goblin icon indicating copy to clipboard operation
goblin copied to clipboard

Published 20 hours ago verified publisher icon m4b

Integration with oss-fuzz fuzzing service

Open manunio opened this issue 3 years ago • 5 comments

Hi @m4b, I would like to help integrate this project into OSS-Fuzz.

  • As an initial step for integration I have created this PR: https://github.com/google/oss-fuzz/pull/8646, it contains necessary logic from an OSS-Fuzz perspective to integrate goblin.

  • OSS-Fuzz is a free service run by Google that performs continuous fuzzing of important open source projects.

  • As goblin already have cargo-fuzz based fuzzing implemented, this makes it easily compatible with oss-fuzz out of box.

  • If you would like to integrate, the only thing I need is a list of email(s), it must be associated with a google account like gmail (why?). by doing that, the provided email(s) will get access to the data produced by OSS-Fuzz, such as bug reports, coverage reports and more stats.

~~- As an alternative, if you don't have a google/gmail id, but still wish to integrate. I can add my mail id for time being and monitor bug/crashes.~~

  • Notice the email(s) affiliated with the project will be public in the OSS-Fuzz repo, as they will be part of a configuration file.

manunio avatar Sep 30 '22 17:09 manunio

hi @manunio i would prefer not to sign up my email for this service, but if you feel like it and don't mind it, I don't see a problem with you signing up and either opening issues you find here or perhaps sending me an email if something serious is discovered :)

m4b avatar Oct 24 '22 04:10 m4b

hi @manunio i would prefer not to sign up my email for this service, but if you feel like it and don't mind it, I don't see a problem with you signing up and either opening issues you find here or perhaps sending me an email if something serious is discovered :)

~~Hi thanks for your response, I don't mind doing that :)~~

manunio avatar Oct 24 '22 06:10 manunio

hi @manunio i would prefer not to sign up my email for this service, but if you feel like it and don't mind it, I don't see a problem with you signing up and either opening issues you find here or perhaps sending me an email if something serious is discovered :)

Hi @m4b an email is needed for this project to be accepted by oss-fuzz team, sorry for the confusion.

manunio avatar Dec 22 '22 06:12 manunio

@manunio i thought we agreed your email is sufficient? Or they specifically need my email?

m4b avatar Jan 01 '23 22:01 m4b

@manunio i thought we agreed your email is sufficient? Or they specifically need my email?

Yes they specially need your email, as this guarantees someone from the project team is receiving security/bug reports, Sorry for the confusion.

manunio avatar Jan 02 '23 04:01 manunio