[tor-bugs] #21470 [Core Tor/Tor]: Write unit tests for security regressions
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Feb 17 00:16:20 UTC 2017
#21470: Write unit tests for security regressions
--------------------------+------------------------------------
Reporter: teor | Owner:
Type: task | Status: new
Priority: Medium | Milestone: Tor: 0.3.1.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: test | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------------
Comment (by kcc):
The recommended way is to add the failing inputs to the corpus once the
bug is fixed.
This way oss-fuzz will regularly run these inputs.
We also recommend to have your own CI system run the inputs (not necessary
with fuzzing),
especially if you have pre-submit testing, to find the regressions
earlier.
oss-fuzz does not have any SLA regarding the turnaround time, and we can
typically detect a bug within 24 hours after submission. It's very
unlikely that we will report a regression earlier than 3-4 hours after the
commit.
Having a separate unit test that detects the same bug is redundant to some
extent,
but still might be a good idea sometimes (especially if you do run unit
tests and don't execute fuzz targets on their corpora before submit)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21470#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list