KubeCon + CloudNative North America 2022

Service proxies are becoming increasingly complex data parsers. Out of the box, Envoy supports HTTP protocol translation, payload decompression, gRPC-JSON transcoding, and many other features that operate directly on raw request bytes. Coupled with the deployment of Envoy as a "front" edge proxy, these parser-like features become an attack surface for external clients — a malicious HTTP request may trigger undefined behavior, resulting in service mesh downtime. Envoy developers use coverage-guided fuzz tests to automatically discover parser bugs. When run with C++ sanitizers, fuzz tests capture intricate corner cases a developer may have missed. Integration with OSS Fuzz provides continuous fuzz testing and vulnerability reports, allowing developers to fix such bugs before the features are released. Join this talk for a case study on Envoy's multi-year adoption of fuzz testing. Learn about how we harden Envoy for production deployments and the surprising bugs our fuzz tests discovered!