cuonglm
commented
3 years ago cc @odeke-em
Closed cuonglm closed 3 years ago
cuonglm
commented
3 years ago cc @odeke-em
codecov-commenter
commented
3 years ago Merging #51 (4b57103) into master (ccbebc9) will not change coverage. The diff coverage is
n/a.
@@ Coverage Diff @@
## master #51 +/- ##
=======================================
Coverage 85.68% 85.68%
=======================================
Files 6 6
Lines 468 468
=======================================
Hits 401 401
Misses 39 39
Partials 28 28 Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing dataPowered by Codecov. Last update ccbebc9...4b57103. Read the comment docs.
cuonglm
commented
3 years ago @liamsi
The action .github/workflows/fuzz_build.yml is necessary to have a build which can then be included in oss-fuzz? And same with oss-fuzz-build.sh?
No, .github/workflows/fuzz_build.yml is just our local testing to make sure the fuzz package can be built. When we submit this repo to oss-fuzz, we will use the oss-fuzz-build.sh script to built the necessary object file for lib fuzzer to work. The idea is that we just submit a PR to oss-fuzz once, then continuously adding fuzzer in our repo, oss-fuzz will checkout the latest and run the fuzzing daily.
See discussion in https://github.com/google/oss-fuzz/pull/5631#issuecomment-822532399 for more details
the code under fuzz/fuzz.go is some very basic fuzzing to see if we panic on any random input/operation
Yes, exactly.
cuonglm
commented
3 years ago @liamsi @adlerjohn which email I should use as primary_contact for celestiaorg/smt? And which email you want to be in auto_ccs?
See https://google.github.io/oss-fuzz/getting-started/new-project-guide/#primary for what primary_contact/auto_ccs mean.
liamsi
commented
3 years ago @cuonglm, @musalbas will setup an account / list dev@celestia.org that will notify all relevant people.
odeke-em
commented
3 years ago @cuonglm, @musalbas will setup an account / list dev@celestia.org that will notify all relevant people.
@liamsi I'd highly recommend separating out to say security@celestia.org lest the dev list get drowned out and folks shall get lots of other messages coming to dev :-)
cuonglm
commented
3 years ago @liamsi Thanks! But to be able to see the dashboard, you need an individual Google Account, according to https://google.github.io/oss-fuzz/getting-started/new-project-guide/#primary
So please list any email you want to be included. I'm currently listing only people from Orijtech https://github.com/google/oss-fuzz/pull/6134/files#diff-93b109d8f5b36384edc36042a809c0afdb84d4361312b1fb0f42cb46d66648e5R2
liamsi
commented
3 years ago OK, for now please just use my email: ismail@celestia.org
I guess it's easy to submit a PR oss-fuzz to change that later in case we create a dedicated account for this (security@celestia.org is also a list not an individual account afaik).
cuonglm
commented
3 years ago OK, for now please just use my email: ismail@celestia.org
I guess it's easy to submit a PR oss-fuzz to change that later in case we create a dedicated account for this (security@celestia.org is also a list not an individual account afaik).
Done.
While at it, also add oss fuzz build script for to prepare for adding to oss-fuzz later.
Fixes #31