Add fuzzer to integrate go-redis into OSS-fuzz #1570
Conversation
|
I have setup the integration with OSS-fuzz on the OSS-fuzz side here: google/oss-fuzz#4750. Once the fuzzer is merged here on the go-redis repository, I will run the tests on the OSS-fuzz side so they can complete successfully. Once go-redis has setup continuous fuzzing by way of OSS-fuzz, Google will run all go-redis' fuzzers continuously and send out bug reports in case any bugs should be found. While the service is free, it is offered with an implied expectation that bugs are fixed, so that the resources spent on fuzzing go-redis are put to good use. OSS-fuzz has a public disclosure policy of 90 days. |
|
@AdamKorcz First sorry for not responding earlier. I am not sure I will have much time fixing issues that can be found by this fuzzer. But I don't mind to try this out. So if you are still interested - please ping me on this thread. |
|
@vmihailenco Sounds good, let's give it a go! |
| @@ -0,0 +1,46 @@ | |||
| // +build gofuzz | |||
|
|
|||
| package redis | |||
There was a problem hiding this comment.
I am going to move this go redis/fuzz sub-package just in case. Hopefully it does not break anything.
|
Merged but with one change Let me know if I need to add a tag or make a release. |
|
It should work. I will test it out. Which email can we use for bug reports? |
|
Mine is vladimir.webdev at gmail.com . |
This PR adds a fuzzer.
Fuzzing is a way of testing programs whereby pseudo-random data is passed to a target function with the goal of finding bugs and vulnerabilities.
I have been working on running this fuzzer continuously on OSS-fuzz's platform, and I will be happy to integrate go-redis into the project so that this fuzzer can run continuously. OSS-fuzz is a free service for open source projects, and if bugs are found an email with a link to a detailed bug report is sent out to the maintainers on the mailing list. The mailing list is public and can be changed at any time, and there is a public disclosure policy of 90 days.