Re: Inquiry Regarding Initial Seed for pgsql Protocol Fuzz Testing

From: Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>
To: Cherry Pang <cherrypang99(at)gmail(dot)com>
Cc: pgsql-general <pgsql-general(at)postgresql(dot)org>
Subject: Re: Inquiry Regarding Initial Seed for pgsql Protocol Fuzz Testing
Date: 2023-11-24 05:21:18
Message-ID: 966f45a2-c4c9-4064-a926-3e35ef8be766@aklaver.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On 11/23/23 17:42, Cherry Pang wrote:
Reply to list also.
Ccing list.

> Firstly, I apologize for my mistake. I meant PostgreSQL, not SQLite.
>
> Secondly, when it comes to fuzzing tests, it refers to using
> automatically generated inputs to test the security and stability of
> software. In the realm of databases, particularly with respect to
> PostgreSQL, fuzzing tests can help uncover logic errors and crash bugs
> in the database. Fuzzing inputs for these types of bugs typically
> encompass various SQL statements, such as creating tables, creating
> indexes, inserting data, deleting data, and so forth. These inputs
> simulate various scenarios within the database system, aiding in the
> discovery of potential vulnerabilities and issues, thus enhancing the
> stability and security of the database
What I was getting at is that details about the tools/software you are
using as well as how you are currently using them would help those that
also do this to guide you.

>
> Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com
> <mailto:adrian(dot)klaver(at)aklaver(dot)com>> 于2023年11月23日周四 23:54写道:
>
> On 11/22/23 22:56, Cherry Pang wrote:
> > hello!
> > I am a novice enthusiast in the field of fuzz testing and have an
> > interest in conducting fuzz testing for the SQLite protocol. I
> > understand that testing the logic bugs or crash bugs in Data
> > Manipulation Language (DML) functionalities differs
> significantly, and
> > as such, I am unsure about the initial seed format required.
>
> 1) FYI, this is the list for Postgres not SQLite.
>
> 2) I don't know anything about fuzzy testing, but for those that do it
> might be helpful to mention what tools you are using.
>
> >
> >  From my understanding, the seed for protocol testing refers to
> queries
> > or commands sent to the database server. How does this differ
> from seeds
> > used in regular logic testing? I would greatly appreciate it if you
> > could shed some light on the format of the initial seed for this
> > purpose. If possible, providing a few seed examples would be
> immensely
> > helpful.
> >
> > Thank you very much for your time and assistance.
> >
>
> --
> Adrian Klaver
> adrian(dot)klaver(at)aklaver(dot)com <mailto:adrian(dot)klaver(at)aklaver(dot)com>
>

--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Les 2023-11-24 11:39:40 replication primary writting infinite number of WAL files
Previous Message Adrian Klaver 2023-11-23 20:43:02 Re: IPV6 issue