Add a fuzzer libfuzzer to setup continuous fuzzing #1972
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi all, this is Adam from Ada Logics. I work on securing open source software, and with fuzzing having solved problems for IOT.js in the past, I have looked at setting up continuous fuzzing for IOT.js. I have managed to fuzz IOT.js through OSS-fuzz, and in this PR I add the fuzzer that enables that.
If there is interest to integrate with OSS-fuzz, I will upload my build files on the OSS-fuzz side. The build files take care of building IOT.js and this fuzzer with the necessary sanitizers. Once integrated, OSS-fuzz will run all of IOT.js's fuzzers continuously.
A few notes about this fuzzer:
The fuzzer targets a very specific state of IOT.js which previously has included bugs. It would be much more prefered pass on the entire test case to IOT.js and not wrap the test case in
one[]andtwo[]as is done in this fuzzer. The problem with that, however, is that the fuzzer eventually will start generating javascript code that sends out random HTTP requests. Obviously we do not want that, so in case there are any suggestions from the maintainers' side to prevent such behaviour, please let me know, as it could improve the fuzzer drastically.For those unaware: Fuzzing is a way of testing software whereby pseudo-random data is passed to a target application with the goal of finding bugs and vulnerabilities.
I would be interested in contributing further to fuzzing IOT.js, especially to solve the problem described above under "A few notes about this fuzzer".