fuzz testing / property testing

[illume]

Currently we're not using fuzzing or property testing which is checked by the headlamp OpenSSF scorecard.

Fuzzing, or fuzz testing, is the practice of feeding unexpected or random data into a program to expose bugs. Regular fuzzing is important to detect vulnerabilities that may be exploited by others, especially since attackers can also use fuzzing to find the same flaws.
-- https://github.com/ossf/scorecard/blob/7ce8609469289d5f3b1bf5ee3122f42b4e3054fb/docs/checks.md#fuzzing

Additional information

It's especially useful on any code that parses inputs like network data or user provided content or arguments. During testing we might uncover areas which don't validate or parse input data at all.

Some tools

• https://go.dev/doc/security/fuzz/
• https://fast-check.dev/
• https://github.com/google/oss-fuzz

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale