Continuous fuzzing by way of OSS-Fuzz

[DavidKorczynski]

Hi,

I was wondering if you would like to integrate continuous fuzzing by way of OSS-Fuzz? Fuzzing is a way to automate test-case generation and can be used to find unexpected exceptions in Python. In this PR https://github.com/google/oss-fuzz/pull/8230 I did an initial integration into OSS-Fuzz and the current fuzzer targets the decode and encode apis with the idea of catching uncaught exceptions as well as checking payload == decode(encode(payload)).

If you would like to integrate, the only thing I need is a list of email(s) that will get access to the data produced by OSS-Fuzz, such as bug reports, coverage reports and more stats. Notice the emails affiliated with the project will be public in the OSS-Fuzz repo, as they will be part of a configuration file.

[auvipy]

could be a good addition, but what about property based testing with hypothesis which is a form of fuzzing?

[DavidKorczynski]

I think ultimately doing OSS-Fuzz and Hypothesis would be the best.

I'm not much familiar with Hypothesis so I can't comment too much on it. But, see this comment from the Hypothesis maintainer on how fuzzing and hypothesis compares: https://mail.python.org/archives/list/numpy-discussion@python.org/message/GHERCCDPOICEBDJJZAYKT4XJYFBGGA3C/

I think the fuzzer should be able to get some results as is, so i'd be happy to integrate this one and then take it from there.

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days