Open jonathanmetzman opened 1 year ago
Some remaining pieces here:
One more thing from my side: We still need to integrate source-based coverage reporting for JavaScript in OSS-Fuzz. This has been recently added to Jazzer.js, and we'll take care of it.
Will this include some way to permanently persist any failing test inputs?
Will this include some way to permanently persist any failing test inputs?
Not sure I understand, but I think yes, this is how oss-fuzz works. Project maintainers are notified when a bug is found and given the crashing input.
As @jonathanmetzman, this is the workflow in OSS-Fuzz. Bugs, including the crashing inputs, are only disclosed to the public once they are fixed, or the disclosure deadline passes with no fix from the maintainers.
That's great - so it's not automatic, but there's zero chance a failed input will be lost, for example by rerunning a test?
That's great - so it's not automatic, but there's zero chance a failed input will be lost, for example by rerunning a test?
I don't know what you mean by "automatic".
There's almost no chance. Sometimes we delete testcases that are non-deterministic and infrequently occurring.
I meant like, a github action that preserves somehow - in a database elsewhere - failed inputs.
If it can transmit the failures to me somehow, that suffices, since I can just manually commit them :-)
Here is the link to all public issues found by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=&can=1. For each issue, you have several details, including a link to download the test case (failing input). Ideally, you then have a unit test with this input to ensure that you test for regressions and verify your fix for the issue. Which testing framework do you use for JavaScript? Jazzer.js has a Jest integration enabling you to write fuzz tests using the usual syntax and automatically create regression tests for found issues.
I use https://npmjs.com/tape.
I'm not aware of tape
, but see that you are the maintainer of it. Would you be interested in adding support for fuzzing runs using Jazzer.js?
I'm not sure what that would entail, but sure, potentially.
Sounds great! We can collaborate there and we can provide the support you need regarding Jazzer.js.
CC @fmeum @bertschneider