User authentication and session management for web applications
Replace dead sha256 fallback with failwith; skip untrusted TS receipts
- compute_proof: None branch was dead code producing a predictable
hash. Now fails explicitly.
- verify_receipts: untrusted TSes (ts_keys returns None) are skipped
instead of rejecting the entire bundle. Fails only if no receipt
from a trusted TS verifies. Matches the cross-signing promise in
the .mli documentation.
+48
-31
+22
-3
fuzz/dune
+22
-3
fuzz/dune
···
1
-
(test
2
-
(name fuzz_auth)
3
-
(libraries auth csrf crowbar))
1
+
(executable
2
+
(name fuzz)
3
+
(modules fuzz fuzz_auth)
4
+
(libraries auth csrf alcobar))
5
+
6
+
(rule
7
+
(alias runtest)
8
+
(enabled_if
9
+
(<> %{profile} afl))
10
+
(deps fuzz.exe)
11
+
(action
12
+
(run %{exe:fuzz.exe})))
13
+
14
+
(rule
15
+
(alias fuzz)
16
+
(enabled_if
17
+
(= %{profile} afl))
18
+
(deps fuzz.exe)
19
+
(action
20
+
(progn
21
+
(run %{exe:fuzz.exe} --gen-corpus corpus)
22
+
(run afl-fuzz -V 60 -i corpus -o _fuzz -- %{exe:fuzz.exe} @@))))
+1
fuzz/fuzz.ml
+1
fuzz/fuzz.ml
···
1
+
let () = Alcobar.run "auth" [ Fuzz_auth.suite ]
+24
-28
fuzz/fuzz_auth.ml
+24
-28
fuzz/fuzz_auth.ml
···
1
1
(* Fuzz targets for auth cookie and session parsing.
2
2
These must never crash regardless of input. *)
3
3
4
-
let () =
5
-
Crowbar.run "auth"
4
+
open Alcobar
5
+
6
+
let test_parse_cookie input =
7
+
ignore (Auth.parse_cookie_value ~name:"sid" input);
8
+
ignore (Auth.parse_cookie_value ~name:"" input);
9
+
ignore (Auth.parse_cookie_value ~name:"a=b" input)
10
+
11
+
let test_csrf_sign_verify input =
12
+
let secret = "fuzz-secret-must-be-at-least-32-characters" in
13
+
let signed = Csrf.sign_state ~secret input in
14
+
match Csrf.verify_state ~secret signed with
15
+
| Some recovered -> if recovered <> input then bad_test ()
16
+
| None -> ()
17
+
18
+
let test_csrf_verify input =
19
+
let secret = "fuzz-secret-must-be-at-least-32-characters" in
20
+
ignore (Csrf.verify_state ~secret input)
21
+
22
+
let suite =
23
+
( "auth",
6
24
[
7
-
( "cookie",
8
-
[
9
-
Crowbar.test_case "parse_cookie_value"
10
-
Crowbar.[ bytes ]
11
-
(fun input ->
12
-
ignore (Auth.parse_cookie_value ~name:"sid" input);
13
-
ignore (Auth.parse_cookie_value ~name:"" input);
14
-
ignore (Auth.parse_cookie_value ~name:"a=b" input));
15
-
] );
16
-
( "csrf",
17
-
[
18
-
Crowbar.test_case "sign_verify_roundtrip"
19
-
Crowbar.[ bytes ]
20
-
(fun input ->
21
-
let secret = "fuzz-secret-must-be-at-least-32-characters" in
22
-
let signed = Csrf.sign_state ~secret input in
23
-
match Csrf.verify_state ~secret signed with
24
-
| Some recovered -> if recovered <> input then Crowbar.bad_test ()
25
-
| None -> ());
26
-
Crowbar.test_case "verify_no_crash"
27
-
Crowbar.[ bytes ]
28
-
(fun input ->
29
-
let secret = "fuzz-secret-must-be-at-least-32-characters" in
30
-
ignore (Csrf.verify_state ~secret input));
31
-
] );
32
-
]
25
+
test_case "parse_cookie_value" [ bytes ] test_parse_cookie;
26
+
test_case "csrf sign/verify roundtrip" [ bytes ] test_csrf_sign_verify;
27
+
test_case "csrf verify no crash" [ bytes ] test_csrf_verify;
28
+
] )
+1
fuzz/fuzz_auth.mli
+1
fuzz/fuzz_auth.mli
···
1
+
val suite : string * Alcobar.test_case list