Suggestion: Continuous Fuzzing #998
Comments
|
Hi Yevgeny, Thanks for reaching out! This sounds really interesting. The gRPC-Gateway can be used as a first layer against the internet so it seems worthwhile to investigate, however the overlap between us and the Go standard library will be pretty high. We have some custom path parsing and stuff which might be interesting though. If you would like to contribute something, I would start looking at adding some fuzzing to the integration tests maybe? They're in https://github.com/grpc-ecosystem/grpc-gateway/tree/master/examples/integration. That would fuzz against a running server, which might not be appropriate, let me know what you think. |
|
Hi Johan, Thanks for quick reply. I'm not sure about the integration test as far as I understand they just send data over the network to the server which is less appropriate to how go-fuzz works. This is more appropriate to be an additional strong "unit-tests", we need to find the relevant function that go-fuzz will call with psudo-random data to test and check for crashes/other bugs. Also forgot to mention, we have a reward program in case you want/have time to contribute this, I'll be happy to reward you as well as get unbiased feedback on how smooth the integration was. If not I'll try to contribute this myself with your guidance. |
|
The reward program seems like a great way to get new users trying the code base as well, so I will leave it. I'd be happy to help you get it in if you find the time, of course. |
|
I think we can close this with #1001 merged |
Hi, I'm Yevgeny Pats Founder of Fuzzit - Continuous fuzzing as a service platform.
We have a free plan for OSS and I would be happy to contribute a PR if that's interesting.
The PR will include the following
You can see our basic example fuzzitdev/example-go and you can see an example of "in the wild" integration google/syzkaller.
Let me know if this is something worth working on.
Cheers,
Yevgeny
The text was updated successfully, but these errors were encountered: