(slices.Map(referenceOutput, (*http.Cookie).String), "; ")
 		headers := map[string]string{"cookie": s}
 		handle := newLuaResponseHandle(L, headers, metadata, dynamicMetadata)
 		err = L.CallByParam(lua.P{
 			Fn:      L.GetGlobal("envoy_on_request"),
 			NRet:    0,
 			Protect: true,
 		}, handle)
 		require.NoError(t, err)
 		luaOutput := parseCookieString(headers["cookie"])
 		luaString := strings.Join(slices.Map(luaOutput, (*http.Cookie).String), "; ")
 		assert.Equalf(t, referenceString, luaString, "input: %q", s)
 	})
 }
 func parseCookieString(s string) []*http.Cookie {
 	header := http.Header{}
 	header.Set("Cookie", s)
 	request := http.Request{Header: header}
 	return request.Cookies()
 }
 func newLuaResponseHandle(L *lua.LState,
 	headers map[string]string,
 	metadata map[string]interface{},