starred/mkcert
1
0
Fork 0
mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 05:26:03 +03:00
Code Issues 165 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #189] Suggestion: Continuous Fuzzing #120

New issue
Closed
opened 2026-02-25 22:32:39 +03:00 by kerem · 2 comments
kerem commented 2026-02-25 22:32:39 +03:00
Owner
Copy link

Originally created by @yevgenypats on GitHub (Aug 15, 2019).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/189

Hi, I'm Yevgeny Pats Founder of Fuzzit - Continuous fuzzing as a service platform.

We have a free plan for OSS and I would be happy to contribute a PR if that's interesting.
The PR will include the following

  • go-fuzz fuzzers
  • Continuous Fuzzing of master branch which will generate new corpus and look for new crashes
  • Regression on every PR that will run the fuzzers through all the generated corpus and fixed crashes from previous step. This will prevent new or old bugs from crippling into master.

You can see our basic example here and you can see an example of "in the wild" integration here.

Let me know if this is something worth working on.

Also, we have a reward program. If you are interested in implementing the fuzzers and the integration yourself I’ll be happy to reward you as well as to get unbiased feedback on how smooth the integration was.

Cheers,
Yevgeny

Originally created by @yevgenypats on GitHub (Aug 15, 2019). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/189 Hi, I'm Yevgeny Pats Founder of [Fuzzit](https://fuzzit.dev) - Continuous fuzzing as a service platform. We have a free plan for OSS and I would be happy to contribute a PR if that's interesting. The PR will include the following - [go-fuzz](https://github.com/dvyukov/go-fuzz) fuzzers - Continuous Fuzzing of master branch which will generate new corpus and look for new crashes - Regression on every PR that will run the fuzzers through all the generated corpus and fixed crashes from previous step. This will prevent new or old bugs from crippling into master. You can see our basic example [here](https://github.com/fuzzitdev/example-go) and you can see an example of "in the wild" integration [here](https://github.com/google/syzkaller). Let me know if this is something worth working on. Also, we have a [reward](https://fuzzit.dev/2019/08/12/announcing-rewards-for-go-rust-oss-projects/) program. If you are interested in implementing the fuzzers and the integration yourself I’ll be happy to reward you as well as to get unbiased feedback on how smooth the integration was. Cheers, Yevgeny
kerem closed this issue 2026-02-25 22:32:39 +03:00
kerem commented 2026-02-25 22:32:39 +03:00
Author
Owner
Copy link

@FiloSottile commented on GitHub (Aug 16, 2019):

Hey, as the security coordinator of the Go project, I am always happy to see projects expanding the availability of fuzzing to the ecosystem, and the reward program looks interesting! But as the maintainer of mkcert, I should point out mkcert is not a good target for fuzzing, and you probably could have come to that conclusion by looking into it, so this feels a little spammy :)

<!-- gh-comment-id:522118271 --> @FiloSottile commented on GitHub (Aug 16, 2019): Hey, as the security coordinator of the Go project, I am always happy to see projects expanding the availability of fuzzing to the ecosystem, and the reward program looks interesting! But as the maintainer of mkcert, I should point out mkcert is not a good target for fuzzing, and you probably could have come to that conclusion by looking into it, so this feels a little spammy :)
kerem commented 2026-02-25 22:32:39 +03:00
Author
Owner
Copy link

@yevgenypats commented on GitHub (Aug 16, 2019):

Hi @FiloSottile thanks for the reply. I offered this because I saw that this is a popular and somewhat security related library. of course I cant deep dive into every project before offering free contribution as we are not Google yet:) It is indeed looks like not a great target for fuzzing though there might be a few functions that are somehow fuzzable. Anyway feel free to ping if you think this might relevant for this or other of your Go/Rust projects in the future.

Cheers,
Yevgeny

<!-- gh-comment-id:522145449 --> @yevgenypats commented on GitHub (Aug 16, 2019): Hi @FiloSottile thanks for the reply. I offered this because I saw that this is a popular and somewhat security related library. of course I cant deep dive into every project before offering free contribution as we are not Google yet:) It is indeed looks like not a great target for fuzzing though there might be a few functions that are somehow fuzzable. Anyway feel free to ping if you think this might relevant for this or other of your Go/Rust projects in the future. Cheers, Yevgeny
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.2.0
v1.1.2
v1.1.1
v1.1.0
v1.0.1
v1.0.0
v0.9.1
v0.9.0
Labels
Clear labels   
TLS stack issue

   
Windows

   
bug

   
duplicate

   
duplicate

   
enhancement

   
help wanted

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question

   
root store

   
waiting for info
No labels
TLS stack issue
Windows
bug
duplicate
duplicate
enhancement
help wanted
help wanted
pull-request
question
question
root store
waiting for info
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/mkcert#120
No description provided.