Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Delete unnecessary files and fix format in some MD pages (#4115) 

* style: Clean up the repo

* Bolster the `.gitignore`
* Follow `CONTRIBUTING.md` guidelines and wrap `README.md` to 80
  characters and seperate links for readability
* Remove pesky Unicode dash in `CONTRIBUTING.md`
* Remove `.DS_STORE` files
* Rename `#project.yaml#` to something logical and enable stntax
  highlighting

* Updates from reviewers

* Greatly reduce `.gitignore` to only macOS `.DS_Store` and Vim
  temporary files
* Apply markdown style to `docs/index.md`
* small comma grammatical change

* http -> https
This commit is contained in:
R. Elliott Childre 2020-07-16 18:27:29 -04:00 committed by GitHub
parent d92c122155
commit d70f793353
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 78 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,4 +1,6 @@
.vscode/
*.pyc
/build/
*~
*~
.DS_Store
*.swp

5
CONTRIBUTING.md
View File

@ -1,4 +1,5 @@
Want to contribute? Great! First, read this page (including the small print at the end).
Want to contribute? Great! First, read this page (including the small print at
the end).
### Before you contribute
Before we can use your code, you must sign the
@ -6,7 +7,7 @@ Before we can use your code, you must sign the
(CLA), which you can do online. The CLA is necessary mainly because you own the
copyright to your changes, even after your contribution becomes part of our
codebase, so we need your permission to use and distribute your code. We also
need to be sure of various other thingsfor instance that you'll tell us if you
need to be sure of various other things: for instance that you'll tell us if you
know that your code infringes on other people's patents. You don't have to sign
the CLA until after you've submitted your code for review and a member has
approved it, but you must do it before we can put your code into our codebase.

58
README.md
View File

@ -1,40 +1,58 @@
# OSS-Fuzz: Continuous Fuzzing for Open Source Software
[Fuzz testing](https://en.wikipedia.org/wiki/Fuzz_testing) is a well-known
technique for uncovering programming errors in software.
Many of these detectable errors, like [buffer overflow](https://en.wikipedia.org/wiki/Buffer_overflow), can have serious security implications. Google has found [thousands] of security vulnerabilities and stability bugs by deploying [guided in-process fuzzing of Chrome components](https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html),
and we now want to share that service with the open source community.
[Fuzz testing] is a well-known technique for uncovering programming errors in
software. Many of these detectable errors, like [buffer overflow], can have
serious security implications. Google has found [thousands] of security
vulnerabilities and stability bugs by deploying [guided in-process fuzzing of
Chrome components], and we now want to share that service with the open source
community.
[Fuzz testing]: https://en.wikipedia.org/wiki/Fuzz_testing
[buffer overflow]: https://en.wikipedia.org/wiki/Buffer_overflow
[thousands]: https://bugs.chromium.org/p/chromium/issues/list?q=label%3AStability-LibFuzzer%2CStability-AFL%20-status%3ADuplicate%2CWontFix&can=1
[guided in-process fuzzing of Chrome components]: https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html
In cooperation with the [Core Infrastructure Initiative](https://www.coreinfrastructure.org/),
OSS-Fuzz aims to make common open source software more secure and stable by
combining modern fuzzing techniques with scalable,
distributed execution.
In cooperation with the [Core Infrastructure Initiative], OSS-Fuzz aims to make
common open source software more secure and stable by combining modern fuzzing
techniques with scalable, distributed execution.
We support the [libFuzzer](http://llvm.org/docs/LibFuzzer.html), [AFL](https://lcamtuf.coredump.cx/afl/) and
[Honggfuzz](https://github.com/google/honggfuzz) fuzzing engines
in combination with [Sanitizers](https://github.com/google/sanitizers), as well as
[ClusterFuzz](https://github.com/google/clusterfuzz),
a distributed fuzzer execution environment and reporting tool.
[Core Infrastructure Initiative]: https://www.coreinfrastructure.org/
Currently, OSS-Fuzz supports C/C++, Rust, and Go code. Other languages supported by [LLVM](http://llvm.org) may work too.
OSS-Fuzz supports fuzzing x86_64 and i386 builds.
We support the [libFuzzer], [AFL], and [Honggfuzz] fuzzing engines in
combination with [Sanitizers], as well as [ClusterFuzz], a distributed fuzzer
execution environment and reporting tool.
[libFuzzer]: https://llvm.org/docs/LibFuzzer.html
[AFL]: https://lcamtuf.coredump.cx/afl/
[Honggfuzz]: https://github.com/google/honggfuzz
[Sanitizers]: https://github.com/google/sanitizers
[ClusterFuzz]: https://github.com/google/clusterfuzz
Currently, OSS-Fuzz supports C/C++, Rust, and Go code. Other languages supported
by [LLVM] may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds.
[LLVM]: https://llvm.org
## Overview
![OSS-Fuzz process diagram](docs/images/process.png)
## Documentation
Read our [detailed documentation](https://google.github.io/oss-fuzz) to learn how to use OSS-Fuzz.
Read our [detailed documentation] to learn how to use OSS-Fuzz.
[detailed documentation]: https://google.github.io/oss-fuzz
## Trophies
As of June 2020, OSS-Fuzz has found over [20,000] bugs in [300] open source projects.
As of June 2020, OSS-Fuzz has found over [20,000] bugs in [300] open source
projects.
[20,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=-status%3AWontFix%2CDuplicate%20-component%3AInfra&can=1
[300]: https://github.com/google/oss-fuzz/tree/master/projects
## Blog posts
* 2016-12-01 - [Announcing OSS-Fuzz: Continuous fuzzing for open source software]
* 2017-05-08 - [OSS-Fuzz: Five months later, and rewarding projects]
* 2018-11-06 - [A New Chapter for OSS-Fuzz]
* 2016-12-01 - [Announcing OSS-Fuzz: Continuous fuzzing for open source software](https://opensource.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html)
* 2017-05-08 - [OSS-Fuzz: Five months later, and rewarding projects](https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html)
* 2018-11-06 - [A New Chapter for OSS-Fuzz](https://security.googleblog.com/2018/11/a-new-chapter-for-oss-fuzz.html)
[Announcing OSS-Fuzz: Continuous fuzzing for open source software]: https://opensource.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html
[OSS-Fuzz: Five months later, and rewarding projects]: https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html
[A New Chapter for OSS-Fuzz]: https://security.googleblog.com/2018/11/a-new-chapter-for-oss-fuzz.html

57
docs/index.md
View File

@ -9,42 +9,53 @@ has_toc: false
# OSS-Fuzz
[Fuzz testing](https://en.wikipedia.org/wiki/Fuzz_testing) is a well-known
technique for uncovering programming errors in software.
Many of these detectable errors, like [buffer overflow](https://en.wikipedia.org/wiki/Buffer_overflow),
can have serious security implications. Google has found [thousands] of security vulnerabilities and
stability bugs by deploying
[guided in-process fuzzing of Chrome components](https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html),
and we now want to share that service with the open source community.
[Fuzz testing] is a well-known technique for uncovering programming errors in
software. Many of these detectable errors, like [buffer overflow], can have
serious security implications. Google has found [thousands] of security
vulnerabilities and stability bugs by deploying [guided in-process fuzzing of
Chrome components], and we now want to share that service with the open source
community.
[Fuzz testing]: https://en.wikipedia.org/wiki/Fuzz_testing
[buffer overflow]: https://en.wikipedia.org/wiki/Buffer_overflow
[thousands]: https://bugs.chromium.org/p/chromium/issues/list?q=label%3AStability-LibFuzzer%2CStability-AFL%20-status%3ADuplicate%2CWontFix&can=1
[guided in-process fuzzing of Chrome components]: https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html
In cooperation with the [Core Infrastructure Initiative](https://www.coreinfrastructure.org/),
OSS-Fuzz aims to make common open source software more secure and stable by
combining modern fuzzing techniques with scalable,
distributed execution.
In cooperation with the [Core Infrastructure Initiative], OSS-Fuzz aims to make
common open source software more secure and stable by combining modern fuzzing
techniques with scalable, distributed execution.
We support the [libFuzzer](http://llvm.org/docs/LibFuzzer.html), [AFL](https://lcamtuf.coredump.cx/afl/) and
[Honggfuzz](https://github.com/google/honggfuzz) fuzzing engines
in combination with [Sanitizers](https://github.com/google/sanitizers), as well as
[ClusterFuzz](https://github.com/google/clusterfuzz),
a distributed fuzzer execution environment and reporting tool.
[Core Infrastructure Initiative]: https://www.coreinfrastructure.org/
Currently, OSS-Fuzz supports C/C++, Rust, and Go code. Other languages supported by [LLVM](http://llvm.org) may work too.
OSS-Fuzz supports fuzzing x86_64 and i386 builds.
We support the [libFuzzer], [AFL], and [Honggfuzz] fuzzing engines in
combination with [Sanitizers], as well as [ClusterFuzz], a distributed fuzzer
execution environment and reporting tool.
[libFuzzer]: https://llvm.org/docs/LibFuzzer.html
[AFL]: https://lcamtuf.coredump.cx/afl/
[Honggfuzz]: https://github.com/google/honggfuzz
[Sanitizers]: https://github.com/google/sanitizers
[ClusterFuzz]: https://github.com/google/clusterfuzz
Currently, OSS-Fuzz supports C/C++, Rust, and Go code. Other languages supported
by [LLVM] may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds.
[LLVM]: https://llvm.org
## Learn more about fuzzing
This documentation describes how to use OSS-Fuzz service for your open source project.
To learn more about fuzzing in general, we recommend reading [libFuzzer tutorial]
and the other docs in [google/fuzzing] repository. These and some other resources
are listed on the [useful links]({{ site.baseurl }}/reference/useful-links/#tutorials) page.
This documentation describes how to use OSS-Fuzz service for your open source
project. To learn more about fuzzing in general, we recommend reading [libFuzzer
tutorial] and the other docs in [google/fuzzing] repository. These and some
other resources are listed on the [useful links] page.
[google/fuzzing]: https://github.com/google/fuzzing/tree/master/docs
[libFuzzer tutorial]: https://github.com/google/fuzzing/blob/master/tutorial/libFuzzerTutorial.md
[useful links]: {{ site.baseurl }}/reference/useful-links/#tutorials
## Trophies
As of June 2020, OSS-Fuzz has found over [20,000] bugs in [300] open source projects.
As of June 2020, OSS-Fuzz has found over [20,000] bugs in [300] open source
projects.
[20,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=-status%3AWontFix%2CDuplicate%20-component%3AInfra&can=1
[300]: https://github.com/google/oss-fuzz/tree/master/projects

0
projects/assimp/#project.yaml# → projects/assimp/project_proposed.yaml
View File