go-tuf icon indicating copy to clipboard operation
go-tuf copied to clipboard

Published 20 hours ago verified publisher icon theupdateframework

Switch to using native fuzz tests

Open joshuagl opened this issue 3 years ago • 1 comments
trafficstars

#275 introduced some JSON unmarshal hardening and uses a fuzzer to generate test data for the hardening.

We should port the test to use the native fuzzer available in Go 1.18 (and newer) to reduce our third-party dependencies.

Originally posted by @Zenithar in https://github.com/theupdateframework/go-tuf/pull/275#discussion_r925470086

joshuagl avatar Jul 20 '22 13:07 joshuagl

Does this mean importing the native fuzzer in place of the 3rd party fuzzer in the source code and then running go mod tidy? (New to golang. Hence a bit verbose)

abs007 avatar Sep 10 '22 15:09 abs007

I'm not familiar with the state of fuzzing in Go, but it might also be necessary to port the fuzzing logic to the API of the native fuzzer.

joshuagl avatar Nov 15 '22 10:11 joshuagl

Closing since the code base changed and we no longer have the same tests.

Thanks for raising this 👍

rdimitrov avatar Jan 31 '24 21:01 rdimitrov