Skip to content

x/website: write a guide for fuzzing #48255

Closed
Closed
x/website: write a guide for fuzzing#48255
Labels
DocumentationIssues describing a change to documentation.FrozenDueToAgeNeedsFixThe path to resolution is known, but the work has not been done.fuzzIssues related to native fuzzing support
Milestone
Go1.18
@jayconrod

Description

@jayconrod
jayconrod
opened on Sep 8, 2021

We expect to have many users that are encountering fuzzing for the first time. We should write a thorough guide on how to use fuzzing effectively with that audience in mind.

An introductory guide should cover, at minimum:

  • What fuzzing is.
  • What fuzzing is good for (and not good for).
  • How to write a fuzz target.
  • How to run fuzzing with go test -fuzz=target, with information about relevant flags.
  • What to do with a crasher if one is found
  • Strategies for helping the fuzzer if it isn't finding any crashers after running for a while
  • Current limitations of the native fuzzing support (e.g. it stops running after the first crash is found, it isn't currently supported to easily integrate with CI)

Some advanced topics that could be covered in other guides:

  • Choosing a good seed corpus.
  • Measuring coverage.
  • Differential fuzzing.
  • Fuzzing continuously.

Metadata

Metadata

Assignees

No one assigned

    Labels

    DocumentationIssues describing a change to documentation.FrozenDueToAgeNeedsFixThe path to resolution is known, but the work has not been done.fuzzIssues related to native fuzzing support

    Type

    No type

    Projects

    Go Security

    Status

    No status

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions