[Hackathon] Explore and Implement Fuzz Testing for CLI Input in rpc-go

[rsdmike]

🔹 Overview

Fuzz testing is a powerful technique for uncovering unexpected bugs, security vulnerabilities, and edge cases by feeding randomized inputs into a system. Go 1.18+ introduced built-in fuzzing support (Go Fuzzing Docs).

We want to explore fuzz testing in the rpc-go repository, starting with fuzzing CLI input to find potential issues with command parsing, argument handling, or unexpected crashes.

Since we haven't leveraged fuzzing much, this task is exploratory in nature. The goal is to:

1. Experiment with Go’s built-in fuzz testing.
2. Apply it to rpc-go CLI commands.
3. Integrate it into GitHub Actions so that fuzzing can be run automatically.

🎯 Task Scope

• Step 1: Research and experiment with Go fuzzing (testing.F).
• Step 2: Identify a CLI command in rpc-go to target first. Likely Deactivate is going to be the best command to start with as it is simple and not many flags.
• Step 3: Implement a fuzz test that runs against the command’s input parsing logic.
• Step 4: Ensure that fuzz testing can run locally (go test -fuzz).
• Step 5: Add a GitHub Actions workflow to run fuzz testing in CI.
• Step 6: Document findings, limitations, and next steps for expanding fuzzing coverage.

📂 Relevant Files

• internal/flags/deactivate.go (or other relevant CLI input processing files)
• .github/workflows/ (for GitHub Actions integration)
• fuzz_test.go (append this suffix to the filename to differentiate between normal unit tests)

💻 Technical Details

• Use Go’s built-in fuzz testing (testing.F).
• Target parsing logic to look for unexpected panics, invalid memory access, or incorrect behavior.
• Fuzz at least one command (e.g., rpc-go connect).
• Ensure that fuzz tests:
  • Can run in a reasonable timeframe (consider limiting iterations).
  • Detect any issues or unexpected crashes.
  • Are integrated into GitHub Actions but don’t slow down CI excessively.

✅ Acceptance Criteria

• A fuzz test is implemented for at least one CLI command.
• The test runs successfully using go test -fuzz.
• A GitHub Actions workflow is added to run fuzz tests.
• Findings and next steps for expanding fuzz coverage are documented.
• A Pull Request (PR) is submitted summarizing the work.

🚀 How to Get Started

1. Comment below to claim this issue.
2. Fork the repo and create a branch (e.g., feature/fuzz-testing-cli).
3. Experiment with Go fuzzing, apply it to rpc-go CLI input.
4. Submit a Pull Request (PR) linking this issue.

📎 Additional Notes

• This is exploratory, so documenting any roadblocks or limitations is valuable.
• If fuzzing exposes a bug, consider opening a separate issue to track it.
• If GitHub Actions integration is challenging, ask for help.