Since we're an open source project now, we can take advantage of OSS-Fuzz, which runs fuzzers on behalf of the community and automatically notifies projects when it finds crashers (by opening a GitHub issue, eg.).
This will increase our code test and fuzz coverage greatly, as OSS-Fuzz can run continuously, and not just when we happen to run go test -fuzz locally on our laptops.
Pushup is already using fuzzing for the parser and the open tag lexer and has a modest corpus for each, which has already found a few bugs.
See https://google.github.io/oss-fuzz/getting-started/new-project-guide/go-lang/ for details on integrating.
Since we're an open source project now, we can take advantage of OSS-Fuzz, which runs fuzzers on behalf of the community and automatically notifies projects when it finds crashers (by opening a GitHub issue, eg.).
This will increase our code test and fuzz coverage greatly, as OSS-Fuzz can run continuously, and not just when we happen to run
go test -fuzzlocally on our laptops.Pushup is already using fuzzing for the parser and the open tag lexer and has a modest corpus for each, which has already found a few bugs.
See https://google.github.io/oss-fuzz/getting-started/new-project-guide/go-lang/ for details on integrating.