fluentd icon indicating copy to clipboard operation
fluentd copied to clipboard
verified publisher icon fluent

Add Fuzz-testing

Open harshitasao opened this issue 1 year ago • 3 comments

Is your feature request related to a problem? Please describe.

Fuzz testing or Fuzzing is a Black Box software testing technique, which basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion.

Describe the solution you'd like

Integrate the project with OSS-Fuzz by following the instructions here.

From fluentd maintainer:

Some input plugins receive data online, so it may be a good idea to add a fuzz test for them first.

  • https://docs.fluentd.org/input/forward
  • https://docs.fluentd.org/input/udp
  • https://docs.fluentd.org/input/tcp
  • https://docs.fluentd.org/input/http
  • https://docs.fluentd.org/input/syslog

Describe alternatives you've considered

N/A

Additional context

Part of #4601

harshitasao avatar Aug 25 '24 17:08 harshitasao

/assign

harshitasao avatar Aug 25 '24 18:08 harshitasao

There are some input plugins, but it is good starting point try to tackle from above plugins. https://docs.fluentd.org/input

kenhys avatar Aug 26 '24 01:08 kenhys

There are some concerns integrates with OSS-Fuzz:

  • No appropriate formal contact e-mail address to reach committers.
    • It was required: https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/.
    • Previously, [email protected] was used for such a alternative contact address, but deprecated.
  • Ruby is out-of-scope in this project
    • https://google.github.io/oss-fuzz/getting-started/new-project-guide/

If I am missing the point, correc me.

kenhys avatar Aug 26 '24 01:08 kenhys