Configure fuzzy testing support

[binadamu-isiyoonekana]

Aim

Configure a continuous Rust fuzzy testing support in a Docker-based containerized environment.

Add a precise documentation section in the README.md file, explaining the aims and objectives of fuzzy testing.

Assumption

• The fuzzy testing process must be integrated in the CI pipeline
• Fuzzers can be selected in the [features] section of the Cargo.toml file, namely cargo-fuzz, cargo-libafl, and honggfuzz-rs.
• Fuzzing sessions are executed in a Docker container.

Acceptance criteria

• Implement a fuzz testing use case using cargo-fuzz fuzzer
• Implement a fuzz testing use case using honggfuzz-rs fuzzer
• Implement a fuzz testing use case using cargo-libafl fuzzer
• Extend the greeter service library, adding support for cargo-fuzz, cargo-libafl, and honggfuzz-rs fuzzers
• Write a fuzzing section in the README.md file, where to explain fundamentals and objectives of fuzzy testing, to explain how fuzzing tools are chosen, installed and configured, and to provide best recipes for each fuzzing technique (i.e. libfuzzer, libafl and honggfuzzer)
• Integrate fuzzy testing in the continuous integration pipeline (in GitHub Actions workflows)
• Implement a Docker image containing all fuzzing tools, namely cargo-fuzz, cargo-libafl, and honggfuzz-rs, where fuzzing sessions are executed (see for instance, Google OSS Fuzz).

Risks

• No specific risks

References

• Rust Fuzz Book
• Fuzzing Rust crate library using honggfuzz-rs fuzzer (ical-rs)
• Midas LAMBRICHTS 2021. Fuzz Driven Development
• fuzzing-ci: a simple CI program for running automatic fuzzing processes
• cargo-fuzz with libfuzzer-sys wrapper: tools for fuzzy testing using libfuzzer wrapper
• cargo-libafl: a fork of cargo-fuzz which supports LibAFL-based fuzzer rather than libfuzzer
• honggfuzz-rs: tool using Honggfuzz developed by Google
• Jonathan Knudsen 2021. How to cyber security: Containerizing fuzzing targets