Add fuzzing integration for rust-url#14889
Conversation
Add OSS-Fuzz integration for the rust-url workspace, which includes the url, idna, percent-encoding, form_urlencoded, and data-url crates. 7 fuzz targets with roundtrip invariant checking, differential testing, and mutation testing strategies. Targets live upstream in the rust-url repository.
|
jrey8343 is integrating a new project: |
Update copyright year to 2026 and holder to Google LLC per OSS-Fuzz license header lint requirements.
08d1817 to
fe875a3
Compare
Update: Security Bugs Discovered and FixedThis fuzzing integration has successfully discovered and fixed 2 security bugs in rust-url: Bug #1: file:// URL Parse Roundtrip Mismatch
Bug #2: set_host("localhost") Non-Roundtripping
Coverage Analysis
Integration Status
This demonstrates significant security value from continuous fuzzing of rust-url (100M+ downloads). Contact: jaredreyespt@gmail.com |
CORRECTION: Ideal Tier TargetUpdated understanding of reward structure:
Coverage Status
Next StepsRunning comprehensive coverage analysis across all 7 fuzz targets to determine if Ideal tier threshold (>80%) can be achieved. Will update with final coverage report. Contact: jaredreyespt@gmail.com |
DavidKorczynski
left a comment
There was a problem hiding this comment.
This is already integrated
oss-fuzz/projects/servo/Dockerfile
Line 20 in 5e07b52
|
Thanks for pointing that out, David — I didn't realize rust-url was already covered under the servo project. Apologies for the duplicate. I'll close this PR. The fuzz targets I've written are in an upstream PR (servo/rust-url#1100) — would it make sense to propose adding those as additional fuzz targets to the existing servo integration, or is that something the servo maintainers would handle? |
Summary
url,idna,percent-encoding,form_urlencoded,data-urlUpstream PR
Fuzz targets live upstream: servo/rust-url#1100
Project Details
Fuzz Targets
fuzz_url_parse_roundtripurlfuzz_url_differentialurlfuzz_url_settersurlfuzz_idnaidnafuzz_data_urldata-urlfuzz_form_urlencodedform_urlencodedfuzz_percent_encodingpercent-encoding