-
|
Hi, My company doesn't allow us to use Go packages that contain encrypted files without explicit allowlisting once we know the contents of the files. The recent addition of CICD Fuzz testing (#763) appears to contine 2 encrypted files within
Whilst I appreciate the contents of the files are not relevant for the tests, I am required to verify the contents before I can bring the package in. The first appears to be a password protected zip, for which I cannot find the password anywhere, the second I have no idea. Would it be possible to provide the provenance of these files so that can I verify the contents? Many thanks |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Both are from https://github.com/dvyukov/go-fuzz-corpus/tree/master/zip/corpus I suspect at least one is automatically generated by the fuzzer. It do not know the content of these files - and likely they don't even decrypt to valid data. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you, I'll try and ask in Apologies for not raising as a discussion, I never even noticed the tab. |
Beta Was this translation helpful? Give feedback.
Both are from https://github.com/dvyukov/go-fuzz-corpus/tree/master/zip/corpus
I suspect at least one is automatically generated by the fuzzer.
It do not know the content of these files - and likely they don't even decrypt to valid data.