Victor Stinner wrote: > I'm running regulary my fuzzer (Fusil) on CPython since summer 2008: I tested > Python 2.5, 2.6, 2.7, 3.0, 3.1 and 3.2. I'm only looking for "fatal errors": > Python process killed by a signal, or sometimes fuzzer timeouts. I ignore > most > timeout results because most of them are valid function calls reading > from/writing to a file or socket. My goal is to improve Python security: > protect it against malicious data injection and denial of service. I prefer > fuzzing to static code analyze because it finds few false positives and it > directly generate a script reproducing the crash. Fuzzing is just one tool > helping to improve the global security.
[CC to Stefan Behnel from the Cython project] Thank you very much for all the work Victor! Out of curiosity, can Fusil be used to check 3rd party extension as well? I'd like to validate some extensions and library bindings I wrote or that I'm using heavily at work. I'm especially interested in Cython support: annotating the erroneous line of Cython code and getting the shared library that causes the error to distinguish between my errors and problems the wrapped libraries. Christian _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
