Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Go Fuzz
Search
Oleg Kovalov
January 15, 2019
Programming
79
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Go Fuzz
Oleg Kovalov
January 15, 2019
More Decks by Oleg Kovalov
See All by Oleg Kovalov
Embedded Postgres in Go
olegkovalov
0
38
Hedged requests in Go
olegkovalov
0
420
Writing faster Redis client
olegkovalov
0
220
Moments before main()
olegkovalov
0
110
За пару мгновений до main() [RUS]
olegkovalov
1
650
Bencode - serializer and deserializer in Go
olegkovalov
0
670
impguard - protect your project structure
olegkovalov
0
760
Versioning
olegkovalov
0
140
Modifiability
olegkovalov
0
140
Other Decks in Programming
See All in Programming
Contextとはなにか
chiroruxx
1
370
気づいたらRubyで100作品 ー クリエイティブコーディングが生活の一部になるまで / 100 Ruby Sketches Later: How Creative Coding Became Part of My Life
chobishiba
3
610
1B+ /day規模のログを管理する技術
broadleaf
0
110
スマートグラスで並列バイブコーディング
hyshu
0
260
Performance Engineering for Everyone
elenatanasoiu
0
220
Oxlintのカスタムルールの現況
syumai
6
1.2k
さぁV100、メモリをお食べ・・・
nilpe
0
150
エンジニア向け会社紹介/Findy Company Profile
findyinc
6
350k
Language Server 使ってる? 〜VSCode と Zed の場合〜 / Are you using a Language Server? ~For VS Code and Zed~
handlename
0
800
脅威をエンジニアリングの糧にして――現場編 / Turning Threats into Engineering Fuel — Field Edition
nrslib
0
300
そのテスト、説明できますか?~LWテスト戦略FW~のご紹介
nakahara
0
160
正しくソフトウェアを作る、前提を疑うための認知の視点 / doubt-premise
minodriven
21
7k
Featured
See All Featured
We Analyzed 250 Million AI Search Results: Here's What I Found
joshbly
1
1.4k
Navigating the moral maze — ethical principles for Al-driven product design
skipperchong
2
400
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
55k
More Than Pixels: Becoming A User Experience Designer
marktimemedia
3
450
How to Talk to Developers About Accessibility
jct
2
250
Testing 201, or: Great Expectations
jmmastey
46
8.2k
Stewardship and Sustainability of Urban and Community Forests
pwiseman
0
230
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
23k
Information Architects: The Missing Link in Design Systems
soysaucechin
0
980
Neural Spatial Audio Processing for Sound Field Analysis and Control
skoyamalab
0
340
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
170
Lightning Talk: Beautiful Slides for Beginners
inesmontani
PRO
2
580
Transcript
go-fuzz or new unit testing WARSAW, JAN 15 2019 Oleg
Kovalov Allegro Twitter: oleg_kovalov Github: cristaloleg
Me - Gopher for ~3 years - Open-source contributor -
Engineer at Allegro.pl core team Twitter: @oleg_kovalov Github: @cristaloleg
Everything start from the Wikipedia Fuzzing is a software testing
technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program.
go-fuzz - Made by The Dmitry Vyukov aka Bug Slaughterer
at Google - 300+ fixes in Go compiler and stdlib - +inf in the wild, or more - See AFL and syzkaller
What to test? - text format/media codecs - crypto -
network protocols - compression - compilers, interpreters, databases - or anything where you can pass []byte
- horribly easy to use - no human interaction -
designed for computers But why fuzzing?
- out-of-bounds accesses - nil derefs - division by 0/floating-point
- infinite loops - Segfaults (CGo) - … What it may (and will) find?
How does it work? 1. Instrument program for code coverage
2. Collect initial corpus of inputs for { 3. Randomly mutate an input from the corpus 4. Execute and collect coverage if the input gives new coverage { 5. Add the input to corpus } } One cozy loop
func SafeFunc(input string) { if input[0] == 'A' { if
input[1] == 'B' { if input[2] == 'C' { if input[3] == 'D' { print(input[4]) // }}}}} Brute force generation O(2^8^4) = O(2^32) tries. Bruteforce “SafeFunc”
func SafeFunc(input string) { if input[0] == 'A' { if
input[1] == 'B' { if input[2] == 'C' { if input[3] == 'D' { print(input[4]) // }}}}} Brute force generation O(2^8^4) = O(2^32) tries. 0. {} 1. {"A"} 2. {"A", "AB"} 3. {"A", "AB", "ABC"} 4. {"A", "AB", "ABC", "ABCD"} Coverage-guided fuzzer needs O(4 * 2^8) = O(2^10) tries. Smartforce “SafeFunc”
So how to run it? $ go get github.com/dvyukov/go-fuzz/go-fuzz $
go get github.com/dvyukov/go-fuzz/go-fuzz-build # build an executable $ go-fuzz-build github.com/pkg/mypkg # run fuzzing $ go-fuzz -bin=./mypkg-fuzz.zip -workdir=workdir # and follow the logs workers: 8, corpus: 1525 (6s ago), crashers: 6, execs: 0 (0/sec), cover: 1651, uptime: 6s workers: 8, corpus: 1525 (9s ago), crashers: 6, execs: 16787 (1860/sec), cover: 1651, uptime: 9s workers: 8, corpus: 1525 (12s ago), crashers: 6, execs: 29840 (2482/sec), cover: 1651, uptime: 12s Fuzzing
func Fuzz([]byte) int // +build gofuzz package mypkg func Fuzz(data
[]byte) int { _, err := WellTestedFunc(string(data)) if err != nil { return 0 } return 1 } 95% fuzz funcs
- do not run on each build - but run
regularly - fuzz 1 func at time - it’s not unit test replacement - SecOps be aware (doesn’t work with go modules?) Best practices
That’s all folks Thank you Questions? Twitter: @oleg_kovalov Github: @cristaloleg