-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
xmldom: integrate new project #11036
Conversation
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
karfau is integrating a new project: |
I'm quite new to the fuzzing topic, testing it locally right now, and maybe that's good enough, since for js there is only one kind of fuzzer possible. ONce I decided I will close or push to the PR. |
Could you list some of the more prominent users of xmldom and what makes it a security critical project? |
Thx for asking, as far as I'm aware it's the most mature library for parsing xml in the NodeJs ecosystem.
Several libraries related to SAML/soap:
The most prominent library for dealing with plist files depends on it And some "apps" some "dev tools"
Is that enough information? |
And just to make sure I'm on the right track: That setup would be something I could configure to run as part of this project and it would run twice a day for a limited time and create a github issue in case it finds an issue, which is more likely because it uses a different seed each time but preserves the corpus of previous runs, right? |
It will run continuously on our infra. If you think that's wasteful you can manage a ClusterFuzzLite setup on github actions
Yes. Note that github issues are really pointers to the issues we file in our bug tracker that has access control so not everyone can see the bug (this makes most sense for e.g. use after free bugs in C++) |
We accept this project. Let me know if you want me to merge this PR. |
That is great news. For now I put priority on fixing the issues found by the tool when running it locally. I want to avoid being "flooded" by issues in the start, without being able to resolve them in a timely manner. Afterwards I will find a way to provide the basic corpus for getting started that I'm currently using. (Is it common for people to add that to the docker image?) So I marked the PR as a draft for now. |
tested most steps locally as far as I could, seems to work
I think the current configuration should already work as expected. |
after moving them im the source repo
after moving them im the source repo
in order to integrate them as part of google/oss-fuzz#11036
since the PR as been merged in the source repo
The fuzz target regression test integration in the source repo is finished, so the Dockerfile no longer clones a branch. @jonathanmetzman From my perspective this PR is ready, unless I receive some feedback. |
The "libfuzzer, coverage" job looks like what I expected/anticipated, but there are multiple other jobs that are marked as required, which are failing. I have no clue what I need to do regarding those. I had the impression that I followed all the steps from the docs/instructions |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you try and add the following to project.yaml
:
fuzzing_engines:
- libfuzzer
sanitizers:
- none
I think missing this is what's causing the build issues.
Makes sense, thx for the hint, I think for some reason the init command didn't apply the javascript defaults, I guess I had a typo. Done |
Did you use |
I'm pretty sure I did. |
Is there some way to see those things running? Update: Found it at https://oss-fuzz.com/ |
It looks like the build failed because it was not able to find the corpus directory that I added to the docker image. Whe I tested the doker image locally I did run the targets inside the container, but it looks like this is not what is happening over there. The What is the proper way to provide a corpus in that setup? https://oss-fuzz-build-logs.storage.googleapis.com/index.html#xmldom
|
Fixes: #11036 (comment) CC @karfau To test this from outside the containers: ``` python3 infra/helper.py build_fuzzers xmldom python3 infra/helper.py run_fuzzer xmldom dom-parser.xml.target python3 infra/helper.py run_fuzzer xmldom dom-parser.html.target ``` Signed-off-by: David Korczynski <[email protected]>
No description provided.