|
|
|
|
|
|
by cschneid
4071 days ago
|
|
|
The afl fuzzer relies on compiling C code with its own compiler, so I think it's limited to only C based programs. What you may want is to use something like `quickcheck` (scalacheck or clojure's test.check I guess?) to send lots of "arbitrary" xml at your code and see what breaks. With sufficiently interesting definitions of "arbitrary" you can probably find bugs. That approach would be testing inside the process, as opposed to passing in whole http requests. But if you know a section of code is more vulnerable than others, focus on it. No need to test all of tomcat's http parsing when you really care about your specific library. |
|
|
Rust is designed to be memory safe by default, but fuzzing is still useful for testing unsafe code, and for finding assertion failures.