Added fuzzer #501
Added fuzzer #501
Conversation
|
Hey, Adam, that's a great idea, thanks for offering! |
|
@ziflex Awesome! Feel free to leave the email address here, or if you prefer, please send it to me at adam /at/ adalogics /dot/ com. Also, kindly accept the fuzzer before I set things up on the oss-fuzz side. Otherwise their Travis will look for the fuzzer and fail when it doesn't find it. |
There was a problem hiding this comment.
According to oss-fuzz guide there are also should be following:
project.yamlfile
fuzzing_engines:
- libfuzzer
sanitizers:
- addressDockerfileshould contain
RUN go get github.com/ianlancetaylor/demangle- call
go-fuzzcommand
If I made a mistake somewhere, correct me :)
pkg/compiler/fuzz/fuzz.go
Outdated
| func Fuzz(data []byte) int { | ||
| c := compiler.New() | ||
| p, err := c.Compile(string(data)) | ||
| if err!=nil || p==nil{ |
There was a problem hiding this comment.
variables and operators should be separated by space. So, line should be if err != nil || p == nil
| "github.com/MontFerret/ferret/pkg/compiler" | ||
| ) | ||
|
|
||
| func Fuzz(data []byte) int { |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
|
@3timeslazy This is not needed on the upstream repository. These commands are needed to setup the fuzzers on oss-fuzz's systems. The fuzzer uploaded is what is needed on upstream repository to run the fuzzer. You are correct that they are needed. I have the build scripts all ready with the exact commands that you are mentioning :) |
pkg/compiler/fuzz/fuzz.go
Outdated
| func Fuzz(data []byte) int { | ||
| c := compiler.New() | ||
| p, err := c.Compile(string(data)) | ||
| if err != nil || p == nil{ |
There was a problem hiding this comment.
Linter falls here https://travis-ci.com/github/MontFerret/ferret/jobs/331199355
pkg/compiler/fuzz/fuzz.go
Outdated
| "github.com/MontFerret/ferret/pkg/compiler" | ||
| ) | ||
|
|
||
| // This function is our fuzzer |
There was a problem hiding this comment.
This comment is not descriptive enough and does not satisfy Go's code style. Write something like
// Fuzz is a fuzzer for oss-fuzz platform.
//
// Read more about it here: https://github.com/google/oss-fuzz
func Fuzz(data []byte) int {}
|
@AdamKorcz thanks for explanation! P.S. |
|
@3timeslazy Thanks for the comments. Regarding the in-code comment: The fuzzer is not specific to oss-fuzz and it can be run outside of oss-fuzz as well. Hence I suggest to not make the description of it too specific to oss-fuzz. |
Codecov Report
@@ Coverage Diff @@
## master #501 +/- ##
========================================
- Coverage 41.3% 41.3% -0.1%
========================================
Files 234 234
Lines 8966 8966
========================================
- Hits 3706 3701 -5
- Misses 4903 4906 +3
- Partials 357 359 +2 |
|
@AdamKorcz you're right about a too specific comment. And the last comment :) Replace Source: https://github.com/golang/go/wiki/CodeReviewComments#comment-sentences |
|
Thank you all for the PR! |
|
Thank you from here as well for all the good comments on a sunday. Crossing my fingers! |
This PR adds a fuzzer that targets
Compile()I managed to get the fuzzer running on oss-fuzz's platform as well, and I propose setting ferret up on in oss-fuzz. This will allow oss-fuzz to run this fuzzer as well as future fuzzers continuously. If a bug is discovered, oss-fuzz sends a bug report via email to all maintainers on their contact list.
It doesn't cost anything to be a part of oss-fuzz, but the bugs do need to get fixed.
If you would like to setup ferret on oss-fuzz, I need a primary contact email address and the email addresses of all maintainers to add to the email list. This can be updated at anytime.
Google might ask about the userbase of ferret in order to accept the project, so if you have any information about any companies or other packages using ferret, it would help with getting ferret accepted.