search

python-hyper / h2

HTTP/2 State-Machine based protocol implementation
https://h2.readthedocs.io/en/stable
MIT License
945 stars 152 forks source link

Add atheris integration #1258

Closed ad-m closed 1 year ago

ad-m commented 2 years ago

As mentioned in #1257 I am adding initial fuzzing integration. My goal is to integrate with oss-fuzz and - personally - explore the world of fuzzing.

Documentation has been provided that shows the initial development flow with the help of fuzzing.

The initial corpus was prepared based on existing unit tests. I am convinced that it is not exhaustive corpus, but I would like to get some comments on the selected fuzz-targets. Using the proposed corpus requires fixing bug #1257 (the corpus was generated with a local patch for this bug).

The location of the fuzzing corpus storage needs to be considered. Different projects approach it differently. In the future, os-fuzz might host itself as well, but it also requires a bootstrap too.

$ du -sh fuzz/corpus/
11M fuzz/corpus/
$ ls -1 fuzz/corpus/ | wc -l
2587
tomchristie commented 1 year ago

I think we can safely close this off...

Screenshot 2023-05-17 at 14 08 24

Does appear to have caught a valid bug in #1257 which was closed via #1259, but there hasn't been any discussion about adding the tooling directly into the workflow.