Modified generator.py's sample's numeric-format naming convention

[rbenitezpagan]

Example: Generate 1000 samples Result:

Previous: fuzz-1.html, fuzz-10.html, fuzz-100.html, fuzz-999.html Now: fuzz-0001.html, fuzz-0010.html, fuzz-0100.html, fuzz-0999.html

It helps with processing the files sequentially.

[googlebot]

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

:memo: Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here (e.g. I signed it!) and we'll verify it.

---

What to do if you already signed the CLA

Individual signers

• It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

• Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
• The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
• The email used to register you as an authorized contributor must also be attached to your GitHub account.

[rbenitezpagan]

I signed it!

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here (e.g. I signed it!) and we'll verify it.

What to do if you already signed the CLA

Individual signers

* It's possible we don't have your GitHub username or you're using a different email address on your commit. Check [your existing CLA data](https://cla.developers.google.com/clas) and verify that your [email is set on your git commits](https://help.github.com/articles/setting-your-email-in-git/).

Corporate signers

* Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to [go/cla#troubleshoot](http://go/cla#troubleshoot) ([Public version](https://opensource.google.com/docs/cla/#troubleshoot)).

* The email used to register you as an authorized contributor must be the email used for the Git commit. Check [your existing CLA data](https://cla.developers.google.com/clas) and verify that your [email is set on your git commits](https://help.github.com/articles/setting-your-email-in-git/).

* The email used to register you as an authorized contributor must also be [attached to your GitHub account](https://github.com/settings/emails).

I signed it!

[googlebot]

CLAs look good, thanks!

[ifratric]

Thanks, it makes sense! I think it's actually sufficient to just 0-extend by default to 5 digits or so instead of adding an input flag, as it is highly unlikely that anyone will ever want to generate more than 100k samples in one call. :-)

[ifratric]

Ah, I see I misread and you aren't adding another flag, just using the length of existing '--no_of_files'. But I still think it makes sense to fix it to a constant and have it always behave the same.

[rbenitezpagan]

I believe that's a good option too.

It defines a permanent naming-convention format on the output files which can be useful for scripts.

I was also wondering, I am new to the Security Field, my first project is fuzzing so I was wondering which framework/platform you used to test/run your sample documents?

[ifratric]

Thanks again! I didn't use any existing frameworks, it was mostly a simple loop that generates samples, opens each one in the browser and checks if it crashes. The "checks if it crashes" part is very brower-specific so I never open-sourced that, but e.g. for ASAN single-process builds it could be as simple as checking the return code. For multiprocess builds it gets a bit more complicated, see e.g. https://github.com/googleprojectzero/p0tools/tree/master/WebKitFuzz. For an example on setting up fuzzing on Windows, you can take a look at https://bugid.skylined.nl/20181017001.html.