From b540edbe1ea97d33275e32a8a5c97b9f1e740a8d Mon Sep 17 00:00:00 2001
From: vovuas2003 <naumkin.vp@phystech.edu>
Date: Wed, 6 May 2026 17:28:16 +0300
Subject: [PATCH] improve native fuzz

---
 .gitignore                                   |  2 ++
 README.md                                    |  4 ++-
 myfuzz/{auth_fuzz.go => auth_fuzz.go.backup} |  2 +-
 myfuzz/cover.out                             | 33 ++++++++++++++++++++
 myfuzz/cover.txt                             |  3 ++
 myfuzz/myfuzz_test.go                        | 12 ++++---
 myfuzz/run_fuzz.sh                           |  1 +
 myfuzz/view_fuzz_coverage.sh                 |  3 ++
 8 files changed, 53 insertions(+), 7 deletions(-)
 rename myfuzz/{auth_fuzz.go => auth_fuzz.go.backup} (99%)
 create mode 100644 myfuzz/cover.out
 create mode 100644 myfuzz/cover.txt
 create mode 100755 myfuzz/view_fuzz_coverage.sh

diff --git a/.gitignore b/.gitignore
index a986e8c..ff16c5f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,5 @@ data/
 AFLplusplus/
 aflfuzz/configs/
 aflfuzz/fuzz_out/
+
+test_data.db
diff --git a/README.md b/README.md
index 1c03519..e4094c6 100644
--- a/README.md
+++ b/README.md
@@ -157,6 +157,8 @@ bash scripts/run.sh
  
 1.2. ./run_fuzz.sh
 
+1.3. ./view_fuzz_coverage.sh
+
 2. Запуск AFL++ в режиме blackbox (фаззинг готового бинарника)
 
 2.1. cd aflfuzz
@@ -185,7 +187,7 @@ bash scripts/run.sh
 
 4.1. cd myfuzz
 
-4.2. ./install_go-fuzz.sh (тут возникают проблемы, поэтому следующие шаги проверить не удалось)
+4.2. ./install_go-fuzz.sh (тут возникают проблемы, поэтому следующие шаги проверить не удалось + оказалось, что первая версия конфликтует с нативным фаззингом из пункта 1)
 
 4.3. ./build_for_go-fuzz.sh
 
diff --git a/myfuzz/auth_fuzz.go b/myfuzz/auth_fuzz.go.backup
similarity index 99%
rename from myfuzz/auth_fuzz.go
rename to myfuzz/auth_fuzz.go.backup
index a8c743a..d1b5aef 100644
--- a/myfuzz/auth_fuzz.go
+++ b/myfuzz/auth_fuzz.go.backup
@@ -2,7 +2,7 @@ package myfuzz
 
 import (
 	"bytes"
-	"fmt"
+
 	"linux-auth/internal/auth"
 	"linux-auth/internal/db"
 )
diff --git a/myfuzz/cover.out b/myfuzz/cover.out
new file mode 100644
index 0000000..68c914d
--- /dev/null
+++ b/myfuzz/cover.out
@@ -0,0 +1,33 @@
+mode: set
+linux-auth/internal/auth/auth.go:21.60,23.16 2 1
+linux-auth/internal/auth/auth.go:23.16,26.3 1 1
+linux-auth/internal/auth/auth.go:29.2,29.17 1 1
+linux-auth/internal/auth/auth.go:29.17,31.3 1 0
+linux-auth/internal/auth/auth.go:34.2,34.55 1 1
+linux-auth/internal/auth/auth.go:34.55,37.17 2 1
+linux-auth/internal/auth/auth.go:37.17,39.4 1 0
+linux-auth/internal/auth/auth.go:42.3,44.41 3 1
+linux-auth/internal/auth/auth.go:44.41,46.4 1 0
+linux-auth/internal/auth/auth.go:48.3,48.20 1 1
+linux-auth/internal/auth/auth.go:52.2,53.18 2 1
+linux-auth/internal/db/sqlite.go:29.30,33.16 3 1
+linux-auth/internal/db/sqlite.go:33.16,35.3 1 0
+linux-auth/internal/db/sqlite.go:38.2,38.39 1 1
+linux-auth/internal/db/sqlite.go:38.39,40.3 1 0
+linux-auth/internal/db/sqlite.go:42.2,42.23 1 1
+linux-auth/internal/db/sqlite.go:48.14,49.21 1 1
+linux-auth/internal/db/sqlite.go:49.21,51.3 1 1
+linux-auth/internal/db/sqlite.go:57.27,70.2 3 1
+linux-auth/internal/db/sqlite.go:77.46,97.26 6 1
+linux-auth/internal/db/sqlite.go:97.26,99.3 1 1
+linux-auth/internal/db/sqlite.go:100.2,100.16 1 1
+linux-auth/internal/db/sqlite.go:100.16,102.3 1 0
+linux-auth/internal/db/sqlite.go:104.2,105.19 2 1
+linux-auth/internal/db/sqlite.go:112.43,121.2 3 1
+linux-auth/internal/db/sqlite.go:127.40,136.2 3 1
+linux-auth/internal/db/sqlite.go:142.38,151.2 3 0
+linux-auth/internal/db/sqlite.go:158.54,165.16 3 0
+linux-auth/internal/db/sqlite.go:165.16,167.3 1 0
+linux-auth/internal/db/sqlite.go:169.2,169.12 1 0
+linux-auth/internal/utils/hash.go:13.43,16.2 2 1
+linux-auth/internal/utils/hash.go:24.48,26.2 1 1
diff --git a/myfuzz/cover.txt b/myfuzz/cover.txt
new file mode 100644
index 0000000..7fbd7f9
--- /dev/null
+++ b/myfuzz/cover.txt
@@ -0,0 +1,3 @@
+PASS
+coverage: 75.0% of statements in ../...
+ok  	linux-auth/myfuzz	0.046s
diff --git a/myfuzz/myfuzz_test.go b/myfuzz/myfuzz_test.go
index 18567bf..6de50da 100644
--- a/myfuzz/myfuzz_test.go
+++ b/myfuzz/myfuzz_test.go
@@ -16,20 +16,22 @@ func FuzzAuth(f *testing.F) {
 		db.Close()
 	})
 
-	f.Add("admin", "admin")
-	f.Add("user", "password")
-	f.Add("", "")
+	f.Add("admin", "admin123") // right admin
+	f.Add("user1", "password1") // right user
+	f.Add("admin", "admin") // wrong admin
+	f.Add("user", "password") // wrong user
+	f.Add("", "") // blank test
 
 	f.Fuzz(func(t *testing.T, username string, password string) {
 		ok, err := auth.Authenticate(username, password)
 		if err != nil {
-			t.Errorf("For {username} {%q} and {password} {%q} error: %v", username, password, err)
+			t.Errorf("For username %q and password %q error: %v", username, password, err)
 		}
 		if ok {
 			if (username == "admin" && password == "admin123") || (username == "user1" && password == "password1") {
 				return
 			}
-			t.Errorf("Unexpected login for {username} {%q} and {password} {%q}", username, password)
+			t.Errorf("Unexpected login for username %q and password %q", username, password)
 		}
 	})
 }
diff --git a/myfuzz/run_fuzz.sh b/myfuzz/run_fuzz.sh
index 5b3b1d4..944a692 100755
--- a/myfuzz/run_fuzz.sh
+++ b/myfuzz/run_fuzz.sh
@@ -3,3 +3,4 @@
 cp ../data/users.db test_data.db
 
 go test -fuzz=FuzzAuth -fuzztime=5m --parallel=1
+go test -run=FuzzAuth -coverprofile=cover.out -coverpkg=../... | tee cover.txt
diff --git a/myfuzz/view_fuzz_coverage.sh b/myfuzz/view_fuzz_coverage.sh
new file mode 100755
index 0000000..151a7c2
--- /dev/null
+++ b/myfuzz/view_fuzz_coverage.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+go tool cover -html=cover.out