Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tests: fix flaky ja4 test #5169

Merged
merged 1 commit into from
Mar 7, 2025
Merged

tests: fix flaky ja4 test #5169

merged 1 commit into from
Mar 7, 2025

Conversation

lrstewart
Copy link
Contributor

@lrstewart lrstewart commented Mar 6, 2025
edited
Loading

Release Summary:

Description of changes:

The JA4 test has been failing on AL2 randomly. See this test run. It fails with:

(output[S2N_JA4_A_CIPHER_COUNT_1]) == (count_test_cases[i].str[0]) is not true (/codebuild/output/src3856958814/src/github.com/aws/s2n-tls/tests/unit/s2n_fingerprint_ja4_test.c:516)

I think the problem is this chunk of code from the test setup:
https://github.com/lrstewart/s2n/blob/2c0f038397a8660732a5c15eebca085373d7569b/tests/unit/s2n_fingerprint_ja4_test.c#L148-L150

Basically, instead of writing individual cipher suite ianas, since we didn't care what the ianas were we just skipped over the right size chunk of data. But stuffers don't initialize their memory, so the data that ends up representing cipher ianas is whatever malloc returns. I suspect in most environments that memory is 0s, but AL2 is giving more random values, some of which happen to be grease values. JA4 doesn't count grease values when counting cipher suites, so the test fails.

Testing:

Hard to prove, since it's flaky. So far I've failed to repro the failures by:

  • spinning up my own AL2 instance and running the test for a few minutes in a while loop
  • putting a for(0..1000000) loop around the test and running it in s2nGeneralBatch

But this change doesn't break anything, is more correct, and /may/ fix the flakiness.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Mar 6, 2025
@lrstewart lrstewart marked this pull request as ready for review March 6, 2025 21:29
maddeleine
maddeleine reviewed Mar 7, 2025
View reviewed changes
tests/unit/s2n_fingerprint_ja4_test.c
RESULT_GUARD_POSIX(s2n_stuffer_skip_write(&bytes, ciphers_size));
for (size_t i = 0; i < cipher_count; i++) {
RESULT_GUARD_POSIX(s2n_stuffer_write_uint16(&bytes, 0));
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I agree this is more correct. If you're worried about the test still being flaky you could always add a debugging print statement if the test fails.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm leaning towards only doing that if this doesn't work. I'm pretty confident this will work.

@lrstewart lrstewart added this pull request to the merge queue Mar 7, 2025
Merged via the queue into aws:main with commit 25b08ba Mar 7, 2025
47 checks passed
@lrstewart lrstewart deleted the ja4flaky branch March 7, 2025 02:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maddeleine maddeleine maddeleine approved these changes

@CarolYeh910 CarolYeh910 CarolYeh910 approved these changes

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lrstewart @maddeleine @CarolYeh910