[slf4j-dev] Integrating slf4j-api into OSS-Fuzz

Dae Glendowne glendowne at code-intelligence.com
Fri Apr 29 08:23:42 CEST 2022


Hi all,

I have prepared the initial integration (https://github.com/CodeIntelligenceTesting/oss-fuzz/commit/882cfd41586879cef6b2071a1227c3b129ab024d) of slf4j-api into google oss-fuzz. This will enable continuous fuzzing of this project, which will be conducted by Google. Bugs that will be found by fuzzing will be reported to you. After the initial integration of this project into oss-fuzz, I will continue to add additional fuzz tests to improve the code coverage over time.

The integration requires a primary contact, someone to deal with the bug reports submitted by oss-fuzz. The email address needs to belong to an established project committer and be associated with a Google account as per here (https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/). When a bug is found, you will receive an email that will provide you with access to ClusterFuzz, crash reports, and fuzzer statistics. More than 1 person can be included. Please let me know who I should include, if anyone.

Jazzer (https://github.com/CodeIntelligenceTesting/jazzer) is used for fuzzing Java applications. Jazzer is a coverage-guided, in-process fuzzer for the JVM platform developed by Code Intelligence. It is based on libFuzzer and brings many of its instrumentation-powered mutation features to the JVM. Jazzer has already found several bugs in JVM applications: Jazzer Findings (https://github.com/CodeIntelligenceTesting/jazzer#findings)

Please let me know if you have any questions regarding fuzzing or the oss-fuzz integration.

Dae Glendowne
Application Security Engineer | Customer Success
 
Code Intelligence GmbH
Rheinwerkallee 6
D-53227 Bonn, Germany
 
https://www.code-intelligence.com
 
Managing Directors: Sergej Dechand, Dr. Henning Perl
Registered office and court of registry: Bonn, Germany, HRB 23408
 
Hinweis: Im Rahmen dieser Korrespondenz werden von Code Intelligence Ihre personenbezogenen Daten verarbeitet.
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient or have received this e-mail in error please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.


More information about the slf4j-dev mailing list