This is a runtime environment to use when fuzzing. This runtime is specialized in detecting security boundaries violations in applications.
A fuzzer is an automatic testing tool commonly used for software. The goal is to test your software by executing it with a large set of pseudo-randomly generated inputs.
Most fuzzers are dedicated to find memory bugs in C libraries. In our case we focus on security issues in applications. Specifically we check that applications can't break their assumed security boundaries.
In general the runtime is useful to check the security boundaries of an application:
For example:
- an app should have no or limited access to the file system
- an app has access to the shell but we want to make sure that it cannot be abused
- an app should not make any remote connection except to specified servers (TODO)
- Specializes in testing applications security boundaries
- Target code is fuzzed against a security policy
- Several default policies are provided
- Users can provide custom policies
- Cross-platform fuzzing
Technical documentation, research and thoughts process that happened during the development of this project are documented in the mdbook in docs.
Requires mdbook and mdbook-toc
$ cargo install mdbook
$ cargo install mdbook-toccrates/tauri-fuzz-clia cli to initialize fuzzing in a projectcrates/tauri-fuzzthe runtime used while fuzzingcrates/tauri-fuzz-policiesthe security policies and the policy engine that will be used while fuzzingdocs/technical information and thoughts process behind the projectexamples/examples to run the fuzzer ontests/tests
| Platform | Can theoretically work | Tested on |
|---|---|---|
| Linux | ✅ | ✅ |
| Windows | ✅ | ✅ |
| MacOS | ✅ | ❌ |
| Android | ❓ | ❌ |
| iOS | ❓ | ❌ |