You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would like to help keep isort running smoothly by adding fuzz testing and integrating it with Google/OSS-fuzz. In case you are not familiar with fuzz testing, briefly, it is an additional layer of testing (working alongside other tests) that is particularly good at finding unexpected bugs as it doesn't rely on a developer's suspicion to target a piece of code for testing. Wikipedia explains it nicely:
In programming and software development, fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.
Google offers a free, continuous fuzzing service called OSS-fuzz. If isort is integrated into oss-fuzz, the fuzz tests under isort will be built and then run once a day, to search for bugs and vulnerabilities. This service can be integrated with the CI for isort so that the fuzz tests are run for 10min or so for every pull request, preventing buggy code from being merged.
I've opened a pull request to add a basic fuzz-testing harness here #2125. If you are keen on adding isort to oss-fuzz I'd be happy to champion the integration :)
The text was updated successfully, but these errors were encountered:
Hi,
I would like to help keep isort running smoothly by adding fuzz testing and integrating it with Google/OSS-fuzz. In case you are not familiar with fuzz testing, briefly, it is an additional layer of testing (working alongside other tests) that is particularly good at finding unexpected bugs as it doesn't rely on a developer's suspicion to target a piece of code for testing. Wikipedia explains it nicely:
Google offers a free, continuous fuzzing service called OSS-fuzz. If isort is integrated into oss-fuzz, the fuzz tests under isort will be built and then run once a day, to search for bugs and vulnerabilities. This service can be integrated with the CI for isort so that the fuzz tests are run for 10min or so for every pull request, preventing buggy code from being merged.
I've opened a pull request to add a basic fuzz-testing harness here #2125. If you are keen on adding isort to oss-fuzz I'd be happy to champion the integration :)
The text was updated successfully, but these errors were encountered: