You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey, first of all I'd like to thank you for all your great work with base64, I'd like to help improve the security/reliability by adding some fuzz testing. In addition I'd like to suggest adding base64 to google/oss-fuzz. If you aren't familiar with fuzz testing, here is a bit of a run down (from Wikipedia);
In short these fuzz-testing will complement your unit-test suite by finding those otherwise hard-to-find edge cases before releasing. Unless you think you've already found all the edge cases 😅?
Google offers a free continuous fuzzing service called OSS-fuzz. If base64 is integrated into oss-fuzz, the fuzz tests under base64 will be built and then run once a day, to search for bugs and vulnerabilities in base64. This service can be integrated with the CI for base64, so that the fuzz tests are run for 10min or so for every pull request, preventing buggy code from being merged.
I've opened up a pull request to add a basic fuzz-testing harness here #119. If you are keen on adding base64 to oss-fuzz I'd be happy to champion the integration :)
The text was updated successfully, but these errors were encountered:
Hey, first of all I'd like to thank you for all your great work with base64, I'd like to help improve the security/reliability by adding some fuzz testing. In addition I'd like to suggest adding base64 to google/oss-fuzz. If you aren't familiar with fuzz testing, here is a bit of a run down (from Wikipedia);
In short these fuzz-testing will complement your unit-test suite by finding those otherwise hard-to-find edge cases before releasing. Unless you think you've already found all the edge cases 😅?
Google offers a free continuous fuzzing service called OSS-fuzz. If base64 is integrated into oss-fuzz, the fuzz tests under base64 will be built and then run once a day, to search for bugs and vulnerabilities in base64. This service can be integrated with the CI for base64, so that the fuzz tests are run for 10min or so for every pull request, preventing buggy code from being merged.
I've opened up a pull request to add a basic fuzz-testing harness here #119. If you are keen on adding base64 to oss-fuzz I'd be happy to champion the integration :)
The text was updated successfully, but these errors were encountered: