Attestation Malformed-Input Regression Harness

March 2, 2026 ยท View on GitHub

This repository includes a deterministic malformed-input regression gate for POST /attest/submit plus a replayable regression corpus under tests/attestation_corpus/.

Corpus Classes

Current explicit corpus entries cover these malformed input classes:

  1. Invalid JSON root: null
  2. Invalid JSON root: array
  3. Miner identifier shape mismatch
  4. Device payload scalar/object mismatch
  5. Signals payload scalar/object mismatch
  6. Signals MAC list shape mismatch
  7. Fingerprint checks array/object mismatch
  8. Report payload scalar/object mismatch

Replay One Corpus Entry

python tests/replay_attestation_corpus.py tests/attestation_corpus/malformed_report_scalar.json

The script prints the HTTP status code and parsed JSON response, and exits non-zero if replay causes a server-side 5xx.

Quick Regression Gate

python -m pytest tests/test_attestation_fuzz.py -v

10,000-Case Mutation Run

PowerShell:

$env:ATTEST_FUZZ_CASES = "10000"
python -m pytest tests/test_attestation_fuzz.py -k mutation_regression_no_unhandled_exceptions -v

Bash:

ATTEST_FUZZ_CASES=10000 python -m pytest tests/test_attestation_fuzz.py -k mutation_regression_no_unhandled_exceptions -v

This is the CI-mode gate for "no unhandled exceptions" in the attestation parsing path. Set ATTEST_FUZZ_SEED only when you need to reproduce a specific random sequence locally.