Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Add some security/fuzz testing #441
I'm the author of SharpFuzz, which is a tool that enables fuzzing of .NET programs using afl-fuzz. I did a small experiment on SpreadsheetDocument.Open method, which discovered that it can throw many unexpected exceptions (documentation states that this method should throw only OpenXmlPackageException). These are:
I didn't have the time to do a longer fuzzing run, and I think that this only scratches the surface of all the possible problems that could be discovered. If you are interested in exploring this area, here is my fuzzing playground for Open XML SDK.
If you have any questions, I'll be glad to assist you!
All the best,