Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Enable fuzzing on the project #662

Open
wbqpk3 opened this issue Nov 6, 2023 · 1 comment
Open

Enable fuzzing on the project #662

wbqpk3 opened this issue Nov 6, 2023 · 1 comment
Labels
Target: Developer environment Developer environment issues consist of CodeCompass or 3rd-party build tooling, configuration or CI.

Comments

@wbqpk3
Copy link
Collaborator

wbqpk3 commented Nov 6, 2023

See the OpenSSF security test (#659).

 {
      "details": [
        "Warn: no OSSFuzz integration found: Follow the steps in https://github.com/google/oss-fuzz to integrate fuzzing for your project.\nOver time, try to add fuzzing for more functionalities of your project. (High effort)",
        "Warn: no OneFuzz integration found: Follow the steps in https://github.com/microsoft/onefuzz to start fuzzing for your project.\nOver time, try to add fuzzing for more functionalities of your project. (High effort)",
        "Warn: no GoBuiltInFuzzer integration found: Follow the steps in https://go.dev/doc/fuzz/ to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)",
        "Warn: no ClusterFuzzLite integration found: Follow the steps in https://github.com/google/clusterfuzzlite to integrate fuzzing as part of CI.\nOver time, try to add fuzzing for more functionalities of your project. (High effort)",
        "Warn: no HaskellPropertyBasedTesting integration found: Use one of the following frameworks to fuzz your project:\nQuickCheck: https://hackage.haskell.org/package/QuickCheck\nhedgehog: https://hedgehog.qa/\nvalidity: https://github.com/NorfairKing/validity\nsmallcheck: https://hackage.haskell.org/package/smallcheck\nhspec: https://hspec.github.io/\ntasty: https://hackage.haskell.org/package/tasty (High effort)",
        "Warn: no TypeScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)",
        "Warn: no JavaScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)"
      ],
      "score": 0,
      "reason": "project is not fuzzed",
      "name": "Fuzzing",
      "documentation": {
        "url": "https://github.com/ossf/scorecard/blob/main/docs/checks.md#fuzzing",
        "short": "Determines if the project uses fuzzing."
      }
  }
@wbqpk3 wbqpk3 mentioned this issue Nov 6, 2023
Open
@mcserep mcserep added the Target: Developer environment Developer environment issues consist of CodeCompass or 3rd-party build tooling, configuration or CI. label Nov 8, 2023
@mcserep
Copy link
Collaborator

mcserep commented Nov 8, 2023

How would we integrate fuzzing into our testing? Generating invalid source files or invalid parametrization for the commands?

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
Target: Developer environment Developer environment issues consist of CodeCompass or 3rd-party build tooling, configuration or CI.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mcserep @wbqpk3