[SERVER-64001] Create a fuzzer with auth enabled Created: 25/Feb/22  Updated: 24/Jan/24

Status: Backlog
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Judah Schvimer Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: former-quick-wins, tech-debt-security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-69348 Commands must declare empty auth chec... Closed
Assigned Teams:
Correctness
Participants:

 Description   

We don't run fuzz tests with auth enabled. This limits the coverage we're able to get.



 Comments   
Comment by Iryna Zhuravlova [ 04/Oct/22 ]

Hi judah.schvimer@mongodb.com , we believe that test coverage provided by the mutational fuzzers is unknown, therefore, we can't insure that it will provide safety guarantees for specific areas of codebase. Would this be something you consider for some grammar fuzzers? 

Comment by Judah Schvimer [ 02/Sep/22 ]

This could maybe have caught SERVER-69348 earlier. Putting back up for prioritization.

Generated at Thu Feb 08 05:59:13 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.