danblack, two questions:

• It's a project for about 2 months, right? Not 5 months, not 5 days? ("yes" is required for a GSoC project)
• Would you like to mentor it? ("yes" is not required)

Yes I think something meaningful can be done in 2 months. Being a mentor - yes happy to do that.

Hi,
I am Hans WHITE a MS data Security student and I am interested in this testing project. I would love to work on this project for GSoC 2017. I am familiar with fuzz testing and have written simple fuzzers for personal projects using libfuzzer. I wish to know if there are other students already working on this project so I can choose another project from the interesting pool of projects here. I am also familiar with OSS-Fuzz and have studied the framework and how to integrate new projects into the system. I will write a proposal for this project to express my thoughts.

Hi hans23,

You are the first student who as expressed an interest. I'm looking forward to reading your proposal. If you could send it to the maria-developers email list (https://launchpad.net/~maria-developers) that would be appreciated. If you can show your existing work that would be great too if you can, we won't be too judgemental, we know personal projects, especially in the testing realm, are there to learn things rather than be a shining example of engineering.

hans23, as you know the GSoC proposal window is now open. I'm looking forward to reading your proposal.

Rewards available https://www.google.com/about/appsecurity/patch-rewards/

An alternative to OSS-Fuzz integration would be tailoring AFL and/or Radamsa to feed on and mutate the MTR suite test files, which, supposedly, should explore a decent percent of the code base/paths. I'm also wondering if we could use RQG, or some other tool, to ensure we're mutating syntactically correct SQL queries.

Ultimately, these checkers should be integrated as builders into the new buildbot.

bison -x can generate a XML tree of the syntax structure.