Code coverage and afl-fuzz
from : https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing/ gitlab supports code fuzzing for any language that works on top of AFL
-> implementation example from: https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/afl-fuzzing-example
include:
- template: Coverage-Fuzzing.gitlab-ci.yml
my_fuzz_target:
extends: .fuzz_base
script:
- apt-get update -qq && apt-get install -y -qq afl++-clang
- echo core >/proc/sys/kernel/core_pattern
- CC=afl-clang-fast AFL_HARDEN=1 make
- ./gitlab-cov-fuzz run --engine=afl --regression=$REGRESSION -- ./vulnerable
about https://tarides.com/blog/2019-09-04-an-introduction-to-fuzzing-ocaml-with-afl-crowbar-and-bun
Edited by Corentin Méhat