Magento Module Fuzzer
The goal of this project is to build an automated tool that uses a combination of introspection and user defined inputs in combination with pre-existing tools and fuzzing lists to automatically test Magento modules/extensions for vulnerabilities. The end goal would be that no extension, theme or custom module code sees production without being put thoroughly tested by this first. Recognizing the extremity of that ask, an intermediate goal would be that the this tool is used to test each extension before it is submitted to the Magento marketplace.
We would appreciate your contributions to new components or new features, changes to the existing features, tests, documentation, specifications, bug fixes, optimizations, or just good suggestions. Report about an issue or request features opening a GitHub issue. Learn more about contributing in our Contribution Guidelines.
If you want to participate in the documentation work, see DevDocs Contributing.
Pull Request Status
|accept||The pull request has been accepted and will be merged into mainline code.|
|reject||The pull request has been rejected and will not be merged into mainline code. Possible reasons can include but are not limited to: issue has already been fixed in another code contribution, or there is an issue with the code contribution.|
|needsUpdate||The Magento Team needs additional information from the reporter to properly prioritize and process the pull request.|
Issue Resolution Status
|acknowledged||The Magento Team has validated the issue and an internal ticket has been created.|
|needsUpdate||The Magento Team needs additional information from the reporter to properly prioritize and process the issue or pull request.|
|cannot reproduce||The Magento Team has not confirmed that this issue contains the minimum required information to reproduce.|
|non-issue||The Magento Team has not recognized any issue according to provided information.|
|PROD||Affects the Product team (mostly feature requests or business logic change).|
|DOC||Affects Documentation domain.|
|TECH||Affects Architect Group (mostly to make decisions around technology changes).|
|bugfix||The issue or pull request relates to bug fixing.|
|enhancement||The issue or pull request that raises the MFTF to a higher degree (for example new features, optimization, refactoring, etc).|
Reporting security issues
To report security vulnerabilities and other security issues in the Magento software or web sites, send an email with the report at email@example.com. Do not report security issues using GitHub. Be sure to encrypt your e-mail with our encryption key if it includes sensitive information. Learn more about reporting security issues here.
Stay up-to-date on the latest security news and patches for Magento by signing up for Security Alert Notifications.
Each Magento source file included in this distribution is licensed under AGPL 3.0.