You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tika.apache.org by "Tim Allison (Jira)" <ji...@apache.org> on 2020/04/02 16:52:00 UTC
[jira] [Updated] (TIKA-3083) Consider adding a fuzzing module
[ https://issues.apache.org/jira/browse/TIKA-3083?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tim Allison updated TIKA-3083:
------------------------------
Description:
I think it would be useful to add a new module for fuzzing. We should eventually integrate grownup/mature fuzzers (jqf), but we can start with cheap 'n easy mangling.
The reason to add this to tika and not have it as a separate project, is that I think there will eventually be file format specific fuzzers for file formats that rely on compressed streams, e.g. PDF, docx, where mangling a literal byte in the file is a good first step, but it might also be useful to mangle bytes within the streams or implement faulty/malicious compressors or inject malfeasance at other levels.
I'm not set on adding this to Tika. If there are objections/recommendations, please share.
was:
I think it would be useful to add a new module for fuzzing. We should eventually integrate grownup/mature fuzzers (jqf), but we can start with cheap 'n easy mangling.
The reason to add this to tika and not have it as a separate project, is that I think there will eventually be file format specific fuzzers for file formats that rely on compressed streams, e.g. PDF, docx, where mangling a literal byte in the file is a good first step, but it might also be useful to mangle bytes within the streams or implement faulty/malicious compressors or inject malfeasance at other levels.
> Consider adding a fuzzing module
> --------------------------------
>
> Key: TIKA-3083
> URL: https://issues.apache.org/jira/browse/TIKA-3083
> Project: Tika
> Issue Type: Task
> Reporter: Tim Allison
> Priority: Major
>
> I think it would be useful to add a new module for fuzzing. We should eventually integrate grownup/mature fuzzers (jqf), but we can start with cheap 'n easy mangling.
> The reason to add this to tika and not have it as a separate project, is that I think there will eventually be file format specific fuzzers for file formats that rely on compressed streams, e.g. PDF, docx, where mangling a literal byte in the file is a good first step, but it might also be useful to mangle bytes within the streams or implement faulty/malicious compressors or inject malfeasance at other levels.
> I'm not set on adding this to Tika. If there are objections/recommendations, please share.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)