Hi, Le mardi 26 janvier 2010 00:40:47, Christian Heimes a écrit : > Victor Stinner wrote: > > I'm running regulary my fuzzer (Fusil) on CPython since summer 2008: I > > tested Python 2.5, 2.6, 2.7, 3.0, 3.1 and 3.2. I'm only looking for > > "fatal errors": Python process killed by a signal, or sometimes fuzzer > > timeouts. I ignore most timeout results because most of them are valid > > function calls reading from/writing to a file or socket. My goal is to > > improve Python security: protect it against malicious data injection and > > denial of service. I prefer fuzzing to static code analyze because it > > finds few false positives and it directly generate a script reproducing > > the crash. Fuzzing is just one tool helping to improve the global > > security. > > Thank you very much for all the work Victor!
You're welcome :) > Out of curiosity, can Fusil be used to check 3rd party extension as > well? I'd like to validate some extensions and library bindings I wrote > or that I'm using heavily at work. Yes, fusil-python can fuzz any Python module. Use "fusil-python --modules=yourmodule". See also the --blacklist option. -- Victor Stinner http://www.haypocalc.com/ _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
