-
Google has released ClusterFuzzlite, and it supports CI fuzzing checking for Java and C++, used by Robolectric. What about trying to integrate it for Robolectric Github Actions, and start to make Robolectric safer? Also, GitHub Security supports to spot out vulnerabilities of dependencies. It can be used to make Robolectric safer too. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 6 replies
-
What kind of threat models are you concerned with? I'm definitely not opposed to improving security, but Robolectric processes tend to be short-lived, and only exist on developer machines and isolated CI environments, so I have not thought too much about what kind of attack vectors are possible. |
Beta Was this translation helpful? Give feedback.
What kind of threat models are you concerned with? I'm definitely not opposed to improving security, but Robolectric processes tend to be short-lived, and only exist on developer machines and isolated CI environments, so I have not thought too much about what kind of attack vectors are possible.