Fuzzing

[rugk]

Fuzzing is a very effective and easy method to find bad (security-related) errors, especially in C code. I think also Google recently offered money for fuzzing open-source software.

So you may do this.

[ThomasWaldmann]

The google offer is only for very widespread-use critical projects, not sure we would qualify yet.

Also not sure how to apply fuzzing to borg - just backup random stuff, put random stuff in data/config files?

[enkore]

• Off-the-shelf fuzzers (like AFL) are only suitable to parsers, which has limited applicability in Borg. (However, I did fuzz the hashindex loading code recently with AFL, with no findings, as expected -- it's a very simple format and a simple parser).
• One could also apply it to see how Borg deals with e.g. corrupted files caches. However, fuzzing Python code is really, really damn slow.
  • On a similar note, if we implement things like the cache sync in C, that is a worthwhile target.
• It may be worthwhile to write a custom fuzzer that tries to create race conditions during borg create in the input file set. (Although we already know of some of these).

[rugk]

Maybe have a look at https://fuzzing-project.org/, there are some tutorials and similar stuff.

[rugk]

Why does this belong to "Doing things differently"? Borg does not need to be re-developed/rewritten from scratch for this "feature". You can always fuzz software as it is.