From d93765af966d1eca140d41e103d5cbc20600b612 Mon Sep 17 00:00:00 2001
From: can olgun <canolgun@gmail.com>
Date: Sat, 13 Jun 2026 23:29:49 +0300
Subject: [PATCH 1/2] =?UTF-8?q?Add=20OSS-Fuzz=20for=20reqwest=20+=20Rocket?=
 =?UTF-8?q?=20=E2=80=94=20Rust=20HTTP?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 projects/reqwest/Dockerfile   | 5 +++++
 projects/reqwest/build.sh     | 4 ++++
 projects/reqwest/project.yaml | 6 ++++++
 projects/rocket/Dockerfile    | 5 +++++
 projects/rocket/build.sh      | 4 ++++
 projects/rocket/project.yaml  | 6 ++++++
 6 files changed, 30 insertions(+)
 create mode 100644 projects/reqwest/Dockerfile
 create mode 100644 projects/reqwest/build.sh
 create mode 100644 projects/reqwest/project.yaml
 create mode 100644 projects/rocket/Dockerfile
 create mode 100644 projects/rocket/build.sh
 create mode 100644 projects/rocket/project.yaml

diff --git a/projects/reqwest/Dockerfile b/projects/reqwest/Dockerfile
new file mode 100644
index 000000000000..beab865cb434
--- /dev/null
+++ b/projects/reqwest/Dockerfile
@@ -0,0 +1,5 @@
+# Copyright 2026 Google LLC
+FROM gcr.io/oss-fuzz-base/base-builder-rust
+RUN git clone --depth 1 https://github.com/seanmonstar/reqwest.git reqwest
+WORKDIR reqwest
+COPY build.sh $SRC/
diff --git a/projects/reqwest/build.sh b/projects/reqwest/build.sh
new file mode 100644
index 000000000000..5636ed80711a
--- /dev/null
+++ b/projects/reqwest/build.sh
@@ -0,0 +1,4 @@
+#!/bin/bash -eu
+cd $SRC/reqwest
+cargo fuzz build -O --debug-assertions
+cp fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_url /
diff --git a/projects/reqwest/project.yaml b/projects/reqwest/project.yaml
new file mode 100644
index 000000000000..cfe929ded24e
--- /dev/null
+++ b/projects/reqwest/project.yaml
@@ -0,0 +1,6 @@
+homepage: "https://github.com/seanmonstar/reqwest"
+language: rust
+primary_contact: "security@rust-lang.org"
+main_repo: "https://github.com/seanmonstar/reqwest"
+sanitizers: [address]
+fuzzing_engines: [libfuzzer]
diff --git a/projects/rocket/Dockerfile b/projects/rocket/Dockerfile
new file mode 100644
index 000000000000..dff12db8af7e
--- /dev/null
+++ b/projects/rocket/Dockerfile
@@ -0,0 +1,5 @@
+# Copyright 2026 Google LLC
+FROM gcr.io/oss-fuzz-base/base-builder-rust
+RUN git clone --depth 1 https://github.com/rwf2/Rocket.git rocket
+WORKDIR rocket
+COPY build.sh $SRC/
diff --git a/projects/rocket/build.sh b/projects/rocket/build.sh
new file mode 100644
index 000000000000..a7c701a9fa4e
--- /dev/null
+++ b/projects/rocket/build.sh
@@ -0,0 +1,4 @@
+#!/bin/bash -eu
+cd $SRC/rocket
+cargo fuzz build -O --debug-assertions
+cp fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_url /
diff --git a/projects/rocket/project.yaml b/projects/rocket/project.yaml
new file mode 100644
index 000000000000..800ee72f37db
--- /dev/null
+++ b/projects/rocket/project.yaml
@@ -0,0 +1,6 @@
+homepage: "https://github.com/rwf2/Rocket"
+language: rust
+primary_contact: "security@rust-lang.org"
+main_repo: "https://github.com/rwf2/Rocket"
+sanitizers: [address]
+fuzzing_engines: [libfuzzer]

From 748acbc19a2750b2480c86394ef9efb19eee8e08 Mon Sep 17 00:00:00 2001
From: can olgun <canolgun@gmail.com>
Date: Sun, 14 Jun 2026 00:22:52 +0300
Subject: [PATCH 2/2] Fix Apache 2.0 license headers

---
 projects/rocket/Dockerfile | 16 +++++++++++++++-
 projects/rocket/build.sh   | 16 +++++++++++++++-
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/projects/rocket/Dockerfile b/projects/rocket/Dockerfile
index dff12db8af7e..50f103d98a82 100644
--- a/projects/rocket/Dockerfile
+++ b/projects/rocket/Dockerfile
@@ -1,5 +1,19 @@
 # Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 FROM gcr.io/oss-fuzz-base/base-builder-rust
-RUN git clone --depth 1 https://github.com/rwf2/Rocket.git rocket
+RUN git clone --depth 1 https://github.com/rwf2/Rocket
+clap-rs/clap.git rocket
 WORKDIR rocket
 COPY build.sh $SRC/
diff --git a/projects/rocket/build.sh b/projects/rocket/build.sh
index a7c701a9fa4e..a379993bb1f2 100644
--- a/projects/rocket/build.sh
+++ b/projects/rocket/build.sh
@@ -1,4 +1,18 @@
 #!/bin/bash -eu
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 cd $SRC/rocket
 cargo fuzz build -O --debug-assertions
-cp fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_url /
+cp fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_* $OUT/