json2xml/rust/fuzz/fuzz_targets/fuzz_escape_xml.rs at 29131ca2dd993a2aeb0d6b9d84baa2cd808e4439 · vinitkumar/json2xml · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#![no_main]

use libfuzzer_sys::fuzz_target;
use json2xml_rs::escape_xml;

fuzz_target!(|data: &str| {
    let result = escape_xml(data);

    // Verify invariants:
    // 1. Result should not contain unescaped special chars
    assert!(!result.contains('&') || result.contains("&amp;") || result.contains("&quot;")
            || result.contains("&apos;") || result.contains("&lt;") || result.contains("&gt;"));

    // 2. Result should be valid (no panics occurred)
    // 3. If input had no special chars, output equals input
    if !data.contains('&') && !data.contains('"') && !data.contains('\'')
       && !data.contains('<') && !data.contains('>') {
        assert_eq!(result, data);
    }

    // 4. Output length should be >= input length (escaping only adds chars)
    assert!(result.len() >= data.len());
});