►
From YouTube: Coverage guided fuzz testing released in GitLab 13.3!
Description
GitLab is releasing coverage-guided fuzz testing as part of 13.3! Principal PM Sam Kerr walks through what it is and how you can use it in GitLab.
Additional information about our fuzz testing:
* Fuzzing 101 video playlist - https://www.youtube.com/playlist?list=PL05JrBw4t0KoYzW1CR-g1rMc9Xgmnhjfe
* Product documentation - https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing/#coverage-guided-fuzz-testing-ultimate
* Product direction page - https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing/
A
So
the
repository
that
I'm
sharing
my
screen
on
now
is
a
very
simple
c,
plus
plus
application.
It
has
a
vulnerability
in
it
and
we're
going
to
use
git
lab's
brand
new
coverage
guided
fuzz
testing
to
find
it.
What
coverage
fuzz
testing
does
is
it's
trying
many
different,
sometimes
thousands
or
even
millions
of
different
inputs
to
your
app
to
try
and
find
bugs
and
crashes
that
traditional
qa
processes
might
miss.
A
If
we
look
at
the
application
that
we're
going
to
test
with
coverage,
guide,
fuzz
testing,
it's
a
very
basic
one
function,
app
with
this
function
called
test
string
in
it.
You
might
already
be
able
to
see
the
bug
that
we're
hoping
fuzzing
can
find,
namely
this
function
is
taking
a
flag.
It's
comparing
it
against
user,
provided
input
in
this
source
string
and
if
the
flag
and
the
user's
input
match
the
function
will
return
zero.
A
So
if
we
wanted
to
add
fuzz
testing
to
part
of
this
project,
the
only
thing
that
we're
going
to
have
to
do
are
two
different
steps:
one
we're
going
to
add
buzz
testing
to
our
gitlab
ci
yaml
file,
which
is
going
to
be
just
including
a
template,
which
is
this
coverage
fuzzing.gitlabci.yaml
file
and
then
we're
going
to
tell
get
live,
how
to
build
our
fuzzing
target-
and
this
is
fairly
straightforward,
c
plus
plus
this
example
uses
cmake,
but
we
support
new
make
or,
if
you're
just
running
on
the
command
line.
A
You
can
do
that
as
well
and
then
using
our
new
get
lab
cover,
fuzz
binary
to
actually
run
the
fuzz
test.
So
once
we've
started
this
pipeline,
let's
take
a
look
and
see
what
it
looks
like.
So
I've
previously
run
this,
and
our
pipeline
is
two
jobs.
We
notice
that,
after
running
the
fuzz
tester
is
marked
orange,
which
means
it
has
detected
a
failure.
A
So
let's
go
ahead
and
take
a
look
at
what
it's
found
and
sure
enough.
There's
a
big
error
log
here.
The
fuzzer
has
found
that
crash
that
I
pointed
out
earlier
and
it
provides
all
sorts
of
different
information
about
where
it
crashed
and
how
it
crashed
to
allow
you
to
debug
it
or
create
a
bug
and
work
with
your
team
to
figure
out
what's
going
on.
A
So
this
is
the
raw
output
of
the
fuzz
tester,
but
with
git
lab,
you
also
get
all
that
same
information
in
the
same
places,
you're
used
to
seeing
test
results
and
security
results,
namely,
if
you
have
the
security
tab,
all
of
the
different
crashes
found
by
fuzzing
will
be
reported
in
the
same
vulnerability
interface
you're
used
to
it's
going
to
provide
you.
The
crash
address
lots
of
different
information,
specifically
the
stack
trace
to
help
you
debug,
and
then
you
can
dismiss
the
vulnerability.
If
you
don't
think
it's
an
issue,
you
can
add
a
comment.
A
A
A
We
think
that
it's
going
to
make
a
big
difference
on
the
way
that
you
test
for
both
security
and
traditional
sorts
of
bugs
we're
very
excited
to
see
what
you
do
with
it,
and
we
would
love
to
hear
your
feedback
about
what
works
well
or
what
we
could
do
better
I'll
leave
some
links
in
the
description
of
this
video
below
to
our
product
documentation,
our
product
direction,
page
where
you
can
read
more
about
where
we're
going
with
fuzz
testing,
as
well
as
a
number
of
links
to
other
videos.
You
might
find
helpful.