AgentBaker/fuzz
..
api
README.md

README.md

Fuzz testing

Agentbaker exposes a large input surface to its public API.

Namely, NodeBootstrappingConfiguration is an enormous struct.

It has heavy duplication from organic evolution and little defense against malicious input.

This makes it a prime candidate for fuzz testing.

Fuzz targets

We currently have one fuzz target:

  • api fuzzes baker.GetNodeBootstrapping to test custom data generation.

It generates random data as input and attempts to decode it as JSON into NodeBootstrappingConfiguration.

If decode fails, we assume it is invalid and deprioritize the fuzz input.

If encode succeeds, we assume it is a valid input to Agentbaker.

We then run the fuzz target function (GetNodeBootstrapping) on the input and check for panics.

If it exits successfully, we assume the fuzz input is valid, and return 0 or 1 to tell the fuzzer so it may add it to the test corpus.

Continuous integration

We currently have 3 fuzzing pipelines.

  • 'batch' mode runs continuously to a set time limit. It finds as many crashes as possible and adds them to the corpus.
  • an official build job which runs no real tests, but is used by the fuzzer to track introduced regressions by comparing old fuzzer builds.
  • a pruning and coverage generation job, which both updates the corpus and generates coverage reports to github pages.

The corpus is stored in a personal github repository (it can be easily moved), and will be generated from scratch if empty.

The current corpus is https://github.com/alexeldeib/agentbaker-corpus.

Coverage reports are on the gh-pages branch, published to https://alexeldeib.github.io/agentbaker-corpus/coverage/latest/report/index.html#file0

The pipline definitions are defined in the following locations: