name: fuzz
on:
push:
branches:
- main
pull_request:
jobs:
fuzz:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: <version>
- name: Install dependencies
run: go mod tidy
- name: Run Fuzzing
run: go test -fuzz=<fuzz-function> -fuzztime=60s
stages:
- fuzz
fuzz:
stage: fuzz
image: golang:<version>
script:
- go mod tidy
- go test -fuzz=<fuzz-function> -fuzztime=60s
package main
import (
"log"
"net/http"
"net/url"
)
func handleUserURL(input string) {
parsedURL, err := url.Parse(input)
if err != nil {
log.Printf("Failed to parse URL: %v", err)
return
}
log.Printf("Parsed URL: Host=%s, Hostname=%s, Port=%s", parsedURL.Host, parsedURL.Hostname(), parsedURL.Port())
}
func main() {
http.HandleFunc("/example", func(w http.ResponseWriter, r *http.Request) {
input := r.URL.Query().Get("input")
handleUserURL(input)
})
http.ListenAndServe(":8080", nil)
}
package main
import (
"net/url"
"testing"
)
func FuzzURLParse(f *testing.F) {
f.Add("javascript://alert(1)")
f.Fuzz(func(t *testing.T, input string) {
parsedURL, err := url.Parse(input)
if err != nil {
t.Logf("Failed to parse URL: %v", err)
return
}
host := parsedURL.Hostname()
port := parsedURL.Port()
switch parsedURL.Host {
case host + ":" + port:
return
case "[" + host + "]" + port:
return
case host:
fallthrough
case "[" + host + "]":
if port != "" {
panic("unexpected Port()")
}
return
}
t.Logf("Parsed URL: Host=%s, Hostname=%s, Port=%s", parsedURL.Host, parsedURL.Hostname(), parsedURL.Port())
})
}
go test -fuzz=FuzzURLParse -fuzztime=60s
// ParseRequestURI parses a raw url into a [URL] structure. It assumes that
// url was received in an HTTP request, so the url is interpreted
// only as an absolute URI or an absolute path.
// The string url is assumed not to have a #fragment suffix.
// (Web browsers strip #fragment before sending the URL to a web server.)
func ParseRequestURI(rawURL string) (*URL, error) {
url, err := parse(rawURL, true)
if err != nil {
return nil, &Error{"parse", rawURL, err}
}
return url, nil
}