Remove fuzz-fuzz.zip from source code

agnivade / levenshtein

Go implementation to calculate Levenshtein Distance.

MIT License

355 stars 27 forks source link

Remove fuzz-fuzz.zip from source code #27

Open cyrilc-pro opened 5 months ago

cyrilc-pro commented 5 months ago

This package includes a file fuzz/fuzz-fuzz.zip which includes binaries (sonar.exe, cover.exe). These files are detected as vulnerable by security scanners as they were compiled with Go 1.14.1. I think this is file should not be committed into Git.

agnivade commented 5 months ago

A PR would be most welcome :)

cyrilc-pro commented 4 months ago

What do you suggest? Can we just remove the zip file?

agnivade commented 4 months ago

Historically, Go exe files have been known to raise false vulnerabilities by scanners.

This code was added quite a while back and now there's native fuzzing available in the Go toolchain. It would be great if you want to revamp the entire fuzzing part - remove all the old code, and redo fuzzing using the new way.

Otherwise, I don't think there's a big downside in keeping them.