[tor-bugs] #21470 [Core Tor/Tor]: Write unit tests for security regressions

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Feb 17 00:16:20 UTC 2017


#21470: Write unit tests for security regressions
--------------------------+------------------------------------
 Reporter:  teor          |          Owner:
     Type:  task          |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  test          |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by kcc):

 The recommended way is to add the failing inputs to the corpus once the
 bug is fixed.
 This way oss-fuzz will regularly run these inputs.

 We also recommend to have your own CI system run the inputs (not necessary
 with fuzzing),
 especially if you have pre-submit testing, to find the regressions
 earlier.
 oss-fuzz does not have any SLA regarding the turnaround time, and we can
 typically detect a bug within 24 hours after submission. It's very
 unlikely that we will report a regression earlier than 3-4 hours after the
 commit.

 Having a separate unit test that detects the same bug is redundant to some
 extent,
 but still might be a good idea sometimes (especially if you do run unit
 tests and don't execute fuzz targets on their corpora before submit)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21470#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list