►
From YouTube: Adding coverage guided fuzz testing to a project
Description
Principal PM Sam Kerr walks you through how to add fuzz testing to a basic Go application!
Fuzzing documentation: https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing/#coverage-guided-fuzz-testing-ultimate
Fuzz testing direction page: https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing/
A
Hi,
I'm
sam
kerr,
I'm
a
principal
product
manager
here
at
gitlab
in
this
video,
I'm
going
to
walk
you
through
a
basic
example
of
how
you
would
add,
gitlab's
new
coverage,
guided
fuzz
testing
to
a
very
basic
go
application,
and
so
with
that,
let
me
share
my
screen
and
we
will
jump
right
into
this.
So
the
screen
that
I'm
showing
right
now
this
is
a
repository
hosted
in
gitlab
for
our
basic
go
application.
A
A
So
if
you'll
notice
it's
checking
for
if
the
length
is
six,
but
it's
actually
looking
for
seven
letters
total.
So
this
is
going
to
be
what's
commonly
known
as
an
off
by
one
error.
The
program
when
it
is
run
in
that
case
is
going
to
look
at
more
data
than
it
has
available
and
that's
going
to
cause
an
error
and
that's
what
we're
hoping
to
find
as
part
of
fuzz
testing.
A
So
if
we
go
back
to
our
repository,
let's
open
the
web
ide
to
start
looking
at
some
of
the
other
files
that
are
in
this
repo,
so
one
of
the
first
things
you
want
to
do
as
part
of
adding
coverage
guide.
Fuzz
testing
to
any
project
is
figuring
out
the
function
that
you
want
to
fuzz.
In
our
case,
this
parts
complex
function
and
then
writing,
what's
called
a
fuzz
test,
harness
to
tell
the
fuzzer
how
to
actually
fuzz
it,
and
so
what
I've
got
open
right
now
is
we're
calling
parse
complex
fuzz.go
you
can
see.
A
This
is
again
a
very
simple
function.
It's
only
got
one
function
in
it
named
fuzz.
It
takes
an
input
data
and
this
is
going
to
be
coming
from
the
fuzzing
engine
itself,
and
this
is
going
to
be
random
data.
It
could
have
all
sorts
of
contents,
it
could
be
various
links,
and
this
is
what
we
want
to
pass
to
our
application
to
hopefully
find
all
those
bugs
and
security
vulnerabilities
that
live
inside
of
it.
A
So
inside
this
fuzz
function
to
tell
the
fuzzer
to
run
our
parts
complex
function.
All
we're
going
to
do
is
invoke
that
parse
complex
function,
using
the
data
that
the
fuzz
tester
provides,
and
that's
all
there
is
to
it.
This
is
how
the
fuzzer
will
run
and
test
our
application
in
your
own
apps.
This
is
really
going
to
be
the
part
where
you
would
configure
the
fuzzer
to
load
files
from
disk
pass
them
to
your
different
functions.
A
A
So
you
can
see
here.
I've
got
our
gitlab
ci
file
open
for
this
repository
and
we're
doing
two
things
here
to
add
coverage
guide,
fuzz
testing
to
the
pipeline
so
step.
One
is
that
we're
always
going
to
have
to
include
the
get
lab
coverage.
Fuzz
testing
template
file
into
our
pipeline,
and
so
the
way
that
we
would
do
that
is
just
include
it
as
you
would
any
other
template
in
get
lab.
This
is
going
to
be
coverage
as
dash
fuzzing.gitlabci.yaml.
A
Fuzzing
template
file
that
we
included
earlier,
and
it
already
has
all
the
necessary
setup
and
configuration
done
inside
the
template.
All
we
have
to
do
is
configure
how
we
would
run
our
specific
app
through
that
template
and
so
to
do
that.
What
we'll
do
is
define
the
docker
image
that
should
it
should
be
run
in,
and
this
is
going
to
be
specific
to
the
language
that
we're
running,
because
we
wrote
our
application
in
go
we're
using
the
go
image
you
can
see
there.
A
A
Additionally,
we
are
defining
a
few
script
steps
in
our
job,
which
do
a
few
different
things.
The
first
of
these
is
going
to
be
building
our
go
application
so
that
it's
ready
to
be
fuzzed,
we're
going
to
be
including
this
lib
fuzzer
here
and
compiling
all
of
those
application
files
into
my
fuzz
target.a.
A
And
finally,
what
we're
going
to
be
doing
is
taking
that
my
fuzz
target
and
passing
it
as
an
input
to
the
get
lab
cover
fuzz
tool,
we're
going
to
be
saying
that
we
want
to
run
the
fuzz
testing
and
that
we
want
to
potentially
use
the
regression
flag.
This
could
be
set
by
a
variable
as
part
of
our
pipeline.
If
we
wished
I'm
not
going
to
go
into
too
much
more
about
the
regression
flag.
A
A
So
now
that
we're
back
at
our
repo,
what
we'll
do
is
go
to
our
pipeline
tab
and
using
all
of
the
different
things
that
we
added
into
our
ci
file.
What
we're
going
to
do
is
select
our
correct
branch,
add
fuzz
testing
and
we're
just
going
to
run
the
pipeline.
That's
all
we're
going
to
do,
and
one
thing
I
did
want
to
point
out
as
part
of
this
pipeline.
We
are
running
fuzz
testing,
but
we're
also
running
sas.
A
All
of
our
jobs
have
finished
some
green
and
some
yellow,
notably
both
of
our
sas
jobs,
one
for
running
gosek,
as
well
as
secret
detection.
Those
have
both
passed.
They
found
no
vulnerabilities,
however,
our
fuzz
job,
my
fuzz
target,
is
marked
orange,
which
means
it
failed.
Let's
take
a
look
and
see
what
it
found.
A
So
you'll
notice
immediately
as
part
of
this
log
that
we
can
see
a
lot
of
different
information
here,
but
what's
really
eye-catching
here.
Is
this
error
as
part
of
running
the
job?
The
fuzzer
found
an
application
crash,
and
if
we
look
further
through
the
output,
we
see
a
stack
trace
which
tells
us
more
about
where
the
crash
happens
and
also
we'll
see
the
input
specifically
that
crashed
it.
This
fuzzing
strain
and
exactly
as
we
predicted
that
is
exercising
that
off
by
one
error
that
lives
in
the
app,
which
is
what
got
us
that
crash.
A
So
this
job
output
has
a
lot
of
great
information
in
it.
You
can
go
view
the
artifacts
to
see
the
sorts
of
inputs
that
cause
crashes,
more
information
about
how
the
runs
were
done.
But
if
we
go
back
to
our
pipeline
view,
I
want
to
highlight
a
different
way
that
you
would
look
at
this,
and
that
is
as
part
of
our
security
tab
after
the
fuzz
test
is
run
all
of
the
individual
crashes
and
the
results
that
the
fuzzer
found
are
going
to
be
reported
in
our
security
tab.
A
So
you
can
easily
view
and
triage
your
most
critical
faults
that
happened
and
get
more
information
about
them.
If
we
click
on
one,
we
can
see
again
that
that
stack
trace
that
I
highlighted
it's
directly
here
in
the
vulnerability,
so
you
can
immediately
read
it.
We
have
some
additional
metadata
about
what
type
of
crash
it
was
and
some
more
information
about
what
type
of
fuzzer
specifically
was
used
to
find
it.
A
And
so,
if
we
go
back
to
our
repo
and
we
look
at
our
ci
file
again
just
to
recap,
we
went
through
a
few
different
things.
As
part
of
today's
video.
We
talked
about
how
you
would
add
coverage,
guided
fuzz
testing
to
a
job
to
a
repo
in
get
lab,
the
first
step
being
that
you
would
create
a
fuzz
test
harness
which
tells
the
fuzzer
how
to
run
your
application
lens
testing
it.
A
You
configure
your
ci
yaml
file
to
do
two
things,
one
which
would
include
the
coverage,
guided,
fuzz
testing,
template
and
then
secondarily
defining
how
to
build
that
fuzz
test,
harness
that
you
created
previously,
and
that
is
a
very
quick
guide
on
how
you
would
add
coverage
guide.
Fuzz
testing
to
your
own
applications
hosted
in
gitlab.
A
If
you
want
more
information,
our
gitlab
product
documentation
is
always
available.
We'd
love
to
hear
from
you
on
an
issue.
If
you
want
to
create
an
issue,
you
can
ping
the
fuzzing
team,
or
you
can
ping
myself
again,
I'm
sam
kerr,
my
handle
is
at
st
curve
and
we
would
love
to
hear
about
your
experience
with
fuzz
testing,
whether
it's
good,
bad
or
ugly,
we'd
love
to
hear
more
hear
what
you're
doing
with
it.
Thank
you
very
much
for
your
time
appreciate
it.