aboutsummaryrefslogtreecommitdiff
path: root/projects/json-sanitizer/IdempotenceFuzzer.java
diff options
context:
space:
mode:
Diffstat (limited to 'projects/json-sanitizer/IdempotenceFuzzer.java')
-rw-r--r--projects/json-sanitizer/IdempotenceFuzzer.java16
1 files changed, 7 insertions, 9 deletions
diff --git a/projects/json-sanitizer/IdempotenceFuzzer.java b/projects/json-sanitizer/IdempotenceFuzzer.java
index 833ec3f0a..a42c91af9 100644
--- a/projects/json-sanitizer/IdempotenceFuzzer.java
+++ b/projects/json-sanitizer/IdempotenceFuzzer.java
@@ -21,20 +21,18 @@ import com.google.json.JsonSanitizer;
public class IdempotenceFuzzer {
public static void fuzzerTestOneInput(FuzzedDataProvider data) {
String input = data.consumeRemainingAsString();
- String output1;
+ String output;
try {
- output1 = JsonSanitizer.sanitize(input, 10);
+ output = JsonSanitizer.sanitize(input, 10);
} catch (ArrayIndexOutOfBoundsException e) {
// ArrayIndexOutOfBoundsException is expected if nesting depth is
// exceeded.
return;
}
- String output2 = JsonSanitizer.sanitize(output1, 10);
- if (!output1.equals(output2)) {
- System.err.println("input : " + input);
- System.err.println("output1: " + output1);
- System.err.println("output2: " + output2);
- throw new IllegalStateException("Non-idempotence detected");
- }
+
+ // Ensure that sanitizing twice does not give different output
+ // (idempotence). Since failure to be idempotent is not a security issue in
+ // itself, fail with a regular AssertionError.
+ assert JsonSanitizer.sanitize(output).equals(output) : "Not idempotent";
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-09 23:22:33 +0000