Continuous fuzzing

[bookmoons]

Proposing to integrate with Fuzzit to get some bug discovery running.

This patch writes fuzz to envvars then runs Process() to detect any crashes. A local run has found a corpus of ~100 cases. No crashes so far.

There's a successful build under my Travis account. The PR build will fail due to missing the API key. If it seems interesting setup is like this:

• In Fuzzit create target envconfig.
• In Fuzzit settings grab an API key. In repo settings in Travis paste it to envvar FUZZIT_API_KEY.

[TonyPythoneer]

I don’t understand what it benefits for? Could you introduce?

[bookmoons]

Thanks for looking at it @TonyPythoneer.

Fuzzing runs the program with a bunch of random input and detects crashes. It finds a lot of bugs. It gives you a way to find bugs automatically before your users run into them.

There's a nice article discussing it.

https://docs.google.com/document/d/1N-12_6YBPpF9o4_Zys_E_ZQndmD06wQVAM_0y9nZUIE/edit

go-fuzz has found 200+ bugs in Go stdlib when it was already mature, written by very experienced developers, and used in production for years. Fuzzing has found 15000+ bugs in Chrome; 1500+ bugs in FFMpeg library; and thousands more ([1], [2], [3], [4], [5]). Generally fuzzing finds bugs in any code it is applied for the first time.