Fuzzing

[sgrif]

It'd be great if we could do some amount of fuzz testing with AFL or another tool. Due to the nature of Diesel I'm not sure how that would even work, but it's something I'm interested in having done.

[cyplo]

Hey ! Any particular areas you would like to see fuzzed first ? data coming from the database connection ? user-supplied queries ? something entirely different ? I can try taking a look into hooking up cargo-fuzz in some nearish future I think.

[killercup]

I would expect parsing the data coming out of the database would be the most interesting. Be warned, though. You'll probably have to do a whole bunch of freaky things to get access to these function in a way you can fuzz them. I was originally thinking stuff like `#[path="../../diesel/pg/lorem/ipsum.rs"] mod ipsum;` in the fuzzer script but I'm not sure if that'd work well.

…

Am 23.05.2017 um 20:57 schrieb Cyryl Płotnicki ***@***.***>: Hey ! Any particular areas you would like to see fuzzed first ? data coming from the database connection ? user-supplied queries ? something entirely different ? I can try taking a look into hooking up cargo-fuzz in some nearish future I think. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[cyplo]

No worries, I consider myself warned now :) If I get to work on this in some time and get stuck - will definitely describe what I did and what worked and what not. thanks a lot !

[Eijebong]

We already have tests for that @killercup (types_roundtrips)

[killercup]

Thank you for giving it a try :) Feel free to drop into gitter if you get stuck, I'm sure we can figure out how to get this working. @Eijebong, sure, but types roundtrips usually only test _valid_ data. Fuzzing makes sure we don't explode when we get invalid data :)

…

Am 23.05.2017 um 21:05 schrieb Cyryl Płotnicki ***@***.***>: No worries, I consider myself warned now :) If I get to work on this in some time and get stuck - will definitely describe what I did and what worked and what not. thanks a lot ! — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[Eijebong]

Oh, ok :)

[cyplo]

Hey, haven't had much luck/time to really take this on so far, feel free to pick it up if someone else is interested. Would love to pair on this one if you want btw. I will take a second look when I'll have some more time. Thank you !