Skill

go-fuzz-testing

Go fuzz testing patterns using built-in fuzzing support (Go 1.18+)

npx claudepluginhub jamesprial/prial-plugins --plugin golang-workflow

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Go 1.18+ includes native fuzz testing. Use fuzzing when functions handle external input, parse data, or validate untrusted content.

SKILL.md

Similar Skills

golang-testing

179.0k

Implements idiomatic Go testing patterns including table-driven tests, subtests, benchmarks, fuzzing, and coverage. Guides TDD workflow for new functions, existing code, and performance.

ecc

golang-testing

154

Provides Go testing patterns with TDD: table-driven tests, subtests, benchmarks, fuzzing, and coverage for reliable, idiomatic tests.

awesome-claude-notes

fuzz-testing

Guides coverage-guided fuzz testing for Rust projects using cargo-fuzz: init, fuzz targets with libFuzzer/Arbitrary, corpus management, and CI integration.

5 tools

gh-guard

Stats

Stars1

Forks0

Last CommitFeb 9, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Fuzz Testing

Go 1.18+ includes native fuzz testing. Use fuzzing when functions handle external input, parse data, or validate untrusted content.

When to Fuzz

Parsers (JSON, XML, custom formats)
Validators (input sanitization, boundary checks)
Encoders/decoders (round-trip property)
Any function that should never panic on arbitrary input

Basic Fuzz Test

func Fuzz_Parse(f *testing.F) {
    // Seed corpus: known interesting inputs
    f.Add([]byte(`{"valid": true}`))
    f.Add([]byte(`{}`))
    f.Add([]byte(``))
    f.Add([]byte(`null`))

    f.Fuzz(func(t *testing.T, data []byte) {
        // Invariant: Parse must never panic
        result, err := Parse(data)
        if err != nil {
            return // errors are acceptable
        }
        // If parse succeeds, result must be usable
        if result == nil {
            t.Error("Parse returned nil result without error")
        }
    })
}

Fuzz Invariants

Every fuzz test must check at least one invariant:

Invariant	Description	Example
No panics	Function never panics on any input	Parser, validator
Round-trip	Encode(Decode(x)) == x	Serialization
Idempotent	F(F(x)) == F(x)	Normalization
Bounded output	Output length/size within limits	Compression
Error or valid	Returns error OR valid result, never garbage	Any function

Seed Corpus Best Practices

Include valid inputs (happy path)
Include empty/nil/zero inputs
Include boundary values (max length, max int)
Include known-bad inputs that should produce errors
Include real-world samples from production when available

Running Fuzz Tests

# Run for 30 seconds
go test -fuzz=Fuzz_Parse -fuzztime=30s ./...

# Run until failure
go test -fuzz=Fuzz_Parse ./...

# Run specific fuzz test
go test -fuzz=^Fuzz_Parse$ -fuzztime=10s ./pkg/parser/

Common Mistakes

// WRONG: No invariant checked
f.Fuzz(func(t *testing.T, data []byte) {
    Parse(data) // just calling it isn't enough
})

// CORRECT: Check meaningful invariant
f.Fuzz(func(t *testing.T, data []byte) {
    result, err := Parse(data)
    if err == nil && result.Valid() == false {
        t.Error("Parse returned invalid result without error")
    }
})