Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Go Fuzz
Search
Oleg Kovalov
January 15, 2019
Programming
79
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Go Fuzz
Oleg Kovalov
January 15, 2019
More Decks by Oleg Kovalov
See All by Oleg Kovalov
Embedded Postgres in Go
olegkovalov
0
38
Hedged requests in Go
olegkovalov
0
420
Writing faster Redis client
olegkovalov
0
220
Moments before main()
olegkovalov
0
110
За пару мгновений до main() [RUS]
olegkovalov
1
650
Bencode - serializer and deserializer in Go
olegkovalov
0
670
impguard - protect your project structure
olegkovalov
0
760
Versioning
olegkovalov
0
140
Modifiability
olegkovalov
0
140
Other Decks in Programming
See All in Programming
Go1.27で導入されるジェネリクスメソッドでできること
mackee
0
180
LLM本来の能力を解き放つサンドボックス技術とAI民主化への適用
yukukotani
3
4.5k
Spring Security 実践 ─ GraphQL APIで実務に役立つ 認証・認可 を学ぶ
wagyu
0
260
メソッドのジェネリクスでGoの夢は広がるか? / Kyoto.go #65
utgwkk
3
940
エンジニア向け会社紹介/Findy Company Profile
findyinc
6
350k
エージェンティックRAGにAWSで入門しよう!
har1101
9
1.7k
技術記事、 専門家としてのプログラマ、 言語化
mizchi
13
6.5k
Lessons from Spec-Driven Development
simas
PRO
0
220
Observability in Practice:Grafana 與 Edge Device SRE 的那些事
blueswen
0
180
Mujeres en SEO Summit 2026 - Greatest Disaster Hits en Web Performance
guaca
0
200
Dataformのリポジトリを立ち上げるときにまずやること / dataform-day0-2026
snhryt
0
180
トークンをケチるな、設計しろ:GitHub Copilotを賢く使うコンテキスト戦略
ochtum
0
170
Featured
See All Featured
Stewardship and Sustainability of Urban and Community Forests
pwiseman
0
230
Amusing Abliteration
ianozsvald
1
210
GitHub's CSS Performance
jonrohan
1033
470k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
201
75k
Git: the NoSQL Database
bkeepers
PRO
432
67k
ラッコキーワード サービス紹介資料
rakko
1
3.7M
Measuring & Analyzing Core Web Vitals
bluesmoon
9
870
Visual Storytelling: How to be a Superhuman Communicator
reverentgeek
2
560
sira's awesome portfolio website redesign presentation
elsirapls
0
280
Lightning Talk: Beautiful Slides for Beginners
inesmontani
PRO
2
580
Test your architecture with Archunit
thirion
1
2.3k
Making the Leap to Tech Lead
cromwellryan
135
9.9k
Transcript
go-fuzz or new unit testing WARSAW, JAN 15 2019 Oleg
Kovalov Allegro Twitter: oleg_kovalov Github: cristaloleg
Me - Gopher for ~3 years - Open-source contributor -
Engineer at Allegro.pl core team Twitter: @oleg_kovalov Github: @cristaloleg
Everything start from the Wikipedia Fuzzing is a software testing
technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program.
go-fuzz - Made by The Dmitry Vyukov aka Bug Slaughterer
at Google - 300+ fixes in Go compiler and stdlib - +inf in the wild, or more - See AFL and syzkaller
What to test? - text format/media codecs - crypto -
network protocols - compression - compilers, interpreters, databases - or anything where you can pass []byte
- horribly easy to use - no human interaction -
designed for computers But why fuzzing?
- out-of-bounds accesses - nil derefs - division by 0/floating-point
- infinite loops - Segfaults (CGo) - … What it may (and will) find?
How does it work? 1. Instrument program for code coverage
2. Collect initial corpus of inputs for { 3. Randomly mutate an input from the corpus 4. Execute and collect coverage if the input gives new coverage { 5. Add the input to corpus } } One cozy loop
func SafeFunc(input string) { if input[0] == 'A' { if
input[1] == 'B' { if input[2] == 'C' { if input[3] == 'D' { print(input[4]) // }}}}} Brute force generation O(2^8^4) = O(2^32) tries. Bruteforce “SafeFunc”
func SafeFunc(input string) { if input[0] == 'A' { if
input[1] == 'B' { if input[2] == 'C' { if input[3] == 'D' { print(input[4]) // }}}}} Brute force generation O(2^8^4) = O(2^32) tries. 0. {} 1. {"A"} 2. {"A", "AB"} 3. {"A", "AB", "ABC"} 4. {"A", "AB", "ABC", "ABCD"} Coverage-guided fuzzer needs O(4 * 2^8) = O(2^10) tries. Smartforce “SafeFunc”
So how to run it? $ go get github.com/dvyukov/go-fuzz/go-fuzz $
go get github.com/dvyukov/go-fuzz/go-fuzz-build # build an executable $ go-fuzz-build github.com/pkg/mypkg # run fuzzing $ go-fuzz -bin=./mypkg-fuzz.zip -workdir=workdir # and follow the logs workers: 8, corpus: 1525 (6s ago), crashers: 6, execs: 0 (0/sec), cover: 1651, uptime: 6s workers: 8, corpus: 1525 (9s ago), crashers: 6, execs: 16787 (1860/sec), cover: 1651, uptime: 9s workers: 8, corpus: 1525 (12s ago), crashers: 6, execs: 29840 (2482/sec), cover: 1651, uptime: 12s Fuzzing
func Fuzz([]byte) int // +build gofuzz package mypkg func Fuzz(data
[]byte) int { _, err := WellTestedFunc(string(data)) if err != nil { return 0 } return 1 } 95% fuzz funcs
- do not run on each build - but run
regularly - fuzz 1 func at time - it’s not unit test replacement - SecOps be aware (doesn’t work with go modules?) Best practices
That’s all folks Thank you Questions? Twitter: @oleg_kovalov Github: @cristaloleg