Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upFuzzing #907
Comments
sgrif
added
enhancement
tests
labels
May 14, 2017
This comment has been minimized.
|
Hey ! Any particular areas you would like to see fuzzed first ? data coming from the database connection ? user-supplied queries ? something entirely different ? I can try taking a look into hooking up |
This comment has been minimized.
|
I would expect parsing the data coming out of the database would be the most interesting.
Be warned, though. You'll probably have to do a whole bunch of freaky things to get access to these function in a way you can fuzz them. I was originally thinking stuff like `#[path="../../diesel/pg/lorem/ipsum.rs"] mod ipsum;` in the fuzzer script but I'm not sure if that'd work well.
… Am 23.05.2017 um 20:57 schrieb Cyryl Płotnicki ***@***.***>:
Hey ! Any particular areas you would like to see fuzzed first ? data coming from the database connection ? user-supplied queries ? something entirely different ? I can try taking a look into hooking up cargo-fuzz in some nearish future I think.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
This comment has been minimized.
|
No worries, I consider myself warned now :) If I get to work on this in some time and get stuck - will definitely describe what I did and what worked and what not. thanks a lot ! |
This comment has been minimized.
|
We already have tests for that @killercup (types_roundtrips) |
This comment has been minimized.
|
Thank you for giving it a try :) Feel free to drop into gitter if you get stuck, I'm sure we can figure out how to get this working.
@Eijebong, sure, but types roundtrips usually only test _valid_ data. Fuzzing makes sure we don't explode when we get invalid data :)
… Am 23.05.2017 um 21:05 schrieb Cyryl Płotnicki ***@***.***>:
No worries, I consider myself warned now :) If I get to work on this in some time and get stuck - will definitely describe what I did and what worked and what not. thanks a lot !
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
This comment has been minimized.
|
Oh, ok :) |
This comment has been minimized.
|
Hey, haven't had much luck/time to really take this on so far, feel free to pick it up if someone else is interested. Would love to pair on this one if you want btw. I will take a second look when I'll have some more time. Thank you ! |
sgrif commentedMay 14, 2017
It'd be great if we could do some amount of fuzz testing with AFL or another tool. Due to the nature of Diesel I'm not sure how that would even work, but it's something I'm interested in having done.