Update docs, add python support. (#4878)

2020-12-21 13:43:26 -08:00 · 2020-12-21 13:43:26 -08:00 · 08254b99c4
parent 6a646ea993
commit 08254b99c4
4 changed files with 70 additions and 51 deletions
--- a/README.md
+++ b/README.md
@ -12,9 +12,9 @@ community.
 [thousands]: https://bugs.chromium.org/p/chromium/issues/list?q=label%3AStability-LibFuzzer%2CStability-AFL%20-status%3ADuplicate%2CWontFix&can=1
 [guided in-process fuzzing of Chrome components]: https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html

-In cooperation with the [Core Infrastructure Initiative] and the [OpenSSF], OSS-Fuzz
-aims to make common open source software more secure and stable by combining modern
-fuzzing techniques with scalable, distributed execution.
+In cooperation with the [Core Infrastructure Initiative] and the [OpenSSF],
+OSS-Fuzz aims to make common open source software more secure and stable by
+combining modern fuzzing techniques with scalable, distributed execution.

 [Core Infrastructure Initiative]: https://www.coreinfrastructure.org/
 [OpenSSF]: https://www.openssf.org/
@ -29,8 +29,9 @@ execution environment and reporting tool.
 [Sanitizers]: https://github.com/google/sanitizers
 [ClusterFuzz]: https://github.com/google/clusterfuzz

-Currently, OSS-Fuzz supports C/C++, Rust, and Go code. Other languages supported
-by [LLVM] may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds.
+Currently, OSS-Fuzz supports C/C++, Rust, Go and Python code. Other languages
+supported by [LLVM] may work too. OSS-Fuzz supports fuzzing x86_64 and i386
+builds.

 [LLVM]: https://llvm.org

@ -43,11 +44,11 @@ Read our [detailed documentation] to learn how to use OSS-Fuzz.
 [detailed documentation]: https://google.github.io/oss-fuzz

 ## Trophies
-As of June 2020, OSS-Fuzz has found over [20,000] bugs in [300] open source
+As of January 2021, OSS-Fuzz has found over [25,000] bugs in [375] open source
 projects.

-[20,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=-status%3AWontFix%2CDuplicate%20-component%3AInfra&can=1
-[300]: https://github.com/google/oss-fuzz/tree/master/projects
+[25,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=-status%3AWontFix%2CDuplicate%20-component%3AInfra&can=1
+[375]: https://github.com/google/oss-fuzz/tree/master/projects

 ## Blog posts
 * 2016-12-01 - [Announcing OSS-Fuzz: Continuous fuzzing for open source software]
--- a/docs/Gemfile.lock
+++ b/docs/Gemfile.lock
@ -1,7 +1,7 @@
 GEM
  remote: https://rubygems.org/
  specs:
-    activesupport (6.0.3.2)
+    activesupport (6.0.3.4)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 0.7, < 2)
      minitest (~> 5.1)
@ -16,38 +16,39 @@ GEM
    colorator (1.1.0)
    commonmarker (0.17.13)
      ruby-enum (~> 0.5)
-    concurrent-ruby (1.1.6)
-    dnsruby (1.61.3)
-      addressable (~> 2.5)
-    em-websocket (0.5.1)
+    concurrent-ruby (1.1.7)
+    dnsruby (1.61.5)
+      simpleidn (~> 0.1)
+    em-websocket (0.5.2)
      eventmachine (>= 0.12.9)
      http_parser.rb (~> 0.6.0)
    ethon (0.12.0)
      ffi (>= 1.3.0)
    eventmachine (1.2.7)
    execjs (2.7.0)
-    faraday (1.0.1)
+    faraday (1.1.0)
      multipart-post (>= 1.2, < 3)
-    ffi (1.13.1)
+      ruby2_keywords
+    ffi (1.14.2)
    forwardable-extended (2.6.0)
    gemoji (3.0.1)
-    github-pages (206)
+    github-pages (209)
      github-pages-health-check (= 1.16.1)
-      jekyll (= 3.8.7)
+      jekyll (= 3.9.0)
      jekyll-avatar (= 0.7.0)
      jekyll-coffeescript (= 1.1.1)
      jekyll-commonmark-ghpages (= 0.1.6)
      jekyll-default-layout (= 0.1.4)
-      jekyll-feed (= 0.13.0)
+      jekyll-feed (= 0.15.1)
      jekyll-gist (= 1.5.0)
      jekyll-github-metadata (= 2.13.0)
-      jekyll-mentions (= 1.5.1)
+      jekyll-mentions (= 1.6.0)
      jekyll-optional-front-matter (= 0.3.2)
      jekyll-paginate (= 1.1.0)
      jekyll-readme-index (= 0.3.0)
-      jekyll-redirect-from (= 0.15.0)
+      jekyll-redirect-from (= 0.16.0)
      jekyll-relative-links (= 0.6.1)
-      jekyll-remote-theme (= 0.4.1)
+      jekyll-remote-theme (= 0.4.2)
      jekyll-sass-converter (= 1.5.2)
      jekyll-seo-tag (= 2.6.1)
      jekyll-sitemap (= 1.4.0)
@ -55,7 +56,7 @@ GEM
      jekyll-theme-architect (= 0.1.1)
      jekyll-theme-cayman (= 0.1.1)
      jekyll-theme-dinky (= 0.1.1)
-      jekyll-theme-hacker (= 0.1.1)
+      jekyll-theme-hacker (= 0.1.2)
      jekyll-theme-leap-day (= 0.1.1)
      jekyll-theme-merlot (= 0.1.1)
      jekyll-theme-midnight (= 0.1.1)
@ -66,13 +67,14 @@ GEM
      jekyll-theme-tactile (= 0.1.1)
      jekyll-theme-time-machine (= 0.1.1)
      jekyll-titles-from-headings (= 0.5.3)
-      jemoji (= 0.11.1)
-      kramdown (= 1.17.0)
+      jemoji (= 0.12.0)
+      kramdown (= 2.3.0)
+      kramdown-parser-gfm (= 1.1.0)
      liquid (= 4.0.3)
      mercenary (~> 0.3)
      minima (= 2.5.1)
      nokogiri (>= 1.10.4, < 2.0)
-      rouge (= 3.19.0)
+      rouge (= 3.23.0)
      terminal-table (~> 1.4)
    github-pages-health-check (1.16.1)
      addressable (~> 2.3)
@ -80,20 +82,20 @@ GEM
      octokit (~> 4.0)
      public_suffix (~> 3.0)
      typhoeus (~> 1.3)
-    html-pipeline (2.13.0)
+    html-pipeline (2.14.0)
      activesupport (>= 2)
      nokogiri (>= 1.4)
    http_parser.rb (0.6.0)
    i18n (0.9.5)
      concurrent-ruby (~> 1.0)
-    jekyll (3.8.7)
+    jekyll (3.9.0)
      addressable (~> 2.4)
      colorator (~> 1.0)
      em-websocket (~> 0.5)
      i18n (~> 0.7)
      jekyll-sass-converter (~> 1.0)
      jekyll-watch (~> 2.0)
-      kramdown (~> 1.14)
+      kramdown (>= 1.17, < 3)
      liquid (~> 4.0)
      mercenary (~> 0.3.3)
      pathutil (~> 0.9)
@ -113,14 +115,14 @@ GEM
      rouge (>= 2.0, < 4.0)
    jekyll-default-layout (0.1.4)
      jekyll (~> 3.0)
-    jekyll-feed (0.13.0)
+    jekyll-feed (0.15.1)
      jekyll (>= 3.7, < 5.0)
    jekyll-gist (1.5.0)
      octokit (~> 4.2)
    jekyll-github-metadata (2.13.0)
      jekyll (>= 3.4, < 5.0)
      octokit (~> 4.0, != 4.4.0)
-    jekyll-mentions (1.5.1)
+    jekyll-mentions (1.6.0)
      html-pipeline (~> 2.3)
      jekyll (>= 3.7, < 5.0)
    jekyll-optional-front-matter (0.3.2)
@ -128,14 +130,15 @@ GEM
    jekyll-paginate (1.1.0)
    jekyll-readme-index (0.3.0)
      jekyll (>= 3.0, < 5.0)
-    jekyll-redirect-from (0.15.0)
+    jekyll-redirect-from (0.16.0)
      jekyll (>= 3.3, < 5.0)
    jekyll-relative-links (0.6.1)
      jekyll (>= 3.3, < 5.0)
-    jekyll-remote-theme (0.4.1)
+    jekyll-remote-theme (0.4.2)
      addressable (~> 2.0)
      jekyll (>= 3.5, < 5.0)
-      rubyzip (>= 1.3.0)
+      jekyll-sass-converter (>= 1.0, <= 3.0.0, != 2.0.0)
+      rubyzip (>= 1.3.0, < 3.0)
    jekyll-sass-converter (1.5.2)
      sass (~> 3.4)
    jekyll-seo-tag (2.6.1)
@ -152,8 +155,8 @@ GEM
    jekyll-theme-dinky (0.1.1)
      jekyll (~> 3.5)
      jekyll-seo-tag (~> 2.0)
-    jekyll-theme-hacker (0.1.1)
-      jekyll (~> 3.5)
+    jekyll-theme-hacker (0.1.2)
+      jekyll (> 3.5, < 5.0)
      jekyll-seo-tag (~> 2.0)
    jekyll-theme-leap-day (0.1.1)
      jekyll (~> 3.5)
@ -187,13 +190,16 @@ GEM
      jekyll (>= 3.3, < 5.0)
    jekyll-watch (2.2.1)
      listen (~> 3.0)
-    jemoji (0.11.1)
+    jemoji (0.12.0)
      gemoji (~> 3.0)
      html-pipeline (~> 2.2)
      jekyll (>= 3.0, < 5.0)
-    kramdown (1.17.0)
+    kramdown (2.3.0)
+      rexml
+    kramdown-parser-gfm (1.1.0)
+      kramdown (~> 2.0)
    liquid (4.0.3)
-    listen (3.2.1)
+    listen (3.3.3)
      rb-fsevent (~> 0.10, >= 0.10.3)
      rb-inotify (~> 0.9, >= 0.9.10)
    mercenary (0.3.6)
@ -202,11 +208,11 @@ GEM
      jekyll (>= 3.5, < 5.0)
      jekyll-feed (~> 0.9)
      jekyll-seo-tag (~> 2.1)
-    minitest (5.14.1)
+    minitest (5.14.2)
    multipart-post (2.1.1)
    nokogiri (1.10.10)
      mini_portile2 (~> 2.4.0)
-    octokit (4.18.0)
+    octokit (4.19.0)
      faraday (>= 0.9)
      sawyer (~> 0.8.0, >= 0.5.3)
    pathutil (0.16.2)
@ -215,9 +221,11 @@ GEM
    rb-fsevent (0.10.4)
    rb-inotify (0.10.1)
      ffi (~> 1.0)
-    rouge (3.19.0)
+    rexml (3.2.4)
+    rouge (3.23.0)
    ruby-enum (0.8.0)
      i18n
+    ruby2_keywords (0.0.2)
    rubyzip (2.3.0)
    safe_yaml (1.0.5)
    sass (3.7.4)
@ -228,15 +236,20 @@ GEM
    sawyer (0.8.2)
      addressable (>= 2.3.5)
      faraday (> 0.8, < 2.0)
+    simpleidn (0.1.1)
+      unf (~> 0.1.4)
    terminal-table (1.8.0)
      unicode-display_width (~> 1.1, >= 1.1.1)
    thread_safe (0.3.6)
    typhoeus (1.4.0)
      ethon (>= 0.9.0)
-    tzinfo (1.2.7)
+    tzinfo (1.2.9)
      thread_safe (~> 0.1)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.7.7)
    unicode-display_width (1.7.0)
-    zeitwerk (2.4.0)
+    zeitwerk (2.4.2)

 PLATFORMS
  ruby
--- a/docs/index.md
+++ b/docs/index.md
@ -21,11 +21,12 @@ community.
 [thousands]: https://bugs.chromium.org/p/chromium/issues/list?q=label%3AStability-LibFuzzer%2CStability-AFL%20-status%3ADuplicate%2CWontFix&can=1
 [guided in-process fuzzing of Chrome components]: https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html

-In cooperation with the [Core Infrastructure Initiative], OSS-Fuzz aims to make
-common open source software more secure and stable by combining modern fuzzing
-techniques with scalable, distributed execution.
+In cooperation with the [Core Infrastructure Initiative] and the [OpenSSF],
+OSS-Fuzz aims to make common open source software more secure and stable by
+combining modern fuzzing techniques with scalable, distributed execution.

 [Core Infrastructure Initiative]: https://www.coreinfrastructure.org/
+[OpenSSF]: https://www.openssf.org/

 We support the [libFuzzer], [AFL], and [Honggfuzz] fuzzing engines in
 combination with [Sanitizers], as well as [ClusterFuzz], a distributed fuzzer
@ -37,8 +38,9 @@ execution environment and reporting tool.
 [Sanitizers]: https://github.com/google/sanitizers
 [ClusterFuzz]: https://github.com/google/clusterfuzz

-Currently, OSS-Fuzz supports C/C++, Rust, and Go code. Other languages supported
-by [LLVM] may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds.
+Currently, OSS-Fuzz supports C/C++, Rust, Go and Python code. Other languages
+supported by [LLVM] may work too. OSS-Fuzz supports fuzzing x86_64 and i386
+builds.

 [LLVM]: https://llvm.org

@ -54,8 +56,9 @@ other resources are listed on the [useful links] page.
 [useful links]: {{ site.baseurl }}/reference/useful-links/#tutorials

 ## Trophies
-As of June 2020, OSS-Fuzz has found over [20,000] bugs in [300] open source
+As of January 2021, OSS-Fuzz has found over [25,000] bugs in [375] open source
 projects.

-[20,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=-status%3AWontFix%2CDuplicate%20-component%3AInfra&can=1
-[300]: https://github.com/google/oss-fuzz/tree/master/projects
+[25,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=-status%3AWontFix%2CDuplicate%20-component%3AInfra&can=1
+[375]: https://github.com/google/oss-fuzz/tree/master/projects
+
--- a/docs/reference/useful_links.md
+++ b/docs/reference/useful_links.md
@ -33,6 +33,8 @@ parent: Reference
 [Security](https://security.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html))
 * 2018-11-06 - A New Chapter for OSS-Fuzz
 ([Security](https://security.googleblog.com/2018/11/a-new-chapter-for-oss-fuzz.html))
+* 2020-10-09 - [Fuzzing internships for Open Source Software](https://security.googleblog.com/2020/10/fuzzing-internships-for-open-source.html)
+* 2020-12-07 - [Improving open source security during the Google summer internship program](https://security.googleblog.com/2020/12/improving-open-source-security-during.html)

 ## Tutorials