You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tika.apache.org by "Tim Allison (Jira)" <ji...@apache.org> on 2020/04/02 16:52:00 UTC

[jira] [Updated] (TIKA-3083) Consider adding a fuzzing module

     [ https://issues.apache.org/jira/browse/TIKA-3083?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tim Allison updated TIKA-3083:
------------------------------
    Description: 
I think it would be useful to add a new module for fuzzing.  We should eventually integrate grownup/mature fuzzers (jqf), but we can start with cheap 'n easy mangling.

The reason to add this to tika and not have it as a separate project, is that I think there will eventually be file format specific fuzzers for file formats that rely on compressed streams, e.g. PDF, docx, where mangling a literal byte in the file is a good first step, but it might also be useful to mangle bytes within the streams or implement faulty/malicious compressors or inject malfeasance at other levels.

I'm not set on adding this to Tika.  If there are objections/recommendations, please share.


  was:
I think it would be useful to add a new module for fuzzing.  We should eventually integrate grownup/mature fuzzers (jqf), but we can start with cheap 'n easy mangling.

The reason to add this to tika and not have it as a separate project, is that I think there will eventually be file format specific fuzzers for file formats that rely on compressed streams, e.g. PDF, docx, where mangling a literal byte in the file is a good first step, but it might also be useful to mangle bytes within the streams or implement faulty/malicious compressors or inject malfeasance at other levels.




> Consider adding a fuzzing module
> --------------------------------
>
>                 Key: TIKA-3083
>                 URL: https://issues.apache.org/jira/browse/TIKA-3083
>             Project: Tika
>          Issue Type: Task
>            Reporter: Tim Allison
>            Priority: Major
>
> I think it would be useful to add a new module for fuzzing.  We should eventually integrate grownup/mature fuzzers (jqf), but we can start with cheap 'n easy mangling.
> The reason to add this to tika and not have it as a separate project, is that I think there will eventually be file format specific fuzzers for file formats that rely on compressed streams, e.g. PDF, docx, where mangling a literal byte in the file is a good first step, but it might also be useful to mangle bytes within the streams or implement faulty/malicious compressors or inject malfeasance at other levels.
> I'm not set on adding this to Tika.  If there are objections/recommendations, please share.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)