Continuous fuzzing by way of OSS-Fuzz

[DavidKorczynski]

Hi,

I was wondering if you would like to integrate continuous fuzzing by way of OSS-Fuzz? Fuzzing is a way to automate test-case generation and can be used to find unexpected exceptions in Python. In this PR https://github.com/google/oss-fuzz/pull/8231 I did an initial integration into OSS-Fuzz and the current fuzzer targets Lexer.parse routine.

If you would like to integrate, the only thing I need is a list of email(s) that will get access to the data produced by OSS-Fuzz, such as bug reports, coverage reports and more stats. Notice the emails affiliated with the project will be public in the OSS-Fuzz repo, as they will be part of a configuration file.

[zzzeek]

Hi David -

yes you (or someone ) has already added my SQLAlchemy project, and it looks like Alembic also, to the fuzzing. I've never received any emails of any issues IIRC, so personally I haven't yet been convinced fuzzing is very applicable to my projects, and particularly with Mako we really are not doing any development on it these days. Nevertheless I'm already in your system for two other projects so feel free to add using the same email address you have for sqlalchemy

[DavidKorczynski]

Thanks @zzzeek will do! I can see https://github.com/google/oss-fuzz/tree/master/projects/sqlalchemy does not have a lot of fuzzers at the moment but I should be able to extend this is the near future and get some results!