[
https://issues.apache.org/jira/browse/THRIFT-5855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hasnain Lakhani updated THRIFT-5855:
------------------------------------
Description:
Improve fuzzing support so we can make the generated code more robust. In
particular, thrift is currently fuzzed on oss-fuzz, but:
* the build is failing
* it only supports go
* and that fuzzer isn't optimal either
This ticket will be considered complete when there are fuzzers for all the
supported languages on oss-fuzz:
* c
* c++
* Rust
* Go
* Swift
* Python
* Javascript
* Java/JVM (and all of the supported thrift JVM languages here)
Other languages are _initially_ out of scope. As a follow up, do investigate
fuzzing (even if not on oss-fuzz) for other languages, e.g. C#/ruby (TODO: Do a
thorough investigation).
For each language, we want at bare minimum:
* a fuzzer that just deserializes a structure from fuzzer input
* one that ensures things round trip properly
... for each of the supported protocols (e.g. binary/compact).
For languages where this is easy, we should add structure aware fuzzing
support, and/or also test the networking code.
Then, further improve the fuzzers by adding corpora, dictionaries, and doing
fuzz introspector inspection.
I'll update this ticket/file sub-tickets as the work progresses.
was:
Improve fuzzing support so we can make the generated code more robust. In
particular, thrift is currently fuzzed on oss-fuzz, but:
* the build is failing
* it only supports go
* and that fuzzer isn't optimal either
This ticket will be considered complete when there are fuzzers for all the
supported languages on oss-fuzz:
* c
* c++
* Rust
* Go
* Swift
* Python
* Javascript
* Java/JVM (and all of the supported thrift JVM languages here)
Other languages are out of scope.
For each language, we want at bare minimum:
* a fuzzer that just deserializes a structure from fuzzer input
* one that ensures things round trip properly
... for each of the supported protocols (e.g. binary/compact).
For languages where this is easy, we should add structure aware fuzzing
support, and/or also test the networking code.
Then, further improve the fuzzers by adding corpora, dictionaries, and doing
fuzz introspector inspection.
I'll update this ticket/file sub-tickets as the work progresses.
> Improve fuzzing support
> ------------------------
>
> Key: THRIFT-5855
> URL: https://issues.apache.org/jira/browse/THRIFT-5855
> Project: Thrift
> Issue Type: Epic
> Reporter: Hasnain Lakhani
> Assignee: Hasnain Lakhani
> Priority: Major
>
> Improve fuzzing support so we can make the generated code more robust. In
> particular, thrift is currently fuzzed on oss-fuzz, but:
> * the build is failing
> * it only supports go
> * and that fuzzer isn't optimal either
> This ticket will be considered complete when there are fuzzers for all the
> supported languages on oss-fuzz:
> * c
> * c++
> * Rust
> * Go
> * Swift
> * Python
> * Javascript
> * Java/JVM (and all of the supported thrift JVM languages here)
>
> Other languages are _initially_ out of scope. As a follow up, do investigate
> fuzzing (even if not on oss-fuzz) for other languages, e.g. C#/ruby (TODO: Do
> a thorough investigation).
>
> For each language, we want at bare minimum:
> * a fuzzer that just deserializes a structure from fuzzer input
> * one that ensures things round trip properly
> ... for each of the supported protocols (e.g. binary/compact).
> For languages where this is easy, we should add structure aware fuzzing
> support, and/or also test the networking code.
> Then, further improve the fuzzers by adding corpora, dictionaries, and doing
> fuzz introspector inspection.
>
> I'll update this ticket/file sub-tickets as the work progresses.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
