Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feature request] Add fuzz-testing #1713

Open
harshitasao opened this issue Aug 26, 2024 · 7 comments
Open

[feature request] Add fuzz-testing #1713

harshitasao opened this issue Aug 26, 2024 · 7 comments
Labels
kind/feature-request LFX-Mentorship

Comments

@harshitasao
Copy link
Contributor

What would you like to be added:
Fuzz testing or Fuzzing is a Black Box software testing technique, which basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion.

Integrate the project with OSS-Fuzz by following the instructions here.

Why is this needed:
To increase the security posture of the project.

Part of #1706

Maintainers help is highly appreciated. For example, helping in identifying the components where fuzz testing will be added.
@harshitasao harshitasao mentioned this issue Aug 26, 2024
Open
4 tasks
@furykerry
Copy link
Member

openkruise is driven by CRD manifests,and crd will be validated by webhook. I am not sure how semi-malformed data can be used to test openkruise, are their any example in related project, e.g. kubernetes project ?

@hantmac
Copy link
Member

hantmac commented Aug 27, 2024
edited
Loading

@furykerry There are CNCF fuzzzing projects in https://github.com/cncf/cncf-fuzzing and kubernetes also has its fuzzing tests https://github.com/kubernetes/kubernetes/blob/master/pkg/api/testing/fuzzer.go.

I would like to try to use OSS-Fuzz to establish a continuous fuzzing set up for kruise.

@hantmac hantmac assigned hantmac and unassigned FillZpp Oct 2, 2024
@github-staff github-staff deleted a comment from Lxx-c Oct 23, 2024
@github-staff github-staff deleted a comment from Lxx-c Oct 23, 2024
@stale Stale
Copy link

stale bot commented Jan 21, 2025

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix This will not be worked on label Jan 21, 2025
@stale stale bot closed this as completed Jan 28, 2025
@furykerry furykerry removed the wontfix This will not be worked on label Jan 30, 2025
@furykerry furykerry reopened this Jan 30, 2025
@furykerry
Copy link
Member

furykerry commented Jan 30, 2025
edited
Loading

following feature can benefits from fuzz-testing

@ggold7046
Copy link

@harshitasao , Could you let me know the last date for application and how is the selection procedure for the same ?

@7h3-3mp7y-m4n
Copy link

Hey, I just came across this and found it a great opportunity to contribute to Kruise. If there are any follow-up tasks, I’d love to take a look at them. Thanks!

@inosmeet
Copy link

inosmeet commented Feb 7, 2025

Hi @furykerry! @zmberg!

I’m really interested in contributing to this project and would love to be a part of integrating fuzz testing into the LFX project. I have prior experience with fuzz testing, particularly from my work during GSoC’24 with the cve-bin-tool, where I focused on identifying vulnerabilities using similar techniques.

I’ve gone through the OSS-Fuzz integration instructions and am excited to help implement this to enhance the security posture of the project. Could you please let me know if there are any pre-tests or prerequisites that I should be aware of before applying?

Looking forward to discussing this further!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature-request LFX-Mentorship
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@furykerry @FillZpp @hantmac @harshitasao @inosmeet @ggold7046 @7h3-3mp7y-m4n and others