This repository has been archived by the owner on Nov 7, 2022. It is now read-only.
security/all: fuzz input formats with any parsing #354
Comments
|
I started working on this but encountered an issue with go-fuzz and go modules dvyukov/go-fuzz#195 (comment) so that's stalled for now. |
|
@tigrannajaryan @pjanotti do we plan to do this in OpenTelemetry Service? |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
In this repository, we've got a bunch of parsers and converters between various formats. The parsing problems and crashes have been reported by users or by us during integration testing. However, evidently we are human and can't exhaust combinations or inputs that can be sent by malicious actors. In order for us to deploy this software to production, it would be great for us to pass in automated inputs and fuzz the living heavens out of the service and fix issues as we encounter them.
There is https://github.com/dvyukov/go-fuzz that we can use, as well as others.
Perhaps let's keep this issue open for cycles of testing and fixing.
The text was updated successfully, but these errors were encountered: