You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tika.apache.org by "Tim Allison (Jira)" <ji...@apache.org> on 2020/04/03 21:45:00 UTC
[jira] [Commented] (TIKA-3083) Consider adding a fuzzing module
[ https://issues.apache.org/jira/browse/TIKA-3083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17074920#comment-17074920 ]
Tim Allison commented on TIKA-3083:
-----------------------------------
Added an initial module to master. I won't add it to branch_1x until after the next release. A bunch more work remains, but this is extremely useful as is... I added a stub for a PDF corrupter that uses an EvilCOSWriter. :D
> Consider adding a fuzzing module
> --------------------------------
>
> Key: TIKA-3083
> URL: https://issues.apache.org/jira/browse/TIKA-3083
> Project: Tika
> Issue Type: Task
> Reporter: Tim Allison
> Priority: Major
>
> I think it would be useful to add a new module for fuzzing. We should eventually integrate grownup/mature fuzzers (jqf), but we can start with cheap 'n easy mangling.
> The reason to add this to tika and not have it as a separate project, is that I think there will eventually be file format specific fuzzers for file formats that rely on compressed streams, e.g. PDF, docx, where mangling a literal byte in the file is a good first step, but it might also be useful to mangle bytes within the streams or implement faulty/malicious compressors or inject malfeasance at other levels.
> I'm not set on adding this to Tika. If there are objections/recommendations, please share.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)