Discover Packages
github.com/sigstore/sigstore/test/fuzz
module
Version:
v0.0.0-...-f5a8a4b
Opens a new window with list of versions in this module.
Published: Aug 8, 2022
License: Apache-2.0
Opens a new window with license information.
README
README
¶
Fuzzing
The fuzzing of sigstore uses go-fuzz for fuzzing.
It is integrated into oss-fuzz https://github.com/google/oss-fuzz/pull/6890 for fuzzing continuously.
Why not use go 1.18 fuzzing?
The go-fuzz can be compatible with libfuzzer
, which is supported by oss-fuzz
.
The go 1.18 doesn't have support for external fuzzer formats yet.
What is corpus?
A set of inputs for a fuzz target. In most contexts, it refers to a set of minimal test inputs that generate maximal code coverage.
https://google.github.io/clusterfuzz/reference/glossary/#corpus
How do I run the fuzzer?
make fuzz
go-fuzz -bin=signature-fuzz.zip -func FuzzED25529SignerVerfier
An example to use the libfuzzer
go-fuzz-build --libfuzzer -func FuzzRSASignerVerfier ./signature/...
and clang -fsanitize=fuzzer reflect-fuzz.a -o fmt.libfuzzer
The libfuzzer
option requires linux
.
Expand ▾
Collapse ▴
Directories
¶
Click to show internal directories.
Click to hide internal directories.