Add Hancock to OSS-Fuzz

[0ai-Cyberviser]

Adds Hancock (AI cybersecurity agent) to OSS-Fuzz with 5 Atheris Python fuzz targets + seed corpora.

Upstream fuzz targets + corpora: https://github.com/0ai-Cyberviser/Hancock/tree/main/fuzz

CIFuzz workflow already enabled in upstream repo.

Submitting for OSS-Fuzz Initial Integration reward (up to $5,000).

[github-actions]

0ai-Cyberviser is integrating a new project:
- Main repo: https://github.com/0ai-Cyberviser/Hancock
- Criticality score: N/A

[0ai-Cyberviser]

@copilot

Copilot said: PR #63 can't be auto-merged because it's

PR #63 can't be auto-merged because it's still in draft state. You'll need to take two manual steps, then I can handle the rest:

Step 1: Merge PR #63 (manual — requires your action)

1. Go to PR #63
2. Click "Ready for review" to take it out of draft
3. Click "Merge pull request" to merge it into the add-hancock-project branch

This will land the Dockerfile and build.sh fixes onto the same branch that feeds google/oss-fuzz#15315.

---

Step 2 (after merge): Update #15315 description

Once #63 is merged, the add-hancock-project branch will contain the updated files and the upstream PR will reflect the changes automatically. At that point, you should update the PR description on #15315. Here's the ready-to-paste replacement:

---

Title: Add Hancock to OSS-Fuzz

Body:

Adds Hancock (AI-powered cybersecurity agent) to OSS-Fuzz with 8 Atheris-based Python fuzz targets + seed corpora.

Fuzz targets

Target	Attack surface
fuzz_nvd_parser	NVD JSON/feed parsing
fuzz_mitre_parser	MITRE ATT&CK data parsing
fuzz_formatter	Advisory output formatting
fuzz_formatter_v3	CVSSv3 formatter paths
fuzz_api_inputs	API endpoint input validation
fuzz_webhook_signature	Webhook HMAC signature verification
fuzz_ghsa_parser	GitHub Security Advisory parsing
fuzz_xml_parsing	XML/defusedxml parsing

Go merge PR #63 and let me know once that's done — I can help with anything else from there!

Copilot said: PR #63 can't be auto-merged because it's

PR #63 can't be auto-merged because it's still in draft state. You'll need to take two manual steps, then I can handle the rest:
Step 1: Merge PR #63 (manual — requires your action)

Go to [PR #63](https://github.com/0ai-Cyberviser/oss-fuzz/pull/63)
Click "Ready for review" to take it out of draft
Click "Merge pull request" to merge it into the add-hancock-project branch

This will land the Dockerfile and build.sh fixes onto the same branch that feeds google/oss-fuzz#15315.
Step 2 (after merge): Update #15315 description

Once #63 is merged, the add-hancock-project branch will contain the updated files and the upstream PR will reflect the changes automatically. At that point, you should update the PR description on #15315. Here's the ready-to-paste replacement:

Title: Add Hancock to OSS-Fuzz

Body:

Adds [Hancock](https://github.com/0ai-Cyberviser/Hancock) (AI-powered cybersecurity agent) to OSS-Fuzz with 8 Atheris-based Python fuzz targets + seed corpora.
Fuzz targets
Target	Attack surface
fuzz_nvd_parser	NVD JSON/feed parsing
fuzz_mitre_parser	MITRE ATT&CK data parsing
fuzz_formatter	Advisory output formatting
fuzz_formatter_v3	CVSSv3 formatter paths
fuzz_api_inputs	API endpoint input validation
fuzz_webhook_signature	Webhook HMAC signature verification
fuzz_ghsa_parser	GitHub Security Advisory parsing
fuzz_xml_parsing	XML/defusedxml parsing
Integration details

    Language: Python
    Engine: libFuzzer (via Atheris)
    Sanitizers: address, undefined
    License: Apache-2.0
    Upstream fuzz targets + corpora: https://github.com/0ai-Cyberviser/Hancock/tree/main/fuzz
    CIFuzz + continuous-fuzz workflows already enabled in upstream repo

Build verification
bash

python3 infra/helper.py build_image hancock
python3 infra/helper.py build_fuzzers hancock
python3 infra/helper.py run_fuzzer hancock fuzz_nvd_parser

Step 3: Test locally

After merging #63, run this on your machine to confirm everything builds:
bash

git clone https://github.com/0ai-Cyberviser/oss-fuzz.git
cd oss-fuzz
git checkout add-hancock-project

python3 infra/helper.py build_image hancock
python3 infra/helper.py build_fuzzers hancock
python3 infra/helper.py run_fuzzer hancock fuzz_nvd_parser

Step 4: Post results and request review

Once the build succeeds, paste the terminal output as a comment on google/oss-fuzz#15315 with a note like:

✅ Local build + fuzz run verified:
Code

[paste output here]

Ready for review. cc @oliverchang @jonathanmetzman

Summary of what's done vs. what needs your action
Step Status
✅ Hancock upstream: license → Apache-2.0 PR #38 merged
✅ Hancock upstream: atheris in requirements.txt PR #38 merged
✅ OSS-Fuzz fork: Dockerfile + build.sh fixes PR #63 ready (draft — needs you to mark ready & merge)
🔲 Update #15315 description Copy the text above
🔲 Local build test Run the commands above
🔲 Post results + request review Comment on #15315

Go merge PR #63 and let me know once that's done — I can help with anything else from there!

[0ai-Cyberviser]

@copilot
Title: Add Hancock to OSS-Fuzz

Body:

Adds Hancock (AI-powered cybersecurity agent) to OSS-Fuzz with 8 Atheris-based Python fuzz targets + seed corpora.
Fuzz targets
Target Attack surface
fuzz_nvd_parser NVD JSON/feed parsing
fuzz_mitre_parser MITRE ATT&CK data parsing
fuzz_formatter Advisory output formatting
fuzz_formatter_v3 CVSSv3 formatter paths
fuzz_api_inputs API endpoint input validation
fuzz_webhook_signature Webhook HMAC signature verification
fuzz_ghsa_parser GitHub Security Advisory parsing
fuzz_xml_parsing XML/defusedxml parsing
Integration details

Language: Python
Engine: libFuzzer (via Atheris)
Sanitizers: address, undefined
License: Apache-2.0
Upstream fuzz targets + corpora: https://github.com/0ai-Cyberviser/Hancock/tree/main/fuzz
CIFuzz + continuous-fuzz workflows already enabled in upstream repo

Build verification
bash

python3 infra/helper.py build_image hancock
python3 infra/helper.py build_fuzzers hancock
python3 infra/helper.py run_fuzzer hancock fuzz_nvd_parser