oss-fuzz icon indicating copy to clipboard operation
oss-fuzz copied to clipboard
verified publisher icon google

Init support userver with honggfuzz

Open pavkir opened this issue 4 months ago • 6 comments

Added support for the userver web asynchronous framework. I used only honggfuzz engine because it's pretty hard to write a fuzz test for another engine, should to patch a lot of in framework.

This framework dont use any custom parsers, under the hood it used llhttp as http req parser, rapidjson for json processing. Therefore, I used hungfuzz to cover all the functionality, rather than just some of the individual functions/parsers that are already covered by oss-fuzz

pavkir avatar Sep 18 '25 15:09 pavkir

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

google-cla[bot] avatar Sep 18 '25 15:09 google-cla[bot]

pavkir is integrating a new project:
- Main repo: https://github.com/userver-framework/userver.git
- Criticality score: 0.55404

github-actions[bot] avatar Sep 18 '25 15:09 github-actions[bot]

Are you a maintainer of the project? If not, please do coordinate this with maintainers. It would also be preferred to have fuzzing harnesses upstream if possible.

Hi, thanks for your reply. No, I'm not the maintainer of this project, just an active user. And I support active communication with the maintainer. cc, @apolukhin - the main maintainer of this project. In the primary_contact field I set Anton's email.

pavkir avatar Sep 26 '25 10:09 pavkir

I support active communication with the maintainer. cc, @apolukhin - the main maintainer of this project

I confirm that I'm the maintainer of the userver project and confirm that https://github.com/pavkir helps me here

apolukhin avatar Oct 08 '25 13:10 apolukhin

@DavidKorczynski Hi! Could u please restart tests?

pavkir avatar Nov 21 '25 12:11 pavkir

@DavidKorczynski Could you please re-run the CI job when you get a chance?

pavkir avatar Dec 09 '25 14:12 pavkir

Added support for the userver web asynchronous framework. I used only honggfuzz engine because it's pretty hard to write a fuzz test for another engine, should to patch a lot of in framework.

This framework dont use any custom parsers, under the hood it used llhttp as http req parser, rapidjson for json processing. Therefore, I used hungfuzz to cover all the functionality, rather than just some of the individual functions/parsers that are already covered by oss-fuzz

I'm not sure this will work, oss-fuzz sort of requires libfuzzer. What do you mean it's hard to build for libfuzzer?

jonathanmetzman avatar Dec 15 '25 16:12 jonathanmetzman

Hi @jonathanmetzman, I’ve fixed the issue with the build process. Could you please rerun the CI?

pavkir avatar Dec 15 '25 20:12 pavkir