Fuzzing - Githubissues

diesel-rs / diesel

A safe, extensible ORM and Query Builder for Rust

https://diesel.rs

Apache License 2.0

12.62k stars 1.06k forks source link

Fuzzing #907

Open sgrif opened 7 years ago

sgrif commented 7 years ago

It'd be great if we could do some amount of fuzz testing with AFL or another tool. Due to the nature of Diesel I'm not sure how that would even work, but it's something I'm interested in having done.

cyplo commented 7 years ago

Hey ! Any particular areas you would like to see fuzzed first ? data coming from the database connection ? user-supplied queries ? something entirely different ? I can try taking a look into hooking up cargo-fuzz in some nearish future I think.

killercup commented 7 years ago

I would expect parsing the data coming out of the database would be the most interesting.

Be warned, though. You'll probably have to do a whole bunch of freaky things to get access to these function in a way you can fuzz them. I was originally thinking stuff like #[path="../../diesel/pg/lorem/ipsum.rs"] mod ipsum; in the fuzzer script but I'm not sure if that'd work well.

Am 23.05.2017 um 20:57 schrieb Cyryl Płotnicki notifications@github.com:

Hey ! Any particular areas you would like to see fuzzed first ? data coming from the database connection ? user-supplied queries ? something entirely different ? I can try taking a look into hooking up cargo-fuzz in some nearish future I think.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

cyplo commented 7 years ago

No worries, I consider myself warned now :) If I get to work on this in some time and get stuck - will definitely describe what I did and what worked and what not. thanks a lot !

Eijebong commented 7 years ago

We already have tests for that @killercup (types_roundtrips)

killercup commented 7 years ago

Thank you for giving it a try :) Feel free to drop into gitter if you get stuck, I'm sure we can figure out how to get this working.

@Eijebong, sure, but types roundtrips usually only test valid data. Fuzzing makes sure we don't explode when we get invalid data :)

Am 23.05.2017 um 21:05 schrieb Cyryl Płotnicki notifications@github.com:

No worries, I consider myself warned now :) If I get to work on this in some time and get stuck - will definitely describe what I did and what worked and what not. thanks a lot !

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

Eijebong commented 7 years ago

Oh, ok :)

cyplo commented 7 years ago

Hey, haven't had much luck/time to really take this on so far, feel free to pick it up if someone else is interested. Would love to pair on this one if you want btw. I will take a second look when I'll have some more time. Thank you !