jsonpickle icon indicating copy to clipboard operation
jsonpickle copied to clipboard
verified publisher icon jsonpickle

Initial Fuzzing Integration & OSS-Fuzz scripts

Open DaveLak opened this issue 1 year ago • 2 comments

@davvid & @Theelx, this introduces fuzzing test harness and supporting files OSS-Fuzz integration scripts as discussed in issue https://github.com/jsonpickle/jsonpickle/issues/496. The changes proposed in this PR are documented in the fuzzing/README.md so that's probably the best place to start if you haven't already seen it.

I've also put up a draft for the corresponding OSS-Fuzz PR here: https://github.com/google/oss-fuzz/pull/12571.

Please note that CI will continue to fail on that PR until this one is merged because it depends on the scripts added here.

Additionally I still need to add @Theelx to the auto_cc list in the project.yaml file which enables access to the issue tracker. Would you let me know which Gmail address you'd like added?

Let me know what you think!

DaveLak avatar Oct 09 '24 07:10 DaveLak

@DaveLak Thank you so much for this PR! I'll take a look shortly. You can add [email protected] to the auto_cc list. I'll need to set up an automatic forwarding rule from that to my main email though, and a way to filter out spammers now that it's public. Do you have any suggestions for spam filter rules?

Theelx avatar Oct 09 '24 18:10 Theelx

Thanks, @Theelx! I'll get it added.

Do you have any suggestions for spam filter rules?

Honestly no, not really 😅 For whatever reason, I haven't had many issues with spam on any of the email accounts I have on GitHub. Hopefully you won't either!

DaveLak avatar Oct 09 '24 18:10 DaveLak

@DaveLak I know you're busy so thanks again, and please feel free to submit a follow-up and keep the conversation going.

Until then, I've merged this and applied the following commits per @Theelx 's review:

  • fb9e1a0473c08a9e784153af9b91a9d600871ef2
  • ee19e7676555c56a43363e3aa1f23178742b3310
  • db3abd98d8e85d089b6b15604fa8f0e1122e3159
  • e53797324a8f6a4d2156c31a6f87f3f2a3f8faa1

davvid avatar Oct 31 '24 06:10 davvid

Thanks, @davvid! Apologies for the delay.

Now that this is merged, https://github.com/google/oss-fuzz/pull/12571 can move forward. I've updated the config there to include @Theelx’s email for tracker notifications and marked it ready for OSS-Fuzz maintainer review.

Once merged, it may take a few days to start running. While I don’t have full visibility due to not being listed in the config, I’ll provide links and guidance to help you both get up to speed.

I’ve also drafted some documentation addressing @Theelx’s questions about dictionaries and seed corpora, which I’ll share soon.

DaveLak avatar Nov 02 '24 03:11 DaveLak