Add shell completion, verbose token expiration, and fuzz tests

Author: telegrapher

cmd/completion.go

@@ -0,0 +1,55 @@
+// Copyright 2025 Adobe. All rights reserved.
+// This file is licensed to you under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License. You may obtain a copy
+// of the License at http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software distributed under
+// the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+// OF ANY KIND, either express or implied. See the License for the specific language
+// governing permissions and limitations under the License.
+
+package cmd
+
+import (
+	"os"
+
+	"github.com/spf13/cobra"
+)
+
+func completionCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "completion [bash|zsh|fish|powershell]",
+		Short: "Generate shell completion script.",
+		Long: `Generate a shell completion script for the specified shell.
+
+  # Bash
+  source <(imscli completion bash)
+
+  # Zsh (add to ~/.zshrc or run once)
+  imscli completion zsh > "${fpath[1]}/_imscli"
+
+  # Fish
+  imscli completion fish | source
+
+  # PowerShell
+  imscli completion powershell | Out-String | Invoke-Expression
+`,
+		DisableFlagsInUseLine: true,
+		ValidArgs:             []string{"bash", "zsh", "fish", "powershell"},
+		Args:                  cobra.MatchAll(cobra.ExactArgs(1), cobra.OnlyValidArgs),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			switch args[0] {
+			case "bash":
+				return cmd.Root().GenBashCompletionV2(os.Stdout, true)
+			case "zsh":
+				return cmd.Root().GenZshCompletion(os.Stdout)
+			case "fish":
+				return cmd.Root().GenFishCompletion(os.Stdout, true)
+			case "powershell":
+				return cmd.Root().GenPowerShellCompletion(os.Stdout)
+			}
+			return nil
+		},
+	}
+	return cmd
+}

cmd/decode.go

@@ -11,7 +11,10 @@
 package cmd
 
 import (
+	"encoding/json"
 	"fmt"
+	"os"
+	"time"
 
 	"github.com/adobe/imscli/cmd/pretty"
 	"github.com/adobe/imscli/ims"
@@ -27,7 +30,6 @@ func decodeCmd(imsConfig *ims.Config) *cobra.Command {
 		RunE: func(cmd *cobra.Command, args []string) error {
 			cmd.SilenceUsage = true
 
-
 			decoded, err := imsConfig.DecodeToken()
 			if err != nil {
 				return fmt.Errorf("error decoding the token: %w", err)
@@ -36,6 +38,12 @@ func decodeCmd(imsConfig *ims.Config) *cobra.Command {
 			output := fmt.Sprintf(`{"header":%s,"payload":%s}`, decoded.Header, decoded.Payload)
 			fmt.Println(pretty.JSON(output))
 
+			// When verbose, show human-readable token expiration on stderr
+			// so it doesn't pollute the JSON output on stdout.
+			if imsConfig.Verbose {
+				printTokenExpiration(decoded.Payload)
+			}
+
 			return nil
 		},
 	}
@@ -44,3 +52,28 @@ func decodeCmd(imsConfig *ims.Config) *cobra.Command {
 
 	return cmd
 }
+
+// printTokenExpiration parses the "exp" claim from a JWT payload and prints
+// a human-readable expiration message to stderr.
+func printTokenExpiration(payload string) {
+	var claims map[string]interface{}
+	if err := json.Unmarshal([]byte(payload), &claims); err != nil {
+		return
+	}
+
+	exp, ok := claims["exp"].(float64)
+	if !ok {
+		return
+	}
+
+	expTime := time.Unix(int64(exp), 0).UTC()
+	now := time.Now().UTC()
+
+	if now.After(expTime) {
+		fmt.Fprintf(os.Stderr, "\nToken expired: %s (%s ago)\n",
+			expTime.Format(time.RFC3339), now.Sub(expTime).Truncate(time.Second))
+	} else {
+		fmt.Fprintf(os.Stderr, "\nToken expires: %s (in %s)\n",
+			expTime.Format(time.RFC3339), expTime.Sub(now).Truncate(time.Second))
+	}
+}

cmd/pretty/json_test.go

@@ -11,10 +11,12 @@
 package pretty
 
 import (
+	"math/rand"
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
+	"time"
 )
 
 func loadExpected(t *testing.T, filename string) string {
@@ -55,3 +57,56 @@ func TestJSON(t *testing.T) {
 		})
 	}
 }
+
+// randomString generates a string of the given length with arbitrary bytes,
+// including invalid UTF-8, control characters, and JSON-significant characters.
+// Used by the fuzz tests below to verify that JSON never panics.
+func randomString(rng *rand.Rand, length int) string {
+	b := make([]byte, length)
+	for i := range b {
+		b[i] = byte(rng.Intn(256))
+	}
+	return string(b)
+}
+
+// TestFuzzJSON generates random inputs for 10 seconds to verify that JSON
+// never panics regardless of input. Runs in parallel with other tests.
+//
+// For deeper exploration, use Go's built-in fuzz engine:
+//
+//	go test -fuzz=FuzzJSON -fuzztime=60s ./cmd/pretty/
+func TestFuzzJSON(t *testing.T) {
+	t.Parallel()
+
+	rng := rand.New(rand.NewSource(time.Now().UnixNano()))
+	deadline := time.After(10 * time.Second)
+	iterations := 0
+
+	for {
+		select {
+		case <-deadline:
+			t.Logf("fuzz: %d iterations without panic", iterations)
+			return
+		default:
+			input := randomString(rng, rng.Intn(1024))
+			_ = JSON(input)
+			iterations++
+		}
+	}
+}
+
+// FuzzJSON is a standard Go fuzz target for deeper exploration.
+// Run manually: go test -fuzz=FuzzJSON -fuzztime=60s ./cmd/pretty/
+func FuzzJSON(f *testing.F) {
+	f.Add(`{}`)
+	f.Add(`[]`)
+	f.Add(`{"a":1}`)
+	f.Add(`"plain string"`)
+	f.Add(`null`)
+	f.Add(`not json`)
+	f.Add(``)
+
+	f.Fuzz(func(t *testing.T, input string) {
+		_ = JSON(input)
+	})
+}

cmd/root.go

@@ -34,6 +34,7 @@ func RootCmd(version string) *cobra.Command {
 				log.SetOutput(io.Discard)
 			}
 			// This call of the initParams will load all env vars, config file and flags.
+			imsConfig.Verbose = verbose
 			return initParams(cmd, imsConfig, configFile)
 		},
 	}
@@ -58,6 +59,7 @@ func RootCmd(version string) *cobra.Command {
 		refreshCmd(imsConfig),
 		adminCmd(imsConfig),
 		dcrCmd(imsConfig),
+		completionCmd(),
 	)
 	return cmd
 }

ims/config.go

@@ -42,6 +42,7 @@ type Config struct {
 	Token                 string
 	Port                  int
 	FullOutput            bool
+	Verbose               bool
 	Guid                  string
 	AuthSrc               string
 	DecodeFulfillableData bool

ims/config_test.go

@@ -11,7 +11,9 @@
 package ims
 
 import (
+	"math/rand"
 	"testing"
+	"time"
 )
 
 func TestValidateDecodeTokenConfig(t *testing.T) {
@@ -393,3 +395,98 @@ func searchString(s, substr string) bool {
 	}
 	return false
 }
+
+// randomString generates a string of the given length with arbitrary bytes.
+func randomString(rng *rand.Rand, length int) string {
+	b := make([]byte, length)
+	for i := range b {
+		b[i] = byte(rng.Intn(256))
+	}
+	return string(b)
+}
+
+// TestFuzzValidateURL generates random inputs for 10 seconds to verify that
+// validateURL never panics regardless of input. Runs in parallel with other tests.
+//
+// For deeper exploration, use Go's built-in fuzz engine:
+//
+//	go test -fuzz=FuzzValidateURL -fuzztime=60s ./ims/
+func TestFuzzValidateURL(t *testing.T) {
+	t.Parallel()
+
+	rng := rand.New(rand.NewSource(time.Now().UnixNano()))
+	deadline := time.After(10 * time.Second)
+	iterations := 0
+
+	for {
+		select {
+		case <-deadline:
+			t.Logf("fuzz: %d iterations without panic", iterations)
+			return
+		default:
+			input := randomString(rng, rng.Intn(512))
+			_ = validateURL(input)
+			iterations++
+		}
+	}
+}
+
+// FuzzValidateURL is a standard Go fuzz target for deeper exploration.
+// Run manually: go test -fuzz=FuzzValidateURL -fuzztime=60s ./ims/
+func FuzzValidateURL(f *testing.F) {
+	f.Add("https://example.com")
+	f.Add("http://localhost:8080")
+	f.Add("")
+	f.Add("not-a-url")
+	f.Add("://missing-scheme.com")
+	f.Add("https://")
+
+	f.Fuzz(func(t *testing.T, u string) {
+		_ = validateURL(u)
+	})
+}
+
+// TestFuzzDecodeToken generates random inputs for 10 seconds to verify that
+// DecodeToken never panics regardless of input. Runs in parallel with other tests.
+//
+// For deeper exploration, use Go's built-in fuzz engine:
+//
+//	go test -fuzz=FuzzDecodeToken -fuzztime=60s ./ims/
+func TestFuzzDecodeToken(t *testing.T) {
+	t.Parallel()
+
+	rng := rand.New(rand.NewSource(time.Now().UnixNano()))
+	deadline := time.After(10 * time.Second)
+	iterations := 0
+
+	for {
+		select {
+		case <-deadline:
+			t.Logf("fuzz: %d iterations without panic", iterations)
+			return
+		default:
+			// Generate random JWT-like strings (three dot-separated parts)
+			input := randomString(rng, rng.Intn(128)) + "." +
+				randomString(rng, rng.Intn(256)) + "." +
+				randomString(rng, rng.Intn(128))
+			c := Config{Token: input}
+			_, _ = c.DecodeToken()
+			iterations++
+		}
+	}
+}
+
+// FuzzDecodeToken is a standard Go fuzz target for deeper exploration.
+// Run manually: go test -fuzz=FuzzDecodeToken -fuzztime=60s ./ims/
+func FuzzDecodeToken(f *testing.F) {
+	f.Add("eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.signature")
+	f.Add("a.b.c")
+	f.Add("...")
+	f.Add("")
+	f.Add("no-dots-at-all")
+
+	f.Fuzz(func(t *testing.T, token string) {
+		c := Config{Token: token}
+		_, _ = c.DecodeToken()
+	})
+}