Hi Undici maintainers,
I opened an OSS-Fuzz PR to add an initial fuzzing integration for Undici:
google/oss-fuzz#15453
The integration currently adds Jazzer.js fuzz targets for:
Headers, Request, and Response construction/header handlingundici.request using MockAgent, with network access disabledfetch with FormData using a mocked response
Could someone from the Undici/Node.js maintainer side please take a look at the OSS-Fuzz PR and confirm two things?
- Whether
security@nodejs.org is the right primary_contact for this OSS-Fuzz project, or whether another Google-account-backed maintainer/project email should be used.
- If the integration looks okay from the project side, could you please leave an LGTM/comment on the OSS-Fuzz PR? OSS-Fuzz usually wants maintainer approval before accepting a new project integration.
One implementation note: the PR is pinned to the v6.x branch for now because current Undici releases require a newer Node.js runtime than the OSS-Fuzz JavaScript base image currently provides.
Thanks!
Hi Undici maintainers,
I opened an OSS-Fuzz PR to add an initial fuzzing integration for Undici:
google/oss-fuzz#15453
The integration currently adds Jazzer.js fuzz targets for:
Headers,Request, andResponseconstruction/header handlingundici.requestusingMockAgent, with network access disabledfetchwithFormDatausing a mocked responseCould someone from the Undici/Node.js maintainer side please take a look at the OSS-Fuzz PR and confirm two things?
security@nodejs.orgis the rightprimary_contactfor this OSS-Fuzz project, or whether another Google-account-backed maintainer/project email should be used.One implementation note: the PR is pinned to the
v6.xbranch for now because current Undici releases require a newer Node.js runtime than the OSS-Fuzz JavaScript base image currently provides.Thanks!