Hi I have prepared a draft of the proposal, please check it out and lemme know you opinions. https://docs.google.com/document/d/17Le7dCTzY29Tk9gks1Ay7p2s3BTR-VI58SPzvl0ymeg/edit?usp=sharing
Thanks Regards Shaleen Jain On Tue, Mar 28, 2017 at 8:33 PM Tim Rühsen <[email protected]> wrote: > > > On 03/28/2017 02:52 PM, Shaleen wrote: > > Hey! I'm a student taking part in the GSoC 2017 > > and I'd like to work on the fuzzing framework for wget2 > > > > I see there are around 461 WGETAPI's defined in wget.h, which API's do > you > > think should be fuzz tested? > > We leave this to you :-) Whatever looks the most promising to find flaws. > > As a suggestion, take a look into the test code coverage and start with > something that is hardly (or not) covered by our tests. > > That is 'make check-coverage' and then view lcov/index.html with your > browser. > > Keep in mind that we want (parts of) the fuzzer output being transferred > into our test suite to test corner cases. Part of your work will be to > create these tests as well. > > For your proposal, select a bunch of functions that seem most relevant > to you (e.g. complex code that works with arbitrary external input and > is used in Wget2, e.g. xml.c (xml and html parsing), the css parsing, > the HTTP parsing. > > Make a plan about how you want to deal with your findings (and be > prepared to find many flaws !). Maybe you would like to dive into the > process of CVE reports. > > Regards, Tim > >
