Fuzzing cwltool

https://alexgaynor.net/2015/apr/13/introduction-to-fuzzing-in-python-with-afl/

Fuzzing is a technique in computer testing and security where you generate a bunch of random inputs, and see how some program handles it. For example, if you had a JPEG parser, you might create a bunch of valid images and broken images, and make sure it either parses them or errors out cleanly. In C (and other memory unsafe languages) fuzzing can often be used to discover segfaults, invalid reads, and other potential security issues. Fuzzing is also useful in Python, where it can discover uncaught exceptions, and other API contract violations.

Goal: No interaction with cwltool should run forever, produce a segfault, or quit with just a plain Python exception traceback.

Another resource is https://www.fuzzingbook.org/

• fuzz using the CWL 1.1 conformance tests as example inputs
• fix bugs, add test cases
• if many bugs are found, research test case reduction
• later, integrate with OSS-Fuzz (OSS-Fuzz does not yet support Python)

https://github.com/DRMacIver/structureshrink/commits/master might be useful for reducing CWL test cases

Adding property based testing may also be useful https://hypothesis.readthedocs.io/en/latest/

https://pypi.org/project/pythonfuzz/