Skip to content

Implement fuzz testing #1075

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
1 of 2 tasks
arkid15r opened this issue Mar 11, 2025 · 6 comments · May be fixed by #1139
Open
1 of 2 tasks

Implement fuzz testing #1075

arkid15r opened this issue Mar 11, 2025 · 6 comments · May be fixed by #1139
Assignees
@ahmedxgouda
Labels
backend bug Something isn't working enhancement fuzz-tests question

Comments

@arkid15r
Copy link
Collaborator

To improve the security and robustness of the OWASP Nest we should implement fuzz testing for critical parts of our backend API. Fuzz testing will help uncover unexpected edge cases, unhandled errors, and potential security vulnerabilities by automatically generating random and malformed inputs.

The primary focus should be on:

  • REST API endpoints
  • GraphQL API endpoints
  • Slack event handlers

Tasks

  • Research suitable approaches for implementing fuzz testing in Django and GraphQL.
  • Implement fuzz testing for GraphQL API endpoints
  • Implement fuzz testing for Slack event handlers
  • Implement fuzz testing for REST API endpoints
  • Extend a GitHub Action workflow to execute fuzz tests either on pull requests.

Acceptance Criteria

  • Fuzz tests should run without causing the application to crash.
  • Any unhandled exceptions or unexpected behavior should be captured and reported.
  • Test coverage should include:
    • GraphQL queries and mutations
    • Slack event handlers
    • REST API endpoints
  • Fuzz tests should be integrated into the CI/CD pipeline.

Are you going to work on implementing this?

  • Yes
  • No
@github-project-automation github-project-automation bot moved this to Backlog in Project Nest Mar 11, 2025
@arkid15r arkid15r removed the notify label Mar 11, 2025
@github-actions github-actions bot added bug Something isn't working question labels Mar 11, 2025
@yashgoyal0110
Copy link
Contributor

yashgoyal0110 commented Mar 11, 2025
edited
Loading

@arkid15r Can I work on this?

@ahmedxgouda
Copy link
Collaborator

Can I work on this?

@srinjoy933
Copy link
Contributor

can i work on this ?,i have nothing assigned for now @arkid15r ,

@arkid15r arkid15r moved this from Backlog to In progress in Project Nest Mar 11, 2025
@arkid15r
Copy link
Collaborator Author

Research suitable approaches for implementing fuzz testing

@ahmedxgouda let's discuss this before start working on the implementation

@yashgoyal0110
Copy link
Contributor

yashgoyal0110 commented Mar 11, 2025
edited
Loading

Should we use different tools to serve all 3 purpose?
I did some research on it and found Atheris works best for all three scenarios while we can also use separate tools like ffuf and requests-fuzz

@ahmedxgouda
Copy link
Collaborator

@arkid15r sure. I will do some research and reach for you ASAP.

@ahmedxgouda ahmedxgouda linked a pull request Mar 19, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ahmedxgouda ahmedxgouda

Labels
backend bug Something isn't working enhancement fuzz-tests question
Projects
Project Nest
Status: In progress
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Implement fuzztesting. ahmedxgouda/Nest
4 participants
@arkid15r @ahmedxgouda @yashgoyal0110 @srinjoy933