Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Request for Adding Fuzz Testing to OpenTelemetry-cpp Library #2247

Open
esigo opened this issue Jul 22, 2023 · 4 comments
Open

Request for Adding Fuzz Testing to OpenTelemetry-cpp Library #2247

esigo opened this issue Jul 22, 2023 · 4 comments
Assignees
Labels
do-not-stale triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@esigo
Copy link
Member

esigo commented Jul 22, 2023

Issue Description:

As a part of the OpenTelemetry-cpp community, we would like to request the addition of fuzz testing to the library. Fuzz testing is a valuable technique that complements traditional testing approaches and significantly enhances the overall testing and security of the library.

Why We Need Fuzz Testing:

  1. Bug Detection: Fuzz testing is excellent at finding edge cases and unexpected behavior that may not be discovered using traditional test cases. It can uncover hard-to-detect bugs and corner cases in the codebase.

  2. Security Vulnerability Detection: Fuzz testing can help identify potential security vulnerabilities such as buffer overflows, memory corruption, and other issues that could be exploited by malicious users.

  3. Improved Test Coverage: By generating a wide variety of random inputs, fuzz testing can achieve higher code coverage, ensuring that more parts of the library are exercised during testing.

  4. Early Bug Detection: Fuzz testing can be introduced early in the development process to continuously test and validate code changes. This helps identify regressions quickly and facilitates rapid bug fixes.

  5. Community Assurance: Implementing fuzz testing in OpenTelemetry-cpp will provide the community with an additional layer of assurance about the reliability and security of the library, increasing its overall trustworthiness.

Proposed Approach:

We propose integrating fuzz testing using the Google FuzzTest framework. This allows us to use fuzzed inputs as test cases for various components within the library.

Community Involvement:

We welcome contributions and feedback from the community regarding the implementation of fuzz testing. Community members are encouraged to participate in testing, review, and refining the fuzz targets to maximize the effectiveness of fuzz testing for OpenTelemetry-cpp.

We believe that adding fuzz testing to OpenTelemetry-cpp will significantly improve the library's robustness, security, and overall quality, and we kindly request the consideration and support of the maintainers and the community in this endeavor.

@github-actions github-actions bot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Jul 22, 2023
@esigo esigo mentioned this issue Jul 22, 2023
5 tasks
@esigo esigo self-assigned this Jul 22, 2023
@esigo esigo added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jul 31, 2023
@github-actions
Copy link

This issue was marked as stale due to lack of activity.

@github-actions github-actions bot added the Stale label Sep 30, 2023
@esigo esigo removed the Stale label Nov 19, 2023
Copy link

This issue was marked as stale due to lack of activity.

@lalitb
Copy link
Member

lalitb commented Apr 29, 2024

Discussed the integration with OSS-fuzz integration in the maintainer's meeting today, basically legality for the copyright/licenses. The suggestion was to raise an issue in the community repo, and if required one of the TC/GC member would raise this further with CNCF.

@vitorguidi
Copy link

Has this initiative been abandoned? What are these legality issues?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
do-not-stale triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants