Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement Fuzzing #177

Open
naveensrinivasan opened this issue Nov 30, 2021 · 2 comments
Open

Implement Fuzzing #177

naveensrinivasan opened this issue Nov 30, 2021 · 2 comments

Comments

@naveensrinivasan
Copy link
Contributor

By implementing fuzzing it will improve the security posture of this library. Especially integrating with oss-fuzz is a great help in uncovering bugs.

Using https://github.com/dvyukov/go-fuzz is the unofficial standard for fuzzing go libraries.

Why not use go 1.18 fuzzing?

The go-fuzz is compatible with libfuzzer, which is supported by oss-fuzz. The go 1.18 doesn't have support for external fuzzer formats yet.

@rdimitrov
Copy link
Contributor

Related: rdimitrov/go-tuf-metadata#12

@MDr164
Copy link
Contributor

MDr164 commented Mar 7, 2024

As this issue was opened 2021 there have been updates to oss-fuzz to allow native Go fuzzing as well: https://google.github.io/oss-fuzz/getting-started/new-project-guide/go-lang/#native-go-fuzzing-support

So I would rather work on implementing that in favor of pulling in a 3rdparty lib for this.

While I am in favor of adding oss-fuzz support, I know that getting a project accepted will take a bit of time (went through this process with two other projects already). Therefore I would firstly add support in general before extending CI to create long running tests on oss-fuzz.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants