Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Getting Started

To get started with this example, you will need to fork this repository and complete the following process in Travis CI:

Note: You will also need to create a mayhem organization in the Mayhem UI prior to executing the pipeline, as the script uses a Mayhem Organization as the target run namespace.

Travis CI Setup

  1. Go to the Travis CI website and sign up or log into an existing account. Make sure that your GitHub account has been linked to your Travis CI account.

  2. Within the Travis CI dashboard, you should now see your forked repository as well as the two branches: master and CVE-2019-10028-FIX.

  3. Within the forked GitHub repo, navigate to the .travis.yml file and set the following environment variables for your master and CVE-2019-10028-FIX branches. These credentials will be used to authenticate with the Mayhem instance and push the corresponding netflix Docker target.

    # Additional environment values - either specify here or in your
    # Travis-CI job configuration.
    - MAYHEM_TOKEN="AT1.abcdefg"

Execute Continuous Fuzzing

For Continuous Fuzzing, Mayhem will fuzz the latest version of your software residing on the primary (master) branch, and by default, set Continuous Fuzzing runs with an infinite duration—only stopping a current Mayhem run and beginning a new Mayhem run when a new commit has been pushed to the primary branch. Thus, the name "Continuous Fuzzing".

  1. Navigate to your forked repository in Travis CI and click on More options > Trigger build. Execute a new pipeline for the master branch.
  2. The new pipeline for the master branch should now build the netflix Docker target and upload the corresponding Docker image to the specified Mayhem instance. A new Mayhem run for the bugged dial-reference-master target will then execute and find the underlying defects.

Execute Regression Testing

For Regression Testing, Mayhem will execute regression tests on new changes or code using previously generated crashing test cases found during Continuous Fuzzing to determine if known defects have been fixed.

  1. Navigate to your forked repository in Travis CI and click on More options > Trigger build. Execute a new pipeline for the CVE-2019-10028-FIX branch.
  2. The new pipeline for the CVE-2019-10028-FIX branch should now build the netflix Docker target and upload the corresponding Docker image to the specified Mayhem instance with the same test corpus generated from the dial-reference-master target. A Mayhem run for the fixed dial-reference-cve-2019-10028-fix target will then execute to ensure that defects have been resolved.

Mayhem Example (dial-reference)

Build Status

This repository has been forked from the official dial-reference repository repository in GitHub. Additional content has been added to serve as a reference architecture on how to integrate ForAllSecure Mayhem into a continuous integration / continuous deployment (CI/CD) workflow.

This example provides the necessary configuration files, pipeline scripts and documentation necessary to execute a fuzzing test run using Travis CI]. In order to leverage this example, the user is expected to have access to their own Mayhem instance.

This example has been tested with Mayhem 1.3.0+.

Original dial-reference README

Why dial-reference?

In 2019 ForAllSecure discovered CVE-2019-10028, a denial of service bug caused by an out of bounds write in a Netflix Dial protocol reference server (CVSS Score: 7.5).

We reported this bug responsibly to the maintainers, with the fix implemented here.

This fork of dial-reference demonstrates how Mayhem can discover the issue, as well as how the regression-testing capabilities of Mayhem can be used to verify the fix in a separate branch.

CI/CD with Travis CI

This repository demonstrates how to use Travis CI to:

  • Build dial-reference and continuously fuzz the output to always be looking for new issues.
  • Run regression tests generated from continuous fuzzing against a branch.

What is being fuzzed

The build will create the dial-reference/server binary and copy it into a Docker image that will be uploaded to Mayhem for fuzzing using network fuzzing.

Defining the Mayhem Run

A Mayhem "Target" is defined using a Mayhemfile. A Mayhemfile is included under mayhem/Mayhemfile. It is recommended to inspect the comments and properties of this file to understand how the project will be named inside of Mayhem.

The cmds property of the Mayhemfile describes how the server is started, as well as how Mayhem will interact with it over tcp:

  - cmd: /dial-reference/server/dialserver
    dictionary: /http.dict
      LD_LIBRARY_PATH: /dial-reference/server

      url: tcp://localhost:56790 # protocol, host and port to analyze
      is_client: false           # target is a client-side program
      timeout: 2.0               # max seconds for sending data

Travis CI

This example makes use of Travis CI to coordinate the build and Mayhem integration. There is nothing in the build flow that requires Travis CI. The same concepts can be applied to different build tools.

The .travis.yml file is located in the root of the project and defines the build that will run Mayhem. The bulk of the work to run Mayhem and to differentiate between continuous and regression runs is in This script downloads the mayhem cli, which is used to initiate runs.


A fork of Netflix dial-reference to demonstrate Travis CI integration for fuzz testing with Mayhem by ForAllSecure, Inc.







No releases published


No packages published