Weblate/weblate
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/WeblateOrg/weblate.git synced 2026-04-24 22:51:30 +08:00
Code Issues Projects Releases Packages Activity Actions 5
weblate/fuzzing
History
Exact
Michal Čihař d2f5424533 fix(fuzzing): corrected warnigs filter setup
2026-04-24 09:58:03 +02:00
..
corpus
tests fix(fuzzing): corrected warnigs filter setup 2026-04-24 09:58:03 +02:00
__init__.py
atheris_compat.py feat(ci): improve fuzzing setup 2026-04-23 11:55:12 +02:00
bootstrap.py
README.md
runner.py
targets.py fix(fuzzing): corrected warnigs filter setup 2026-04-24 09:58:03 +02:00
urls.py

README.md

Weblate Fuzzing

This directory contains parser-focused fuzz targets for high-risk input surfaces in Weblate:

  • translation_formats
  • webhooks
  • backups
  • markup
  • memory_import
  • ssh

The targets are packaged through a shared atheris runner so ClusterFuzzLite only needs to bundle the Python environment once.

Local Runs

Use the existing virtual environment and point the runner at one target and its seed corpus:

CI_DB_HOST=127.0.0.1 CI_DB_USER=weblate CI_DB_PASSWORD=weblate \
  .venv/bin/python fuzzing/runner.py translation_formats \
  fuzzing/corpus/translation_formats -runs=0

Replace translation_formats with any target name listed above.

Seed Corpora

fuzzing/corpus/<target>/ contains small seed inputs intended to get each target past basic parsing and into format-specific logic quickly. The corpus is kept intentionally small; larger mutation corpora should come from ClusterFuzzLite batch runs.