[Python-Dev] Fuzzing the Python standard library (original) (raw)

Brett Cannon brett at python.org
Wed Jul 18 14:32:23 EDT 2018

On Tue, 17 Jul 2018 at 15:41 Nathaniel Smith <njs at pobox.com> wrote:

On Tue, Jul 17, 2018 at 9:44 AM, Jussi Judin <jjudin+python at iki.fi> wrote: > * Exceptions that are something else than the documented ones. These usually indicate an internal implementation issue. For example one would not expect an UnicodeDecodeError from netrc.netrc() function when the documentation[3] promises netrc.NetrcParseError and there is no way to pass properly sanitized file object to the netrc.netrc().

My main advice would be, before mass-filing bugs make sure that you and the maintainers agree on what a bug is :-). For example, I can see the argument that invalid encodings in netrc should be reported as NetrcParseError, but there are also many APIs where it's normal to get something like a TypeError even if that's not a documented exception, and it's very annoying as a maintainer to suddenly get 20 bugs where you don't even agree that they're bugs and just have to wade through and close them all. Any assistance you can give with triaging and prioritizing the bugs is also super helpful, since volunteer maintainers aren't necessarily prepared for sudden influxes of issues.

That was my initial reaction to that first bullet point as well. If the exception isn't at least explicitly raised then it shouldn't be considered a documentation problem, and even then I don't know if I would expect an explicit mentioning of ValueError if the docs say e.g. "only values within this range are expected" as that implicitly suggests ValueError will be used.

In general this sounds like cool work, and help improving Python's quality is always welcome. Just be careful that it's actually helpful :-).

It's definitely a balancing act. :) -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20180718/ceae4fe1/attachment.html>

More information about the Python-Dev mailing list