Weblate/weblate
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/WeblateOrg/weblate.git synced 2026-04-25 06:03:22 +08:00
Code Issues Projects Releases Packages Activity Actions 5
weblate/fuzzing/README.md
Michal Čihař 17fe3542d7 feat(ci): introduce fuzzing 
We start with a limited scope to test the concept.
2026-04-17 11:38:20 +02:00

1 KiB
Raw Permalink Blame History

Weblate Fuzzing

This directory contains parser-focused fuzz targets for high-risk input surfaces in Weblate:

  • translation_formats
  • webhooks
  • backups
  • markup
  • memory_import
  • ssh

The targets are packaged through a shared atheris runner so ClusterFuzzLite only needs to bundle the Python environment once.

Local Runs

Use the existing virtual environment and point the runner at one target and its seed corpus:

CI_DB_HOST=127.0.0.1 CI_DB_USER=weblate CI_DB_PASSWORD=weblate \
  .venv/bin/python fuzzing/runner.py translation_formats \
  fuzzing/corpus/translation_formats -runs=0

Replace translation_formats with any target name listed above.

Seed Corpora

fuzzing/corpus/<target>/ contains small seed inputs intended to get each target past basic parsing and into format-specific logic quickly. The corpus is kept intentionally small; larger mutation corpora should come from ClusterFuzzLite batch runs.