zip-rs: initial integration #5400
Conversation
DavidKorczynski
changed the title
|
Wow, thankyou! I think this could do zip a lot of good. Could you help me understand what would be involved in generating inputs for a crate like zip? I imagine it's more involved than completely random files that the parser would just treat as junk 😄 My own email (attached to this github account) would be best at the moment. |
The benefit at first would be to test parser and ensure no unknown panics are being thrown. We could also add a fuzzer that checks if Would you be happy to have the fuzzers in the upstream repository? If so, I can do a PR on |
|
@DavidKorczynski do you have any updates on this PR? I am interested in it a lot :) |
|
Thanks @zamazan4ik - I will make this one ready today |
|
@DavidKorczynski just a friendly reminder :) |
|
@DavidKorczynski do we need to ping someone explicitly for the review? |
|
@inferno-chromium @jonathanmetzman @oliverchang this one is ready for reaview |
* initial integration of zip-rs. * update contact * Updated Dockerfile * Update licenses to 2022; * updated comments in Cargo file
* initial integration of zip-rs. * update contact * Updated Dockerfile * Update licenses to 2022; * updated comments in Cargo file
zip-rs is a rust library which supports reading and writing of simple ZIP files.
Data on crates.io shows it has been downloaded 5.7 million times https://crates.io/crates/zip and has 344 reverse dependencies https://crates.io/crates/zip/reverse_dependencies which also shows its list of customers
@Plecra would you be interested in integrating zip-rs into oss-fuzz? By way of OSS-Fuzz we can add fuzzers to zip-rs and run them continuously - you will then receive reports whenever crashes are found. If you would like to integrate, could you please provide a set of email(s) that will get access to the data produced by OSS-Fuzz, such as bug reports. The emails should be linked to a Google account in order to view the detailed reports and notice the emails affiliated with the project will be public in the OSS-Fuzz repo, as they will be part of a configuration file. We can also add the fuzzers of this PR to the main zip-rs repository.