introduce fuzzing test

[shogo82148]

Summary by CodeRabbit

• Chores

  • Introduced an automated workflow that runs fuzz testing, triggered both manually and on a set schedule. The process is organized into phases that first compile a list of tests and then systematically execute them.

• Tests

  • Added fuzz testing routines aimed at verifying CSV decoding across different data structures, ensuring improved robustness and reliability when processing diverse input formats.

[coderabbitai]

Walkthrough

This pull request introduces a GitHub Actions workflow to automate fuzz testing and a new test file for the CSV decoding package. The workflow file (.github/workflows/fuzz.yml) defines two jobs: the list job generates a list of fuzz tests, and the fuzz job executes these tests based on the generated matrix. The workflow is triggered manually or on a preset schedule. Additionally, a new test file (headercsv/fuzz_test.go) is added with three fuzz testing functions targeting CSV decoding into maps, slices, and structs.

Changes

File(s)	Change Summary
.github/workflows/fuzz.yml	Added a workflow file that defines two jobs: list (sets up the Go environment, generates fuzz test list) and fuzz (runs fuzz tests using a matrix strategy), triggered manually or on schedule.
headercsv/fuzz_test.go	Introduced a new fuzz testing file with three functions (FuzzDecodeAll_map, FuzzDecodeAll_slice, FuzzDecodeAll_struct) to test CSV decoding into various data structures.

Sequence Diagram(s)

sequenceDiagram
    participant U as User/Scheduler
    participant GH as GitHub Actions Runner
    participant List as "List Job"
    participant Fuzz as "Fuzz Job"

    U->>GH: Trigger workflow (manual or schedule)
    GH->>List: Start list job (10m timeout)
    List-->>GH: Provide fuzz tests output
    GH->>Fuzz: Initiate fuzz job (matrix based on list output, 360m timeout)
    Fuzz-->>GH: Execute fuzz tests
    GH->>U: Report testing results

Loading

Poem

I'm a rabbit, hopping near my code burrow,
With workflows and fuzz tests shining like a rainbow.
On Ubuntu fields, jobs run swift and slow,
Uncovering hidden bugs where restless electrons flow.
CSV strings dance in a merry, fuzzing spree—
Carrots and clean code, a joy for you and me! 🥕🐇

✨ Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Copilot]

Pull Request Overview

This PR introduces fuzz tests to improve the resiliency of our CSV decoding functionality within the headercsv package by testing various data structures.

• Added fuzz tests to decode data into map, slice, and struct types
• Introduced a GitHub workflow to schedule and run the fuzz tests regularly

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
fuzz_test.go	Added fuzz tests for different output types in CSV decoding
.github/workflows/fuzz.yml	Added a GitHub workflow for scheduling and running fuzz tests

Comments suppressed due to low confidence (3)

fuzz_test.go:8

• [nitpick] Consider renaming the fuzz test function FuzzDecodeAll_map to FuzzDecodeAllMap to adhere to Go naming conventions.

func FuzzDecodeAll_map(f *testing.F) {

fuzz_test.go:21

• [nitpick] Consider renaming the fuzz test function FuzzDecodeAll_slice to FuzzDecodeAllSlice for consistency with Go naming conventions.

func FuzzDecodeAll_slice(f *testing.F) {

fuzz_test.go:34

• [nitpick] Consider renaming the fuzz test function FuzzDecodeAll_struct to FuzzDecodeAllStruct to better align with standard Go naming practices.

func FuzzDecodeAll_struct(f *testing.F) {

[coveralls]

Pull Request Test Coverage Report for Build 14100686368

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• 23 unchanged lines in 1 file lost coverage.
• Overall coverage increased (+0.06%) to 82.48%

---

Files with Coverage Reduction	New Missed Lines	%
decode.go	23	84.06%

Totals
Change from base Build 14100145113:	0.06%
Covered Lines:	419
Relevant Lines:	508

---

💛 - Coveralls

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (6)

.github/workflows/fuzz.yml (1)

25-43: Consider adjusting the fuzz job configuration

The fuzz job setup looks good overall with proper dependency on the list job and matrix strategy. However:

1. The 360-minute timeout is quite long. Consider splitting into shorter runs if possible.
2. The fuzz time (355m) is very close to the timeout (360m), which might lead to job termination before proper cleanup.

-    timeout-minutes: 360
+    timeout-minutes: 370

This would provide a better buffer between the fuzz time and the job timeout.

fuzz_test.go (5)

8-19: Improve fuzz test assertions and coverage

The map fuzzer correctly sets up the test cases, but currently only checks if decoding succeeds. Consider:

1. Adding validation of the decoded data
2. Including assertion for expected output when using seed cases
3. Adding error cases that should fail in a predictable way

 func FuzzDecodeAll_map(f *testing.F) {
 	f.Add("A\nb\n")
 	f.Add("A,B\nb,c\n")
+	// Add malformed but interesting test cases
+	f.Add("A,A\nb,c\n") // Duplicate headers
+	f.Add("A,\nb,c\n")  // Empty header

 	f.Fuzz(func(t *testing.T, a string) {
 		dec := NewDecoder(strings.NewReader(a))
 		var v []map[string]any
 		if err := dec.DecodeAll(&v); err != nil {
 			t.Skip(err)
 		}
+		// Validate the decoded data
+		if len(v) > 0 && len(a) > 0 {
+			// Check that we have at least some keys in our maps
+			hasKeys := false
+			for _, row := range v {
+				if len(row) > 0 {
+					hasKeys = true
+					break
+				}
+			}
+			if !hasKeys && strings.Contains(a, ",") {
+				t.Errorf("Expected at least one key in decoded maps for input with commas")
+			}
+		}
 	})
 }

---

21-32: Enhance slice fuzz test with validation

Similar to the map fuzzer, this test would benefit from validating the decoded data and adding more diverse test cases.

 func FuzzDecodeAll_slice(f *testing.F) {
 	f.Add("A\nb\n")
 	f.Add("A,B\nb,c\n")
+	f.Add("A,B,C\n1,2,3\n4,5,6\n") // Multiple rows with numeric values

 	f.Fuzz(func(t *testing.T, a string) {
 		dec := NewDecoder(strings.NewReader(a))
 		var v [][]any
 		if err := dec.DecodeAll(&v); err != nil {
 			t.Skip(err)
 		}
+		// Basic validation
+		if len(v) > 0 {
+			headerCount := strings.Count(strings.Split(a, "\n")[0], ",") + 1
+			for i, row := range v {
+				// Each row should have the same number of elements as headers
+				if len(row) != headerCount && headerCount > 0 {
+					t.Errorf("Row %d has %d columns, expected %d", i, len(row), headerCount)
+				}
+			}
+		}
 	})
 }

---

34-51: Add more test cases for struct fuzzing

The struct fuzz test correctly handles various data types but could benefit from more diverse seed cases. Also, consider validating the decoded values.

 func FuzzDecodeAll_struct(f *testing.F) {
 	f.Add("String,Int,Uint,Float64,Bool,Any\nHello,42,42,3.14,true,World\n")
+	// Add edge cases
+	f.Add("String,Int,Uint,Float64,Bool,Any\n\"Quoted, String\",-1,0,0.0,false,null\n")
+	f.Add("String,Int,Uint,Float64,Bool,Any\n,,,,,\n") // Empty values

 	f.Fuzz(func(t *testing.T, a string) {
 		dec := NewDecoder(strings.NewReader(a))
 		var v []struct {
 			String  string
 			Int     int
 			Uint    uint
 			Float64 float64
 			Bool    bool
 			Any     any
 		}
 		if err := dec.DecodeAll(&v); err != nil {
 			t.Skip(err)
 		}
+		
+		// For known seed cases, verify expected values
+		if a == "String,Int,Uint,Float64,Bool,Any\nHello,42,42,3.14,true,World\n" && len(v) > 0 {
+			if v[0].String != "Hello" || v[0].Int != 42 || v[0].Uint != 42 || 
+			   v[0].Float64 != 3.14 || v[0].Bool != true || v[0].Any != "World" {
+				t.Errorf("Decoded values don't match expected output for seed case")
+			}
+		}
 	})
 }

---

3-6: Consider adding benchmarks alongside fuzz tests

The test file correctly imports necessary packages, but consider adding benchmarks to complement your fuzz tests. This would help evaluate performance impacts of any changes made to fix issues found by fuzzing.

---

1-51: Add documentation and error handling strategy

While the fuzz tests are well-structured, adding package documentation would improve maintainability. Also, the current error handling (skipping tests on error) is appropriate for exploring valid inputs, but consider a strategy for handling expected vs. unexpected errors.

 package headercsv

+// This file contains fuzz tests for the headercsv package.
+// These tests use Go's built-in fuzzing to find edge cases in CSV decoding.
+// The tests focus on three main decoding targets: maps, slices, and structs.

 import (
 	"strings"
 	"testing"
 )

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a2158c0 and feccd85.

📒 Files selected for processing (2)

• .github/workflows/fuzz.yml (1 hunks)
• fuzz_test.go (1 hunks)

🔇 Additional comments (3)

.github/workflows/fuzz.yml (3)

1-5: LGTM: Well-structured workflow setup

The workflow name and triggers are appropriately defined. Using both manual trigger (workflow_dispatch) and scheduled runs (Tuesdays and Thursdays) is a good practice for fuzz testing.

---

11-24: LGTM: Well-structured list job

The list job is properly configured:

• Uses up-to-date GitHub Actions with pinned versions and SHA hashes (good security practice)
• Has a reasonable timeout
• Correctly exports the list of fuzz tests for the next job

---

7-10:

✅ Verification successful

Verify if these permissions are necessary

The workflow requests write permissions for repository contents and pull requests. While these might be needed if the fuzzer creates issues or PRs for discovered bugs, it's worth confirming if both are required.

---

🏁 Script executed:

#!/bin/bash
# Check if the fuzzing action documentation mentions required permissions
curl -s https://raw.githubusercontent.com/shogo82148/actions-go-fuzz/main/README.md | grep -i "permission"

Length of output: 531

---

Verified Permissions for Fuzz Workflow
The actions-go-fuzz documentation confirms that when using the pull-request reporting mode, the workflow must have both contents: write (to enable pushes/branch creation) and pull-requests: write (to create and modify pull requests). If you switch to a different report method (like slack), you may be able to remove or reduce these permissions. For the current configuration, these permissions appear necessary.