-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
boost-beast: initial integration #12109
Conversation
tyler92 is integrating a new project: |
Do I need the maintainer's approval first? |
@DavidKorczynski @jonathanmetzman Hi! I would appreciate it if you have a look. Sorry to ping you directly, but I don't know how to assign the PR to somebody |
Thanks @tyler92 |
Hi @DonggeLiu Boost.Beast is a part of the popular project Boost and it is critical because it handles user input for HTTP and WebSocket communications, making its security and reliability essential. It's used in web servers, proxies, embedded systems, IoT. Integrating with OSS-Fuzz will help identify and fix vulnerabilities, enhancing its robustness and benefiting many applications and the broader Boost ecosystem. Some time ago, the maintainers expressed a desire to integrate this project: #862 Also, please note that it's not really a new integration. There is already Boost project integrated to oss-fuzz that includes different parts of Boost. I can move Beast there, but it uses a slightly different approach - fuzzing targets and seeds are stored in the upstream repository. That's why I decided to make it a separate project here, like with boost-json. However, please let me know if it's better to move Beast to projects/boost and consider this PR not as a new integration, but as an extension of the existing integration. |
Hi @DonggeLiu Is there a chance to get a feedback here? Just as a reminder - I can make this change as a part of existing boost project. I don't know what is the preferred way because some targets are included to the main boost project (like datetime, regex, graph) and only boost-json is a separate project. |
I am waiting for the panel to decide. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The panel has approved
This pull request replaces the previous one, where targets were stored in the oss-fuzz repository. With the new approach, targets and seeds will be stored in the upstream repository instead.