[
https://issues.apache.org/jira/browse/TIKA-3083?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tim Allison updated TIKA-3083:
------------------------------
Description:
I think it would be useful to add a new module for fuzzing. We should
eventually integrate grownup/mature fuzzers (jqf), but we can start with cheap
'n easy mangling.
The reason to add this to tika and not have it as a separate project, is that I
think there will eventually be file format specific fuzzers for file formats
that rely on compressed streams, e.g. PDF, docx, where mangling a literal byte
in the file is a good first step, but it might also be useful to mangle bytes
within the streams or implement faulty/malicious compressors or inject
malfeasance at other levels.
I'm not set on adding this to Tika. If there are objections/recommendations,
please share.
was:
I think it would be useful to add a new module for fuzzing. We should
eventually integrate grownup/mature fuzzers (jqf), but we can start with cheap
'n easy mangling.
The reason to add this to tika and not have it as a separate project, is that I
think there will eventually be file format specific fuzzers for file formats
that rely on compressed streams, e.g. PDF, docx, where mangling a literal byte
in the file is a good first step, but it might also be useful to mangle bytes
within the streams or implement faulty/malicious compressors or inject
malfeasance at other levels.
> Consider adding a fuzzing module
> --------------------------------
>
> Key: TIKA-3083
> URL: https://issues.apache.org/jira/browse/TIKA-3083
> Project: Tika
> Issue Type: Task
> Reporter: Tim Allison
> Priority: Major
>
> I think it would be useful to add a new module for fuzzing. We should
> eventually integrate grownup/mature fuzzers (jqf), but we can start with
> cheap 'n easy mangling.
> The reason to add this to tika and not have it as a separate project, is that
> I think there will eventually be file format specific fuzzers for file
> formats that rely on compressed streams, e.g. PDF, docx, where mangling a
> literal byte in the file is a good first step, but it might also be useful to
> mangle bytes within the streams or implement faulty/malicious compressors or
> inject malfeasance at other levels.
> I'm not set on adding this to Tika. If there are objections/recommendations,
> please share.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
