fuzz: add Go fuzz targets, CI workflow, and docs for OSS-Fuzz#2307
Open
RajaPremSai wants to merge 1 commit intospf13:mainfrom
Open
fuzz: add Go fuzz targets, CI workflow, and docs for OSS-Fuzz#2307RajaPremSai wants to merge 1 commit intospf13:mainfrom
RajaPremSai wants to merge 1 commit intospf13:mainfrom
Conversation
|
|
github-actions
bot
added
the
area/github
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add Go fuzz testing infrastructure and OSS-Fuzz preparation
This PR implements fuzz testing for Cobra as requested in #2261, adding Go 1.18+ fuzz targets, CI integration, and documentation for OSS-Fuzz onboarding.
Changes
Fuzz Tests (
fuzz/cobra_fuzz_test.go)FuzzLd: Tests Levenshtein distance implementation with invariants (symmetry, non-negativity, identity, case-insensitive behavior)FuzzConfigEnvVar: ValidatesconfigEnvVaroutput constraints (A-Z0-9_ only, stable mapping)CI Integration (
.github/workflows/fuzz.yml)Documentation
README.md: Added "Fuzz testing" section with local run instructionssite/content/fuzzing.md: Comprehensive guide including OSS-Fuzz integration stepsCONTRIBUTING.md: Added fuzz testing section for contributorsTesting
OSS-Fuzz Integration
The project is now prepared for OSS-Fuzz integration. The documentation outlines the steps to:
projects/cobra/ingoogle/oss-fuzzproject.yaml,Dockerfile, andbuild.shcompile_go_fuzzerfor each fuzz targetSecurity Impact
Fuzz testing helps identify edge cases and potential security vulnerabilities in core utility functions, particularly around string processing and environment variable handling.
Closes #2261