mirror of https://github.com/google/oss-fuzz.git
Delete unnecessary files and fix format in some MD pages (#4115)
* style: Clean up the repo * Bolster the `.gitignore` * Follow `CONTRIBUTING.md` guidelines and wrap `README.md` to 80 characters and seperate links for readability * Remove pesky Unicode dash in `CONTRIBUTING.md` * Remove `.DS_STORE` files * Rename `#project.yaml#` to something logical and enable stntax highlighting * Updates from reviewers * Greatly reduce `.gitignore` to only macOS `.DS_Store` and Vim temporary files * Apply markdown style to `docs/index.md` * small comma grammatical change * http -> https
This commit is contained in:
parent
d92c122155
commit
d70f793353
|
@ -2,3 +2,5 @@
|
|||
*.pyc
|
||||
/build/
|
||||
*~
|
||||
.DS_Store
|
||||
*.swp
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
Want to contribute? Great! First, read this page (including the small print at the end).
|
||||
Want to contribute? Great! First, read this page (including the small print at
|
||||
the end).
|
||||
|
||||
### Before you contribute
|
||||
Before we can use your code, you must sign the
|
||||
|
@ -6,7 +7,7 @@ Before we can use your code, you must sign the
|
|||
(CLA), which you can do online. The CLA is necessary mainly because you own the
|
||||
copyright to your changes, even after your contribution becomes part of our
|
||||
codebase, so we need your permission to use and distribute your code. We also
|
||||
need to be sure of various other things—for instance that you'll tell us if you
|
||||
need to be sure of various other things: for instance that you'll tell us if you
|
||||
know that your code infringes on other people's patents. You don't have to sign
|
||||
the CLA until after you've submitted your code for review and a member has
|
||||
approved it, but you must do it before we can put your code into our codebase.
|
||||
|
|
58
README.md
58
README.md
|
@ -1,40 +1,58 @@
|
|||
# OSS-Fuzz: Continuous Fuzzing for Open Source Software
|
||||
|
||||
[Fuzz testing](https://en.wikipedia.org/wiki/Fuzz_testing) is a well-known
|
||||
technique for uncovering programming errors in software.
|
||||
Many of these detectable errors, like [buffer overflow](https://en.wikipedia.org/wiki/Buffer_overflow), can have serious security implications. Google has found [thousands] of security vulnerabilities and stability bugs by deploying [guided in-process fuzzing of Chrome components](https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html),
|
||||
and we now want to share that service with the open source community.
|
||||
[Fuzz testing] is a well-known technique for uncovering programming errors in
|
||||
software. Many of these detectable errors, like [buffer overflow], can have
|
||||
serious security implications. Google has found [thousands] of security
|
||||
vulnerabilities and stability bugs by deploying [guided in-process fuzzing of
|
||||
Chrome components], and we now want to share that service with the open source
|
||||
community.
|
||||
|
||||
[Fuzz testing]: https://en.wikipedia.org/wiki/Fuzz_testing
|
||||
[buffer overflow]: https://en.wikipedia.org/wiki/Buffer_overflow
|
||||
[thousands]: https://bugs.chromium.org/p/chromium/issues/list?q=label%3AStability-LibFuzzer%2CStability-AFL%20-status%3ADuplicate%2CWontFix&can=1
|
||||
[guided in-process fuzzing of Chrome components]: https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html
|
||||
|
||||
In cooperation with the [Core Infrastructure Initiative](https://www.coreinfrastructure.org/),
|
||||
OSS-Fuzz aims to make common open source software more secure and stable by
|
||||
combining modern fuzzing techniques with scalable,
|
||||
distributed execution.
|
||||
In cooperation with the [Core Infrastructure Initiative], OSS-Fuzz aims to make
|
||||
common open source software more secure and stable by combining modern fuzzing
|
||||
techniques with scalable, distributed execution.
|
||||
|
||||
We support the [libFuzzer](http://llvm.org/docs/LibFuzzer.html), [AFL](https://lcamtuf.coredump.cx/afl/) and
|
||||
[Honggfuzz](https://github.com/google/honggfuzz) fuzzing engines
|
||||
in combination with [Sanitizers](https://github.com/google/sanitizers), as well as
|
||||
[ClusterFuzz](https://github.com/google/clusterfuzz),
|
||||
a distributed fuzzer execution environment and reporting tool.
|
||||
[Core Infrastructure Initiative]: https://www.coreinfrastructure.org/
|
||||
|
||||
Currently, OSS-Fuzz supports C/C++, Rust, and Go code. Other languages supported by [LLVM](http://llvm.org) may work too.
|
||||
OSS-Fuzz supports fuzzing x86_64 and i386 builds.
|
||||
We support the [libFuzzer], [AFL], and [Honggfuzz] fuzzing engines in
|
||||
combination with [Sanitizers], as well as [ClusterFuzz], a distributed fuzzer
|
||||
execution environment and reporting tool.
|
||||
|
||||
[libFuzzer]: https://llvm.org/docs/LibFuzzer.html
|
||||
[AFL]: https://lcamtuf.coredump.cx/afl/
|
||||
[Honggfuzz]: https://github.com/google/honggfuzz
|
||||
[Sanitizers]: https://github.com/google/sanitizers
|
||||
[ClusterFuzz]: https://github.com/google/clusterfuzz
|
||||
|
||||
Currently, OSS-Fuzz supports C/C++, Rust, and Go code. Other languages supported
|
||||
by [LLVM] may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds.
|
||||
|
||||
[LLVM]: https://llvm.org
|
||||
|
||||
## Overview
|
||||
![OSS-Fuzz process diagram](docs/images/process.png)
|
||||
|
||||
## Documentation
|
||||
Read our [detailed documentation](https://google.github.io/oss-fuzz) to learn how to use OSS-Fuzz.
|
||||
Read our [detailed documentation] to learn how to use OSS-Fuzz.
|
||||
|
||||
[detailed documentation]: https://google.github.io/oss-fuzz
|
||||
|
||||
## Trophies
|
||||
As of June 2020, OSS-Fuzz has found over [20,000] bugs in [300] open source projects.
|
||||
As of June 2020, OSS-Fuzz has found over [20,000] bugs in [300] open source
|
||||
projects.
|
||||
|
||||
[20,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=-status%3AWontFix%2CDuplicate%20-component%3AInfra&can=1
|
||||
[300]: https://github.com/google/oss-fuzz/tree/master/projects
|
||||
|
||||
## Blog posts
|
||||
* 2016-12-01 - [Announcing OSS-Fuzz: Continuous fuzzing for open source software]
|
||||
* 2017-05-08 - [OSS-Fuzz: Five months later, and rewarding projects]
|
||||
* 2018-11-06 - [A New Chapter for OSS-Fuzz]
|
||||
|
||||
* 2016-12-01 - [Announcing OSS-Fuzz: Continuous fuzzing for open source software](https://opensource.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html)
|
||||
* 2017-05-08 - [OSS-Fuzz: Five months later, and rewarding projects](https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html)
|
||||
* 2018-11-06 - [A New Chapter for OSS-Fuzz](https://security.googleblog.com/2018/11/a-new-chapter-for-oss-fuzz.html)
|
||||
[Announcing OSS-Fuzz: Continuous fuzzing for open source software]: https://opensource.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html
|
||||
[OSS-Fuzz: Five months later, and rewarding projects]: https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html
|
||||
[A New Chapter for OSS-Fuzz]: https://security.googleblog.com/2018/11/a-new-chapter-for-oss-fuzz.html
|
||||
|
|
|
@ -9,42 +9,53 @@ has_toc: false
|
|||
|
||||
# OSS-Fuzz
|
||||
|
||||
[Fuzz testing](https://en.wikipedia.org/wiki/Fuzz_testing) is a well-known
|
||||
technique for uncovering programming errors in software.
|
||||
Many of these detectable errors, like [buffer overflow](https://en.wikipedia.org/wiki/Buffer_overflow),
|
||||
can have serious security implications. Google has found [thousands] of security vulnerabilities and
|
||||
stability bugs by deploying
|
||||
[guided in-process fuzzing of Chrome components](https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html),
|
||||
and we now want to share that service with the open source community.
|
||||
[Fuzz testing] is a well-known technique for uncovering programming errors in
|
||||
software. Many of these detectable errors, like [buffer overflow], can have
|
||||
serious security implications. Google has found [thousands] of security
|
||||
vulnerabilities and stability bugs by deploying [guided in-process fuzzing of
|
||||
Chrome components], and we now want to share that service with the open source
|
||||
community.
|
||||
|
||||
[Fuzz testing]: https://en.wikipedia.org/wiki/Fuzz_testing
|
||||
[buffer overflow]: https://en.wikipedia.org/wiki/Buffer_overflow
|
||||
[thousands]: https://bugs.chromium.org/p/chromium/issues/list?q=label%3AStability-LibFuzzer%2CStability-AFL%20-status%3ADuplicate%2CWontFix&can=1
|
||||
[guided in-process fuzzing of Chrome components]: https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html
|
||||
|
||||
In cooperation with the [Core Infrastructure Initiative](https://www.coreinfrastructure.org/),
|
||||
OSS-Fuzz aims to make common open source software more secure and stable by
|
||||
combining modern fuzzing techniques with scalable,
|
||||
distributed execution.
|
||||
In cooperation with the [Core Infrastructure Initiative], OSS-Fuzz aims to make
|
||||
common open source software more secure and stable by combining modern fuzzing
|
||||
techniques with scalable, distributed execution.
|
||||
|
||||
We support the [libFuzzer](http://llvm.org/docs/LibFuzzer.html), [AFL](https://lcamtuf.coredump.cx/afl/) and
|
||||
[Honggfuzz](https://github.com/google/honggfuzz) fuzzing engines
|
||||
in combination with [Sanitizers](https://github.com/google/sanitizers), as well as
|
||||
[ClusterFuzz](https://github.com/google/clusterfuzz),
|
||||
a distributed fuzzer execution environment and reporting tool.
|
||||
[Core Infrastructure Initiative]: https://www.coreinfrastructure.org/
|
||||
|
||||
Currently, OSS-Fuzz supports C/C++, Rust, and Go code. Other languages supported by [LLVM](http://llvm.org) may work too.
|
||||
OSS-Fuzz supports fuzzing x86_64 and i386 builds.
|
||||
We support the [libFuzzer], [AFL], and [Honggfuzz] fuzzing engines in
|
||||
combination with [Sanitizers], as well as [ClusterFuzz], a distributed fuzzer
|
||||
execution environment and reporting tool.
|
||||
|
||||
[libFuzzer]: https://llvm.org/docs/LibFuzzer.html
|
||||
[AFL]: https://lcamtuf.coredump.cx/afl/
|
||||
[Honggfuzz]: https://github.com/google/honggfuzz
|
||||
[Sanitizers]: https://github.com/google/sanitizers
|
||||
[ClusterFuzz]: https://github.com/google/clusterfuzz
|
||||
|
||||
Currently, OSS-Fuzz supports C/C++, Rust, and Go code. Other languages supported
|
||||
by [LLVM] may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds.
|
||||
|
||||
[LLVM]: https://llvm.org
|
||||
|
||||
## Learn more about fuzzing
|
||||
|
||||
This documentation describes how to use OSS-Fuzz service for your open source project.
|
||||
To learn more about fuzzing in general, we recommend reading [libFuzzer tutorial]
|
||||
and the other docs in [google/fuzzing] repository. These and some other resources
|
||||
are listed on the [useful links]({{ site.baseurl }}/reference/useful-links/#tutorials) page.
|
||||
This documentation describes how to use OSS-Fuzz service for your open source
|
||||
project. To learn more about fuzzing in general, we recommend reading [libFuzzer
|
||||
tutorial] and the other docs in [google/fuzzing] repository. These and some
|
||||
other resources are listed on the [useful links] page.
|
||||
|
||||
[google/fuzzing]: https://github.com/google/fuzzing/tree/master/docs
|
||||
[libFuzzer tutorial]: https://github.com/google/fuzzing/blob/master/tutorial/libFuzzerTutorial.md
|
||||
[useful links]: {{ site.baseurl }}/reference/useful-links/#tutorials
|
||||
|
||||
## Trophies
|
||||
As of June 2020, OSS-Fuzz has found over [20,000] bugs in [300] open source projects.
|
||||
As of June 2020, OSS-Fuzz has found over [20,000] bugs in [300] open source
|
||||
projects.
|
||||
|
||||
[20,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=-status%3AWontFix%2CDuplicate%20-component%3AInfra&can=1
|
||||
[300]: https://github.com/google/oss-fuzz/tree/master/projects
|
||||
|
|
Loading…
Reference in New Issue