Continuous Fuzzing

Andrei Zeliankou zelenkov at nginx.com
Tue Nov 26 13:17:14 UTC 2019 

Hi Yevgeny,

Currently, nginx has no support of compiling parts of source as standalone
library.  It's quite sophisticated problem and there is no short term plans to
implement it.  If you succeed in developing a library or fuzz targets - please
let us know, we are interested in solving these problems for nginx.

Regards,
Andrei Zeliankou


> On 25 Nov 2019, at 19:35, Yevgeny Pats <yp at fuzzit.dev> wrote:
> 
> Hey Andrei,
> 
> Thanks for your response. Both libFuzzer and AFL needs to collect coverage somehow to operate efficiently and find bugs. 
> 
> I'm not very familiar yet with nginx code base but I did integrate fuzz targets for envoy proxy so maybe we can do something similar.
> 
> Is it possible for example to compile only parts of nginx to a standalone library? (some of the parsing code that has no other dependencies).
> 
> Best,
> Yevgeny
> 
> On Mon, Nov 25, 2019 at 4:07 PM Andrei Zeliankou <zelenkov at nginx.com> wrote:
> 
> 
> > On 22 Nov 2019, at 19:42, Yevgeny Pats <yp at fuzzit.dev> wrote:
> > 
> > Hey Team,
> > 
> > I'm Yevgeny Pats, Founder of Fuzzit.
> > 
> > I'm not sure about the current state of fuzzing in Nginx but I thought it was worth asking/discussing.
> > 
> > If adding new fuzz targets to nginx and running those continuously as part of the CI is interesting I'll be happy to help both write some of the fuzz target as well as help integrate the fuzz target to Fuzzit (we have a free plan for OSS projects).
> > 
> > Would love to hear your thoughts as well as answer any questions about Fuzzit service that you might have.
> > 
> > Cheers,
> > Yevgeny
> > _______________________________________________
> > nginx-devel mailing list
> > nginx-devel at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx-devel
> 
> 
> Hi Yevgeny,
> 
> Currently, nginx has no library so it's not possible to use fuzz targets.
> Possible way to fuzz nginx is in binary mode (e.g. routing fuzz input to the
> listen socket). Is it possible to run continuously fuzzing in Fuzzit
> without fuzz targets?
> 
> --
> Andrei Zeliankou
> 
> 
> 
> 
> 
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel

More information about the nginx-devel mailing list