Summary
Add fuzz testing for the __dispatch JSON-RPC host function handlers. A malicious or buggy guest can send arbitrary JSON payloads to any registered handler — fuzzing ensures the host side handles malformed, unexpected, or adversarial inputs gracefully without panicking or leaking resources.
Scope
- All dispatch handlers: filesystem sandbox (
fs_*), networking (net_*), tool dispatch
- Focus on: malformed JSON, missing/extra fields, out-of-range values, invalid file descriptors, path traversal attempts, oversized payloads
- Consider using
cargo-fuzz (libFuzzer) or afl.rs
Why
Host functions are the trust boundary between guest and host. Unit tests cover happy paths and known edge cases, but fuzzing can surface unexpected panics, integer overflows, or resource exhaustion that manual tests miss.
Summary
Add fuzz testing for the
__dispatchJSON-RPC host function handlers. A malicious or buggy guest can send arbitrary JSON payloads to any registered handler — fuzzing ensures the host side handles malformed, unexpected, or adversarial inputs gracefully without panicking or leaking resources.Scope
fs_*), networking (net_*), tool dispatchcargo-fuzz(libFuzzer) orafl.rsWhy
Host functions are the trust boundary between guest and host. Unit tests cover happy paths and known edge cases, but fuzzing can surface unexpected panics, integer overflows, or resource exhaustion that manual tests miss.