Continuous fuzzing through OSS-fuzz

[AdamKorcz]

Feature Request

Desired Feature

Continuous fuzzing

I have been working on setting up continuous fuzzing of ignition through OSS-fuzz here: https://github.com/google/oss-fuzz/pull/5368

For those unfamiliar: Fuzzing is a way of testing applications whereby pseudo-random data is passed to a program with the goal of finding bugs and vulnerabilities. It has been effective in finding bugs in many open source projects. Google's OSS-fuzz project offers free CPU-power and infrastructure for critical open source projects to run their fuzzers continuously. I have written an article here about an example of why it is important to run your fuzzers continuously: https://adalogics.com/blog/the-importance-of-continuity-in-fuzzing-cve-2020-28362

All that is needed to finish the integration application of ignition is at least one maintainers email address for bug reports.

[bgilbert]

Thanks for pursuing this!

All that is needed to finish the integration application of ignition is at least one maintainers email address for bug reports.

It turns out that your question has inadvertently prompted some infrastructure work that we needed to do anyway. We're working on getting you an address you can use.

[AdamKorcz]

Thank you for letting me know. In case there is anything I can do to help on the fuzzing side, please do not hesitate to let me know.

[cverna]

Opened a Fedora infra ticket to get a new mailing list we can use for that https://pagure.io/fedora-infrastructure/issue/9776.

[bgilbert]

@AdamKorcz I've sent the contact address to the email in your GitHub profile.

[AdamKorcz]

@bgilbert Well received. The email address will be publicly visible on the OSS-fuzz repository. Shall we still use it?

[bgilbert]

Yeah, let's proceed anyway. The address isn't inherently secret; I'm just hoping to limit spam volume. Thanks for double-checking.