oss-fuzz
oss-fuzz copied to clipboard
google
add a fuzz driver of gin
Overview This pull request introduces a fuzz driver of that used to find the bug https://github.com/gin-gonic/gin/issues/3241. The purpose of this fuzz driver is to rigorously test the NegotiateFormat API by injecting mutated data into its arguments. By doing so, we aim to enhance our continuous testing efforts and ensure the robustness of this API.
Details The fuzz driver has been designed to thoroughly exercise the NegotiateFormat API. It accomplishes this by systematically injecting various forms of mutated data into the API's arguments. Through this approach, we identified potential vulnerabilities and edge cases that might otherwise go unnoticed.
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).
View this failed invocation of the CLA check for more information.
For the most up to date status, view the checks section at the bottom of the pull request.
![google-cla[bot] avatar](https://avatars.githubusercontent.com/in/42202?v=4 "Published by a pub.dev verified publisher"){kind=small}
secsys-go is integrating a new project:
- Main repo: https://github.com/gin-gonic/gin
- Criticality score: 0.68449
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi, could you provide a bit of context to this? Is this maintainer approved and how critical is the project?
I'm asking as there are previous concerns e.g.
- https://github.com/go-gitea/gitea/pull/26954
- https://github.com/moby/moby/pull/46421#issuecomment-1710644275
Hi, could you provide a bit of context to this? Is this maintainer approved and how critical is the project?
I'm asking as there are previous concerns e.g.
Yep, @secsys-go I've started the CI, but we need the maintainer's approval to merge this : )
Hi, could you provide a bit of context to this? Is this maintainer approved and how critical is the project?
I'm asking as there are previous concerns e.g.
Hi, we are developing a new technique to automatically transform official unit tests of third-party library into fuzz drivers. The fuzz driver we pull request is generated by this technique. We manually fix some errors so that this version we issue can work well.
Is this maintainer approved? We have not obtained official approval of the maintainers of this project. Should we obtain the official approval before we issue this PR? If so, what form of approval do we need to provide you?
How critical is the project? Actually we do not know the criteria of "critical". Based on our observation, gin project has more than 71.4k stars, which means it has a significant user base. Besides, our fuzz driver can find a known bug gin-gonic/gin#3241 of the project. So we believe this project is critical enough.
We have not obtained official approval of the maintainers of this project. Should we obtain the official approval before we issue this PR? If so, what form of approval do we need to provide you?
It's OK to issue this PR before you obtain the maintainer's approval. However, we do require it to merge this PR. This can be as simple as a comment here, recognizing 1) their awareness and consent to this PR, and 2) the usefulness of the fuzz target. If you have a PR that merges/maintains the fuzz target in the project under test, you can also inform the maintainers and get their approval from that PR.
which means it has a significant user base.
May I ask who are the users? Thanks!
BTW, I noticed that you have a few other PRs, could you please do the same for each? We would appreciate that : )
We have sent an invitation to project maintainer to help us review this PR.
We have sent an invitation to project maintainer to help us review this PR.
Thanks! Any update on this too? : )
Closing this for now. Related: https://github.com/google/oss-fuzz/pull/10951#issuecomment-2037689256 https://github.com/go-gitea/gitea/pull/26954#issuecomment-1710683316