fuzz

module

v0.0.0-...-f5a8a4b Latest Latest Go to latest Published: Aug 8, 2022 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

README ¶

Fuzzing

The fuzzing of sigstore uses go-fuzz for fuzzing. It is integrated into oss-fuzz https://github.com/google/oss-fuzz/pull/6890 for fuzzing continuously.

Why not use go 1.18 fuzzing?

The go-fuzz can be compatible with libfuzzer, which is supported by oss-fuzz. The go 1.18 doesn't have support for external fuzzer formats yet.

What is corpus?

A set of inputs for a fuzz target. In most contexts, it refers to a set of minimal test inputs that generate maximal code coverage. https://google.github.io/clusterfuzz/reference/glossary/#corpus

How do I run the fuzzer?

make fuzz
go-fuzz -bin=signature-fuzz.zip -func FuzzED25529SignerVerfier
An example to use the libfuzzer go-fuzz-build --libfuzzer -func FuzzRSASignerVerfier ./signature/... and clang -fsanitize=fuzzer reflect-fuzz.a -o fmt.libfuzzer
The libfuzzer option requires linux.

Directories ¶

Path	Synopsis
dsse

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL