Optimization #3587
open
- Priority changed from Normal to Low
- Assignee set to Philippe Antoine
Should this target use rules and traffic as well ?
There does not seem to be much to fuzz in SCThresholdConfParseFile by itself
Rules for sure, yes, as the threshold rules are applied to regular rules. Of course coverage may get higher with traffic, although I could imagine that reaching the thresholding conditions from traffic+rules might be tricky. But maybe I'm underestimating the fuzz algos.
Since the threshold file has rules that reference the regular rules by sig_id, I wonder if there should be some logic in the fuzz target to make sure we don't get a billion inputs that never reference a rule.
I could imagine that reaching the thresholding conditions from traffic+rules might be tricky
Would not fuzzer set the threshold to 2 to easily reach it ?
Since the threshold file has rules that reference the regular rules by sig_id,
Indeed, see my comment in https://redmine.openinfosecfoundation.org/issues/3589#note-5
Also available in: Atom
PDF