README
¶
yFuzz
yFuzz is a project for running fuzzing jobs at scale with Kubernetes.
This project is still in alpha. While in alpha, the API may be subject to breaking changes.
Table of Contents
Background
Popular fuzzers such as Libfuzzer and AFL have support for running multiple fuzzing processes at once. yFuzz aims to take advantage of this by running each process on a different Kubernetes pod to speed up the fuzzing process.
For open-source projects, this can be done with OSS-Fuzz, with some restrictions:
- The targeted project must be open-source
- The targeted project must have a significant user base, or be critical to the global IT infrastructure
yFuzz aims to be an on-premises solution for distributed fuzzing, so that projects that don't meet these constraints can still be fuzzed.
Additional features to make the fuzzing process easier are also planned, such as automatic generation/suggestion of fuzz targets. We welcome all feedback and suggestions as we consider other use-cases.
Projects
- yFuzz Server: The main API server for yFuzz.
- yFuzz CLI: A command-line interface for interacting with the yFuzz server.
- yFuzz Scripts: Docker image with scripts used by yFuzz containers.
Architecture
The yFuzz API resides in a kubernetes cluster along with the pods that run the fuzzing jobs and a shared volume that holds corpus data to be shared between the pods.
Directory Structure
cmd: Command line utilities.docs: Documentation relating to yFuzz.images: Dockerfiles used by yFuzz.pkg: Shared libraries and packages.scripts: Scripts for CI tooling.services: Long-running services, such as the yfuzz-server.
Contribute
Please refer to the contributing.md file for information about how to get involved. We welcome issues, questions, and pull requests. Pull Requests are welcome
License
This project is licensed under the terms of the Apache 2.0 open source license.
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
yfuzz-cli/api
Package api contains wrapper functions for communicating with the yFuzz API endpoints.
|
Package api contains wrapper functions for communicating with the yFuzz API endpoints. |
|
yfuzz-cli/config
Package config reads configuration information from files.
|
Package config reads configuration information from files. |
|
pkg
|
|
|
schema
Package schema defines the interfaces accepted and returned by the yFuzz API.
|
Package schema defines the interfaces accepted and returned by the yFuzz API. |
|
types
Package types defines some common types used by the rest of the yFuzz server.
|
Package types defines some common types used by the rest of the yFuzz server. |
|
version
Package version contains information on the version and build of yFuzz.
|
Package version contains information on the version and build of yFuzz. |
|
services
|
|
|
yfuzz-server/api
Package api defines all endpoints accessible from the yFuzz API.
|
Package api defines all endpoints accessible from the yFuzz API. |
|
yfuzz-server/config
Package config reads configuration data from files, and generates configurations for testing.
|
Package config reads configuration data from files, and generates configurations for testing. |
|
yfuzz-server/kubernetes
Package kubernetes handles all interactions with the Kubernetes client.
|
Package kubernetes handles all interactions with the Kubernetes client. |
|
yfuzz-server/plugins
Package plugins holds the interfaces for yFuzz to interact with pluggable middleware/routes.
|
Package plugins holds the interfaces for yFuzz to interact with pluggable middleware/routes. |
|
yfuzz-server/plugins/athenz
Package athenz is an authentication/authorization middleware for connecting yFuzz to Athenz (http://www.athenz.io).
|
Package athenz is an authentication/authorization middleware for connecting yFuzz to Athenz (http://www.athenz.io). |
|
yfuzz-server/plugins/mtls
Package mtls is an authentication/authorization middleware for connecting yFuzz with mutual TLS.
|
Package mtls is an authentication/authorization middleware for connecting yFuzz with mutual TLS. |