nanoid_fuzz_test.go

// Copyright (c) 2024-2026 Six After, Inc
//
// This source code is licensed under the Apache 2.0 License found in the
// LICENSE file in the root directory of this source tree.

package nanoid

import (
	"testing"

	"github.com/stretchr/testify/assert"
)

// FuzzNewWithLength exercises the NewWithLength function using
// random lengths to ensure robustness against a wide range of
// input sizes. This fuzz test checks that:
//
//   - No error is returned for valid lengths (1–256).
//   - The resulting ID's rune length matches the requested length.
//   - All generated characters are from the DefaultAlphabet.
//
// Skips negative or excessively large lengths. This helps detect
// panics, boundary errors, and invalid character usage in ID generation.
func FuzzNewWithLength(f *testing.F) {
	f.Add(10) // seed
	f.Fuzz(func(t *testing.T, length int) {
		if length <= 0 || length > 256 {
			t.Skip()
		}
		id, err := NewWithLength(length)
		is := assert.New(t)
		is.NoError(err)
		is.Equal(length, len([]rune(id)))
		is.True(isValidID(id, DefaultAlphabet))
	})
}

// FuzzCustomAlphabet fuzzes NewGenerator and ID generation with arbitrary
// user-supplied alphabet strings and ID lengths. This validates that:
//
//   - Invalid alphabets (too short/long) and lengths are skipped.
//   - For valid inputs, the generated ID has the correct length.
//   - All ID characters are in the user-provided alphabet.
//
// This test increases coverage for edge cases involving Unicode alphabets
// and generator configuration.
func FuzzCustomAlphabet(f *testing.F) {
	f.Add("abc123", 16)
	f.Fuzz(func(t *testing.T, alphabet string, length int) {
		is := assert.New(t)
		if len([]rune(alphabet)) < MinAlphabetLength || len([]rune(alphabet)) > MaxAlphabetLength {
			t.Skip()
		}
		if length <= 0 || length > 256 {
			t.Skip()
		}
		gen, err := NewGenerator(
			WithAlphabet(alphabet),
			WithLengthHint(uint16(length)),
		)
		if err != nil {
			return // skip invalid generator configs
		}
		id, err := gen.NewWithLength(length)
		is.NoError(err)
		is.Equal(length, len([]rune(id)))
		is.True(isValidID(id, alphabet))
	})
}

// FuzzCustomGenerator explores random combinations of alphabet strings and
// ID lengths, creating new generators and generating IDs for each pair.
// This fuzz test ensures that:
//
//   - Generator construction with edge-case alphabets/lengths does not panic.
//   - Generated IDs always match the requested rune length.
//   - All ID characters are in the current alphabet.
//
// This function is broader than FuzzCustomAlphabet and helps catch configuration-
// time and run-time errors across the generator code path.
func FuzzCustomGenerator(f *testing.F) {
	f.Add("xyz", 32)
	f.Fuzz(func(t *testing.T, alphabet string, size int) {
		is := assert.New(t)
		runes := []rune(alphabet)
		if len(runes) < MinAlphabetLength || len(runes) > MaxAlphabetLength {
			t.Skip()
		}
		if size <= 0 || size > 256 {
			t.Skip()
		}
		gen, err := NewGenerator(
			WithAlphabet(alphabet),
			WithLengthHint(uint16(size)),
		)
		if err != nil {
			t.Skip()
		}
		id, err := gen.NewWithLength(size)
		is.NoError(err)
		is.Equal(size, len([]rune(id)))
		is.True(isValidID(id, alphabet))
	})
}

// FuzzRead fuzzes the global Generator.Read method by generating
// random buffer sizes, including edge cases (empty buffers and
// upper bounds). This test validates that:
//
//   - Read never panics for any size in the range [0, 256].
//   - The number of bytes read equals the requested size.
//   - All generated bytes are in the DefaultAlphabet.
//
// This fuzz test helps ensure Read's contract and buffer-safety
// across a wide range of call patterns.
func FuzzRead(f *testing.F) {
	f.Add(21) // DefaultLength
	f.Fuzz(func(t *testing.T, size int) {
		is := assert.New(t)
		if size < 0 || size > 256 {
			t.Skip()
		}
		buf := make([]byte, size)
		n, err := Read(buf)
		is.NoError(err)
		is.Equal(size, n)
		is.True(isValidID(ID(buf), DefaultAlphabet))
	})
}