Skip to content

Fix hancock OSS-Fuzz integration: system deps, atheris install, copyright year#63

Merged
0ai-Cyberviser merged 2 commits intoadd-hancock-projectfrom
copilot/fix-hancock-project-oss-fuzz-files
Apr 8, 2026
Merged

Fix hancock OSS-Fuzz integration: system deps, atheris install, copyright year#63
0ai-Cyberviser merged 2 commits intoadd-hancock-projectfrom
copilot/fix-hancock-project-oss-fuzz-files

Conversation

Copy link
Copy Markdown

Copilot AI commented Apr 8, 2026
edited
Loading

Three blockers in the hancock OSS-Fuzz integration files that would prevent the PR from building or being merged.

projects/hancock/Dockerfile

  • Fix copyright year: 20262025
  • Add nmap and libmaxminddb-dev to apt-get install — required at runtime by python-nmap and maxminddb respectively; absent from the base image
  • Clean apt cache with && rm -rf /var/lib/apt/lists/*
RUN apt-get update && apt-get install -y python3-dev nmap libmaxminddb-dev \
    && rm -rf /var/lib/apt/lists/*

projects/hancock/build.sh

  • Fix copyright year: 20262025
  • Add explicit pip3 install atheris before the requirements.txt install — all 8 fuzz targets import atheris but it is not in requirements.txt, so fuzz targets would fail to build without this
pip3 install atheris
pip3 install -r "$SRC/hancock/requirements.txt"
Original prompt

Fix OSS-Fuzz integration files for Hancock project

The branch add-hancock-project in this repo contains the OSS-Fuzz integration for Hancock (PR google#15315 against google/oss-fuzz). Three files need to be updated to fix critical blockers that will prevent the PR from being merged.

1. projects/hancock/Dockerfile — Add missing system dependencies and fix copyright year

Current file:

# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################

FROM gcr.io/oss-fuzz-base/base-builder-python
RUN apt-get update && apt-get install -y python3-dev
RUN git clone --depth 1 https://github.com/0ai-Cyberviser/Hancock.git $SRC/hancock
WORKDIR $SRC/hancock
COPY build.sh $SRC/

Required changes:

  • Change Copyright 2026 to Copyright 2025
  • Add nmap and libmaxminddb-dev to the apt-get install line (required by python-nmap and maxminddb Python packages)
  • Add && rm -rf /var/lib/apt/lists/* to clean up apt cache

The updated file should be:

# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################

FROM gcr.io/oss-fuzz-base/base-builder-python
RUN apt-get update && apt-get install -y python3-dev nmap libmaxminddb-dev \
    && rm -rf /var/lib/apt/lists/*
RUN git clone --depth 1 https://github.com/0ai-Cyberviser/Hancock.git $SRC/hancock
WORKDIR $SRC/hancock
COPY build.sh $SRC/

2. projects/hancock/build.sh — Fix copyright year and add explicit atheris install

Current file:

#!/bin/bash -eu
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################

pip3 install -r "$SRC/hancock/requirements.txt"

FUZZ_DIR="$SRC/hancock/fuzz"

shopt -s nullglob
for fuzzer in "$FUZZ_DIR"/fuzz_*.py; do
  fuzzer_basename=$(basename "$fuzzer" .py)
  compile_python_fuzzer "$fuzzer"
  corpus_name="${fuzzer_basename#fuzz_}"
  corpus_dir="$FUZZ_DIR/corpus/$corpus_name"
  if [ -d "$corpus_dir" ]; then
    zip -j "$OUT/${fuzzer_basename}_seed_corpus.zip" "$corpus_dir"/* 2>/dev/null || true
  fi
done

Required changes:

  • Change Copyright 2026 to Copyright 2025
  • Add pip3 install atheris before the requirements.txt install as a safety net (atheris is the fuzzing framework all 8 fuzz targets depend on)

The updated file should be:

#!/bin/bash -eu
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################

pip3 install atheris
pip3 install -r "$SRC/hancock/requirements.txt"

FUZZ_DIR="$SRC/hancock/fuzz"

shopt -s nullglob
for fuzzer in "$FUZZ_DIR"/fuzz_*.py; do
  fuzzer_basename=$(basename "$fuzzer" .py)
  compile_python_fuzzer "$fuzzer"
  corpus_name="${fuzzer_basename#fuzz_}"
  corpus_dir="$FUZZ_DIR/corpu...

</details>



<!-- START COPILOT CODING AGENT SUFFIX -->

*This pull request was created from Copilot chat.*
>

@0ai-Cyberviser
Fix hancock OSS-Fuzz files: add system deps, atheris install, fix cop…
b9eca55 
…yright year

Agent-Logs-Url: https://github.com/0ai-Cyberviser/oss-fuzz/sessions/25cdfaef-3855-40a9-9ade-7eb81ee1835f

Co-authored-by: 0ai-Cyberviser <266508493+0ai-Cyberviser@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix OSS-Fuzz integration files for Hancock project Fix hancock OSS-Fuzz integration: system deps, atheris install, copyright year Apr 8, 2026
Copilot AI requested a review from 0ai-Cyberviser April 8, 2026 03:29
@0ai-Cyberviser 0ai-Cyberviser marked this pull request as ready for review April 8, 2026 04:01
Copilot AI review requested due to automatic review settings April 8, 2026 04:01
@0ai-Cyberviser 0ai-Cyberviser merged commit 762cdc1 into add-hancock-project Apr 8, 2026
4 checks passed
Copilot AI reviewed Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the OSS-Fuzz integration for the hancock project to address build/runtime blockers in its Dockerfile and build script, aligning the integration with OSS-Fuzz expectations for dependencies and licensing headers.

Changes:

  • Correct copyright headers from 2026 to 2025.
  • Add missing system packages (nmap, libmaxminddb-dev) and clean apt metadata in the project Dockerfile.
  • Ensure atheris is installed explicitly before installing the project’s Python requirements.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
projects/hancock/Dockerfile Adds required OS dependencies and cleans apt lists; fixes copyright year.
projects/hancock/build.sh Installs atheris explicitly before requirements; fixes copyright year.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@0ai-Cyberviser 0ai-Cyberviser mentioned this pull request Apr 8, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@0ai-Cyberviser 0ai-Cyberviser 0ai-Cyberviser approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

Copilot code review Copilot

@0ai-Cyberviser 0ai-Cyberviser

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@0ai-Cyberviser