headlamp icon indicating copy to clipboard operation
headlamp copied to clipboard

Published 20 hours ago verified publisher icon headlamp-k8s

fuzz testing / property testing

Open illume opened this issue 2 months ago • 0 comments

Currently we're not using fuzzing or property testing which is checked by the headlamp OpenSSF scorecard.

image

Fuzzing, or fuzz testing, is the practice of feeding unexpected or random data into a program to expose bugs. Regular fuzzing is important to detect vulnerabilities that may be exploited by others, especially since attackers can also use fuzzing to find the same flaws. -- https://github.com/ossf/scorecard/blob/7ce8609469289d5f3b1bf5ee3122f42b4e3054fb/docs/checks.md#fuzzing

Additional information

It's especially useful on any code that parses inputs like network data or user provided content or arguments. During testing we might uncover areas which don't validate or parse input data at all.

Some tools

  • https://go.dev/doc/security/fuzz/
  • https://fast-check.dev/
  • https://github.com/google/oss-fuzz

illume avatar Jun 26 '24 11:06 illume