From f01202319b1e33ae1a00fe2bf3ab1af06c906694 Mon Sep 17 00:00:00 2001
From: Sam Flattery <samflattery@google.com>
Date: Mon, 8 Jun 2020 15:26:08 +0100
Subject: [PATCH 1/2] flip forwardClientCert option in HCM fuzz

Signed-off-by: Sam Flattery <samflattery@google.com>
---
 test/common/http/BUILD                        |  1 +
 test/common/http/conn_manager_impl_fuzz.proto |  3 +++
 .../http/conn_manager_impl_fuzz_test.cc       | 24 ++++++++++++++++---
 3 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/test/common/http/BUILD b/test/common/http/BUILD
index fc43ab1ff66f1..447193debbf4f 100644
--- a/test/common/http/BUILD
+++ b/test/common/http/BUILD
@@ -155,6 +155,7 @@ envoy_proto_library(
     srcs = ["conn_manager_impl_fuzz.proto"],
     deps = [
         "//test/fuzz:common_proto",
+        "@envoy_api//envoy/extensions/filters/network/http_connection_manager/v3:pkg",
     ],
 )
 
diff --git a/test/common/http/conn_manager_impl_fuzz.proto b/test/common/http/conn_manager_impl_fuzz.proto
index 58a7d8ba0d535..e95fb4a9f5ffb 100644
--- a/test/common/http/conn_manager_impl_fuzz.proto
+++ b/test/common/http/conn_manager_impl_fuzz.proto
@@ -6,6 +6,8 @@ import "google/protobuf/empty.proto";
 
 import "test/fuzz/common.proto";
 
+import "envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto";
+
 // Structured input for conn_manager_impl_fuzz_test.
 
 message NewStream {
@@ -99,4 +101,5 @@ message Action {
 
 message ConnManagerImplTestCase {
   repeated Action actions = 1;
+  envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.ForwardClientCertDetails forward_client_cert = 2;
 }
diff --git a/test/common/http/conn_manager_impl_fuzz_test.cc b/test/common/http/conn_manager_impl_fuzz_test.cc
index 37079704bb857..cf12eb7a121ad 100644
--- a/test/common/http/conn_manager_impl_fuzz_test.cc
+++ b/test/common/http/conn_manager_impl_fuzz_test.cc
@@ -62,7 +62,7 @@ class FuzzConfig : public ConnectionManagerConfig {
     std::shared_ptr<Router::MockConfig> route_config_{new NiceMock<Router::MockConfig>()};
   };
 
-  FuzzConfig()
+  FuzzConfig(envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager::ForwardClientCertDetails forward_client_cert)
       : stats_({ALL_HTTP_CONN_MAN_STATS(POOL_COUNTER(fake_stats_), POOL_GAUGE(fake_stats_),
                                         POOL_HISTOGRAM(fake_stats_))},
                "", fake_stats_),
@@ -74,6 +74,7 @@ class FuzzConfig : public ConnectionManagerConfig {
         .WillByDefault(Return(time_system_.systemTime()));
     access_logs_.emplace_back(std::make_shared<NiceMock<AccessLog::MockInstance>>());
     request_id_extension_ = RequestIDExtensionFactory::defaultInstance(random_);
+    forward_client_cert_ = fromClientCert(forward_client_cert);
   }
 
   void newStream() {
@@ -91,6 +92,23 @@ class FuzzConfig : public ConnectionManagerConfig {
     EXPECT_CALL(*encoder_filter_, setEncoderFilterCallbacks(_));
   }
 
+  Http::ForwardClientCertType fromClientCert(envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager::ForwardClientCertDetails forward_client_cert) {
+    switch (forward_client_cert) {
+      case envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager::SANITIZE:
+        return Http::ForwardClientCertType::Sanitize;
+      case envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager::FORWARD_ONLY:
+        return Http::ForwardClientCertType::ForwardOnly;
+      case envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager::APPEND_FORWARD:
+        return Http::ForwardClientCertType::AppendForward;
+      case envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager::SANITIZE_SET:
+        return Http::ForwardClientCertType::SanitizeSet;
+      case envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager::ALWAYS_FORWARD_ONLY:
+        return Http::ForwardClientCertType::AlwaysForwardOnly;
+      default:
+        return Http::ForwardClientCertType::Sanitize;
+    }
+  }
+
   // Http::ConnectionManagerConfig
 
   RequestIDExtensionSharedPtr requestIDExtension() override { return request_id_extension_; }
@@ -194,7 +212,7 @@ class FuzzConfig : public ConnectionManagerConfig {
   std::chrono::milliseconds request_timeout_{};
   std::chrono::milliseconds delayed_close_timeout_{};
   bool use_remote_address_{true};
-  Http::ForwardClientCertType forward_client_cert_{Http::ForwardClientCertType::Sanitize};
+  Http::ForwardClientCertType forward_client_cert_;
   std::vector<Http::ClientCertDetailsType> set_current_client_cert_details_;
   Network::Address::Ipv4Instance local_address_{"127.0.0.1"};
   absl::optional<std::string> user_agent_;
@@ -495,7 +513,7 @@ DEFINE_PROTO_FUZZER(const test::common::http::ConnManagerImplTestCase& input) {
     return;
   }
 
-  FuzzConfig config;
+  FuzzConfig config(input.forward_client_cert());
   NiceMock<Network::MockDrainDecision> drain_close;
   NiceMock<Runtime::MockRandomGenerator> random;
   Stats::SymbolTablePtr symbol_table(Stats::SymbolTableCreator::makeSymbolTable());

From 3af26214e4f9c2ec518cca720e5d904971c1013b Mon Sep 17 00:00:00 2001
From: Sam Flattery <samflattery@google.com>
Date: Mon, 8 Jun 2020 15:28:18 +0100
Subject: [PATCH 2/2] style fix

Signed-off-by: Sam Flattery <samflattery@google.com>
---
 test/common/http/conn_manager_impl_fuzz.proto |  3 +-
 .../http/conn_manager_impl_fuzz_test.cc       | 36 +++++++++++--------
 2 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/test/common/http/conn_manager_impl_fuzz.proto b/test/common/http/conn_manager_impl_fuzz.proto
index e95fb4a9f5ffb..92d6e1c32652f 100644
--- a/test/common/http/conn_manager_impl_fuzz.proto
+++ b/test/common/http/conn_manager_impl_fuzz.proto
@@ -101,5 +101,6 @@ message Action {
 
 message ConnManagerImplTestCase {
   repeated Action actions = 1;
-  envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.ForwardClientCertDetails forward_client_cert = 2;
+  envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+      .ForwardClientCertDetails forward_client_cert = 2;
 }
diff --git a/test/common/http/conn_manager_impl_fuzz_test.cc b/test/common/http/conn_manager_impl_fuzz_test.cc
index cf12eb7a121ad..bbfbbceab89e7 100644
--- a/test/common/http/conn_manager_impl_fuzz_test.cc
+++ b/test/common/http/conn_manager_impl_fuzz_test.cc
@@ -62,7 +62,8 @@ class FuzzConfig : public ConnectionManagerConfig {
     std::shared_ptr<Router::MockConfig> route_config_{new NiceMock<Router::MockConfig>()};
   };
 
-  FuzzConfig(envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager::ForwardClientCertDetails forward_client_cert)
+  FuzzConfig(envoy::extensions::filters::network::http_connection_manager::v3::
+                 HttpConnectionManager::ForwardClientCertDetails forward_client_cert)
       : stats_({ALL_HTTP_CONN_MAN_STATS(POOL_COUNTER(fake_stats_), POOL_GAUGE(fake_stats_),
                                         POOL_HISTOGRAM(fake_stats_))},
                "", fake_stats_),
@@ -92,20 +93,27 @@ class FuzzConfig : public ConnectionManagerConfig {
     EXPECT_CALL(*encoder_filter_, setEncoderFilterCallbacks(_));
   }
 
-  Http::ForwardClientCertType fromClientCert(envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager::ForwardClientCertDetails forward_client_cert) {
+  Http::ForwardClientCertType
+  fromClientCert(envoy::extensions::filters::network::http_connection_manager::v3::
+                     HttpConnectionManager::ForwardClientCertDetails forward_client_cert) {
     switch (forward_client_cert) {
-      case envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager::SANITIZE:
-        return Http::ForwardClientCertType::Sanitize;
-      case envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager::FORWARD_ONLY:
-        return Http::ForwardClientCertType::ForwardOnly;
-      case envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager::APPEND_FORWARD:
-        return Http::ForwardClientCertType::AppendForward;
-      case envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager::SANITIZE_SET:
-        return Http::ForwardClientCertType::SanitizeSet;
-      case envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager::ALWAYS_FORWARD_ONLY:
-        return Http::ForwardClientCertType::AlwaysForwardOnly;
-      default:
-        return Http::ForwardClientCertType::Sanitize;
+    case envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager::
+        SANITIZE:
+      return Http::ForwardClientCertType::Sanitize;
+    case envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager::
+        FORWARD_ONLY:
+      return Http::ForwardClientCertType::ForwardOnly;
+    case envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager::
+        APPEND_FORWARD:
+      return Http::ForwardClientCertType::AppendForward;
+    case envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager::
+        SANITIZE_SET:
+      return Http::ForwardClientCertType::SanitizeSet;
+    case envoy::extensions::filters::network::http_connection_manager::v3::HttpConnectionManager::
+        ALWAYS_FORWARD_ONLY:
+      return Http::ForwardClientCertType::AlwaysForwardOnly;
+    default:
+      return Http::ForwardClientCertType::Sanitize;
     }
   }