Enable simple monolith fuzzing #4155
Assignees
Labels
A-fuzzer
Area: The fuzzers and fuzzing infrastructure.
I-SECURITY
Problems and improvements related to security.
Comments
This was referenced Oct 14, 2019
zebambam
pushed a commit
to zebambam/zcash
that referenced
this issue
Oct 15, 2019
|
This is a good idea 👍 |
|
PR: #4167 |
|
It seems this issue can be closed with the merge of #4167 ? |
|
Yes I think so. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Write a simple harness for AFL fuzzing any part of the C++ monolith. Specifically, developers should only have to read input from stdin and provide that input to wherever they desire in the codebase by writing a small main function to replace the daemon's usual main.
It should be integrated into the zcash codebase in such a way that future CI systems can require that written fuzzers continue to work across merges into the main (currently master) branch, even though the results of the fuzzing don't necessarily break the merge.
The ultimate goal of this work is to normalize the creation of fuzzers alongside simple unit tests for new or modified code that is considered to be relevant - parsers, network message handlers, etc.. should be covered.
The infrastructure and tending to running continuous security integration can then be owned and operated across the devinf and security teams.
The text was updated successfully, but these errors were encountered: