Welcome! Log In Create A New Profile

Advanced

Re: Continuous Fuzzing

Yevgeny Pats
November 27, 2019 06:34AM
Hey Andrei,

Got it. I believe it is possible but in that case it will require more
development indeed. I don't think I'll be able to pull it off in my free
time but if there is someway of sponsoring this kind of work it might help
accelerating this feature.

Best,
Yevgeny

On Tue, Nov 26, 2019, 3:17 PM Andrei Zeliankou <zelenkov@nginx.com> wrote:

> Hi Yevgeny,
>
> Currently, nginx has no support of compiling parts of source as standalone
> library. It's quite sophisticated problem and there is no short term
> plans to
> implement it. If you succeed in developing a library or fuzz targets -
> please
> let us know, we are interested in solving these problems for nginx.
>
> Regards,
> Andrei Zeliankou
>
>
> > On 25 Nov 2019, at 19:35, Yevgeny Pats <yp@fuzzit.dev> wrote:
> >
> > Hey Andrei,
> >
> > Thanks for your response. Both libFuzzer and AFL needs to collect
> coverage somehow to operate efficiently and find bugs.
> >
> > I'm not very familiar yet with nginx code base but I did integrate fuzz
> targets for envoy proxy so maybe we can do something similar.
> >
> > Is it possible for example to compile only parts of nginx to a
> standalone library? (some of the parsing code that has no other
> dependencies).
> >
> > Best,
> > Yevgeny
> >
> > On Mon, Nov 25, 2019 at 4:07 PM Andrei Zeliankou <zelenkov@nginx.com>
> wrote:
> >
> >
> > > On 22 Nov 2019, at 19:42, Yevgeny Pats <yp@fuzzit.dev> wrote:
> > >
> > > Hey Team,
> > >
> > > I'm Yevgeny Pats, Founder of Fuzzit.
> > >
> > > I'm not sure about the current state of fuzzing in Nginx but I thought
> it was worth asking/discussing.
> > >
> > > If adding new fuzz targets to nginx and running those continuously as
> part of the CI is interesting I'll be happy to help both write some of the
> fuzz target as well as help integrate the fuzz target to Fuzzit (we have a
> free plan for OSS projects).
> > >
> > > Would love to hear your thoughts as well as answer any questions about
> Fuzzit service that you might have.
> > >
> > > Cheers,
> > > Yevgeny
> > > _______________________________________________
> > > nginx-devel mailing list
> > > nginx-devel@nginx.org
> > > http://mailman.nginx.org/mailman/listinfo/nginx-devel
> >
> >
> > Hi Yevgeny,
> >
> > Currently, nginx has no library so it's not possible to use fuzz targets.
> > Possible way to fuzz nginx is in binary mode (e.g. routing fuzz input to
> the
> > listen socket). Is it possible to run continuously fuzzing in Fuzzit
> > without fuzz targets?
> >
> > --
> > Andrei Zeliankou
> >
> >
> >
> >
> >
> > _______________________________________________
> > nginx-devel mailing list
> > nginx-devel@nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx-devel
> > _______________________________________________
> > nginx-devel mailing list
> > nginx-devel@nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
>
>
>
>
>
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

Continuous Fuzzing

Yevgeny Pats 57 November 22, 2019 11:44AM

Re: Continuous Fuzzing

Andrei Zeliankou 56 November 25, 2019 09:08AM

Re: Continuous Fuzzing

Yevgeny Pats 17 November 25, 2019 11:36AM

Re: Continuous Fuzzing

Andrei Zeliankou 36 November 26, 2019 08:18AM

Re: Continuous Fuzzing

Yevgeny Pats 35 November 27, 2019 06:34AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 80
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready