oss-fuzz icon indicating copy to clipboard operation
oss-fuzz copied to clipboard
verified publisher icon google

Crow: Initial project request

Open capuanob opened this issue 1 year ago • 6 comments

I am requesting permission to integrate Crow into OSSFuzz. I believe that this project is a good candidate for OSS-Fuzz integration as it is a C++ implementation of a HTTP / websocket framework that enjoys a large user-base. Being written in C++ and being exposed to the network, fuzzing could be applied to uncover potential bugs and / or security concerns in the parsing of incoming HTTP requests.

capuanob avatar Jan 30 '24 01:01 capuanob

Permission from upstream (alongside making myself the primary POC) can be found here

capuanob avatar Jan 30 '24 01:01 capuanob

capuanob is integrating a new project:
- Main repo: https://github.com/CrowCpp/Crow
- Criticality score: 0.58587

github-actions[bot] avatar Jan 30 '24 01:01 github-actions[bot]

Who are some high profile users?

jonathanmetzman avatar Jan 30 '24 14:01 jonathanmetzman

Who are some high profile users?

@jonathanmetzman While I am not personally aware of which projects use Crow, I do know that it is one of the most popular "Flask-alternatives" for C++ web-services.

Historically, it has also had CVEs against it, such as CVE-2022-38667. I believe it is a security relevant project due to its network-facing nature and the fact that critical CVEs that provide remote code execution have been uncovered in the past.

capuanob avatar Jan 31 '24 03:01 capuanob

@DonggeLiu Good morning! Reaching out to see if the panel has discussed this repository?

capuanob avatar Feb 11 '24 15:02 capuanob

@DonggeLiu Good morning! Reaching out to see if the panel has discussed this repository?

Yes, approved. Please proceed, thanks!

DonggeLiu avatar Feb 11 '24 20:02 DonggeLiu