On 2 Apr 2024, at 22:34, Gary Gregory <garydgreg...@gmail.com> wrote: > On Tue, Apr 2, 2024, 3:57 PM Nick Wellnhofer <wellnho...@aevum.de> wrote: > >> Binary test data can also be generated with a script or a more >> sophisticated test suite which might even be more maintainable in the long >> run.
> Not really. How would you generate a corrupted zip file? Generally - I think by lifting the helicopter. i.e. Apart from all the jokes about perl - as zipping up the files you just build or the source directory and then modifying a few bytes with perl, sed, awk or dd. As generally you are testing on something quite specific. And you can document why you are modifying some specific bites. > Or a file that was generated by a fuzzer? By perhaps referencing that version of the fuzzer as a build dependecy and adding the arguments needed to generate it to the test. So you'd re-create that fuzzed file, etc. I think the point of this is more to start thinking like reproducable builds - but then, as a matter of routine, for the build sundry too. As opposed to just its final output. Dw --------------------------------------------------------------------- To unsubscribe, e-mail: security-discuss-unsubscr...@community.apache.org For additional commands, e-mail: security-discuss-h...@community.apache.org
