CSRF protection using HMAC-signed state tokens (RFC 5869, RFC 2104)
refactor(crowbar): Alcotest-style API with suite exports and grouped run
- Change `run` signature to `string -> (string * test_case list) list -> unit`
matching Alcotest's grouping convention
- Fix `_name` bug: pass the name through to Alcotest.run_with_args
- Each fuzz module now exports `let suite = ("name", [test_case ...])`
- Entry points (fuzz.ml) collect suites: `Crowbar.run "pkg" [Fuzz_X.suite]`
- Remove stale `add_test`/`suite` API, keep only `test_case`/`run`
- Remove `let run () = ()` from fuzz_common.ml files
- Update merlint E725 rule to match new `let suite = ("name", ...)` pattern
- Update E725 test fixtures and expected output
+11
-8
+11
-8
fuzz/fuzz_csrf.ml
+11
-8
fuzz/fuzz_csrf.ml
···
48
48
let _ = Csrf.verify_state ~secret input in
49
49
()
50
50
51
-
let () =
52
-
add_test ~name:"csrf: sign/verify roundtrip" [ bytes; bytes ] test_roundtrip;
53
-
add_test ~name:"csrf: wrong secret rejects" [ bytes; bytes; bytes ]
54
-
test_wrong_secret;
55
-
add_test ~name:"csrf: tampered signature rejects" [ bytes; bytes ]
56
-
test_tampered_signature;
57
-
add_test ~name:"csrf: malformed input doesn't crash" [ bytes; bytes ]
58
-
test_malformed
51
+
let suite =
52
+
( "csrf",
53
+
[
54
+
test_case "sign/verify roundtrip" [ bytes; bytes ] test_roundtrip;
55
+
test_case "wrong secret rejects" [ bytes; bytes; bytes ] test_wrong_secret;
56
+
test_case "tampered signature rejects" [ bytes; bytes ]
57
+
test_tampered_signature;
58
+
test_case "malformed input doesn't crash" [ bytes; bytes ] test_malformed;
59
+
] )
60
+
61
+
let () = run "csrf" [ suite ]