Yes, in testing I did add four fuzzing targets to the repo:
1. fuzz_xml_parse: throws arbitrary bytes at the XML parser in both strict and recovery mode
2. fuzz_html_parse: throws arbitrary bytes at the HTML parser
3. fuzz_xpath: throws arbitrary XPath expressions at the evaluator
4. fuzz_roundtrip: parse → serialize → re-parse, checking that the pipeline never panics
Because this project uses memory safe rust, there isn't really the need to find the memory bugs that were the majority of libxml2's CVEs.
There is a valid point about logic bugs or infinite loops, which I suppose could be present in any software package, and I'm not sure of a way to totally rule out here.
Yes, in testing I did add four fuzzing targets to the repo:
1. fuzz_xml_parse: throws arbitrary bytes at the XML parser in both strict and recovery mode
2. fuzz_html_parse: throws arbitrary bytes at the HTML parser
3. fuzz_xpath: throws arbitrary XPath expressions at the evaluator
4. fuzz_roundtrip: parse → serialize → re-parse, checking that the pipeline never panics
Because this project uses memory safe rust, there isn't really the need to find the memory bugs that were the majority of libxml2's CVEs.
There is a valid point about logic bugs or infinite loops, which I suppose could be present in any software package, and I'm not sure of a way to totally rule out here.
pretty sure you are replying to a bot seems like they make a new account just to leave short drive by comments
this is like the 8th green handle i've seen so far recently with similar style of comments I suspect is AI generated