Skip to content

BUG: OSS-Fuzz detection is case-sensitive #3256

New issue
New issue
Closed
#3364
Closed
BUG: OSS-Fuzz detection is case-sensitive#3256
#3364
Labels
check/Fuzzingkind/bugSomething isn't working
@pnacht

Description

@pnacht
pnacht
opened on Jul 10, 2023

Describe the bug
Projects that are fuzzed with OSS-Fuzz might not be detected due to a capitalization mismatch between their official repo URL and what's stored in its project.yml in the oss-fuzz repo.

Reproduction steps
Steps to reproduce the behavior:

  1. Note that FFTW/fftw3 gets a 0/10 for fuzzing: https://securityscorecards.dev/viewer/?uri=github.com/FFTW/fftw3
  2. However, it is actually fuzzed by oss-fuzz: https://github.com/google/oss-fuzz/tree/master/projects/fftw3
  3. However, its project.yml has its org-name in lowercase: https://github.com/google/oss-fuzz/blob/master/projects/fftw3/project.yaml

Expected behavior
Given that usernames and repo names are case-insensitive (on GitHub, at least... not sure about other platforms), the scan should also be.

Metadata

Metadata

Assignees

No one assigned

    Labels

    check/Fuzzingkind/bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions