Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Evaluate Gitlab CI Fuzz testing #3395

Open
tamirms opened this issue Feb 9, 2021 · 3 comments
Open

Evaluate Gitlab CI Fuzz testing #3395

tamirms opened this issue Feb 9, 2021 · 3 comments
Assignees
@tamirms
Labels
fuzzing horizon

Comments

@tamirms
Copy link
Contributor

tamirms commented Feb 9, 2021

Gitlab CI has introduced support for fuzz testing as a service. Their service integrates with go-fuzz which is the library we are using to fuzz test Horizon.

Gitlab supports fuzzing jobs which execute for a user defined timeout and they also support continuous fuzzing which run for a much longer duration. It seems that short fuzzing jobs would be appropriate to run against PRs and continuous fuzzing would be useful to run against master or Horizon release branches.

One useful aspect of Gitlab's fuzzing service is that whenever you run a fuzzing job Gitlab will extend the fuzz corpus with any new interesting cases that are found during the test run. The corpus is shared between multiple test runs and each test run can possibly improve the corpus.

If we were to use Gitlab fuzzing it seems that we would need to have CI job defined for every fuzzing target. This is an important point to consider because we plan on having fuzz tests for every ingestion processor. But we may run into issues by having so many fuzz jobs running for each PR.

To evaluate Gitlab's fuzzing service we should verify that it's possible to run Gitlab CI on GitHub repos (according to https://about.gitlab.com/solutions/github/ it should be possible). Then we can start by having a fuzzing job which invokes the claim predicate fuzz test
@tamirms tamirms added the fuzzing label Feb 9, 2021
@tamirms tamirms self-assigned this Feb 25, 2021
@tamirms
Copy link
Contributor Author

tamirms commented Feb 25, 2021
edited

My initial tests with Gitlab's fuzzing service have been promising. I was able to get a fairly substantial prototype up and running.

There are still some questions we need to figure out which I have listed in the checklist below. We need to check off all the high priority and medium priority tasks before we can close the issue and move on to writing fuzz targets for Horizon ingestion processors.

  • Trigger email notifications whenever a fuzz job finds a crash (high priority)
  • Make the visibility of security issues discovered by fuzz jobs private to only Horizon team members (high priority)
    • You can either make the Gitlab repo private or you can go to Settings > General and set the visibility of the Pipelines and Security & Compliance pages to only project members.
  • Discuss creating an SDF Gitlab account with Ops team (medium priority)
  • Streamline defining gitlab CI jobs for each fuzz target (optional / low priority)

@naveensrinivasan
Copy link

https://github.com/google/oss-fuzz provides the fuzzing service which will provide all the things that Gitlab provides.

It is easy to integrate.

@naveensrinivasan
Copy link

I can help with this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tamirms tamirms

Labels
fuzzing horizon
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@naveensrinivasan @leighmcculloch @tamirms