Skip to content

testing: support custom dictionaries in fuzzer #46508

Open
Open
testing: support custom dictionaries in fuzzer#46508
Labels
FeatureRequestIssues asking for a new feature that does not need a proposal.NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.fuzzIssues related to native fuzzing support
Milestone
Backlog
@rolandshoemaker

Description

@rolandshoemaker
rolandshoemaker
opened on Jun 2, 2021

#46507 suggests multiple strategies which make use of automatically generated dictionaries of interesting values. It is likely also valuable to allow users to generate their own dictionaries of interesting values, as is supported by AFL and libFuzzer, that the mutation engine can pull from.

The easiest solution for encoding the values is likely to use a similar encoding scheme to AFL and libFuzzer, so existing dictionaries can be easily reused. Both use quoted strings with \x byte encoding, e.g.:

"blah"
"\"ac\\dc\""
"\xF7\xF8"
"foo\x0Abar"

AFL and libFuzzer support prefixing these values with a keyword (i.e. name="blah"), but do not use the name for anything. It seems reasonable to support this, so dictionaries can be directly imported, but to just ignore these values. Lines prefixed with # are ignored.

These dictionaries could be consumed from the testdata folder, similarly to the testdata/corpus seed inputs, and by extending the testing.F API with something like func (f *F) AddDictionaryEntry([]byte).

Metadata

Metadata

Assignees

No one assigned

    Labels

    FeatureRequestIssues asking for a new feature that does not need a proposal.NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.fuzzIssues related to native fuzzing support

    Type

    No type

    Projects

    Go Security

    Status

    No status

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions