lifecycle-toolkit icon indicating copy to clipboard operation
lifecycle-toolkit copied to clipboard
verified publisher icon keptn

Add fuzz-testing

Open harshitasao opened this issue 1 year ago • 6 comments

What would you like to be added: Fuzz testing or Fuzzing is a Black Box software testing technique, which basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion.

Integrate the project with OSS-Fuzz by following the instructions here.

Why is this needed: To increase the security posture of the project.

Part of #3681

Maintainers help is highly appreciated. For example, helping in identifying the components where fuzz testing will be added.

harshitasao avatar Aug 29 '24 00:08 harshitasao

This would probably be a bigger thing. We do have sort-of black box tests already with our e2e tests, but more tests are always better :) We are looking for help on this one.

mowies avatar Oct 02 '24 08:10 mowies

hey @mowies I would like to work on it

Garvit-77 avatar Oct 29 '24 09:10 Garvit-77

sure @Garvit-77 !

mowies avatar Oct 29 '24 10:10 mowies

@mowies, could you let me know the components for the implementation of the fuzz testor for which fuzzers need to be written

Garvit-77 avatar Oct 30 '24 12:10 Garvit-77

We don't really have any experience with fuzz testing so you would need to come up with your own strategy here for what makes the most sense. That's why we put the help-wanted label on here :)

mowies avatar Oct 30 '24 12:10 mowies

Okay! I would have a study by myself and let you know .

Garvit-77 avatar Oct 30 '24 13:10 Garvit-77