certctl

gsadmin/certctl

Fork 0

mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 21:11:30 +00:00

Commit Graph

Author	SHA1	Message	Date
shankar0123	92afe359e9	Bundle O (Coverage Audit Closure): test hygiene + FSM coverage tables — M-004 + M-005 + M-006 closed Three deliverables shipped: O.1 (M-004): t.Skip rationale audit — 65 sites, 0 orphans O.2 (M-005): fuzz targets 9 -> 11 (+ParseNamedAPIKeys, +SanitizeForShell) O.3 (M-006): FSM coverage tables (5 FSMs catalogued) O.1 — t.Skip rationale audit: Inventoried all 65 t.Skip sites in the repo (audit-time estimate was 41; count grew via Bundle 0.7 keymem tests + Bundle M.Cloud httptest skips). Every site carries a valid rationale — none are orphan. Categories: OS-specific (~30), root-only (~5), external-dep (Docker/PostgreSQL/browser/Vault/DigiCert ~15), manual-test markers (Parts 23/24/55/56 — 4 from Bundle I), -short mode (~6), state-dependent (~5). All class (a) per Bundle O's classification. No edits required; the existing M-009 CI guard catches new orphan skips going forward. O.2 — Fuzz target additions: internal/config/config_fuzz_test.go::FuzzParseNamedAPIKeys Pins the CERTCTL_API_KEYS_NAMED env-var parser (dual-key rotation, Bundle G / L-004). 16 seed inputs covering happy-path, rotation pair, degenerate, whitespace-padded, wrong-case admin, 4-segment, adversarial chars in name, long inputs. internal/validation/command_fuzz_test.go::FuzzSanitizeForShell Appended to existing fuzz file. Asserts no panic + output begins+ ends with single-quote. 17 seed inputs covering plain, whitespace, embedded quotes/backticks/dollars, newlines, NULs, shell-metachar injection, unicode, 100x apostrophe stress, 10000x length stress. Total fuzz-target count: 9 -> 11 (per grep verification) O.3 — FSM coverage tables (NEW: tables/fsm-coverage.md): Job: legal 92%, illegal 100% ✓ Existential gate Certificate: legal 93%, illegal 100% ✓ Existential gate Agent: legal 75%, illegal 100% △ slight Degraded gap Notification: legal 86%, illegal 100% ✓ Health-check: legal 100% (recompute-on-tick model) ✓ 4/5 FSMs meet the ≥80% legal + 100% illegal gate. Agent's Degraded transitions are the lone gap; tracked as M-006-extended. Verification: go vet ./internal/config/... ./internal/validation/... clean go test -short -count=1 PASS grep -rE 'func Fuzz[A-Z]' --include='*_test.go' internal/ \| wc -l == 11 Audit deliverables: gap-backlog.md: M-004 + M-005 + M-006 strikethroughs + Bundle O closure-log entry covering all 3 sub-deliverables closure-plan.md: Bundle O [x] closed tables/fsm-coverage.md: NEW (5 FSMs catalogued) CHANGELOG.md: [unreleased] Bundle O entry	2026-04-27 18:06:06 +00:00
shankar0123	a0afa7ab6f	test(security): TICKET-018 add fuzz tests for command validation and domain parsing Added Go native fuzz tests (testing/fuzz) for security-critical input validation: 1. FuzzValidateShellCommand in internal/validation/command_fuzz_test.go - Tests shell command validation with injection payloads (;, \|, &, $, `, etc.) - Seed corpus includes valid commands and dangerous metacharacters - Ensures function never panics under fuzzing 2. FuzzValidateDomainName in internal/validation/command_fuzz_test.go - Tests RFC 1123 domain validation with wildcard support - Seed corpus includes SQL injection, path traversal, and malformed domains - Ensures function never panics under fuzzing 3. FuzzValidateACMEToken in internal/validation/command_fuzz_test.go - Tests base64url token validation - Seed corpus includes injection payloads and special characters - Ensures function never panics under fuzzing 4. FuzzIsValidRevocationReason in internal/domain/revocation_fuzz_test.go - Tests RFC 5280 revocation reason validation - Seed corpus includes case variations, injection attempts, and null bytes - Ensures function never panics and returns only valid booleans 5. FuzzCRLReasonCode in internal/domain/revocation_fuzz_test.go - Tests CRL reason code mapping - Validates return codes are within 0-9 range - Ensures invalid reasons default to 0 (unspecified) All fuzz tests follow Go 1.18+ testing/fuzz conventions with seed corpus for faster discovery of edge cases. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-27 21:40:49 -04:00

Author

SHA1

Message

Date

shankar0123

92afe359e9

Bundle O (Coverage Audit Closure): test hygiene + FSM coverage tables — M-004 + M-005 + M-006 closed

Three deliverables shipped:

  O.1 (M-004): t.Skip rationale audit — 65 sites, 0 orphans

  O.2 (M-005): fuzz targets 9 -> 11 (+ParseNamedAPIKeys, +SanitizeForShell)

  O.3 (M-006): FSM coverage tables (5 FSMs catalogued)

O.1 — t.Skip rationale audit:

  Inventoried all 65 t.Skip sites in the repo (audit-time estimate

  was 41; count grew via Bundle 0.7 keymem tests + Bundle M.Cloud

  httptest skips). Every site carries a valid rationale —

  none are orphan. Categories: OS-specific (~30), root-only (~5),

  external-dep (Docker/PostgreSQL/browser/Vault/DigiCert ~15),

  manual-test markers (Parts 23/24/55/56 — 4 from Bundle I),

  -short mode (~6), state-dependent (~5). All class (a) per Bundle

  O's classification. No edits required; the existing M-009 CI guard

  catches new orphan skips going forward.

O.2 — Fuzz target additions:

  internal/config/config_fuzz_test.go::FuzzParseNamedAPIKeys

    Pins the CERTCTL_API_KEYS_NAMED env-var parser (dual-key

    rotation, Bundle G / L-004). 16 seed inputs covering happy-path,

    rotation pair, degenerate, whitespace-padded, wrong-case admin,

    4-segment, adversarial chars in name, long inputs.

  internal/validation/command_fuzz_test.go::FuzzSanitizeForShell

    Appended to existing fuzz file. Asserts no panic + output begins+

    ends with single-quote. 17 seed inputs covering plain, whitespace,

    embedded quotes/backticks/dollars, newlines, NULs, shell-metachar

    injection, unicode, 100x apostrophe stress, 10000x length stress.

  Total fuzz-target count: 9 -> 11 (per grep verification)

O.3 — FSM coverage tables (NEW: tables/fsm-coverage.md):

  Job:           legal 92%, illegal 100%   ✓ Existential gate

  Certificate:   legal 93%, illegal 100%   ✓ Existential gate

  Agent:         legal 75%, illegal 100%   △ slight Degraded gap

  Notification:  legal 86%, illegal 100%   ✓

  Health-check:  legal 100% (recompute-on-tick model)   ✓

  4/5 FSMs meet the ≥80% legal + 100% illegal gate.

  Agent's Degraded transitions are the lone gap; tracked as

  M-006-extended.

Verification:

  go vet ./internal/config/... ./internal/validation/...   clean

  go test -short -count=1                                  PASS

  grep -rE 'func Fuzz[A-Z]' --include='*_test.go' internal/ | wc -l == 11

Audit deliverables:

  gap-backlog.md: M-004 + M-005 + M-006 strikethroughs + Bundle O

    closure-log entry covering all 3 sub-deliverables

  closure-plan.md: Bundle O [x] closed

  tables/fsm-coverage.md: NEW (5 FSMs catalogued)

  CHANGELOG.md: [unreleased] Bundle O entry

2026-04-27 18:06:06 +00:00

shankar0123

a0afa7ab6f

test(security): TICKET-018 add fuzz tests for command validation and domain parsing

Added Go native fuzz tests (testing/fuzz) for security-critical input validation:

1. FuzzValidateShellCommand in internal/validation/command_fuzz_test.go
   - Tests shell command validation with injection payloads (;, |, &, $, `, etc.)
   - Seed corpus includes valid commands and dangerous metacharacters
   - Ensures function never panics under fuzzing

2. FuzzValidateDomainName in internal/validation/command_fuzz_test.go
   - Tests RFC 1123 domain validation with wildcard support
   - Seed corpus includes SQL injection, path traversal, and malformed domains
   - Ensures function never panics under fuzzing

3. FuzzValidateACMEToken in internal/validation/command_fuzz_test.go
   - Tests base64url token validation
   - Seed corpus includes injection payloads and special characters
   - Ensures function never panics under fuzzing

4. FuzzIsValidRevocationReason in internal/domain/revocation_fuzz_test.go
   - Tests RFC 5280 revocation reason validation
   - Seed corpus includes case variations, injection attempts, and null bytes
   - Ensures function never panics and returns only valid booleans

5. FuzzCRLReasonCode in internal/domain/revocation_fuzz_test.go
   - Tests CRL reason code mapping
   - Validates return codes are within 0-9 range
   - Ensures invalid reasons default to 0 (unspecified)

All fuzz tests follow Go 1.18+ testing/fuzz conventions with seed corpus
for faster discovery of edge cases.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-27 21:40:49 -04:00

2 Commits