search

streamnative / pulsar-archived

Apache Pulsar - distributed pub-sub messaging system
https://pulsar.apache.org
Apache License 2.0
73 stars 25 forks source link

ISSUE-12789: Use Automatic Fuzzing to find bugs (e.g. as part of CI / via github action) #3269

Open sijie opened 2 years ago

sijie commented 2 years ago

Original Issue: apache/pulsar#12789

Is your enhancement request related to a problem? Please describe. Quality and Security could always be optimized...

Describe the solution you'd like Use Automatic Fuzzing to find bugs (e.g. as part of CI / via github action)

OSS-Fuzz: Continuous Fuzzing for Open Source Software https://github.com/google/oss-fuzz

has found As of June 2021, OSS-Fuzz has found over 30,000 bugs in 500 open source projects (see https://github.com/google/oss-fuzz/tree/master/projects)

now it's available as part of CI via github-actions https://github.com/google/clusterfuzzlite

ClusterFuzzLite offers the same features as ClusterFuzz while should be very easy to setup and use. It's already said to be in use by projects like systemd and curl.

Doc: https://google.github.io/clusterfuzzlite/

=> Using it for pulsar may help to strength quality and security going well beyond the already great introduction of spotbugs ( see https://github.com/apache/pulsar/issues?q=enable+spotbugs+) and others

github-actions[bot] commented 2 years ago

The issue had no activity for 30 days, mark with Stale label.