Bug #108089 Goolge OSS-Fuzz Integration
Submitted: 8 Aug 2022 11:20 Modified: 8 Sep 2022 11:54
Reporter: A. Schaich Email Updates:
Status: No Feedback Impact on me:
None 
Category:Connector / J Severity:S7 (Test Cases)
Version:8.0 OS:Any
Assigned to: CPU Architecture:Any

[8 Aug 2022 11:20] A. Schaich 
Description:
Hi all,

we have prepared the initial integration of mysql-connector-j into Google OSS-Fuzz (https://github.com/google/oss-fuzz) in https://github.com/CodeIntelligenceTesting/oss-fuzz/commit/990c7b59a9a311351c9292077833ec2... which will provide more security for your project.

 

Why do you need Fuzzing?
The Code Intelligence JVM fuzzer Jazzer (https://github.com/CodeIntelligenceTesting/jazzer) has already found hundreds of bugs in open source projects including for example OpenJDK, Protobuf or jsoup. Fuzzing proved to be very effective having no false positives. It provides a crashing input which helps you to reproduce and debug any finding easily. The integration of your project into the OSS-Fuzz platform will enable continuous fuzzing of your project by Jazzer.

 

What do you need to do?
The integration requires the maintainer or one established project commiter to deal with the bug reports.

You need to create or provide one email address that is associated with a google account as per https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/ . When a bug is found, you will receive an email that will provide you with access to ClusterFuzz, crash reports, code coverage reports and fuzzer statistics. More than 1 person can be included.

 

How Code Intelligence can support?
We will continue to add more fuzz targets to improve code coverage over time. Furthermore, we are permanently enhancing fuzzing technologies by developing new fuzzers and more bug detectors.

 

Please let me know if you have any questions regarding fuzzing or the OSS-Fuzz integration.

How to repeat:
This ticket does not represent a bug
[8 Aug 2022 11:54] MySQL Verification Team 
Hi Mr. Schaich,

Thank you for your report on our test cases.

This severity is restricted only to MySQL test cases, whether they are for the client, server or any of the connectors. Hence, if you think that any of our test cases has a bug, please report it.

We wait on your feedback.
[9 Sep 2022 1:00] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".