[Mailman-Developers] Fwd: [Python-Dev] [ANNOUNCE] fuzzpy

Terri Oda terri at toybox.ca
Mon Feb 29 08:53:13 EST 2016 

I know I was talking to someone a while ago about maybe doing some fuzz 
testing on Mailman.  If anyone's interested, this might be a tool worth 
trying out:


-------- Forwarded Message --------
Subject: 	[Python-Dev] [ANNOUNCE] fuzzpy
Date: 	Sun, 28 Feb 2016 21:44:39 -0600
From: 	Brian Cain <brian.cain at gmail.com>
To: 	python-dev at python.org



##################################################################

    *---------------------------------------------------*
    *    fuzzpy: CPython fuzz tester is now available   *
    *                                         Â
        *
    *                   Version 0.8               Â
    *
    *        https://bitbucket.org/ebadf/fuzzpy/        *
    *---------------------------------------------------*

I am pleased to announce the creation of a coverage-guided fuzz tester
for CPython.  It's a pretty small wrapper around LLVM's libFuzzer that
enables some powerful testing logic.  AFL (American Fuzzy Lop) is
another popular fuzzer lately -- libFuzzer is very similar in concept to
AFL.  From what I've read on list archives, Victor Stinner had
previously done some good fuzz testing on CPython using fusil.  This
project should expand on that concept.

I'd love to get feedback, suggestions, patches and anything else the
list can offer.


Q: What is fuzzpy for?
A: It's primarily for testing CPython itself, but could also be used for
individual python projects too.  Pure-python projects will be the
simplest to integrate at this point.  Also, interesting test cases
output by fuzzpy may end up being useful in testing others such as pypy,
pyston, etc.

Q: What is a fuzz tester?
A: It modifies inputs to a test case in order to find unique/rare failures.

Q: What does "coverage-guided" mean?
A: It means that libFuzzer is able to witness the specific code executed
as a result of a given test case.  It feeds this information back into
an engine to modify the test cases to optimize for coverage.

Q: How can I help?
A1: donate cycles: build the project and crank away on one of the
existing tests.  Relative to other common fuzzing, it's awfully slow,
so consider throwing as many cycles as you can afford to.
A2: contribute tests: write a ~10-line python script that exercises a
feature that you think could benefit from fuzz testing.
A3: if there's interest, I can accept cryptocoin donations to purchase
cycles on a cloud server.


##################################################################


-- 
-Brian


-------------- next part --------------
_______________________________________________
Python-Dev mailing list
Python-Dev at python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: https://mail.python.org/mailman/options/python-dev/terri%40toybox.ca

More information about the Mailman-Developers mailing list