Feat: Add google/oss-fuzz integration templates#422
Open
Krivoblotsky wants to merge 1 commit into
Open
Conversation
In-repo templates for the upstream OSS-Fuzz project descriptor — the files the maintainer copies into projects/macpaw-openai/ on a fork of google/oss-fuzz when they want to register the project. - project.yaml — declares language: swift, sanitizers (address, undefined), and TODO placeholders for the maintainer's primary contact / auto_ccs. - Dockerfile — based on gcr.io/oss-fuzz-base/base-builder-swift. - build.sh — iterates the harnesses in FuzzTesting/Package.swift, builds with -sanitize=fuzzer,address -DFUZZING_ENABLED, copies each binary plus a zipped seed corpus into $OUT. - README — step-by-step submission instructions (fork google/oss-fuzz, fill contact emails, smoke-test with infra/helper.py, open PR). Refs #241. The actual upstream PR to google/oss-fuzz is left to the maintainer because it requires contact emails I shouldn't fill in for them and a check that OSS-Fuzz Swift support is acceptable for the project. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds
FuzzTesting/oss-fuzz-integration/— the upstream OSS-Fuzz project descriptor as in-repo templates:project.yaml—language: swift, sanitizersaddress+undefined, libfuzzer engine, TODO placeholders forprimary_contactandauto_ccs.Dockerfile—FROM gcr.io/oss-fuzz-base/base-builder-swift, clones the repo, copiesbuild.sh.build.sh— iterates the harnesses declared inFuzzTesting/Package.swift, builds with-sanitize=fuzzer,address -parse-as-library -DFUZZING_ENABLED, copies each binary plus a zipped seed corpus into$OUT.README.md— submission walkthrough: forkgoogle/oss-fuzz, copy these files intoprojects/macpaw-openai/, fill in the maintainer's contact emails, smoke-test withinfra/helper.py, open the upstream PR.Why
Stacked on top of #421 — that PR adds the harnesses, this one adds the integration descriptor so the upstream submission becomes a copy-paste-and-edit-emails exercise rather than a from-scratch reverse-engineering of the OSS-Fuzz Swift build flow.
Refs #241. Does not close it — the actual
google/oss-fuzzPR is intentionally left to you because it needs your email underprimary_contact(must be tied to a Google account so OSS-Fuzz can grant private-dashboard access) and a project owner-level decision on whether OSS-Fuzz Swift support is mature enough to commit to for this repo.Affected Areas
FuzzTesting/oss-fuzz-integration/. Four files. No changes elsewhere — these templates are pure documentation as far as the local build is concerned.claude/issue-241-fuzz-testing-scaffold(the Feat: Add FuzzTesting scaffold for ResponseStreamEvent decoding #421 branch). GitHub will retarget this tomainautomatically when Feat: Add FuzzTesting scaffold for ResponseStreamEvent decoding #421 merges.More Info
What's NOT in this PR (deliberately):
google/oss-fuzzfork + PR. That's a maintainer action; doing it from my session would commit your email and tie OSS-Fuzz access to whoever's authenticated toghhere.infra/helper.pyfrom thegoogle/oss-fuzzrepo; the README documents the fourhelper.pycommands you'd run.Sanity-check before submitting upstream: OSS-Fuzz Swift support is real but lighter than C/C++/Rust/Go. The maintainer-facing guide is Setting up a new project — Swift. Worth reading once to confirm the build flow assumptions in
build.shstill hold.🤖 Generated with Claude Code