[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] GSoC 2017
|
From: |
Shaleen |
|
Subject: |
Re: [Bug-wget] GSoC 2017 |
|
Date: |
Wed, 29 Mar 2017 11:07:13 +0000 |
Hi
I have prepared a draft of the proposal, please check it out and lemme know
you opinions.
https://docs.google.com/document/d/17Le7dCTzY29Tk9gks1Ay7p2s3BTR-VI58SPzvl0ymeg/edit?usp=sharing
Thanks
Regards
Shaleen Jain
On Tue, Mar 28, 2017 at 8:33 PM Tim Rühsen <address@hidden> wrote:
>
>
> On 03/28/2017 02:52 PM, Shaleen wrote:
> > Hey! I'm a student taking part in the GSoC 2017
> > and I'd like to work on the fuzzing framework for wget2
> >
> > I see there are around 461 WGETAPI's defined in wget.h, which API's do
> you
> > think should be fuzz tested?
>
> We leave this to you :-) Whatever looks the most promising to find flaws.
>
> As a suggestion, take a look into the test code coverage and start with
> something that is hardly (or not) covered by our tests.
>
> That is 'make check-coverage' and then view lcov/index.html with your
> browser.
>
> Keep in mind that we want (parts of) the fuzzer output being transferred
> into our test suite to test corner cases. Part of your work will be to
> create these tests as well.
>
> For your proposal, select a bunch of functions that seem most relevant
> to you (e.g. complex code that works with arbitrary external input and
> is used in Wget2, e.g. xml.c (xml and html parsing), the css parsing,
> the HTTP parsing.
>
> Make a plan about how you want to deal with your findings (and be
> prepared to find many flaws !). Maybe you would like to dive into the
> process of CVE reports.
>
> Regards, Tim
>
>