boost: add fuzzers for beast library #11994
Conversation
|
tyler92 is a new contributor to projects/boost. The PR must be approved by known contributors before it can be merged. The past contributors are: maflcko, TheZ3ro, DonggeLiu, Navidem, inferno-chromium, Dor1s, bshastry (unverified), pauldreik (unverified), kcc, nevir (unverified) |
tyler92
force-pushed
the
beast-fuzzers
branch
6 times, most recently
from
4ea760a
to
d144373
Compare
|
Ideally, I would add a corpus for the fuzzer. Do you recommend adding a zip archive here or there is a chance that the fuzzer will be executed with an existing public corpus? |
|
I've added two zip archives. They are quite tiny, but please let me know if it's not a recommended way |
|
@tyler92 I'm not a maintainer here but I can offer some guidance.
The OSS-Fuzz project typically avoids and discourages adding corpora and dictionary files to this repo because it bloats the size of the Git repo, making it slower and more resource (e.g., disk space) intensive to download/clone for everyone (including the ClusterFuzz bots.) In fact, there seems to be a CI check for disallowed zip files that is broken and has a fix proposed in: #12008. If working it would have failed on your latest commit with the message "Don't commit seed corpora into the ClusterFuzz repo,they bloat it forever."
The best approach is probably to ask if the upstream maintainers would be interested in setting up somewhere to host corpora outside of this repo (and in fact, I bet OSS-Fuzz maintainers would appreciate if upstream also took on maintenance of the fuzz targets.) I like how Bitcoin Core does it in: https://github.com/bitcoin-core/qa-assets In fact, I set up something similar for GitPython: https://github.com/gitpython-developers/qa-assets Hope that helps! |
|
@tyler92 sorry for the double pings. I forgot to answer this part:
ClusterFuzz will generate a corpus for each target during normal runs, even if no seed corpus is provided. It can take a few days and start empty (i.e., won't use a public corpus as a seed) initially, but after a few successful runs corpora will be generated and persisted for future use. |
This is good news, thank you for the information! I've removed zip files, now there is only one commit with two targets. As far as I could see all boost targets are there and not in the boostorg repository. I agree with you that it's better to move targets from oss-fuzz repo. I believe we can proceed with the current approach and move targets from here in a separate MR if the maintainers don't mind. |
|
There was the same issue before with #11477 :
|
tyler92
force-pushed
the
beast-fuzzers
branch
5 times, most recently
from
0471f0a
to
ea65999
Compare
|
I think the MR is stuck. Who can I contact for feedback? |
boost_beast_request_fuzzer for fuzzing HTTP requests parser boost_beast_response_fuzzer for fuzzing HTTP responses parser boost_beast_ws_server_fuzzer for fuzzing WebSocket server
Thanks for the advice, it's ready: #12109. |
boost_beast_request_fuzzer for fuzzing HTTP requests parser
boost_beast_response_fuzzer for fuzzing HTTP responses parser
boost_beast_ws_server_fuzzer for fuzzing WebSocket server