Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

google/OSS-fuzz integration: continuous fuzz testing #207

Open
nathaniel-brough opened this issue Jan 18, 2023 · 1 comment
Open

google/OSS-fuzz integration: continuous fuzz testing #207

nathaniel-brough opened this issue Jan 18, 2023 · 1 comment

Comments

@nathaniel-brough
Copy link

First of all, thank you for this project, it's been a great help to me in the past.

I'd like to add glamour to the google/oss-fuzz project. OSS-fuzz is a free automated service for continuous fuzz testing. When a bug is found, you'll receive an email notification, with details about what caused a crash during fuzzing. I've put together a draft PR to integrate glamour.

All that I need to complete the PR at this point is an email address (associated with a google/gmail account) for a member of the glamour team. There are some docs about what is required here.

I've already found a couple of bugs in glamour using oss-fuzz locally! So hopefully this will help with the process of making glamour more reliable and secure.
@muesli
Copy link
Contributor

muesli commented Mar 7, 2023

We actually do have some fuzz testing in https://github.com/charmbracelet/glamour/tree/master/testdata/fuzz. I think we should migrate to Go's own fuzzer however: https://go.dev/security/fuzz/

I'd be curious to hear about the bugs you've found locally!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@muesli @nathaniel-brough