Security initiative in December 2023: fuzzing Nodejs: https://github.com/google/oss-fuzz/tree/master/projects/nodejs #1159
Comments
|
Hi all, we have started the fuzzing work for Node with the following three PRs:
We plan to add more fuzz coverage of native code primarily for now. In addition, I have added myself to the contact list of Nodes OSS-Fuzz integration: https://github.com/google/oss-fuzz/blob/3c4e2c6724f7d6f090b085f1c28d937bdeaf3918/projects/nodejs/project.yaml#L10 so I can keep track of the feedback from the added fuzzers. We will add new fuzzers in the same manner as the three PRs above. In addition, we are also looking at the fuzz coverage of Nodes core dependencies to assess which improvements we can make there. |
|
Hi @AdamKorcz great job, where can we see the reports? |
All email addresses in this file have access to findings: https://github.com/google/oss-fuzz/blob/master/projects/nodejs/project.yaml It will need to be an email address associated with a Google account. |
|
This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made. |
|
@Amir-Montazery @AdamKorcz Could we have some update about the fuzzing progress? |
|
I can provide a quick update in the 2024-04-11 meeting and have also invited AdamKorcz to the next security-wg meeting. |
Per discussion with the security wg at the 11/23/2023 wg meeting, an issue has been created to kick off and help track the fuzzing security initiative scheduled for December 2023. A general description of the work to be done can be found at: #1146.
We plan on working with David Korczynski (https://github.com/DavidKorczynski) on this initiative.
The text was updated successfully, but these errors were encountered: