Re: [PR] [COMPRESS-720] Integrate OSS-Fuzz fuzzers and enable CIFuzz [commons-compress]

[via GitHub]

garydgregory commented on code in PR #762:
URL: https://github.com/apache/commons-compress/pull/762#discussion_r3155176069


##
pom.xml:
##
@@ -406,6 +406,15 @@ Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, 
arj.
 org.apache.maven.plugins
 maven-checkstyle-plugin
   
+  
+org.apache.maven.plugins
+maven-compiler-plugin
+
+  
+org/apache/commons/compress/fuzz/**

Review Comment:
   Do we really need to NOT compile this code? It seems like a typo away from 
breaking something.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] [COMPRESS-720] Integrate OSS-Fuzz fuzzers and enable CIFuzz [commons-compress]

[via GitHub]

vishalcoc44 commented on code in PR #762:
URL: https://github.com/apache/commons-compress/pull/762#discussion_r2914127441


##
src/test/java/org/apache/commons/compress/fuzz/BaseTests.java:
##
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.compress.fuzz;
+
+import org.apache.commons.compress.archivers.ArchiveEntry;
+import org.apache.commons.compress.archivers.ArchiveInputStream;
+import org.apache.commons.compress.compressors.CompressorInputStream;
+
+import java.io.IOException;
+import java.util.logging.LogManager;
+
+/**
+ * Class with common functionality shared among fuzzing harnesses.
+ */
+public class BaseTests {

Review Comment:
   Hello @garydgregory 
   I've rectified that now.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] [COMPRESS-720] Integrate OSS-Fuzz fuzzers and enable CIFuzz [commons-compress]

[via GitHub]

garydgregory commented on code in PR #762:
URL: https://github.com/apache/commons-compress/pull/762#discussion_r2913529123


##
src/test/java/org/apache/commons/compress/fuzz/BaseTests.java:
##
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.compress.fuzz;
+
+import org.apache.commons.compress.archivers.ArchiveEntry;
+import org.apache.commons.compress.archivers.ArchiveInputStream;
+import org.apache.commons.compress.compressors.CompressorInputStream;
+
+import java.io.IOException;
+import java.util.logging.LogManager;
+
+/**
+ * Class with common functionality shared among fuzzing harnesses.
+ */
+public class BaseTests {

Review Comment:
   Hello @vishalcoc44 
   
   If this class is meant to be an abstract class, then please declare it as 
such and use the prefix "Abstract" in its name instead of "Base". Otherwise it 
looks like this class could be instantiated.
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] [COMPRESS-720] Integrate OSS-Fuzz fuzzers and enable CIFuzz [commons-compress]

[via GitHub]

vishalcoc44 commented on PR #762:
URL: https://github.com/apache/commons-compress/pull/762#issuecomment-4033129219

   > Hi @raboof I've set this PR to draft based on your concerns. Also, this is 
an old version of the dependency. Why is the dependency used at all? I don't 
see imports that use code from that namespace.
   
   I've removed the dependency completely now.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] [COMPRESS-720] Integrate OSS-Fuzz fuzzers and enable CIFuzz [commons-compress]

[via GitHub]

vishalcoc44 commented on code in PR #762:
URL: https://github.com/apache/commons-compress/pull/762#discussion_r2913241687


##
pom.xml:
##
@@ -219,6 +219,12 @@ Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, 
arj.
   junit-pioneer
   test
 
+
+  com.code-intelligence
+  jazzer-junit
+  0.24.0
+  test
+
   

Review Comment:
   @raboof can you take a look at the new changes, i've removed jazzer-junit 
entirely. The fuzzer targets are now vanilla Java classes with no external 
requirements.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] [COMPRESS-720] Integrate OSS-Fuzz fuzzers and enable CIFuzz [commons-compress]

[via GitHub]

vishalcoc44 commented on code in PR #762:
URL: https://github.com/apache/commons-compress/pull/762#discussion_r2913241687


##
pom.xml:
##
@@ -219,6 +219,12 @@ Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, 
arj.
   junit-pioneer
   test
 
+
+  com.code-intelligence
+  jazzer-junit
+  0.24.0
+  test
+
   

Review Comment:
   can you take a look at the new changes, i've removed jazzer-junit entirely. 
The fuzzer targets are now vanilla Java classes with no external requirements.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] [COMPRESS-720] Integrate OSS-Fuzz fuzzers and enable CIFuzz [commons-compress]

[via GitHub]

garydgregory commented on PR #762:
URL: https://github.com/apache/commons-compress/pull/762#issuecomment-4032869940

   Hi @raboof 
   I've set this PR to draft based on your concerns. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] [COMPRESS-720] Integrate OSS-Fuzz fuzzers and enable CIFuzz [commons-compress]

[via GitHub]

raboof commented on code in PR #762:
URL: https://github.com/apache/commons-compress/pull/762#discussion_r2912572262


##
pom.xml:
##
@@ -219,6 +219,12 @@ Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, 
arj.
   junit-pioneer
   test
 
+
+  com.code-intelligence
+  jazzer-junit
+  0.24.0
+  test
+
   

Review Comment:
   I find this dependency, which is not trivial to build and includes native 
code, difficult to trust.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] [COMPRESS-720] Integrate OSS-Fuzz fuzzers and enable CIFuzz [commons-compress]

[via GitHub]

vishalcoc44 commented on PR #762:
URL: https://github.com/apache/commons-compress/pull/762#issuecomment-4032250457

   @garydgregory could you check this out.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org