| From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
|---|---|
| To: | Cherry Pang <cherrypang99(at)gmail(dot)com> |
| Cc: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Inquiry Regarding Initial Seed for pgsql Protocol Fuzz Testing |
| Date: | 2023-11-24 05:21:18 |
| Message-ID: | 966f45a2-c4c9-4064-a926-3e35ef8be766@aklaver.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 11/23/23 17:42, Cherry Pang wrote:
Reply to list also.
Ccing list.
> Firstly, I apologize for my mistake. I meant PostgreSQL, not SQLite.
>
> Secondly, when it comes to fuzzing tests, it refers to using
> automatically generated inputs to test the security and stability of
> software. In the realm of databases, particularly with respect to
> PostgreSQL, fuzzing tests can help uncover logic errors and crash bugs
> in the database. Fuzzing inputs for these types of bugs typically
> encompass various SQL statements, such as creating tables, creating
> indexes, inserting data, deleting data, and so forth. These inputs
> simulate various scenarios within the database system, aiding in the
> discovery of potential vulnerabilities and issues, thus enhancing the
> stability and security of the database
What I was getting at is that details about the tools/software you are
using as well as how you are currently using them would help those that
also do this to guide you.
>
> Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com
> <mailto:adrian(dot)klaver(at)aklaver(dot)com>> 于2023年11月23日周四 23:54写道:
>
> On 11/22/23 22:56, Cherry Pang wrote:
> > hello!
> > I am a novice enthusiast in the field of fuzz testing and have an
> > interest in conducting fuzz testing for the SQLite protocol. I
> > understand that testing the logic bugs or crash bugs in Data
> > Manipulation Language (DML) functionalities differs
> significantly, and
> > as such, I am unsure about the initial seed format required.
>
> 1) FYI, this is the list for Postgres not SQLite.
>
> 2) I don't know anything about fuzzy testing, but for those that do it
> might be helpful to mention what tools you are using.
>
> >
> > From my understanding, the seed for protocol testing refers to
> queries
> > or commands sent to the database server. How does this differ
> from seeds
> > used in regular logic testing? I would greatly appreciate it if you
> > could shed some light on the format of the initial seed for this
> > purpose. If possible, providing a few seed examples would be
> immensely
> > helpful.
> >
> > Thank you very much for your time and assistance.
> >
>
> --
> Adrian Klaver
> adrian(dot)klaver(at)aklaver(dot)com <mailto:adrian(dot)klaver(at)aklaver(dot)com>
>
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Les | 2023-11-24 11:39:40 | replication primary writting infinite number of WAL files |
| Previous Message | Adrian Klaver | 2023-11-23 20:43:02 | Re: IPV6 issue |