Vishal Satish created COMPRESS-720:
--------------------------------------
Summary: Integrate OSS-Fuzz fuzzers and enable CIFuzz
Key: COMPRESS-720
URL: https://issues.apache.org/jira/browse/COMPRESS-720
Project: Commons Compress
Issue Type: Improvement
Components: Archivers, Compressors
Reporter: Vishal Satish
This task involves upstreaming 17 existing fuzzers from the Google OSS-Fuzz
repository to the main Apache Commons Compress repository.
### Motivation
Integrating fuzzers directly into the project's build system encourages
maintainer ownership, prevents bit-rot, and enables automated fuzzing of Pull
Requests via CIFuzz. This fulfills the "Ideal Integration" pattern for OSS
projects.
### Changes
1. Maven Configuration: Added jazzer-junit dependency and a 'fuzz' profile to
allow running fuzzers with 'mvn test -Pfuzz'.
2. Fuzzer Targets: Ported 17 targets covering Zip, Tar, 7z, Ar, Arj, Cpio, and
various compressors (Snappy, LZ4, Gzip, etc.) into
src/test/java/org/apache/commons/compress/fuzz.
3. CI Integration: Added a GitHub Action workflow
(.github/workflows/cifuzz.yml) to run fuzz tests on every PR using Google's
cifuzz actions.
All ported code follows the Apache License 2.0 and has been verified to compile
against the Java 8 baseline.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
