-
Notifications
You must be signed in to change notification settings - Fork 10.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
added: fuzz_crawl.py and cifuzz #6072
Conversation
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## master #6072 +/- ##
==========================================
+ Coverage 88.88% 88.95% +0.06%
==========================================
Files 163 163
Lines 11571 11571
Branches 1876 1876
==========================================
+ Hits 10285 10293 +8
+ Misses 975 969 -6
+ Partials 311 309 -2 |
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
class test_spider(scrapy.Spider): | ||
start_urls = ["http://google.com", "http://youtube.com/"] | ||
|
||
def parse(self, response): | ||
pass | ||
|
||
|
||
def TestOneInput(data): | ||
fdp = atheris.FuzzedDataProvider(data) | ||
test = fdp.ConsumeUnicodeNoSurrogates(fdp.ConsumeIntInRange(0, 4096)) | ||
|
||
try: | ||
process = CrawlerProcess(settings={test}) | ||
process.crawl(test_spider) | ||
process.start() | ||
except CloseSpider: | ||
pass |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel a bit out of my depth here. Not only I am not entirely sure how fuzzing works here, but I also don’t know what will prevent those start_urls
from actually being called, which is probably undesirable, or how passing the set {test}
as the value of a parameter that expects a dict can work.
cc @wRAR
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I guess it should be a dict. Sorry about that.
I will close this PR and add better fuzz targets soon.
This PR is adding fuzz target from already merged PR in OSS-fuzz (google/oss-fuzz#10991) and CIfuzz for fuzzing targets against every PR.