-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add links to source code on https://introspector.oss-fuzz.com/ #1317
Comments
Do you think this functionality could be extended to an optional part of the API? i.e. it would be great to programmatically fetch from github. This could be done by just exposing the following in the all-functions endpoint;
Then you can create a link like the following;
Having it as part of the API would also mean you can do other things like download the file using the github API. The only downside is that not all projects use git (so the commit field might need to be something more generic or optional). |
If I understand your thought correctly then I think it would be neat -- namely to have an API available that'll provide you a link to the source code, or, perhaps the source code of each harness. However, I'm unsure what you meant by commit? Which commits are you referring to for each harness? My thoughts are: To make it an API, I would make either the above URL accessible. We should be able to provide references to other repo websites e.g. gitlab and more, and, in the worst case we can provide a URL to the code coverage report for where the fuzzer is as we'll always (or when coverage is working at least) have a link to the code coverage reports. Are you perhaps thinking instead of |
We may run into some issue with having to predict branch names. Hmm, I'm not sure if there are many edge cases we'll have to handle. One option is to reduce this to links to the location in the code coverage reports. I think that's also useful in and of itself, but, I also think having the source repo URLs provide high value, and even the source code itself. |
Yeah that's pretty close to what I was saying, I guess what I was getting at is that you need 3 bits of information to reproducibly find a function;
If you stitch all of these peices together you can reproducibly find the specific function again, and it will always remain the same e.g.
My suggestion is to just include those peices of information in the API, and leave the URL building up to the user. For example the same thing would be reproducible from the command line. e.g.
The latter being closer to what I would likely be doing.
I don't think branch prediction would be an issue with the above approach. A branch in itself is just a stream of sequential commits. Whereas a commit itself is an atomic representation of a git repository. So as long as you collect the git sha, when you run introspector you should be able to reproducibly restore that commit (or use the github api, to view the file at that commit). |
That's assuming you meant git branch and not some other definition of a branch :) |
Also worth noting that gitlab, bitbucket and others have a similiar api structure available as well e.g.
|
It would be nice to have direct links to the fuzzer source files on the profile pages -- I think some heuristics will be able to do this and it will make it very convenient to browse a given project's structure.
The text was updated successfully, but these errors were encountered: