Closed noahdietz closed 11 months ago
quartzmo
commented
11 months ago Ideally, we integrate this with OSS-Fuzz instead of running in our own CI.
@noahdietz What are the advantages of using OSS-Fuzz? The setup for Go seems pretty involved. What are the limitations of standard Go fuzzing on our own CI?
noahdietz
commented
11 months ago Ideally, we integrate this with OSS-Fuzz instead of running in our own CI.
@noahdietz What are the advantages of using OSS-Fuzz? The setup for Go seems pretty involved. What are the limitations of standard Go fuzzing on our own CI?
OSS-Fuzz is a continuous Fuzzing system that will run our fuzz tests for very extended periods of time. The opportunity for fuzzing to find an issue can be improved by running said tests for a long time (lots and lots and lots of varied input). By integrating with OSS-Fuzz, we offload the responsibility of having to fuzz on our own for long periods of time. The fuzzing I've added here can be used, so we still control what is being fuzzed, and we will use Go-native fuzzing (these tests).
Plus someone already set it up for the original version of this project here that didn't have fuzz tests already, so it should be easier :)
quartzmo
commented
11 months ago OK, thanks. I guess we can leave it up to OSS-Fuzz to determine how much fuzzing is appropriate.
Add Go-native Fuzz tests for
Parse,ParseBytes, andFromBytes.Ideally, we integrate this with OSS-Fuzz instead of running in our own CI.