required reading
Fuzz testing is a software testing technique used to find security and stability issues by providing pseudo-random data as input to software. American fuzzy lop is a popular, effective, and modern fuzz testing tool. afl.rs, allows one to run AFL on code written in the Rust programming language.
okay so what's this update
If you've tried using afl.rs before, you know the workflow wasn't easy.
Over the past couple weekends, I rewrote the crate and redesigned the workflow, so hopefully it'll be a lot easier to use. In particular, afl.rs...
- no longer requires unstable Rust features
- works on all Rust channels (stable, beta, nightly)
- no longer requires modifying crate dependencies; just write the fuzz target and all crate dependencies get instrumented
- is Linux-only for now, but if this Rust bug gets fixed, it'll also work on macOS
- no longer requires Docker (unless you're on macOS or Windows – see the last bullet point)
For a more technical understanding of the differences (and some of the history) see this rustc issue and this cargo-fuzz issue and this afl.rs PR.
What does the new workflow look like? Here's a little (only two minutes!) screen recording I threw together showing the whole fuzzing process from start to finish (fuzzing rust-url):
I wrote a (overly brief) written description/tutorial of this new workflow in the Rust Fuzz Book. Soo if you want to try afl.rs out, I recommend reading that section in the book and if you come across any issues in the docs (or if they'res confusing), go ahead and open an issue on that repo.
In the future, I'm looking to extend cargo-fuzz to support afl.rs so one can use multiple fuzzers (libfuzzer and AFL) with a single fuzz target.
As always, if you find any bugs in software while fuzzing, add the bug to our trophy case
Happy fuzzing!