Implement Fuzz testing #5425
Description
The CNCF Fuzzing Initiative in collaboration with OSS-Fuzz provides a fuzzing infrastructure that enables CNCF projects to leverage coverage-guided continuous fuzzing. Envoy Proxy already benefits from extensive fuzz testing, so applying the same approach to Envoy Gateway will ensure similar robustness and reliability.
Tasks
Develop initial set of fuzz tests
- Create a design document for fuzz testing #5426
- Implement fuzzers for Gateway API resource to IR translation #5428
- Implement fuzzer for Gateway API to XDS #5462
- Add seed corpus to guide the fuzzer to generate combinations of gatew… #5904
Integrate Continuous Fuzzing with OSS-Fuzz
- Add script to build the fuzzers in
oss-fuzzinfra. #5492 - Add envoy gateway in the OSS-Fuzz repository #5501
- Add a brief documentation on running fuzz tests locally using oss-fuzz infra. #5502
References
- Fuzzing library Go-fuzz
- Fuzzing Infrastructure: OSS-Fuzz
- Best Practices: OSS-Fuzz ideal integration
Ongoing discussions and PR in OSS-Fuzz
- No coverage generated due to corpus format in Golang Native Fuzzing google/oss-fuzz#13285
- Mismatch in coverage percentage - GoLang Native fuzzing (Envoy/Gateway) google/oss-fuzz#13393
- Coverage build failing due to empty corpus. google/oss-fuzz#13263
- No Email Notifications Received despite crashes being reported in OSS-Fuzz google/oss-fuzz#13236
- Empty (0B) Testcases for Envoy Gateway Crashes on OSS-Fuzz google/oss-fuzz#13211
- Improve
compile_native_go_fuzzercommand to detect fuzzer functions more precisely. google/oss-fuzz#13220 - gateway: fix broken coverage build google/oss-fuzz#13333
Important Links
- OSS-Fuzz dashboard for envoy-gateway
- Closing Note and Future works: Integrating CNCF Fuzzing Framework for Envoy Gateway (2025 Term 1) - LFX Mentorship