Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] Fuzzing of mosquitto library and broker
Ok. I will keep my eyes on mailing lists waiting for the news about test suite. =)
 
I have entered the area of fuzzing testing and after some experiments with openssl example (https://google.github.io/clusterfuzz/setting-up-fuzzing/heartbleed-example/) decided to dig a bit into the same area for mosquitto. The reason is relatively simple: lots of IoT devices are managed over MQTT and lots of IoT devices become targets for attacks. So, better testing means less vulnerabilities! =) Besides, fuzzer tries to find vulnerability automatically, so this lazy approach seems to be relatively cheap (especially in comparison to manual testing).
Regarding complexity of fuzzing setup - yes, totally agree with you. Maybe it is possible to begin with some simple cases: mentioned early parts of conversation between client and server would be a great start!
 
Kind regards,
Sergey Grekhov.
 
14.08.2021, 10:03, "Roger Light" <roger@xxxxxxxxxx>:
Hi Sergey,
 
The test suite isn't yet available, I'm still working on it.
 
Do you have a particular interest in fuzzing? I would be very keen on having a fuzzing setup but it seems very complicated for bi directional protocol flows that rely heavily on early parts of the conversation being valid.
 
Regards,
 
Roger
 
On Fri, 13 Aug 2021, 14:30 Sergey Grekhov, <grekhss@xxxxxxxxx> wrote:
The mentioned manual test suite - is it available in the official repository?
 
Kind regards,
Sergey Grekhov.
 
12.08.2021, 22:52, "Roger Light" <roger@xxxxxxxxxx>:
Hi Sergey,
 
We don't do any fuzzing ourselves at the moment. The Software Integrity Group at Synopsys have been kind enough to do some fuzzing in the past using their Defensics tool, and other parties have done fuzzing as well, I can't comment on what fuzzer was used there.
 
As we aren't doing fuzzing we haven't adapted the code to deal with fuzzing, and I can't comment on coverage.
 
I have been developing a manual test suite that exercises as many edge cases of the MQTT protocol as I can manage - this is not fuzzing proper of course, but does achieve many of the same results. I can't tell you coverage off the top of my head, but as this is protocol parsing only I wouldn't expect it to be terribly high. The Defensics fuzzing was also around the MQTT protocol. I know that others have done fuzzing of the config file.
 
Regards,
 
Roger
 
On Thu, 12 Aug 2021, 18:21 Sergey Grekhov, <grekhss@xxxxxxxxx> wrote:
Dear maintainers of mosquitto project!
 
Do you perform fuzzing of your code? If the answer is yes, then is it possible to view the results of this activity? Particularly:
  • which fuzzer do you use?
  • how do you adapt original code to fuzzing?
  • how do you calculate code coverage?
Thank you in advance for your answers!
-- 
Best regards,
Sergey Grekhov
 
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev
,

_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev

 
 
-- 
Best regards,
Sergey Grekhov
 
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev
,

_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev

 
 
-- 
Best regards,
Sergey Grekhov
 

Back to the top