Install the fuzzer:
go get -u github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-buildUpdate OPA mod file to point to local repo:
go mod edit -replace github.com/open-policy-agent/opa=$(go env GOPATH)/src/github.com/open-policy-agent/opaBuild the fuzzer package. The fuzzer package includes the code to run and the corpus:
go-fuzz-build github.com/open-policy-agent/fuzz-opaRun the fuzzer:
go-fuzz -bin=fuzz-fuzz.zip -workdir=workdirThe last command will start the fuzzer and output the results to the workdir.
See go-fuzz/README.md for details on the
fuzzer output. Pay attention to the restarts output field. This value should
be around 1/10,000. If it's higher than this and the crashers field is greater
than zero, check the output directory for crash output.
Or just make, with optional path for OPA source like:
make OPA_TARGET=/path/to/opa/src/dir