CSRF protection using HMAC-signed state tokens (RFC 5869, RFC 2104)
Reject duplicate CBOR keys in VDS import
import used List.find_opt on raw map pairs, so a duplicate
"version" or "entries" key would shadow later occurrences.
Now checks for byte-equal duplicate keys before field extraction,
consistent with the receipt parser's cbor_check_unique_keys.
+4
-5
+4
-5
fuzz/dune
+4
-5
fuzz/dune
···
17
17
(alias fuzz)
18
18
(enabled_if
19
19
(= %{profile} afl))
20
-
(deps
21
-
(source_tree corpus)
22
-
fuzz.exe
23
-
gen_corpus.exe)
20
+
(deps fuzz.exe)
24
21
(action
25
-
(echo "AFL fuzzer built: %{exe:fuzz.exe}\n")))
22
+
(progn
23
+
(run %{exe:fuzz.exe} --gen-corpus corpus)
24
+
(run afl-fuzz -V 60 -i corpus -o _fuzz -- %{exe:fuzz.exe} @@))))