Add additional cases

Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>

Author: egibs

.github/workflows/go-tests.yaml

@@ -116,6 +116,10 @@ jobs:
       - name: Trust repository
         run: git config --global --add safe.directory "${GITHUB_WORKSPACE}"
 
+      - name: Clone malcontent samples required for Fuzz tests
+        run: |
+          make samples
+
       - name: Fuzz tests
         run: |
           make fuzz

Makefile

@@ -123,6 +123,8 @@ out/$(YARA_X_REPO)/.git/commit-$(YARA_X_COMMIT):
 	git -C out/$(YARA_X_REPO) checkout $(YARA_X_COMMIT)
 	touch out/$(YARA_X_REPO)/.git/commit-$(YARA_X_COMMIT)
 
+samples: out/$(SAMPLES_REPO)/.decompressed-$(SAMPLES_COMMIT)
+
 .PHONY: install-yara-x
 install-yara-x: out/$(YARA_X_REPO)/.git/commit-$(YARA_X_COMMIT)
 	mkdir -p out/lib
@@ -142,7 +144,7 @@ fuzz:
 	go test -fuzz=FuzzExtractZip -fuzztime=10s ./pkg/archive/
 	go test -fuzz=FuzzExtractArchive -fuzztime=10s ./pkg/archive/
 	go test -fuzz=FuzzIsValidPath -fuzztime=10s ./pkg/archive/
-	go test -fuzz=FuzzFile -fuzztime=10s ./pkg/programkind/
+	go test -fuzz=FuzzFile -fuzztime=30s ./pkg/programkind/
 	go test -fuzz=FuzzPath -fuzztime=10s ./pkg/programkind/
 	go test -fuzz=FuzzGetExt -fuzztime=10s ./pkg/programkind/
 	go test -fuzz=FuzzLongestUnique -fuzztime=10s ./pkg/report/

pkg/programkind/fuzz_test.go

@@ -5,19 +5,29 @@ import (
 	"os"
 	"path/filepath"
 	"testing"
+	"time"
 )
 
 // FuzzFile tests file type detection with random inputs.
 func FuzzFile(f *testing.F) {
-	testFiles := []string{
-		"../../tests/linux/clean/ls",
-		"../../tests/linux/clean/busybox",
-	}
+	samplesDir := "../../out/chainguard-dev/malcontent-samples"
+	err := filepath.WalkDir(samplesDir, func(path string, d os.DirEntry, _ error) error {
+		if d == nil || d.IsDir() {
+			return nil
+		}
+		if filepath.Base(path)[0] == '.' {
+			return nil
+		}
 
-	for _, tf := range testFiles {
-		if data, err := os.ReadFile(tf); err == nil {
-			f.Add(data, filepath.Base(tf))
+		if data, readErr := os.ReadFile(path); readErr == nil {
+			if len(data) <= 10*1024*1024 { // 10MB max
+				f.Add(data, filepath.Base(path))
+			}
 		}
+		return nil
+	})
+	if err != nil {
+		f.Logf("Could not walk samples directory: %v", err)
 	}
 
 	f.Add([]byte{0x7f, 0x45, 0x4c, 0x46}, "test.elf")                 // ELF magic
@@ -51,7 +61,9 @@ func FuzzFile(f *testing.F) {
 		}
 		tmpFile.Close()
 
-		ctx := context.Background()
+		ctx, cancel := context.WithTimeout(context.Background(), 100*time.Millisecond)
+		defer cancel()
+
 		ft, err := File(ctx, tmpFile.Name())
 
 		_ = ft

pkg/report/fuzz_test.go

@@ -7,20 +7,35 @@ import (
 
 // FuzzLongestUnique tests the longestUnique function with random string inputs.
 func FuzzLongestUnique(f *testing.F) {
-	// Seed with test cases from the unit test
 	f.Add("apple,banana,cherry,applecherry,bananaapple,cherrybanana")
 	f.Add("test,testing,tester,testest")
 	f.Add(",a,aa,aaa")
 	f.Add("abc,def,ghi")
 	f.Add("abc,abcabc,abcabcabc")
-
-	// Add edge cases
 	f.Add("")                                              // empty input
 	f.Add("single")                                        // single string
 	f.Add("a,a,a,a")                                       // all duplicates
 	f.Add("very_long_string_" + strings.Repeat("x", 1000)) // long strings
 	f.Add(strings.Repeat("a,", 100))                       // many strings
 	f.Add("a,b,c,d,e,f,g,h,i,j,k,l,m")                     // many different strings
+	f.Add("test\x00null,normal")                           // null byte
+	f.Add("test\nnewline,test\rcarriage,test\ttab")        // whitespace control chars
+	f.Add("test\x01\x02\x03,normal")                       // low control characters
+	f.Add("test\x7f\x80\x9f,normal")                       // high control characters
+	f.Add("test\u200b,normal")                             // zero-width space
+	f.Add("test\u200c,normal")                             // zero-width non-joiner
+	f.Add("test\u200d,normal")                             // zero-width joiner
+	f.Add("test\ufeff,normal")                             // zero-width no-break space (BOM)
+	f.Add("test\u202a\u202b\u202c,normal")                 // bidirectional text marks
+	f.Add("test\u2060,normal")                             // word joiner
+	f.Add("hello\u200bworld,helloworld")                   // same word with/without zero-width
+	f.Add("test\u034f,normal")                             // combining grapheme joiner
+	f.Add("\u200b\u200c\u200d,visible")                    // only invisible characters
+	f.Add("a\u0300\u0301\u0302,a")                         // combining diacritical marks
+	f.Add("test\u00ad,test")                               // soft hyphen
+	f.Add("fi\ufb01,fi")                                   // ligature vs normal chars
+	f.Add("test\u180e,normal")                             // mongolian vowel separator
+	f.Add("\u061c\u2066\u2067\u2068\u2069,normal")         // directional formatting
 
 	f.Fuzz(func(t *testing.T, input string) {
 		var strs []string
@@ -76,12 +91,32 @@ func FuzzLongestUnique(f *testing.F) {
 func FuzzTrimPrefixes(f *testing.F) {
 	f.Add("/tmp/extract/path/to/file", "/tmp/extract")
 	f.Add("/home/user/file", "/home/user,/tmp")
-	f.Add("./relative/path", "./relative")
 	f.Add("/absolute/path", "/absolute,./relative")
+	f.Add("/path/to/file", "/path/to")
+	f.Add("./relative/path", "./relative")
+	f.Add("./path/to/file", "./path")
+	f.Add("./a/b/c/d/e", "./a/b")
+	f.Add("../path/to/file", "../path/to")
+	f.Add("../../parent/path", "../../parent")
+	f.Add("../../../deeply/nested", "../../../deeply")
+	f.Add("./././path", "./")
+	f.Add("path/../other/file", "path/..")
+	f.Add("relative/path", "/absolute,./relative")
+	f.Add("/abs/path", "./relative,/abs")
 	f.Add("", "")
 	f.Add("path", "")
 	f.Add("path/to/file", "path")
-	f.Add("/path/to/file", "/path/to")
+	f.Add(".", ".")
+	f.Add("..", "..")
+	f.Add("../..", "../..")
+	f.Add("./path/./to/./file", "./path")
+	f.Add("path/./to/file", "path/.")
+	f.Add("path/../to/file", "path/..")
+	f.Add("path/to/link/../real", "path/to")
+	f.Add("./path/to/../../other", "./path")
+	f.Add("path/to/file/", "path/to/")
+	f.Add("/path/to/file/", "/path/to/")
+	f.Add("./path/to/file/", "./path/to/")
 
 	f.Fuzz(func(t *testing.T, path, prefixesStr string) {
 		var prefixes []string