From d70f7933536e87a5b5722d45a0a476f8501633e0 Mon Sep 17 00:00:00 2001 From: "R. Elliott Childre" Date: Thu, 16 Jul 2020 18:27:29 -0400 Subject: [PATCH] Delete unnecessary files and fix format in some MD pages (#4115) * style: Clean up the repo * Bolster the `.gitignore` * Follow `CONTRIBUTING.md` guidelines and wrap `README.md` to 80 characters and seperate links for readability * Remove pesky Unicode dash in `CONTRIBUTING.md` * Remove `.DS_STORE` files * Rename `#project.yaml#` to something logical and enable stntax highlighting * Updates from reviewers * Greatly reduce `.gitignore` to only macOS `.DS_Store` and Vim temporary files * Apply markdown style to `docs/index.md` * small comma grammatical change * http -> https --- .gitignore | 4 +- CONTRIBUTING.md | 5 +- README.md | 58 ++++++++++++------- docs/index.md | 57 ++++++++++-------- .../{#project.yaml# => project_proposed.yaml} | 0 5 files changed, 78 insertions(+), 46 deletions(-) rename projects/assimp/{#project.yaml# => project_proposed.yaml} (100%) diff --git a/.gitignore b/.gitignore index 0b41c101a..df32e5f0f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,6 @@ .vscode/ *.pyc /build/ -*~ \ No newline at end of file +*~ +.DS_Store +*.swp diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 81dfba73d..425533885 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,4 +1,5 @@ -Want to contribute? Great! First, read this page (including the small print at the end). +Want to contribute? Great! First, read this page (including the small print at +the end). ### Before you contribute Before we can use your code, you must sign the @@ -6,7 +7,7 @@ Before we can use your code, you must sign the (CLA), which you can do online. The CLA is necessary mainly because you own the copyright to your changes, even after your contribution becomes part of our codebase, so we need your permission to use and distribute your code. We also -need to be sure of various other things—for instance that you'll tell us if you +need to be sure of various other things: for instance that you'll tell us if you know that your code infringes on other people's patents. You don't have to sign the CLA until after you've submitted your code for review and a member has approved it, but you must do it before we can put your code into our codebase. diff --git a/README.md b/README.md index 8e502001c..429fbdab5 100644 --- a/README.md +++ b/README.md @@ -1,40 +1,58 @@ # OSS-Fuzz: Continuous Fuzzing for Open Source Software -[Fuzz testing](https://en.wikipedia.org/wiki/Fuzz_testing) is a well-known -technique for uncovering programming errors in software. -Many of these detectable errors, like [buffer overflow](https://en.wikipedia.org/wiki/Buffer_overflow), can have serious security implications. Google has found [thousands] of security vulnerabilities and stability bugs by deploying [guided in-process fuzzing of Chrome components](https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html), -and we now want to share that service with the open source community. +[Fuzz testing] is a well-known technique for uncovering programming errors in +software. Many of these detectable errors, like [buffer overflow], can have +serious security implications. Google has found [thousands] of security +vulnerabilities and stability bugs by deploying [guided in-process fuzzing of +Chrome components], and we now want to share that service with the open source +community. +[Fuzz testing]: https://en.wikipedia.org/wiki/Fuzz_testing +[buffer overflow]: https://en.wikipedia.org/wiki/Buffer_overflow [thousands]: https://bugs.chromium.org/p/chromium/issues/list?q=label%3AStability-LibFuzzer%2CStability-AFL%20-status%3ADuplicate%2CWontFix&can=1 +[guided in-process fuzzing of Chrome components]: https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html -In cooperation with the [Core Infrastructure Initiative](https://www.coreinfrastructure.org/), -OSS-Fuzz aims to make common open source software more secure and stable by -combining modern fuzzing techniques with scalable, -distributed execution. +In cooperation with the [Core Infrastructure Initiative], OSS-Fuzz aims to make +common open source software more secure and stable by combining modern fuzzing +techniques with scalable, distributed execution. -We support the [libFuzzer](http://llvm.org/docs/LibFuzzer.html), [AFL](https://lcamtuf.coredump.cx/afl/) and -[Honggfuzz](https://github.com/google/honggfuzz) fuzzing engines -in combination with [Sanitizers](https://github.com/google/sanitizers), as well as -[ClusterFuzz](https://github.com/google/clusterfuzz), -a distributed fuzzer execution environment and reporting tool. +[Core Infrastructure Initiative]: https://www.coreinfrastructure.org/ -Currently, OSS-Fuzz supports C/C++, Rust, and Go code. Other languages supported by [LLVM](http://llvm.org) may work too. -OSS-Fuzz supports fuzzing x86_64 and i386 builds. +We support the [libFuzzer], [AFL], and [Honggfuzz] fuzzing engines in +combination with [Sanitizers], as well as [ClusterFuzz], a distributed fuzzer +execution environment and reporting tool. + +[libFuzzer]: https://llvm.org/docs/LibFuzzer.html +[AFL]: https://lcamtuf.coredump.cx/afl/ +[Honggfuzz]: https://github.com/google/honggfuzz +[Sanitizers]: https://github.com/google/sanitizers +[ClusterFuzz]: https://github.com/google/clusterfuzz + +Currently, OSS-Fuzz supports C/C++, Rust, and Go code. Other languages supported +by [LLVM] may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds. + +[LLVM]: https://llvm.org ## Overview ![OSS-Fuzz process diagram](docs/images/process.png) ## Documentation -Read our [detailed documentation](https://google.github.io/oss-fuzz) to learn how to use OSS-Fuzz. +Read our [detailed documentation] to learn how to use OSS-Fuzz. + +[detailed documentation]: https://google.github.io/oss-fuzz ## Trophies -As of June 2020, OSS-Fuzz has found over [20,000] bugs in [300] open source projects. +As of June 2020, OSS-Fuzz has found over [20,000] bugs in [300] open source +projects. [20,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=-status%3AWontFix%2CDuplicate%20-component%3AInfra&can=1 [300]: https://github.com/google/oss-fuzz/tree/master/projects ## Blog posts +* 2016-12-01 - [Announcing OSS-Fuzz: Continuous fuzzing for open source software] +* 2017-05-08 - [OSS-Fuzz: Five months later, and rewarding projects] +* 2018-11-06 - [A New Chapter for OSS-Fuzz] -* 2016-12-01 - [Announcing OSS-Fuzz: Continuous fuzzing for open source software](https://opensource.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html) -* 2017-05-08 - [OSS-Fuzz: Five months later, and rewarding projects](https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html) -* 2018-11-06 - [A New Chapter for OSS-Fuzz](https://security.googleblog.com/2018/11/a-new-chapter-for-oss-fuzz.html) +[Announcing OSS-Fuzz: Continuous fuzzing for open source software]: https://opensource.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html +[OSS-Fuzz: Five months later, and rewarding projects]: https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html +[A New Chapter for OSS-Fuzz]: https://security.googleblog.com/2018/11/a-new-chapter-for-oss-fuzz.html diff --git a/docs/index.md b/docs/index.md index 5cef09521..c202a06bd 100644 --- a/docs/index.md +++ b/docs/index.md @@ -9,42 +9,53 @@ has_toc: false # OSS-Fuzz -[Fuzz testing](https://en.wikipedia.org/wiki/Fuzz_testing) is a well-known -technique for uncovering programming errors in software. -Many of these detectable errors, like [buffer overflow](https://en.wikipedia.org/wiki/Buffer_overflow), -can have serious security implications. Google has found [thousands] of security vulnerabilities and -stability bugs by deploying -[guided in-process fuzzing of Chrome components](https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html), -and we now want to share that service with the open source community. +[Fuzz testing] is a well-known technique for uncovering programming errors in +software. Many of these detectable errors, like [buffer overflow], can have +serious security implications. Google has found [thousands] of security +vulnerabilities and stability bugs by deploying [guided in-process fuzzing of +Chrome components], and we now want to share that service with the open source +community. +[Fuzz testing]: https://en.wikipedia.org/wiki/Fuzz_testing +[buffer overflow]: https://en.wikipedia.org/wiki/Buffer_overflow [thousands]: https://bugs.chromium.org/p/chromium/issues/list?q=label%3AStability-LibFuzzer%2CStability-AFL%20-status%3ADuplicate%2CWontFix&can=1 +[guided in-process fuzzing of Chrome components]: https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html -In cooperation with the [Core Infrastructure Initiative](https://www.coreinfrastructure.org/), -OSS-Fuzz aims to make common open source software more secure and stable by -combining modern fuzzing techniques with scalable, -distributed execution. +In cooperation with the [Core Infrastructure Initiative], OSS-Fuzz aims to make +common open source software more secure and stable by combining modern fuzzing +techniques with scalable, distributed execution. -We support the [libFuzzer](http://llvm.org/docs/LibFuzzer.html), [AFL](https://lcamtuf.coredump.cx/afl/) and -[Honggfuzz](https://github.com/google/honggfuzz) fuzzing engines -in combination with [Sanitizers](https://github.com/google/sanitizers), as well as -[ClusterFuzz](https://github.com/google/clusterfuzz), -a distributed fuzzer execution environment and reporting tool. +[Core Infrastructure Initiative]: https://www.coreinfrastructure.org/ -Currently, OSS-Fuzz supports C/C++, Rust, and Go code. Other languages supported by [LLVM](http://llvm.org) may work too. -OSS-Fuzz supports fuzzing x86_64 and i386 builds. +We support the [libFuzzer], [AFL], and [Honggfuzz] fuzzing engines in +combination with [Sanitizers], as well as [ClusterFuzz], a distributed fuzzer +execution environment and reporting tool. + +[libFuzzer]: https://llvm.org/docs/LibFuzzer.html +[AFL]: https://lcamtuf.coredump.cx/afl/ +[Honggfuzz]: https://github.com/google/honggfuzz +[Sanitizers]: https://github.com/google/sanitizers +[ClusterFuzz]: https://github.com/google/clusterfuzz + +Currently, OSS-Fuzz supports C/C++, Rust, and Go code. Other languages supported +by [LLVM] may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds. + +[LLVM]: https://llvm.org ## Learn more about fuzzing -This documentation describes how to use OSS-Fuzz service for your open source project. -To learn more about fuzzing in general, we recommend reading [libFuzzer tutorial] -and the other docs in [google/fuzzing] repository. These and some other resources -are listed on the [useful links]({{ site.baseurl }}/reference/useful-links/#tutorials) page. +This documentation describes how to use OSS-Fuzz service for your open source +project. To learn more about fuzzing in general, we recommend reading [libFuzzer +tutorial] and the other docs in [google/fuzzing] repository. These and some +other resources are listed on the [useful links] page. [google/fuzzing]: https://github.com/google/fuzzing/tree/master/docs [libFuzzer tutorial]: https://github.com/google/fuzzing/blob/master/tutorial/libFuzzerTutorial.md +[useful links]: {{ site.baseurl }}/reference/useful-links/#tutorials ## Trophies -As of June 2020, OSS-Fuzz has found over [20,000] bugs in [300] open source projects. +As of June 2020, OSS-Fuzz has found over [20,000] bugs in [300] open source +projects. [20,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=-status%3AWontFix%2CDuplicate%20-component%3AInfra&can=1 [300]: https://github.com/google/oss-fuzz/tree/master/projects diff --git a/projects/assimp/#project.yaml# b/projects/assimp/project_proposed.yaml similarity index 100% rename from projects/assimp/#project.yaml# rename to projects/assimp/project_proposed.yaml