GitHub Action for Go fuzz testing. This Action runs Go's built-in fuzz testing, added in Go 1.18, on your code.
You can sponsor me here!
fuzz-time
[REQUIRED]: Fuzz target iteration duration, specified as atime.Duration
(for example1h30s
). Corresponds to-fuzztime
flag for thego test
command. Ensure this is less than your job/workflow timeout.packages
[optional]: Run fuzz test on these packages. Corresponds to the[packages]
input for thego test
command.- Default:
.
- Default:
fuzz-regexp
[optional]: Run the fuzz test matching the regular expression. Corresponds to the-fuzz
flag for thego test
command.- Default:
Fuzz
- Default:
fuzz-minimize-time
[optional]: Fuzz minimization duration, specified as atime.Duration
(for example1h30s
). Corresponds to-fuzzminimizetime
flag for thego test
command. If you provide this input, ensure it is less than your job timeout.- Default:
10s
- Default:
go-version
[optional]: Which version of Go to use for fuzzing. This will be passed on toactions/setup-go@v3
.- Default:
1.18
- Default:
- SUCCESS: if your fuzz tests don't raise a failure within the
fuzz-time
input constraint. - FAILURE: if your fuzz tests raise a failure within the
fuzz-time
input constraint.- The workflow run logs will include instructions on how to download (using the GitHub CLI) the failing seed corpus to your local machine for remediation, regardless of run trigger.
- If you run this Action in a PR workflow, it'll comment these instructions on your PR:
windows
GitHub Actions runners! Use with windows
runner OS at your own risk!
Create a .github/workflows/go-fuzz-test.yml
in your repository containing:
name: Go fuzz test
on:
push:
pull_request:
jobs:
fuzz-test:
name: Fuzz test
runs-on: ubuntu-latest
steps:
- uses: jidicula/go-fuzz-action@v1.1.0
with:
fuzz-time: 30s
If you have multiple packages in your repo and you want to fuzz test them all, create a .github/workflows/go-fuzz-test.yml
in your repository containing:
name: Go fuzz test
on:
push:
pull_request:
jobs:
fuzz-test:
name: Fuzz test
runs-on: ubuntu-latest
steps:
- uses: jidicula/go-fuzz-action@v1.1.0
with:
packages: './...'
fuzz-time: 30s
If you want the fuzz test to spend more time on minimizing the failing input to the smallest possible and most human readable value which will still produce an error, create a .github/workflows/go-fuzz-test.yml
in your repository containing:
name: Go fuzz test
on:
push:
pull_request:
jobs:
fuzz-test:
name: Fuzz test
runs-on: ubuntu-latest
steps:
- uses: jidicula/go-fuzz-action@v1.1.0
with:
packages: './...'
fuzz-time: 30s
fuzz-minimize-time: 1m
If you have fuzz tests that don't begin with Fuzz
(the default regexp), create a .github/workflows/go-fuzz-test.yml
in your repository containing:
name: Go fuzz test
on:
push:
pull_request:
jobs:
fuzz-test:
name: Fuzz test
runs-on: ubuntu-latest
steps:
- uses: jidicula/go-fuzz-action@main
with:
packages: './...'
fuzz-time: 30s
fuzz-minimize-time: 1m
fuzz-regexp: OtherFuzzRegexp
I haven't figured out how to test this adequately within this repo, so you can verify its behaviour here: jidicula/test-go-fuzz-action#2
These public repos use this Action.