[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] GSoC 2017
|
From: |
Tim Rühsen |
|
Subject: |
Re: [Bug-wget] GSoC 2017 |
|
Date: |
Tue, 28 Mar 2017 17:03:15 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 |
On 03/28/2017 02:52 PM, Shaleen wrote:
> Hey! I'm a student taking part in the GSoC 2017
> and I'd like to work on the fuzzing framework for wget2
>
> I see there are around 461 WGETAPI's defined in wget.h, which API's do you
> think should be fuzz tested?
We leave this to you :-) Whatever looks the most promising to find flaws.
As a suggestion, take a look into the test code coverage and start with
something that is hardly (or not) covered by our tests.
That is 'make check-coverage' and then view lcov/index.html with your
browser.
Keep in mind that we want (parts of) the fuzzer output being transferred
into our test suite to test corner cases. Part of your work will be to
create these tests as well.
For your proposal, select a bunch of functions that seem most relevant
to you (e.g. complex code that works with arbitrary external input and
is used in Wget2, e.g. xml.c (xml and html parsing), the css parsing,
the HTTP parsing.
Make a plan about how you want to deal with your findings (and be
prepared to find many flaws !). Maybe you would like to dive into the
process of CVE reports.
Regards, Tim
signature.asc
Description: OpenPGP digital signature