From bc2ae2ba519e7122daf0d65161809b5f2b3e5564 Mon Sep 17 00:00:00 2001 From: Max Moroz Date: Tue, 7 Jul 2020 09:22:05 -0700 Subject: [PATCH] [docs] Add FAQ entry regarding forked repos + bump the bundler version. (#4078) * [docs] Add FAQ entry regarding forked repos + bump the bundler version. * format --- docs/Gemfile.lock | 2 +- docs/faq.md | 16 +++++++++++++--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/docs/Gemfile.lock b/docs/Gemfile.lock index 14b63ac35..cd1e89f9b 100644 --- a/docs/Gemfile.lock +++ b/docs/Gemfile.lock @@ -245,4 +245,4 @@ DEPENDENCIES github-pages BUNDLED WITH - 1.16.1 + 2.1.4 diff --git a/docs/faq.md b/docs/faq.md index d3c557935..2ba263183 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -45,6 +45,13 @@ You should look for places in your code that: - look for existing fuzz target [examples](https://github.com/google/oss-fuzz/tree/master/projects) and find similarities. +## Where can I store fuzz target sources and the build script if it's not yet accepted upstream? + +Fuzz target sources as well as the build script may temporarily live inside the +`projects/` directory in the OSS-Fuzz repository. Note that we do +not accept integrations that rely on forked repositories. Refer to the +[ideal integration guide] for the preferred long term solution. + ## My project is not open source. Can I use OSS-Fuzz? You cannot use OSS-Fuzz, but you can use [ClusterFuzz] which OSS-Fuzz is based @@ -152,6 +159,7 @@ possible. We believe that public code coverage reports do not put users at risk, as they do not indicate the presence of bugs or lack thereof. ## What happens when I rename a fuzz target ? + If you rename your fuzz targets, the existing bugs for those targets will get closed and fuzzing will start from scratch from a fresh corpora (seed corpus only). Similar corpora will get accumulated over time depending on @@ -163,14 +171,15 @@ restore it to the new GCS location later (instruction to find the new location [here]({{ site.baseurl }}/advanced-topics/corpora/#viewing-the-corpus-for-a-fuzz-target)). ## Does OSS-Fuzz support AFL or honggfuzz? + OSS-Fuzz *uses* both [AFL](https://lcamtuf.coredump.cx/afl/) and [honggfuzz](https://github.com/google/honggfuzz) [fuzzing engines]({{ site.baseurl }}/reference/glossary/#fuzzing-engine). -Follow the -[ideal integration guide]({{ site.baseurl }}/advanced-topics/ideal-integration/) -and OSS-Fuzz will use all its fuzzing engines on your code. +Follow the [ideal integration guide] and OSS-Fuzz will use all its fuzzing +engines on your code. ## What are the specs on your machines? + OSS-Fuzz builders have 32CPU/28.8GB RAM. Fuzzing machines only have a single core and fuzz targets should not use more @@ -184,3 +193,4 @@ corpora generated by OSS-Fuzz. OSS-Fuzz infrastructure is fully open source have no intent to restrict the use of the artifacts produced by OSS-Fuzz. [ClusterFuzz]: https://github.com/google/clusterfuzz +[ideal integration guide]: {{ site.baseurl }}/advanced-topics/ideal-integration/