diff options
| author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-06-15 21:42:09 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-06-15 21:42:09 +0000 |
| commit | 7a9e562e250e8174792c5892b6bcc20963098415 (patch) | |
| tree | 328e6c9629b196cec1de3a94ee804d9fee3a0524 | |
| parent | efa6db4371a593efaf4b2c5320e8dff3ef29edd1 (diff) | |
| parent | 8dd31c7112ba7b07fcafe02c83dc9ef3808cdab7 (diff) | |
| download | oss-fuzz-aml_tz3_314012070.tar.gz | |
Snap for 8730993 from 8dd31c7112ba7b07fcafe02c83dc9ef3808cdab7 to mainline-tzdata3-releaseaml_tz3_314012070aml_tz3_314012050aml_tz3_314012010aml_tz3_313110000aml_tz3_312511020aml_tz3_312511010aml_tz3_312410020aml_tz3_312410010android12-mainline-tzdata3-releaseaml_tz3_314012010
Change-Id: Ida93e001e285c12eab99b469c7b5ddc9652017ad
1025 files changed, 6690 insertions, 27213 deletions
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS deleted file mode 100644 index 50dc55e8b..000000000 --- a/.github/CODEOWNERS +++ /dev/null @@ -1 +0,0 @@ -/projects/librawspeed/ @LebedevRI diff --git a/.github/workflows/infra_tests.yml b/.github/workflows/infra_tests.yml index 53c1ad54f..5273adc45 100644 --- a/.github/workflows/infra_tests.yml +++ b/.github/workflows/infra_tests.yml @@ -3,7 +3,6 @@ on: pull_request: paths: - 'infra/**' - - '.github/workflows/**' jobs: build: @@ -16,9 +15,8 @@ jobs: access_token: ${{ github.token }} - uses: actions/checkout@v2 - with: # Needed for git diff to work. (get_changed_files) - fetch-depth: 0 - - run: | + - run: | # Needed for git diff to work. + git fetch origin master --depth 1 git symbolic-ref refs/remotes/origin/HEAD refs/remotes/origin/master - name: Setup python environment @@ -31,13 +29,12 @@ jobs: sudo env "PATH=$PATH" python -m pip install --upgrade pip sudo env "PATH=$PATH" pip install -r infra/ci/requirements.txt sudo env "PATH=$PATH" pip install -r infra/build/functions/requirements.txt - sudo env "PATH=$PATH" pip install -r infra/cifuzz/requirements.txt - - uses: google-github-actions/setup-gcloud@master + - uses: GoogleCloudPlatform/github-actions/setup-gcloud@master with: version: '298.0.0' - run: | sudo env "PATH=$PATH" gcloud components install beta cloud-datastore-emulator - name: Run infra tests - run: sudo env "PATH=$PATH" END_TO_END_TESTS=1 INTEGRATION_TESTS=1 python infra/presubmit.py infra-tests -p + run: sudo env "PATH=$PATH" INTEGRATION_TESTS=1 python infra/presubmit.py infra-tests -p diff --git a/.github/workflows/presubmit.yml b/.github/workflows/presubmit.yml index 1e80301ab..9a4b8d698 100644 --- a/.github/workflows/presubmit.yml +++ b/.github/workflows/presubmit.yml @@ -16,9 +16,8 @@ jobs: access_token: ${{ github.token }} - uses: actions/checkout@v2 - with: # Needed for git diff to work. (get_changed_files) - fetch-depth: 0 - - run: | + - run: | # Needed for git diff to work. + git fetch origin master --depth 1 git symbolic-ref refs/remotes/origin/HEAD refs/remotes/origin/master - name: Setup python environment diff --git a/.github/workflows/project_tests.yml b/.github/workflows/project_tests.yml index 4d5e4f02a..55dfb7f39 100644 --- a/.github/workflows/project_tests.yml +++ b/.github/workflows/project_tests.yml @@ -48,9 +48,8 @@ jobs: access_token: ${{ github.token }} - uses: actions/checkout@v2 - with: # Needed for git diff to work. (get_changed_files) - fetch-depth: 0 - - run: | + - run: | # Needed for git diff to work. + git fetch origin master --depth 1 git symbolic-ref refs/remotes/origin/HEAD refs/remotes/origin/master - name: Clear unnecessary files diff --git a/Android.bp b/Android.bp index ade232647..2bc30ddae 100644 --- a/Android.bp +++ b/Android.bp @@ -47,7 +47,7 @@ license { cc_fuzz { name: "ossfuzz-libldac-encode_fuzzer", - static_libs: ["libldacBT_enc"], + shared_libs: ["libldacBT_enc"], srcs: ["projects/libldac/libldac_encode_fuzzer.cc"], fuzz_config: { componentid: 27441 @@ -9,11 +9,11 @@ third_party { type: GIT value: "https://github.com/google/oss-fuzz.git" } - version: "fd15c6d57aa13667af2521daf6167a2d8cd2ecb7" + version: "947169dc86572e121c3e138f366a9f39ac6266ae" license_type: RESTRICTED last_upgrade_date { year: 2021 - month: 10 - day: 12 + month: 4 + day: 1 } } @@ -44,11 +44,11 @@ Read our [detailed documentation] to learn how to use OSS-Fuzz. [detailed documentation]: https://google.github.io/oss-fuzz ## Trophies -As of June 2021, OSS-Fuzz has found over [30,000] bugs in [500] open source +As of January 2021, OSS-Fuzz has found over [25,000] bugs in [375] open source projects. -[30,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=-status%3AWontFix%2CDuplicate%20-component%3AInfra&can=1 -[500]: https://github.com/google/oss-fuzz/tree/master/projects +[25,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=-status%3AWontFix%2CDuplicate%20-component%3AInfra&can=1 +[375]: https://github.com/google/oss-fuzz/tree/master/projects ## Blog posts * 2016-12-01 - [Announcing OSS-Fuzz: Continuous fuzzing for open source software] diff --git a/docs/Gemfile.lock b/docs/Gemfile.lock index b67c3bc47..a6807df0e 100644 --- a/docs/Gemfile.lock +++ b/docs/Gemfile.lock @@ -1,13 +1,13 @@ GEM remote: https://rubygems.org/ specs: - activesupport (6.0.4) + activesupport (6.0.3.4) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) zeitwerk (~> 2.2, >= 2.2.2) - addressable (2.8.0) + addressable (2.7.0) public_suffix (>= 2.0.2, < 5.0) coffee-script (2.4.1) coffee-script-source @@ -16,40 +16,26 @@ GEM colorator (1.1.0) commonmarker (0.17.13) ruby-enum (~> 0.5) - concurrent-ruby (1.1.9) - dnsruby (1.61.7) + concurrent-ruby (1.1.7) + dnsruby (1.61.5) simpleidn (~> 0.1) em-websocket (0.5.2) eventmachine (>= 0.12.9) http_parser.rb (~> 0.6.0) - ethon (0.14.0) - ffi (>= 1.15.0) + ethon (0.12.0) + ffi (>= 1.3.0) eventmachine (1.2.7) - execjs (2.8.1) - faraday (1.6.0) - faraday-em_http (~> 1.0) - faraday-em_synchrony (~> 1.0) - faraday-excon (~> 1.1) - faraday-httpclient (~> 1.0.1) + execjs (2.7.0) + faraday (1.3.0) faraday-net_http (~> 1.0) - faraday-net_http_persistent (~> 1.1) - faraday-patron (~> 1.0) - faraday-rack (~> 1.0) multipart-post (>= 1.2, < 3) - ruby2_keywords (>= 0.0.4) - faraday-em_http (1.0.0) - faraday-em_synchrony (1.0.0) - faraday-excon (1.1.0) - faraday-httpclient (1.0.1) - faraday-net_http (1.0.1) - faraday-net_http_persistent (1.2.0) - faraday-patron (1.0.0) - faraday-rack (1.0.0) - ffi (1.15.3) + ruby2_keywords + faraday-net_http (1.0.0) + ffi (1.14.2) forwardable-extended (2.6.0) gemoji (3.0.1) - github-pages (218) - github-pages-health-check (= 1.17.2) + github-pages (209) + github-pages-health-check (= 1.16.1) jekyll (= 3.9.0) jekyll-avatar (= 0.7.0) jekyll-coffeescript (= 1.1.1) @@ -64,39 +50,39 @@ GEM jekyll-readme-index (= 0.3.0) jekyll-redirect-from (= 0.16.0) jekyll-relative-links (= 0.6.1) - jekyll-remote-theme (= 0.4.3) + jekyll-remote-theme (= 0.4.2) jekyll-sass-converter (= 1.5.2) - jekyll-seo-tag (= 2.7.1) + jekyll-seo-tag (= 2.6.1) jekyll-sitemap (= 1.4.0) jekyll-swiss (= 1.0.0) - jekyll-theme-architect (= 0.2.0) - jekyll-theme-cayman (= 0.2.0) - jekyll-theme-dinky (= 0.2.0) - jekyll-theme-hacker (= 0.2.0) - jekyll-theme-leap-day (= 0.2.0) - jekyll-theme-merlot (= 0.2.0) - jekyll-theme-midnight (= 0.2.0) - jekyll-theme-minimal (= 0.2.0) - jekyll-theme-modernist (= 0.2.0) - jekyll-theme-primer (= 0.6.0) - jekyll-theme-slate (= 0.2.0) - jekyll-theme-tactile (= 0.2.0) - jekyll-theme-time-machine (= 0.2.0) + jekyll-theme-architect (= 0.1.1) + jekyll-theme-cayman (= 0.1.1) + jekyll-theme-dinky (= 0.1.1) + jekyll-theme-hacker (= 0.1.2) + jekyll-theme-leap-day (= 0.1.1) + jekyll-theme-merlot (= 0.1.1) + jekyll-theme-midnight (= 0.1.1) + jekyll-theme-minimal (= 0.1.1) + jekyll-theme-modernist (= 0.1.1) + jekyll-theme-primer (= 0.5.4) + jekyll-theme-slate (= 0.1.1) + jekyll-theme-tactile (= 0.1.1) + jekyll-theme-time-machine (= 0.1.1) jekyll-titles-from-headings (= 0.5.3) jemoji (= 0.12.0) - kramdown (= 2.3.1) + kramdown (= 2.3.0) kramdown-parser-gfm (= 1.1.0) liquid (= 4.0.3) mercenary (~> 0.3) minima (= 2.5.1) nokogiri (>= 1.10.4, < 2.0) - rouge (= 3.26.0) + rouge (= 3.23.0) terminal-table (~> 1.4) - github-pages-health-check (1.17.2) + github-pages-health-check (1.16.1) addressable (~> 2.3) dnsruby (~> 1.60) octokit (~> 4.0) - public_suffix (>= 2.0.2, < 5.0) + public_suffix (~> 3.0) typhoeus (~> 1.3) html-pipeline (2.14.0) activesupport (>= 2) @@ -150,57 +136,57 @@ GEM jekyll (>= 3.3, < 5.0) jekyll-relative-links (0.6.1) jekyll (>= 3.3, < 5.0) - jekyll-remote-theme (0.4.3) + jekyll-remote-theme (0.4.2) addressable (~> 2.0) jekyll (>= 3.5, < 5.0) jekyll-sass-converter (>= 1.0, <= 3.0.0, != 2.0.0) rubyzip (>= 1.3.0, < 3.0) jekyll-sass-converter (1.5.2) sass (~> 3.4) - jekyll-seo-tag (2.7.1) - jekyll (>= 3.8, < 5.0) + jekyll-seo-tag (2.6.1) + jekyll (>= 3.3, < 5.0) jekyll-sitemap (1.4.0) jekyll (>= 3.7, < 5.0) jekyll-swiss (1.0.0) - jekyll-theme-architect (0.2.0) - jekyll (> 3.5, < 5.0) + jekyll-theme-architect (0.1.1) + jekyll (~> 3.5) jekyll-seo-tag (~> 2.0) - jekyll-theme-cayman (0.2.0) - jekyll (> 3.5, < 5.0) + jekyll-theme-cayman (0.1.1) + jekyll (~> 3.5) jekyll-seo-tag (~> 2.0) - jekyll-theme-dinky (0.2.0) - jekyll (> 3.5, < 5.0) + jekyll-theme-dinky (0.1.1) + jekyll (~> 3.5) jekyll-seo-tag (~> 2.0) - jekyll-theme-hacker (0.2.0) + jekyll-theme-hacker (0.1.2) jekyll (> 3.5, < 5.0) jekyll-seo-tag (~> 2.0) - jekyll-theme-leap-day (0.2.0) - jekyll (> 3.5, < 5.0) + jekyll-theme-leap-day (0.1.1) + jekyll (~> 3.5) jekyll-seo-tag (~> 2.0) - jekyll-theme-merlot (0.2.0) - jekyll (> 3.5, < 5.0) + jekyll-theme-merlot (0.1.1) + jekyll (~> 3.5) jekyll-seo-tag (~> 2.0) - jekyll-theme-midnight (0.2.0) - jekyll (> 3.5, < 5.0) + jekyll-theme-midnight (0.1.1) + jekyll (~> 3.5) jekyll-seo-tag (~> 2.0) - jekyll-theme-minimal (0.2.0) - jekyll (> 3.5, < 5.0) + jekyll-theme-minimal (0.1.1) + jekyll (~> 3.5) jekyll-seo-tag (~> 2.0) - jekyll-theme-modernist (0.2.0) - jekyll (> 3.5, < 5.0) + jekyll-theme-modernist (0.1.1) + jekyll (~> 3.5) jekyll-seo-tag (~> 2.0) - jekyll-theme-primer (0.6.0) + jekyll-theme-primer (0.5.4) jekyll (> 3.5, < 5.0) jekyll-github-metadata (~> 2.9) jekyll-seo-tag (~> 2.0) - jekyll-theme-slate (0.2.0) - jekyll (> 3.5, < 5.0) + jekyll-theme-slate (0.1.1) + jekyll (~> 3.5) jekyll-seo-tag (~> 2.0) - jekyll-theme-tactile (0.2.0) - jekyll (> 3.5, < 5.0) + jekyll-theme-tactile (0.1.1) + jekyll (~> 3.5) jekyll-seo-tag (~> 2.0) - jekyll-theme-time-machine (0.2.0) - jekyll (> 3.5, < 5.0) + jekyll-theme-time-machine (0.1.1) + jekyll (~> 3.5) jekyll-seo-tag (~> 2.0) jekyll-titles-from-headings (0.5.3) jekyll (>= 3.3, < 5.0) @@ -210,39 +196,41 @@ GEM gemoji (~> 3.0) html-pipeline (~> 2.2) jekyll (>= 3.0, < 5.0) - kramdown (2.3.1) + kramdown (2.3.0) rexml kramdown-parser-gfm (1.1.0) kramdown (~> 2.0) liquid (4.0.3) - listen (3.6.0) + listen (3.4.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) mercenary (0.3.6) + mini_portile2 (2.5.0) minima (2.5.1) jekyll (>= 3.5, < 5.0) jekyll-feed (~> 0.9) jekyll-seo-tag (~> 2.1) - minitest (5.14.4) + minitest (5.14.3) multipart-post (2.1.1) - nokogiri (1.12.5-x86_64-linux) + nokogiri (1.11.1) + mini_portile2 (~> 2.5.0) racc (~> 1.4) - octokit (4.21.0) + octokit (4.20.0) faraday (>= 0.9) sawyer (~> 0.8.0, >= 0.5.3) pathutil (0.16.2) forwardable-extended (~> 2.6) - public_suffix (4.0.6) + public_suffix (3.1.1) racc (1.5.2) - rb-fsevent (0.11.0) + rb-fsevent (0.10.4) rb-inotify (0.10.1) ffi (~> 1.0) - rexml (3.2.5) - rouge (3.26.0) - ruby-enum (0.9.0) + rexml (3.2.4) + rouge (3.23.0) + ruby-enum (0.8.0) i18n - ruby2_keywords (0.0.5) - rubyzip (2.3.2) + ruby2_keywords (0.0.2) + rubyzip (2.3.0) safe_yaml (1.0.5) sass (3.7.4) sass-listen (~> 4.0.0) @@ -252,7 +240,7 @@ GEM sawyer (0.8.2) addressable (>= 2.3.5) faraday (> 0.8, < 2.0) - simpleidn (0.2.1) + simpleidn (0.1.1) unf (~> 0.1.4) terminal-table (1.8.0) unicode-display_width (~> 1.1, >= 1.1.1) @@ -268,10 +256,10 @@ GEM zeitwerk (2.4.2) PLATFORMS - x86_64-linux + ruby DEPENDENCIES github-pages BUNDLED WITH - 2.2.16 + 2.1.4 diff --git a/docs/README.md b/docs/README.md index af2bc4b31..db0358faa 100644 --- a/docs/README.md +++ b/docs/README.md @@ -5,8 +5,7 @@ Use the following instructions to make documentation changes locally. ## Prerequisites ```bash $ sudo apt install ruby bundler -$ bundle config set path 'vendor/bundle' -$ bundle install +$ bundle install --path vendor/bundle ``` ## Serving locally diff --git a/docs/advanced-topics/bug_fixing_guidance.md b/docs/advanced-topics/bug_fixing_guidance.md deleted file mode 100644 index 1ba0bd53b..000000000 --- a/docs/advanced-topics/bug_fixing_guidance.md +++ /dev/null @@ -1,94 +0,0 @@ ---- -layout: default -title: Bug fixing guidance -nav_order: 6 -permalink: /advanced-topics/bug-fixing-guidance ---- - -# Bug fixing guidance -{: .no_toc} - -This page provides brief guidance on how to prioritise and fix bugs reported by -OSS-Fuzz. - -- TOC -{:toc} - -## Threat modelling -In general the severity of an issue reported by OSS-Fuzz must be determined -relative to the threat model of the project under analysis. Therefore, although -the fuzzers OSS-Fuzz makes an effort into determining the severity of the bug -the true severity of the bug depends on the threat model of the project. - -## Bug prioritisation - -### Security issues -These are the top priority of solving. A label is attached to these on -the OSS-Fuzz testcase page and you can also search up all of these on monorail -using the search pattern `-Bug=security`. - -Issues of this kind include issues reported by Address Sanitizer, e.g. -heap-based buffer overflows, stack-based buffer overflows and use-after-frees. - -### Functional issues and memory leaks -These are issues that in general can tamper with the functionality of the -application. The bugs that have highest priority in this case are those that -can be easily triggered by an untrusted user of the project. - -### Timeouts and out-of-memory -These are in general the least prioritised issues to solve. - -### Bug prioritisation of non C/C++ projects -Currently there is no prioritisation of bugs in non C/C++ projects. As such, in -this scenario it is crucial you do the analysis yourself relative to the threat -model of your project. - -## Non-reproducible bugs -OSS-Fuzz will report some bugs that are labeled `Reliably reproduces: NO` and -these can be tricky to deal with. A non-reproducible bug is an issue that -OSS-Fuzz did indeed discover, however, OSS-Fuzz is unable to reproduce the bug -with `python infra/helper.py reproduce`. In general, our suggestion is to do -analysis of the bug and determine whether there in fact is an issue. - -The non-reproducible bugs can be of varying nature. Some of these bugs will be -due to some internal state of the target application being manipulated over the -cause of several executions of the fuzzer function. This could be several -hundreds or even thousands of executions and the bug may not be reproducible by -a single fuzzer test-case, however, there is indeed a bug in the application. -There are other reasons why bugs may be non-reproducible and in general any -non-determinism introduced into the application can have an effect on this. - -In the case of non-reproducible bugs our advice is to put effort into analysing -the potential bug and also assess whether this is due to some internal state -that persists between each fuzz run. If that is indeed the case then we also -suggest investigating whether the fuzzer can be written such that the internal -state in the code will be reset between each fuzz run. - -## Should all reported issues be solved? -It is reported by some project maintainers that fixing timeout issues reported -by OSS-Fuzz can increase the complexity of the project’s source code. The -result of this is that maintainers put effort into solving a timeout issue and -the fix results in additional complexity of the project. The question is -whether in a scenario like this if the overall result actually improves the -state of the application. - -In order to answer this question we must assess the issue relative to the -threat model. Following the timeout anecdote then some timing issues can have -severe security implications. For example, if the timeout issue can cause -manipulation of control-flow then the timing issue may be of high security -severity. As such, it is difficult to say in the general case whether or not -some bugs should not be solved, as it should be analysed and determined on a -project-by-project basis. - -In the event that a bug is reported by OSS-Fuzz that is not relevant to -security or reliability of the application then there may still be a point to -fixing the bug. For example, if the issue is often run into by the fuzzer then -the fuzzer may have difficulty exploring further code in the target, and thus -fixing the bug will allow the fuzzer to explore further code. In this case some -suggested examples of resolving the issue could be: -* Perform a hot-patch that is only applied during fuzzer executions and does -not overcomplicate the project’s code. -* Patch the code of the fuzzer to avoid the timeout. For example, some fuzzers -restrict the size of the input to avoid certain deep recursions or -time-intensive loops. -* Patch the code in the target despite complicating things. diff --git a/docs/advanced-topics/code_coverage.md b/docs/advanced-topics/code_coverage.md index f307ad0e6..3b0acc26c 100644 --- a/docs/advanced-topics/code_coverage.md +++ b/docs/advanced-topics/code_coverage.md @@ -9,10 +9,9 @@ permalink: /advanced-topics/code-coverage/ # Code Coverage {: .no_toc} -For projects written in C/C++, Rust, Go, Swift or Java and other JVM-based languages, -you can generate code coverage reports using Clang source-based code coverage. -This page walks you through the basic steps. -For more details on C/C++ coverage, see [Clang's documentation]. +For projects written in C/C++, you can generate code coverage reports using +Clang source-based code coverage. This page walks you through the basic steps. +For more details, see [Clang's documentation]. Code coverage reports generation for other languages is not supported yet. @@ -99,7 +98,7 @@ $ python infra/helper.py coverage --fuzz-target=<fuzz_target_name> \ --corpus-dir=<my_local_corpus_dir> $PROJECT_NAME ``` -### Additional arguments for `llvm-cov` (C/C++ only) +### Additional arguments for `llvm-cov` You may want to use some of the options provided by the [llvm-cov tool], like `-ignore-filename-regex=`. You can pass these to the helper script after `--`: diff --git a/docs/advanced-topics/reproducing.md b/docs/advanced-topics/reproducing.md index c2ed147d4..95bb09c5c 100644 --- a/docs/advanced-topics/reproducing.md +++ b/docs/advanced-topics/reproducing.md @@ -38,7 +38,7 @@ the fuzz target with your build and test system, all you have to do is run this $ ./fuzz_target_binary <testcase_path> ``` -For timeout bugs, add the `-timeout=65` argument. For OOM bugs, add the +For timeout bugs, add the `-timeout=25` argument. For OOM bugs, add the `-rss_limit_mb=2560` argument. Read more on [how timeouts and OOMs are handled]({{ site.baseurl }}/faq/#how-do-you-handle-timeouts-and-ooms). @@ -82,11 +82,8 @@ The `sanitizer` used in the report is the value in the * **memory** for MemorySanitizer. * **undefined** for UndefinedBehaviorSanitizer. -**Notes**: - * The `architecture` argument is only necessary if you want to specify +**Note**: The `architecture` argument is only necessary if you want to specify `i386` configuration. - * Some bugs (specially ones related to pointer and integer overflows) are reproducible only in 32 bit mode or only in 64 bit mode. -If you can't reproduce a particular bug building for x86_64, try building for i386. ## Reproducing bugs diff --git a/docs/clusterfuzzlite/advanced/adding_ci_support.md b/docs/clusterfuzzlite/advanced/adding_ci_support.md deleted file mode 100644 index 2e855edd8..000000000 --- a/docs/clusterfuzzlite/advanced/adding_ci_support.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -layout: default -parent: Advanced Topics -grand_parent: ClusterFuzzLite -title: Adding Support for a New CI -nav_order: 1 -permalink: /clusterfuzzlite/advanced-topics/adding-ci-support/ ---- - -# Adding Support for a New CI - -TODO diff --git a/docs/clusterfuzzlite/advanced/architecture.md b/docs/clusterfuzzlite/advanced/architecture.md deleted file mode 100644 index a564f378d..000000000 --- a/docs/clusterfuzzlite/advanced/architecture.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -layout: default -parent: Advanced Topics -grand_parent: ClusterFuzzLite -title: Architecture -nav_order: 1 -permalink: /clusterfuzzlite/advanced-topics/architecture/ ---- - -# Architecture - -TODO diff --git a/docs/clusterfuzzlite/advanced_topics.md b/docs/clusterfuzzlite/advanced_topics.md deleted file mode 100644 index c5b49e125..000000000 --- a/docs/clusterfuzzlite/advanced_topics.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -layout: default -parent: ClusterFuzzLite -title: Advanced Topics -has_children: true -nav_order: 4 -permalink: /clusterfuzzlite/advanced-topics/ ---- - -# Advanced topics diff --git a/docs/clusterfuzzlite/build_integration.md b/docs/clusterfuzzlite/build_integration.md deleted file mode 100644 index 7310f7f6d..000000000 --- a/docs/clusterfuzzlite/build_integration.md +++ /dev/null @@ -1,269 +0,0 @@ ---- -layout: default -parent: ClusterFuzzLite -title: Build Integration -has_children: true -nav_order: 2 -permalink: /clusterfuzzlite/build-integration/ ---- -# Build integration -{: .no_toc} - -- TOC -{:toc} ---- - -## Prerequisites -ClusterFuzzLite supports statically linked -[libFuzzer targets]({{ site.baseurl }}/reference/glossary/#fuzz-target) on -Linux. - -We re-use the [OSS-Fuzz](https://github.com/google/oss-fuzz) toolchain to make -building easier. If you are familiar with this, most of the concepts here are -exactly the same, with one key difference. Rather than checking out the source -code in the [`Dockerfile`](#dockerfile) using `git clone`, the `Dockerfile` -copies in the source code directly during `docker build`. - -Before you can start setting up your new project for fuzzing, you must do the following: -- [Integrate]({{ site.baseurl }}/advanced-topics/ideal-integration/) one or more [fuzz targets]({{ site.baseurl }}/reference/glossary/#fuzz-target) - with the project you want to fuzz. For examples, see TODO. -- [Install Docker](https://docs.docker.com/engine/installation) - [Why Docker?]({{ site.baseurl }}/faq/#why-do-you-use-docker) - - If you want to run `docker` without `sudo`, you can - [create a docker group](https://docs.docker.com/engine/installation/linux/ubuntulinux/#/create-a-docker-group). - - **Note:** Docker images can consume significant disk space. Run - [docker-cleanup](https://gist.github.com/mikea/d23a839cba68778d94e0302e8a2c200f) - periodically to garbage-collect unused images. - -- Clone the OSS-Fuzz repo: `git clone https://github.com/google/oss-fuzz.git` - -## Generating an empty build integration - -Build integrations consist of three configuration files: -* [./clusterfuzzlite/project.yaml](#projectyaml) - provides metadata about the project. -* [./clusterfuzzlite/Dockerfile](#dockerfile) - defines the container environment with information -on dependencies needed to build the project and its [fuzz targets]({{ site.baseurl }}/reference/glossary/#fuzz-target). -* [./clusterfuzzlite/build.sh](#buildsh) - defines the build script that executes inside the Docker container and -generates the project build. - -These must live in the `.clusterfuzzlite` directory in the root of your -project's source code checkout. - -You can generate empty versions of these files with the following command: - -```bash -$ cd /path/to/oss-fuzz -$ export PATH_TO_PROJECT=<path_to_your_project> -$ python infra/helper.py generate $PATH_TO_PROJECT --external -``` - -Once the configuration files are generated, you should modify them to fit your -project. - -## project.yaml {#projectyaml} - -This configuration file stores project metadata. The following attributes are -supported: - -- [language](#language) - -### language - -Programming language the project is written in. Values you can specify include: - -* `c` -* `c++` -* [`go`]({{ site.baseurl }}//getting-started/new-project-guide/go-lang/) -* [`rust`]({{ site.baseurl }}//getting-started/new-project-guide/rust-lang/) -* [`python`]({{ site.baseurl }}//getting-started/new-project-guide/python-lang/) -* [`jvm` (Java, Kotlin, Scala and other JVM-based languages)]({{ site.baseurl }}//getting-started/new-project-guide/jvm-lang/) - -## Dockerfile {#dockerfile} - -This integration file defines the Docker image for your project. -Your [build.sh](#buildsh) script will be executed in inside the container you -define. -For most projects, the image is simple: -```docker -FROM gcr.io/oss-fuzz-base/base-builder # base image with clang toolchain -RUN apt-get update && apt-get install -y ... # install required packages to build your project -COPY . $SRC/<project_name> # checkout all sources needed to build your project -WORKDIR $SRC/<project_name> # current directory for the build script -COPY ./clusterfuzzlite/build.sh fuzzer.cc $SRC/ # copy build script into src dir -``` -TODO: Provide examples. - -## build.sh {#buildsh} - -This file defines how to build binaries for [fuzz targets]({{ site.baseurl }}/reference/glossary/#fuzz-target) in your project. -The script is executed within the image built from your [Dockerfile](#Dockerfile). - -In general, this script should do the following: - -- Build the project using your build system with OSS-Fuzz's compiler. -- Provide OSS-Fuzz's compiler flags (defined as [environment variables](#Requirements)) to the build system. -- Build your [fuzz targets]({{ site.baseurl }}/reference/glossary/#fuzz-target) - and link your project's build with `$LIB_FUZZING_ENGINE` (libFuzzer). - -Resulting binaries should be placed in `$OUT`. - -Here's an example from Expat -([source](https://github.com/google/oss-fuzz/blob/master/projects/expat/build.sh)): - -```bash -#!/bin/bash -eu - -./buildconf.sh -# configure scripts usually use correct environment variables. -./configure - -make clean -make -j$(nproc) all - -$CXX $CXXFLAGS -std=c++11 -Ilib/ \ - $SRC/parse_fuzzer.cc -o $OUT/parse_fuzzer \ - $LIB_FUZZING_ENGINE .libs/libexpat.a - -cp $SRC/*.dict $SRC/*.options $OUT/ -``` - -If your project is written in Go, check out the [Integrating a Go project]({{ site.baseurl }}//getting-started/new-project-guide/go-lang/) page. - -**Note:** -1. Make sure that the binary names for your [fuzz targets]({{ site.baseurl }}/reference/glossary/#fuzz-target) contain only -alphanumeric characters, underscore(_) or dash(-). Otherwise, they won't run. -1. Don't remove source code files. They are needed for code coverage. - - -### Temporarily disabling code instrumentation during builds - -In some cases, it's not necessary to instrument every 3rd party library or tool that supports the build target. Use the following snippet to build tools or libraries without instrumentation: - -``` -CFLAGS_SAVE="$CFLAGS" -CXXFLAGS_SAVE="$CXXFLAGS" -unset CFLAGS -unset CXXFLAGS -export AFL_NOOPT=1 - -# -# build commands here that should not result in instrumented code. -# - -export CFLAGS="${CFLAGS_SAVE}" -export CXXFLAGS="${CXXFLAGS_SAVE}" -unset AFL_NOOPT -``` -TODO: Figure out if we should include this AFL code. - -### build.sh script environment - -When your build.sh script is executed, the following locations are available within the image: - -| Location| Env Variable | Description | -|---------| ------------ | ---------- | -| `/out/` | `$OUT` | Directory to store build artifacts (fuzz targets, dictionaries, options files, seed corpus archives). | -| `/src/` | `$SRC` | Directory to checkout source files. | -| `/work/`| `$WORK` | Directory to store intermediate files. | - -Although the files layout is fixed within a container, environment variables are -provided so you can write retargetable scripts. - -In case your fuzz target uses the [FuzzedDataProvider] class, make sure it is -included via `#include <fuzzer/FuzzedDataProvider.h>` directive. - -[FuzzedDataProvider]: https://github.com/google/fuzzing/blob/master/docs/split-inputs.md#fuzzed-data-provider - -### build.sh requirements {#Requirements} - -Only binaries without an extension are accepted as targets. Extensions are reserved for other artifacts, like .dict. - -You *must* use the special compiler flags needed to build your project and fuzz targets. -These flags are provided in the following environment variables: - -| Env Variable | Description -| ------------- | -------- -| `$CC`, `$CXX`, `$CCC` | The C and C++ compiler binaries. -| `$CFLAGS`, `$CXXFLAGS` | C and C++ compiler flags. -| `$LIB_FUZZING_ENGINE` | C++ compiler argument to link fuzz target against the prebuilt engine library (e.g. libFuzzer). - -You *must* use `$CXX` as a linker, even if your project is written in pure C. - -Most well-crafted build scripts will automatically use these variables. If not, -pass them manually to the build tool. - -See the [Provided Environment Variables](https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-builder/README.md#provided-environment-variables) section in -`base-builder` image documentation for more details. - -## Fuzzer execution environment - -For more on the environment that -your [fuzz targets]({{ site.baseurl }}/reference/glossary/#fuzz-target) run in, and the assumptions you can make, see the [fuzzer environment]({{ site.baseurl }}/further-reading/fuzzer-environment/) page. - -## Testing locally - -You can build your docker image and fuzz targets locally, so you can test them -before running ClusterFuzzLite. -1. Run the same helper script you used to create your directory structure, this time using it to build your docker image and [fuzz targets]({{ site.baseurl }}/reference/glossary/#fuzz-target): - - ```bash - $ cd /path/to/oss-fuzz - $ python infra/helper.py build_image $PATH_TO_PROJECT --external - $ python infra/helper.py build_fuzzers $PATH_TO_PROJECT --sanitizer <address/undefined/coverage> --external - ``` - - The built binaries appear in the `/path/to/oss-fuzz/build/out/$PROJECT_NAME` - directory on your machine (and `$OUT` in the container). Note that - `$PROJECT_NAME` is the name of the directory of your project (e.g. if - `$PATH_TO_PROJECT` is `/path/to/systemd`, `$PROJECT_NAME` is systemd. - - **Note:** You *must* run your fuzz target binaries inside the base-runner docker - container to make sure that they work properly. - -2. Find failures to fix by running the `check_build` command: - - ```bash - $ python infra/helper.py check_build $PATH_TO_PROJECT --external - ``` - -3. If you want to test changes against a particular fuzz target, run the following command: - - ```bash - $ python infra/helper.py run_fuzzer --external --corpus-dir=<path-to-temp-corpus-dir> $PATH_TO_PROJECT <fuzz_target> - ``` - -4. We recommend taking a look at your code coverage as a test to ensure that -your fuzz targets get to the code you expect. This would use the corpus -generated from the previous `run_fuzzer` step in your local corpus directory. - - ```bash - $ python infra/helper.py build_fuzzers --sanitizer coverage $PATH_TO_PROJECT - $ python infra/helper.py coverage $PATH_TO_PROJECT --fuzz-target=<fuzz_target> --corpus-dir=<path-to-temp-corpus-dir> --external - ``` - -You may need to run `python infra/helper.py pull_images` to use the latest -coverage tools. Please refer to -[code coverage]({{ site.baseurl }}/advanced-topics/code-coverage/) for detailed -information on code coverage generation. - -**Note:** Currently, ClusterFuzzLite only supports AddressSanitizer (address) -and UndefinedBehaviorSanitizer (undefined) configurations. -<b>Make sure to test each -of the supported build configurations with the above commands (build_fuzzers -> run_fuzzer -> coverage).</b> - -If everything works locally, it should also work on ClusterFuzzLite. If you -check in your files and experience failures, review your [dependencies]({{site.baseurl }}/further-reading/fuzzer-environment/#dependencies). - -## Debugging Problems - -If you run into problems, the [Debugging page]({{ site.baseurl }}/advanced-topics/debugging/) lists ways to debug your build scripts and -[fuzz targets]({{ site.baseurl }}/reference/glossary/#fuzz-target). - -## Efficient fuzzing - -To improve your fuzz target ability to find bugs faster, please read [this section]( -{{ site.baseurl }}/getting-started/new-project-guide/#efficient-fuzzing). - -TODO(metzman): We probably want a TOC for lang-specific guides (which we still need to add). diff --git a/docs/clusterfuzzlite/clusterfuzzlite.md b/docs/clusterfuzzlite/clusterfuzzlite.md deleted file mode 100644 index 9dfd30a2b..000000000 --- a/docs/clusterfuzzlite/clusterfuzzlite.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -layout: default -title: ClusterFuzzLite -has_children: true -nav_order: 8 -permalink: /clusterfuzzlite/ -<!-- Hide for now by setting "published: false" --> -published: false ---- - -# ClusterFuzzLite -ClusterFuzzLite is a lightweight, easy-to-use, fuzzing infrastructure that is -based off [ClusterFuzz]. ClusterFuzzLite is designed to run on [continuous integration] (CI) -systems, which means it is easy to set up and provides a familiar interface for -users. -Currently CIFuzz fully supports [GitHub Actions]. However ClusterFuzzLite is -designed so that supporting new CI systems is trivial and core features can be -used on any CI system without any additional effort. - -See [Overview] for a more detailed description of how ClusterFuzzLite works and -how you can use it. - -[continous integration]: https://en.wikipedia.org/wiki/Continuous_integration -[fuzzing]: https://en.wikipedia.org/wiki/Fuzzing -[ClusterFuzz]: https://google.github.io/clusterfuzz/ -[GitHub Actions]: https://docs.github.com/en/actions -[Overview]: {{ site.baseurl }}/clusterfuzzlite/overview/ diff --git a/docs/clusterfuzzlite/overview.md b/docs/clusterfuzzlite/overview.md deleted file mode 100644 index 5e1e2497d..000000000 --- a/docs/clusterfuzzlite/overview.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -layout: default -parent: ClusterFuzzLite -title: Overview -nav_order: 1 -permalink: /clusterfuzzlite/overview/ ---- - -# Overview - -ClusterFuzzLite makes fuzzing more valuable by: -* Fuzzing continuously. -* Catching bugs before they land in your codebase by fuzzing pull - requests/commits. -* Providing coverage reports on which code is fuzzed. -* Managing your corpus, pruning it daily or a specified-interval. - -ClusterFuzzLite supports [libFuzzer], [AddressSanitizer], and -[UndefinedBehavior]. -ClusterFuzzLite is modular, so you can decide which features you want to use. -Using ClusterFuzzLite entails two major steps: -1. [Integrating with ClusterFuzzLite's build system] so ClusterFuzzLite can - build your project's fuzzers. -2. [Running ClusterFuzzLite]. -[libFuzzer]: https://libfuzzer.info -[AddressSanitizer]: https://clang.llvm.org/docs/AddressSanitizer.html -[UndefinedBehaviorSanitizer]: https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html -[Integrating with ClusterFuzzLite's build system]: {{ site.baseurl }}/clusterfuzzlite/build-integration/ -[Running ClusterFuzzLite]: {{ site.baseurl }}/clusterfuzzlite/running-clusterfuzzlite/ diff --git a/docs/clusterfuzzlite/running-clusterfuzzlite/generic.md b/docs/clusterfuzzlite/running-clusterfuzzlite/generic.md deleted file mode 100644 index 045cd2438..000000000 --- a/docs/clusterfuzzlite/running-clusterfuzzlite/generic.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -layout: default -parent: Running ClusterFuzzLite -grand_parent: ClusterFuzzLite -title: Running ClusterFuzzLite in a Generic Environment -nav_order: 2 -permalink: /clusterfuzzlite/running-clusterfuzzlite/generic/ ---- - -# Running ClusterFuzzLite in a Generic Environment -TODO: Rename run_cifuzz.py to run_clusterfuzzlite.py - -This page describes how to run clusterfuzzlite using the run_clusterfuzzlite.py -script, a low level script that is used by CI systems to run ClusterFuzzLite. -This guide is useful if you want to run ClusterFuzzLite outside of CI or if you -want to run it on a CI system that isn't supported yet. -TODO diff --git a/docs/clusterfuzzlite/running-clusterfuzzlite/github_actions.md b/docs/clusterfuzzlite/running-clusterfuzzlite/github_actions.md deleted file mode 100644 index 430f67526..000000000 --- a/docs/clusterfuzzlite/running-clusterfuzzlite/github_actions.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -layout: default -parent: Running ClusterFuzzLite -grand_parent: ClusterFuzzLite -title: GitHub Actions -nav_order: 1 -permalink: /clusterfuzzlite/running-clusterfuzzlite/github-actions/ ---- - -# GitHub Actions - -TODO diff --git a/docs/clusterfuzzlite/running_clusterfuzzlite.md b/docs/clusterfuzzlite/running_clusterfuzzlite.md deleted file mode 100644 index 068fc03eb..000000000 --- a/docs/clusterfuzzlite/running_clusterfuzzlite.md +++ /dev/null @@ -1,101 +0,0 @@ ---- -layout: default -parent: ClusterFuzzLite -title: Running ClusterFuzzLite -has_children: true -nav_order: 3 -permalink: /clusterfuzzlite/running-clusterfuzzlite/ ---- -# Running ClusterFuzzLite -{: .no_toc} - -- TOC -{:toc} ---- - -## Overview -TODO: add a diagram. - -Once your project's fuzzers can be built and run by the helper script, it is -ready to be fuzzed by ClusterFuzzLite. -The exact method for doing this will depend on the how you are running -ClusterFuzzLite. For guides on how to run ClusterFuzzLite in your particular -environment (e.g. GitHub Actions) see the subguides. -The rest of this page will explain concepts configuration options and that are -agnostic to how ClusterFuzzLite is being run. - -## ClusterFuzzLite Tasks - -ClusterFuzzLite has the concept of tasks which instruct ClusterFuzzLite what to -do when running. - -### Code Review Fuzzing - -TODO(metzman): Work on a generic name for CIFuzz/PR fuzzing. - -One of the core ways for ClusterFuzzLite to be used is for fuzzing code that is -in review that was just commited. -This use-case is important because it allows ClusterFuzzLite to find bugs before -they are commited into your code and while they are easiest to fix. -To use Code Review Fuzzing, set the configuration option `clusterfuzzlite-task` -to `code-review`. -If you are familiar with OSS-Fuzz's CIFuzz, this task is similar to CIFuzz. -Running other ClusterFuzzLite tasks enhances ClusterFuzzLite's ability to do -Code Review Fuzzing. - -If [Batch Fuzzing] is enabled, Code Review Fuzzing will report only newly -introduced bugs and use the corpus developed during batch fuzzing. -If [Code Coverage Reporting] is enabled, Code Review Fuzzing will try to only -run the fuzzers affected by the code change. - -### Batch Fuzzing - -ClusterFuzzLite can also run in a batch fuzzing mode where all fuzzers are run -for a long amount of time. Unlike Code Review Fuzzing, this task is not meant to -be interactive, it is meant to be long-lasting and generally is more similar to -fuzzing in ClusterFuzz than Code Review Fuzzing. Batch Fuzzing allows -ClusterFuzzLite to build up a corpus for each of your fuzz targets. This corpus -will be used in Code Coverage Reporting as well as Code Review Fuzzing. - -### Corpus Prune - -If multiple Batch Fuzzing tasks are run concurrently then we strongly recommend -running a pruning task as well. This task is run according to some set schedule -(once a day is probably sufficient) to prune the corpus of redundant testcases, -which can happen if multiple Batch Fuzzing jobs are done concurrently. - -### Code Coverage Report - -The last task ClusterFuzzLite offers is Code Coverage Reports. This task will -run your fuzzers on the corpus developed during Batch Fuzzing and will generate -an HTML report that shows you which part of your code is covered by batch -fuzzing. - -## Configuration Options - -Below are some configuration options that you can set when running -ClusterFuzzLite. -We will explain how to set these in each of the subguides. - -`language`: (optional) The language your target program is written in. Defaults -to `c++`. This should be the same as the value you set in `project.yaml`. See -[this explanation]({{ site.baseurl }}//getting-started/new-project-guide/#language) -for more details. - -`fuzz-time`: Determines how long ClusterFuzzLite spends fuzzing your project in -seconds. The default is 600 seconds. - -`sanitizer`: Determines a sanitizer to build and run fuzz targets with. The -choices are `'address'`, and `'undefined'`. The default is `'address'`. - -`task`: The task for ClusterFuzzLite to execute. `code-review` -by default. See [ClusterFuzzLite Tasks] for more details on how to run different -tasks. -TODO(metzman): change run_fuzzers_mode to this. - -`dry-run`: Determines if ClusterFuzzLite surfaces bugs/crashes. The default -value is `false`. When set to `true`, ClusterFuzzLite will never report a -failure even if it finds a crash in your project. This requires the user to -manually check the logs for detected bugs. - -TODO(metzman): We probably want a TOC on this page for subguides. diff --git a/docs/further-reading/clusterfuzz.md b/docs/further-reading/clusterfuzz.md index 308882c2d..92d85ff4c 100644 --- a/docs/further-reading/clusterfuzz.md +++ b/docs/further-reading/clusterfuzz.md @@ -46,7 +46,7 @@ information, memory usage) on our fuzzer statistics dashboard. We provide coverage reports, where we highlight the parts of source code that are being reached by your fuzz target. Make sure to look at the uncovered code -marked in red and add appropriate fuzz targets to cover those use cases. +marked in red and add appropriate fuzz targets to cover those usecases.   diff --git a/docs/further-reading/fuzzer_environment.md b/docs/further-reading/fuzzer_environment.md index c42bf454e..7c527ec32 100644 --- a/docs/further-reading/fuzzer_environment.md +++ b/docs/further-reading/fuzzer_environment.md @@ -9,7 +9,8 @@ permalink: /further-reading/fuzzer-environment/ # Fuzzer environment on ClusterFuzz Your fuzz targets will be run on a -[Google Compute Engine](https://cloud.google.com/compute/) VM (Linux). +[Google Compute Engine](https://cloud.google.com/compute/) VM (Linux) with some +[security restrictions](https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-runner/run_minijail). - TOC {:toc} @@ -42,7 +43,7 @@ We strongly recommend static linking because it just works. However dynamic linking can work if shared objects are included in the `$OUT` directory and are loaded relative to `'$ORIGIN'`, the path of the binary (see the discussion of `'$ORIGIN'` [here](http://man7.org/linux/man-pages/man8/ld.so.8.html)). A fuzzer can be instructed to load libraries relative to `'$ORIGIN'` during compilation (i.e. `-Wl,-rpath,'$ORIGIN/lib'` ) -or afterwards using `chrpath -r '$ORIGIN/lib' $OUT/$fuzzerName` ([example](https://github.com/google/oss-fuzz/blob/09aa9ac556f97bd4e31928747eca0c8fed42509f/projects/php/build.sh#L40)). Note that `'$ORIGIN'` should be surrounded +or afterwards using `chrpath -r '$ORIGIN/lib' $OUT/$fuzzerName` ([example](https://github.com/google/oss-fuzz/blob/09aa9ac556f97bd4e31928747eca0c8fed42509f/projects/php/build.sh#L40)). Note that `'$ORIGIN'` should be surronded by single quotes because it is not an environment variable like `$OUT` that can be retrieved during execution of `build.sh`. Its value is retrieved during execution of the binary. You can verify that you did this correctly using `ldd <fuzz_target_name>` and the `check_build` command in `infra/helper.py`. diff --git a/docs/getting-started/accepting_new_projects.md b/docs/getting-started/accepting_new_projects.md index 898d68bce..b0ae1f989 100644 --- a/docs/getting-started/accepting_new_projects.md +++ b/docs/getting-started/accepting_new_projects.md @@ -19,12 +19,12 @@ with a new `projects/<project_name>/project.yaml` file **Note:** `project_name` can only contain alphanumeric characters, underscores(_) or dashes(-). 2. In the file, provide the following information: - * Your project's homepage. - * An email address for the engineering contact to be CCed on new issues, satisfying the following: - * The address belongs to an established project committer (according to VCS logs). + - Your project's homepage. + - An email address for the engineering contact to be CCed on new issues, satisfying the following: + - The address belongs to an established project committer (according to VCS logs). If the address isn't you, or if the address differs from VCS, we'll require an informal email verification. - * The address is associated with a Google account + - The address is associated with a Google account ([why?]({{ site.baseurl }}/faq/#why-do-you-require-a-google-account-for-authentication)). If you use an alternate email address [linked to a Google Account](https://support.google.com/accounts/answer/176347?hl=en), diff --git a/docs/getting-started/continuous_integration.md b/docs/getting-started/continuous_integration.md index 7a6a305bb..88e6e4b15 100644 --- a/docs/getting-started/continuous_integration.md +++ b/docs/getting-started/continuous_integration.md @@ -21,11 +21,11 @@ If CIFuzz finds a crash, CIFuzz reports the stacktrace, makes the crashing input available for download and the CI test fails (red X). If CIFuzz doesn't find a crash during the allotted time, the CI test passes -(green check). If CIFuzz finds a crash, it reports the crash only if both of following are true: -* The crash is reproducible (on the PR/commit build). -* The crash does not occur on older OSS-Fuzz builds. (If the crash does occur - on older builds, then it was not introduced by the PR/commit - being tested.) +(green check). If CIFuzz finds a crash, it reports the crash only: +* If the crash is reproducible (on the PR/commit build). +* If the crash does not occur on older OSS-Fuzz builds. Because if it does occur + on older builds that means the crash was not introduced by the PR/commit + CIFuzz is testing. If your project supports [OSS-Fuzz's code coverage]({{ site.baseurl }}/advanced-topics/code-coverage), CIFuzz only runs the fuzzers affected by a pull request/commit. @@ -39,7 +39,6 @@ fuzzing more effective and gives you regression testing for free. 1. Your project must be integrated with OSS-Fuzz. 1. Your project is hosted on GitHub. -1. Your repository needs to be cloned with `git` in oss-fuzz Dockerfile (do not use `go get` or other methods) ## Integrating into your repository diff --git a/docs/getting-started/new-project-guide/bazel.md b/docs/getting-started/new-project-guide/bazel.md index 4af640e42..45b942fee 100644 --- a/docs/getting-started/new-project-guide/bazel.md +++ b/docs/getting-started/new-project-guide/bazel.md @@ -28,7 +28,7 @@ For Bazel-based projects, we recommend using the for defining fuzz tests. `rules_fuzzing` provides support for building and running fuzz tests under [multiple sanitizer and fuzzing engine configurations][rules-fuzzing-usage]. -It also supports specifying corpora and dictionaries as part of the fuzz test +It also supports specifying corpora and dictionaires as part of the fuzz test definition. The fuzzing rules provide out-of-the-box support for building and packaging fuzz @@ -84,12 +84,12 @@ OSS-Fuzz provides a tool that implements these steps in a standard way, so in most cases your build script only needs to invoke this command with no arguments. -If necessary, the behavior of the tool can be customized through a set of +If necessary, the behavior of the tool can be customized though a set of environment variables. The most common are: * `BAZEL_EXTRA_BUILD_FLAGS` are extra build flags passed on the Bazel command line. -* `BAZEL_FUZZ_TEST_TAG` and `BAZEL_FUZZ_TEST_EXCLUDE_TAG` can be overridden to +* `BAZEL_FUZZ_TEST_TAG` and `BAZEL_FUZZ_TEST_EXCLUDE_TAG` can be overriden to specify which target tags to use when determining what fuzz tests to include. By default, the tool selects all the fuzz tests except for those tagged as `"no-oss-fuzz"`. diff --git a/docs/getting-started/new-project-guide/go_lang.md b/docs/getting-started/new-project-guide/go_lang.md index f64e6913c..600a66665 100644 --- a/docs/getting-started/new-project-guide/go_lang.md +++ b/docs/getting-started/new-project-guide/go_lang.md @@ -59,8 +59,6 @@ sanitizers: ### Dockerfile -The Dockerfile should start by `FROM gcr.io/oss-fuzz-base/base-builder-go` - The OSS-Fuzz builder image has the latest stable release of Golang installed. In order to install dependencies of your project, add `RUN git clone ...` command to your Dockerfile. diff --git a/docs/getting-started/new-project-guide/jvm_lang.md b/docs/getting-started/new-project-guide/jvm_lang.md index 5d25d3cbd..19e4ecbfe 100644 --- a/docs/getting-started/new-project-guide/jvm_lang.md +++ b/docs/getting-started/new-project-guide/jvm_lang.md @@ -50,9 +50,8 @@ language: jvm ``` The only supported fuzzing engine is libFuzzer (`libfuzzer`). So far the only -supported sanitizers are AddressSanitizer (`address`) and -UndefinedBehaviorSanitizer (`undefined`). For pure Java projects, specify -just `address`: +supported sanitizer is AddressSanitizer (`address`), which needs to be +specified explicitly even for pure Java projects. ```yaml fuzzing_engines: @@ -63,8 +62,6 @@ sanitizers: ### Dockerfile -The Dockerfile should start by `FROM gcr.io/oss-fuzz-base/base-builder-jvm` - The OSS-Fuzz base Docker images already come with OpenJDK 15 pre-installed. If you need Maven to build your project, you can install it by adding the following line to your Dockerfile: @@ -138,16 +135,12 @@ LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \ \$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \ --cp=$RUNTIME_CLASSPATH \ --target_class=$fuzzer_basename \ ---jvm_args=\"-Xmx2048m;-Djava.awt.headless=true\" \ +--jvm_args=\"-Xmx2048m\" \ \$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename + chmod u+x $OUT/$fuzzer_basename done ``` -The [java-example](https://github.com/google/oss-fuzz/blob/master/projects/java-example/build.sh) -project contains an example of a `build.sh` for Java projects with native -libraries. - ## FuzzedDataProvider Jazzer provides a `FuzzedDataProvider` that can simplify the task of creating a diff --git a/docs/getting-started/new-project-guide/python_lang.md b/docs/getting-started/new-project-guide/python_lang.md index 117441029..da147803a 100644 --- a/docs/getting-started/new-project-guide/python_lang.md +++ b/docs/getting-started/new-project-guide/python_lang.md @@ -57,8 +57,6 @@ sanitizers: ### Dockerfile -The Dockerfile should start by `FROM gcr.io/oss-fuzz-base/base-builder-python` - Because most dependencies are already pre-installed on the images, no significant changes are needed in the Dockerfile for Python fuzzing projects. You should simply clone the project, set a `WORKDIR`, and copy any necessary @@ -99,7 +97,7 @@ this_dir=\$(dirname \"\$0\") LD_PRELOAD=\$this_dir/sanitizer_with_fuzzer.so \ ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \ \$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename + chmod u+x $OUT/$fuzzer_basename done ``` diff --git a/docs/getting-started/new-project-guide/rust_lang.md b/docs/getting-started/new-project-guide/rust_lang.md index 11a3b5115..c28dd7618 100644 --- a/docs/getting-started/new-project-guide/rust_lang.md +++ b/docs/getting-started/new-project-guide/rust_lang.md @@ -61,8 +61,6 @@ fuzzing_engines: ### Dockerfile -The Dockerfile should start by `FROM gcr.io/oss-fuzz-base/base-builder-rust` - The OSS-Fuzz builder image has the latest nightly release of Rust as well as `cargo fuzz` pre-installed and in `PATH`. In the `Dockerfile` for your project all you'll need to do is fetch the latest copy of your code and install any @@ -102,47 +100,3 @@ do cp $FUZZ_TARGET_OUTPUT_DIR/$FUZZ_TARGET_NAME $OUT/ done ``` - -## Writing fuzzers using a test-style strategy - -In Rust you will often have tests written in a way so they are only -compiled into the final binary when build in test-mode. This is, achieved by -wrapping your test code in `cfg(test)`, e.g. -```rust -#[cfg(test)] -mod tests { - use super::*; - - ... -``` - -Cargo-fuzz automatically enables the `fuzzing` feature, which means you can -follow a similar strategy to writing fuzzers as you do when writing tests. -Specifically, you can create modules wrapped in the `fuzzing` feature: -```rust -#[cfg(fuzzing)] -pub mod fuzz_logic { - use super::*; - - ... -``` -and then call the logic within `fuzz_logic` from your fuzzer. - -Furthermore, within your `.toml` files, you can then specify fuzzing-specific -depedencies by wrapping them as follows: -``` -[target.'cfg(fuzzing)'.dependencies] -``` -similar to how you wrap test-dependencies as follows: -``` -[dev-dependencies] -``` - -Finally, you can also combine the testing logic you have and the fuzz logic. This -can be achieved simply by using -```rust -#[cfg(any(test, fuzzing))] -``` - -A project that follows this structure is Linkerd2-proxy and the project files can be -seen [here](https://github.com/google/oss-fuzz/tree/master/projects/linkerd2-proxy). diff --git a/docs/getting-started/new-project-guide/swift.md b/docs/getting-started/new-project-guide/swift.md deleted file mode 100644 index dbb127b03..000000000 --- a/docs/getting-started/new-project-guide/swift.md +++ /dev/null @@ -1,78 +0,0 @@ ---- -layout: default -title: Integrating a Swift project -parent: Setting up a new project -grand_parent: Getting started -nav_order: 1 -permalink: /getting-started/new-project-guide/swift/ ---- - -# Integrating a Swift project -{: .no_toc} - -- TOC -{:toc} ---- - -The process of integrating a project written in Swift with OSS-Fuzz is very similar -to the general -[Setting up a new project]({{ site.baseurl }}/getting-started/new-project-guide/) -process. The key specifics of integrating a Swift project are outlined below. - -## Project files - -First, you need to write a Swift fuzz target that accepts a stream of bytes and -calls the program API with that. This fuzz target should reside in your project -repository. - -The structure of the project directory in OSS-Fuzz repository doesn't differ for -projects written in Swift. The project files have the following Swift specific -aspects. - -### project.yaml - -The `language` attribute must be specified. - -```yaml -language: swift -``` - -The only supported fuzzing engine is `libfuzzer` - -The supported sanitizers are and `address`, `thread` - -[Example](https://github.com/google/oss-fuzz/blob/2a15c3c88b21f4f1be2a7ff115f72bd7a08e34ac/projects/swift-nio/project.yaml#L9): - -```yaml -fuzzing_engines: - - libfuzzer -sanitizers: - - address - - thread -``` - -### Dockerfile - -The Dockerfile should start by `FROM gcr.io/oss-fuzz-base/base-builder-swift` -instead of using the simple base-builder - -### build.sh - -A `precompile_swift` generates an environment variable `SWIFTFLAGS` -This can then be used in the building command such as `swift build -c release $SWIFTFLAGS` - - -A usage example from swift-protobuf project is - -```sh -. precompile_swift -# build project -cd FuzzTesting -swift build -c debug $SWIFTFLAGS - -( -cd .build/debug/ -find . -maxdepth 1 -type f -name "*Fuzzer" -executable | while read i; do cp $i $OUT/"$i"-debug; done -) - -``` diff --git a/docs/getting-started/new_project_guide.md b/docs/getting-started/new_project_guide.md index 7ac0d2ae0..d2a7d805b 100644 --- a/docs/getting-started/new_project_guide.md +++ b/docs/getting-started/new_project_guide.md @@ -50,10 +50,10 @@ project is located in [`projects/boringssl`](https://github.com/google/oss-fuzz/ Each project directory also contains the following three configuration files: -* [project.yaml](#projectyaml) - provides metadata about the project. -* [Dockerfile](#dockerfile) - defines the container environment with information +* [project.yaml](#project.yaml) - provides metadata about the project. +* [Dockerfile](#Dockerfile) - defines the container environment with information on dependencies needed to build the project and its [fuzz targets]({{ site.baseurl }}/reference/glossary/#fuzz-target). -* [build.sh](#buildsh) - defines the build script that executes inside the Docker container and +* [build.sh](#build.sh) - defines the build script that executes inside the Docker container and generates the project build. You can automatically create a new directory for your project in OSS-Fuzz and @@ -63,15 +63,14 @@ by running the following commands: ```bash $ cd /path/to/oss-fuzz $ export PROJECT_NAME=<project_name> -$ export LANGUAGE=<project_language> -$ python infra/helper.py generate $PROJECT_NAME --language=$LANGUAGE +$ python infra/helper.py generate $PROJECT_NAME ``` Once the template configuration files are created, you can modify them to fit your project. **Note:** We prefer that you keep and maintain [fuzz targets]({{ site.baseurl }}/reference/glossary/#fuzz-target) in your own source code repository. If this isn't possible, you can store them inside the OSS-Fuzz project directory you created. -## project.yaml {#projectyaml} +## project.yaml This configuration file stores project metadata. The following attributes are supported: @@ -99,7 +98,6 @@ Programming language the project is written in. Values you can specify include: * [`rust`]({{ site.baseurl }}//getting-started/new-project-guide/rust-lang/) * [`python`]({{ site.baseurl }}//getting-started/new-project-guide/python-lang/) * [`jvm` (Java, Kotlin, Scala and other JVM-based languages)]({{ site.baseurl }}//getting-started/new-project-guide/jvm-lang/) -* [`swift`]({{ site.baseurl }}//getting-started/new-project-guide/swift/) ### primary_contact, auto_ccs {#primary} The primary contact and list of other contacts to be CCed. Each person listed gets access to ClusterFuzz, including crash reports and fuzzer statistics, and are auto-cced on new bugs filed in the OSS-Fuzz @@ -123,11 +121,9 @@ sanitizers (currently ["address"](https://clang.llvm.org/docs/AddressSanitizer.h [MemorySanitizer](https://clang.llvm.org/docs/MemorySanitizer.html) ("memory") is also supported and recommended, but is not enabled by default due to the likelihood of false positives from -un-instrumented system dependencies. -If you want to use "memory," please build all libraries your project needs using -MemorySanitizer. -This can be done by building them with the compiler flags provided during -MemorySanitizer builds. +un-instrumented system dependencies. If you want to use "memory," first make sure your project's +runtime dependencies are listed in the OSS-Fuzz +[msan-libs-builder Dockerfile](https://github.com/google/oss-fuzz/blob/master/infra/base-images/msan-libs-builder/Dockerfile#L20). Then, you can opt in by adding "memory" to your list of sanitizers. If your project does not build with a particular sanitizer configuration and you need some time to fix @@ -173,11 +169,6 @@ On the testcase page of each oss-fuzz issue is a list of other jobs where the cr Fuzzing on i386 is not enabled by default because many projects won't build for i386 without some modification to their OSS-Fuzz build process. For example, you will need to link against `$LIB_FUZZING_ENGINE` and possibly install i386 dependencies within the x86_64 docker image ([for example](https://github.com/google/oss-fuzz/blob/5b8dcb5d942b3b8bc173b823fb9ddbdca7ec6c99/projects/gdal/build.sh#L18)) to get things working. -### fuzzing_engines (optional) {#fuzzing_engines} -The list of fuzzing engines to use. -By default, `libfuzzer`, `afl`, and `honggfuzz` are used. It is recommended to -use all of them if possible. `libfuzzer` is required by OSS-Fuzz. - ### help_url (optional) {#help_url} A link to a custom help URL that appears in bug reports instead of the default [OSS-Fuzz guide to reproducing crashes]({{ site.baseurl }}/advanced-topics/reproducing/). This can be useful if you assign @@ -196,9 +187,9 @@ builds_per_day: 2 Will build the project twice per day. -## Dockerfile {#dockerfile} +## Dockerfile -This configuration file defines the Docker image for your project. Your [build.sh](#buildsh) script will be executed in inside the container you define. +This configuration file defines the Docker image for your project. Your [build.sh](#build.sh) script will be executed in inside the container you define. For most projects, the image is simple: ```docker FROM gcr.io/oss-fuzz-base/base-builder # base image with clang toolchain @@ -209,22 +200,12 @@ COPY build.sh fuzzer.cc $SRC/ # copy build script and other fuzze ``` In the above example, the git clone will check out the source to `$SRC/<checkout_dir>`. -Depending on your project's language, you will use a different base image, -for instance `FROM gcr.io/oss-fuzz-base/base-builder-go` for golang. - For an example, see [expat/Dockerfile](https://github.com/google/oss-fuzz/tree/master/projects/expat/Dockerfile) or [syzkaller/Dockerfile](https://github.com/google/oss-fuzz/blob/master/projects/syzkaller/Dockerfile). -In the case of a project with multiple languages/toolchains needed, -you can run installation scripts `install_lang.sh` where lang is the language needed. -You also need to setup environment variables needed by this toolchain, for example `GOPATH` is needed by golang. -For an example, see -[ecc-diff-fuzzer/Dockerfile](https://github.com/google/oss-fuzz/blob/master/projects/ecc-diff-fuzzer/Dockerfile). -where we use `base-builder-rust`and install golang - -## build.sh {#buildsh} +## build.sh This file defines how to build binaries for [fuzz targets]({{ site.baseurl }}/reference/glossary/#fuzz-target) in your project. The script is executed within the image built from your [Dockerfile](#Dockerfile). @@ -267,8 +248,11 @@ alphanumeric characters, underscore(_) or dash(-). Otherwise, they won't run on ### Temporarily disabling code instrumentation during builds -In some cases, it's not necessary to instrument every 3rd party library or tool that supports the build target. Use the following snippet to build tools or libraries without instrumentation: +Sometimes not every 3rd party library might be needed to be instrumented or +tools are being compiled that just support the target built. +If for any reasons part of the build process should not be instrumented +then the following code snippit can be used for this: ``` CFLAGS_SAVE="$CFLAGS" @@ -325,14 +309,6 @@ pass them manually to the build tool. See the [Provided Environment Variables](https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-builder/README.md#provided-environment-variables) section in `base-builder` image documentation for more details. -### Static and dynamic linking of libraries -The `build.sh` should produce fuzzers that are statically linked. This is because the -fuzzer build environment is different to the fuzzer runtime environment and if your -project depends on third party libraries then it is likely they will not be present -in the execution environment. Thus, any shared libraries you may install or compile in -`build.sh` or `Dockerfile` will not be present in the fuzzer runtime environment. There -are exceptions to this rule, and for further information on this please see the [fuzzer environment]({{ site.baseurl }}/further-reading/fuzzer-environment/) page. - ## Disk space restrictions Our builders have a disk size of 250GB (this includes space taken up by the OS). Builds must keep peak disk usage below this. @@ -390,8 +366,9 @@ information on code coverage generation. **Note:** Currently, we only support AddressSanitizer (address) and UndefinedBehaviorSanitizer (undefined) -configurations by default. -MemorySanitizer is recommended, but needs to be enabled manually since you must build all runtime dependencies with MemorySanitizer. +configurations. MemorySanitizer is recommended, but needs to be enabled manually once you verify +that all system dependencies are +[instrumented](https://github.com/google/oss-fuzz/blob/master/infra/base-images/msan-libs-builder/Dockerfile#L20). <b>Make sure to test each of the supported build configurations with the above commands (build_fuzzers -> run_fuzzer -> coverage).</b> @@ -410,13 +387,12 @@ following ways: ### Seed Corpus -Most fuzzing engines use evolutionary fuzzing algorithms. Supplying a seed -corpus consisting of good sample inputs is one of the best ways to improve [fuzz -target]({{ site.baseurl }}/reference/glossary/#fuzz-target)'s coverage. +OSS-Fuzz uses evolutionary fuzzing algorithms. Supplying seed corpus consisting +of good sample inputs is one of the best ways to improve [fuzz target]({{ site.baseurl }}/reference/glossary/#fuzz-target)'s coverage. To provide a corpus for `my_fuzzer`, put `my_fuzzer_seed_corpus.zip` file next to the [fuzz target]({{ site.baseurl }}/reference/glossary/#fuzz-target)'s binary in `$OUT` during the build. Individual files in this -archive will be used as starting inputs for mutations. The name of each file in the corpus is the sha1 checksum (which you can get using the `sha1sum` or `shasum` command) of its contents. You can store the corpus +archive will be used as starting inputs for mutations. The name of each file in the corpus is the sha1 checksum (which you can get using the `sha1sum` or `shasum` comand) of its contents. You can store the corpus next to source files, generate during build or fetch it using curl or any other tool of your choice. (example: [boringssl](https://github.com/google/oss-fuzz/blob/master/projects/boringssl/build.sh#L41)). @@ -425,7 +401,7 @@ Seed corpus files will be used for cross-mutations and portions of them might ap in bug reports or be used for further security research. It is important that corpus has an appropriate and consistent license. -OSS-Fuzz only: See also [Accessing Corpora]({{ site.baseurl }}/advanced-topics/corpora/) for information about getting access to the corpus we are currently using for your fuzz targets. +See also [Accessing Corpora]({{ site.baseurl }}/advanced-topics/corpora/) for information about getting access to the corpus we are currently using for your fuzz targets. ### Dictionaries diff --git a/docs/index.md b/docs/index.md index 989836cf6..c372e77f0 100644 --- a/docs/index.md +++ b/docs/index.md @@ -56,9 +56,9 @@ other resources are listed on the [useful links] page. [useful links]: {{ site.baseurl }}/reference/useful-links/#tutorials ## Trophies -As of June 2021, OSS-Fuzz has found over [30,000] bugs in [500] open source +As of January 2021, OSS-Fuzz has found over [25,000] bugs in [375] open source projects. -[30,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=-status%3AWontFix%2CDuplicate%20-component%3AInfra&can=1 -[500]: https://github.com/google/oss-fuzz/tree/master/projects +[25,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=-status%3AWontFix%2CDuplicate%20-component%3AInfra&can=1 +[375]: https://github.com/google/oss-fuzz/tree/master/projects diff --git a/docs/oss-fuzz/architecture.md b/docs/oss-fuzz/architecture.md index c4b13fb16..56ff29620 100644 --- a/docs/oss-fuzz/architecture.md +++ b/docs/oss-fuzz/architecture.md @@ -16,7 +16,7 @@ one or more [fuzz targets](http://libfuzzer.info/#fuzz-target) and [integrates]({{ site.baseurl }}/advanced-topics/ideal-integration/) them with the project's build and test system. 1. The project is [accepted to OSS-Fuzz]({{ site.baseurl }}/getting-started/accepting-new-projects/) and the developer commits their build configurations. -1. The OSS-Fuzz [builder](https://github.com/google/oss-fuzz/tree/master/infra/build) builds the project from the committed configs. +1. The OSS-Fuzz [builder](jenkins.io) builds the project from the committed configs. 1. The builder uploads the fuzz targets to the OSS-Fuzz GCS bucket. 1. [ClusterFuzz]({{ site.baseurl }}/further-reading/clusterfuzz) downloads the fuzz targets and begins to fuzz the projects. 1. When Clusterfuzz finds a diff --git a/docs/reference/glossary.md b/docs/reference/glossary.md index da6da5aa5..7b12995c1 100644 --- a/docs/reference/glossary.md +++ b/docs/reference/glossary.md @@ -92,7 +92,7 @@ These flags can be overridden by specifying `$SANITIZER_FLAGS` directly. You can choose which configurations to automatically run your fuzzers with in `project.yaml` file (e.g. [sqlite3](https://github.com/google/oss-fuzz/tree/master/projects/sqlite3/project.yaml)). ### Architectures -ClusterFuzz supports fuzzing on x86_64 (aka x64) by default. However you can also fuzz using AddressSanitizer and libFuzzer on i386 (aka x86, or 32 bit) by specifying the `$ARCHITECTURE` build environment variable using the `--architecture` option: +ClusterFuzz supports fuzzing on x86_64 (aka x64) by default. However you can also fuzz using AddressSanitizer and libFuzzer on i386 (aka x86, or 32 bit) by specifiying the `$ARCHITECTURE` build environment variable using the `--architecture` option: ```bash python infra/helper.py build_fuzzers --architecture i386 json diff --git a/infra/base-images/all.sh b/infra/base-images/all.sh index 8b3571083..6d012d5aa 100755 --- a/infra/base-images/all.sh +++ b/infra/base-images/all.sh @@ -17,11 +17,6 @@ docker build --pull -t gcr.io/oss-fuzz-base/base-image "$@" infra/base-images/base-image docker build -t gcr.io/oss-fuzz-base/base-clang "$@" infra/base-images/base-clang -docker build -t gcr.io/oss-fuzz-base/base-builder "$@" infra/base-images/base-builder -docker build -t gcr.io/oss-fuzz-base/base-builder-go "$@" infra/base-images/base-builder-go -docker build -t gcr.io/oss-fuzz-base/base-builder-jvm "$@" infra/base-images/base-builder-jvm -docker build -t gcr.io/oss-fuzz-base/base-builder-python "$@" infra/base-images/base-builder-python -docker build -t gcr.io/oss-fuzz-base/base-builder-rust "$@" infra/base-images/base-builder-rust -docker build -t gcr.io/oss-fuzz-base/base-builder-swift "$@" infra/base-images/base-builder-swift +docker build -t gcr.io/oss-fuzz-base/base-builder -t gcr.io/oss-fuzz/base-libfuzzer "$@" infra/base-images/base-builder docker build -t gcr.io/oss-fuzz-base/base-runner "$@" infra/base-images/base-runner docker build -t gcr.io/oss-fuzz-base/base-runner-debug "$@" infra/base-images/base-runner-debug diff --git a/infra/base-images/base-builder-go/Dockerfile b/infra/base-images/base-builder-go/Dockerfile deleted file mode 100644 index 9d2c61502..000000000 --- a/infra/base-images/base-builder-go/Dockerfile +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder - -# Set up Golang environment variables (copied from /root/.bash_profile). -ENV GOPATH /root/go - -# /root/.go/bin is for the standard Go binaries (i.e. go, gofmt, etc). -# $GOPATH/bin is for the binaries from the dependencies installed via "go get". -ENV PATH $PATH:/root/.go/bin:$GOPATH/bin - -RUN install_go.sh - -# TODO(jonathanmetzman): Install this file using install_go.sh. -COPY ossfuzz_coverage_runner.go $GOPATH - diff --git a/infra/base-images/base-builder-go/ossfuzz_coverage_runner.go b/infra/base-images/base-builder-go/ossfuzz_coverage_runner.go deleted file mode 100644 index d433da246..000000000 --- a/infra/base-images/base-builder-go/ossfuzz_coverage_runner.go +++ /dev/null @@ -1,69 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package mypackagebeingfuzzed - -import ( - "io/ioutil" - "os" - "runtime/pprof" - "testing" -) - -func TestFuzzCorpus(t *testing.T) { - dir := os.Getenv("FUZZ_CORPUS_DIR") - if dir == "" { - t.Logf("No fuzzing corpus directory set") - return - } - infos, err := ioutil.ReadDir(dir) - if err != nil { - t.Logf("Not fuzzing corpus directory %s", err) - return - } - filename := "" - defer func() { - if r := recover(); r != nil { - t.Error("Fuzz panicked in "+filename, r) - } - }() - profname := os.Getenv("FUZZ_PROFILE_NAME") - if profname != "" { - f, err := os.Create(profname + ".cpu.prof") - if err != nil { - t.Logf("error creating profile file %s\n", err) - } else { - _ = pprof.StartCPUProfile(f) - } - } - for i := range infos { - filename = dir + infos[i].Name() - data, err := ioutil.ReadFile(filename) - if err != nil { - t.Error("Failed to read corpus file", err) - } - FuzzFunction(data) - } - if profname != "" { - pprof.StopCPUProfile() - f, err := os.Create(profname + ".heap.prof") - if err != nil { - t.Logf("error creating heap profile file %s\n", err) - } - if err = pprof.WriteHeapProfile(f); err != nil { - t.Logf("error writing heap profile file %s\n", err) - } - f.Close() - } -} diff --git a/infra/base-images/base-builder-rust/Dockerfile b/infra/base-images/base-builder-rust/Dockerfile deleted file mode 100644 index a4ec327b6..000000000 --- a/infra/base-images/base-builder-rust/Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder - -ENV CARGO_HOME=/rust -ENV RUSTUP_HOME=/rust/rustup -ENV PATH=$PATH:/rust/bin -# Set up custom environment variable for source code copy for coverage reports -ENV OSSFUZZ_RUSTPATH /rust - -RUN install_rust.sh diff --git a/infra/base-images/base-builder-swift/Dockerfile b/infra/base-images/base-builder-swift/Dockerfile deleted file mode 100644 index 2b063bb2f..000000000 --- a/infra/base-images/base-builder-swift/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder - -RUN install_swift.sh - -COPY precompile_swift /usr/local/bin/ diff --git a/infra/base-images/base-builder-swift/precompile_swift b/infra/base-images/base-builder-swift/precompile_swift deleted file mode 100755 index ab855a620..000000000 --- a/infra/base-images/base-builder-swift/precompile_swift +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -cp /usr/local/bin/llvm-symbolizer-swift $OUT/llvm-symbolizer - -export SWIFTFLAGS="-Xswiftc -parse-as-library -Xswiftc -static-stdlib --static-swift-stdlib" -if [ "$SANITIZER" = "coverage" ] -then - export SWIFTFLAGS="$SWIFTFLAGS -Xswiftc -profile-generate -Xswiftc -profile-coverage-mapping -Xswiftc -sanitize=fuzzer" -else - export SWIFTFLAGS="$SWIFTFLAGS -Xswiftc -sanitize=fuzzer,$SANITIZER --sanitize=$SANITIZER" - for f in $CFLAGS; do - export SWIFTFLAGS="$SWIFTFLAGS -Xcc=$f" - done - - for f in $CXXFLAGS; do - export SWIFTFLAGS="$SWIFTFLAGS -Xcxx=$f" - done -fi diff --git a/infra/base-images/base-builder/Dockerfile b/infra/base-images/base-builder/Dockerfile index 256e7be56..d802f247a 100644 --- a/infra/base-images/base-builder/Dockerfile +++ b/infra/base-images/base-builder/Dockerfile @@ -1,4 +1,4 @@ -# Copyright 2021 Google LLC +# Copyright 2016 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -61,15 +61,71 @@ RUN export PYTHON_DEPS="\ rm -rf /usr/local/lib/python3.8/test && \ apt-get remove -y $PYTHON_DEPS # https://github.com/google/oss-fuzz/issues/3888 -# Install six for Bazel rules. +# Install latest atheris for python fuzzing, pyinstaller for fuzzer packaging, +# six for Bazel rules. RUN unset CFLAGS CXXFLAGS && pip3 install -v --no-cache-dir \ - six==1.15.0 && rm -rf /tmp/* + atheris pyinstaller==4.1 six==1.15.0 && \ + rm -rf /tmp/* + +# Download and install the latest stable Go. +RUN cd /tmp && \ + curl -O https://storage.googleapis.com/golang/getgo/installer_linux && \ + chmod +x ./installer_linux && \ + SHELL="bash" ./installer_linux && \ + rm -rf ./installer_linux + +# Set up Golang environment variables (copied from /root/.bash_profile). +ENV GOPATH /root/go + +# /root/.go/bin is for the standard Go binaries (i.e. go, gofmt, etc). +# $GOPATH/bin is for the binaries from the dependencies installed via "go get". +ENV PATH $PATH:/root/.go/bin:$GOPATH/bin + +# Uses golang 1.14+ cmd/compile's native libfuzzer instrumentation. +RUN go get -u github.com/mdempsky/go114-fuzz-build && \ + ln -s $GOPATH/bin/go114-fuzz-build $GOPATH/bin/go-fuzz + +# Install Rust and cargo-fuzz for libFuzzer instrumentation. +ENV CARGO_HOME=/rust +ENV RUSTUP_HOME=/rust/rustup +ENV PATH=$PATH:/rust/bin +RUN curl https://sh.rustup.rs | sh -s -- -y --default-toolchain=nightly --profile=minimal +RUN cargo install cargo-fuzz && rm -rf /rust/registry +# Needed to recompile rust std library for MSAN +RUN rustup component add rust-src --toolchain nightly +# Set up custom environment variable for source code copy for coverage reports +ENV OSSFUZZ_RUSTPATH /rust # Install Bazel through Bazelisk, which automatically fetches the latest Bazel version. -ENV BAZELISK_VERSION 1.9.0 +ENV BAZELISK_VERSION 1.7.4 RUN curl -L https://github.com/bazelbuild/bazelisk/releases/download/v$BAZELISK_VERSION/bazelisk-linux-amd64 -o /usr/local/bin/bazel && \ chmod +x /usr/local/bin/bazel +# Install OpenJDK 15 and trim its size by removing unused components. +ENV JAVA_HOME=/usr/lib/jvm/java-15-openjdk-amd64 +ENV JVM_LD_LIBRARY_PATH=$JAVA_HOME/lib/server +ENV PATH=$PATH:$JAVA_HOME/bin +RUN cd /tmp && \ + curl -L -O https://download.java.net/java/GA/jdk15.0.2/0d1cfde4252546c6931946de8db48ee2/7/GPL/openjdk-15.0.2_linux-x64_bin.tar.gz && \ + mkdir -p $JAVA_HOME && \ + tar -xzv --strip-components=1 -f openjdk-15.0.2_linux-x64_bin.tar.gz --directory $JAVA_HOME && \ + rm -f openjdk-15.0.2_linux-x64_bin.tar.gz && \ + rm -rf $JAVA_HOME/jmods $JAVA_HOME/lib/src.zip + +# Install the latest Jazzer in $OUT. +# jazzer_api_deploy.jar is required only at build-time, the agent and the +# drivers are copied to $OUT as they need to be present on the runners. +ENV JAZZER_API_PATH "/usr/local/lib/jazzer_api_deploy.jar" +RUN cd $SRC/ && \ + git clone --depth=1 https://github.com/CodeIntelligenceTesting/jazzer && \ + cd jazzer && \ + bazel build --java_runtime_version=localjdk_15 -c opt --cxxopt="-stdlib=libc++" --linkopt=-lc++ \ + //agent:jazzer_agent_deploy.jar //driver:jazzer_driver //driver:jazzer_driver_asan //agent:jazzer_api_deploy.jar && \ + cp bazel-bin/agent/jazzer_agent_deploy.jar bazel-bin/driver/jazzer_driver bazel-bin/driver/jazzer_driver_asan /usr/local/bin/ && \ + cp bazel-bin/agent/jazzer_api_deploy.jar $JAZZER_API_PATH && \ + rm -rf ~/.cache/bazel ~/.cache/bazelisk && \ + rm -rf $SRC/jazzer + # Default build flags for various sanitizers. ENV SANITIZER_FLAGS_address "-fsanitize=address -fsanitize-address-use-after-scope" @@ -125,7 +181,7 @@ WORKDIR $SRC # TODO: switch to -b stable once we can. RUN git clone https://github.com/AFLplusplus/AFLplusplus.git aflplusplus && \ cd aflplusplus && \ - git checkout 4fe572b80f76ff0b0e916b639d1e04d5af48b157 + git checkout 2102264acf5c271b7560a82771b3af8136af9354 RUN cd $SRC && \ curl -L -O https://github.com/google/honggfuzz/archive/oss-fuzz.tar.gz && \ @@ -134,25 +190,14 @@ RUN cd $SRC && \ tar -xzv --strip-components=1 -f $SRC/oss-fuzz.tar.gz && \ rm -rf examples $SRC/oss-fuzz.tar.gz -# Do precompiles before copying other scripts for better cache efficiency. -COPY precompile_afl /usr/local/bin/ -RUN precompile_afl - -COPY precompile_honggfuzz /usr/local/bin/ -RUN precompile_honggfuzz - COPY cargo compile compile_afl compile_dataflow compile_libfuzzer compile_honggfuzz \ - compile_go_fuzzer debug_afl srcmap \ - write_labels.py bazel_build_fuzz_tests \ - # Go, java, and swift installation scripts. - install_go.sh \ - install_java.sh \ - install_python.sh \ - install_rust.sh \ - install_swift.sh \ - /usr/local/bin/ - -COPY llvmsymbol.diff $SRC + compile_go_fuzzer precompile_honggfuzz precompile_afl debug_afl srcmap \ + write_labels.py bazel_build_fuzz_tests /usr/local/bin/ + COPY detect_repo.py /opt/cifuzz/ +COPY ossfuzz_coverage_runner.go $GOPATH + +RUN precompile_honggfuzz +RUN precompile_afl CMD ["compile"] diff --git a/infra/base-images/base-builder/bazel_build_fuzz_tests b/infra/base-images/base-builder/bazel_build_fuzz_tests index dca79f3f2..86740ee01 100755 --- a/infra/base-images/base-builder/bazel_build_fuzz_tests +++ b/infra/base-images/base-builder/bazel_build_fuzz_tests @@ -22,17 +22,10 @@ : "${BAZEL_TOOL:=bazel}" : "${BAZEL_EXTRA_BUILD_FLAGS:=}" -if [ "$FUZZING_LANGUAGE" = "jvm" ]; then - BAZEL_LANGUAGE=java -else - BAZEL_LANGUAGE=cc -fi - if [[ -z "${BAZEL_FUZZ_TEST_QUERY:-}" ]]; then BAZEL_FUZZ_TEST_QUERY=" let all_fuzz_tests = attr(tags, \"${BAZEL_FUZZ_TEST_TAG}\", \"//...\") in - let lang_fuzz_tests = attr(generator_function, \"^${BAZEL_LANGUAGE}_fuzz_test\$\", \$all_fuzz_tests) in - \$lang_fuzz_tests - attr(tags, \"${BAZEL_FUZZ_TEST_EXCLUDE_TAG}\", \$lang_fuzz_tests) + \$all_fuzz_tests - attr(tags, \"${BAZEL_FUZZ_TEST_EXCLUDE_TAG}\", \$all_fuzz_tests) " fi @@ -49,10 +42,9 @@ done declare -r BAZEL_BUILD_FLAGS=( "-c" "opt" - "--@rules_fuzzing//fuzzing:cc_engine=@rules_fuzzing_oss_fuzz//:oss_fuzz_engine" \ + "--//fuzzing:cc_engine=@rules_fuzzing_oss_fuzz//:oss_fuzz_engine" \ "--@rules_fuzzing//fuzzing:cc_engine_instrumentation=oss-fuzz" \ "--@rules_fuzzing//fuzzing:cc_engine_sanitizer=none" \ - "--cxxopt=-stdlib=libc++" \ "--linkopt=-lc++" \ "--action_env=CC=${CC}" "--action_env=CXX=${CXX}" \ ${BAZEL_EXTRA_BUILD_FLAGS[*]} diff --git a/infra/base-images/base-builder/bisect_clang_test.py b/infra/base-images/base-builder/bisect_clang_test.py index a11bf8640..edf13e759 100644 --- a/infra/base-images/base-builder/bisect_clang_test.py +++ b/infra/base-images/base-builder/bisect_clang_test.py @@ -127,7 +127,7 @@ def create_mock_popen( return MockPopen -def mock_prepare_build_impl(llvm_project_path): # pylint: disable=unused-argument +def mock_prepare_build(llvm_project_path): # pylint: disable=unused-argument """Mocked prepare_build function.""" return '/work/llvm-build' @@ -138,7 +138,7 @@ class BuildClangTest(BisectClangTestMixin, unittest.TestCase): def test_build_clang_test(self): """Tests that build_clang works as intended.""" with mock.patch('subprocess.Popen', create_mock_popen()) as mock_popen: - with mock.patch('bisect_clang.prepare_build', mock_prepare_build_impl): + with mock.patch('bisect_clang.prepare_build', mock_prepare_build): llvm_src_dir = '/src/llvm-project' bisect_clang.build_clang(llvm_src_dir) self.assertEqual([['ninja', '-C', '/work/llvm-build', 'install']], @@ -170,13 +170,13 @@ class GitRepoTest(BisectClangTestMixin, unittest.TestCase): """Tests test_start_commit works as intended when the test returns an unexpected value.""" - def mock_execute_impl(command, *args, **kwargs): # pylint: disable=unused-argument + def mock_execute(command, *args, **kwargs): # pylint: disable=unused-argument if command == self.test_command: return returncode, '', '' return 0, '', '' - with mock.patch('bisect_clang.execute', mock_execute_impl): - with mock.patch('bisect_clang.prepare_build', mock_prepare_build_impl): + with mock.patch('bisect_clang.execute', mock_execute): + with mock.patch('bisect_clang.prepare_build', mock_prepare_build): with self.assertRaises(bisect_clang.BisectError): self.git.test_start_commit(commit, label, self.test_command) @@ -202,13 +202,13 @@ class GitRepoTest(BisectClangTestMixin, unittest.TestCase): expected value.""" command_args = [] - def mock_execute_impl(command, *args, **kwargs): # pylint: disable=unused-argument + def mock_execute(command, *args, **kwargs): # pylint: disable=unused-argument command_args.append(command) if command == self.test_command: return returncode, '', '' return 0, '', '' - with mock.patch('bisect_clang.execute', mock_execute_impl): + with mock.patch('bisect_clang.execute', mock_execute): self.git.test_start_commit(commit, label, self.test_command) self.assertEqual([ get_git_command('checkout', commit), self.test_command, @@ -247,13 +247,13 @@ class GitRepoTest(BisectClangTestMixin, unittest.TestCase): """Test test_commit works as intended.""" command_args = [] - def mock_execute_impl(command, *args, **kwargs): # pylint: disable=unused-argument + def mock_execute(command, *args, **kwargs): # pylint: disable=unused-argument command_args.append(command) if command == self.test_command: return returncode, output, '' return 0, output, '' - with mock.patch('bisect_clang.execute', mock_execute_impl): + with mock.patch('bisect_clang.execute', mock_execute): result = self.git.test_commit(self.test_command) self.assertEqual([self.test_command, get_git_command('bisect', label)], command_args) diff --git a/infra/base-images/base-builder/cargo b/infra/base-images/base-builder/cargo index c60c7611b..bed8e7660 100755 --- a/infra/base-images/base-builder/cargo +++ b/infra/base-images/base-builder/cargo @@ -27,7 +27,7 @@ then export RUSTFLAGS="$RUSTFLAGS --remap-path-prefix src=$crate_src_abspath/src" fi -if [ "$SANITIZER" = "coverage" ] && [ $1 = "fuzz" ] && [ $2 = "build" ] +if [ "$SANITIZER" = "coverage" ] && [ $1 = "fuzz" ] then # hack to turn cargo fuzz build into cargo build so as to get coverage # cargo fuzz adds "--target" "x86_64-unknown-linux-gnu" @@ -35,11 +35,7 @@ then # go into fuzz directory if not already the case cd fuzz || true fuzz_src_abspath=`pwd` - # Default directory is fuzz_targets, but some projects like image-rs use fuzzers. - while read i; do - export RUSTFLAGS="$RUSTFLAGS --remap-path-prefix $i=$fuzz_src_abspath/$i" - # Bash while syntax so that we modify RUSTFLAGS in main shell instead of a subshell. - done <<< "$(ls */*.rs | cut -d/ -f1 | uniq)" + export RUSTFLAGS="$RUSTFLAGS --remap-path-prefix fuzz_targets=$fuzz_src_abspath/fuzz_targets" # we do not want to trigger debug assertions and stops export RUSTFLAGS="$RUSTFLAGS -C debug-assertions=no" # do not optimize with --release, leading to Malformed instrumentation profile data diff --git a/infra/base-images/base-builder/compile b/infra/base-images/base-builder/compile index c934d3b5b..78453c98c 100755 --- a/infra/base-images/base-builder/compile +++ b/infra/base-images/base-builder/compile @@ -27,8 +27,8 @@ if [ "$FUZZING_LANGUAGE" = "jvm" ]; then echo "ERROR: JVM projects can be fuzzed with libFuzzer engine only." exit 1 fi - if [ "$SANITIZER" != "address" ] && [ "$SANITIZER" != "coverage" ] && [ "$SANITIZER" != "undefined" ]; then - echo "ERROR: JVM projects can be fuzzed with AddressSanitizer or UndefinedBehaviorSanitizer only." + if [ "$SANITIZER" != "address" ]; then + echo "ERROR: JVM projects can be fuzzed with AddressSanitizer only." exit 1 fi if [ "$ARCHITECTURE" != "x86_64" ]; then @@ -43,7 +43,7 @@ if [ "$FUZZING_LANGUAGE" = "python" ]; then exit 1 fi if [ "$SANITIZER" != "address" ] && [ "$SANITIZER" != "undefined" ]; then - echo "ERROR: Python projects can be fuzzed with AddressSanitizer or UndefinedBehaviorSanitizer only." + echo "ERROR: Python projects can be fuzzed with AddressSanitizer and UndefinedBehaviorSanitizer only." exit 1 fi if [ "$ARCHITECTURE" != "x86_64" ]; then @@ -59,7 +59,7 @@ fi if [[ $ARCHITECTURE == "i386" ]]; then export CFLAGS="-m32 $CFLAGS" - cp -R /usr/i386/lib/* /usr/local/lib + cp -R /usr/i386/lib/* /usr/lib fi # JVM projects are fuzzed with Jazzer, which has libFuzzer built in. if [[ $FUZZING_ENGINE != "none" ]] && [[ $FUZZING_LANGUAGE != "jvm" ]]; then @@ -71,9 +71,15 @@ if [[ $SANITIZER_FLAGS = *sanitize=memory* ]] then # Take all libraries from lib/msan and MSAN_LIBS_PATH # export CXXFLAGS_EXTRA="-L/usr/msan/lib $CXXFLAGS_EXTRA" - cp -R /usr/msan/lib/* /usr/local/lib/ - - echo 'Building without MSan instrumented libraries.' + cp -R /usr/msan/lib/* /usr/lib/ + + if [[ -z "${MSAN_LIBS_PATH-}" ]]; then + echo 'WARNING: Building without MSan instrumented libraries.' + else + # Copy all static libraries only. Don't include .so files because they can + # break non MSan compiled programs. + (cd "$MSAN_LIBS_PATH" && find . -name '*.a' -exec cp --parents '{}' / ';') + fi fi # Coverage flag overrides. @@ -112,7 +118,7 @@ export CFLAGS="$CFLAGS $SANITIZER_FLAGS $COVERAGE_FLAGS" export CXXFLAGS="$CFLAGS $CXXFLAGS_EXTRA" if [ "$FUZZING_LANGUAGE" = "python" ]; then - sanitizer_with_fuzzer_lib_dir=`python3 -c "import atheris; import os; print(atheris.path())"` + sanitizer_with_fuzzer_lib_dir=`python3 -c "import atheris; import os; print(os.path.dirname(atheris.path()))"` sanitizer_with_fuzzer_output_lib=$OUT/sanitizer_with_fuzzer.so if [ "$SANITIZER" = "address" ]; then cp $sanitizer_with_fuzzer_lib_dir/asan_with_fuzzer.so $sanitizer_with_fuzzer_output_lib @@ -130,20 +136,7 @@ cp $(which llvm-symbolizer) $OUT/ # Copy Jazzer to $OUT if needed. if [ "$FUZZING_LANGUAGE" = "jvm" ]; then - cp $(which jazzer_agent_deploy.jar) $(which jazzer_driver) $OUT/ - jazzer_driver_with_sanitizer=$OUT/jazzer_driver_with_sanitizer - if [ "$SANITIZER" = "address" ]; then - cp $(which jazzer_driver_asan) $jazzer_driver_with_sanitizer - elif [ "$SANITIZER" = "undefined" ]; then - cp $(which jazzer_driver_ubsan) $jazzer_driver_with_sanitizer - elif [ "$SANITIZER" = "coverage" ]; then - # Coverage builds require no instrumentation. - cp $(which jazzer_driver) $jazzer_driver_with_sanitizer - fi - - # Disable leak checking since the JVM triggers too many false positives. - export CFLAGS="$CFLAGS -fno-sanitize=leak" - export CXXFLAGS="$CXXFLAGS -fno-sanitize=leak" + cp $(which jazzer_agent_deploy.jar) $(which jazzer_driver) $(which jazzer_driver_asan) $OUT/ fi echo "---------------------------------------------------------------" @@ -151,24 +144,13 @@ echo "CC=$CC" echo "CXX=$CXX" echo "CFLAGS=$CFLAGS" echo "CXXFLAGS=$CXXFLAGS" -echo "RUSTFLAGS=$RUSTFLAGS" echo "---------------------------------------------------------------" BUILD_CMD="bash -eux $SRC/build.sh" -# Set +u temporarily to continue even if GOPATH and OSSFUZZ_RUSTPATH are undefined. -set +u # We need to preserve source code files for generating a code coverage report. # We need exact files that were compiled, so copy both $SRC and $WORK dirs. -COPY_SOURCES_CMD="cp -rL --parents $SRC $WORK /usr/include /usr/local/include $GOPATH $OSSFUZZ_RUSTPATH /rustc $OUT" -set -u - -if [ "$FUZZING_LANGUAGE" = "rust" ]; then - # Copy rust std lib to its path with a hash. - export rustch=`rustc --version --verbose | grep commit-hash | cut -d' ' -f2` - mkdir -p /rustc/$rustch/ - cp -r /rust/rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/ /rustc/$rustch/ -fi +COPY_SOURCES_CMD="cp -rL --parents $SRC $WORK /usr/include /usr/local/include $GOPATH $OSSFUZZ_RUSTPATH $OUT" if [ "${BUILD_UID-0}" -ne "0" ]; then adduser -u $BUILD_UID --disabled-password --gecos '' builder diff --git a/infra/base-images/base-builder/compile_afl b/infra/base-images/base-builder/compile_afl index d6509c74c..dc6624459 100644 --- a/infra/base-images/base-builder/compile_afl +++ b/infra/base-images/base-builder/compile_afl @@ -22,8 +22,6 @@ # AFL++ settings. export AFL_LLVM_MODE_WORKAROUND=0 export AFL_ENABLE_DICTIONARY=0 -export AFL_ENABLE_CMPLOG=1 -export AFL_LAF_CHANCE=3 # Start compiling afl++. echo "Copying precompiled afl++" @@ -47,32 +45,19 @@ export ASAN_OPTIONS="detect_leaks=0:symbolize=0:detect_odr_violation=0:abort_on_ # AFL compile option roulette. It is OK if they all happen together. -# 20% chance for CTX-2 coverage instrumentation (Caller conTeXt sensitive -# edge coverage). -test $(($RANDOM % 100)) -lt 20 && { - export AFL_LLVM_INSTRUMENT=CLASSIC,CTX-2 - export AFL_ENABLE_CMPLOG=0 - export AFL_LAF_CHANCE=30 -} - -# 40% chance to create a dictionary. -test $(($RANDOM % 100)) -lt 40 && { - export AFL_ENABLE_DICTIONARY=1 -} - -# 60% chance to perform CMPLOG/REDQUEEN. +# 40% chance to perform CMPLOG rm -f "$OUT/afl_cmplog.txt" -test "$AFL_ENABLE_CMPLOG" = "1" -a $(($RANDOM % 100)) -lt 60 && { +test $(($RANDOM % 10)) -lt 4 && { export AFL_LLVM_CMPLOG=1 touch "$OUT/afl_cmplog.txt" } -# 3% chance to perform COMPCOV/LAF_INTEL. -test $(($RANDOM % 100)) -lt $AFL_LAF_CHANCE && { +# 10% chance to perform LAF_INTEL +test $(($RANDOM % 10)) -lt 1 && { export AFL_LLVM_LAF_ALL=1 } -# Create a dictionary if one is wanted. +# If the targets wants a dictionary - then create one. test "$AFL_ENABLE_DICTIONARY" = "1" && { export AFL_LLVM_DICT2FILE="$OUT/afl++.dict" } diff --git a/infra/base-images/base-builder/compile_go_fuzzer b/infra/base-images/base-builder/compile_go_fuzzer index dd8c9f6a1..2342800fb 100755 --- a/infra/base-images/base-builder/compile_go_fuzzer +++ b/infra/base-images/base-builder/compile_go_fuzzer @@ -29,7 +29,7 @@ cd $GOPATH/src/$path || true # in the case we are in the right directory, with go.mod but no go.sum go mod tidy || true # project was downloaded with go get if go list fails -go list $tags $path || { cd $GOPATH/pkg/mod/ && cd `echo $path | cut -d/ -f1-3 | awk '{print $1"@*"}'`; } || cd - +go list $tags $path || { cd $GOPATH/pkg/mod/ && cd `echo $path | cut -d/ -f1-3 | awk '{print $1"@*"}'`; } # project does not have go.mod if go list fails again go list $tags $path || { go mod init $path && go mod tidy ;} @@ -42,9 +42,7 @@ if [[ $SANITIZER = *coverage* ]]; then sed -i -e 's/mypackagebeingfuzzed/'$fuzzed_package'/' ./"${function,,}"_test.go sed -i -e 's/TestFuzzCorpus/Test'$function'Corpus/' ./"${function,,}"_test.go - # The repo is the module path/name, which is already created above in case it doesn't exist, - # but not always the same as the module path. This is necessary to handle SIV properly. - fuzzed_repo=$(go list $tags -f {{.Module}} "$path") + fuzzed_repo=`echo $path | cut -d/ -f-3` abspath_repo=`go list -m $tags -f {{.Dir}} $fuzzed_repo || go list $tags -f {{.Dir}} $fuzzed_repo` # give equivalence to absolute paths in another file, as go test -cover uses golangish pkg.Dir echo "s=$fuzzed_repo"="$abspath_repo"= > $OUT/$fuzzer.gocovpath diff --git a/infra/base-images/base-builder/install_go.sh b/infra/base-images/base-builder/install_go.sh deleted file mode 100755 index 21138831c..000000000 --- a/infra/base-images/base-builder/install_go.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -eux -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -cd /tmp -curl -O https://storage.googleapis.com/golang/getgo/installer_linux -chmod +x ./installer_linux -SHELL="bash" ./installer_linux -rm -rf ./installer_linux - -echo 'Set "GOPATH=/root/go"' -echo 'Set "PATH=$PATH:/root/.go/bin:$GOPATH/bin"' - -go get -u github.com/mdempsky/go114-fuzz-build -ln -s $GOPATH/bin/go114-fuzz-build $GOPATH/bin/go-fuzz diff --git a/infra/base-images/base-builder/install_java.sh b/infra/base-images/base-builder/install_java.sh deleted file mode 100755 index 560c816a9..000000000 --- a/infra/base-images/base-builder/install_java.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -eux -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Install OpenJDK 15 and trim its size by removing unused components. -cd /tmp -curl -L -O https://download.java.net/java/GA/jdk15.0.2/0d1cfde4252546c6931946de8db48ee2/7/GPL/openjdk-15.0.2_linux-x64_bin.tar.gz && \ -mkdir -p $JAVA_HOME -tar -xzv --strip-components=1 -f openjdk-15.0.2_linux-x64_bin.tar.gz --directory $JAVA_HOME && \ -rm -f openjdk-15.0.2_linux-x64_bin.tar.gz -rm -rf $JAVA_HOME/jmods $JAVA_HOME/lib/src.zip - -# Install the latest Jazzer in $OUT. -# jazzer_api_deploy.jar is required only at build-time, the agent and the -# drivers are copied to $OUT as they need to be present on the runners. -cd $SRC/ -git clone --depth=1 https://github.com/CodeIntelligenceTesting/jazzer && \ -cd jazzer -bazel build --java_runtime_version=localjdk_15 -c opt --cxxopt="-stdlib=libc++" --linkopt=-lc++ \ - //agent:jazzer_agent_deploy.jar //driver:jazzer_driver //driver:jazzer_driver_asan //driver:jazzer_driver_ubsan //agent:jazzer_api_deploy.jar -cp bazel-bin/agent/jazzer_agent_deploy.jar bazel-bin/driver/jazzer_driver bazel-bin/driver/jazzer_driver_asan bazel-bin/driver/jazzer_driver_ubsan /usr/local/bin/ -cp bazel-bin/agent/jazzer_api_deploy.jar $JAZZER_API_PATH -rm -rf ~/.cache/bazel ~/.cache/bazelisk -rm -rf $SRC/jazzer diff --git a/infra/base-images/base-builder/install_python.sh b/infra/base-images/base-builder/install_python.sh deleted file mode 100755 index b9c9a38c3..000000000 --- a/infra/base-images/base-builder/install_python.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -eux -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -echo "ATHERIS INSTALL" -unset CFLAGS CXXFLAGS -pip3 install -v --no-cache-dir atheris>=2.0.6 pyinstaller==4.1 -rm -rf /tmp/* diff --git a/infra/base-images/base-builder/install_rust.sh b/infra/base-images/base-builder/install_rust.sh deleted file mode 100755 index cbb461fd6..000000000 --- a/infra/base-images/base-builder/install_rust.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -eux -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -curl https://sh.rustup.rs | sh -s -- -y --default-toolchain=nightly --profile=minimal -cargo install cargo-fuzz && rm -rf /rust/registry -# Needed to recompile rust std library for MSAN -rustup component add rust-src --toolchain nightly diff --git a/infra/base-images/base-builder/install_swift.sh b/infra/base-images/base-builder/install_swift.sh deleted file mode 100755 index d88a7b5cd..000000000 --- a/infra/base-images/base-builder/install_swift.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -eux -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - - -SWIFT_PACKAGES="wget \ - binutils \ - git \ - gnupg2 \ - libc6-dev \ - libcurl4 \ - libedit2 \ - libgcc-9-dev \ - libpython2.7 \ - libsqlite3-0 \ - libstdc++-9-dev \ - libxml2 \ - libz3-dev \ - pkg-config \ - tzdata \ - zlib1g-dev" -SWIFT_SYMBOLIZER_PACKAGES="build-essential make cmake ninja-build git python3 g++-multilib binutils-dev zlib1g-dev" -apt-get update && apt install -y $SWIFT_PACKAGES && \ - apt install -y $SWIFT_SYMBOLIZER_PACKAGES --no-install-recommends - - -wget https://swift.org/builds/swift-5.4.2-release/ubuntu2004/swift-5.4.2-RELEASE/swift-5.4.2-RELEASE-ubuntu20.04.tar.gz -tar xzf swift-5.4.2-RELEASE-ubuntu20.04.tar.gz -cp -r swift-5.4.2-RELEASE-ubuntu20.04/usr/* /usr/ -rm -rf swift-5.4.2-RELEASE-ubuntu20.04.tar.gz -# TODO: Move to a seperate work dir -git clone --depth 1 https://github.com/llvm/llvm-project.git -cd llvm-project -git apply ../llvmsymbol.diff --verbose -cmake -G "Ninja" \ - -DLIBCXX_ENABLE_SHARED=OFF \ - -DLIBCXX_ENABLE_STATIC_ABI_LIBRARY=ON \ - -DLIBCXXABI_ENABLE_SHARED=OFF \ - -DCMAKE_BUILD_TYPE=Release \ - -DLLVM_TARGETS_TO_BUILD=X86 \ - -DCMAKE_C_COMPILER=clang \ - -DCMAKE_CXX_COMPILER=clang++ \ - -DLLVM_BUILD_TESTS=OFF \ - -DLLVM_INCLUDE_TESTS=OFF llvm -ninja -j$(nproc) llvm-symbolizer -cp bin/llvm-symbolizer /usr/local/bin/llvm-symbolizer-swift - -cd $SRC -rm -rf llvm-project llvmsymbol.diff - -# TODO: Cleanup packages -apt-get remove --purge -y wget zlib1g-dev -apt-get autoremove -y diff --git a/infra/base-images/base-builder/llvmsymbol.diff b/infra/base-images/base-builder/llvmsymbol.diff deleted file mode 100644 index 70181bf39..000000000 --- a/infra/base-images/base-builder/llvmsymbol.diff +++ /dev/null @@ -1,50 +0,0 @@ -diff --git a/llvm/lib/DebugInfo/Symbolize/CMakeLists.txt b/llvm/lib/DebugInfo/Symbolize/CMakeLists.txt -index acfb3bd0e..a499ee2e0 100644 ---- a/llvm/lib/DebugInfo/Symbolize/CMakeLists.txt -+++ b/llvm/lib/DebugInfo/Symbolize/CMakeLists.txt -@@ -12,4 +12,11 @@ add_llvm_component_library(LLVMSymbolize - Object - Support - Demangle -- ) -+ -+ LINK_LIBS -+ /usr/lib/swift_static/linux/libswiftCore.a -+ /usr/lib/swift_static/linux/libicui18nswift.a -+ /usr/lib/swift_static/linux/libicuucswift.a -+ /usr/lib/swift_static/linux/libicudataswift.a -+ /usr/lib/x86_64-linux-gnu/libstdc++.so.6 -+) -diff --git a/llvm/lib/DebugInfo/Symbolize/Symbolize.cpp b/llvm/lib/DebugInfo/Symbolize/Symbolize.cpp -index fb4875f79..0030769ee 100644 ---- a/llvm/lib/DebugInfo/Symbolize/Symbolize.cpp -+++ b/llvm/lib/DebugInfo/Symbolize/Symbolize.cpp -@@ -36,6 +36,13 @@ - #include <cassert> - #include <cstring> - -+ -+extern "C" char *swift_demangle(const char *mangledName, -+ size_t mangledNameLength, -+ char *outputBuffer, -+ size_t *outputBufferSize, -+ uint32_t flags); -+ - namespace llvm { - namespace symbolize { - -@@ -678,6 +685,14 @@ LLVMSymbolizer::DemangleName(const std::string &Name, - free(DemangledName); - return Result; - } -+ if (!Name.empty() && Name.front() == '$') { -+ char *DemangledName = swift_demangle(Name.c_str(), Name.length(), 0, 0, 0); -+ if (DemangledName) { -+ std::string Result = DemangledName; -+ free(DemangledName); -+ return Result; -+ } -+ } - - if (DbiModuleDescriptor && DbiModuleDescriptor->isWin32Module()) - return std::string(demanglePE32ExternCFunc(Name)); diff --git a/infra/base-images/base-builder/write_labels.py b/infra/base-images/base-builder/write_labels.py index 92a820a43..6766e37fe 100755 --- a/infra/base-images/base-builder/write_labels.py +++ b/infra/base-images/base-builder/write_labels.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/python3 # Copyright 2021 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/infra/base-images/base-clang/Dockerfile b/infra/base-images/base-clang/Dockerfile index 45260941c..3c16a8f3c 100644 --- a/infra/base-images/base-clang/Dockerfile +++ b/infra/base-images/base-clang/Dockerfile @@ -19,7 +19,7 @@ FROM gcr.io/oss-fuzz-base/base-image # Install newer cmake. -ENV CMAKE_VERSION 3.21.1 +ENV CMAKE_VERSION 3.19.2 RUN apt-get update && apt-get install -y wget sudo && \ wget https://github.com/Kitware/CMake/releases/download/v$CMAKE_VERSION/cmake-$CMAKE_VERSION-Linux-x86_64.sh && \ chmod +x cmake-$CMAKE_VERSION-Linux-x86_64.sh && \ diff --git a/infra/base-images/base-clang/checkout_build_install_llvm.sh b/infra/base-images/base-clang/checkout_build_install_llvm.sh index a62b27cff..f6e8ca99c 100755 --- a/infra/base-images/base-clang/checkout_build_install_llvm.sh +++ b/infra/base-images/base-clang/checkout_build_install_llvm.sh @@ -21,8 +21,8 @@ NPROC=$(expr $(nproc) / 2) # zlib1g-dev is needed for llvm-profdata to handle coverage data from rust compiler -LLVM_DEP_PACKAGES="build-essential make cmake ninja-build git python3 python3-distutils g++-multilib binutils-dev zlib1g-dev" -apt-get update && apt-get install -y $LLVM_DEP_PACKAGES --no-install-recommends +LLVM_DEP_PACKAGES="build-essential make cmake ninja-build git python3 g++-multilib binutils-dev zlib1g-dev" +apt-get install -y $LLVM_DEP_PACKAGES --no-install-recommends # Checkout CHECKOUT_RETRIES=10 @@ -74,7 +74,7 @@ OUR_LLVM_REVISION=llvmorg-12-init-17251-g6de48655 # To allow for manual downgrades. Set to 0 to use Chrome's clang version (i.e. # *not* force a manual downgrade). Set to 1 to force a manual downgrade. -FORCE_OUR_REVISION=0 +FORCE_OUR_REVISION=1 LLVM_REVISION=$(grep -Po "CLANG_REVISION = '\K([^']+)" scripts/update.py) clone_with_retries https://github.com/llvm/llvm-project.git $LLVM_SRC @@ -124,24 +124,10 @@ rm -rf $WORK/llvm-stage1 $WORK/llvm-stage2 # Use the clang we just built from now on. CMAKE_EXTRA_ARGS="-DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++" -function cmake_libcxx { - extra_args="$@" - cmake -G "Ninja" \ - -DLIBCXX_ENABLE_SHARED=OFF \ - -DLIBCXX_ENABLE_STATIC_ABI_LIBRARY=ON \ - -DLIBCXXABI_ENABLE_SHARED=OFF \ - -DCMAKE_BUILD_TYPE=Release \ - -DLLVM_TARGETS_TO_BUILD="$TARGET_TO_BUILD" \ - -DLLVM_ENABLE_PROJECTS="libcxx;libcxxabi" \ - -DLLVM_BINUTILS_INCDIR="/usr/include/" \ - $extra_args \ - $LLVM_SRC/llvm -} - # 32-bit libraries. mkdir -p $WORK/i386 cd $WORK/i386 -cmake_libcxx $CMAKE_EXTRA_ARGS \ +cmake_llvm $CMAKE_EXTRA_ARGS \ -DCMAKE_INSTALL_PREFIX=/usr/i386/ \ -DCMAKE_C_FLAGS="-m32" \ -DCMAKE_CXX_FLAGS="-m32" @@ -159,7 +145,7 @@ cat <<EOF > $WORK/msan/blocklist.txt fun:__gxx_personality_* EOF -cmake_libcxx $CMAKE_EXTRA_ARGS \ +cmake_llvm $CMAKE_EXTRA_ARGS \ -DLLVM_USE_SANITIZER=Memory \ -DCMAKE_INSTALL_PREFIX=/usr/msan/ \ -DCMAKE_CXX_FLAGS="-fsanitize-blacklist=$WORK/msan/blocklist.txt" @@ -172,7 +158,7 @@ rm -rf $WORK/msan mkdir -p $WORK/dfsan cd $WORK/dfsan -cmake_libcxx $CMAKE_EXTRA_ARGS \ +cmake_llvm $CMAKE_EXTRA_ARGS \ -DLLVM_USE_SANITIZER=DataFlow \ -DCMAKE_INSTALL_PREFIX=/usr/dfsan/ @@ -211,7 +197,7 @@ rm -rf /usr/local/bin/llvm-* mv $LLVM_TOOLS_TMPDIR/* /usr/local/bin/ rm -rf $LLVM_TOOLS_TMPDIR -# Remove binaries from LLVM build that we don't need. +# Remove binaries from LLVM buld that we don't need. rm -f \ /usr/local/bin/bugpoint \ /usr/local/bin/llc \ diff --git a/infra/base-images/base-image/Dockerfile b/infra/base-images/base-image/Dockerfile index bc6035b72..2099ffdd2 100644 --- a/infra/base-images/base-image/Dockerfile +++ b/infra/base-images/base-image/Dockerfile @@ -16,11 +16,11 @@ # Base image for all other images. -FROM ubuntu:20.04 +FROM ubuntu:16.04 ENV DEBIAN_FRONTEND noninteractive RUN apt-get update && \ apt-get upgrade -y && \ - apt-get install -y libc6-dev binutils libgcc-9-dev && \ + apt-get install -y libc6-dev binutils libgcc-5-dev && \ apt-get autoremove -y ENV OUT=/out diff --git a/infra/base-images/base-runner/Dockerfile b/infra/base-images/base-runner/Dockerfile index fadd00acc..f847de026 100755 --- a/infra/base-images/base-runner/Dockerfile +++ b/infra/base-images/base-runner/Dockerfile @@ -45,18 +45,12 @@ RUN apt-get update && apt-get install -y \ libcap2 \ python3 \ python3-pip \ - python3-setuptools \ unzip \ wget \ zip --no-install-recommends -ENV CODE_COVERAGE_SRC=/opt/code_coverage -RUN git clone https://chromium.googlesource.com/chromium/src/tools/code_coverage $CODE_COVERAGE_SRC && \ - cd /opt/code_coverage && \ - git checkout edba4873b5e8a390e977a64c522db2df18a8b27d && \ - pip3 install wheel && \ - pip3 install -r requirements.txt && \ - pip3 install MarkupSafe==0.23 +RUN git clone https://chromium.googlesource.com/chromium/src/tools/code_coverage /opt/code_coverage && \ + pip3 install -r /opt/code_coverage/requirements.txt # Default environment options for various sanitizers. # Note that these match the settings used in ClusterFuzz and @@ -97,12 +91,6 @@ RUN wget https://download.java.net/java/GA/jdk15.0.2/0d1cfde4252546c6931946de8db rm -f openjdk-15.0.2_linux-x64_bin.tar.gz && \ rm -rf $JAVA_HOME/jmods $JAVA_HOME/lib/src.zip -# Install JaCoCo for JVM coverage. -RUN wget https://repo1.maven.org/maven2/org/jacoco/org.jacoco.cli/0.8.7/org.jacoco.cli-0.8.7-nodeps.jar -O /opt/jacoco-cli.jar && \ - wget https://repo1.maven.org/maven2/org/jacoco/org.jacoco.agent/0.8.7/org.jacoco.agent-0.8.7-runtime.jar -O /opt/jacoco-agent.jar && \ - echo "37df187b76888101ecd745282e9cd1ad4ea508d6 /opt/jacoco-agent.jar" | shasum --check && \ - echo "c1814e7bba5fd8786224b09b43c84fd6156db690 /opt/jacoco-cli.jar" | shasum --check - # Do this last to make developing these files easier/faster due to caching. COPY bad_build_check \ collect_dft \ @@ -110,12 +98,10 @@ COPY bad_build_check \ coverage_helper \ dataflow_tracer.py \ download_corpus \ - jacoco_report_converter.py \ rcfilt \ reproduce \ run_fuzzer \ parse_options.py \ - profraw_update.py \ targets_list \ test_all.py \ test_one.py \ diff --git a/infra/base-images/base-runner/bad_build_check b/infra/base-images/base-runner/bad_build_check index bb328c793..01f8fbbab 100755 --- a/infra/base-images/base-runner/bad_build_check +++ b/infra/base-images/base-runner/bad_build_check @@ -39,7 +39,7 @@ DFSAN_CALLS_THRESHOLD_FOR_NON_DFSAN_BUILD=0 MSAN_CALLS_THRESHOLD_FOR_MSAN_BUILD=1000 # Some engines (e.g. honggfuzz) may make a very small number of calls to msan # for memory poisoning. -MSAN_CALLS_THRESHOLD_FOR_NON_MSAN_BUILD=3 +MSAN_CALLS_THRESHOLD_FOR_NON_MSAN_BUILD=2 # Usually, a non UBSan build (e.g. ASan) has 165 calls to UBSan runtime. The # majority of targets built with UBSan have 200+ UBSan calls, but there are @@ -90,7 +90,10 @@ function check_engine { echo "BAD BUILD: $FUZZER seems to have only partial coverage instrumentation." fi elif [[ "$FUZZING_ENGINE" == afl ]]; then - AFL_FORKSRV_INIT_TMOUT=30000 AFL_NO_UI=1 SKIP_SEED_CORPUS=1 timeout --preserve-status -s INT 35s run_fuzzer $FUZZER_NAME &>$FUZZER_OUTPUT + # TODO(https://github.com/google/oss-fuzz/issues/2470): Dont use + # AFL_DRIVER_DONT_DEFER by default, support .options files in + # bad_build_check instead. + AFL_DRIVER_DONT_DEFER=1 AFL_NO_UI=1 SKIP_SEED_CORPUS=1 timeout --preserve-status -s INT 20s run_fuzzer $FUZZER_NAME &>$FUZZER_OUTPUT CHECK_PASSED=$(egrep "All set and ready to roll" -c $FUZZER_OUTPUT) if (( $CHECK_PASSED == 0 )); then echo "BAD BUILD: fuzzing $FUZZER with afl-fuzz failed." @@ -133,7 +136,10 @@ function check_startup_crash { SKIP_SEED_CORPUS=1 run_fuzzer $FUZZER_NAME -seed=1337 -runs=$MIN_NUMBER_OF_RUNS &>$FUZZER_OUTPUT CHECK_PASSED=$(egrep "Done $MIN_NUMBER_OF_RUNS runs" -c $FUZZER_OUTPUT) elif [[ "$FUZZING_ENGINE" = afl ]]; then - AFL_FORKSRV_INIT_TMOUT=30000 AFL_NO_UI=1 SKIP_SEED_CORPUS=1 timeout --preserve-status -s INT 35s run_fuzzer $FUZZER_NAME &>$FUZZER_OUTPUT + # TODO(https://github.com/google/oss-fuzz/issues/2470): Dont use + # AFL_DRIVER_DONT_DEFER by default, support .options files in + # bad_build_check instead. + AFL_DRIVER_DONT_DEFER=1 AFL_NO_UI=1 SKIP_SEED_CORPUS=1 timeout --preserve-status -s INT 20s run_fuzzer $FUZZER_NAME &>$FUZZER_OUTPUT if [ $(egrep "target binary (crashed|terminated)" -c $FUZZER_OUTPUT) -eq 0 ]; then CHECK_PASSED=1 fi diff --git a/infra/base-images/base-runner/coverage b/infra/base-images/base-runner/coverage index 3c7b274e4..a86b00dec 100755 --- a/infra/base-images/base-runner/coverage +++ b/infra/base-images/base-runner/coverage @@ -19,21 +19,14 @@ cd $OUT if (( $# > 0 )); then FUZZ_TARGETS="$@" else - FUZZ_TARGETS="$(find . -maxdepth 1 -type f -executable -printf '%P\n' | \ - grep -v -x -F \ - -e 'llvm-symbolizer' \ - -e 'jazzer_agent_deploy.jar' \ - -e 'jazzer_driver' \ - -e 'jazzer_driver_with_sanitizer')" + FUZZ_TARGETS="$(find . -maxdepth 1 -type f -executable -printf '%P\n')" fi -COVERAGE_OUTPUT_DIR=${COVERAGE_OUTPUT_DIR:-$OUT} - -DUMPS_DIR="$COVERAGE_OUTPUT_DIR/dumps" -FUZZER_STATS_DIR="$COVERAGE_OUTPUT_DIR/fuzzer_stats" -LOGS_DIR="$COVERAGE_OUTPUT_DIR/logs" -REPORT_ROOT_DIR="$COVERAGE_OUTPUT_DIR/report" -REPORT_PLATFORM_DIR="$COVERAGE_OUTPUT_DIR/report/linux" +DUMPS_DIR="$OUT/dumps" +FUZZER_STATS_DIR="$OUT/fuzzer_stats" +LOGS_DIR="$OUT/logs" +REPORT_ROOT_DIR="$OUT/report" +REPORT_PLATFORM_DIR="$OUT/report/linux" for directory in $DUMPS_DIR $FUZZER_STATS_DIR $LOGS_DIR $REPORT_ROOT_DIR \ $REPORT_PLATFORM_DIR; do @@ -61,8 +54,6 @@ objects="" # Number of CPUs available, this is needed for running tests in parallel. NPROC=$(nproc) -CORPUS_DIR=${CORPUS_DIR:-"/corpus"} - function run_fuzz_target { local target=$1 @@ -71,7 +62,7 @@ function run_fuzz_target { local profraw_file="$DUMPS_DIR/$target.%1m.profraw" local profraw_file_mask="$DUMPS_DIR/$target.*.profraw" local profdata_file="$DUMPS_DIR/$target.profdata" - local corpus_real="$CORPUS_DIR/${target}" + local corpus_real="/corpus/${target}" # -merge=1 requires an output directory, create a new, empty dir for that. local corpus_dummy="$OUT/dummy_corpus_dir_for_${target}" @@ -83,7 +74,7 @@ function run_fuzz_target { # because (A) corpuses are already minimized; (B) we do not use sancov, and so # libFuzzer always finishes merge with an empty output dir. # Use 100s timeout instead of 25s as code coverage builds can be very slow. - local args="-merge=1 -timeout=100 $corpus_dummy $corpus_real" + local args="-merge=1 -timeout=100 -close_fd_mask=3 $corpus_dummy $corpus_real" export LLVM_PROFILE_FILE=$profraw_file timeout $TIMEOUT $OUT/$target $args &> $LOGS_DIR/$target.log @@ -99,9 +90,6 @@ function run_fuzz_target { return 0 fi - # If necessary translate to latest profraw version. - profraw_update.py $OUT/$target $profraw_file_mask tmp.profraw - mv tmp.profraw $profraw_file_mask llvm-profdata merge -j=1 -sparse $profraw_file_mask -o $profdata_file # Delete unnecessary and (potentially) large .profraw files. @@ -127,7 +115,7 @@ function run_go_fuzz_target { local target=$1 echo "Running go target $target" - export FUZZ_CORPUS_DIR="$CORPUS_DIR/${target}/" + export FUZZ_CORPUS_DIR="/corpus/${target}/" export FUZZ_PROFILE_NAME="$DUMPS_DIR/$target.perf" $OUT/$target -test.coverprofile $DUMPS_DIR/$target.profdata &> $LOGS_DIR/$target.log # translate from golangish paths to current absolute paths @@ -137,47 +125,6 @@ function run_go_fuzz_target { $SYSGOPATH/bin/gocovsum $DUMPS_DIR/$target.profdata > $FUZZER_STATS_DIR/$target.json } -function run_java_fuzz_target { - local target=$1 - - local exec_file="$DUMPS_DIR/$target.exec" - local class_dump_dir="$DUMPS_DIR/${target}_classes/" - mkdir "$class_dump_dir" - local corpus_real="$CORPUS_DIR/${target}" - - # -merge=1 requires an output directory, create a new, empty dir for that. - local corpus_dummy="$OUT/dummy_corpus_dir_for_${target}" - rm -rf $corpus_dummy && mkdir -p $corpus_dummy - - # Use 100s timeout instead of 25s as code coverage builds can be very slow. - local jacoco_args="destfile=$exec_file,classdumpdir=$class_dump_dir,excludes=com.code_intelligence.jazzer.*" - local args="-merge=1 -timeout=100 --nohooks \ - --additional_jvm_args=-javaagent:/opt/jacoco-agent.jar=$jacoco_args \ - $corpus_dummy $corpus_real" - - timeout $TIMEOUT $OUT/$target $args &> $LOGS_DIR/$target.log - if (( $? != 0 )); then - echo "Error occured while running $target:" - cat $LOGS_DIR/$target.log - fi - - if (( $(du -c $exec_file | tail -n 1 | cut -f 1) == 0 )); then - # Skip fuzz targets that failed to produce .exec files. - return 0 - fi - - # Generate XML report only as input to jacoco_report_converter. - # Source files are not needed for the summary. - local xml_report="$DUMPS_DIR/${target}.xml" - local summary_file="$FUZZER_STATS_DIR/$target.json" - java -jar /opt/jacoco-cli.jar report $exec_file \ - --xml $xml_report \ - --classfiles $class_dump_dir - - # Write llvm-cov summary file. - jacoco_report_converter.py $xml_report $summary_file -} - export SYSGOPATH=$GOPATH export GOPATH=$OUT/$GOPATH # Run each fuzz target, generate raw coverage dumps. @@ -189,14 +136,6 @@ for fuzz_target in $FUZZ_TARGETS; do grep "FUZZ_CORPUS_DIR" $fuzz_target > /dev/null 2>&1 || continue fi run_go_fuzz_target $fuzz_target & - elif [[ $FUZZING_LANGUAGE == "jvm" ]]; then - # Continue if not a fuzz target. - if [[ $FUZZING_ENGINE != "none" ]]; then - grep "LLVMFuzzerTestOneInput" $fuzz_target > /dev/null 2>&1 || continue - fi - - echo "Running $fuzz_target" - run_java_fuzz_target $fuzz_target & else # Continue if not a fuzz target. if [[ $FUZZING_ENGINE != "none" ]]; then @@ -236,43 +175,6 @@ if [[ $FUZZING_LANGUAGE == "go" ]]; then mv merged.data $REPORT_ROOT_DIR/heap.prof #TODO some proxy for go tool pprof -http=127.0.0.1:8001 $DUMPS_DIR/cpu.prof echo "Finished generating code coverage report for Go fuzz targets." -elif [[ $FUZZING_LANGUAGE == "jvm" ]]; then - - # From this point on the script does not tolerate any errors. - set -e - - # Merge .exec files from the individual targets. - jacoco_merged_exec=$DUMPS_DIR/jacoco.merged.exec - java -jar /opt/jacoco-cli.jar merge $DUMPS_DIR/*.exec \ - --destfile $jacoco_merged_exec - - # Merge .class files from the individual targets. - classes_dir=$DUMPS_DIR/classes - mkdir $classes_dir - for fuzz_target in $FUZZ_TARGETS; do - cp -r $DUMPS_DIR/${fuzz_target}_classes/* $classes_dir/ - done - - # Heuristically determine source directories based on Maven structure. - # Always include the $SRC root as it likely contains the fuzzer sources. - sourcefiles_args=(--sourcefiles $OUT/$SRC) - source_dirs=$(find $OUT/$SRC -type d -name 'java') - for source_dir in $source_dirs; do - sourcefiles_args+=(--sourcefiles "$source_dir") - done - - # Generate HTML and XML reports. - xml_report=$REPORT_PLATFORM_DIR/index.xml - java -jar /opt/jacoco-cli.jar report $jacoco_merged_exec \ - --html $REPORT_PLATFORM_DIR \ - --xml $xml_report \ - --classfiles $classes_dir \ - "${sourcefiles_args[@]}" - - # Write llvm-cov summary file. - jacoco_report_converter.py $xml_report $SUMMARY_FILE - - set +e else # From this point on the script does not tolerate any errors. @@ -304,10 +206,6 @@ else fi -# Make sure report is readable. -chmod -R +r $REPORT_ROOT_DIR -find $REPORT_ROOT_DIR -type d -exec chmod +x {} + - if [[ -n $HTTP_PORT ]]; then # Serve the report locally. echo "Serving the report on http://127.0.0.1:$HTTP_PORT/linux/index.html" diff --git a/infra/base-images/base-runner/coverage_helper b/infra/base-images/base-runner/coverage_helper index 4d29ceac8..22c9cb5d6 100755 --- a/infra/base-images/base-runner/coverage_helper +++ b/infra/base-images/base-runner/coverage_helper @@ -14,4 +14,4 @@ # limitations under the License. # ################################################################################ -python3 $CODE_COVERAGE_SRC/coverage_utils.py $@ +python3 /opt/code_coverage/coverage_utils.py $@ diff --git a/infra/base-images/base-runner/jacoco_report_converter.py b/infra/base-images/base-runner/jacoco_report_converter.py deleted file mode 100755 index 3c36065f1..000000000 --- a/infra/base-images/base-runner/jacoco_report_converter.py +++ /dev/null @@ -1,158 +0,0 @@ -#!/usr/bin/env python3 -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -"""Helper script for creating an llvm-cov style JSON summary from a JaCoCo XML -report.""" -import json -import os -import sys -import xml.etree.ElementTree as ET - - -def convert(xml): - """Turns a JaCoCo XML report into an llvm-cov JSON summary.""" - summary = { - "type": "oss-fuzz.java.coverage.json.export", - "version": "1.0.0", - "data": [{ - "totals": {}, - "files": [], - }], - } - - report = ET.fromstring(xml) - totals = make_element_summary(report) - summary["data"][0]["totals"] = totals - - # Since Java compilation does not track source file location, we match - # coverage info to source files via the full class name, e.g. we search for - # a path in /out/src ending in foo/bar/Baz.java for the class foo.bar.Baz. - # Under the assumptions that a given project only ever contains a single - # version of a class and that no class name appears as a suffix of another - # class name, we can assign coverage info to every source file matched in that - # way. - src_files = list_src_files() - - for class_element in report.findall("./package/class"): - class_name = class_element.attrib["name"] - package_name = os.path.dirname(class_name) - if "sourcefilename" not in class_element.attrib: - continue - basename = class_element.attrib["sourcefilename"] - # This path is "foo/Bar.java" for the class element - # <class name="foo/Bar" sourcefilename="Bar.java">. - canonical_path = os.path.join(package_name, basename) - - class_summary = make_element_summary(class_element) - summary["data"][0]["files"].append({ - "filename": relative_to_src_path(src_files, canonical_path), - "summary": class_summary, - }) - - return json.dumps(summary) - - -def list_src_files(): - """Returns a map from basename to full path for all files in $OUT/$SRC.""" - filename_to_paths = {} - out_path = os.environ["OUT"] + "/" - src_path = os.environ["SRC"] - src_in_out = out_path + src_path - for dirpath, _, filenames in os.walk(src_in_out): - for filename in filenames: - full_path = dirpath + "/" + filename - # Map /out//src/... to /src/... - src_path = full_path[len(out_path):] - filename_to_paths.setdefault(filename, []).append(src_path) - return filename_to_paths - - -def relative_to_src_path(src_files, canonical_path): - """Returns all paths in src_files ending in canonical_path.""" - basename = os.path.basename(canonical_path) - if basename not in src_files: - return [] - candidate_paths = src_files[basename] - return [ - path for path in candidate_paths if path.endswith("/" + canonical_path) - ] - - -def make_element_summary(element): - """Returns a coverage summary for an element in the XML report.""" - summary = {} - - function_counter = element.find("./counter[@type='METHOD']") - summary["functions"] = make_counter_summary(function_counter) - - line_counter = element.find("./counter[@type='LINE']") - summary["lines"] = make_counter_summary(line_counter) - - # JaCoCo tracks branch coverage, which counts the covered control-flow edges - # between llvm-cov's regions instead of the covered regions themselves. For - # non-trivial code parts, the difference is usually negligible. However, if - # all methods of a class consist of a single region only (no branches), - # JaCoCo does not report any branch coverage even if there is instruction - # coverage. Since this would give incorrect results for CI Fuzz purposes, we - # increase the regions counter by 1 if there is any amount of instruction - # coverage. - instruction_counter = element.find("./counter[@type='INSTRUCTION']") - has_some_coverage = instruction_counter is not None and int( - instruction_counter.attrib["covered"]) > 0 - branch_covered_adjustment = 1 if has_some_coverage else 0 - region_counter = element.find("./counter[@type='BRANCH']") - summary["regions"] = make_counter_summary( - region_counter, covered_adjustment=branch_covered_adjustment) - - return summary - - -def make_counter_summary(counter_element, covered_adjustment=0): - """Turns a JaCoCo <counter> element into an llvm-cov totals entry.""" - summary = {} - covered = covered_adjustment - missed = 0 - if counter_element is not None: - covered += int(counter_element.attrib["covered"]) - missed += int(counter_element.attrib["missed"]) - summary["covered"] = covered - summary["notcovered"] = missed - summary["count"] = summary["covered"] + summary["notcovered"] - if summary["count"] != 0: - summary["percent"] = (100.0 * summary["covered"]) / summary["count"] - else: - summary["percent"] = 0 - return summary - - -def main(): - """Produces an llvm-cov style JSON summary from a JaCoCo XML report.""" - if len(sys.argv) != 3: - sys.stderr.write('Usage: %s <path_to_jacoco_xml> <out_path_json>\n' % - sys.argv[0]) - return 1 - - with open(sys.argv[1], 'r') as xml_file: - xml_report = xml_file.read() - json_summary = convert(xml_report) - with open(sys.argv[2], 'w') as json_file: - json_file.write(json_summary) - - return 0 - - -if __name__ == "__main__": - sys.exit(main()) diff --git a/infra/base-images/base-runner/profraw_update.py b/infra/base-images/base-runner/profraw_update.py deleted file mode 100644 index 408b5fb93..000000000 --- a/infra/base-images/base-runner/profraw_update.py +++ /dev/null @@ -1,123 +0,0 @@ -#!/usr/bin/env python3 -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -"""Helper script for upgrading a profraw file to latest version.""" - -from collections import namedtuple -import struct -import subprocess -import sys - -HeaderGeneric = namedtuple('HeaderGeneric', 'magic version') -HeaderVersion7 = namedtuple( - 'HeaderVersion7', - 'BinaryIdsSize DataSize PaddingBytesBeforeCounters CountersSize \ - PaddingBytesAfterCounters NamesSize CountersDelta NamesDelta ValueKindLast') - -PROFRAW_MAGIC = 0xff6c70726f667281 - - -def relativize_address(data, offset, databegin, sect_prf_cnts, sect_prf_data): - """Turns an absolute offset into a relative one.""" - value = struct.unpack('Q', data[offset:offset + 8])[0] - if sect_prf_cnts <= value < sect_prf_data: - # If the value is an address in the right section, make it relative. - value = (value - databegin) & 0xffffffffffffffff - value = struct.pack('Q', value) - for i in range(8): - data[offset + i] = value[i] - - -def upgrade(data, sect_prf_cnts, sect_prf_data): - """Upgrades profraw data, knowing the sections addresses.""" - generic_header = HeaderGeneric._make(struct.unpack('QQ', data[:16])) - if generic_header.magic != PROFRAW_MAGIC: - raise Exception('Bad magic.') - if generic_header.version == 5: - generic_header = generic_header._replace(version=7) - # Upgrade from version 5 to 7 by adding binaryids field. - data = struct.pack('QQ', generic_header) + struct.pack('Q', 0) + data[16:] - if generic_header.version < 7: - raise Exception('Unhandled version.') - v7_header = HeaderVersion7._make(struct.unpack('QQQQQQQQQ', data[16:88])) - - if v7_header.BinaryIdsSize % 8 != 0: - # Adds padding for binary ids. - # cf commit b9f547e8e51182d32f1912f97a3e53f4899ea6be - # cf https://reviews.llvm.org/D110365 - padlen = 8 - (v7_header.BinaryIdsSize % 8) - v7_header = v7_header._replace(BinaryIdsSize=v7_header.BinaryIdsSize + - padlen) - data = data[:16] + struct.pack('Q', v7_header.BinaryIdsSize) + data[24:] - data = data[:88 + v7_header.BinaryIdsSize] + bytes( - padlen) + data[88 + v7_header.BinaryIdsSize:] - - if v7_header.CountersDelta != sect_prf_cnts - sect_prf_data: - # Rust linking seems to add an offset... - sect_prf_data = v7_header.CountersDelta - sect_prf_cnts + sect_prf_data - sect_prf_cnts = v7_header.CountersDelta - - dataref = sect_prf_data - relativize_address(data, 64, dataref, sect_prf_cnts, sect_prf_data) - - offset = 88 + v7_header.BinaryIdsSize - # This also works for C+Rust binaries compiled with - # clang-14/rust-nightly-clang-13. - for _ in range(v7_header.DataSize): - # 16 is the offset of CounterPtr in ProfrawData structure. - relativize_address(data, offset + 16, dataref, sect_prf_cnts, sect_prf_data) - # We need this because of CountersDelta -= sizeof(*SrcData); - # seen in __llvm_profile_merge_from_buffer. - dataref += 44 + 2 * (v7_header.ValueKindLast + 1) - # This is the size of one ProfrawData structure. - offset += 44 + 2 * (v7_header.ValueKindLast + 1) - - return data - - -def main(): - """Helper script for upgrading a profraw file to latest version.""" - if len(sys.argv) != 4: - sys.stderr.write('Usage: %s <binary> <profraw> <output>\n' % sys.argv[0]) - return 1 - - # First find llvm profile sections addresses in the elf, quick and dirty. - process = subprocess.Popen(['readelf', '-S', sys.argv[1]], - stdout=subprocess.PIPE) - output, err = process.communicate() - if err: - print('readelf failed') - return 2 - for line in iter(output.split(b'\n')): - if b'__llvm_prf_cnts' in line: - sect_prf_cnts = int(line.split()[4], 16) - elif b'__llvm_prf_data' in line: - sect_prf_data = int(line.split()[4], 16) - - # Then open and read the input profraw file. - with open(sys.argv[2], 'rb') as input_file: - profraw_base = bytearray(input_file.read()) - # Do the upgrade, returning a bytes object. - profraw_latest = upgrade(profraw_base, sect_prf_cnts, sect_prf_data) - # Write the output to the file given to the command line. - with open(sys.argv[3], 'wb') as output_file: - output_file.write(profraw_latest) - - return 0 - - -if __name__ == '__main__': - sys.exit(main()) diff --git a/infra/base-images/base-runner/run_fuzzer b/infra/base-images/base-runner/run_fuzzer index 426688ea3..b9bc8d9d6 100755 --- a/infra/base-images/base-runner/run_fuzzer +++ b/infra/base-images/base-runner/run_fuzzer @@ -26,14 +26,7 @@ DEBUGGER=${DEBUGGER:-} FUZZER=$1 shift -# This env var is set by CIFuzz. CIFuzz fills this directory with the corpus -# from ClusterFuzz. -CORPUS_DIR=${CORPUS_DIR:-} -if [ -z "$CORPUS_DIR" ] -then - CORPUS_DIR="/tmp/${FUZZER}_corpus" - rm -rf $CORPUS_DIR && mkdir -p $CORPUS_DIR -fi +CORPUS_DIR=${CORPUS_DIR:-"/tmp/${FUZZER}_corpus"} SANITIZER=${SANITIZER:-} if [ -z $SANITIZER ]; then @@ -70,13 +63,14 @@ function get_dictionary() { fi } +rm -rf $CORPUS_DIR && mkdir -p $CORPUS_DIR rm -rf $FUZZER_OUT && mkdir -p $FUZZER_OUT SEED_CORPUS="${FUZZER}_seed_corpus.zip" if [ -f $SEED_CORPUS ] && [ -z ${SKIP_SEED_CORPUS:-} ]; then echo "Using seed corpus: $SEED_CORPUS" - unzip -o -d ${CORPUS_DIR}/ $SEED_CORPUS > /dev/null + unzip -d ${CORPUS_DIR}/ $SEED_CORPUS > /dev/null fi OPTIONS_FILE="${FUZZER}.options" @@ -109,18 +103,19 @@ if [[ "$FUZZING_ENGINE" = afl ]]; then export UBSAN_OPTIONS="$UBSAN_OPTIONS:symbolize=0" export AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 export AFL_SKIP_CPUFREQ=1 - export AFL_TRY_AFFINITY=1 + export AFL_NO_AFFINITY=1 export AFL_FAST_CAL=1 - export AFL_CMPLOG_ONLY_NEW=1 - export AFL_FORKSRV_INIT_TMOUT=30000 # If $OUT/afl_cmplog.txt is present this means the target was compiled for - # CMPLOG. So we have to add the proper parameters to afl-fuzz. - test -e "$OUT/afl_cmplog.txt" && AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -c $OUT/$FUZZER" + # CMPLOG. So we have to add the proper parameters to afl-fuzz. `-l 2` is + # CMPLOG level 2, which will colorize larger files but not huge files and + # not enable transform analysis unless there have been several cycles without + # any finds. + test -e "$OUT/afl_cmplog.txt" && AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -l 2 -c $OUT/$FUZZER" # If $OUT/afl++.dict we load it as a dictionary for afl-fuzz. test -e "$OUT/afl++.dict" && AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -x $OUT/afl++.dict" - # Ensure timeout is a bit larger than 1sec as some of the OSS-Fuzz fuzzers - # are slower than this. - AFL_FUZZER_ARGS="$FUZZER_ARGS $AFL_FUZZER_ARGS -t 5000+" + # Ensure timeout is a bit large than 1sec as some of the OSS-Fuzz fuzzers + # are slower than this. + AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -t 5000+" # AFL expects at least 1 file in the input dir. echo input > ${CORPUS_DIR}/input echo afl++ setup: @@ -140,7 +135,7 @@ elif [[ "$FUZZING_ENGINE" = honggfuzz ]]; then # -P: use persistent mode of fuzzing (i.e. LLVMFuzzerTestOneInput) # -f: location of the initial (and destination) file corpus # -n: number of fuzzing threads (and processes) - CMD_LINE="$OUT/honggfuzz -n 1 --exit_upon_crash -R /tmp/${FUZZER}_honggfuzz.report -W $FUZZER_OUT -v -z -P -f \"$CORPUS_DIR\" $(get_dictionary) $FUZZER_ARGS $* -- \"$OUT/$FUZZER\"" + CMD_LINE="$OUT/honggfuzz -n 1 --exit_upon_crash -R /tmp/${FUZZER}_honggfuzz.report -W $FUZZER_OUT -v -z -P -f \"$CORPUS_DIR\" $(get_dictionary) $* -- \"$OUT/$FUZZER\"" else diff --git a/infra/base-images/base-runner/targets_list b/infra/base-images/base-runner/targets_list index 95615c811..d35534258 100755 --- a/infra/base-images/base-runner/targets_list +++ b/infra/base-images/base-runner/targets_list @@ -2,8 +2,7 @@ for binary in $(find $OUT/ -executable -type f); do [[ "$binary" != *.so ]] || continue - [[ $(basename "$binary") != jazzer_driver* ]] || continue - file "$binary" | grep -e ELF -e "shell script" > /dev/null 2>&1 || continue + file "$binary" | grep ELF > /dev/null 2>&1 || continue grep "LLVMFuzzerTestOneInput" "$binary" > /dev/null 2>&1 || continue basename "$binary" diff --git a/infra/base-images/base-runner/test_all.py b/infra/base-images/base-runner/test_all.py index 16dfcbfa9..925ebde69 100755 --- a/infra/base-images/base-runner/test_all.py +++ b/infra/base-images/base-runner/test_all.py @@ -20,12 +20,12 @@ import contextlib import multiprocessing import os import re +import shutil import subprocess import stat import sys -import tempfile -BASE_TMP_FUZZER_DIR = '/tmp/not-out' +TMP_FUZZER_DIR = '/tmp/not-out' EXECUTABLE = stat.S_IEXEC | stat.S_IXGRP | stat.S_IXOTH @@ -37,6 +37,14 @@ IGNORED_TARGETS = [ IGNORED_TARGETS_RE = re.compile('^' + r'$|^'.join(IGNORED_TARGETS) + '$') +def recreate_directory(directory): + """Creates |directory|. If it already exists than deletes it first before + creating.""" + if os.path.exists(directory): + shutil.rmtree(directory) + os.mkdir(directory) + + def move_directory_contents(src_directory, dst_directory): """Moves contents of |src_directory| to |dst_directory|.""" # Use mv because mv preserves file permissions. If we don't preserve file @@ -59,15 +67,7 @@ def is_elf(filepath): return b'ELF' in result.stdout -def is_shell_script(filepath): - """Returns True if |filepath| is a shell script.""" - result = subprocess.run(['file', filepath], - stdout=subprocess.PIPE, - check=False) - return b'shell script' in result.stdout - - -def find_fuzz_targets(directory): +def find_fuzz_targets(directory, fuzzing_language): """Returns paths to fuzz targets in |directory|.""" # TODO(https://github.com/google/oss-fuzz/issues/4585): Use libClusterFuzz for # this. @@ -84,10 +84,10 @@ def find_fuzz_targets(directory): continue if not os.stat(path).st_mode & EXECUTABLE: continue - # Fuzz targets can either be ELF binaries or shell scripts (e.g. wrapper - # scripts for Python and JVM targets or rules_fuzzing builds with runfiles - # trees). - if not is_elf(path) and not is_shell_script(path): + # Fuzz targets are expected to be ELF binaries for languages other than + # Python and Java. + if (fuzzing_language != 'python' and fuzzing_language != 'jvm' and + not is_elf(path)): continue if os.getenv('FUZZING_ENGINE') != 'none': with open(path, 'rb') as file_handle: @@ -132,66 +132,51 @@ def has_ignored_targets(out_dir): @contextlib.contextmanager def use_different_out_dir(): - """Context manager that moves OUT to subdirectory of BASE_TMP_FUZZER_DIR. This - is useful for catching hardcoding. Note that this sets the environment - variable OUT and therefore must be run before multiprocessing.Pool is created. - Resets OUT at the end.""" + """Context manager that moves OUT to TMP_FUZZER_DIR. This is useful for + catching hardcoding. Note that this sets the environment variable OUT and + therefore must be run before multiprocessing.Pool is created. Resets OUT at + the end.""" # Use a fake OUT directory to catch path hardcoding that breaks on # ClusterFuzz. - initial_out = os.getenv('OUT') - os.makedirs(BASE_TMP_FUZZER_DIR, exist_ok=True) - # Use a random subdirectory of BASE_TMP_FUZZER_DIR to allow running multiple - # instances of test_all in parallel (useful for integration testing). - with tempfile.TemporaryDirectory(dir=BASE_TMP_FUZZER_DIR) as out: - # Set this so that run_fuzzer which is called by bad_build_check works - # properly. - os.environ['OUT'] = out - # We move the contents of the directory because we can't move the - # directory itself because it is a mount. - move_directory_contents(initial_out, out) - try: - yield out - finally: - move_directory_contents(out, initial_out) - os.environ['OUT'] = initial_out - - -def test_all_outside_out(allowed_broken_targets_percentage): + out = os.getenv('OUT') + initial_out = out + recreate_directory(TMP_FUZZER_DIR) + out = TMP_FUZZER_DIR + # Set this so that run_fuzzer which is called by bad_build_check works + # properly. + os.environ['OUT'] = out + # We move the contents of the directory because we can't move the + # directory itself because it is a mount. + move_directory_contents(initial_out, out) + try: + yield out + finally: + move_directory_contents(out, initial_out) + shutil.rmtree(out) + os.environ['OUT'] = initial_out + + +def test_all_outside_out(fuzzing_language, allowed_broken_targets_percentage): """Wrapper around test_all that changes OUT and returns the result.""" with use_different_out_dir() as out: - return test_all(out, allowed_broken_targets_percentage) + return test_all(out, fuzzing_language, allowed_broken_targets_percentage) -def test_all(out, allowed_broken_targets_percentage): +def test_all(out, fuzzing_language, allowed_broken_targets_percentage): """Do bad_build_check on all fuzz targets.""" # TODO(metzman): Refactor so that we can convert test_one to python. - fuzz_targets = find_fuzz_targets(out) + fuzz_targets = find_fuzz_targets(out, fuzzing_language) if not fuzz_targets: print('ERROR: No fuzz targets found.') return False pool = multiprocessing.Pool() bad_build_results = pool.map(do_bad_build_check, fuzz_targets) - pool.close() - pool.join() broken_targets = get_broken_fuzz_targets(bad_build_results, fuzz_targets) broken_targets_count = len(broken_targets) if not broken_targets_count: return True - print('Retrying failed fuzz targets sequentially', broken_targets_count) - pool = multiprocessing.Pool(1) - retry_targets = [] - for broken_target, result in broken_targets: - retry_targets.append(broken_target) - bad_build_results = pool.map(do_bad_build_check, retry_targets) - pool.close() - pool.join() - broken_targets = get_broken_fuzz_targets(bad_build_results, broken_targets) - broken_targets_count = len(broken_targets) - if not broken_targets_count: - return True - print('Broken fuzz targets', broken_targets_count) total_targets_count = len(fuzz_targets) broken_targets_percentage = 100 * broken_targets_count / total_targets_count @@ -226,8 +211,11 @@ def get_allowed_broken_targets_percentage(): def main(): """Does bad_build_check on all fuzz targets in parallel. Returns 0 on success. Returns 1 on failure.""" + # Set these environment variables here so that stdout + fuzzing_language = os.getenv('FUZZING_LANGUAGE') allowed_broken_targets_percentage = get_allowed_broken_targets_percentage() - if not test_all_outside_out(allowed_broken_targets_percentage): + if not test_all_outside_out(fuzzing_language, + allowed_broken_targets_percentage): return 1 return 0 diff --git a/infra/base-images/base-runner/test_all_test.py b/infra/base-images/base-runner/test_all_test.py index b3077ec1e..3771ec231 100644 --- a/infra/base-images/base-runner/test_all_test.py +++ b/infra/base-images/base-runner/test_all_test.py @@ -25,13 +25,15 @@ class TestTestAll(unittest.TestCase): @mock.patch('test_all.find_fuzz_targets', return_value=[]) @mock.patch('builtins.print') - def test_test_all_no_fuzz_targets(self, mock_print, _): + def test_test_all_no_fuzz_targets(self, mocked_print, _): """Tests that test_all returns False when there are no fuzz targets.""" outdir = '/out' + fuzzing_language = 'c++' allowed_broken_targets_percentage = 0 self.assertFalse( - test_all.test_all(outdir, allowed_broken_targets_percentage)) - mock_print.assert_called_with('ERROR: No fuzz targets found.') + test_all.test_all(outdir, fuzzing_language, + allowed_broken_targets_percentage)) + mocked_print.assert_called_with('ERROR: No fuzz targets found.') if __name__ == '__main__': diff --git a/infra/base-images/base-builder-python/Dockerfile b/infra/base-images/base-sanitizer-libs-builder/Dockerfile index 749b4d59e..b1a17b96c 100644 --- a/infra/base-images/base-builder-python/Dockerfile +++ b/infra/base-images/base-sanitizer-libs-builder/Dockerfile @@ -1,4 +1,4 @@ -# Copyright 2021 Google LLC +# Copyright 2017 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,6 +14,9 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-clang +RUN sed -i -r 's/#\s*deb-src/deb-src/g' /etc/apt/sources.list +RUN apt-get update && apt-get install -y python dpkg-dev patchelf python-apt zip -RUN install_python.sh +COPY compiler_wrapper.py msan_build.py patch_build.py wrapper_utils.py /usr/local/bin/ +COPY packages /usr/local/bin/packages diff --git a/infra/base-images/base-sanitizer-libs-builder/compiler_wrapper.py b/infra/base-images/base-sanitizer-libs-builder/compiler_wrapper.py new file mode 100755 index 000000000..04aa4207c --- /dev/null +++ b/infra/base-images/base-sanitizer-libs-builder/compiler_wrapper.py @@ -0,0 +1,175 @@ +#!/usr/bin/env python +# Copyright 2017 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +from __future__ import print_function +import os +import subprocess +import sys + +import msan_build + +GCC_ONLY_ARGS = [ + '-aux-info', +] + + +def InvokedAsGcc(): + """Return whether or not we're pretending to be GCC.""" + return sys.argv[0].endswith('gcc') or sys.argv[0].endswith('g++') + + +def Is32Bit(args): + """Return whether or not we're 32-bit.""" + M32_BIT_ARGS = [ + '-m32', + '-mx32', + ] + + return any(arg in M32_BIT_ARGS for arg in args) + + +def FilterWlArg(arg): + """Remove -z,defs and equivalents from a single -Wl option.""" + parts = arg.split(',')[1:] + + filtered = [] + for part in parts: + if part == 'defs': + removed = filtered.pop() + assert removed == '-z' + continue + + if part == '--no-undefined': + continue + + filtered.append(part) + + if filtered: + return '-Wl,' + ','.join(filtered) + + # Filtered entire argument. + return None + + +def _RemoveLastMatching(l, find): + for i in xrange(len(l) - 1, -1, -1): + if l[i] == find: + del l[i] + return + + raise IndexError('Not found') + + +def RemoveZDefs(args): + """Remove unsupported -Wl,-z,defs linker option.""" + filtered = [] + + for arg in args: + if arg == '-Wl,defs': + _RemoveLastMatching(filtered, '-Wl,-z') + continue + + if arg == '-Wl,--no-undefined': + continue + + if arg.startswith('-Wl,'): + arg = FilterWlArg(arg) + if not arg: + continue + + filtered.append(arg) + + return filtered + + +def GetCompilerArgs(args, is_cxx): + """Generate compiler args.""" + compiler_args = args[1:] + + if Is32Bit(args): + # 32 bit builds not supported. + compiler_args.extend([ + '-fno-sanitize=memory', + '-fno-sanitize-memory-track-origins', + ]) + + return compiler_args + + compiler_args = RemoveZDefs(compiler_args) + compiler_args.extend([ + # FORTIFY_SOURCE is not supported by sanitizers. + '-U_FORTIFY_SOURCE', + '-Wp,-U_FORTIFY_SOURCE', + # Reduce binary size. + '-gline-tables-only', + # Disable all warnings. + '-w', + # LTO isn't supported. + '-fno-lto', + ]) + + if InvokedAsGcc(): + compiler_args.extend([ + # For better compatibility with flags passed via -Wa,... + '-fno-integrated-as', + ]) + + if '-fsanitize=memory' not in args: + # If MSan flags weren't added for some reason, add them here. + compiler_args.extend(msan_build.GetInjectedFlags()) + + if is_cxx: + compiler_args.append('-stdlib=libc++') + + return compiler_args + + +def FindRealClang(): + """Return path to real clang.""" + return os.environ['REAL_CLANG_PATH'] + + +def FallbackToGcc(args): + """Check whether if we should fall back to GCC.""" + if not InvokedAsGcc(): + return False + + return any(arg in GCC_ONLY_ARGS for arg in args[1:]) + + +def main(args): + if FallbackToGcc(args): + sys.exit(subprocess.call(['/usr/bin/' + os.path.basename(args[0])] + + args[1:])) + + is_cxx = args[0].endswith('++') + real_clang = FindRealClang() + + if is_cxx: + real_clang += '++' + + args = [real_clang] + GetCompilerArgs(args, is_cxx) + debug_log_path = os.getenv('WRAPPER_DEBUG_LOG_PATH') + if debug_log_path: + with open(debug_log_path, 'a') as f: + f.write(str(args) + '\n') + + sys.exit(subprocess.call(args)) + + +if __name__ == '__main__': + main(sys.argv) diff --git a/infra/base-images/base-sanitizer-libs-builder/compiler_wrapper_test.py b/infra/base-images/base-sanitizer-libs-builder/compiler_wrapper_test.py new file mode 100644 index 000000000..a05592d38 --- /dev/null +++ b/infra/base-images/base-sanitizer-libs-builder/compiler_wrapper_test.py @@ -0,0 +1,42 @@ +"""Tests for compiler_wrapper.""" + +from __future__ import print_function + +import unittest + +import compiler_wrapper + + +class CompilerWrapperTest(unittest.TestCase): + + def testFilterZDefs(self): + self.assertListEqual( + ['arg'], + compiler_wrapper.RemoveZDefs(['arg', '-Wl,-z,defs'])) + + self.assertListEqual( + ['arg'], + compiler_wrapper.RemoveZDefs(['arg', '-Wl,-z,--no-undefined'])) + + self.assertListEqual( + ['arg', '-Wl,-z,relro'], + compiler_wrapper.RemoveZDefs(['arg', '-Wl,-z,relro'])) + + self.assertListEqual( + ['arg', '-Wl,-soname,lib.so.1,-z,relro'], + compiler_wrapper.RemoveZDefs(['arg', '-Wl,-soname,lib.so.1,-z,defs,-z,relro'])) + + self.assertListEqual( + ['arg', '-Wl,-z,relro'], + compiler_wrapper.RemoveZDefs(['arg', '-Wl,-z,relro,-z,defs'])) + + self.assertListEqual( + ['arg'], + compiler_wrapper.RemoveZDefs(['arg', '-Wl,-z', '-Wl,defs'])) + + self.assertListEqual( + ['arg', 'arg2'], + compiler_wrapper.RemoveZDefs(['arg', '-Wl,-z', 'arg2', '-Wl,--no-undefined'])) + +if __name__ == '__main__': + unittest.main() diff --git a/infra/base-images/base-sanitizer-libs-builder/msan_build.py b/infra/base-images/base-sanitizer-libs-builder/msan_build.py new file mode 100755 index 000000000..5ea00ab10 --- /dev/null +++ b/infra/base-images/base-sanitizer-libs-builder/msan_build.py @@ -0,0 +1,460 @@ +#!/usr/bin/env python +# Copyright 2017 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +from __future__ import print_function +import argparse +import imp +import os +import multiprocessing +import resource +import shutil +import subprocess +import tempfile + +import apt +from apt import debfile + +from packages import package +import wrapper_utils + +SCRIPT_DIR = os.path.dirname(os.path.realpath(__file__)) +PACKAGES_DIR = os.path.join(SCRIPT_DIR, 'packages') + +TRACK_ORIGINS_ARG = '-fsanitize-memory-track-origins=' + +INJECTED_ARGS = [ + '-fsanitize=memory', + '-fsanitize-recover=memory', + '-fPIC', + '-fno-omit-frame-pointer', +] + + +class MSanBuildException(Exception): + """Base exception.""" + + +def GetTrackOriginsFlag(): + """Get the track origins flag.""" + if os.getenv('MSAN_NO_TRACK_ORIGINS'): + return TRACK_ORIGINS_ARG + '0' + + return TRACK_ORIGINS_ARG + '2' + + +def GetInjectedFlags(): + return INJECTED_ARGS + [GetTrackOriginsFlag()] + + +def SetUpEnvironment(work_dir): + """Set up build environment.""" + env = {} + env['REAL_CLANG_PATH'] = subprocess.check_output(['which', 'clang']).strip() + print('Real clang at', env['REAL_CLANG_PATH']) + compiler_wrapper_path = os.path.join(SCRIPT_DIR, 'compiler_wrapper.py') + + # Symlink binaries into TMP/bin + bin_dir = os.path.join(work_dir, 'bin') + os.mkdir(bin_dir) + + dpkg_host_architecture = wrapper_utils.DpkgHostArchitecture() + wrapper_utils.CreateSymlinks( + compiler_wrapper_path, + bin_dir, + [ + 'clang', + 'clang++', + # Not all build rules respect $CC/$CXX, so make additional symlinks. + 'gcc', + 'g++', + 'cc', + 'c++', + dpkg_host_architecture + '-gcc', + dpkg_host_architecture + '-g++', + ]) + + env['CC'] = os.path.join(bin_dir, 'clang') + env['CXX'] = os.path.join(bin_dir, 'clang++') + + MSAN_OPTIONS = ' '.join(GetInjectedFlags()) + + # We don't use nostrip because some build rules incorrectly break when it is + # passed. Instead we install our own no-op strip binaries. + env['DEB_BUILD_OPTIONS'] = ('nocheck parallel=%d' % + multiprocessing.cpu_count()) + env['DEB_CFLAGS_APPEND'] = MSAN_OPTIONS + env['DEB_CXXFLAGS_APPEND'] = MSAN_OPTIONS + ' -stdlib=libc++' + env['DEB_CPPFLAGS_APPEND'] = MSAN_OPTIONS + env['DEB_LDFLAGS_APPEND'] = MSAN_OPTIONS + env['DPKG_GENSYMBOLS_CHECK_LEVEL'] = '0' + + # debian/rules can set DPKG_GENSYMBOLS_CHECK_LEVEL explicitly, so override it. + gen_symbols_wrapper = ('#!/bin/sh\n' + 'export DPKG_GENSYMBOLS_CHECK_LEVEL=0\n' + '/usr/bin/dpkg-gensymbols "$@"\n') + + wrapper_utils.InstallWrapper(bin_dir, 'dpkg-gensymbols', gen_symbols_wrapper) + + # Install no-op strip binaries. + no_op_strip = ('#!/bin/sh\n' 'exit 0\n') + wrapper_utils.InstallWrapper(bin_dir, 'strip', no_op_strip, + [dpkg_host_architecture + '-strip']) + + env['PATH'] = bin_dir + ':' + os.environ['PATH'] + + # nocheck doesn't disable override_dh_auto_test. So we have this hack to try + # to disable "make check" or "make test" invocations. + make_wrapper = ('#!/bin/bash\n' + 'if [ "$1" = "test" ] || [ "$1" = "check" ]; then\n' + ' exit 0\n' + 'fi\n' + '/usr/bin/make "$@"\n') + wrapper_utils.InstallWrapper(bin_dir, 'make', make_wrapper) + + # Prevent entire build from failing because of bugs/uninstrumented in tools + # that are part of the build. + msan_log_dir = os.path.join(work_dir, 'msan') + os.mkdir(msan_log_dir) + msan_log_path = os.path.join(msan_log_dir, 'log') + env['MSAN_OPTIONS'] = ('halt_on_error=0:exitcode=0:report_umrs=0:log_path=' + + msan_log_path) + + # Increase maximum stack size to prevent tests from failing. + limit = 128 * 1024 * 1024 + resource.setrlimit(resource.RLIMIT_STACK, (limit, limit)) + return env + + +def FindPackageDebs(package_name, work_directory): + """Find package debs.""" + deb_paths = [] + cache = apt.Cache() + + for filename in os.listdir(work_directory): + file_path = os.path.join(work_directory, filename) + if not file_path.endswith('.deb'): + continue + + # Matching package name. + deb = debfile.DebPackage(file_path) + if deb.pkgname == package_name: + deb_paths.append(file_path) + continue + + # Also include -dev packages that depend on the runtime package. + pkg = cache[deb.pkgname] + if pkg.section != 'libdevel' and pkg.section != 'universe/libdevel': + continue + + # But ignore -dbg packages. + if deb.pkgname.endswith('-dbg'): + continue + + for dependency in deb.depends: + if any(dep[0] == package_name for dep in dependency): + deb_paths.append(file_path) + break + + return deb_paths + + +def ExtractLibraries(deb_paths, work_directory, output_directory): + """Extract libraries from .deb packages.""" + extract_directory = os.path.join(work_directory, 'extracted') + if os.path.exists(extract_directory): + shutil.rmtree(extract_directory, ignore_errors=True) + + os.mkdir(extract_directory) + + for deb_path in deb_paths: + subprocess.check_call(['dpkg-deb', '-x', deb_path, extract_directory]) + + extracted = [] + for root, _, filenames in os.walk(extract_directory): + if 'libx32' in root or 'lib32' in root: + continue + + for filename in filenames: + if (not filename.endswith('.so') and '.so.' not in filename and + not filename.endswith('.a') and '.a' not in filename): + continue + + file_path = os.path.join(root, filename) + rel_file_path = os.path.relpath(file_path, extract_directory) + rel_directory = os.path.dirname(rel_file_path) + + target_dir = os.path.join(output_directory, rel_directory) + if not os.path.exists(target_dir): + os.makedirs(target_dir) + + target_file_path = os.path.join(output_directory, rel_file_path) + extracted.append(target_file_path) + + if os.path.lexists(target_file_path): + os.remove(target_file_path) + + if os.path.islink(file_path): + link_path = os.readlink(file_path) + if os.path.isabs(link_path): + # Make absolute links relative. + link_path = os.path.relpath(link_path, + os.path.join('/', rel_directory)) + + os.symlink(link_path, target_file_path) + else: + shutil.copy2(file_path, target_file_path) + + return extracted + + +def GetPackage(package_name): + apt_cache = apt.Cache() + version = apt_cache[package_name].candidate + source_name = version.source_name + local_source_name = source_name.replace('.', '_') + + custom_package_path = os.path.join(PACKAGES_DIR, local_source_name) + '.py' + if not os.path.exists(custom_package_path): + print('Using default package build steps.') + return package.Package(source_name, version) + + print('Using custom package build steps.') + module = imp.load_source('packages.' + local_source_name, custom_package_path) + return module.Package(version) + + +def PatchRpath(path, output_directory): + """Patch rpath to be relative to $ORIGIN.""" + try: + rpaths = subprocess.check_output(['patchelf', '--print-rpath', + path]).strip() + except subprocess.CalledProcessError: + return + + if not rpaths: + return + + processed_rpath = [] + rel_directory = os.path.join( + '/', os.path.dirname(os.path.relpath(path, output_directory))) + + for rpath in rpaths.split(':'): + if '$ORIGIN' in rpath: + # Already relative. + processed_rpath.append(rpath) + continue + + processed_rpath.append( + os.path.join('$ORIGIN', os.path.relpath(rpath, rel_directory))) + + processed_rpath = ':'.join(processed_rpath) + print('Patching rpath for', path, 'to', processed_rpath) + subprocess.check_call( + ['patchelf', '--force-rpath', '--set-rpath', processed_rpath, path]) + + +def _CollectDependencies(apt_cache, pkg, cache, dependencies): + """Collect dependencies that need to be built.""" + C_OR_CXX_DEPS = [ + 'libc++1', + 'libc6', + 'libc++abi1', + 'libgcc1', + 'libstdc++6', + ] + + BLACKLISTED_PACKAGES = [ + 'libcapnp-0.5.3', # fails to compile on newer clang. + 'libllvm5.0', + 'libmircore1', + 'libmircommon7', + 'libmirclient9', + 'libmirprotobuf3', + 'multiarch-support', + ] + + if pkg.name in BLACKLISTED_PACKAGES: + return False + + if pkg.section != 'libs' and pkg.section != 'universe/libs': + return False + + if pkg.name in C_OR_CXX_DEPS: + return True + + is_c_or_cxx = False + for dependency in pkg.candidate.dependencies: + dependency = dependency[0] + + if dependency.name in cache: + is_c_or_cxx |= cache[dependency.name] + else: + is_c_or_cxx |= _CollectDependencies(apt_cache, apt_cache[dependency.name], + cache, dependencies) + if is_c_or_cxx: + dependencies.append(pkg.name) + + cache[pkg.name] = is_c_or_cxx + return is_c_or_cxx + + +def GetBuildList(package_name): + """Get list of packages that need to be built including dependencies.""" + apt_cache = apt.Cache() + pkg = apt_cache[package_name] + + dependencies = [] + _CollectDependencies(apt_cache, pkg, {}, dependencies) + return dependencies + + +class MSanBuilder(object): + """MSan builder.""" + + def __init__(self, + debug=False, + log_path=None, + work_dir=None, + no_track_origins=False): + self.debug = debug + self.log_path = log_path + self.work_dir = work_dir + self.no_track_origins = no_track_origins + self.env = None + + def __enter__(self): + if not self.work_dir: + self.work_dir = tempfile.mkdtemp(dir=self.work_dir) + + if os.path.exists(self.work_dir): + shutil.rmtree(self.work_dir, ignore_errors=True) + + os.makedirs(self.work_dir) + self.env = SetUpEnvironment(self.work_dir) + + if self.debug and self.log_path: + self.env['WRAPPER_DEBUG_LOG_PATH'] = self.log_path + + if self.no_track_origins: + self.env['MSAN_NO_TRACK_ORIGINS'] = '1' + + return self + + def __exit__(self, exc_type, exc_value, traceback): + if not self.debug: + shutil.rmtree(self.work_dir, ignore_errors=True) + + def Build(self, package_name, output_directory, create_subdirs=False): + """Build the package and write results into the output directory.""" + deb_paths = FindPackageDebs(package_name, self.work_dir) + if deb_paths: + print('Source package already built for', package_name) + else: + pkg = GetPackage(package_name) + + pkg.InstallBuildDeps() + source_directory = pkg.DownloadSource(self.work_dir) + print('Source downloaded to', source_directory) + + # custom bin directory for custom build scripts to write wrappers. + custom_bin_dir = os.path.join(self.work_dir, package_name + '_bin') + os.mkdir(custom_bin_dir) + env = self.env.copy() + env['PATH'] = custom_bin_dir + ':' + env['PATH'] + + pkg.Build(source_directory, env, custom_bin_dir) + shutil.rmtree(custom_bin_dir, ignore_errors=True) + + deb_paths = FindPackageDebs(package_name, self.work_dir) + + if not deb_paths: + raise MSanBuildException('Failed to find .deb packages.') + + print('Extracting', ' '.join(deb_paths)) + + if create_subdirs: + extract_directory = os.path.join(output_directory, package_name) + else: + extract_directory = output_directory + + extracted_paths = ExtractLibraries(deb_paths, self.work_dir, + extract_directory) + for extracted_path in extracted_paths: + if os.path.islink(extracted_path): + continue + if os.path.basename(extracted_path) == 'llvm-symbolizer': + continue + PatchRpath(extracted_path, extract_directory) + + +def main(): + parser = argparse.ArgumentParser('msan_build.py', description='MSan builder.') + parser.add_argument('package_names', nargs='+', help='Name of the packages.') + parser.add_argument('output_dir', help='Output directory.') + parser.add_argument('--create-subdirs', + action='store_true', + help=('Create subdirectories in the output ' + 'directory for each package.')) + parser.add_argument('--work-dir', help='Work directory.') + parser.add_argument('--no-build-deps', + action='store_true', + help='Don\'t build dependencies.') + parser.add_argument('--debug', action='store_true', help='Enable debug mode.') + parser.add_argument('--log-path', help='Log path for debugging.') + parser.add_argument('--no-track-origins', + action='store_true', + help='Build with -fsanitize-memory-track-origins=0.') + args = parser.parse_args() + + if args.no_track_origins: + os.environ['MSAN_NO_TRACK_ORIGINS'] = '1' + + if not os.path.exists(args.output_dir): + os.makedirs(args.output_dir) + + if args.no_build_deps: + package_names = args.package_names + else: + all_packages = set() + package_names = [] + + # Get list of packages to build, including all dependencies. + for package_name in args.package_names: + for dep in GetBuildList(package_name): + if dep in all_packages: + continue + + if args.create_subdirs: + os.mkdir(os.path.join(args.output_dir, dep)) + + all_packages.add(dep) + package_names.append(dep) + + print('Going to build:') + for package_name in package_names: + print('\t', package_name) + + with MSanBuilder(debug=args.debug, + log_path=args.log_path, + work_dir=args.work_dir, + no_track_origins=args.no_track_origins) as builder: + for package_name in package_names: + builder.Build(package_name, args.output_dir, args.create_subdirs) + + +if __name__ == '__main__': + main() diff --git a/infra/base-images/base-sanitizer-libs-builder/packages/__init__.py b/infra/base-images/base-sanitizer-libs-builder/packages/__init__.py new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/infra/base-images/base-sanitizer-libs-builder/packages/__init__.py diff --git a/projects/lldb-eval/Dockerfile b/infra/base-images/base-sanitizer-libs-builder/packages/boost1_58.py index dc61ec34d..8071b7ecd 100644 --- a/projects/lldb-eval/Dockerfile +++ b/infra/base-images/base-sanitizer-libs-builder/packages/boost1_58.py @@ -1,4 +1,5 @@ -# Copyright 2021 Google LLC +#!/usr/bin/env python +# Copyright 2017 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,14 +15,15 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +import package -RUN apt-get update \ - && apt-get install -y wget git patchelf zlib1g-dev python libtinfo-dev --no-install-recommends -RUN git clone --depth 1 https://github.com/google/lldb-eval +class Package(package.Package): + """boost1.58 package.""" -COPY build.sh $SRC/ -COPY lldb_vs_lldb_eval_libfuzzer_test.options $SRC/ + def __init__(self, apt_version): + super(Package, self).__init__('boost1.58', apt_version) -WORKDIR $SRC/lldb-eval + def PreBuild(self, source_directory, env, custom_bin_dir): + # Otherwise py_nonblocking.cpp fails to build. + env['DEB_CXXFLAGS_APPEND'] += ' -std=c++98' diff --git a/projects/opensk/build.sh b/infra/base-images/base-sanitizer-libs-builder/packages/gnutls28.py index 4d2520946..f8407a668 100755..100644 --- a/projects/opensk/build.sh +++ b/infra/base-images/base-sanitizer-libs-builder/packages/gnutls28.py @@ -1,5 +1,5 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC +#!/usr/bin/env python +# Copyright 2017 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,26 +15,23 @@ # ################################################################################ -FUZZ_TARGET_OUTPUT_DIR=fuzz/target/x86_64-unknown-linux-gnu/release +import os +import shutil -build_and_copy() { - pushd "$1" - cargo +nightly fuzz build --release --debug-assertions - for f in fuzz/fuzz_targets/*.rs - do - cp ${FUZZ_TARGET_OUTPUT_DIR}/$(basename ${f%.*}) $OUT/ - done - popd -} +import package +import wrapper_utils -cd OpenSK -# Main OpenSK fuzzing targets -build_and_copy "." +class Package(package.Package): + """gnutls28 package.""" -# persistent storage library -build_and_copy libraries/persistent_store + def __init__(self, apt_version): + super(Package, self).__init__('gnutls28', apt_version) -# CBOR crate -build_and_copy libraries/cbor + def PreBuild(self, source_directory, env, custom_bin_dir): + configure_wrapper = ( + '#!/bin/bash\n' + '/usr/bin/dh_auto_configure "$@" --disable-hardware-acceleration') + wrapper_utils.InstallWrapper( + custom_bin_dir, 'dh_auto_configure', configure_wrapper) diff --git a/projects/boost-json/build.sh b/infra/base-images/base-sanitizer-libs-builder/packages/libgcrypt20.py index 75c3a1066..9d200af6f 100755..100644 --- a/projects/boost-json/build.sh +++ b/infra/base-images/base-sanitizer-libs-builder/packages/libgcrypt20.py @@ -1,4 +1,4 @@ -#!/bin/bash -eu +#!/usr/bin/env python # Copyright 2017 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,14 +15,23 @@ # ################################################################################ -./bootstrap.sh --with-libraries=json +import os +import shutil -echo "using clang : ossfuzz : $CXX : <compileflags>\"$CXXFLAGS\" <linkflags>\"$CXXFLAGS\" <linkflags>\"${LIB_FUZZING_ENGINE}\" ;" >user-config.jam +import package +import wrapper_utils -./b2 --user-config=user-config.jam --toolset=clang-ossfuzz --prefix=$OUT --with-json link=static install -for i in libs/json/fuzzing/*.cpp; do - fuzzer=$(basename $i .cpp) - $CXX $CXXFLAGS -pthread libs/json/fuzzing/$fuzzer.cpp -I $OUT/include/ $OUT/lib/*.a $LIB_FUZZING_ENGINE -o $OUT/$fuzzer -done +class Package(package.Package): + """libgcrypt20 package.""" + def __init__(self, apt_version): + super(Package, self).__init__('libgcrypt20', apt_version) + + def PreBuild(self, source_directory, env, custom_bin_dir): + configure_wrapper = ( + '#!/bin/bash\n' + '/usr/bin/dh_auto_configure "$@" --disable-asm') + + wrapper_utils.InstallWrapper( + custom_bin_dir, 'dh_auto_configure', configure_wrapper) diff --git a/infra/base-images/base-builder-jvm/Dockerfile b/infra/base-images/base-sanitizer-libs-builder/packages/mesa.py index f27478b35..ec2e9d217 100644 --- a/infra/base-images/base-builder-jvm/Dockerfile +++ b/infra/base-images/base-sanitizer-libs-builder/packages/mesa.py @@ -1,4 +1,5 @@ -# Copyright 2021 Google LLC +#!/usr/bin/env python +# Copyright 2017 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,11 +15,14 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +import package -ENV JAVA_HOME /usr/lib/jvm/java-15-openjdk-amd64 -ENV JVM_LD_LIBRARY_PATH $JAVA_HOME/lib/server -ENV PATH $PATH:$JAVA_HOME/bin -ENV JAZZER_API_PATH "/usr/local/lib/jazzer_api_deploy.jar" -RUN install_java.sh
\ No newline at end of file +class Package(package.Package): + """mesa package.""" + + def __init__(self, apt_version): + super(Package, self).__init__('mesa', apt_version) + + def PreBuild(self, source_directory, env, custom_bin_dir): + env['DEB_CXXFLAGS_APPEND'] += ' -std=c++11' diff --git a/infra/base-images/base-sanitizer-libs-builder/packages/nettle.py b/infra/base-images/base-sanitizer-libs-builder/packages/nettle.py new file mode 100644 index 000000000..e1b0e2f81 --- /dev/null +++ b/infra/base-images/base-sanitizer-libs-builder/packages/nettle.py @@ -0,0 +1,41 @@ +#!/usr/bin/env python +# Copyright 2017 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +import os +import shutil + +import package + + +def AddNoAsmArg(config_path): + """Add --disable-assembler to config scripts.""" + shutil.move(config_path, config_path + '.real') + with open(config_path, 'w') as f: + f.write( + '#!/bin/sh\n' + '%s.real --disable-assembler "$@"\n' % config_path) + os.chmod(config_path, 0755) + + +class Package(package.Package): + """nettle package.""" + + def __init__(self, apt_version): + super(Package, self).__init__('nettle', apt_version) + + def PreBuild(self, source_directory, env, custom_bin_dir): + AddNoAsmArg(os.path.join(source_directory, 'configure')) diff --git a/infra/base-images/base-sanitizer-libs-builder/packages/openssl.py b/infra/base-images/base-sanitizer-libs-builder/packages/openssl.py new file mode 100644 index 000000000..e24ccc588 --- /dev/null +++ b/infra/base-images/base-sanitizer-libs-builder/packages/openssl.py @@ -0,0 +1,42 @@ +#!/usr/bin/env python +# Copyright 2017 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +import os +import shutil + +import package + + +def AddNoAsmArg(config_path): + """Add --no-asm to config scripts.""" + shutil.move(config_path, config_path + '.real') + with open(config_path, 'w') as f: + f.write( + '#!/bin/sh\n' + '%s.real no-asm "$@"\n' % config_path) + os.chmod(config_path, 0755) + + +class Package(package.Package): + """openssl package.""" + + def __init__(self, apt_version): + super(Package, self).__init__('openssl', apt_version) + + def PreBuild(self, source_directory, env, custom_bin_dir): + AddNoAsmArg(os.path.join(source_directory, 'Configure')) + AddNoAsmArg(os.path.join(source_directory, 'config')) diff --git a/infra/base-images/base-sanitizer-libs-builder/packages/package.py b/infra/base-images/base-sanitizer-libs-builder/packages/package.py new file mode 100644 index 000000000..059c23587 --- /dev/null +++ b/infra/base-images/base-sanitizer-libs-builder/packages/package.py @@ -0,0 +1,82 @@ +#!/usr/bin/env python +# Copyright 2017 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +import os +import subprocess + +import apt + +SCRIPT_DIR = os.path.dirname(os.path.realpath(__file__)) + + +def ApplyPatch(source_directory, patch_name): + """Apply custom patch.""" + subprocess.check_call(['patch', '-p1', '-i', + os.path.join(SCRIPT_DIR, patch_name)], + cwd=source_directory) + + +class PackageException(Exception): + """Base package exception.""" + + +class Package(object): + """Base package.""" + + def __init__(self, name, apt_version): + self.name = name + self.apt_version = apt_version + + def PreBuild(self, source_directory, env, custom_bin_dir): + return + + def PostBuild(self, source_directory, env, custom_bin_dir): + return + + def PreDownload(self, download_directory): + return + + def PostDownload(self, source_directory): + return + + def InstallBuildDeps(self): + """Install build dependencies for a package.""" + subprocess.check_call(['apt-get', 'update']) + subprocess.check_call(['apt-get', 'build-dep', '-y', self.name]) + + # Reload package after update. + self.apt_version = ( + apt.Cache()[self.apt_version.package.name].candidate) + + def DownloadSource(self, download_directory): + """Download the source for a package.""" + self.PreDownload(download_directory) + + source_directory = self.apt_version.fetch_source(download_directory) + + self.PostDownload(source_directory) + return source_directory + + def Build(self, source_directory, env, custom_bin_dir): + """Build .deb packages.""" + self.PreBuild(source_directory, env, custom_bin_dir) + subprocess.check_call( + ['dpkg-buildpackage', '-us', '-uc', '-B'], + cwd=source_directory, env=env) + self.PostBuild(source_directory, env, custom_bin_dir) + + diff --git a/infra/base-images/base-sanitizer-libs-builder/packages/pixman.py b/infra/base-images/base-sanitizer-libs-builder/packages/pixman.py new file mode 100644 index 000000000..52512461e --- /dev/null +++ b/infra/base-images/base-sanitizer-libs-builder/packages/pixman.py @@ -0,0 +1,40 @@ +#!/usr/bin/env python +# Copyright 2017 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +import os +import shutil + +import package + + +class Package(package.Package): + """pixman package.""" + + def __init__(self, apt_version): + super(Package, self).__init__('pixman', apt_version) + + def PostDownload(self, source_directory): + # Incorrect checking of GCC vector extension availability. + os.system('sed s/support_for_gcc_vector_extensions=yes/' + 'support_for_gcc_vector_extensions=no/ -i %s/configure.ac' % + source_directory) + + def PreBuild(self, source_directory, env, custom_bin_dir): + blocklist_flag = ' -fsanitize-blacklist=' + os.path.join( + os.path.dirname(os.path.abspath(__file__)), 'pixman_blocklist.txt') + env['DEB_CXXFLAGS_APPEND'] += blocklist_flag + env['DEB_CFLAGS_APPEND'] += blocklist_flag diff --git a/infra/base-images/base-sanitizer-libs-builder/packages/pixman_blocklist.txt b/infra/base-images/base-sanitizer-libs-builder/packages/pixman_blocklist.txt new file mode 100644 index 000000000..69cf159dd --- /dev/null +++ b/infra/base-images/base-sanitizer-libs-builder/packages/pixman_blocklist.txt @@ -0,0 +1 @@ +src:*/pixman-sse2.c diff --git a/infra/base-images/base-sanitizer-libs-builder/packages/pulseaudio.py b/infra/base-images/base-sanitizer-libs-builder/packages/pulseaudio.py new file mode 100644 index 000000000..d3ce7a113 --- /dev/null +++ b/infra/base-images/base-sanitizer-libs-builder/packages/pulseaudio.py @@ -0,0 +1,42 @@ +#!/usr/bin/env python +# Copyright 2017 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +from __future__ import print_function +import glob +import os +import subprocess + +import package + + +class Package(package.Package): + """PulseAudio package.""" + + def __init__(self, apt_version): + super(Package, self).__init__('pulseaudio', apt_version) + + def PostDownload(self, source_directory): + """Remove blocklisted patches.""" + # Fix *droid* patches. + bad_patch_path = os.path.join( + source_directory, 'debian', 'patches', + '0600-droid-sync-with-upstream-for-Android-5-support-and-b.patch') + if not os.path.exists(bad_patch_path): + return + + print('Applying custom patches.') + package.ApplyPatch(source_directory, 'pulseaudio_fix_android.patch') diff --git a/infra/base-images/base-sanitizer-libs-builder/packages/pulseaudio_fix_android.patch b/infra/base-images/base-sanitizer-libs-builder/packages/pulseaudio_fix_android.patch new file mode 100644 index 000000000..e86f79823 --- /dev/null +++ b/infra/base-images/base-sanitizer-libs-builder/packages/pulseaudio_fix_android.patch @@ -0,0 +1,39 @@ +--- pulseaudio-8.0/src/modules/droid/module-droid-card.c 2017-11-27 22:09:42.533589970 +0000 ++++ pulseaudio-8.0.fixed/src/modules/droid/module-droid-card.c 2017-11-27 22:28:23.847250467 +0000 +@@ -66,10 +66,11 @@ + #include "droid-extcon.h" + #endif + +-#if ANDROID_VERSION_MAJOR == 4 && ANDROID_VERSION_MINOR == 2 ++#if ANDROID_VERSION_MAJOR == 4 && ANDROID_VERSION_MINOR == 4 + #include "module-droid-card-19-symdef.h" + #elif ANDROID_VERSION_MAJOR == 5 && ANDROID_VERSION_MINOR == 1 + #include "module-droid-card-22-symdef.h" ++#else + #endif + + PA_MODULE_AUTHOR("Juho Hämäläinen"); +diff -ru pulseaudio-8.0/src/modules/droid/module-droid-sink.c pulseaudio-8.0.fixed/src/modules/droid/module-droid-sink.c +--- pulseaudio-8.0/src/modules/droid/module-droid-sink.c 2017-11-27 22:09:42.533589970 +0000 ++++ pulseaudio-8.0.fixed/src/modules/droid/module-droid-sink.c 2017-11-27 22:29:53.776348900 +0000 +@@ -40,7 +40,7 @@ + #include "droid-util.h" + #include "droid-sink.h" + +-#if ANDROID_VERSION_MAJOR == 4 && ANDROID_VERSION_MINOR == 2 ++#if ANDROID_VERSION_MAJOR == 4 && ANDROID_VERSION_MINOR == 4 + #include "module-droid-sink-19-symdef.h" + #elif ANDROID_VERSION_MAJOR == 5 && ANDROID_VERSION_MINOR == 1 + #include "module-droid-sink-22-symdef.h" +diff -ru pulseaudio-8.0/src/modules/droid/module-droid-source.c pulseaudio-8.0.fixed/src/modules/droid/module-droid-source.c +--- pulseaudio-8.0/src/modules/droid/module-droid-source.c 2017-11-27 22:09:42.533589970 +0000 ++++ pulseaudio-8.0.fixed/src/modules/droid/module-droid-source.c 2017-11-27 22:30:03.920472828 +0000 +@@ -40,7 +40,7 @@ + #include "droid-util.h" + #include "droid-source.h" + +-#if ANDROID_VERSION_MAJOR == 4 && ANDROID_VERSION_MINOR == 2 ++#if ANDROID_VERSION_MAJOR == 4 && ANDROID_VERSION_MINOR == 4 + #include "module-droid-source-19-symdef.h" + #elif ANDROID_VERSION_MAJOR == 5 && ANDROID_VERSION_MINOR == 1 + #include "module-droid-source-22-symdef.h" diff --git a/projects/spdk/parse_json_fuzzer.cc b/infra/base-images/base-sanitizer-libs-builder/packages/sqlite3.py index 94304ba66..3e1a1070f 100644 --- a/projects/spdk/parse_json_fuzzer.cc +++ b/infra/base-images/base-sanitizer-libs-builder/packages/sqlite3.py @@ -1,5 +1,5 @@ -/* -# Copyright 2021 Google LLC +#!/usr/bin/env python +# Copyright 2017 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,21 +14,19 @@ # limitations under the License. # ################################################################################ -*/ -#include <stdlib.h> -#include "spdk/json.h" +import os -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) -{ - char *buf = (char *)malloc(size); - if (buf == NULL) { - return 0; - } - memcpy(buf, data, size); - ssize_t rc = spdk_json_parse(buf, size, NULL, 0, NULL, 0); +import package - free(buf); - return 0; -} +class Package(package.Package): + """sqlite3 package.""" + + def __init__(self, apt_version): + super(Package, self).__init__('sqlite3', apt_version) + + def PreBuild(self, source_directory, env, custom_bin_dir): + os.system( + 'sed -i "s/package ifneeded sqlite3//" %s/debian/rules' % + source_directory) diff --git a/infra/base-images/base-sanitizer-libs-builder/packages/systemd.py b/infra/base-images/base-sanitizer-libs-builder/packages/systemd.py new file mode 100644 index 000000000..5cb6d60be --- /dev/null +++ b/infra/base-images/base-sanitizer-libs-builder/packages/systemd.py @@ -0,0 +1,42 @@ +#!/usr/bin/env python +# Copyright 2017 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +from __future__ import print_function +import glob +import os +import subprocess + +import package +import wrapper_utils + + +class Package(package.Package): + """systemd package.""" + + def __init__(self, apt_version): + super(Package, self).__init__('systemd', apt_version) + + def PreBuild(self, source_directory, env, custom_bin_dir): + # Hide msan symbols from nm. the systemd build system uses this to find + # undefined symbols and errors out if it does. + nm_wrapper = ( + '#!/bin/bash\n' + '/usr/bin/nm "$@" | grep -E -v "U (__msan|memset)"\n' + 'exit ${PIPESTATUS[0]}\n') + + wrapper_utils.InstallWrapper(custom_bin_dir, 'nm', nm_wrapper, + [wrapper_utils.DpkgHostArchitecture() + '-nm']) diff --git a/projects/javaparser/Dockerfile b/infra/base-images/base-sanitizer-libs-builder/packages/tar.py index d0b8a74d3..74abd5c72 100644 --- a/projects/javaparser/Dockerfile +++ b/infra/base-images/base-sanitizer-libs-builder/packages/tar.py @@ -1,4 +1,5 @@ -# Copyright 2021 Google LLC +#!/usr/bin/env python +# Copyright 2017 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,13 +15,14 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-jvm +import package -RUN apt-get update && apt-get install -y maven -RUN git clone --depth 1 https://github.com/javaparser/javaparser -COPY build.sh $SRC/ +class Package(package.Package): + """tar package.""" -COPY *.java $SRC/ + def __init__(self, apt_version): + super(Package, self).__init__('tar', apt_version) -WORKDIR $SRC/javaparser + def PreBuild(self, source_directory, env, custom_bin_dir): + env['FORCE_UNSAFE_CONFIGURE'] = '1' diff --git a/infra/base-images/base-sanitizer-libs-builder/patch_build.py b/infra/base-images/base-sanitizer-libs-builder/patch_build.py new file mode 100755 index 000000000..cb1f4b1d7 --- /dev/null +++ b/infra/base-images/base-sanitizer-libs-builder/patch_build.py @@ -0,0 +1,143 @@ +#!/usr/bin/env python +# Copyright 2017 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +from __future__ import print_function +import argparse +import os +import re +import shutil +import subprocess +import sys + +INSTRUMENTED_LIBRARIES_DIRNAME = 'instrumented_libraries' +MSAN_LIBS_PATH = os.getenv('MSAN_LIBS_PATH', '/msan') + + +def IsElf(file_path): + """Whether if the file is an elf file.""" + with open(file_path) as f: + return f.read(4) == '\x7fELF' + + +def Ldd(binary_path): + """Run ldd on a file.""" + try: + output = subprocess.check_output(['ldd', binary_path], stderr=subprocess.STDOUT) + except subprocess.CalledProcessError: + print('Failed to call ldd on', binary_path, file=sys.stderr) + return [] + + libs = [] + + OUTPUT_PATTERN = re.compile(r'\s*([^\s]+)\s*=>\s*([^\s]+)') + for line in output.splitlines(): + match = OUTPUT_PATTERN.match(line) + if not match: + continue + + libs.append((match.group(1), match.group(2))) + + return libs + + +def FindLib(path): + """Find instrumented version of lib.""" + candidate_path = os.path.join(MSAN_LIBS_PATH, path[1:]) + if os.path.exists(candidate_path): + return candidate_path + + for lib_dir in os.listdir(MSAN_LIBS_PATH): + candidate_path = os.path.join(MSAN_LIBS_PATH, lib_dir, path[1:]) + if os.path.exists(candidate_path): + return candidate_path + + return None + + +def PatchBinary(binary_path, instrumented_dir): + """Patch binary to link to instrumented libs.""" + extra_rpaths = set() + + for name, path in Ldd(binary_path): + if not os.path.isabs(path): + continue + + instrumented_path = FindLib(path) + if not instrumented_path: + print('WARNING: Instrumented library not found for', path, + file=sys.stderr) + continue + + target_path = os.path.join(instrumented_dir, path[1:]) + if not os.path.exists(target_path): + print('Copying instrumented lib to', target_path) + target_dir = os.path.dirname(target_path) + if not os.path.exists(target_dir): + os.makedirs(target_dir) + shutil.copy2(instrumented_path, target_path) + + extra_rpaths.add( + os.path.join('$ORIGIN', INSTRUMENTED_LIBRARIES_DIRNAME, + os.path.dirname(path[1:]))) + + if not extra_rpaths: + return + + existing_rpaths = subprocess.check_output( + ['patchelf', '--print-rpath', binary_path]).strip() + processed_rpaths = ':'.join(extra_rpaths) + if existing_rpaths: + processed_rpaths += ':' + existing_rpaths + print('Patching rpath for', binary_path, 'from', existing_rpaths, 'to', + processed_rpaths) + + subprocess.check_call( + ['patchelf', '--force-rpath', '--set-rpath', + processed_rpaths, binary_path]) + + +def PatchBuild(output_directory): + """Patch build to use msan libs.""" + instrumented_dir = os.path.join(output_directory, + INSTRUMENTED_LIBRARIES_DIRNAME) + if not os.path.exists(instrumented_dir): + os.mkdir(instrumented_dir) + + for root_dir, _, filenames in os.walk(output_directory): + for filename in filenames: + file_path = os.path.join(root_dir, filename) + + if os.path.islink(file_path): + continue + + if not IsElf(file_path): + continue + + PatchBinary(file_path, instrumented_dir) + + +def main(): + parser = argparse.ArgumentParser('patch_build.py', description='MSan build patcher.') + parser.add_argument('output_dir', help='Output directory.') + + args = parser.parse_args() + + PatchBuild(os.path.abspath(args.output_dir)) + + +if __name__ == '__main__': + main() diff --git a/infra/base-images/base-sanitizer-libs-builder/wrapper_utils.py b/infra/base-images/base-sanitizer-libs-builder/wrapper_utils.py new file mode 100644 index 000000000..0cbf1677d --- /dev/null +++ b/infra/base-images/base-sanitizer-libs-builder/wrapper_utils.py @@ -0,0 +1,47 @@ +#!/usr/bin/env python +# Copyright 2017 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +from __future__ import print_function + +import contextlib +import os +import subprocess + + +def DpkgHostArchitecture(): + """Return the host architecture.""" + return subprocess.check_output( + ['dpkg-architecture', '-qDEB_HOST_GNU_TYPE']).strip() + + +def InstallWrapper(bin_dir, name, contents, extra_names=None): + """Install a custom wrapper script into |bin_dir|.""" + path = os.path.join(bin_dir, name) + with open(path, 'w') as f: + f.write(contents) + + os.chmod(path, 0755) + + if extra_names: + CreateSymlinks(path, bin_dir, extra_names) + + +def CreateSymlinks(original_path, bin_dir, extra_names): + """Create symlinks.""" + for extra_name in extra_names: + extra_path = os.path.join(bin_dir, extra_name) + os.symlink(original_path, extra_path) diff --git a/projects/kryo/Dockerfile b/infra/base-images/msan-libs-builder/Dockerfile index bf512f0d2..7780c1f33 100644 --- a/projects/kryo/Dockerfile +++ b/infra/base-images/msan-libs-builder/Dockerfile @@ -1,4 +1,4 @@ -# Copyright 2021 Google LLC +# Copyright 2017 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,16 +14,32 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-jvm +FROM gcr.io/oss-fuzz-base/base-sanitizer-libs-builder -RUN curl -L https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.zip -o maven.zip && \ - unzip maven.zip -d $SRC/maven && \ - rm -rf maven.zip +# Take all libraries from lib/msan +RUN cp -R /usr/msan/lib/* /usr/lib/ -ENV MVN $SRC/maven/apache-maven-3.6.3/bin/mvn +RUN mkdir /msan +WORKDIR /msan -RUN git clone --depth 1 https://github.com/EsotericSoftware/kryo - -COPY build.sh $SRC/ -COPY DeserializeCollectionsFuzzer.java DeserializeNumbersFuzzer.java DeserializeStringFuzzer.java $SRC/ -WORKDIR $SRC/kryo +ENV PYTHONUNBUFFERED 1 +RUN msan_build.py --work-dir=$WORK \ + libarchive13 \ + libattr1 \ + libbz2-1.0 \ + libfontconfig1 \ + libfreetype6 \ + libfribidi0 \ + libglib2.0-0 \ + libicu55 \ + liblz4-1 \ + liblzma5 \ + liblzo2-2 \ + libnettle6 \ + libpcre2-posix0 \ + libpcre3 \ + libpng12-0 \ + libssl1.0.0 \ + libxml2 \ + zlib1g \ + /msan diff --git a/infra/bisector.py b/infra/bisector.py index 51f93c132..1438d0de9 100644 --- a/infra/bisector.py +++ b/infra/bisector.py @@ -115,10 +115,7 @@ def main(): 'Bisection Error: Both the first and the last commits in' 'the given range have the same behavior, bisection is not possible. ') return 1 - if args.type == 'regressed': - print('Error was introduced at commit %s' % result.commit) - elif args.type == 'fixed': - print('Error was fixed at commit %s' % result.commit) + print('Error was introduced at commit %s' % result.commit) return 0 @@ -134,7 +131,7 @@ def _get_dedup_token(output): return None -def _check_for_crash(project_name, fuzz_target, testcase_path): +def _check_for_crash(project_name, fuzz_target, test_case_path): """Check for crash.""" def docker_run(args): @@ -145,15 +142,12 @@ def _check_for_crash(project_name, fuzz_target, testcase_path): return utils.execute(command + args) logging.info('Checking for crash') - out, err, return_code = helper.reproduce_impl( - project=helper.Project(project_name), - fuzzer_name=fuzz_target, - valgrind=False, - env_to_add=[], - fuzzer_args=[], - testcase_path=testcase_path, - run_function=docker_run, - err_result=(None, None, None)) + out, err, return_code = helper.reproduce_impl(project_name, + fuzz_target, + False, [], [], + test_case_path, + runner=docker_run, + err_result=(None, None, None)) if return_code is None: return None @@ -173,7 +167,7 @@ def _check_for_crash(project_name, fuzz_target, testcase_path): # pylint: disable=too-many-locals # pylint: disable=too-many-arguments # pylint: disable=too-many-statements -def _bisect(bisect_type, old_commit, new_commit, testcase_path, fuzz_target, +def _bisect(bisect_type, old_commit, new_commit, test_case_path, fuzz_target, build_data): """Perform the bisect.""" # pylint: disable=too-many-branches @@ -218,7 +212,7 @@ def _bisect(bisect_type, old_commit, new_commit, testcase_path, fuzz_target, raise BisectError('Invalid bisect type ' + bisect_type, repo_url) expected_error = _check_for_crash(build_data.project_name, fuzz_target, - testcase_path) + test_case_path) logging.info('new_commit result = %s', expected_error) if not should_crash and expected_error: @@ -237,7 +231,7 @@ def _bisect(bisect_type, old_commit, new_commit, testcase_path, fuzz_target, raise BisectError('Failed to build old_commit', repo_url) if _check_for_crash(build_data.project_name, fuzz_target, - testcase_path) == expected_error: + test_case_path) == expected_error: logging.warning('old_commit %s had same result as new_commit %s', old_commit, new_commit) # Try again on an slightly older commit. @@ -272,7 +266,7 @@ def _bisect(bisect_type, old_commit, new_commit, testcase_path, fuzz_target, continue current_error = _check_for_crash(build_data.project_name, fuzz_target, - testcase_path) + test_case_path) logging.info('Current result = %s', current_error) if expected_error == current_error: new_idx = curr_idx @@ -283,16 +277,16 @@ def _bisect(bisect_type, old_commit, new_commit, testcase_path, fuzz_target, # pylint: disable=too-many-locals # pylint: disable=too-many-arguments -def bisect(bisect_type, old_commit, new_commit, testcase_path, fuzz_target, +def bisect(bisect_type, old_commit, new_commit, test_case_path, fuzz_target, build_data): """From a commit range, this function caluclates which introduced a - specific error from a fuzz testcase_path. + specific error from a fuzz test_case_path. Args: bisect_type: The type of the bisect ('regressed' or 'fixed'). old_commit: The oldest commit in the error regression range. new_commit: The newest commit in the error regression range. - testcase_path: The file path of the test case that triggers the error + test_case_path: The file path of the test case that triggers the error fuzz_target: The name of the fuzzer to be tested. build_data: a class holding all of the input parameters for bisection. @@ -303,7 +297,7 @@ def bisect(bisect_type, old_commit, new_commit, testcase_path, fuzz_target, ValueError: when a repo url can't be determine from the project. """ try: - return _bisect(bisect_type, old_commit, new_commit, testcase_path, + return _bisect(bisect_type, old_commit, new_commit, test_case_path, fuzz_target, build_data) finally: # Clean up projects/ as _bisect may have modified it. diff --git a/infra/bisector_test.py b/infra/bisector_test.py index d93ac3239..5e3dc5232 100644 --- a/infra/bisector_test.py +++ b/infra/bisector_test.py @@ -45,7 +45,7 @@ class BisectIntegrationTests(unittest.TestCase): architecture='x86_64') with self.assertRaises(ValueError): bisector.bisect(self.BISECT_TYPE, test_repo.old_commit, - test_repo.new_commit, test_repo.testcase_path, + test_repo.new_commit, test_repo.test_case_path, test_repo.fuzz_target, build_data) def test_bisect(self): @@ -58,7 +58,7 @@ class BisectIntegrationTests(unittest.TestCase): sanitizer='address', architecture='x86_64') result = bisector.bisect(self.BISECT_TYPE, test_repo.old_commit, - test_repo.new_commit, test_repo.testcase_path, + test_repo.new_commit, test_repo.test_case_path, test_repo.fuzz_target, build_data) self.assertEqual(result.commit, test_repo.intro_commit) diff --git a/infra/build/functions/base_images.py b/infra/build/functions/base_images.py index 593323fc3..8c9b2d85f 100644 --- a/infra/build/functions/base_images.py +++ b/infra/build/functions/base_images.py @@ -15,6 +15,7 @@ ################################################################################ """Cloud function to build base images on Google Cloud Builder.""" +import datetime import logging import google.auth @@ -24,17 +25,14 @@ BASE_IMAGES = [ 'base-image', 'base-clang', 'base-builder', - 'base-builder-go', - 'base-builder-jvm', - 'base-builder-python', - 'base-builder-rust', - 'base-builder-swift', 'base-runner', 'base-runner-debug', ] BASE_PROJECT = 'oss-fuzz-base' TAG_PREFIX = f'gcr.io/{BASE_PROJECT}/' -MAJOR_VERSION = 'v1' + +BASE_SANITIZER_LIBS_IMAGE = TAG_PREFIX + 'base-sanitizer-libs-builder' +MSAN_LIBS_IMAGE = TAG_PREFIX + 'msan-libs-builder' def _get_base_image_steps(images, tag_prefix=TAG_PREFIX): @@ -48,14 +46,11 @@ def _get_base_image_steps(images, tag_prefix=TAG_PREFIX): }] for base_image in images: - image = tag_prefix + base_image steps.append({ 'args': [ 'build', '-t', - image, - '-t', - f'{image}:{MAJOR_VERSION}', + tag_prefix + base_image, '.', ], 'dir': 'oss-fuzz/infra/base-images/' + base_image, @@ -67,8 +62,9 @@ def _get_base_image_steps(images, tag_prefix=TAG_PREFIX): def get_logs_url(build_id, project_id='oss-fuzz-base'): """Returns url that displays the build logs.""" - return ('https://console.developers.google.com/logs/viewer?' - f'resource=build%2Fbuild_id%2F{build_id}&project={project_id}') + url_format = ('https://console.developers.google.com/logs/viewer?' + 'resource=build%2Fbuild_id%2F{0}&project={1}') + return url_format.format(build_id, project_id) # pylint: disable=no-member @@ -81,7 +77,7 @@ def run_build(steps, images): 'options': { 'machineType': 'N1_HIGHCPU_32' }, - 'images': images + [f'{image}:{MAJOR_VERSION}' for image in images] + 'images': images } cloudbuild = build('cloudbuild', 'v1', @@ -103,3 +99,43 @@ def base_builder(event, context): images = [tag_prefix + base_image for base_image in BASE_IMAGES] run_build(steps, images) + + +def _get_msan_steps(image): + """Get build steps for msan-libs-builder.""" + timestamp = datetime.datetime.utcnow().strftime('%Y%m%d%H%M') + upload_name = 'msan-libs-' + timestamp + '.zip' + + steps = _get_base_image_steps([ + 'base-sanitizer-libs-builder', + 'msan-libs-builder', + ]) + steps.extend([{ + 'name': image, + 'args': [ + 'bash', + '-c', + 'cd /msan && zip -r /workspace/libs.zip .', + ], + }, { + 'name': + 'gcr.io/cloud-builders/gsutil', + 'args': [ + 'cp', + '/workspace/libs.zip', + 'gs://oss-fuzz-msan-libs/' + upload_name, + ], + }]) + return steps + + +def base_msan_builder(event, context): + """Cloud function to build base images.""" + del event, context + steps = _get_msan_steps(MSAN_LIBS_IMAGE) + images = [ + BASE_SANITIZER_LIBS_IMAGE, + MSAN_LIBS_IMAGE, + ] + + run_build(steps, images) diff --git a/infra/build/functions/build_and_run_coverage.py b/infra/build/functions/build_and_run_coverage.py index 1195776d9..cc2de5a32 100755..100644 --- a/infra/build/functions/build_and_run_coverage.py +++ b/infra/build/functions/build_and_run_coverage.py @@ -13,11 +13,11 @@ # limitations under the License. # ################################################################################ -#!/usr/bin/env python3 +#!/usr/bin/python2 """Starts and runs coverage build on Google Cloud Builder. - -Usage: build_and_run_coverage.py <project>. +Usage: build_and_run_coverage.py <project_dir> """ +import datetime import json import logging import os @@ -27,105 +27,119 @@ import build_lib import build_project SANITIZER = 'coverage' -FUZZING_ENGINE = 'libfuzzer' -ARCHITECTURE = 'x86_64' - +CONFIGURATION = ['FUZZING_ENGINE=libfuzzer', 'SANITIZER=%s' % SANITIZER] PLATFORM = 'linux' -COVERAGE_BUILD_TYPE = 'coverage' +COVERAGE_BUILD_TAG = 'coverage' # Where code coverage reports need to be uploaded to. COVERAGE_BUCKET_NAME = 'oss-fuzz-coverage' -# This is needed for ClusterFuzz to pick up the most recent reports data. +# Link to the code coverage report in HTML format. +HTML_REPORT_URL_FORMAT = (build_lib.GCS_URL_BASENAME + COVERAGE_BUCKET_NAME + + '/{project}/reports/{date}/{platform}/index.html') +# This is needed for ClusterFuzz to pick up the most recent reports data. +LATEST_REPORT_INFO_URL = ('/' + COVERAGE_BUCKET_NAME + + '/latest_report_info/{project}.json') LATEST_REPORT_INFO_CONTENT_TYPE = 'application/json' -# Languages from project.yaml that have code coverage support. -LANGUAGES_WITH_COVERAGE_SUPPORT = ['c', 'c++', 'go', 'jvm', 'rust', 'swift'] - - -class Bucket: # pylint: disable=too-few-public-methods - """Class representing the coverage GCS bucket.""" +# Link where to upload code coverage report files to. +UPLOAD_URL_FORMAT = 'gs://' + COVERAGE_BUCKET_NAME + '/{project}/{type}/{date}' - def __init__(self, project, date, platform, testing): - self.coverage_bucket_name = 'oss-fuzz-coverage' - if testing: - self.coverage_bucket_name += '-testing' +# Languages from project.yaml that have code coverage support. +LANGUAGES_WITH_COVERAGE_SUPPORT = ['c', 'c++', 'go', 'rust'] - self.date = date - self.project = project - self.html_report_url = ( - f'{build_lib.GCS_URL_BASENAME}{self.coverage_bucket_name}/{project}' - f'/reports/{date}/{platform}/index.html') - self.latest_report_info_url = (f'/{COVERAGE_BUCKET_NAME}' - f'/latest_report_info/{project}.json') - def get_upload_url(self, upload_type): - """Returns an upload url for |upload_type|.""" - return (f'gs://{self.coverage_bucket_name}/{self.project}' - f'/{upload_type}/{self.date}') +def usage(): + """Exit with code 1 and display syntax to use this file.""" + sys.stderr.write("Usage: " + sys.argv[0] + " <project_dir>\n") + sys.exit(1) -def get_build_steps( # pylint: disable=too-many-locals, too-many-arguments - project_name, project_yaml_contents, dockerfile_lines, image_project, - base_images_project, config): +# pylint: disable=too-many-locals +def get_build_steps(project_name, project_yaml_file, dockerfile_lines, + image_project, base_images_project): """Returns build steps for project.""" - project = build_project.Project(project_name, project_yaml_contents, - dockerfile_lines, image_project) - if project.disabled: - logging.info('Project "%s" is disabled.', project.name) + project_yaml = build_project.load_project_yaml(project_name, + project_yaml_file, + image_project) + if project_yaml['disabled']: + logging.info('Project "%s" is disabled.', project_name) return [] - if project.fuzzing_language not in LANGUAGES_WITH_COVERAGE_SUPPORT: + if project_yaml['language'] not in LANGUAGES_WITH_COVERAGE_SUPPORT: logging.info( 'Project "%s" is written in "%s", coverage is not supported yet.', - project.name, project.fuzzing_language) + project_name, project_yaml['language']) return [] - report_date = build_project.get_datetime_now().strftime('%Y%m%d') - bucket = Bucket(project.name, report_date, PLATFORM, config.testing) + name = project_yaml['name'] + image = project_yaml['image'] + language = project_yaml['language'] + report_date = datetime.datetime.now().strftime('%Y%m%d') - build_steps = build_lib.project_image_steps( - project.name, - project.image, - project.fuzzing_language, - branch=config.branch, - test_image_suffix=config.test_image_suffix) + build_steps = build_lib.project_image_steps(name, image, language) - build = build_project.Build('libfuzzer', 'coverage', 'x86_64') - env = build_project.get_env(project.fuzzing_language, build) - build_steps.append( - build_project.get_compile_step(project, build, env, config.parallel)) - download_corpora_steps = build_lib.download_corpora_steps( - project.name, testing=config.testing) + env = CONFIGURATION[:] + out = '/workspace/out/' + SANITIZER + env.append('OUT=' + out) + env.append('FUZZING_LANGUAGE=' + language) + + workdir = build_project.workdir_from_dockerfile(dockerfile_lines) + if not workdir: + workdir = '/src' + + failure_msg = ('*' * 80 + '\nCoverage build failed.\nTo reproduce, run:\n' + 'python infra/helper.py build_image {name}\n' + 'python infra/helper.py build_fuzzers --sanitizer coverage ' + '{name}\n' + '*' * 80).format(name=name) + + # Compilation step. + build_steps.append({ + 'name': + image, + 'env': + env, + 'args': [ + 'bash', + '-c', + # Remove /out to make sure there are non instrumented binaries. + # `cd /src && cd {workdir}` (where {workdir} is parsed from the + # Dockerfile). Container Builder overrides our workdir so we need + # to add this step to set it back. + ('rm -r /out && cd /src && cd {workdir} && mkdir -p {out} && ' + 'compile || (echo "{failure_msg}" && false)' + ).format(workdir=workdir, out=out, failure_msg=failure_msg), + ], + }) + + download_corpora_steps = build_lib.download_corpora_steps(project_name) if not download_corpora_steps: - logging.info('Skipping code coverage build for %s.', project.name) + logging.info('Skipping code coverage build for %s.', project_name) return [] build_steps.extend(download_corpora_steps) failure_msg = ('*' * 80 + '\nCode coverage report generation failed.\n' 'To reproduce, run:\n' - f'python infra/helper.py build_image {project.name}\n' + 'python infra/helper.py build_image {name}\n' 'python infra/helper.py build_fuzzers --sanitizer coverage ' - f'{project.name}\n' - f'python infra/helper.py coverage {project.name}\n' + '*' * 80) + '{name}\n' + 'python infra/helper.py coverage {name}\n' + + '*' * 80).format(name=name) # Unpack the corpus and run coverage script. coverage_env = env + [ 'HTTP_PORT=', - f'COVERAGE_EXTRA_ARGS={project.coverage_extra_args.strip()}', + 'COVERAGE_EXTRA_ARGS=%s' % project_yaml['coverage_extra_args'].strip(), ] - if 'dataflow' in project.fuzzing_engines: + if 'dataflow' in project_yaml['fuzzing_engines']: coverage_env.append('FULL_SUMMARY_PER_TARGET=1') build_steps.append({ - 'name': - build_project.get_runner_image_name(base_images_project, - config.test_image_suffix), - 'env': - coverage_env, + 'name': 'gcr.io/{0}/base-runner'.format(base_images_project), + 'env': coverage_env, 'args': [ 'bash', '-c', ('for f in /corpus/*.zip; do unzip -q $f -d ${f%%.*} || (' @@ -144,7 +158,9 @@ def get_build_steps( # pylint: disable=too-many-locals, too-many-arguments }) # Upload the report. - upload_report_url = bucket.get_upload_url('reports') + upload_report_url = UPLOAD_URL_FORMAT.format(project=project_name, + type='reports', + date=report_date) # Delete the existing report as gsutil cannot overwrite it in a useful way due # to the lack of `-T` option (it creates a subdir in the destination dir). @@ -156,14 +172,15 @@ def get_build_steps( # pylint: disable=too-many-locals, too-many-arguments '-m', 'cp', '-r', - os.path.join(build.out, 'report'), + os.path.join(out, 'report'), upload_report_url, ], }) # Upload the fuzzer stats. Delete the old ones just in case. - upload_fuzzer_stats_url = bucket.get_upload_url('fuzzer_stats') - + upload_fuzzer_stats_url = UPLOAD_URL_FORMAT.format(project=project_name, + type='fuzzer_stats', + date=report_date) build_steps.append(build_lib.gsutil_rm_rf_step(upload_fuzzer_stats_url)) build_steps.append({ 'name': @@ -172,13 +189,15 @@ def get_build_steps( # pylint: disable=too-many-locals, too-many-arguments '-m', 'cp', '-r', - os.path.join(build.out, 'fuzzer_stats'), + os.path.join(out, 'fuzzer_stats'), upload_fuzzer_stats_url, ], }) # Upload the fuzzer logs. Delete the old ones just in case - upload_fuzzer_logs_url = bucket.get_upload_url('logs') + upload_fuzzer_logs_url = UPLOAD_URL_FORMAT.format(project=project_name, + type='logs', + date=report_date) build_steps.append(build_lib.gsutil_rm_rf_step(upload_fuzzer_logs_url)) build_steps.append({ 'name': @@ -187,13 +206,15 @@ def get_build_steps( # pylint: disable=too-many-locals, too-many-arguments '-m', 'cp', '-r', - os.path.join(build.out, 'logs'), + os.path.join(out, 'logs'), upload_fuzzer_logs_url, ], }) # Upload srcmap. - srcmap_upload_url = bucket.get_upload_url('srcmap') + srcmap_upload_url = UPLOAD_URL_FORMAT.format(project=project_name, + type='srcmap', + date=report_date) srcmap_upload_url = srcmap_upload_url.rstrip('/') + '.json' build_steps.append({ 'name': 'gcr.io/cloud-builders/gsutil', @@ -206,13 +227,15 @@ def get_build_steps( # pylint: disable=too-many-locals, too-many-arguments # Update the latest report information file for ClusterFuzz. latest_report_info_url = build_lib.get_signed_url( - bucket.latest_report_info_url, + LATEST_REPORT_INFO_URL.format(project=project_name), content_type=LATEST_REPORT_INFO_CONTENT_TYPE) latest_report_info_body = json.dumps({ 'fuzzer_stats_dir': upload_fuzzer_stats_url, 'html_report_url': - bucket.html_report_url, + HTML_REPORT_URL_FORMAT.format(project=project_name, + date=report_date, + platform=PLATFORM), 'report_date': report_date, 'report_summary_path': @@ -228,10 +251,25 @@ def get_build_steps( # pylint: disable=too-many-locals, too-many-arguments def main(): """Build and run coverage for projects.""" - return build_project.build_script_main( - 'Generates coverage report for project.', get_build_steps, - COVERAGE_BUILD_TYPE) + if len(sys.argv) != 2: + usage() + + image_project = 'oss-fuzz' + base_images_project = 'oss-fuzz-base' + project_dir = sys.argv[1].rstrip(os.path.sep) + project_name = os.path.basename(project_dir) + dockerfile_path = os.path.join(project_dir, 'Dockerfile') + project_yaml_path = os.path.join(project_dir, 'project.yaml') + + with open(dockerfile_path) as docker_file: + dockerfile_lines = docker_file.readlines() + + with open(project_yaml_path) as project_yaml_file: + steps = get_build_steps(project_name, project_yaml_file, dockerfile_lines, + image_project, base_images_project) + + build_project.run_build(steps, project_name, COVERAGE_BUILD_TAG) -if __name__ == '__main__': - sys.exit(main()) +if __name__ == "__main__": + main() diff --git a/infra/build/functions/build_and_run_coverage_test.py b/infra/build/functions/build_and_run_coverage_test.py deleted file mode 100644 index 83ea39ecd..000000000 --- a/infra/build/functions/build_and_run_coverage_test.py +++ /dev/null @@ -1,78 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -"""Unit tests for build_and_run_coverage.""" -import json -import os -import sys -import unittest -from unittest import mock - -from pyfakefs import fake_filesystem_unittest - -FUNCTIONS_DIR = os.path.dirname(__file__) -sys.path.append(FUNCTIONS_DIR) -# pylint: disable=wrong-import-position - -import build_and_run_coverage -import build_project -import test_utils - -# pylint: disable=no-member - - -class TestRequestCoverageBuilds(fake_filesystem_unittest.TestCase): - """Unit tests for sync.""" - - def setUp(self): - self.maxDiff = None # pylint: disable=invalid-name - self.setUpPyfakefs() - - @mock.patch('build_lib.get_signed_url', return_value='test_url') - @mock.patch('build_lib.download_corpora_steps', - return_value=[{ - 'url': 'test_download' - }]) - @mock.patch('build_project.get_datetime_now', - return_value=test_utils.FAKE_DATETIME) - def test_get_coverage_build_steps(self, mock_url, mock_corpora_steps, - mock_get_datetime_now): - """Test for get_build_steps.""" - del mock_url, mock_corpora_steps, mock_get_datetime_now - project_yaml_contents = ('language: c++\n' - 'sanitizers:\n' - ' - address\n' - 'architectures:\n' - ' - x86_64\n') - self.fs.create_dir(test_utils.PROJECT_DIR) - test_utils.create_project_data(test_utils.PROJECT, project_yaml_contents) - - expected_build_steps_file_path = test_utils.get_test_data_file_path( - 'expected_coverage_build_steps.json') - self.fs.add_real_file(expected_build_steps_file_path) - with open(expected_build_steps_file_path) as expected_build_steps_file: - expected_coverage_build_steps = json.load(expected_build_steps_file) - - config = build_project.Config(False, False, None, False) - project_yaml, dockerfile = build_project.get_project_data( - test_utils.PROJECT) - build_steps = build_and_run_coverage.get_build_steps( - test_utils.PROJECT, project_yaml, dockerfile, test_utils.IMAGE_PROJECT, - test_utils.BASE_IMAGES_PROJECT, config) - self.assertEqual(build_steps, expected_coverage_build_steps) - - -if __name__ == '__main__': - unittest.main(exit=False) diff --git a/infra/build/functions/build_lib.py b/infra/build/functions/build_lib.py index 292ef682f..007579ef9 100644 --- a/infra/build/functions/build_lib.py +++ b/infra/build/functions/build_lib.py @@ -83,23 +83,11 @@ def get_targets_list_url(bucket, project, sanitizer): return url -def get_upload_bucket(engine, architecture, testing): - """Returns the upload bucket for |engine| and architecture. Returns the - testing bucket if |testing|.""" - bucket = ENGINE_INFO[engine].upload_bucket - if architecture != 'x86_64': - bucket += '-' + architecture - if testing: - bucket += '-testing' - return bucket - - -def _get_targets_list(project_name, testing): +def _get_targets_list(project_name): """Returns target list.""" - # libFuzzer ASan 'x86_84' is the default configuration, get list of targets - # from it. - bucket = get_upload_bucket('libfuzzer', 'x86_64', testing) - url = get_targets_list_url(bucket, project_name, 'address') + # libFuzzer ASan is the default configuration, get list of targets from it. + url = get_targets_list_url(ENGINE_INFO['libfuzzer'].upload_bucket, + project_name, 'address') url = urlparse.urljoin(GCS_URL_BASENAME, url) response = requests.get(url) @@ -116,7 +104,7 @@ def _get_targets_list(project_name, testing): def get_signed_url(path, method='PUT', content_type=''): """Returns signed url.""" timestamp = int(time.time() + BUILD_TIMEOUT) - blob = f'{method}\n\n{content_type}\n{timestamp}\n{path}' + blob = '{0}\n\n{1}\n{2}\n{3}'.format(method, content_type, timestamp, path) service_account_path = os.environ.get('GOOGLE_APPLICATION_CREDENTIALS') if service_account_path: @@ -131,7 +119,7 @@ def get_signed_url(path, method='PUT', content_type=''): credentials=credentials, cache_discovery=False) client_id = project + '@appspot.gserviceaccount.com' - service_account = f'projects/-/serviceAccounts/{client_id}' + service_account = 'projects/-/serviceAccounts/{0}'.format(client_id) response = iam.projects().serviceAccounts().signBlob( name=service_account, body={ @@ -145,13 +133,14 @@ def get_signed_url(path, method='PUT', content_type=''): 'Expires': timestamp, 'Signature': signature, } - return f'https://storage.googleapis.com{path}?{urlparse.urlencode(values)}' + return ('https://storage.googleapis.com{0}?'.format(path) + + urlparse.urlencode(values)) -def download_corpora_steps(project_name, testing): +def download_corpora_steps(project_name): """Returns GCB steps for downloading corpora backups for the given project. """ - fuzz_targets = _get_targets_list(project_name, testing) + fuzz_targets = _get_targets_list(project_name) if not fuzz_targets: sys.stderr.write('No fuzz targets found for project "%s".\n' % project_name) return None @@ -217,72 +206,15 @@ def gsutil_rm_rf_step(url): return step -def get_pull_test_images_steps(test_image_suffix): - """Returns steps to pull testing versions of base-images and tag them so that - they are used in builds.""" - images = [ - 'gcr.io/oss-fuzz-base/base-builder', - 'gcr.io/oss-fuzz-base/base-builder-swift', - 'gcr.io/oss-fuzz-base/base-builder-jvm', - 'gcr.io/oss-fuzz-base/base-builder-go', - 'gcr.io/oss-fuzz-base/base-builder-python', - 'gcr.io/oss-fuzz-base/base-builder-rust', - ] - steps = [] - for image in images: - test_image = image + '-' + test_image_suffix - steps.append({ - 'name': 'gcr.io/cloud-builders/docker', - 'args': [ - 'pull', - test_image, - ], - 'waitFor': '-' # Start this immediately, don't wait for previous step. - }) - - # This step is hacky but gives us great flexibility. OSS-Fuzz has hardcoded - # references to gcr.io/oss-fuzz-base/base-builder (in dockerfiles, for - # example) and gcr.io/oss-fuzz-base-runner (in this build code). But the - # testing versions of those images are called e.g. - # gcr.io/oss-fuzz-base/base-builder-testing and - # gcr.io/oss-fuzz-base/base-runner-testing. How can we get the build to use - # the testing images instead of the real ones? By doing this step: tagging - # the test image with the non-test version, so that the test version is used - # instead of pulling the real one. - steps.append({ - 'name': 'gcr.io/cloud-builders/docker', - 'args': ['tag', test_image, image], - }) - return steps - - -def get_srcmap_step_id(): - """Returns the id for the srcmap step.""" - return 'srcmap' - - -def project_image_steps(name, - image, - language, - branch=None, - test_image_suffix=None): +def project_image_steps(name, image, language): """Returns GCB steps to build OSS-Fuzz project image.""" - clone_step = { + steps = [{ 'args': [ - 'clone', 'https://github.com/google/oss-fuzz.git', '--depth', '1' + 'clone', + 'https://github.com/google/oss-fuzz.git', ], 'name': 'gcr.io/cloud-builders/git', - } - if branch: - # Do this to support testing other branches. - clone_step['args'].extend(['--branch', branch]) - - steps = [clone_step] - if test_image_suffix: - steps.extend(get_pull_test_images_steps(test_image_suffix)) - - srcmap_step_id = get_srcmap_step_id() - steps += [{ + }, { 'name': 'gcr.io/cloud-builders/docker', 'args': [ 'build', @@ -292,7 +224,8 @@ def project_image_steps(name, ], 'dir': 'oss-fuzz/projects/' + name, }, { - 'name': image, + 'name': + image, 'args': [ 'bash', '-c', 'srcmap > /workspace/srcmap.json && cat /workspace/srcmap.json' @@ -301,7 +234,6 @@ def project_image_steps(name, 'OSSFUZZ_REVISION=$REVISION_ID', 'FUZZING_LANGUAGE=%s' % language, ], - 'id': srcmap_step_id }] return steps diff --git a/infra/build/functions/build_project.py b/infra/build/functions/build_project.py index bdc7985e1..9115c85fd 100755..100644 --- a/infra/build/functions/build_project.py +++ b/infra/build/functions/build_project.py @@ -13,7 +13,7 @@ # limitations under the License. # ################################################################################ -#!/usr/bin/env python3 +#!/usr/bin/python2 """Starts project build on Google Cloud Builder. Usage: build_project.py <project_dir> @@ -21,27 +21,37 @@ Usage: build_project.py <project_dir> from __future__ import print_function -import argparse -import collections import datetime import json import logging import os -import posixpath import re import sys -from googleapiclient.discovery import build as cloud_build -import oauth2client.client import six import yaml +from oauth2client.client import GoogleCredentials +from googleapiclient.discovery import build + import build_lib -FUZZING_BUILD_TYPE = 'fuzzing' +FUZZING_BUILD_TAG = 'fuzzing' GCB_LOGS_BUCKET = 'oss-fuzz-gcb-logs' +CONFIGURATIONS = { + 'sanitizer-address': ['SANITIZER=address'], + 'sanitizer-dataflow': ['SANITIZER=dataflow'], + 'sanitizer-memory': ['SANITIZER=memory'], + 'sanitizer-undefined': ['SANITIZER=undefined'], + 'engine-libfuzzer': ['FUZZING_ENGINE=libfuzzer'], + 'engine-afl': ['FUZZING_ENGINE=afl'], + 'engine-honggfuzz': ['FUZZING_ENGINE=honggfuzz'], + 'engine-dataflow': ['FUZZING_ENGINE=dataflow'], + 'engine-none': ['FUZZING_ENGINE=none'], +} + DEFAULT_ARCHITECTURES = ['x86_64'] DEFAULT_ENGINES = ['libfuzzer', 'afl', 'honggfuzz'] DEFAULT_SANITIZERS = ['address', 'undefined'] @@ -51,100 +61,19 @@ LATEST_VERSION_CONTENT_TYPE = 'text/plain' QUEUE_TTL_SECONDS = 60 * 60 * 24 # 24 hours. -PROJECTS_DIR = os.path.abspath( - os.path.join(__file__, os.path.pardir, os.path.pardir, os.path.pardir, - os.path.pardir, 'projects')) - -DEFAULT_GCB_OPTIONS = {'machineType': 'N1_HIGHCPU_32'} - -Config = collections.namedtuple( - 'Config', ['testing', 'test_image_suffix', 'branch', 'parallel']) - -WORKDIR_REGEX = re.compile(r'\s*WORKDIR\s*([^\s]+)') - -class Build: # pylint: disable=too-few-public-methods - """Class representing the configuration for a build.""" +def usage(): + """Exit with code 1 and display syntax to use this file.""" + sys.stderr.write('Usage: ' + sys.argv[0] + ' <project_dir>\n') + sys.exit(1) - def __init__(self, fuzzing_engine, sanitizer, architecture): - self.fuzzing_engine = fuzzing_engine - self.sanitizer = sanitizer - self.architecture = architecture - self.targets_list_filename = build_lib.get_targets_list_filename( - self.sanitizer) - @property - def out(self): - """Returns the out directory for the build.""" - return posixpath.join( - '/workspace/out/', - f'{self.fuzzing_engine}-{self.sanitizer}-{self.architecture}') - - -def get_project_data(project_name): - """Returns a tuple containing the contents of the project.yaml and Dockerfile - of |project_name|. Raises a FileNotFoundError if there is no Dockerfile for - |project_name|.""" - project_dir = os.path.join(PROJECTS_DIR, project_name) - dockerfile_path = os.path.join(project_dir, 'Dockerfile') - try: - with open(dockerfile_path) as dockerfile: - dockerfile = dockerfile.read() - except FileNotFoundError: - logging.error('Project "%s" does not have a dockerfile.', project_name) - raise - project_yaml_path = os.path.join(project_dir, 'project.yaml') - with open(project_yaml_path, 'r') as project_yaml_file_handle: - project_yaml_contents = project_yaml_file_handle.read() - return project_yaml_contents, dockerfile - - -class Project: # pylint: disable=too-many-instance-attributes - """Class representing an OSS-Fuzz project.""" - - def __init__(self, name, project_yaml_contents, dockerfile, image_project): - project_yaml = yaml.safe_load(project_yaml_contents) - self.name = name - self.image_project = image_project - self.workdir = workdir_from_dockerfile(dockerfile) - set_yaml_defaults(project_yaml) - self._sanitizers = project_yaml['sanitizers'] - self.disabled = project_yaml['disabled'] - self.architectures = project_yaml['architectures'] - self.fuzzing_engines = project_yaml['fuzzing_engines'] - self.coverage_extra_args = project_yaml['coverage_extra_args'] - self.labels = project_yaml['labels'] - self.fuzzing_language = project_yaml['language'] - self.run_tests = project_yaml['run_tests'] - - @property - def sanitizers(self): - """Returns processed sanitizers.""" - assert isinstance(self._sanitizers, list) - processed_sanitizers = [] - for sanitizer in self._sanitizers: - if isinstance(sanitizer, six.string_types): - processed_sanitizers.append(sanitizer) - elif isinstance(sanitizer, dict): - for key in sanitizer.keys(): - processed_sanitizers.append(key) - - return processed_sanitizers - - @property - def image(self): - """Returns the docker image for the project.""" - return f'gcr.io/{self.image_project}/{self.name}' - - -def get_last_step_id(steps): - """Returns the id of the last step in |steps|.""" - return steps[-1]['id'] - - -def set_yaml_defaults(project_yaml): - """Sets project.yaml's default parameters.""" +def set_yaml_defaults(project_name, project_yaml, image_project): + """Set project.yaml's default parameters.""" project_yaml.setdefault('disabled', False) + project_yaml.setdefault('name', project_name) + project_yaml.setdefault('image', + 'gcr.io/{0}/{1}'.format(image_project, project_name)) project_yaml.setdefault('architectures', DEFAULT_ARCHITECTURES) project_yaml.setdefault('sanitizers', DEFAULT_SANITIZERS) project_yaml.setdefault('fuzzing_engines', DEFAULT_ENGINES) @@ -153,310 +82,291 @@ def set_yaml_defaults(project_yaml): project_yaml.setdefault('labels', {}) -def is_supported_configuration(build): +def is_supported_configuration(fuzzing_engine, sanitizer, architecture): """Check if the given configuration is supported.""" - fuzzing_engine_info = build_lib.ENGINE_INFO[build.fuzzing_engine] - if build.architecture == 'i386' and build.sanitizer != 'address': + fuzzing_engine_info = build_lib.ENGINE_INFO[fuzzing_engine] + if architecture == 'i386' and sanitizer != 'address': return False - return (build.sanitizer in fuzzing_engine_info.supported_sanitizers and - build.architecture in fuzzing_engine_info.supported_architectures) + return (sanitizer in fuzzing_engine_info.supported_sanitizers and + architecture in fuzzing_engine_info.supported_architectures) + +def get_sanitizers(project_yaml): + """Retrieve sanitizers from project.yaml.""" + sanitizers = project_yaml['sanitizers'] + assert isinstance(sanitizers, list) -def workdir_from_dockerfile(dockerfile): - """Parses WORKDIR from the Dockerfile.""" - dockerfile_lines = dockerfile.split('\n') + processed_sanitizers = [] + for sanitizer in sanitizers: + if isinstance(sanitizer, six.string_types): + processed_sanitizers.append(sanitizer) + elif isinstance(sanitizer, dict): + for key in sanitizer.keys(): + processed_sanitizers.append(key) + + return processed_sanitizers + + +def workdir_from_dockerfile(dockerfile_lines): + """Parse WORKDIR from the Dockerfile.""" + workdir_regex = re.compile(r'\s*WORKDIR\s*([^\s]+)') for line in dockerfile_lines: - match = re.match(WORKDIR_REGEX, line) + match = re.match(workdir_regex, line) if match: # We need to escape '$' since they're used for subsitutions in Container # Builer builds. return match.group(1).replace('$', '$$') - return '/src' + return None -def get_datetime_now(): - """Returns datetime.datetime.now(). Used for mocking.""" - return datetime.datetime.now() +def load_project_yaml(project_name, project_yaml_file, image_project): + """Loads project yaml and sets default values.""" + project_yaml = yaml.safe_load(project_yaml_file) + set_yaml_defaults(project_name, project_yaml, image_project) + return project_yaml -def get_env(fuzzing_language, build): - """Returns an environment for building. The environment is returned as a list - and is suitable for use as the "env" parameter in a GCB build step. The - environment variables are based on the values of |fuzzing_language| and - |build.""" - env_dict = { - 'FUZZING_LANGUAGE': fuzzing_language, - 'FUZZING_ENGINE': build.fuzzing_engine, - 'SANITIZER': build.sanitizer, - 'ARCHITECTURE': build.architecture, - # Set HOME so that it doesn't point to a persisted volume (see - # https://github.com/google/oss-fuzz/issues/6035). - 'HOME': '/root', - 'OUT': build.out, - } - return list(sorted([f'{key}={value}' for key, value in env_dict.items()])) - - -def get_compile_step(project, build, env, parallel): - """Returns the GCB step for compiling |projects| fuzzers using |env|. The type - of build is specified by |build|.""" - failure_msg = ( - '*' * 80 + '\nFailed to build.\nTo reproduce, run:\n' - f'python infra/helper.py build_image {project.name}\n' - 'python infra/helper.py build_fuzzers --sanitizer ' - f'{build.sanitizer} --engine {build.fuzzing_engine} --architecture ' - f'{build.architecture} {project.name}\n' + '*' * 80) - compile_step = { - 'name': project.image, - 'env': env, +# pylint: disable=too-many-locals, too-many-statements, too-many-branches +def get_build_steps(project_name, project_yaml_file, dockerfile_lines, + image_project, base_images_project): + """Returns build steps for project.""" + project_yaml = load_project_yaml(project_name, project_yaml_file, + image_project) + + if project_yaml['disabled']: + logging.info('Project "%s" is disabled.', project_name) + return [] + + name = project_yaml['name'] + image = project_yaml['image'] + language = project_yaml['language'] + run_tests = project_yaml['run_tests'] + time_stamp = datetime.datetime.now().strftime('%Y%m%d%H%M') + + build_steps = build_lib.project_image_steps(name, image, language) + # Copy over MSan instrumented libraries. + build_steps.append({ + 'name': 'gcr.io/{0}/msan-libs-builder'.format(base_images_project), 'args': [ 'bash', '-c', - # Remove /out to make sure there are non instrumented binaries. - # `cd /src && cd {workdir}` (where {workdir} is parsed from the - # Dockerfile). Container Builder overrides our workdir so we need - # to add this step to set it back. - (f'rm -r /out && cd /src && cd {project.workdir} && ' - f'mkdir -p {build.out} && compile || ' - f'(echo "{failure_msg}" && false)'), + 'cp -r /msan /workspace', ], - 'id': get_id('compile', build), - } - if parallel: - maybe_add_parallel(compile_step, build_lib.get_srcmap_step_id(), parallel) - return compile_step - - -def maybe_add_parallel(step, wait_for_id, parallel): - """Makes |step| run immediately after |wait_for_id| if |parallel|. Mutates - |step|.""" - if not parallel: - return - step['waitFor'] = wait_for_id - - -def get_id(step_type, build): - """Returns a unique step id based on |step_type| and |build|. Useful for - parallelizing builds.""" - return (f'{step_type}-{build.fuzzing_engine}-{build.sanitizer}' - f'-{build.architecture}') - - -def get_build_steps( # pylint: disable=too-many-locals, too-many-statements, too-many-branches, too-many-arguments - project_name, project_yaml_contents, dockerfile, image_project, - base_images_project, config): - """Returns build steps for project.""" - - project = Project(project_name, project_yaml_contents, dockerfile, - image_project) - - if project.disabled: - logging.info('Project "%s" is disabled.', project.name) - return [] + }) - timestamp = get_datetime_now().strftime('%Y%m%d%H%M') - - build_steps = build_lib.project_image_steps( - project.name, - project.image, - project.fuzzing_language, - branch=config.branch, - test_image_suffix=config.test_image_suffix) - - # Sort engines to make AFL first to test if libFuzzer has an advantage in - # finding bugs first since it is generally built first. - for fuzzing_engine in sorted(project.fuzzing_engines): - for sanitizer in project.sanitizers: - for architecture in project.architectures: - build = Build(fuzzing_engine, sanitizer, architecture) - if not is_supported_configuration(build): + for fuzzing_engine in project_yaml['fuzzing_engines']: + for sanitizer in get_sanitizers(project_yaml): + for architecture in project_yaml['architectures']: + if not is_supported_configuration(fuzzing_engine, sanitizer, + architecture): continue - env = get_env(project.fuzzing_language, build) - compile_step = get_compile_step(project, build, env, config.parallel) - build_steps.append(compile_step) - - if project.run_tests: - failure_msg = ( - '*' * 80 + '\nBuild checks failed.\n' - 'To reproduce, run:\n' - f'python infra/helper.py build_image {project.name}\n' - 'python infra/helper.py build_fuzzers --sanitizer ' - f'{build.sanitizer} --engine {build.fuzzing_engine} ' - f'--architecture {build.architecture} {project.name}\n' - 'python infra/helper.py check_build --sanitizer ' - f'{build.sanitizer} --engine {build.fuzzing_engine} ' - f'--architecture {build.architecture} {project.name}\n' + - '*' * 80) - # Test fuzz targets. - test_step = { + env = CONFIGURATIONS['engine-' + fuzzing_engine][:] + env.extend(CONFIGURATIONS['sanitizer-' + sanitizer]) + out = '/workspace/out/' + sanitizer + stamped_name = '-'.join([name, sanitizer, time_stamp]) + latest_version_file = '-'.join( + [name, sanitizer, LATEST_VERSION_FILENAME]) + zip_file = stamped_name + '.zip' + stamped_srcmap_file = stamped_name + '.srcmap.json' + bucket = build_lib.ENGINE_INFO[fuzzing_engine].upload_bucket + if architecture != 'x86_64': + bucket += '-' + architecture + + upload_url = build_lib.get_signed_url( + build_lib.GCS_UPLOAD_URL_FORMAT.format(bucket, name, zip_file)) + srcmap_url = build_lib.get_signed_url( + build_lib.GCS_UPLOAD_URL_FORMAT.format(bucket, name, + stamped_srcmap_file)) + latest_version_url = build_lib.GCS_UPLOAD_URL_FORMAT.format( + bucket, name, latest_version_file) + latest_version_url = build_lib.get_signed_url( + latest_version_url, content_type=LATEST_VERSION_CONTENT_TYPE) + + targets_list_filename = build_lib.get_targets_list_filename(sanitizer) + targets_list_url = build_lib.get_signed_url( + build_lib.get_targets_list_url(bucket, name, sanitizer)) + + env.append('OUT=' + out) + env.append('MSAN_LIBS_PATH=/workspace/msan') + env.append('ARCHITECTURE=' + architecture) + env.append('FUZZING_LANGUAGE=' + language) + + workdir = workdir_from_dockerfile(dockerfile_lines) + if not workdir: + workdir = '/src' + + failure_msg = ('*' * 80 + '\nFailed to build.\nTo reproduce, run:\n' + 'python infra/helper.py build_image {name}\n' + 'python infra/helper.py build_fuzzers --sanitizer ' + '{sanitizer} --engine {engine} --architecture ' + '{architecture} {name}\n' + '*' * 80).format( + name=name, + sanitizer=sanitizer, + engine=fuzzing_engine, + architecture=architecture) + + build_steps.append( + # compile + { + 'name': + image, + 'env': + env, + 'args': [ + 'bash', + '-c', + # Remove /out to break loudly when a build script + # incorrectly uses /out instead of $OUT. + # `cd /src && cd {workdir}` (where {workdir} is parsed from + # the Dockerfile). Container Builder overrides our workdir + # so we need to add this step to set it back. + ('rm -r /out && cd /src && cd {workdir} && mkdir -p {out} ' + '&& compile || (echo "{failure_msg}" && false)' + ).format(workdir=workdir, out=out, failure_msg=failure_msg), + ], + }) + + if sanitizer == 'memory': + # Patch dynamic libraries to use instrumented ones. + build_steps.append({ 'name': - get_runner_image_name(base_images_project, - config.test_image_suffix), - 'env': - env, + 'gcr.io/{0}/msan-libs-builder'.format(base_images_project), 'args': [ - 'bash', '-c', - f'test_all.py || (echo "{failure_msg}" && false)' + 'bash', + '-c', + # TODO(ochang): Replace with just patch_build.py once + # permission in image is fixed. + 'python /usr/local/bin/patch_build.py {0}'.format(out), ], - 'id': - get_id('build-check', build) - } - maybe_add_parallel(test_step, get_last_step_id(build_steps), - config.parallel) - build_steps.append(test_step) - - if project.labels: - # Write target labels. + }) + + if run_tests: + failure_msg = ('*' * 80 + '\nBuild checks failed.\n' + 'To reproduce, run:\n' + 'python infra/helper.py build_image {name}\n' + 'python infra/helper.py build_fuzzers --sanitizer ' + '{sanitizer} --engine {engine} --architecture ' + '{architecture} {name}\n' + 'python infra/helper.py check_build --sanitizer ' + '{sanitizer} --engine {engine} --architecture ' + '{architecture} {name}\n' + '*' * 80).format( + name=name, + sanitizer=sanitizer, + engine=fuzzing_engine, + architecture=architecture) + + build_steps.append( + # test binaries + { + 'name': + 'gcr.io/{0}/base-runner'.format(base_images_project), + 'env': + env, + 'args': [ + 'bash', '-c', + 'test_all.py || (echo "{0}" && false)'.format(failure_msg) + ], + }) + + if project_yaml['labels']: + # write target labels build_steps.append({ 'name': - project.image, + image, 'env': env, 'args': [ '/usr/local/bin/write_labels.py', - json.dumps(project.labels), - build.out, + json.dumps(project_yaml['labels']), + out, ], }) - if build.sanitizer == 'dataflow' and build.fuzzing_engine == 'dataflow': - dataflow_steps = dataflow_post_build_steps(project.name, env, - base_images_project, - config.testing, - config.test_image_suffix) + if sanitizer == 'dataflow' and fuzzing_engine == 'dataflow': + dataflow_steps = dataflow_post_build_steps(name, env, + base_images_project) if dataflow_steps: build_steps.extend(dataflow_steps) else: sys.stderr.write('Skipping dataflow post build steps.\n') build_steps.extend([ - # Generate targets list. + # generate targets list { 'name': - get_runner_image_name(base_images_project, - config.test_image_suffix), + 'gcr.io/{0}/base-runner'.format(base_images_project), 'env': env, 'args': [ + 'bash', + '-c', + 'targets_list > /workspace/{0}'.format( + targets_list_filename), + ], + }, + # zip binaries + { + 'name': + image, + 'args': [ 'bash', '-c', - f'targets_list > /workspace/{build.targets_list_filename}' + 'cd {out} && zip -r {zip_file} *'.format(out=out, + zip_file=zip_file) + ], + }, + # upload srcmap + { + 'name': 'gcr.io/{0}/uploader'.format(base_images_project), + 'args': [ + '/workspace/srcmap.json', + srcmap_url, + ], + }, + # upload binaries + { + 'name': 'gcr.io/{0}/uploader'.format(base_images_project), + 'args': [ + os.path.join(out, zip_file), + upload_url, + ], + }, + # upload targets list + { + 'name': + 'gcr.io/{0}/uploader'.format(base_images_project), + 'args': [ + '/workspace/{0}'.format(targets_list_filename), + targets_list_url, + ], + }, + # upload the latest.version file + build_lib.http_upload_step(zip_file, latest_version_url, + LATEST_VERSION_CONTENT_TYPE), + # cleanup + { + 'name': image, + 'args': [ + 'bash', + '-c', + 'rm -r ' + out, ], - } + }, ]) - upload_steps = get_upload_steps(project, build, timestamp, - base_images_project, config.testing) - build_steps.extend(upload_steps) return build_steps -def get_targets_list_upload_step(bucket, project, build, uploader_image): - """Returns the step to upload targets_list for |build| of |project| to - |bucket|.""" - targets_list_url = build_lib.get_signed_url( - build_lib.get_targets_list_url(bucket, project.name, build.sanitizer)) - return { - 'name': uploader_image, - 'args': [ - f'/workspace/{build.targets_list_filename}', - targets_list_url, - ], - } - - -def get_uploader_image(base_images_project): - """Returns the uploader base image in |base_images_project|.""" - return f'gcr.io/{base_images_project}/uploader' - - -def get_upload_steps(project, build, timestamp, base_images_project, testing): - """Returns the steps for uploading the fuzzer build specified by |project| and - |build|. Uses |timestamp| for naming the uploads. Uses |base_images_project| - and |testing| for determining which image to use for the upload.""" - bucket = build_lib.get_upload_bucket(build.fuzzing_engine, build.architecture, - testing) - stamped_name = '-'.join([project.name, build.sanitizer, timestamp]) - zip_file = stamped_name + '.zip' - upload_url = build_lib.get_signed_url( - build_lib.GCS_UPLOAD_URL_FORMAT.format(bucket, project.name, zip_file)) - stamped_srcmap_file = stamped_name + '.srcmap.json' - srcmap_url = build_lib.get_signed_url( - build_lib.GCS_UPLOAD_URL_FORMAT.format(bucket, project.name, - stamped_srcmap_file)) - latest_version_file = '-'.join( - [project.name, build.sanitizer, LATEST_VERSION_FILENAME]) - latest_version_url = build_lib.GCS_UPLOAD_URL_FORMAT.format( - bucket, project.name, latest_version_file) - latest_version_url = build_lib.get_signed_url( - latest_version_url, content_type=LATEST_VERSION_CONTENT_TYPE) - uploader_image = get_uploader_image(base_images_project) - - upload_steps = [ - # Zip binaries. - { - 'name': project.image, - 'args': ['bash', '-c', f'cd {build.out} && zip -r {zip_file} *'], - }, - # Upload srcmap. - { - 'name': uploader_image, - 'args': [ - '/workspace/srcmap.json', - srcmap_url, - ], - }, - # Upload binaries. - { - 'name': uploader_image, - 'args': [ - os.path.join(build.out, zip_file), - upload_url, - ], - }, - # Upload targets list. - get_targets_list_upload_step(bucket, project, build, uploader_image), - # Upload the latest.version file. - build_lib.http_upload_step(zip_file, latest_version_url, - LATEST_VERSION_CONTENT_TYPE), - # Cleanup. - get_cleanup_step(project, build), - ] - return upload_steps - - -def get_cleanup_step(project, build): - """Returns the step for cleaning up after doing |build| of |project|.""" - return { - 'name': project.image, - 'args': [ - 'bash', - '-c', - 'rm -r ' + build.out, - ], - } - - -def get_runner_image_name(base_images_project, test_image_suffix): - """Returns the runner image that should be used, based on - |base_images_project|. Returns the testing image if |test_image_suffix|.""" - image = f'gcr.io/{base_images_project}/base-runner' - if test_image_suffix: - image += '-' + test_image_suffix - return image - - -def dataflow_post_build_steps(project_name, env, base_images_project, testing, - test_image_suffix): +def dataflow_post_build_steps(project_name, env, base_images_project): """Appends dataflow post build steps.""" - steps = build_lib.download_corpora_steps(project_name, testing) + steps = build_lib.download_corpora_steps(project_name) if not steps: return None steps.append({ 'name': - get_runner_image_name(base_images_project, test_image_suffix), + 'gcr.io/{0}/base-runner'.format(base_images_project), 'env': env + [ 'COLLECT_DFT_TIMEOUT=2h', @@ -477,126 +387,63 @@ def dataflow_post_build_steps(project_name, env, base_images_project, testing, return steps -def get_logs_url(build_id, cloud_project='oss-fuzz'): +def get_logs_url(build_id, image_project='oss-fuzz'): """Returns url where logs are displayed for the build.""" - return ('https://console.cloud.google.com/logs/viewer?' - f'resource=build%2Fbuild_id%2F{build_id}&project={cloud_project}') - - -def get_gcb_url(build_id, cloud_project='oss-fuzz'): - """Returns url where logs are displayed for the build.""" - return (f'https://console.cloud.google.com/cloud-build/builds/{build_id}' - f'?project={cloud_project}') + url_format = ('https://console.developers.google.com/logs/viewer?' + 'resource=build%2Fbuild_id%2F{0}&project={1}') + return url_format.format(build_id, image_project) # pylint: disable=no-member -def run_build(oss_fuzz_project, - build_steps, - credentials, - build_type, - cloud_project='oss-fuzz'): - """Run the build for given steps on cloud build. |build_steps| are the steps - to run. |credentials| are are used to authenticate to GCB and build in - |cloud_project|. |oss_fuzz_project| and |build_type| are used to tag the build - in GCB so the build can be queried for debugging purposes.""" +def run_build(build_steps, project_name, tag): + """Run the build for given steps on cloud build.""" options = {} if 'GCB_OPTIONS' in os.environ: options = yaml.safe_load(os.environ['GCB_OPTIONS']) - else: - options = DEFAULT_GCB_OPTIONS - tags = [oss_fuzz_project + '-' + build_type, build_type, oss_fuzz_project] build_body = { 'steps': build_steps, 'timeout': str(build_lib.BUILD_TIMEOUT) + 's', 'options': options, 'logsBucket': GCB_LOGS_BUCKET, - 'tags': tags, + 'tags': [project_name + '-' + tag,], 'queueTtl': str(QUEUE_TTL_SECONDS) + 's', } - cloudbuild = cloud_build('cloudbuild', - 'v1', - credentials=credentials, - cache_discovery=False) - build_info = cloudbuild.projects().builds().create(projectId=cloud_project, + credentials = GoogleCredentials.get_application_default() + cloudbuild = build('cloudbuild', + 'v1', + credentials=credentials, + cache_discovery=False) + build_info = cloudbuild.projects().builds().create(projectId='oss-fuzz', body=build_body).execute() build_id = build_info['metadata']['build']['id'] - logging.info('Build ID: %s', build_id) - logging.info('Logs: %s', get_logs_url(build_id, cloud_project)) - logging.info('Cloud build page: %s', get_gcb_url(build_id, cloud_project)) - return build_id - - -def get_args(description): - """Parses command line arguments and returns them. Suitable for a build - script.""" - parser = argparse.ArgumentParser(sys.argv[0], description=description) - parser.add_argument('projects', help='Projects.', nargs='+') - parser.add_argument('--testing', - action='store_true', - required=False, - default=False, - help='Upload to testing buckets.') - parser.add_argument('--test-image-suffix', - required=False, - default=None, - help='Use testing base-images.') - parser.add_argument('--branch', - required=False, - default=None, - help='Use specified OSS-Fuzz branch.') - parser.add_argument('--parallel', - action='store_true', - required=False, - default=False, - help='Do builds in parallel.') - return parser.parse_args() - - -def build_script_main(script_description, get_build_steps_func, build_type): - """Gets arguments from command line using |script_description| as helpstring - description. Gets build_steps using |get_build_steps_func| and then runs those - steps on GCB, tagging the builds with |build_type|. Returns 0 on success, 1 on - failure.""" - args = get_args(script_description) - logging.basicConfig(level=logging.INFO) + print('Logs:', get_logs_url(build_id), file=sys.stderr) + print(build_id) + + +def main(): + """Build and run projects.""" + if len(sys.argv) != 2: + usage() image_project = 'oss-fuzz' base_images_project = 'oss-fuzz-base' + project_dir = sys.argv[1].rstrip(os.path.sep) + dockerfile_path = os.path.join(project_dir, 'Dockerfile') + project_yaml_path = os.path.join(project_dir, 'project.yaml') + project_name = os.path.basename(project_dir) - credentials = oauth2client.client.GoogleCredentials.get_application_default() - error = False - config = Config(args.testing, args.test_image_suffix, args.branch, - args.parallel) - for project_name in args.projects: - logging.info('Getting steps for: "%s".', project_name) - try: - project_yaml_contents, dockerfile_contents = get_project_data( - project_name) - except FileNotFoundError: - logging.error('Couldn\'t get project data. Skipping %s.', project_name) - error = True - continue - - steps = get_build_steps_func(project_name, project_yaml_contents, - dockerfile_contents, image_project, - base_images_project, config) - if not steps: - logging.error('No steps. Skipping %s.', project_name) - error = True - continue - - run_build(project_name, steps, credentials, build_type) - return 0 if not error else 1 + with open(dockerfile_path) as dockerfile: + dockerfile_lines = dockerfile.readlines() + with open(project_yaml_path) as project_yaml_file: + steps = get_build_steps(project_name, project_yaml_file, dockerfile_lines, + image_project, base_images_project) -def main(): - """Build and run projects.""" - return build_script_main('Builds a project on GCB.', get_build_steps, - FUZZING_BUILD_TYPE) + run_build(steps, project_name, FUZZING_BUILD_TAG) if __name__ == '__main__': - sys.exit(main()) + main() diff --git a/infra/build/functions/build_project_test.py b/infra/build/functions/build_project_test.py deleted file mode 100644 index 43f6c1cfa..000000000 --- a/infra/build/functions/build_project_test.py +++ /dev/null @@ -1,77 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -"""Unit tests for build_project.""" -import json -import os -import sys -import unittest -from unittest import mock - -from pyfakefs import fake_filesystem_unittest - -FUNCTIONS_DIR = os.path.dirname(__file__) -sys.path.append(FUNCTIONS_DIR) -# pylint: disable=wrong-import-position - -import build_project -import test_utils - -# pylint: disable=no-member - - -class TestRequestCoverageBuilds(fake_filesystem_unittest.TestCase): - """Unit tests for sync.""" - - def setUp(self): - self.maxDiff = None # pylint: disable=invalid-name - self.setUpPyfakefs() - - @mock.patch('build_lib.get_signed_url', return_value='test_url') - @mock.patch('build_project.get_datetime_now', - return_value=test_utils.FAKE_DATETIME) - def test_get_build_steps(self, mock_url, mock_get_datetime_now): - """Test for get_build_steps.""" - del mock_url, mock_get_datetime_now - project_yaml_contents = ('language: c++\n' - 'sanitizers:\n' - ' - address\n' - ' - memory\n' - ' - undefined\n' - 'architectures:\n' - ' - x86_64\n' - ' - i386\n') - self.fs.create_dir(test_utils.PROJECT_DIR) - test_utils.create_project_data(test_utils.PROJECT, project_yaml_contents) - - expected_build_steps_file_path = test_utils.get_test_data_file_path( - 'expected_build_steps.json') - self.fs.add_real_file(expected_build_steps_file_path) - with open(expected_build_steps_file_path) as expected_build_steps_file: - expected_build_steps = json.load(expected_build_steps_file) - - config = build_project.Config(False, False, None, False) - project_yaml, dockerfile = build_project.get_project_data( - test_utils.PROJECT) - build_steps = build_project.get_build_steps(test_utils.PROJECT, - project_yaml, dockerfile, - test_utils.IMAGE_PROJECT, - test_utils.BASE_IMAGES_PROJECT, - config) - self.assertEqual(build_steps, expected_build_steps) - - -if __name__ == '__main__': - unittest.main(exit=False) diff --git a/infra/build/functions/deploy.sh b/infra/build/functions/deploy.sh index 3edf6ee17..ea094e3b2 100755 --- a/infra/build/functions/deploy.sh +++ b/infra/build/functions/deploy.sh @@ -80,10 +80,9 @@ function deploy_cloud_function { --runtime python38 \ --project $project \ --timeout 540 \ - --region us-central1 \ - --set-env-vars GCP_PROJECT=$project,FUNCTION_REGION=us-central1 \ - --max-instances 1 \ - --memory 2048MB + --region us-central1 \ + --set-env-vars GCP_PROJECT=$project,FUNCTION_REGION=us-central1 \ + --max-instances 1 } if [ $# == 1 ]; then @@ -136,6 +135,11 @@ deploy_cloud_function base-image-build \ $BASE_IMAGE_JOB_TOPIC \ $PROJECT_ID +deploy_cloud_function base-msan-build \ + build_msan \ + $BASE_IMAGE_JOB_TOPIC \ + $PROJECT_ID + deploy_cloud_function request-build \ build_project \ $BUILD_JOB_TOPIC \ diff --git a/infra/build/functions/expected_build_steps.json b/infra/build/functions/expected_build_steps.json new file mode 100644 index 000000000..da9c63654 --- /dev/null +++ b/infra/build/functions/expected_build_steps.json @@ -0,0 +1,330 @@ +[ + { + "args": [ + "clone", + "https://github.com/google/oss-fuzz.git" + ], + "name": "gcr.io/cloud-builders/git" + }, + { + "name": "gcr.io/cloud-builders/docker", + "args": [ + "build", + "-t", + "gcr.io/oss-fuzz/test-project", + "." + ], + "dir": "oss-fuzz/projects/test-project" + }, + { + "name": "gcr.io/oss-fuzz/test-project", + "args": [ + "bash", + "-c", + "srcmap > /workspace/srcmap.json && cat /workspace/srcmap.json" + ], + "env": [ + "OSSFUZZ_REVISION=$REVISION_ID", + "FUZZING_LANGUAGE=c++" + ] + }, + { + "name": "gcr.io/oss-fuzz-base/msan-libs-builder", + "args": [ + "bash", + "-c", + "cp -r /msan /workspace" + ] + }, + { + "name": "gcr.io/oss-fuzz/test-project", + "env": [ + "FUZZING_ENGINE=libfuzzer", + "SANITIZER=address", + "OUT=/workspace/out/address", + "MSAN_LIBS_PATH=/workspace/msan", + "ARCHITECTURE=x86_64", + "FUZZING_LANGUAGE=c++" + ], + "args": [ + "bash", + "-c", + "rm -r /out && cd /src && cd /src && mkdir -p /workspace/out/address && compile || (echo \"********************************************************************************\nFailed to build.\nTo reproduce, run:\npython infra/helper.py build_image test-project\npython infra/helper.py build_fuzzers --sanitizer address --engine libfuzzer --architecture x86_64 test-project\n********************************************************************************\" && false)" + ] + }, + { + "name": "gcr.io/oss-fuzz-base/base-runner", + "env": [ + "FUZZING_ENGINE=libfuzzer", + "SANITIZER=address", + "OUT=/workspace/out/address", + "MSAN_LIBS_PATH=/workspace/msan", + "ARCHITECTURE=x86_64", + "FUZZING_LANGUAGE=c++" + ], + "args": [ + "bash", + "-c", + "test_all.py || (echo \"********************************************************************************\nBuild checks failed.\nTo reproduce, run:\npython infra/helper.py build_image test-project\npython infra/helper.py build_fuzzers --sanitizer address --engine libfuzzer --architecture x86_64 test-project\npython infra/helper.py check_build --sanitizer address --engine libfuzzer --architecture x86_64 test-project\n********************************************************************************\" && false)" + ] + }, + { + "name": "gcr.io/oss-fuzz-base/base-runner", + "env": [ + "FUZZING_ENGINE=libfuzzer", + "SANITIZER=address", + "OUT=/workspace/out/address", + "MSAN_LIBS_PATH=/workspace/msan", + "ARCHITECTURE=x86_64", + "FUZZING_LANGUAGE=c++" + ], + "args": [ + "bash", + "-c", + "targets_list > /workspace/targets.list.address" + ] + }, + { + "name": "gcr.io/oss-fuzz/test-project", + "args": [ + "bash", + "-c", + "cd /workspace/out/address && zip -r test-project-address-202001010000.zip *" + ] + }, + { + "name": "gcr.io/oss-fuzz-base/uploader", + "args": [ + "/workspace/srcmap.json", + "test_url" + ] + }, + { + "name": "gcr.io/oss-fuzz-base/uploader", + "args": [ + "/workspace/out/address/test-project-address-202001010000.zip", + "test_url" + ] + }, + { + "name": "gcr.io/oss-fuzz-base/uploader", + "args": [ + "/workspace/targets.list.address", + "test_url" + ] + }, + { + "name": "gcr.io/cloud-builders/curl", + "args": [ + "-H", + "Content-Type: text/plain", + "-X", + "PUT", + "-d", + "test-project-address-202001010000.zip", + "test_url" + ] + }, + { + "name": "gcr.io/oss-fuzz/test-project", + "args": [ + "bash", + "-c", + "rm -r /workspace/out/address" + ] + }, + { + "name": "gcr.io/oss-fuzz/test-project", + "env": [ + "FUZZING_ENGINE=afl", + "SANITIZER=address", + "OUT=/workspace/out/address", + "MSAN_LIBS_PATH=/workspace/msan", + "ARCHITECTURE=x86_64", + "FUZZING_LANGUAGE=c++" + ], + "args": [ + "bash", + "-c", + "rm -r /out && cd /src && cd /src && mkdir -p /workspace/out/address && compile || (echo \"********************************************************************************\nFailed to build.\nTo reproduce, run:\npython infra/helper.py build_image test-project\npython infra/helper.py build_fuzzers --sanitizer address --engine afl --architecture x86_64 test-project\n********************************************************************************\" && false)" + ] + }, + { + "name": "gcr.io/oss-fuzz-base/base-runner", + "env": [ + "FUZZING_ENGINE=afl", + "SANITIZER=address", + "OUT=/workspace/out/address", + "MSAN_LIBS_PATH=/workspace/msan", + "ARCHITECTURE=x86_64", + "FUZZING_LANGUAGE=c++" + ], + "args": [ + "bash", + "-c", + "test_all.py || (echo \"********************************************************************************\nBuild checks failed.\nTo reproduce, run:\npython infra/helper.py build_image test-project\npython infra/helper.py build_fuzzers --sanitizer address --engine afl --architecture x86_64 test-project\npython infra/helper.py check_build --sanitizer address --engine afl --architecture x86_64 test-project\n********************************************************************************\" && false)" + ] + }, + { + "name": "gcr.io/oss-fuzz-base/base-runner", + "env": [ + "FUZZING_ENGINE=afl", + "SANITIZER=address", + "OUT=/workspace/out/address", + "MSAN_LIBS_PATH=/workspace/msan", + "ARCHITECTURE=x86_64", + "FUZZING_LANGUAGE=c++" + ], + "args": [ + "bash", + "-c", + "targets_list > /workspace/targets.list.address" + ] + }, + { + "name": "gcr.io/oss-fuzz/test-project", + "args": [ + "bash", + "-c", + "cd /workspace/out/address && zip -r test-project-address-202001010000.zip *" + ] + }, + { + "name": "gcr.io/oss-fuzz-base/uploader", + "args": [ + "/workspace/srcmap.json", + "test_url" + ] + }, + { + "name": "gcr.io/oss-fuzz-base/uploader", + "args": [ + "/workspace/out/address/test-project-address-202001010000.zip", + "test_url" + ] + }, + { + "name": "gcr.io/oss-fuzz-base/uploader", + "args": [ + "/workspace/targets.list.address", + "test_url" + ] + }, + { + "name": "gcr.io/cloud-builders/curl", + "args": [ + "-H", + "Content-Type: text/plain", + "-X", + "PUT", + "-d", + "test-project-address-202001010000.zip", + "test_url" + ] + }, + { + "name": "gcr.io/oss-fuzz/test-project", + "args": [ + "bash", + "-c", + "rm -r /workspace/out/address" + ] + }, + { + "name": "gcr.io/oss-fuzz/test-project", + "env": [ + "FUZZING_ENGINE=honggfuzz", + "SANITIZER=address", + "OUT=/workspace/out/address", + "MSAN_LIBS_PATH=/workspace/msan", + "ARCHITECTURE=x86_64", + "FUZZING_LANGUAGE=c++" + ], + "args": [ + "bash", + "-c", + "rm -r /out && cd /src && cd /src && mkdir -p /workspace/out/address && compile || (echo \"********************************************************************************\nFailed to build.\nTo reproduce, run:\npython infra/helper.py build_image test-project\npython infra/helper.py build_fuzzers --sanitizer address --engine honggfuzz --architecture x86_64 test-project\n********************************************************************************\" && false)" + ] + }, + { + "name": "gcr.io/oss-fuzz-base/base-runner", + "env": [ + "FUZZING_ENGINE=honggfuzz", + "SANITIZER=address", + "OUT=/workspace/out/address", + "MSAN_LIBS_PATH=/workspace/msan", + "ARCHITECTURE=x86_64", + "FUZZING_LANGUAGE=c++" + ], + "args": [ + "bash", + "-c", + "test_all.py || (echo \"********************************************************************************\nBuild checks failed.\nTo reproduce, run:\npython infra/helper.py build_image test-project\npython infra/helper.py build_fuzzers --sanitizer address --engine honggfuzz --architecture x86_64 test-project\npython infra/helper.py check_build --sanitizer address --engine honggfuzz --architecture x86_64 test-project\n********************************************************************************\" && false)" + ] + }, + { + "name": "gcr.io/oss-fuzz-base/base-runner", + "env": [ + "FUZZING_ENGINE=honggfuzz", + "SANITIZER=address", + "OUT=/workspace/out/address", + "MSAN_LIBS_PATH=/workspace/msan", + "ARCHITECTURE=x86_64", + "FUZZING_LANGUAGE=c++" + ], + "args": [ + "bash", + "-c", + "targets_list > /workspace/targets.list.address" + ] + }, + { + "name": "gcr.io/oss-fuzz/test-project", + "args": [ + "bash", + "-c", + "cd /workspace/out/address && zip -r test-project-address-202001010000.zip *" + ] + }, + { + "name": "gcr.io/oss-fuzz-base/uploader", + "args": [ + "/workspace/srcmap.json", + "test_url" + ] + }, + { + "name": "gcr.io/oss-fuzz-base/uploader", + "args": [ + "/workspace/out/address/test-project-address-202001010000.zip", + "test_url" + ] + }, + { + "name": "gcr.io/oss-fuzz-base/uploader", + "args": [ + "/workspace/targets.list.address", + "test_url" + ] + }, + { + "name": "gcr.io/cloud-builders/curl", + "args": [ + "-H", + "Content-Type: text/plain", + "-X", + "PUT", + "-d", + "test-project-address-202001010000.zip", + "test_url" + ] + }, + { + "name": "gcr.io/oss-fuzz/test-project", + "args": [ + "bash", + "-c", + "rm -r /workspace/out/address" + ] + } +] diff --git a/infra/build/functions/test_data/expected_coverage_build_steps.json b/infra/build/functions/expected_coverage_build_steps.json index 2af48f58d..19b1d5b81 100644 --- a/infra/build/functions/test_data/expected_coverage_build_steps.json +++ b/infra/build/functions/expected_coverage_build_steps.json @@ -2,9 +2,7 @@ { "args": [ "clone", - "https://github.com/google/oss-fuzz.git", - "--depth", - "1" + "https://github.com/google/oss-fuzz.git" ], "name": "gcr.io/cloud-builders/git" }, @@ -28,25 +26,21 @@ "env": [ "OSSFUZZ_REVISION=$REVISION_ID", "FUZZING_LANGUAGE=c++" - ], - "id": "srcmap" + ] }, { "name": "gcr.io/oss-fuzz/test-project", "env": [ - "ARCHITECTURE=x86_64", "FUZZING_ENGINE=libfuzzer", - "FUZZING_LANGUAGE=c++", - "HOME=/root", - "OUT=/workspace/out/libfuzzer-coverage-x86_64", - "SANITIZER=coverage" + "SANITIZER=coverage", + "OUT=/workspace/out/coverage", + "FUZZING_LANGUAGE=c++" ], "args": [ "bash", "-c", - "rm -r /out && cd /src && cd /src && mkdir -p /workspace/out/libfuzzer-coverage-x86_64 && compile || (echo \"********************************************************************************\nFailed to build.\nTo reproduce, run:\npython infra/helper.py build_image test-project\npython infra/helper.py build_fuzzers --sanitizer coverage --engine libfuzzer --architecture x86_64 test-project\n********************************************************************************\" && false)" - ], - "id": "compile-libfuzzer-coverage-x86_64" + "rm -r /out && cd /src && cd /src && mkdir -p /workspace/out/coverage && compile || (echo \"********************************************************************************\nCoverage build failed.\nTo reproduce, run:\npython infra/helper.py build_image test-project\npython infra/helper.py build_fuzzers --sanitizer coverage test-project\n********************************************************************************\" && false)" + ] }, { "url": "test_download" @@ -54,12 +48,10 @@ { "name": "gcr.io/oss-fuzz-base/base-runner", "env": [ - "ARCHITECTURE=x86_64", "FUZZING_ENGINE=libfuzzer", - "FUZZING_LANGUAGE=c++", - "HOME=/root", - "OUT=/workspace/out/libfuzzer-coverage-x86_64", "SANITIZER=coverage", + "OUT=/workspace/out/coverage", + "FUZZING_LANGUAGE=c++", "HTTP_PORT=", "COVERAGE_EXTRA_ARGS=" ], @@ -89,7 +81,7 @@ "-m", "cp", "-r", - "/workspace/out/libfuzzer-coverage-x86_64/report", + "/workspace/out/coverage/report", "gs://oss-fuzz-coverage/test-project/reports/20200101" ] }, @@ -107,7 +99,7 @@ "-m", "cp", "-r", - "/workspace/out/libfuzzer-coverage-x86_64/fuzzer_stats", + "/workspace/out/coverage/fuzzer_stats", "gs://oss-fuzz-coverage/test-project/fuzzer_stats/20200101" ] }, @@ -125,7 +117,7 @@ "-m", "cp", "-r", - "/workspace/out/libfuzzer-coverage-x86_64/logs", + "/workspace/out/coverage/logs", "gs://oss-fuzz-coverage/test-project/logs/20200101" ] }, @@ -149,4 +141,4 @@ "test_url" ] } -] +]
\ No newline at end of file diff --git a/infra/build/functions/main.py b/infra/build/functions/main.py index c34dc1329..1bfd35818 100644 --- a/infra/build/functions/main.py +++ b/infra/build/functions/main.py @@ -45,3 +45,8 @@ def coverage_build(event, context): def builds_status(event, context): """Entry point for builds status cloud function.""" update_build_status.update_status(event, context) + + +def build_msan(event, context): + """Entry point for base msan builder.""" + base_images.base_msan_builder(event, context) diff --git a/infra/build/functions/project_sync.py b/infra/build/functions/project_sync.py index 7b30cae2d..debdbbd9a 100644 --- a/infra/build/functions/project_sync.py +++ b/infra/build/functions/project_sync.py @@ -94,8 +94,8 @@ def update_scheduler(cloud_scheduler_client, project, schedule, tag): def delete_project(cloud_scheduler_client, project): """Delete the given project.""" logging.info('Deleting project %s', project.name) - for tag in (build_project.FUZZING_BUILD_TYPE, - build_and_run_coverage.COVERAGE_BUILD_TYPE): + for tag in (build_project.FUZZING_BUILD_TAG, + build_and_run_coverage.COVERAGE_BUILD_TAG): try: delete_scheduler(cloud_scheduler_client, project.name, tag) except exceptions.NotFound: @@ -124,9 +124,9 @@ def sync_projects(cloud_scheduler_client, projects): try: create_scheduler(cloud_scheduler_client, project_name, projects[project_name].schedule, - build_project.FUZZING_BUILD_TYPE, FUZZING_BUILD_TOPIC) + build_project.FUZZING_BUILD_TAG, FUZZING_BUILD_TOPIC) create_scheduler(cloud_scheduler_client, project_name, COVERAGE_SCHEDULE, - build_and_run_coverage.COVERAGE_BUILD_TYPE, + build_and_run_coverage.COVERAGE_BUILD_TAG, COVERAGE_BUILD_TOPIC) project_metadata = projects[project_name] Project(name=project_name, @@ -149,7 +149,7 @@ def sync_projects(cloud_scheduler_client, projects): logging.info('Schedule changed.') update_scheduler(cloud_scheduler_client, project, projects[project.name].schedule, - build_project.FUZZING_BUILD_TYPE) + build_project.FUZZING_BUILD_TAG) project.schedule = project_metadata.schedule project_changed = True except exceptions.GoogleAPICallError as error: @@ -232,7 +232,7 @@ def get_github_creds(): def sync(event, context): """Sync projects with cloud datastore.""" - del event, context # Unused. + del event, context #unused with ndb.Client().context(): git_creds = get_github_creds() diff --git a/infra/build/functions/project_sync_test.py b/infra/build/functions/project_sync_test.py index ad1330eaf..f90733810 100644 --- a/infra/build/functions/project_sync_test.py +++ b/infra/build/functions/project_sync_test.py @@ -71,7 +71,7 @@ class CloudSchedulerClient: # pylint: disable=no-self-use def location_path(self, project_id, location_id): """Return project path.""" - return f'projects/{project_id}/location/{location_id}' + return 'projects/{}/location/{}'.format(project_id, location_id) def create_job(self, parent, job): """Simulate create job.""" @@ -81,7 +81,8 @@ class CloudSchedulerClient: # pylint: disable=no-self-use def job_path(self, project_id, location_id, name): """Return job path.""" - return f'projects/{project_id}/location/{location_id}/jobs/{name}' + return 'projects/{}/location/{}/jobs/{}'.format(project_id, location_id, + name) def delete_job(self, name): """Simulate delete jobs.""" diff --git a/infra/build/functions/request_build.py b/infra/build/functions/request_build.py index 543bafb33..6f0ab62a3 100644 --- a/infra/build/functions/request_build.py +++ b/infra/build/functions/request_build.py @@ -15,10 +15,13 @@ ################################################################################ """Cloud function to request builds.""" import base64 +import logging import google.auth +from googleapiclient.discovery import build from google.cloud import ndb +import build_lib import build_project from datastore_entities import BuildsHistory from datastore_entities import Project @@ -52,33 +55,46 @@ def get_project_data(project_name): project = query.get() if not project: raise RuntimeError( - f'Project {project_name} not available in cloud datastore') + 'Project {0} not available in cloud datastore'.format(project_name)) + project_yaml_contents = project.project_yaml_contents + dockerfile_lines = project.dockerfile_contents.split('\n') - return project.project_yaml_contents, project.dockerfile_contents - - -def get_empty_config(): - """Returns an empty build config.""" - return build_project.Config(False, None, None, False) + return (project_yaml_contents, dockerfile_lines) def get_build_steps(project_name, image_project, base_images_project): """Retrieve build steps.""" - # TODO(metzman): Figure out if we need this. project_yaml_contents, dockerfile_lines = get_project_data(project_name) - build_config = get_empty_config() return build_project.get_build_steps(project_name, project_yaml_contents, dockerfile_lines, image_project, - base_images_project, build_config) + base_images_project) -def run_build(oss_fuzz_project, build_steps, credentials, build_type, - cloud_project): - """Execute build on cloud build. Wrapper around build_project.py that also - updates the db.""" - build_id = build_project.run_build(oss_fuzz_project, build_steps, credentials, - build_type, cloud_project) - update_build_history(oss_fuzz_project, build_id, build_type) +# pylint: disable=no-member +def run_build(project_name, image_project, build_steps, credentials, tag): + """Execute build on cloud build.""" + build_body = { + 'steps': build_steps, + 'timeout': str(build_lib.BUILD_TIMEOUT) + 's', + 'options': { + 'machineType': 'N1_HIGHCPU_32' + }, + 'logsBucket': build_project.GCB_LOGS_BUCKET, + 'tags': [project_name + '-' + tag,], + 'queueTtl': str(QUEUE_TTL_SECONDS) + 's', + } + + cloudbuild = build('cloudbuild', + 'v1', + credentials=credentials, + cache_discovery=False) + build_info = cloudbuild.projects().builds().create(projectId=image_project, + body=build_body).execute() + build_id = build_info['metadata']['build']['id'] + + update_build_history(project_name, build_id, tag) + logging.info('Build ID: %s', build_id) + logging.info('Logs: %s', build_project.get_logs_url(build_id, image_project)) # pylint: disable=no-member @@ -91,14 +107,9 @@ def request_build(event, context): raise RuntimeError('Project name missing from payload') with ndb.Client().context(): - credentials, cloud_project = google.auth.default() - build_steps = get_build_steps(project_name, cloud_project, BASE_PROJECT) + credentials, image_project = google.auth.default() + build_steps = get_build_steps(project_name, image_project, BASE_PROJECT) if not build_steps: return - run_build( - project_name, - build_steps, - credentials, - build_project.FUZZING_BUILD_TYPE, - cloud_project=cloud_project, - ) + run_build(project_name, image_project, build_steps, credentials, + build_project.FUZZING_BUILD_TAG) diff --git a/infra/build/functions/request_build_test.py b/infra/build/functions/request_build_test.py index 1eb1d8efc..22a4a1056 100644 --- a/infra/build/functions/request_build_test.py +++ b/infra/build/functions/request_build_test.py @@ -14,17 +14,23 @@ # ################################################################################ """Unit tests for Cloud Function request builds which builds projects.""" +import json +import datetime import os import sys import unittest +from unittest import mock from google.cloud import ndb sys.path.append(os.path.dirname(__file__)) # pylint: disable=wrong-import-position -import datastore_entities -import request_build +from datastore_entities import BuildsHistory +from datastore_entities import Project +from request_build import get_build_steps +from request_build import get_project_data +from request_build import update_build_history import test_utils # pylint: disable=no-member @@ -42,42 +48,65 @@ class TestRequestBuilds(unittest.TestCase): def setUp(self): test_utils.reset_ds_emulator() - self.maxDiff = None # pylint: disable=invalid-name + + @mock.patch('build_lib.get_signed_url', return_value='test_url') + @mock.patch('datetime.datetime') + def test_get_build_steps(self, mocked_url, mocked_time): + """Test for get_build_steps.""" + del mocked_url, mocked_time + datetime.datetime = test_utils.SpoofedDatetime + project_yaml_contents = ('language: c++\n' + 'sanitizers:\n' + ' - address\n' + 'architectures:\n' + ' - x86_64\n') + image_project = 'oss-fuzz' + base_images_project = 'oss-fuzz-base' + testcase_path = os.path.join(os.path.dirname(__file__), + 'expected_build_steps.json') + with open(testcase_path) as testcase_file: + expected_build_steps = json.load(testcase_file) + + with ndb.Client().context(): + Project(name='test-project', + project_yaml_contents=project_yaml_contents, + dockerfile_contents='test line').put() + build_steps = get_build_steps('test-project', image_project, + base_images_project) + self.assertEqual(build_steps, expected_build_steps) def test_get_build_steps_no_project(self): """Test for when project isn't available in datastore.""" with ndb.Client().context(): - self.assertRaises(RuntimeError, request_build.get_build_steps, - 'test-project', 'oss-fuzz', 'oss-fuzz-base') + self.assertRaises(RuntimeError, get_build_steps, 'test-project', + 'oss-fuzz', 'oss-fuzz-base') def test_build_history(self): """Testing build history.""" with ndb.Client().context(): - datastore_entities.BuildsHistory(id='test-project-fuzzing', - build_tag='fuzzing', - project='test-project', - build_ids=[str(i) for i in range(1, 65) - ]).put() - request_build.update_build_history('test-project', '65', 'fuzzing') + BuildsHistory(id='test-project-fuzzing', + build_tag='fuzzing', + project='test-project', + build_ids=[str(i) for i in range(1, 65)]).put() + update_build_history('test-project', '65', 'fuzzing') expected_build_ids = [str(i) for i in range(2, 66)] - self.assertEqual(datastore_entities.BuildsHistory.query().get().build_ids, + self.assertEqual(BuildsHistory.query().get().build_ids, expected_build_ids) def test_build_history_no_existing_project(self): """Testing build history when build history object is missing.""" with ndb.Client().context(): - request_build.update_build_history('test-project', '1', 'fuzzing') + update_build_history('test-project', '1', 'fuzzing') expected_build_ids = ['1'] - self.assertEqual(datastore_entities.BuildsHistory.query().get().build_ids, + self.assertEqual(BuildsHistory.query().get().build_ids, expected_build_ids) def test_get_project_data(self): """Testing get project data.""" with ndb.Client().context(): - self.assertRaises(RuntimeError, request_build.get_project_data, - 'test-project') + self.assertRaises(RuntimeError, get_project_data, 'test-project') @classmethod def tearDownClass(cls): diff --git a/infra/build/functions/request_coverage_build.py b/infra/build/functions/request_coverage_build.py index a3890cb32..1b4ac0e47 100644 --- a/infra/build/functions/request_coverage_build.py +++ b/infra/build/functions/request_coverage_build.py @@ -27,31 +27,27 @@ BASE_PROJECT = 'oss-fuzz-base' def get_build_steps(project_name, image_project, base_images_project): """Retrieve build steps.""" - build_config = request_build.get_empty_config() project_yaml_contents, dockerfile_lines = request_build.get_project_data( project_name) return build_and_run_coverage.get_build_steps(project_name, project_yaml_contents, dockerfile_lines, image_project, - base_images_project, - build_config) + base_images_project) def request_coverage_build(event, context): """Entry point for coverage build cloud function.""" - del context # Unused. + del context #unused if 'data' in event: project_name = base64.b64decode(event['data']).decode('utf-8') else: raise RuntimeError('Project name missing from payload') with ndb.Client().context(): - credentials, cloud_project = google.auth.default() - build_steps = get_build_steps(project_name, cloud_project, BASE_PROJECT) + credentials, image_project = google.auth.default() + build_steps = get_build_steps(project_name, image_project, BASE_PROJECT) if not build_steps: return - request_build.run_build(project_name, - build_steps, + request_build.run_build(project_name, image_project, build_steps, credentials, - build_and_run_coverage.COVERAGE_BUILD_TYPE, - cloud_project=cloud_project) + build_and_run_coverage.COVERAGE_BUILD_TAG) diff --git a/infra/build/functions/request_coverage_build_test.py b/infra/build/functions/request_coverage_build_test.py new file mode 100644 index 000000000..1327e36a0 --- /dev/null +++ b/infra/build/functions/request_coverage_build_test.py @@ -0,0 +1,90 @@ +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +"""Unit tests for Cloud Function that builds coverage reports.""" +import json +import datetime +import os +import sys +import unittest +from unittest import mock + +from google.cloud import ndb + +sys.path.append(os.path.dirname(__file__)) +# pylint: disable=wrong-import-position + +from datastore_entities import Project +from build_and_run_coverage import get_build_steps +import test_utils + +# pylint: disable=no-member + + +class TestRequestCoverageBuilds(unittest.TestCase): + """Unit tests for sync.""" + + @classmethod + def setUpClass(cls): + cls.ds_emulator = test_utils.start_datastore_emulator() + test_utils.wait_for_emulator_ready(cls.ds_emulator, 'datastore', + test_utils.DATASTORE_READY_INDICATOR) + test_utils.set_gcp_environment() + + def setUp(self): + test_utils.reset_ds_emulator() + + @mock.patch('build_lib.get_signed_url', return_value='test_url') + @mock.patch('build_lib.download_corpora_steps', + return_value=[{ + 'url': 'test_download' + }]) + @mock.patch('datetime.datetime') + def test_get_coverage_build_steps(self, mocked_url, mocked_corpora_steps, + mocked_time): + """Test for get_build_steps.""" + del mocked_url, mocked_corpora_steps, mocked_time + datetime.datetime = test_utils.SpoofedDatetime + project_yaml_contents = ('language: c++\n' + 'sanitizers:\n' + ' - address\n' + 'architectures:\n' + ' - x86_64\n') + dockerfile_contents = 'test line' + image_project = 'oss-fuzz' + base_images_project = 'oss-fuzz-base' + testcase_path = os.path.join(os.path.dirname(__file__), + 'expected_coverage_build_steps.json') + with open(testcase_path) as testcase_file: + expected_coverage_build_steps = json.load(testcase_file) + + with ndb.Client().context(): + Project(name='test-project', + project_yaml_contents=project_yaml_contents, + dockerfile_contents=dockerfile_contents).put() + + dockerfile_lines = dockerfile_contents.split('\n') + build_steps = get_build_steps('test-project', project_yaml_contents, + dockerfile_lines, image_project, + base_images_project) + self.assertEqual(build_steps, expected_coverage_build_steps) + + @classmethod + def tearDownClass(cls): + test_utils.cleanup_emulator(cls.ds_emulator) + + +if __name__ == '__main__': + unittest.main(exit=False) diff --git a/infra/build/functions/test_data/expected_build_steps.json b/infra/build/functions/test_data/expected_build_steps.json deleted file mode 100644 index f0e39832b..000000000 --- a/infra/build/functions/test_data/expected_build_steps.json +++ /dev/null @@ -1,628 +0,0 @@ -[ - { - "args": [ - "clone", - "https://github.com/google/oss-fuzz.git", - "--depth", - "1" - ], - "name": "gcr.io/cloud-builders/git" - }, - { - "name": "gcr.io/cloud-builders/docker", - "args": [ - "build", - "-t", - "gcr.io/oss-fuzz/test-project", - "." - ], - "dir": "oss-fuzz/projects/test-project" - }, - { - "name": "gcr.io/oss-fuzz/test-project", - "args": [ - "bash", - "-c", - "srcmap > /workspace/srcmap.json && cat /workspace/srcmap.json" - ], - "env": [ - "OSSFUZZ_REVISION=$REVISION_ID", - "FUZZING_LANGUAGE=c++" - ], - "id": "srcmap" - }, - { - "name": "gcr.io/oss-fuzz/test-project", - "env": [ - "ARCHITECTURE=x86_64", - "FUZZING_ENGINE=afl", - "FUZZING_LANGUAGE=c++", - "HOME=/root", - "OUT=/workspace/out/afl-address-x86_64", - "SANITIZER=address" - ], - "args": [ - "bash", - "-c", - "rm -r /out && cd /src && cd /src && mkdir -p /workspace/out/afl-address-x86_64 && compile || (echo \"********************************************************************************\nFailed to build.\nTo reproduce, run:\npython infra/helper.py build_image test-project\npython infra/helper.py build_fuzzers --sanitizer address --engine afl --architecture x86_64 test-project\n********************************************************************************\" && false)" - ], - "id": "compile-afl-address-x86_64" - }, - { - "name": "gcr.io/oss-fuzz-base/base-runner", - "env": [ - "ARCHITECTURE=x86_64", - "FUZZING_ENGINE=afl", - "FUZZING_LANGUAGE=c++", - "HOME=/root", - "OUT=/workspace/out/afl-address-x86_64", - "SANITIZER=address" - ], - "args": [ - "bash", - "-c", - "test_all.py || (echo \"********************************************************************************\nBuild checks failed.\nTo reproduce, run:\npython infra/helper.py build_image test-project\npython infra/helper.py build_fuzzers --sanitizer address --engine afl --architecture x86_64 test-project\npython infra/helper.py check_build --sanitizer address --engine afl --architecture x86_64 test-project\n********************************************************************************\" && false)" - ], - "id": "build-check-afl-address-x86_64" - }, - { - "name": "gcr.io/oss-fuzz-base/base-runner", - "env": [ - "ARCHITECTURE=x86_64", - "FUZZING_ENGINE=afl", - "FUZZING_LANGUAGE=c++", - "HOME=/root", - "OUT=/workspace/out/afl-address-x86_64", - "SANITIZER=address" - ], - "args": [ - "bash", - "-c", - "targets_list > /workspace/targets.list.address" - ] - }, - { - "name": "gcr.io/oss-fuzz/test-project", - "args": [ - "bash", - "-c", - "cd /workspace/out/afl-address-x86_64 && zip -r test-project-address-202001010000.zip *" - ] - }, - { - "name": "gcr.io/oss-fuzz-base/uploader", - "args": [ - "/workspace/srcmap.json", - "test_url" - ] - }, - { - "name": "gcr.io/oss-fuzz-base/uploader", - "args": [ - "/workspace/out/afl-address-x86_64/test-project-address-202001010000.zip", - "test_url" - ] - }, - { - "name": "gcr.io/oss-fuzz-base/uploader", - "args": [ - "/workspace/targets.list.address", - "test_url" - ] - }, - { - "name": "gcr.io/cloud-builders/curl", - "args": [ - "-H", - "Content-Type: text/plain", - "-X", - "PUT", - "-d", - "test-project-address-202001010000.zip", - "test_url" - ] - }, - { - "name": "gcr.io/oss-fuzz/test-project", - "args": [ - "bash", - "-c", - "rm -r /workspace/out/afl-address-x86_64" - ] - }, - { - "name": "gcr.io/oss-fuzz/test-project", - "env": [ - "ARCHITECTURE=x86_64", - "FUZZING_ENGINE=honggfuzz", - "FUZZING_LANGUAGE=c++", - "HOME=/root", - "OUT=/workspace/out/honggfuzz-address-x86_64", - "SANITIZER=address" - ], - "args": [ - "bash", - "-c", - "rm -r /out && cd /src && cd /src && mkdir -p /workspace/out/honggfuzz-address-x86_64 && compile || (echo \"********************************************************************************\nFailed to build.\nTo reproduce, run:\npython infra/helper.py build_image test-project\npython infra/helper.py build_fuzzers --sanitizer address --engine honggfuzz --architecture x86_64 test-project\n********************************************************************************\" && false)" - ], - "id": "compile-honggfuzz-address-x86_64" - }, - { - "name": "gcr.io/oss-fuzz-base/base-runner", - "env": [ - "ARCHITECTURE=x86_64", - "FUZZING_ENGINE=honggfuzz", - "FUZZING_LANGUAGE=c++", - "HOME=/root", - "OUT=/workspace/out/honggfuzz-address-x86_64", - "SANITIZER=address" - ], - "args": [ - "bash", - "-c", - "test_all.py || (echo \"********************************************************************************\nBuild checks failed.\nTo reproduce, run:\npython infra/helper.py build_image test-project\npython infra/helper.py build_fuzzers --sanitizer address --engine honggfuzz --architecture x86_64 test-project\npython infra/helper.py check_build --sanitizer address --engine honggfuzz --architecture x86_64 test-project\n********************************************************************************\" && false)" - ], - "id": "build-check-honggfuzz-address-x86_64" - }, - { - "name": "gcr.io/oss-fuzz-base/base-runner", - "env": [ - "ARCHITECTURE=x86_64", - "FUZZING_ENGINE=honggfuzz", - "FUZZING_LANGUAGE=c++", - "HOME=/root", - "OUT=/workspace/out/honggfuzz-address-x86_64", - "SANITIZER=address" - ], - "args": [ - "bash", - "-c", - "targets_list > /workspace/targets.list.address" - ] - }, - { - "name": "gcr.io/oss-fuzz/test-project", - "args": [ - "bash", - "-c", - "cd /workspace/out/honggfuzz-address-x86_64 && zip -r test-project-address-202001010000.zip *" - ] - }, - { - "name": "gcr.io/oss-fuzz-base/uploader", - "args": [ - "/workspace/srcmap.json", - "test_url" - ] - }, - { - "name": "gcr.io/oss-fuzz-base/uploader", - "args": [ - "/workspace/out/honggfuzz-address-x86_64/test-project-address-202001010000.zip", - "test_url" - ] - }, - { - "name": "gcr.io/oss-fuzz-base/uploader", - "args": [ - "/workspace/targets.list.address", - "test_url" - ] - }, - { - "name": "gcr.io/cloud-builders/curl", - "args": [ - "-H", - "Content-Type: text/plain", - "-X", - "PUT", - "-d", - "test-project-address-202001010000.zip", - "test_url" - ] - }, - { - "name": "gcr.io/oss-fuzz/test-project", - "args": [ - "bash", - "-c", - "rm -r /workspace/out/honggfuzz-address-x86_64" - ] - }, - { - "name": "gcr.io/oss-fuzz/test-project", - "env": [ - "ARCHITECTURE=x86_64", - "FUZZING_ENGINE=libfuzzer", - "FUZZING_LANGUAGE=c++", - "HOME=/root", - "OUT=/workspace/out/libfuzzer-address-x86_64", - "SANITIZER=address" - ], - "args": [ - "bash", - "-c", - "rm -r /out && cd /src && cd /src && mkdir -p /workspace/out/libfuzzer-address-x86_64 && compile || (echo \"********************************************************************************\nFailed to build.\nTo reproduce, run:\npython infra/helper.py build_image test-project\npython infra/helper.py build_fuzzers --sanitizer address --engine libfuzzer --architecture x86_64 test-project\n********************************************************************************\" && false)" - ], - "id": "compile-libfuzzer-address-x86_64" - }, - { - "name": "gcr.io/oss-fuzz-base/base-runner", - "env": [ - "ARCHITECTURE=x86_64", - "FUZZING_ENGINE=libfuzzer", - "FUZZING_LANGUAGE=c++", - "HOME=/root", - "OUT=/workspace/out/libfuzzer-address-x86_64", - "SANITIZER=address" - ], - "args": [ - "bash", - "-c", - "test_all.py || (echo \"********************************************************************************\nBuild checks failed.\nTo reproduce, run:\npython infra/helper.py build_image test-project\npython infra/helper.py build_fuzzers --sanitizer address --engine libfuzzer --architecture x86_64 test-project\npython infra/helper.py check_build --sanitizer address --engine libfuzzer --architecture x86_64 test-project\n********************************************************************************\" && false)" - ], - "id": "build-check-libfuzzer-address-x86_64" - }, - { - "name": "gcr.io/oss-fuzz-base/base-runner", - "env": [ - "ARCHITECTURE=x86_64", - "FUZZING_ENGINE=libfuzzer", - "FUZZING_LANGUAGE=c++", - "HOME=/root", - "OUT=/workspace/out/libfuzzer-address-x86_64", - "SANITIZER=address" - ], - "args": [ - "bash", - "-c", - "targets_list > /workspace/targets.list.address" - ] - }, - { - "name": "gcr.io/oss-fuzz/test-project", - "args": [ - "bash", - "-c", - "cd /workspace/out/libfuzzer-address-x86_64 && zip -r test-project-address-202001010000.zip *" - ] - }, - { - "name": "gcr.io/oss-fuzz-base/uploader", - "args": [ - "/workspace/srcmap.json", - "test_url" - ] - }, - { - "name": "gcr.io/oss-fuzz-base/uploader", - "args": [ - "/workspace/out/libfuzzer-address-x86_64/test-project-address-202001010000.zip", - "test_url" - ] - }, - { - "name": "gcr.io/oss-fuzz-base/uploader", - "args": [ - "/workspace/targets.list.address", - "test_url" - ] - }, - { - "name": "gcr.io/cloud-builders/curl", - "args": [ - "-H", - "Content-Type: text/plain", - "-X", - "PUT", - "-d", - "test-project-address-202001010000.zip", - "test_url" - ] - }, - { - "name": "gcr.io/oss-fuzz/test-project", - "args": [ - "bash", - "-c", - "rm -r /workspace/out/libfuzzer-address-x86_64" - ] - }, - { - "name": "gcr.io/oss-fuzz/test-project", - "env": [ - "ARCHITECTURE=i386", - "FUZZING_ENGINE=libfuzzer", - "FUZZING_LANGUAGE=c++", - "HOME=/root", - "OUT=/workspace/out/libfuzzer-address-i386", - "SANITIZER=address" - ], - "args": [ - "bash", - "-c", - "rm -r /out && cd /src && cd /src && mkdir -p /workspace/out/libfuzzer-address-i386 && compile || (echo \"********************************************************************************\nFailed to build.\nTo reproduce, run:\npython infra/helper.py build_image test-project\npython infra/helper.py build_fuzzers --sanitizer address --engine libfuzzer --architecture i386 test-project\n********************************************************************************\" && false)" - ], - "id": "compile-libfuzzer-address-i386" - }, - { - "name": "gcr.io/oss-fuzz-base/base-runner", - "env": [ - "ARCHITECTURE=i386", - "FUZZING_ENGINE=libfuzzer", - "FUZZING_LANGUAGE=c++", - "HOME=/root", - "OUT=/workspace/out/libfuzzer-address-i386", - "SANITIZER=address" - ], - "args": [ - "bash", - "-c", - "test_all.py || (echo \"********************************************************************************\nBuild checks failed.\nTo reproduce, run:\npython infra/helper.py build_image test-project\npython infra/helper.py build_fuzzers --sanitizer address --engine libfuzzer --architecture i386 test-project\npython infra/helper.py check_build --sanitizer address --engine libfuzzer --architecture i386 test-project\n********************************************************************************\" && false)" - ], - "id": "build-check-libfuzzer-address-i386" - }, - { - "name": "gcr.io/oss-fuzz-base/base-runner", - "env": [ - "ARCHITECTURE=i386", - "FUZZING_ENGINE=libfuzzer", - "FUZZING_LANGUAGE=c++", - "HOME=/root", - "OUT=/workspace/out/libfuzzer-address-i386", - "SANITIZER=address" - ], - "args": [ - "bash", - "-c", - "targets_list > /workspace/targets.list.address" - ] - }, - { - "name": "gcr.io/oss-fuzz/test-project", - "args": [ - "bash", - "-c", - "cd /workspace/out/libfuzzer-address-i386 && zip -r test-project-address-202001010000.zip *" - ] - }, - { - "name": "gcr.io/oss-fuzz-base/uploader", - "args": [ - "/workspace/srcmap.json", - "test_url" - ] - }, - { - "name": "gcr.io/oss-fuzz-base/uploader", - "args": [ - "/workspace/out/libfuzzer-address-i386/test-project-address-202001010000.zip", - "test_url" - ] - }, - { - "name": "gcr.io/oss-fuzz-base/uploader", - "args": [ - "/workspace/targets.list.address", - "test_url" - ] - }, - { - "name": "gcr.io/cloud-builders/curl", - "args": [ - "-H", - "Content-Type: text/plain", - "-X", - "PUT", - "-d", - "test-project-address-202001010000.zip", - "test_url" - ] - }, - { - "name": "gcr.io/oss-fuzz/test-project", - "args": [ - "bash", - "-c", - "rm -r /workspace/out/libfuzzer-address-i386" - ] - }, - { - "name": "gcr.io/oss-fuzz/test-project", - "env": [ - "ARCHITECTURE=x86_64", - "FUZZING_ENGINE=libfuzzer", - "FUZZING_LANGUAGE=c++", - "HOME=/root", - "OUT=/workspace/out/libfuzzer-memory-x86_64", - "SANITIZER=memory" - ], - "args": [ - "bash", - "-c", - "rm -r /out && cd /src && cd /src && mkdir -p /workspace/out/libfuzzer-memory-x86_64 && compile || (echo \"********************************************************************************\nFailed to build.\nTo reproduce, run:\npython infra/helper.py build_image test-project\npython infra/helper.py build_fuzzers --sanitizer memory --engine libfuzzer --architecture x86_64 test-project\n********************************************************************************\" && false)" - ], - "id": "compile-libfuzzer-memory-x86_64" - }, - { - "name": "gcr.io/oss-fuzz-base/base-runner", - "env": [ - "ARCHITECTURE=x86_64", - "FUZZING_ENGINE=libfuzzer", - "FUZZING_LANGUAGE=c++", - "HOME=/root", - "OUT=/workspace/out/libfuzzer-memory-x86_64", - "SANITIZER=memory" - ], - "args": [ - "bash", - "-c", - "test_all.py || (echo \"********************************************************************************\nBuild checks failed.\nTo reproduce, run:\npython infra/helper.py build_image test-project\npython infra/helper.py build_fuzzers --sanitizer memory --engine libfuzzer --architecture x86_64 test-project\npython infra/helper.py check_build --sanitizer memory --engine libfuzzer --architecture x86_64 test-project\n********************************************************************************\" && false)" - ], - "id": "build-check-libfuzzer-memory-x86_64" - }, - { - "name": "gcr.io/oss-fuzz-base/base-runner", - "env": [ - "ARCHITECTURE=x86_64", - "FUZZING_ENGINE=libfuzzer", - "FUZZING_LANGUAGE=c++", - "HOME=/root", - "OUT=/workspace/out/libfuzzer-memory-x86_64", - "SANITIZER=memory" - ], - "args": [ - "bash", - "-c", - "targets_list > /workspace/targets.list.memory" - ] - }, - { - "name": "gcr.io/oss-fuzz/test-project", - "args": [ - "bash", - "-c", - "cd /workspace/out/libfuzzer-memory-x86_64 && zip -r test-project-memory-202001010000.zip *" - ] - }, - { - "name": "gcr.io/oss-fuzz-base/uploader", - "args": [ - "/workspace/srcmap.json", - "test_url" - ] - }, - { - "name": "gcr.io/oss-fuzz-base/uploader", - "args": [ - "/workspace/out/libfuzzer-memory-x86_64/test-project-memory-202001010000.zip", - "test_url" - ] - }, - { - "name": "gcr.io/oss-fuzz-base/uploader", - "args": [ - "/workspace/targets.list.memory", - "test_url" - ] - }, - { - "name": "gcr.io/cloud-builders/curl", - "args": [ - "-H", - "Content-Type: text/plain", - "-X", - "PUT", - "-d", - "test-project-memory-202001010000.zip", - "test_url" - ] - }, - { - "name": "gcr.io/oss-fuzz/test-project", - "args": [ - "bash", - "-c", - "rm -r /workspace/out/libfuzzer-memory-x86_64" - ] - }, - { - "name": "gcr.io/oss-fuzz/test-project", - "env": [ - "ARCHITECTURE=x86_64", - "FUZZING_ENGINE=libfuzzer", - "FUZZING_LANGUAGE=c++", - "HOME=/root", - "OUT=/workspace/out/libfuzzer-undefined-x86_64", - "SANITIZER=undefined" - ], - "args": [ - "bash", - "-c", - "rm -r /out && cd /src && cd /src && mkdir -p /workspace/out/libfuzzer-undefined-x86_64 && compile || (echo \"********************************************************************************\nFailed to build.\nTo reproduce, run:\npython infra/helper.py build_image test-project\npython infra/helper.py build_fuzzers --sanitizer undefined --engine libfuzzer --architecture x86_64 test-project\n********************************************************************************\" && false)" - ], - "id": "compile-libfuzzer-undefined-x86_64" - }, - { - "name": "gcr.io/oss-fuzz-base/base-runner", - "env": [ - "ARCHITECTURE=x86_64", - "FUZZING_ENGINE=libfuzzer", - "FUZZING_LANGUAGE=c++", - "HOME=/root", - "OUT=/workspace/out/libfuzzer-undefined-x86_64", - "SANITIZER=undefined" - ], - "args": [ - "bash", - "-c", - "test_all.py || (echo \"********************************************************************************\nBuild checks failed.\nTo reproduce, run:\npython infra/helper.py build_image test-project\npython infra/helper.py build_fuzzers --sanitizer undefined --engine libfuzzer --architecture x86_64 test-project\npython infra/helper.py check_build --sanitizer undefined --engine libfuzzer --architecture x86_64 test-project\n********************************************************************************\" && false)" - ], - "id": "build-check-libfuzzer-undefined-x86_64" - }, - { - "name": "gcr.io/oss-fuzz-base/base-runner", - "env": [ - "ARCHITECTURE=x86_64", - "FUZZING_ENGINE=libfuzzer", - "FUZZING_LANGUAGE=c++", - "HOME=/root", - "OUT=/workspace/out/libfuzzer-undefined-x86_64", - "SANITIZER=undefined" - ], - "args": [ - "bash", - "-c", - "targets_list > /workspace/targets.list.undefined" - ] - }, - { - "name": "gcr.io/oss-fuzz/test-project", - "args": [ - "bash", - "-c", - "cd /workspace/out/libfuzzer-undefined-x86_64 && zip -r test-project-undefined-202001010000.zip *" - ] - }, - { - "name": "gcr.io/oss-fuzz-base/uploader", - "args": [ - "/workspace/srcmap.json", - "test_url" - ] - }, - { - "name": "gcr.io/oss-fuzz-base/uploader", - "args": [ - "/workspace/out/libfuzzer-undefined-x86_64/test-project-undefined-202001010000.zip", - "test_url" - ] - }, - { - "name": "gcr.io/oss-fuzz-base/uploader", - "args": [ - "/workspace/targets.list.undefined", - "test_url" - ] - }, - { - "name": "gcr.io/cloud-builders/curl", - "args": [ - "-H", - "Content-Type: text/plain", - "-X", - "PUT", - "-d", - "test-project-undefined-202001010000.zip", - "test_url" - ] - }, - { - "name": "gcr.io/oss-fuzz/test-project", - "args": [ - "bash", - "-c", - "rm -r /workspace/out/libfuzzer-undefined-x86_64" - ] - } -] diff --git a/infra/build/functions/test_utils.py b/infra/build/functions/test_utils.py index a093bcfa0..9aac8eac8 100644 --- a/infra/build/functions/test_utils.py +++ b/infra/build/functions/test_utils.py @@ -24,31 +24,16 @@ import requests DATASTORE_READY_INDICATOR = b'is now running' DATASTORE_EMULATOR_PORT = 8432 EMULATOR_TIMEOUT = 20 +TEST_PROJECT_ID = 'test-project' -FUNCTIONS_DIR = os.path.dirname(__file__) -OSS_FUZZ_DIR = os.path.dirname(os.path.dirname(os.path.dirname(FUNCTIONS_DIR))) -PROJECTS_DIR = os.path.join(OSS_FUZZ_DIR, 'projects') -FAKE_DATETIME = datetime.datetime(2020, 1, 1, 0, 0, 0) -IMAGE_PROJECT = 'oss-fuzz' -BASE_IMAGES_PROJECT = 'oss-fuzz-base' -PROJECT = 'test-project' -PROJECT_DIR = os.path.join(PROJECTS_DIR, PROJECT) +# pylint: disable=arguments-differ +class SpoofedDatetime(datetime.datetime): + """Mocking Datetime class for now() function.""" - -def create_project_data(project, - project_yaml_contents, - dockerfile_contents='test line'): - """Creates a project.yaml with |project_yaml_contents| and a Dockerfile with - |dockerfile_contents| for |project|.""" - project_dir = os.path.join(PROJECTS_DIR, project) - project_yaml_path = os.path.join(project_dir, 'project.yaml') - with open(project_yaml_path, 'w') as project_yaml_handle: - project_yaml_handle.write(project_yaml_contents) - - dockerfile_path = os.path.join(project_dir, 'Dockerfile') - with open(dockerfile_path, 'w') as dockerfile_handle: - dockerfile_handle.write(dockerfile_contents) + @classmethod + def now(cls): + return datetime.datetime(2020, 1, 1, 0, 0, 0) def start_datastore_emulator(): @@ -61,7 +46,7 @@ def start_datastore_emulator(): 'start', '--consistency=1.0', '--host-port=localhost:' + str(DATASTORE_EMULATOR_PORT), - '--project=' + PROJECT, + '--project=' + TEST_PROJECT_ID, '--no-store-on-disk', ], stdout=subprocess.PIPE, @@ -91,13 +76,15 @@ def wait_for_emulator_ready(proc, thread.daemon = True thread.start() if not ready_event.wait(timeout): - raise RuntimeError(f'{emulator} emulator did not get ready in time.') + raise RuntimeError( + '{} emulator did not get ready in time.'.format(emulator)) return thread def reset_ds_emulator(): """Reset ds emulator/clean all entities.""" - req = requests.post(f'http://localhost:{DATASTORE_EMULATOR_PORT}/reset') + req = requests.post( + 'http://localhost:{}/reset'.format(DATASTORE_EMULATOR_PORT)) req.raise_for_status() @@ -111,12 +98,7 @@ def set_gcp_environment(): """Set environment variables for simulating in google cloud platform.""" os.environ['DATASTORE_EMULATOR_HOST'] = 'localhost:' + str( DATASTORE_EMULATOR_PORT) - os.environ['GOOGLE_CLOUD_PROJECT'] = PROJECT - os.environ['DATASTORE_DATASET'] = PROJECT - os.environ['GCP_PROJECT'] = PROJECT + os.environ['GOOGLE_CLOUD_PROJECT'] = TEST_PROJECT_ID + os.environ['DATASTORE_DATASET'] = TEST_PROJECT_ID + os.environ['GCP_PROJECT'] = TEST_PROJECT_ID os.environ['FUNCTION_REGION'] = 'us-central1' - - -def get_test_data_file_path(filename): - """Returns the path to a test data file with name |filename|.""" - return os.path.join(os.path.dirname(__file__), 'test_data', filename) diff --git a/infra/build/functions/update_build_status.py b/infra/build/functions/update_build_status.py index 927216628..af65a41ab 100644 --- a/infra/build/functions/update_build_status.py +++ b/infra/build/functions/update_build_status.py @@ -145,8 +145,8 @@ def get_build_history(build_ids): } if not upload_log(build_id): - log_name = f'log-{build_id}' - raise MissingBuildLogError(f'Missing build log file {log_name}') + log_name = 'log-{0}'.format(build_id) + raise MissingBuildLogError('Missing build log file {0}'.format(log_name)) history.append({ 'build_id': build_id, @@ -203,15 +203,19 @@ def update_build_badges(project, last_build_successful, if not last_build_successful: badge = 'failing' - print(f'[badge] {project}: {badge}') + print("[badge] {}: {}".format(project, badge)) for extension in BADGE_IMAGE_TYPES: - badge_name = f'{badge}.{extension}' + badge_name = '{badge}.{extension}'.format(badge=badge, extension=extension) # Copy blob from badge_images/badge_name to badges/project/ - blob_name = f'{BADGE_DIR}/{badge_name}' + blob_name = '{badge_dir}/{badge_name}'.format(badge_dir=BADGE_DIR, + badge_name=badge_name) - destination_blob_name = f'{DESTINATION_BADGE_DIR}/{project}.{extension}' + destination_blob_name = '{badge_dir}/{project_name}.{extension}'.format( + badge_dir=DESTINATION_BADGE_DIR, + project_name=project, + extension=extension) status_bucket = get_storage_client().get_bucket(STATUS_BUCKET) badge_blob = status_bucket.blob(blob_name) @@ -224,12 +228,12 @@ def upload_log(build_id): """Upload log file to GCS.""" status_bucket = get_storage_client().get_bucket(STATUS_BUCKET) gcb_bucket = get_storage_client().get_bucket(build_project.GCB_LOGS_BUCKET) - log_name = f'log-{build_id}.txt' + log_name = 'log-{0}.txt'.format(build_id) log = gcb_bucket.blob(log_name) dest_log = status_bucket.blob(log_name) if not log.exists(): - print('Failed to find build log', log_name, file=sys.stderr) + print('Failed to find build log {0}'.format(log_name), file=sys.stderr) return False if dest_log.exists(): @@ -254,10 +258,10 @@ def update_status(event, context): return if status_type == 'fuzzing': - tag = build_project.FUZZING_BUILD_TYPE + tag = build_project.FUZZING_BUILD_TAG status_filename = FUZZING_STATUS_FILENAME elif status_type == 'coverage': - tag = build_and_run_coverage.COVERAGE_BUILD_TYPE + tag = build_and_run_coverage.COVERAGE_BUILD_TAG status_filename = COVERAGE_STATUS_FILENAME else: raise RuntimeError('Invalid build status type ' + status_type) diff --git a/infra/build/functions/update_build_status_test.py b/infra/build/functions/update_build_status_test.py index 24a32f676..6784fac2d 100644 --- a/infra/build/functions/update_build_status_test.py +++ b/infra/build/functions/update_build_status_test.py @@ -56,14 +56,14 @@ class MockGetBuild: class TestGetBuildHistory(unittest.TestCase): """Unit tests for get_build_history.""" - def test_get_build_history(self, mock_upload_log, mock_cloud_build, - mock_google_auth): + def test_get_build_history(self, mocked_upload_log, mocked_cloud_build, + mocked_google_auth): """Test for get_build_steps.""" - del mock_cloud_build, mock_google_auth - mock_upload_log.return_value = True + del mocked_cloud_build, mocked_google_auth + mocked_upload_log.return_value = True builds = [{'build_id': '1', 'finishTime': 'test_time', 'status': 'SUCCESS'}] - mock_get_build = MockGetBuild(builds) - update_build_status.get_build = mock_get_build.get_build + mocked_get_build = MockGetBuild(builds) + update_build_status.get_build = mocked_get_build.get_build expected_projects = { 'history': [{ @@ -79,26 +79,27 @@ class TestGetBuildHistory(unittest.TestCase): self.assertDictEqual(update_build_status.get_build_history(['1']), expected_projects) - def test_get_build_history_missing_log(self, mock_upload_log, - mock_cloud_build, mock_google_auth): + def test_get_build_history_missing_log(self, mocked_upload_log, + mocked_cloud_build, + mocked_google_auth): """Test for missing build log file.""" - del mock_cloud_build, mock_google_auth + del mocked_cloud_build, mocked_google_auth builds = [{'build_id': '1', 'finishTime': 'test_time', 'status': 'SUCCESS'}] - mock_get_build = MockGetBuild(builds) - update_build_status.get_build = mock_get_build.get_build - mock_upload_log.return_value = False + mocked_get_build = MockGetBuild(builds) + update_build_status.get_build = mocked_get_build.get_build + mocked_upload_log.return_value = False self.assertRaises(update_build_status.MissingBuildLogError, update_build_status.get_build_history, ['1']) - def test_get_build_history_no_last_success(self, mock_upload_log, - mock_cloud_build, - mock_google_auth): + def test_get_build_history_no_last_success(self, mocked_upload_log, + mocked_cloud_build, + mocked_google_auth): """Test when there is no last successful build.""" - del mock_cloud_build, mock_google_auth + del mocked_cloud_build, mocked_google_auth builds = [{'build_id': '1', 'finishTime': 'test_time', 'status': 'FAILURE'}] - mock_get_build = MockGetBuild(builds) - update_build_status.get_build = mock_get_build.get_build - mock_upload_log.return_value = True + mocked_get_build = MockGetBuild(builds) + update_build_status.get_build = mocked_get_build.get_build + mocked_upload_log.return_value = True expected_projects = { 'history': [{ @@ -228,12 +229,12 @@ class TestUpdateBuildStatus(unittest.TestCase): @mock.patch('google.auth.default', return_value=['temp', 'temp']) @mock.patch('update_build_status.build', return_value='cloudbuild') @mock.patch('update_build_status.upload_log') - def test_update_build_status(self, mock_upload_log, mock_cloud_build, - mock_google_auth): + def test_update_build_status(self, mocked_upload_log, mocked_cloud_build, + mocked_google_auth): """Testing update build status as a whole.""" - del self, mock_cloud_build, mock_google_auth + del self, mocked_cloud_build, mocked_google_auth update_build_status.upload_status = MagicMock() - mock_upload_log.return_value = True + mocked_upload_log.return_value = True status_filename = 'status.json' with ndb.Client().context(): BuildsHistory(id='test-project-1-fuzzing', @@ -263,8 +264,8 @@ class TestUpdateBuildStatus(unittest.TestCase): 'build_id': '3', 'status': 'WORKING' }] - mock_get_build = MockGetBuild(builds) - update_build_status.get_build = mock_get_build.get_build + mocked_get_build = MockGetBuild(builds) + update_build_status.get_build = mocked_get_build.get_build expected_data = { 'projects': [{ diff --git a/infra/build_and_push_test_images.py b/infra/build_and_push_test_images.py deleted file mode 100755 index 44c65ae2c..000000000 --- a/infra/build_and_push_test_images.py +++ /dev/null @@ -1,92 +0,0 @@ -#! /usr/bin/env python3 -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -"""Script for building and pushing base-images to gcr.io/oss-fuzz-base/ with -"-test" suffix. This is useful for reusing the build infra to test image -changes.""" -import logging -import multiprocessing -import os -import subprocess -import sys - -TAG_PREFIX = 'gcr.io/oss-fuzz-base/' -INFRA_DIR = os.path.dirname(__file__) -IMAGES_DIR = os.path.join(INFRA_DIR, 'base-images') - - -def push_image(tag): - """Pushes image with |tag| to docker registry.""" - logging.info('Pushing: %s', tag) - command = ['docker', 'push', tag] - subprocess.run(command, check=True) - logging.info('Pushed: %s', tag) - - -def build_and_push_image(image, test_image_suffix): - """Builds and pushes |image| to docker registry with "-testing" suffix.""" - main_tag = TAG_PREFIX + image - testing_tag = main_tag + '-' + test_image_suffix - tags = [main_tag, testing_tag] - build_image(image, tags) - push_image(testing_tag) - - -def build_image(image, tags): - """Builds |image| and tags it with |tags|.""" - logging.info('Building: %s', image) - command = ['docker', 'build'] - for tag in tags: - command.extend(['--tag', tag]) - path = os.path.join(IMAGES_DIR, image) - command.append(path) - subprocess.run(command, check=True) - logging.info('Built: %s', image) - - -def build_and_push_images(test_image_suffix): - """Builds and pushes base-images.""" - images = [ - ['base-image'], - ['base-clang'], - # base-runner is also dependent on base-clang. - ['base-builder', 'base-runner'], - [ - 'base-runner-debug', 'base-builder-go', 'base-builder-jvm', - 'base-builder-python', 'base-builder-rust', 'base-builder-swift' - ], - ] - max_parallelization = max([len(image_list) for image_list in images]) - proc_count = min(multiprocessing.cpu_count(), max_parallelization) - logging.info('Using %d parallel processes.', proc_count) - pool = multiprocessing.Pool(proc_count) - for image_list in images: - args_list = [(image, test_image_suffix) for image in image_list] - pool.starmap(build_and_push_image, args_list) - - -def main(): - """"Builds base-images tags them with "-testing" suffix (in addition to normal - tag) and pushes testing suffixed images to docker registry.""" - test_image_suffix = sys.argv[1] - logging.basicConfig(level=logging.DEBUG) - logging.info('Doing simple gcloud command to ensure 2FA passes.') - subprocess.run(['gcloud', 'projects', 'list', '--limit=1'], check=True) - build_and_push_images(test_image_suffix) - - -if __name__ == '__main__': - main() diff --git a/infra/build_fuzzers.Dockerfile b/infra/build_fuzzers.Dockerfile index 77a34ae40..df06ff754 100644 --- a/infra/build_fuzzers.Dockerfile +++ b/infra/build_fuzzers.Dockerfile @@ -13,8 +13,7 @@ # limitations under the License. # ################################################################################ -# Docker image to run fuzzers for CIFuzz (the run_fuzzers action on GitHub -# actions). +# Docker image to run the CIFuzz action build_fuzzers in. FROM gcr.io/oss-fuzz-base/cifuzz-base @@ -23,9 +22,5 @@ FROM gcr.io/oss-fuzz-base/cifuzz-base # just expand to '/opt/oss-fuzz'. ENTRYPOINT ["python3", "/opt/oss-fuzz/infra/cifuzz/build_fuzzers_entrypoint.py"] -WORKDIR ${OSS_FUZZ_ROOT}/infra - # Update infra source code. ADD . ${OSS_FUZZ_ROOT}/infra - -RUN python3 -m pip install -r ${OSS_FUZZ_ROOT}/infra/cifuzz/requirements.txt
\ No newline at end of file diff --git a/infra/build_specified_commit.py b/infra/build_specified_commit.py index d7b667004..b2130ea85 100644 --- a/infra/build_specified_commit.py +++ b/infra/build_specified_commit.py @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -"""Module to build a image from a specific commit, branch or pull request. +"""Module to build a image from a specific commit, branch or pull request This module is allows each of the OSS Fuzz projects fuzzers to be built from a specific point in time. This feature can be used for implementations @@ -147,7 +147,7 @@ def copy_src_from_docker(project_name, host_dir): @retry.wrap(_IMAGE_BUILD_TRIES, 2) def _build_image_with_retries(project_name): """Build image with retries.""" - return helper.build_image_impl(helper.Project(project_name)) + return helper.build_image_impl(project_name) def get_required_post_checkout_steps(dockerfile_path): @@ -223,16 +223,15 @@ def build_fuzzers_from_commit(commit, post_checkout_step, ]) - project = helper.Project(build_data.project_name) - result = helper.build_fuzzers_impl(project=project, + result = helper.build_fuzzers_impl(project_name=build_data.project_name, clean=True, engine=build_data.engine, sanitizer=build_data.sanitizer, architecture=build_data.architecture, env_to_add=None, source_path=host_src_path, - mount_path='/src') - if result or i == num_retry: + mount_location='/src') + if result == 0 or i == num_retry: break # Retry with an OSS-Fuzz builder container that's closer to the project @@ -286,7 +285,7 @@ def build_fuzzers_from_commit(commit, cleanup() cleanup() - return result + return result == 0 def detect_main_repo(project_name, repo_name=None, commit=None): @@ -298,9 +297,10 @@ def detect_main_repo(project_name, repo_name=None, commit=None): project_name: The name of the oss-fuzz project. repo_name: The name of the main repo in an OSS-Fuzz project. commit: A commit SHA that is associated with the main repo. + src_dir: The location of the projects source on the docker image. Returns: - A tuple containing (the repo's origin, the repo's path). + The repo's origin, the repo's path. """ if not repo_name and not commit: diff --git a/infra/build_specified_commit_test.py b/infra/build_specified_commit_test.py index 00f50947f..a86504580 100644 --- a/infra/build_specified_commit_test.py +++ b/infra/build_specified_commit_test.py @@ -16,6 +16,7 @@ The will consist of the following functional tests: 1. The inference of the main repo for a specific project. 2. The building of a projects fuzzers from a specific commit. +IMPORTANT: This test needs to be run with root privileges. """ import os import tempfile @@ -26,7 +27,7 @@ import helper import repo_manager import test_repos -# necessary because __file__ changes with os.chdir +# Necessary because __file__ changes with os.chdir TEST_DIR_PATH = os.path.dirname(os.path.realpath(__file__)) @@ -44,39 +45,32 @@ class BuildImageIntegrationTest(unittest.TestCase): should not. """ with tempfile.TemporaryDirectory() as tmp_dir: - test_repo = test_repos.TEST_REPOS[1] - self.assertTrue(helper.build_image_impl(test_repo.project_name)) + test_case = test_repos.TEST_REPOS[1] + self.assertTrue(helper.build_image_impl(test_case.project_name)) host_src_dir = build_specified_commit.copy_src_from_docker( - test_repo.project_name, tmp_dir) + test_case.project_name, tmp_dir) test_repo_manager = repo_manager.clone_repo_and_get_manager( - test_repo.git_url, host_src_dir, test_repo.oss_repo_name) + test_case.git_url, host_src_dir, test_case.oss_repo_name) build_data = build_specified_commit.BuildData( sanitizer='address', architecture='x86_64', engine='libfuzzer', - project_name=test_repo.project_name) + project_name=test_case.project_name) - build_specified_commit.build_fuzzers_from_commit(test_repo.old_commit, + build_specified_commit.build_fuzzers_from_commit(test_case.old_commit, test_repo_manager, host_src_dir, build_data) - project = helper.Project(test_repo.project_name) - old_result = helper.reproduce_impl(project=project, - fuzzer_name=test_repo.fuzz_target, - valgrind=False, - env_to_add=[], - fuzzer_args=[], - testcase_path=test_repo.testcase_path) - build_specified_commit.build_fuzzers_from_commit(test_repo.project_name, + old_error_code = helper.reproduce_impl(test_case.project_name, + test_case.fuzz_target, False, [], + [], test_case.test_case_path) + build_specified_commit.build_fuzzers_from_commit(test_case.new_commit, test_repo_manager, host_src_dir, build_data) - new_result = helper.reproduce_impl(project=project, - fuzzer_name=test_repo.fuzz_target, - valgrind=False, - env_to_add=[], - fuzzer_args=[], - testcase_path=test_repo.testcase_path) - self.assertNotEqual(new_result, old_result) + new_error_code = helper.reproduce_impl(test_case.project_name, + test_case.fuzz_target, False, [], + [], test_case.test_case_path) + self.assertNotEqual(new_error_code, old_error_code) def test_detect_main_repo_from_commit(self): """Test the detect main repo function from build specific commit module.""" diff --git a/infra/ci/build.py b/infra/ci/build.py index 7a02d6001..addeb7879 100755 --- a/infra/ci/build.py +++ b/infra/ci/build.py @@ -25,22 +25,20 @@ import sys import subprocess import yaml -# pylint: disable=wrong-import-position,import-error -sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) - -import constants - CANARY_PROJECT = 'skcms' DEFAULT_ARCHITECTURES = ['x86_64'] DEFAULT_ENGINES = ['afl', 'honggfuzz', 'libfuzzer'] DEFAULT_SANITIZERS = ['address', 'undefined'] +# Languages from project.yaml that have code coverage support. +LANGUAGES_WITH_COVERAGE_SUPPORT = ['c', 'c++', 'go', 'rust'] + def get_changed_files_output(): """Returns the output of a git command that discovers changed files.""" branch_commit_hash = subprocess.check_output( - ['git', 'merge-base', 'HEAD', 'origin/HEAD']).strip().decode() + ['git', 'merge-base', 'FETCH_HEAD', 'origin/HEAD']).strip().decode() return subprocess.check_output( ['git', 'diff', '--name-only', branch_commit_hash + '..']).decode() @@ -114,7 +112,7 @@ def should_build_coverage(project_yaml): return False language = project_yaml.get('language') - if language not in constants.LANGUAGES_WITH_COVERAGE_SUPPORT: + if language not in LANGUAGES_WITH_COVERAGE_SUPPORT: print(('Project is written in "{language}", ' 'coverage is not supported yet.').format(language=language)) return False @@ -215,16 +213,11 @@ def build_base_images(): images = [ 'base-image', 'base-builder', - 'base-builder-go', - 'base-builder-jvm', - 'base-builder-python', - 'base-builder-rust', - 'base-builder-swift', 'base-runner', ] for image in images: try: - execute_helper_command(['build_image', image, '--no-pull', '--cache']) + execute_helper_command(['build_image', image, '--no-pull']) except subprocess.CalledProcessError: return 1 @@ -246,7 +239,6 @@ def build_canary_project(): def main(): """Build modified projects or canary project.""" - os.environ['OSS_FUZZ_CI'] = '1' infra_changed = is_infra_changed() if infra_changed: print('Pulling and building base images first.') diff --git a/infra/ci/requirements.txt b/infra/ci/requirements.txt index 310ba53e8..f0a8be0b5 100644 --- a/infra/ci/requirements.txt +++ b/infra/ci/requirements.txt @@ -6,5 +6,3 @@ pytest==6.2.1 pytest-xdist==2.2.0 PyYAML==5.4 yapf==0.30.0 -# Needed for cifuzz tests. -Jinja2==2.11.3 diff --git a/infra/cifuzz/actions/build_fuzzers/action.yml b/infra/cifuzz/actions/build_fuzzers/action.yml index 5cc35a15f..835b7b430 100644 --- a/infra/cifuzz/actions/build_fuzzers/action.yml +++ b/infra/cifuzz/actions/build_fuzzers/action.yml @@ -21,6 +21,9 @@ inputs: project-src-path: description: "The path to the project's source code checkout." required: false + build-integration-path: + description: "The path to the the project's build integration." + required: false bad-build-check: description: "Whether or not OSS-Fuzz's check for bad builds should be done." required: false @@ -35,5 +38,6 @@ runs: ALLOWED_BROKEN_TARGETS_PERCENTAGE: ${{ inputs.allowed-broken-targets-percentage}} SANITIZER: ${{ inputs.sanitizer }} PROJECT_SRC_PATH: ${{ inputs.project-src-path }} + BUILD_INTEGRATION_PATH: ${{ inputs.build-integration-path }} LOW_DISK_SPACE: 'True' BAD_BUILD_CHECK: ${{ inputs.bad-build-check }} diff --git a/infra/cifuzz/actions/run_fuzzers/action.yml b/infra/cifuzz/actions/run_fuzzers/action.yml index b56dbce3d..d1c03c833 100644 --- a/infra/cifuzz/actions/run_fuzzers/action.yml +++ b/infra/cifuzz/actions/run_fuzzers/action.yml @@ -19,6 +19,9 @@ inputs: sanitizer: description: 'The sanitizer to run the fuzzers with.' default: 'address' + build-integration-path: + description: "The path to the the project's build integration." + required: false run-fuzzers-mode: description: | The mode to run the fuzzers with ("ci" or "batch"). @@ -27,18 +30,6 @@ inputs: "batch" is in alpha and should not be used in production. required: false default: 'ci' - github-token: - description: | - Token for GitHub API. WARNING: THIS SHOULD NOT BE USED IN PRODUCTION YET - You should use "secrets.GITHUB_TOKEN" in your workflow file, do not - hardcode the token. - TODO(https://github.com/google/oss-fuzz/pull/5841#discussion_r639393361): - Document locking this down. - required: false - report-unreproducible-crashes: - description: 'If True, then unreproducible crashes will be reported by CIFuzz.' - required: false - default: false runs: using: 'docker' image: '../../../run_fuzzers.Dockerfile' @@ -49,6 +40,8 @@ runs: DRY_RUN: ${{ inputs.dry-run}} SANITIZER: ${{ inputs.sanitizer }} RUN_FUZZERS_MODE: ${{ inputs.run-fuzzers-mode }} - GITHUB_TOKEN: ${{ inputs.github-token }} + # TODO(metzman): Even though this param is used for building, it's needed + # for running because we use it to distinguish OSS-Fuzz from non-OSS-Fuzz. + # We should do something explicit instead. + BUILD_INTEGRATION_PATH: ${{ inputs.build-integration-path }} LOW_DISK_SPACE: 'True' - REPORT_UNREPRODUCIBLE_CRASHES: ${{ inputs.report-unreproducible-crashes }} diff --git a/infra/cifuzz/affected_fuzz_targets.py b/infra/cifuzz/affected_fuzz_targets.py index be35c5cc5..f9f2242a3 100644 --- a/infra/cifuzz/affected_fuzz_targets.py +++ b/infra/cifuzz/affected_fuzz_targets.py @@ -17,17 +17,19 @@ import logging import os import sys +import coverage + # pylint: disable=wrong-import-position,import-error sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) import utils -def remove_unaffected_fuzz_targets(clusterfuzz_deployment, out_dir, - files_changed, repo_path): +def remove_unaffected_fuzz_targets(project_name, out_dir, files_changed, + repo_path): """Removes all non affected fuzz targets in the out directory. Args: - clusterfuzz_deployment: The ClusterFuzz deployment object. + project_name: The name of the relevant OSS-Fuzz project. out_dir: The location of the fuzz target binaries. files_changed: A list of files changed compared to HEAD. repo_path: The location of the OSS-Fuzz repo in the docker image. @@ -36,6 +38,7 @@ def remove_unaffected_fuzz_targets(clusterfuzz_deployment, out_dir, targets are unaffected. For example, this means that fuzz targets which don't have coverage data on will not be deleted. """ + # TODO(metzman): Make this use clusterfuzz deployment. if not files_changed: # Don't remove any fuzz targets if there is no difference from HEAD. logging.info('No files changed compared to HEAD.') @@ -49,13 +52,14 @@ def remove_unaffected_fuzz_targets(clusterfuzz_deployment, out_dir, logging.error('No fuzz targets found in out dir.') return - coverage = clusterfuzz_deployment.get_coverage(repo_path) - if not coverage: + coverage_getter = coverage.OssFuzzCoverageGetter(project_name, repo_path) + if not coverage_getter.fuzzer_stats_url: # Don't remove any fuzz targets unless we have data. logging.error('Could not find latest coverage report.') return - affected_fuzz_targets = get_affected_fuzz_targets(coverage, fuzz_target_paths, + affected_fuzz_targets = get_affected_fuzz_targets(coverage_getter, + fuzz_target_paths, files_changed) if not affected_fuzz_targets: @@ -75,11 +79,11 @@ def remove_unaffected_fuzz_targets(clusterfuzz_deployment, out_dir, fuzz_target_path) -def is_fuzz_target_affected(coverage, fuzz_target_path, files_changed): +def is_fuzz_target_affected(coverage_getter, fuzz_target_path, files_changed): """Returns True if a fuzz target (|fuzz_target_path|) is affected by |files_changed|.""" fuzz_target = os.path.basename(fuzz_target_path) - covered_files = coverage.get_files_covered_by_target(fuzz_target) + covered_files = coverage_getter.get_files_covered_by_target(fuzz_target) if not covered_files: # Assume a fuzz target is affected if we can't get its coverage from # OSS-Fuzz. @@ -100,11 +104,13 @@ def is_fuzz_target_affected(coverage, fuzz_target_path, files_changed): return False -def get_affected_fuzz_targets(coverage, fuzz_target_paths, files_changed): +def get_affected_fuzz_targets(coverage_getter, fuzz_target_paths, + files_changed): """Returns a list of paths of affected targets.""" affected_fuzz_targets = set() for fuzz_target_path in fuzz_target_paths: - if is_fuzz_target_affected(coverage, fuzz_target_path, files_changed): + if is_fuzz_target_affected(coverage_getter, fuzz_target_path, + files_changed): affected_fuzz_targets.add(fuzz_target_path) return affected_fuzz_targets diff --git a/infra/cifuzz/affected_fuzz_targets_test.py b/infra/cifuzz/affected_fuzz_targets_test.py index 823654d11..05f27c072 100644 --- a/infra/cifuzz/affected_fuzz_targets_test.py +++ b/infra/cifuzz/affected_fuzz_targets_test.py @@ -21,9 +21,6 @@ from unittest import mock import parameterized import affected_fuzz_targets -import clusterfuzz_deployment -import test_helpers -import workspace_utils # pylint: disable=protected-access @@ -33,15 +30,15 @@ EXAMPLE_PROJECT = 'example' EXAMPLE_FILE_CHANGED = 'test.txt' -TEST_DATA_OUT_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)), - 'test_data', 'build-out') +TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)), + 'test_data') class RemoveUnaffectedFuzzTargets(unittest.TestCase): """Tests remove_unaffected_fuzzers.""" - TEST_FUZZER_1 = os.path.join(TEST_DATA_OUT_PATH, 'example_crash_fuzzer') - TEST_FUZZER_2 = os.path.join(TEST_DATA_OUT_PATH, 'example_nocrash_fuzzer') + TEST_FUZZER_1 = os.path.join(TEST_DATA_PATH, 'out', 'example_crash_fuzzer') + TEST_FUZZER_2 = os.path.join(TEST_DATA_PATH, 'out', 'example_nocrash_fuzzer') # yapf: disable @parameterized.parameterized.expand([ @@ -60,27 +57,18 @@ class RemoveUnaffectedFuzzTargets(unittest.TestCase): # yapf: enable def test_remove_unaffected_fuzz_targets(self, side_effect, expected_dir_len): """Tests that remove_unaffected_fuzzers has the intended effect.""" - config = test_helpers.create_run_config( - is_github=True, - oss_fuzz_project_name=EXAMPLE_PROJECT, - workspace='/workspace') - workspace = workspace_utils.Workspace(config) - deployment = clusterfuzz_deployment.get_clusterfuzz_deployment( - config, workspace) # We can't use fakefs in this test because this test executes # utils.is_fuzz_target_local. This function relies on the executable bit # being set, which doesn't work properly in fakefs. with tempfile.TemporaryDirectory() as tmp_dir, mock.patch( - 'get_coverage.OSSFuzzCoverage.get_files_covered_by_target' - ) as mock_get_files: - with mock.patch('get_coverage._get_oss_fuzz_fuzzer_stats_dir_url', - return_value=1): - mock_get_files.side_effect = side_effect + 'coverage.OssFuzzCoverageGetter.get_files_covered_by_target' + ) as mocked_get_files: + with mock.patch('coverage._get_fuzzer_stats_dir_url', return_value=1): + mocked_get_files.side_effect = side_effect shutil.copy(self.TEST_FUZZER_1, tmp_dir) shutil.copy(self.TEST_FUZZER_2, tmp_dir) - affected_fuzz_targets.remove_unaffected_fuzz_targets( - deployment, tmp_dir, [EXAMPLE_FILE_CHANGED], '') + EXAMPLE_PROJECT, tmp_dir, [EXAMPLE_FILE_CHANGED], '') self.assertEqual(expected_dir_len, len(os.listdir(tmp_dir))) diff --git a/infra/cifuzz/base_runner_utils.py b/infra/cifuzz/base_runner_utils.py deleted file mode 100644 index 246375481..000000000 --- a/infra/cifuzz/base_runner_utils.py +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Utilities for scripts from gcr.io/oss-fuzz-base/base-runner.""" - -import os - -import config_utils - - -def get_env(config, workspace): - """Returns a dictionary containing the current environment with additional env - vars set to values needed to run a fuzzer.""" - env = os.environ.copy() - env['SANITIZER'] = config.sanitizer - env['FUZZING_LANGUAGE'] = config.language - env['OUT'] = workspace.out - env['CIFUZZ'] = 'True' - env['FUZZING_ENGINE'] = config_utils.DEFAULT_ENGINE - env['ARCHITECTURE'] = config_utils.DEFAULT_ARCHITECTURE - # Do this so we don't fail in tests. - env['FUZZER_ARGS'] = '-rss_limit_mb=2560 -timeout=25' - return env diff --git a/infra/cifuzz/build_fuzzers.py b/infra/cifuzz/build_fuzzers.py index 6722be5e9..78180b52b 100644 --- a/infra/cifuzz/build_fuzzers.py +++ b/infra/cifuzz/build_fuzzers.py @@ -19,17 +19,18 @@ import os import sys import affected_fuzz_targets -import base_runner_utils -import clusterfuzz_deployment import continuous_integration import docker -import workspace_utils # pylint: disable=wrong-import-position,import-error sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) import helper import utils +# Default fuzz configuration. +DEFAULT_ENGINE = 'libfuzzer' +DEFAULT_ARCHITECTURE = 'x86_64' + logging.basicConfig( format='%(asctime)s - %(name)s - %(levelname)s - %(message)s', level=logging.DEBUG) @@ -54,82 +55,89 @@ class Builder: # pylint: disable=too-many-instance-attributes def __init__(self, config, ci_system): self.config = config self.ci_system = ci_system - self.workspace = workspace_utils.Workspace(config) - self.workspace.initialize_dir(self.workspace.out) - self.workspace.initialize_dir(self.workspace.work) - self.clusterfuzz_deployment = ( - clusterfuzz_deployment.get_clusterfuzz_deployment( - self.config, self.workspace)) + self.out_dir = os.path.join(config.workspace, 'out') + os.makedirs(self.out_dir, exist_ok=True) + self.work_dir = os.path.join(config.workspace, 'work') + os.makedirs(self.work_dir, exist_ok=True) self.image_repo_path = None self.host_repo_path = None self.repo_manager = None def build_image_and_checkout_src(self): """Builds the project builder image and checkout source code for the patch - we want to fuzz (if necessary). Returns True on success.""" + we want to fuzz (if necessary). Returns True on success. + Must be implemented by child classes.""" result = self.ci_system.prepare_for_fuzzer_build() if not result.success: return False self.image_repo_path = result.image_repo_path self.repo_manager = result.repo_manager - logging.info('repo_dir: %s.', self.repo_manager.repo_dir) self.host_repo_path = self.repo_manager.repo_dir return True def build_fuzzers(self): """Moves the source code we want to fuzz into the project builder and builds the fuzzers from that source code. Returns True on success.""" - docker_args, docker_container = docker.get_base_docker_run_args( - self.workspace, self.config.sanitizer, self.config.language, - self.config.docker_in_docker) - if not docker_container: + docker_args = get_common_docker_args(self.config.sanitizer, + self.config.language) + container = utils.get_container_name() + + if container: + docker_args.extend( + _get_docker_build_fuzzers_args_container(self.out_dir, container)) + else: docker_args.extend( - _get_docker_build_fuzzers_args_not_container(self.host_repo_path)) + _get_docker_build_fuzzers_args_not_container(self.out_dir, + self.host_repo_path)) + + if self.config.sanitizer == 'memory': + docker_args.extend(_get_docker_build_fuzzers_args_msan(self.work_dir)) + self.handle_msan_prebuild(container) docker_args.extend([ - docker.get_project_image_name(self.config.oss_fuzz_project_name), + docker.get_project_image_name(self.config.project_name), '/bin/bash', '-c', ]) - build_command = self.ci_system.get_build_command(self.host_repo_path, - self.image_repo_path) - docker_args.append(build_command) + rm_path = os.path.join(self.image_repo_path, '*') + image_src_path = os.path.dirname(self.image_repo_path) + bash_command = 'rm -rf {0} && cp -r {1} {2} && compile'.format( + rm_path, self.host_repo_path, image_src_path) + docker_args.append(bash_command) logging.info('Building with %s sanitizer.', self.config.sanitizer) - - # TODO(metzman): Stop using helper.docker_run so we can get rid of - # docker.get_base_docker_run_args and merge its contents into - # docker.get_base_docker_run_command. - if not helper.docker_run(docker_args): + if helper.docker_run(docker_args): + # docker_run returns nonzero on failure. logging.error('Building fuzzers failed.') return False + if self.config.sanitizer == 'memory': + self.handle_msan_postbuild(container) return True - def upload_build(self): - """Upload build.""" - if self.config.upload_build: - self.clusterfuzz_deployment.upload_build( - self.repo_manager.get_current_commit()) - - return True - - def check_fuzzer_build(self): - """Checks the fuzzer build. Returns True on success or if config specifies - to skip check.""" - if not self.config.bad_build_check: - return True + def handle_msan_postbuild(self, container): + """Post-build step for MSAN builds. Patches the build to use MSAN + libraries.""" + helper.docker_run([ + '--volumes-from', container, '-e', + 'WORK={work_dir}'.format(work_dir=self.work_dir), + docker.MSAN_LIBS_BUILDER_TAG, 'patch_build.py', '/out' + ]) - return check_fuzzer_build(self.config) + def handle_msan_prebuild(self, container): + """Pre-build step for MSAN builds. Copies MSAN libs to |msan_libs_dir| and + returns docker arguments to use that directory for MSAN libs.""" + logging.info('Copying MSAN libs.') + helper.docker_run([ + '--volumes-from', container, docker.MSAN_LIBS_BUILDER_TAG, 'bash', '-c', + 'cp -r /msan {work_dir}'.format(work_dir=self.work_dir) + ]) def build(self): """Builds the image, checkouts the source (if needed), builds the fuzzers and then removes the unaffectted fuzzers. Returns True on success.""" methods = [ - self.build_image_and_checkout_src, - self.build_fuzzers, - self.remove_unaffected_fuzz_targets, - self.check_fuzzer_build, - self.upload_build, + self.build_image_and_checkout_src, self.build_fuzzers, + self.remove_unaffected_fuzz_targets ] for method in methods: if not method(): @@ -146,7 +154,7 @@ class Builder: # pylint: disable=too-many-instance-attributes changed_files = self.ci_system.get_changed_code_under_test( self.repo_manager) affected_fuzz_targets.remove_unaffected_fuzz_targets( - self.clusterfuzz_deployment, self.workspace.out, changed_files, + self.config.project_name, self.out_dir, changed_files, self.image_repo_path) return True @@ -178,39 +186,94 @@ def build_fuzzers(config): return builder.build() -def check_fuzzer_build(config): +def get_common_docker_args(sanitizer, language): + """Returns a list of common docker arguments.""" + return [ + '--cap-add', + 'SYS_PTRACE', + '-e', + 'FUZZING_ENGINE=' + DEFAULT_ENGINE, + '-e', + 'SANITIZER=' + sanitizer, + '-e', + 'ARCHITECTURE=' + DEFAULT_ARCHITECTURE, + '-e', + 'CIFUZZ=True', + '-e', + 'FUZZING_LANGUAGE=' + language, + ] + + +def check_fuzzer_build(out_dir, + sanitizer, + language, + allowed_broken_targets_percentage=None): """Checks the integrity of the built fuzzers. Args: - config: The config object. + out_dir: The directory containing the fuzzer binaries. + sanitizer: The sanitizer the fuzzers are built with. Returns: - True if fuzzers pass OSS-Fuzz's build check. + True if fuzzers are correct. """ - workspace = workspace_utils.Workspace(config) - if not os.path.exists(workspace.out): - logging.error('Invalid out directory: %s.', workspace.out) + if not os.path.exists(out_dir): + logging.error('Invalid out directory: %s.', out_dir) return False - if not os.listdir(workspace.out): - logging.error('No fuzzers found in out directory: %s.', workspace.out) + if not os.listdir(out_dir): + logging.error('No fuzzers found in out directory: %s.', out_dir) return False - env = base_runner_utils.get_env(config, workspace) - if config.allowed_broken_targets_percentage is not None: - env['ALLOWED_BROKEN_TARGETS_PERCENTAGE'] = ( - config.allowed_broken_targets_percentage) + command = get_common_docker_args(sanitizer, language) - stdout, stderr, retcode = utils.execute('test_all.py', env=env) - print(f'Build check: stdout: {stdout}\nstderr: {stderr}') - if retcode == 0: - logging.info('Build check passed.') - return True - logging.error('Build check failed.') - return False + if allowed_broken_targets_percentage is not None: + command += [ + '-e', + ('ALLOWED_BROKEN_TARGETS_PERCENTAGE=' + + allowed_broken_targets_percentage) + ] + + container = utils.get_container_name() + if container: + command += ['-e', 'OUT=' + out_dir, '--volumes-from', container] + else: + command += ['-v', '%s:/out' % out_dir] + command.extend(['-t', docker.BASE_RUNNER_TAG, 'test_all.py']) + exit_code = helper.docker_run(command) + logging.info('check fuzzer build exit code: %d', exit_code) + if exit_code: + logging.error('Check fuzzer build failed.') + return False + return True + + +def _get_docker_build_fuzzers_args_container(host_out_dir, container): + """Returns arguments to the docker build arguments that are needed to use + |host_out_dir| when the host of the OSS-Fuzz builder container is another + container.""" + return ['-e', 'OUT=' + host_out_dir, '--volumes-from', container] -def _get_docker_build_fuzzers_args_not_container(host_repo_path): +def _get_docker_build_fuzzers_args_not_container(host_out_dir, host_repo_path): """Returns arguments to the docker build arguments that are needed to use - |host_repo_path| when the host of the OSS-Fuzz builder container is not + |host_out_dir| when the host of the OSS-Fuzz builder container is not another container.""" - return ['-v', f'{host_repo_path}:{host_repo_path}'] + image_out_dir = '/out' + return [ + '-e', + 'OUT=' + image_out_dir, + '-v', + '%s:%s' % (host_out_dir, image_out_dir), + '-v', + '%s:%s' % (host_repo_path, host_repo_path), + ] + + +def _get_docker_build_fuzzers_args_msan(work_dir): + """Returns arguments to the docker build command that are needed to use + MSAN.""" + # TODO(metzman): MSAN is broken, fix. + return [ + '-e', 'MSAN_LIBS_PATH={msan_libs_path}'.format( + msan_libs_path=os.path.join(work_dir, 'msan')) + ] diff --git a/infra/cifuzz/build_fuzzers_entrypoint.py b/infra/cifuzz/build_fuzzers_entrypoint.py index e8e368f1b..04f562068 100644 --- a/infra/cifuzz/build_fuzzers_entrypoint.py +++ b/infra/cifuzz/build_fuzzers_entrypoint.py @@ -13,6 +13,7 @@ # limitations under the License. """Builds a specific OSS-Fuzz project's fuzzers for CI tools.""" import logging +import os import sys import build_fuzzers @@ -21,34 +22,19 @@ import config_utils # pylint: disable=c-extension-no-member # pylint gets confused because of the relative import of cifuzz. +# TODO: Turn default logging to INFO when CIFuzz is stable logging.basicConfig( format='%(asctime)s - %(name)s - %(levelname)s - %(message)s', level=logging.DEBUG) -def build_fuzzers_entrypoint(): - """Builds OSS-Fuzz project's fuzzers for CI tools.""" - config = config_utils.BuildFuzzersConfig() - - if config.dry_run: - # Sets the default return code on error to success. - returncode = 0 - else: - # The default return code when an error occurs. - returncode = 1 - - if not build_fuzzers.build_fuzzers(config): - logging.error('Error building fuzzers for (commit: %s, pr_ref: %s).', - config.commit_sha, config.pr_ref) - return returncode - - return 0 - - def main(): - """Builds OSS-Fuzz project's fuzzers for CI tools. + """Build OSS-Fuzz project's fuzzers for CI tools. + This script is used to kick off the Github Actions CI tool. It is the + entrypoint of the Dockerfile in this directory. This action can be added to + any OSS-Fuzz project's workflow that uses Github. - Note: The resulting fuzz target binaries of this build are placed in + Note: The resulting clusterfuzz binaries of this build are placed in the directory: ${GITHUB_WORKSPACE}/out Required environment variables: @@ -64,9 +50,44 @@ def main(): SANITIZER: The sanitizer to use when running fuzzers. Returns: - 0 on success or nonzero on failure. + 0 on success or 1 on failure. """ - return build_fuzzers_entrypoint() + config = config_utils.BuildFuzzersConfig() + + if config.dry_run: + # Sets the default return code on error to success. + returncode = 0 + else: + # The default return code when an error occurs. + returncode = 1 + + if not config.workspace: + logging.error('This script needs to be run within Github actions.') + return returncode + + if not build_fuzzers.build_fuzzers(config): + logging.error( + 'Error building fuzzers for project %s (commit: %s, pr_ref: %s).', + config.project_name, config.commit_sha, config.pr_ref) + return returncode + + out_dir = os.path.join(config.workspace, 'out') + + if not config.bad_build_check: + # If we've gotten to this point and we don't need to do bad_build_check, + # then the build has succeeded. + returncode = 0 + # yapf: disable + elif build_fuzzers.check_fuzzer_build( + out_dir, + config.sanitizer, + config.language, + allowed_broken_targets_percentage=config.allowed_broken_targets_percentage + ): + # yapf: enable + returncode = 0 + + return returncode if __name__ == '__main__': diff --git a/infra/cifuzz/build_fuzzers_test.py b/infra/cifuzz/build_fuzzers_test.py index 5c068ac4d..298778867 100644 --- a/infra/cifuzz/build_fuzzers_test.py +++ b/infra/cifuzz/build_fuzzers_test.py @@ -28,8 +28,8 @@ sys.path.append(INFRA_DIR) OSS_FUZZ_DIR = os.path.dirname(INFRA_DIR) import build_fuzzers +import config_utils import continuous_integration -import repo_manager import test_helpers # NOTE: This integration test relies on @@ -53,7 +53,23 @@ EXAMPLE_NOCRASH_FUZZER = 'example_nocrash_fuzzer' # A fuzzer to be built in build_fuzzers integration tests. EXAMPLE_BUILD_FUZZER = 'do_stuff_fuzzer' -# pylint: disable=no-self-use,protected-access,too-few-public-methods,unused-argument +# pylint: disable=no-self-use,protected-access,too-few-public-methods + + +def create_config(**kwargs): + """Creates a config object and then sets every attribute that is a key in + |kwargs| to the corresponding value. Asserts that each key in |kwargs| is an + attribute of Config.""" + with mock.patch('os.path.basename', return_value=None), mock.patch( + 'config_utils.get_project_src_path', + return_value=None), mock.patch('config_utils._is_dry_run', + return_value=True): + config = config_utils.BuildFuzzersConfig() + + for key, value in kwargs.items(): + assert hasattr(config, key), 'Config doesn\'t have attribute: ' + key + setattr(config, key, value) + return config class BuildFuzzersTest(unittest.TestCase): @@ -63,19 +79,17 @@ class BuildFuzzersTest(unittest.TestCase): return_value=('example.com', '/path')) @mock.patch('repo_manager._clone', return_value=None) @mock.patch('continuous_integration.checkout_specified_commit') - @mock.patch('helper.docker_run', return_value=False) # We want to quit early. - def test_cifuzz_env_var(self, mock_docker_run, _, __, ___): + @mock.patch('helper.docker_run') + def test_cifuzz_env_var(self, mocked_docker_run, _, __, ___): """Tests that the CIFUZZ env var is set.""" with tempfile.TemporaryDirectory() as tmp_dir: build_fuzzers.build_fuzzers( - test_helpers.create_build_config( - oss_fuzz_project_name=EXAMPLE_PROJECT, - project_repo_name=EXAMPLE_PROJECT, - workspace=tmp_dir, - pr_ref='refs/pull/1757/merge')) - - docker_run_command = mock_docker_run.call_args_list[0][0][0] + create_config(project_name=EXAMPLE_PROJECT, + project_repo_name=EXAMPLE_PROJECT, + workspace=tmp_dir, + pr_ref='refs/pull/1757/merge')) + docker_run_command = mocked_docker_run.call_args_list[0][0][0] def command_has_env_var_arg(command, env_var_arg): for idx, element in enumerate(command): @@ -91,25 +105,23 @@ class BuildFuzzersTest(unittest.TestCase): class InternalGithubBuildTest(unittest.TestCase): """Tests for building OSS-Fuzz projects on GitHub actions.""" + PROJECT_NAME = 'myproject' PROJECT_REPO_NAME = 'myproject' SANITIZER = 'address' COMMIT_SHA = 'fake' PR_REF = 'fake' - def _create_builder(self, tmp_dir, oss_fuzz_project_name='myproject'): + def _create_builder(self, tmp_dir): """Creates an InternalGithubBuilder and returns it.""" - config = test_helpers.create_build_config( - oss_fuzz_project_name=oss_fuzz_project_name, - project_repo_name=self.PROJECT_REPO_NAME, - workspace=tmp_dir, - sanitizer=self.SANITIZER, - commit_sha=self.COMMIT_SHA, - pr_ref=self.PR_REF, - is_github=True) + config = create_config(project_name=self.PROJECT_NAME, + project_repo_name=self.PROJECT_REPO_NAME, + workspace=tmp_dir, + sanitizer=self.SANITIZER, + commit_sha=self.COMMIT_SHA, + pr_ref=self.PR_REF, + is_github=True) ci_system = continuous_integration.get_ci(config) - builder = build_fuzzers.Builder(config, ci_system) - builder.repo_manager = repo_manager.RepoManager('/fake') - return builder + return build_fuzzers.Builder(config, ci_system) @mock.patch('repo_manager._clone', side_effect=None) @mock.patch('continuous_integration.checkout_specified_commit', @@ -129,29 +141,6 @@ class InternalGithubBuildTest(unittest.TestCase): self.assertEqual(os.path.basename(builder.host_repo_path), os.path.basename(image_repo_path)) - @mock.patch('clusterfuzz_deployment.ClusterFuzzLite.upload_build', - return_value=True) - def test_upload_build_disabled(self, mock_upload_build): - """Test upload build (disabled).""" - with tempfile.TemporaryDirectory() as tmp_dir: - builder = self._create_builder(tmp_dir) - builder.upload_build() - - mock_upload_build.assert_not_called() - - @mock.patch('repo_manager.RepoManager.get_current_commit', - return_value='commit') - @mock.patch('clusterfuzz_deployment.ClusterFuzzLite.upload_build', - return_value=True) - def test_upload_build(self, mock_upload_build, mock_get_current_commit): - """Test upload build.""" - with tempfile.TemporaryDirectory() as tmp_dir: - builder = self._create_builder(tmp_dir, oss_fuzz_project_name='') - builder.config.upload_build = True - builder.upload_build() - - mock_upload_build.assert_called_with('commit') - @unittest.skipIf(not os.getenv('INTEGRATION_TESTS'), 'INTEGRATION_TESTS=1 not set') @@ -159,59 +148,36 @@ class BuildFuzzersIntegrationTest(unittest.TestCase): """Integration tests for build_fuzzers.""" def setUp(self): - self.temp_dir_obj = tempfile.TemporaryDirectory() - self.workspace = self.temp_dir_obj.name - self.out_dir = os.path.join(self.workspace, 'build-out') + self.tmp_dir_obj = tempfile.TemporaryDirectory() + self.workspace = self.tmp_dir_obj.name + self.out_dir = os.path.join(self.workspace, 'out') test_helpers.patch_environ(self) - base_runner_path = os.path.join(INFRA_DIR, 'base-images', 'base-runner') - os.environ['PATH'] = os.environ['PATH'] + os.pathsep + base_runner_path - def tearDown(self): - self.temp_dir_obj.cleanup() + self.tmp_dir_obj.cleanup() def test_external_github_project(self): """Tests building fuzzers from an external project on Github.""" - project_repo_name = 'external-project' + project_name = 'external-project' + build_integration_path = 'fuzzer-build-integration' git_url = 'https://github.com/jonathanmetzman/cifuzz-external-example.git' # This test is dependant on the state of # github.com/jonathanmetzman/cifuzz-external-example. - config = test_helpers.create_build_config( - project_repo_name=project_repo_name, - workspace=self.workspace, - git_url=git_url, - commit_sha='HEAD', - is_github=True, - base_commit='HEAD^1') - self.assertTrue(build_fuzzers.build_fuzzers(config)) - self.assertTrue( - os.path.exists(os.path.join(self.out_dir, EXAMPLE_BUILD_FUZZER))) - - def test_external_generic_project(self): - """Tests building fuzzers from an external project not on Github.""" - project_repo_name = 'cifuzz-external-example' - git_url = 'https://github.com/jonathanmetzman/cifuzz-external-example.git' - # This test is dependant on the state of - # github.com/jonathanmetzman/cifuzz-external-example. - manager = repo_manager.clone_repo_and_get_manager( - 'https://github.com/jonathanmetzman/cifuzz-external-example', - self.temp_dir_obj.name) - project_src_path = manager.repo_dir - config = test_helpers.create_build_config( - project_repo_name=project_repo_name, - workspace=self.workspace, - git_url=git_url, - commit_sha='HEAD', - project_src_path=project_src_path, - base_commit='HEAD^1') + config = create_config(project_name=project_name, + project_repo_name=project_name, + workspace=self.workspace, + build_integration_path=build_integration_path, + git_url=git_url, + commit_sha='HEAD', + base_commit='HEAD^1') self.assertTrue(build_fuzzers.build_fuzzers(config)) self.assertTrue( os.path.exists(os.path.join(self.out_dir, EXAMPLE_BUILD_FUZZER))) def test_valid_commit(self): """Tests building fuzzers with valid inputs.""" - config = test_helpers.create_build_config( - oss_fuzz_project_name=EXAMPLE_PROJECT, + config = create_config( + project_name=EXAMPLE_PROJECT, project_repo_name='oss-fuzz', workspace=self.workspace, commit_sha='0b95fe1039ed7c38fea1f97078316bfc1030c523', @@ -223,32 +189,31 @@ class BuildFuzzersIntegrationTest(unittest.TestCase): def test_valid_pull_request(self): """Tests building fuzzers with valid pull request.""" - config = test_helpers.create_build_config( - oss_fuzz_project_name=EXAMPLE_PROJECT, - project_repo_name='oss-fuzz', - workspace=self.workspace, - pr_ref='refs/pull/1757/merge', - base_ref='master', - is_github=True) + # TODO(metzman): What happens when this branch closes? + config = create_config(project_name=EXAMPLE_PROJECT, + project_repo_name='oss-fuzz', + workspace=self.workspace, + pr_ref='refs/pull/1757/merge', + base_ref='master', + is_github=True) self.assertTrue(build_fuzzers.build_fuzzers(config)) self.assertTrue( os.path.exists(os.path.join(self.out_dir, EXAMPLE_BUILD_FUZZER))) def test_invalid_pull_request(self): """Tests building fuzzers with invalid pull request.""" - config = test_helpers.create_build_config( - oss_fuzz_project_name=EXAMPLE_PROJECT, - project_repo_name='oss-fuzz', - workspace=self.workspace, - pr_ref='ref-1/merge', - base_ref='master', - is_github=True) + config = create_config(project_name=EXAMPLE_PROJECT, + project_repo_name='oss-fuzz', + workspace=self.workspace, + pr_ref='ref-1/merge', + base_ref='master', + is_github=True) self.assertTrue(build_fuzzers.build_fuzzers(config)) - def test_invalid_oss_fuzz_project_name(self): + def test_invalid_project_name(self): """Tests building fuzzers with invalid project name.""" - config = test_helpers.create_build_config( - oss_fuzz_project_name='not_a_valid_project', + config = create_config( + project_name='not_a_valid_project', project_repo_name='oss-fuzz', workspace=self.workspace, commit_sha='0b95fe1039ed7c38fea1f97078316bfc1030c523') @@ -256,8 +221,8 @@ class BuildFuzzersIntegrationTest(unittest.TestCase): def test_invalid_repo_name(self): """Tests building fuzzers with invalid repo name.""" - config = test_helpers.create_build_config( - oss_fuzz_project_name=EXAMPLE_PROJECT, + config = create_config( + project_name=EXAMPLE_PROJECT, project_repo_name='not-real-repo', workspace=self.workspace, commit_sha='0b95fe1039ed7c38fea1f97078316bfc1030c523') @@ -265,19 +230,18 @@ class BuildFuzzersIntegrationTest(unittest.TestCase): def test_invalid_commit_sha(self): """Tests building fuzzers with invalid commit SHA.""" - config = test_helpers.create_build_config( - oss_fuzz_project_name=EXAMPLE_PROJECT, - project_repo_name='oss-fuzz', - workspace=self.workspace, - commit_sha='', - is_github=True) + config = create_config(project_name=EXAMPLE_PROJECT, + project_repo_name='oss-fuzz', + workspace=self.workspace, + commit_sha='', + is_github=True) with self.assertRaises(AssertionError): build_fuzzers.build_fuzzers(config) def test_invalid_workspace(self): """Tests building fuzzers with invalid workspace.""" - config = test_helpers.create_build_config( - oss_fuzz_project_name=EXAMPLE_PROJECT, + config = create_config( + project_name=EXAMPLE_PROJECT, project_repo_name='oss-fuzz', workspace=os.path.join(self.workspace, 'not', 'a', 'dir'), commit_sha='0b95fe1039ed7c38fea1f97078316bfc1030c523') @@ -291,47 +255,44 @@ class CheckFuzzerBuildTest(unittest.TestCase): LANGUAGE = 'c++' def setUp(self): - self.temp_dir_obj = tempfile.TemporaryDirectory() - workspace_path = os.path.join(self.temp_dir_obj.name, 'workspace') - self.config = test_helpers.create_build_config( - oss_fuzz_project_name=EXAMPLE_PROJECT, - sanitizer=self.SANITIZER, - language=self.LANGUAGE, - workspace=workspace_path, - pr_ref='refs/pull/1757/merge') - self.workspace = test_helpers.create_workspace(workspace_path) - shutil.copytree(TEST_DATA_PATH, workspace_path) - test_helpers.patch_environ(self, runner=True) + self.tmp_dir_obj = tempfile.TemporaryDirectory() + self.test_files_path = os.path.join(self.tmp_dir_obj.name, 'test_files') + shutil.copytree(TEST_DATA_PATH, self.test_files_path) def tearDown(self): - self.temp_dir_obj.cleanup() + self.tmp_dir_obj.cleanup() def test_correct_fuzzer_build(self): """Checks check_fuzzer_build function returns True for valid fuzzers.""" - self.assertTrue(build_fuzzers.check_fuzzer_build(self.config)) - - def test_not_a_valid_path(self): - """Tests that False is returned when a nonexistent path is given.""" - self.config.workspace = 'not/a/valid/path' - self.assertFalse(build_fuzzers.check_fuzzer_build(self.config)) - - def test_no_valid_fuzzers(self): - """Tests that False is returned when an empty directory is given.""" - with tempfile.TemporaryDirectory() as tmp_dir: - self.config.workspace = tmp_dir - os.mkdir(os.path.join(self.config.workspace, 'build-out')) - self.assertFalse(build_fuzzers.check_fuzzer_build(self.config)) - - @mock.patch('utils.execute', return_value=(None, None, 0)) - def test_allow_broken_fuzz_targets_percentage(self, mock_execute): + test_fuzzer_dir = os.path.join(self.test_files_path, 'out') + self.assertTrue( + build_fuzzers.check_fuzzer_build(test_fuzzer_dir, self.SANITIZER, + self.LANGUAGE)) + + def test_not_a_valid_fuzz_path(self): + """Tests that False is returned when a bad path is given.""" + self.assertFalse( + build_fuzzers.check_fuzzer_build('not/a/valid/path', self.SANITIZER, + self.LANGUAGE)) + + def test_not_a_valid_fuzzer(self): + """Checks a directory that exists but does not have fuzzers is False.""" + self.assertFalse( + build_fuzzers.check_fuzzer_build(self.test_files_path, self.SANITIZER, + self.LANGUAGE)) + + @mock.patch('helper.docker_run') + def test_allow_broken_fuzz_targets_percentage(self, mocked_docker_run): """Tests that ALLOWED_BROKEN_TARGETS_PERCENTAGE is set when running docker if passed to check_fuzzer_build.""" - percentage = '0' - self.config.allowed_broken_targets_percentage = percentage - build_fuzzers.check_fuzzer_build(self.config) - self.assertEqual( - mock_execute.call_args[1]['env']['ALLOWED_BROKEN_TARGETS_PERCENTAGE'], - percentage) + mocked_docker_run.return_value = 0 + test_fuzzer_dir = os.path.join(TEST_DATA_PATH, 'out') + build_fuzzers.check_fuzzer_build(test_fuzzer_dir, + self.SANITIZER, + self.LANGUAGE, + allowed_broken_targets_percentage='0') + self.assertIn('-e ALLOWED_BROKEN_TARGETS_PERCENTAGE=0', + ' '.join(mocked_docker_run.call_args[0][0])) @unittest.skip('Test is too long to be run with presubmit.') @@ -343,12 +304,11 @@ class BuildSantizerIntegrationTest(unittest.TestCase): @classmethod def _create_config(cls, tmp_dir, sanitizer): - return test_helpers.create_build_config( - oss_fuzz_project_name=cls.PROJECT_NAME, - project_repo_name=cls.PROJECT_NAME, - workspace=tmp_dir, - pr_ref=cls.PR_REF, - sanitizer=sanitizer) + return create_config(project_name=cls.PROJECT_NAME, + project_repo_name=cls.PROJECT_NAME, + workspace=tmp_dir, + pr_ref=cls.PR_REF, + sanitizer=sanitizer) @parameterized.parameterized.expand([('memory',), ('undefined',)]) def test_valid_project_curl(self, sanitizer): @@ -358,6 +318,18 @@ class BuildSantizerIntegrationTest(unittest.TestCase): build_fuzzers.build_fuzzers(self._create_config(tmp_dir, sanitizer))) +class GetDockerBuildFuzzersArgsContainerTest(unittest.TestCase): + """Tests that _get_docker_build_fuzzers_args_container works as intended.""" + + def test_get_docker_build_fuzzers_args_container(self): + """Tests that _get_docker_build_fuzzers_args_container works as intended.""" + out_dir = '/my/out' + container = 'my-container' + result = build_fuzzers._get_docker_build_fuzzers_args_container( + out_dir, container) + self.assertEqual(result, ['-e', 'OUT=/my/out', '--volumes-from', container]) + + class GetDockerBuildFuzzersArgsNotContainerTest(unittest.TestCase): """Tests that _get_docker_build_fuzzers_args_not_container works as intended.""" @@ -365,10 +337,25 @@ class GetDockerBuildFuzzersArgsNotContainerTest(unittest.TestCase): def test_get_docker_build_fuzzers_args_no_container(self): """Tests that _get_docker_build_fuzzers_args_not_container works as intended.""" + host_out_dir = '/cifuzz/out' host_repo_path = '/host/repo' result = build_fuzzers._get_docker_build_fuzzers_args_not_container( - host_repo_path) - expected_result = ['-v', '/host/repo:/host/repo'] + host_out_dir, host_repo_path) + expected_result = [ + '-e', 'OUT=/out', '-v', '/cifuzz/out:/out', '-v', + '/host/repo:/host/repo' + ] + self.assertEqual(result, expected_result) + + +class GetDockerBuildFuzzersArgsMsanTest(unittest.TestCase): + """Tests that _get_docker_build_fuzzers_args_msan works as intended.""" + + def test_get_docker_build_fuzzers_args_msan(self): + """Tests that _get_docker_build_fuzzers_args_msan works as intended.""" + work_dir = '/work_dir' + result = build_fuzzers._get_docker_build_fuzzers_args_msan(work_dir) + expected_result = ['-e', 'MSAN_LIBS_PATH=/work_dir/msan'] self.assertEqual(result, expected_result) diff --git a/infra/cifuzz/cifuzz-base/Dockerfile b/infra/cifuzz/cifuzz-base/Dockerfile index bb1431dd8..e0599dbbe 100644 --- a/infra/cifuzz/cifuzz-base/Dockerfile +++ b/infra/cifuzz/cifuzz-base/Dockerfile @@ -14,20 +14,19 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-runner +# Don't bother with a slimmer base image. +# When we pull base-builder to build project builder image we need to pull +# ubuntu:16.04 anyway. So in the long run we probably would waste time if +# we pulled something like alpine here instead. +FROM ubuntu:16.04 RUN apt-get update && \ - apt-get install -y systemd && \ - apt-get install -y --no-install-recommends nodejs npm && \ - wget https://download.docker.com/linux/ubuntu/dists/focal/pool/stable/amd64/docker-ce-cli_20.10.8~3-0~ubuntu-focal_amd64.deb -O /tmp/docker-ce.deb && \ - dpkg -i /tmp/docker-ce.deb && rm /tmp/docker-ce.deb + apt-get install ca-certificates wget python3 git-core --no-install-recommends -y && \ + wget https://download.docker.com/linux/ubuntu/dists/xenial/pool/stable/amd64/docker-ce-cli_20.10.5~3-0~ubuntu-xenial_amd64.deb -O /tmp/docker-ce.deb && \ + dpkg -i /tmp/docker-ce.deb && rm /tmp/docker-ce.deb && \ + apt-get remove wget -y --purge + ENV OSS_FUZZ_ROOT=/opt/oss-fuzz ADD . ${OSS_FUZZ_ROOT} -RUN python3 -m pip install -r ${OSS_FUZZ_ROOT}/infra/cifuzz/requirements.txt -RUN npm install ${OSS_FUZZ_ROOT}/infra/cifuzz - -# Python file to execute when the docker container starts up. -# We can't use the env var $OSS_FUZZ_ROOT here. Since it's a constant env var, -# just expand to '/opt/oss-fuzz'. -ENTRYPOINT ["python3", "/opt/oss-fuzz/infra/cifuzz/cifuzz_combined_entrypoint.py"] +RUN rm -rf ${OSS_FUZZ_ROOT}/infra
\ No newline at end of file diff --git a/infra/cifuzz/cifuzz_combined_entrypoint.py b/infra/cifuzz/cifuzz_combined_entrypoint.py deleted file mode 100644 index 008ce1088..000000000 --- a/infra/cifuzz/cifuzz_combined_entrypoint.py +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Builds fuzzers and runs fuzzers. Entrypoint used for external users""" -import logging -import sys - -import build_fuzzers_entrypoint -import run_fuzzers_entrypoint - - -def main(): - """Builds and runs fuzzers for CI tools. - - NOTE: Any crash report will be in the filepath: - ${GITHUB_WORKSPACE}/out/testcase - This can be used with GitHub's upload-artifact action to surface the logs. - - Required environment variables: - OSS_FUZZ_PROJECT_NAME: The name of OSS-Fuzz project. - GITHUB_REPOSITORY: The name of the Github repo that called this script. - GITHUB_SHA: The commit SHA that triggered this script. - GITHUB_EVENT_NAME: The name of the hook event that triggered this script. - GITHUB_EVENT_PATH: - The path to the file containing the POST payload of the webhook: - https://help.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners#filesystems-on-github-hosted-runners - GITHUB_WORKSPACE: The shared volume directory where input artifacts are. - DRY_RUN: If true, no failures will surface. - SANITIZER: The sanitizer to use when running fuzzers. - FUZZ_SECONDS: The length of time in seconds that fuzzers are to be run. - - Returns: - 0 on success or 1 on failure. - """ - logging.debug("Using cifuzz_combined_entrypoint.") - result = build_fuzzers_entrypoint.build_fuzzers_entrypoint() - if result != 0: - return result - return run_fuzzers_entrypoint.run_fuzzers_entrypoint() - - -if __name__ == '__main__': - sys.exit(main()) diff --git a/infra/cifuzz/cifuzz_end_to_end_test.py b/infra/cifuzz/cifuzz_end_to_end_test.py deleted file mode 100644 index 2a4234faf..000000000 --- a/infra/cifuzz/cifuzz_end_to_end_test.py +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""End-to-End tests for CIFuzz.""" -import os -import unittest - -import run_cifuzz -import test_helpers - -CIFUZZ_DIR = os.path.dirname(os.path.abspath(__file__)) -EXTERNAL_PROJECT_PATH = os.path.join(CIFUZZ_DIR, 'test_data', - 'external-project') - - -# This test will fail if not run as root because the fuzzer build process -# creates binaries that only root can write to. -# Use a seperate env var to keep this seperate from integration tests which -# don't have this annoying property. -@unittest.skipIf(not os.getenv('END_TO_END_TESTS'), - 'END_TO_END_TESTS=1 not set') -class EndToEndTest(unittest.TestCase): - """End-to-End tests for CIFuzz.""" - - def setUp(self): - test_helpers.patch_environ(self, runner=True) - - def test_simple(self): - """Simple end-to-end test using run_cifuzz.main().""" - os.environ['REPOSITORY'] = 'external-project' - os.environ['PROJECT_SRC_PATH'] = EXTERNAL_PROJECT_PATH - - with test_helpers.docker_temp_dir() as temp_dir: - os.environ['WORKSPACE'] = temp_dir - # TODO(metzman): Verify the crash, affected fuzzers, and other things. - self.assertEqual(run_cifuzz.main(), 1) diff --git a/infra/cifuzz/cloudbuild.yaml b/infra/cifuzz/cloudbuild.yaml deleted file mode 100644 index 6f38ccecd..000000000 --- a/infra/cifuzz/cloudbuild.yaml +++ /dev/null @@ -1,39 +0,0 @@ -steps: -- name: 'gcr.io/cloud-builders/docker' - args: - - build - - '-t' - - gcr.io/oss-fuzz-base/cifuzz-base - - '-t' - - gcr.io/oss-fuzz-base/cifuzz-base:v1 - - '-f' - - infra/cifuzz/cifuzz-base/Dockerfile - - . -- name: 'gcr.io/cloud-builders/docker' - args: - - build - - '-t' - - gcr.io/oss-fuzz-base/cifuzz-build-fuzzers - - '-t' - - gcr.io/oss-fuzz-base/cifuzz-build-fuzzers:v1 - - '-f' - - infra/build_fuzzers.Dockerfile - - infra -- name: 'gcr.io/cloud-builders/docker' - args: - - build - - '-t' - - gcr.io/oss-fuzz-base/cifuzz-run-fuzzers - - '-t' - - gcr.io/oss-fuzz-base/cifuzz-run-fuzzers:v1 - - '-f' - - infra/run_fuzzers.Dockerfile - - infra -images: -- gcr.io/oss-fuzz-base/cifuzz-base -- gcr.io/oss-fuzz-base/cifuzz-base:v1 -- gcr.io/oss-fuzz-base/cifuzz-run-fuzzers -- gcr.io/oss-fuzz-base/cifuzz-run-fuzzers:v1 -- gcr.io/oss-fuzz-base/cifuzz-build-fuzzers -- gcr.io/oss-fuzz-base/cifuzz-build-fuzzers:v1 -timeout: 1800s diff --git a/infra/cifuzz/clusterfuzz_deployment.py b/infra/cifuzz/clusterfuzz_deployment.py index fdc3738df..8c46e9d4e 100644 --- a/infra/cifuzz/clusterfuzz_deployment.py +++ b/infra/cifuzz/clusterfuzz_deployment.py @@ -11,20 +11,15 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -"""Module for interacting with the ClusterFuzz deployment.""" +"""Module for interacting with the "ClusterFuzz deployment.""" import logging import os import sys +import tempfile +import time import urllib.error import urllib.request - -import config_utils -import continuous_integration -import filestore -import filestore_utils -import http_utils -import get_coverage -import repo_manager +import zipfile # pylint: disable=wrong-import-position,import-error sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) @@ -34,12 +29,13 @@ import utils class BaseClusterFuzzDeployment: """Base class for ClusterFuzz deployments.""" - def __init__(self, config, workspace): + CORPUS_DIR_NAME = 'cifuzz-corpus' + BUILD_DIR_NAME = 'cifuzz-latest-build' + + def __init__(self, config): self.config = config - self.workspace = workspace - self.ci_system = continuous_integration.get_ci(config) - def download_latest_build(self): + def download_latest_build(self, out_dir): """Downloads the latest build from ClusterFuzz. Returns: @@ -47,167 +43,23 @@ class BaseClusterFuzzDeployment: """ raise NotImplementedError('Child class must implement method.') - def upload_build(self, commit): - """Uploads the build with the given commit sha to the filestore.""" - raise NotImplementedError('Child class must implement method.') - - def download_corpus(self, target_name, corpus_dir): - """Downloads the corpus for |target_name| from ClusterFuzz to |corpus_dir|. + def download_corpus(self, target_name, out_dir): + """Downloads the corpus for |target_name| from ClusterFuzz to |out_dir|. Returns: A path to where the OSS-Fuzz build was stored, or None if it wasn't. """ raise NotImplementedError('Child class must implement method.') - def upload_crashes(self): - """Uploads crashes in |crashes_dir| to filestore.""" - raise NotImplementedError('Child class must implement method.') - - def upload_corpus(self, target_name, corpus_dir, replace=False): # pylint: disable=no-self-use,unused-argument - """Uploads the corpus for |target_name| to filestore.""" - raise NotImplementedError('Child class must implement method.') - - def upload_coverage(self): - """Uploads the coverage report to the filestore.""" - raise NotImplementedError('Child class must implement method.') - - def get_coverage(self, repo_path): - """Returns the project coverage object for the project.""" - raise NotImplementedError('Child class must implement method.') - - -def _make_empty_dir_if_nonexistent(path): - """Makes an empty directory at |path| if it does not exist.""" - os.makedirs(path, exist_ok=True) - class ClusterFuzzLite(BaseClusterFuzzDeployment): """Class representing a deployment of ClusterFuzzLite.""" - COVERAGE_NAME = 'latest' - LATEST_BUILD_WINDOW = 3 - - def __init__(self, config, workspace): - super().__init__(config, workspace) - self.filestore = filestore_utils.get_filestore(self.config) - - def download_latest_build(self): - if os.path.exists(self.workspace.clusterfuzz_build): - # This path is necessary because download_latest_build can be called - # multiple times.That is the case because it is called only when we need - # to see if a bug is novel, i.e. until we want to check a bug is novel we - # don't want to waste time calling this, but therefore this method can be - # called if multiple bugs are found. - return self.workspace.clusterfuzz_build - - repo_dir = self.ci_system.repo_dir() - if not repo_dir: - raise RuntimeError('Repo checkout does not exist.') - - _make_empty_dir_if_nonexistent(self.workspace.clusterfuzz_build) - repo = repo_manager.RepoManager(repo_dir) - - # Builds are stored by commit, so try the latest |LATEST_BUILD_WINDOW| - # commits before the current. - # TODO(ochang): If API usage becomes an issue, this can be optimized by the - # filestore accepting a list of filenames to try. - for old_commit in repo.get_commit_list('HEAD^', - limit=self.LATEST_BUILD_WINDOW): - logging.info('Trying to downloading previous build %s.', old_commit) - build_name = self._get_build_name(old_commit) - try: - if self.filestore.download_build(build_name, - self.workspace.clusterfuzz_build): - logging.info('Done downloading previus build.') - return self.workspace.clusterfuzz_build - - logging.info('Build for %s does not exist.', old_commit) - except Exception as err: # pylint: disable=broad-except - logging.error('Could not download build for %s because of: %s', - old_commit, err) + def download_latest_build(self, out_dir): + logging.info('download_latest_build not implemented for ClusterFuzzLite.') - return None - - def download_corpus(self, target_name, corpus_dir): - _make_empty_dir_if_nonexistent(corpus_dir) - logging.info('Downloading corpus for %s to %s.', target_name, corpus_dir) - corpus_name = self._get_corpus_name(target_name) - try: - self.filestore.download_corpus(corpus_name, corpus_dir) - logging.info('Done downloading corpus. Contains %d elements.', - len(os.listdir(corpus_dir))) - except Exception as err: # pylint: disable=broad-except - logging.error('Failed to download corpus for target: %s. Error: %s', - target_name, str(err)) - return corpus_dir - - def _get_build_name(self, name): - return f'{self.config.sanitizer}-{name}' - - def _get_corpus_name(self, target_name): # pylint: disable=no-self-use - """Returns the name of the corpus artifact.""" - return target_name - - def _get_crashes_artifact_name(self): # pylint: disable=no-self-use - """Returns the name of the crashes artifact.""" - return 'current' - - def upload_corpus(self, target_name, corpus_dir, replace=False): - """Upload the corpus produced by |target_name|.""" - logging.info('Uploading corpus in %s for %s.', corpus_dir, target_name) - name = self._get_corpus_name(target_name) - try: - self.filestore.upload_corpus(name, corpus_dir, replace=replace) - logging.info('Done uploading corpus.') - except Exception as error: # pylint: disable=broad-except - logging.error('Failed to upload corpus for target: %s. Error: %s.', - target_name, error) - - def upload_build(self, commit): - """Upload the build produced by CIFuzz as the latest build.""" - logging.info('Uploading latest build in %s.', self.workspace.out) - build_name = self._get_build_name(commit) - try: - result = self.filestore.upload_build(build_name, self.workspace.out) - logging.info('Done uploading latest build.') - return result - except Exception as error: # pylint: disable=broad-except - logging.error('Failed to upload latest build: %s. Error: %s', - self.workspace.out, error) - - def upload_crashes(self): - """Uploads crashes.""" - if not os.listdir(self.workspace.artifacts): - logging.info('No crashes in %s. Not uploading.', self.workspace.artifacts) - return - - crashes_artifact_name = self._get_crashes_artifact_name() - - logging.info('Uploading crashes in %s.', self.workspace.artifacts) - try: - self.filestore.upload_crashes(crashes_artifact_name, - self.workspace.artifacts) - logging.info('Done uploading crashes.') - except Exception as error: # pylint: disable=broad-except - logging.error('Failed to upload crashes. Error: %s', error) - - def upload_coverage(self): - """Uploads the coverage report to the filestore.""" - self.filestore.upload_coverage(self.COVERAGE_NAME, - self.workspace.coverage_report) - - def get_coverage(self, repo_path): - """Returns the project coverage object for the project.""" - try: - if not self.filestore.download_coverage( - self.COVERAGE_NAME, self.workspace.clusterfuzz_coverage): - logging.error('Could not download coverage.') - return None - return get_coverage.FilesystemCoverage( - repo_path, self.workspace.clusterfuzz_coverage) - except (get_coverage.CoverageError, filestore.FilestoreError): - logging.error('Could not get coverage.') - return None + def download_corpus(self, target_name, out_dir): + logging.info('download_corpus not implemented for ClusterFuzzLite.') class OSSFuzz(BaseClusterFuzzDeployment): @@ -216,6 +68,9 @@ class OSSFuzz(BaseClusterFuzzDeployment): # Location of clusterfuzz builds on GCS. CLUSTERFUZZ_BUILDS = 'clusterfuzz-builds' + # Format string for the latest version of a project's build. + VERSION_STRING = '{project_name}-{sanitizer}-latest.version' + # Zip file name containing the corpus. CORPUS_ZIP_NAME = 'public.zip' @@ -225,148 +80,139 @@ class OSSFuzz(BaseClusterFuzzDeployment): Returns: A string with the latest build version or None. """ - version_file = ( - f'{self.config.oss_fuzz_project_name}-{self.config.sanitizer}' - '-latest.version') + version_file = self.VERSION_STRING.format( + project_name=self.config.project_name, sanitizer=self.config.sanitizer) version_url = utils.url_join(utils.GCS_BASE_URL, self.CLUSTERFUZZ_BUILDS, - self.config.oss_fuzz_project_name, - version_file) + self.config.project_name, version_file) try: response = urllib.request.urlopen(version_url) except urllib.error.HTTPError: logging.error('Error getting latest build version for %s from: %s.', - self.config.oss_fuzz_project_name, version_url) + self.config.project_name, version_url) return None return response.read().decode() - def download_latest_build(self): + def download_latest_build(self, out_dir): """Downloads the latest OSS-Fuzz build from GCS. Returns: A path to where the OSS-Fuzz build was stored, or None if it wasn't. """ - if os.path.exists(self.workspace.clusterfuzz_build): - # This function can be called multiple times, don't download the build - # again. - return self.workspace.clusterfuzz_build + build_dir = os.path.join(out_dir, self.BUILD_DIR_NAME) + if os.path.exists(build_dir): + return build_dir - _make_empty_dir_if_nonexistent(self.workspace.clusterfuzz_build) + os.makedirs(build_dir, exist_ok=True) latest_build_name = self.get_latest_build_name() if not latest_build_name: return None - logging.info('Downloading latest build.') oss_fuzz_build_url = utils.url_join(utils.GCS_BASE_URL, self.CLUSTERFUZZ_BUILDS, - self.config.oss_fuzz_project_name, + self.config.project_name, latest_build_name) - if http_utils.download_and_unpack_zip(oss_fuzz_build_url, - self.workspace.clusterfuzz_build): - logging.info('Done downloading latest build.') - return self.workspace.clusterfuzz_build + if download_and_unpack_zip(oss_fuzz_build_url, build_dir): + return build_dir return None - def upload_build(self, commit): # pylint: disable=no-self-use - """Noop Implementation of upload_build.""" - logging.info('Not uploading latest build because on OSS-Fuzz.') - - def upload_corpus(self, target_name, corpus_dir, replace=False): # pylint: disable=no-self-use,unused-argument - """Noop Implementation of upload_corpus.""" - logging.info('Not uploading corpus because on OSS-Fuzz.') - - def upload_crashes(self): # pylint: disable=no-self-use - """Noop Implementation of upload_crashes.""" - logging.info('Not uploading crashes because on OSS-Fuzz.') - - def download_corpus(self, target_name, corpus_dir): + def download_corpus(self, target_name, out_dir): """Downloads the latest OSS-Fuzz corpus for the target. Returns: The local path to to corpus or None if download failed. """ - _make_empty_dir_if_nonexistent(corpus_dir) + corpus_dir = os.path.join(out_dir, self.CORPUS_DIR_NAME, target_name) + os.makedirs(corpus_dir, exist_ok=True) + # TODO(metzman): Clean up this code. project_qualified_fuzz_target_name = target_name - qualified_name_prefix = self.config.oss_fuzz_project_name + '_' + qualified_name_prefix = self.config.project_name + '_' + if not target_name.startswith(qualified_name_prefix): project_qualified_fuzz_target_name = qualified_name_prefix + target_name - corpus_url = (f'{utils.GCS_BASE_URL}{self.config.oss_fuzz_project_name}' - '-backup.clusterfuzz-external.appspot.com/corpus/' - f'libFuzzer/{project_qualified_fuzz_target_name}/' - f'{self.CORPUS_ZIP_NAME}') + corpus_url = utils.url_join( + utils.GCS_BASE_URL, + '{0}-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/'.format( + self.config.project_name), project_qualified_fuzz_target_name, + self.CORPUS_ZIP_NAME) - if not http_utils.download_and_unpack_zip(corpus_url, corpus_dir): - logging.warning('Failed to download corpus for %s.', target_name) - return corpus_dir + if download_and_unpack_zip(corpus_url, corpus_dir): + return corpus_dir - def upload_coverage(self): - """Noop Implementation of upload_coverage_report.""" - logging.info('Not uploading coverage report because on OSS-Fuzz.') + return None - def get_coverage(self, repo_path): - """Returns the project coverage object for the project.""" - try: - return get_coverage.OSSFuzzCoverage(repo_path, - self.config.oss_fuzz_project_name) - except get_coverage.CoverageError: - return None +def download_url(url, filename, num_attempts=3): + """Downloads the file located at |url|, using HTTP to |filename|. + + Args: + url: A url to a file to download. + filename: The path the file should be downloaded to. + num_retries: The number of times to retry the download on + ConnectionResetError. -class NoClusterFuzzDeployment(BaseClusterFuzzDeployment): - """ClusterFuzzDeployment implementation used when there is no deployment of - ClusterFuzz to use.""" + Returns: + True on success. + """ + sleep_time = 1 - def upload_build(self, commit): # pylint: disable=no-self-use - """Noop Implementation of upload_build.""" - logging.info('Not uploading latest build because no ClusterFuzz ' - 'deployment.') + # Don't use retry wrapper since we don't want this to raise any exceptions. + for _ in range(num_attempts): + try: + urllib.request.urlretrieve(url, filename) + return True + except urllib.error.HTTPError: + # In these cases, retrying probably wont work since the error probably + # means there is nothing at the URL to download. + logging.error('Unable to download from: %s.', url) + return False + except ConnectionResetError: + # These errors are more likely to be transient. Retry. + pass + time.sleep(sleep_time) - def upload_corpus(self, target_name, corpus_dir, replace=False): # pylint: disable=no-self-use,unused-argument - """Noop Implementation of upload_corpus.""" - logging.info('Not uploading corpus because no ClusterFuzz deployment.') + logging.error('Failed to download %s, %d times.', url, num_attempts) - def upload_crashes(self): # pylint: disable=no-self-use - """Noop Implementation of upload_crashes.""" - logging.info('Not uploading crashes because no ClusterFuzz deployment.') + return False - def download_corpus(self, target_name, corpus_dir): - """Noop Implementation of download_corpus.""" - logging.info('Not downloading corpus because no ClusterFuzz deployment.') - return _make_empty_dir_if_nonexistent(corpus_dir) - def download_latest_build(self): # pylint: disable=no-self-use - """Noop Implementation of download_latest_build.""" - logging.info( - 'Not downloading latest build because no ClusterFuzz deployment.') +def download_and_unpack_zip(url, extract_directory): + """Downloads and unpacks a zip file from an HTTP URL. - def upload_coverage(self): - """Noop Implementation of upload_coverage.""" - logging.info( - 'Not uploading coverage report because no ClusterFuzz deployment.') + Args: + url: A url to the zip file to be downloaded and unpacked. + out_dir: The path where the zip file should be extracted to. - def get_coverage(self, repo_path): - """Noop Implementation of get_coverage.""" - logging.info( - 'Not getting project coverage because no ClusterFuzz deployment.') + Returns: + True on success. + """ + if not os.path.exists(extract_directory): + logging.error('Extract directory: %s does not exist.', extract_directory) + return False + # Gives the temporary zip file a unique identifier in the case that + # that download_and_unpack_zip is done in parallel. + with tempfile.NamedTemporaryFile(suffix='.zip') as tmp_file: + if not download_url(url, tmp_file.name): + return False + + try: + with zipfile.ZipFile(tmp_file.name, 'r') as zip_file: + zip_file.extractall(extract_directory) + except zipfile.BadZipFile: + logging.error('Error unpacking zip from %s. Bad Zipfile.', url) + return False -_PLATFORM_CLUSTERFUZZ_DEPLOYMENT_MAPPING = { - config_utils.BaseConfig.Platform.INTERNAL_GENERIC_CI: - OSSFuzz, - config_utils.BaseConfig.Platform.INTERNAL_GITHUB: - OSSFuzz, - config_utils.BaseConfig.Platform.EXTERNAL_GENERIC_CI: - NoClusterFuzzDeployment, - config_utils.BaseConfig.Platform.EXTERNAL_GITHUB: - ClusterFuzzLite, -} + return True -def get_clusterfuzz_deployment(config, workspace): +def get_clusterfuzz_deployment(config): """Returns object reprsenting deployment of ClusterFuzz used by |config|.""" - deployment_cls = _PLATFORM_CLUSTERFUZZ_DEPLOYMENT_MAPPING[config.platform] - result = deployment_cls(config, workspace) - logging.info('ClusterFuzzDeployment: %s.', result) - return result + if (config.platform == config.Platform.INTERNAL_GENERIC_CI or + config.platform == config.Platform.INTERNAL_GITHUB): + logging.info('Using OSS-Fuzz as ClusterFuzz deployment.') + return OSSFuzz(config) + logging.info('Using ClusterFuzzLite as ClusterFuzz deployment.') + return ClusterFuzzLite(config) diff --git a/infra/cifuzz/clusterfuzz_deployment_test.py b/infra/cifuzz/clusterfuzz_deployment_test.py index 247678548..06ff78476 100644 --- a/infra/cifuzz/clusterfuzz_deployment_test.py +++ b/infra/cifuzz/clusterfuzz_deployment_test.py @@ -16,14 +16,12 @@ import os import unittest from unittest import mock +import urllib.error -import parameterized from pyfakefs import fake_filesystem_unittest import clusterfuzz_deployment import config_utils -import test_helpers -import workspace_utils # NOTE: This integration test relies on # https://github.com/google/oss-fuzz/tree/master/projects/example project. @@ -32,60 +30,62 @@ EXAMPLE_PROJECT = 'example' # An example fuzzer that triggers an error. EXAMPLE_FUZZER = 'example_crash_fuzzer' -WORKSPACE = '/workspace' -EXPECTED_LATEST_BUILD_PATH = os.path.join(WORKSPACE, 'cifuzz-prev-build') - -# pylint: disable=unused-argument - def _create_config(**kwargs): """Creates a config object and then sets every attribute that is a key in |kwargs| to the corresponding value. Asserts that each key in |kwargs| is an attribute of Config.""" - defaults = { - 'is_github': True, - 'oss_fuzz_project_name': EXAMPLE_PROJECT, - 'workspace': WORKSPACE, - } + defaults = {'is_github': True, 'project_name': EXAMPLE_PROJECT} for default_key, default_value in defaults.items(): if default_key not in kwargs: kwargs[default_key] = default_value - return test_helpers.create_run_config(**kwargs) + with mock.patch('os.path.basename', return_value=None), mock.patch( + 'config_utils.get_project_src_path', + return_value=None), mock.patch('config_utils._is_dry_run', + return_value=True): + config = config_utils.RunFuzzersConfig() + + for key, value in kwargs.items(): + assert hasattr(config, key), 'Config doesn\'t have attribute: ' + key + setattr(config, key, value) + return config def _create_deployment(**kwargs): config = _create_config(**kwargs) - workspace = workspace_utils.Workspace(config) - return clusterfuzz_deployment.get_clusterfuzz_deployment(config, workspace) + return clusterfuzz_deployment.get_clusterfuzz_deployment(config) class OSSFuzzTest(fake_filesystem_unittest.TestCase): """Tests OSSFuzz.""" + OUT_DIR = '/out' + def setUp(self): self.setUpPyfakefs() self.deployment = _create_deployment() - self.corpus_dir = os.path.join(self.deployment.workspace.corpora, - EXAMPLE_FUZZER) - @mock.patch('http_utils.download_and_unpack_zip', return_value=True) - def test_download_corpus(self, mock_download_and_unpack_zip): + @mock.patch('clusterfuzz_deployment.download_and_unpack_zip', + return_value=True) + def test_download_corpus(self, mocked_download_and_unpack_zip): """Tests that we can download a corpus for a valid project.""" - self.deployment.download_corpus(EXAMPLE_FUZZER, self.corpus_dir) + result = self.deployment.download_corpus(EXAMPLE_FUZZER, self.OUT_DIR) + self.assertIsNotNone(result) + expected_corpus_dir = os.path.join(self.OUT_DIR, 'cifuzz-corpus', + EXAMPLE_FUZZER) expected_url = ('https://storage.googleapis.com/example-backup.' 'clusterfuzz-external.appspot.com/corpus/libFuzzer/' 'example_crash_fuzzer/public.zip') - call_args, _ = mock_download_and_unpack_zip.call_args - self.assertEqual(call_args, (expected_url, self.corpus_dir)) - self.assertTrue(os.path.exists(self.corpus_dir)) + call_args, _ = mocked_download_and_unpack_zip.call_args + self.assertEqual(call_args, (expected_url, expected_corpus_dir)) - @mock.patch('http_utils.download_and_unpack_zip', return_value=False) - def test_download_corpus_fail(self, _): - """Tests that when downloading fails, an empty corpus directory is still - returned.""" - self.deployment.download_corpus(EXAMPLE_FUZZER, self.corpus_dir) - self.assertEqual(os.listdir(self.corpus_dir), []) + @mock.patch('clusterfuzz_deployment.download_and_unpack_zip', + return_value=False) + def test_download_fail(self, _): + """Tests that when downloading fails, None is returned.""" + corpus_path = self.deployment.download_corpus(EXAMPLE_FUZZER, self.OUT_DIR) + self.assertIsNone(corpus_path) def test_get_latest_build_name(self): """Tests that the latest build name can be retrieved from GCS.""" @@ -93,170 +93,58 @@ class OSSFuzzTest(fake_filesystem_unittest.TestCase): self.assertTrue(latest_build_name.endswith('.zip')) self.assertTrue('address' in latest_build_name) - @parameterized.parameterized.expand([ - ('upload_build', ('commit',), - 'Not uploading latest build because on OSS-Fuzz.'), - ('upload_corpus', ('target', 'corpus-dir'), - 'Not uploading corpus because on OSS-Fuzz.'), - ('upload_crashes', tuple(), 'Not uploading crashes because on OSS-Fuzz.'), - ]) - def test_noop_methods(self, method, method_args, expected_message): - """Tests that certain methods are noops for OSS-Fuzz.""" - with mock.patch('logging.info') as mock_info: - method = getattr(self.deployment, method) - self.assertIsNone(method(*method_args)) - mock_info.assert_called_with(expected_message) - - @mock.patch('http_utils.download_and_unpack_zip', return_value=True) - def test_download_latest_build(self, mock_download_and_unpack_zip): - """Tests that downloading the latest build works as intended under normal - circumstances.""" - self.assertEqual(self.deployment.download_latest_build(), - EXPECTED_LATEST_BUILD_PATH) - expected_url = ('https://storage.googleapis.com/clusterfuzz-builds/example/' - 'example-address-202008030600.zip') - mock_download_and_unpack_zip.assert_called_with(expected_url, - EXPECTED_LATEST_BUILD_PATH) - - @mock.patch('http_utils.download_and_unpack_zip', return_value=False) - def test_download_latest_build_fail(self, _): - """Tests that download_latest_build returns None when it fails to download a - build.""" - self.assertIsNone(self.deployment.download_latest_build()) - - -class ClusterFuzzLiteTest(fake_filesystem_unittest.TestCase): - """Tests for ClusterFuzzLite.""" - - def setUp(self): - self.setUpPyfakefs() - self.deployment = _create_deployment(run_fuzzers_mode='batch', - oss_fuzz_project_name='', - is_github=True) - self.corpus_dir = os.path.join(self.deployment.workspace.corpora, - EXAMPLE_FUZZER) - - @mock.patch('filestore.github_actions.GithubActionsFilestore.download_corpus', - return_value=True) - def test_download_corpus(self, mock_download_corpus): - """Tests that download_corpus works for a valid project.""" - self.deployment.download_corpus(EXAMPLE_FUZZER, self.corpus_dir) - mock_download_corpus.assert_called_with('example_crash_fuzzer', - self.corpus_dir) - self.assertTrue(os.path.exists(self.corpus_dir)) - - @mock.patch('filestore.github_actions.GithubActionsFilestore.download_corpus', - side_effect=Exception) - def test_download_corpus_fail(self, _): - """Tests that when downloading fails, an empty corpus directory is still - returned.""" - self.deployment.download_corpus(EXAMPLE_FUZZER, self.corpus_dir) - self.assertEqual(os.listdir(self.corpus_dir), []) - - @mock.patch('filestore.github_actions.GithubActionsFilestore.download_build', - side_effect=[False, True]) - @mock.patch('repo_manager.RepoManager.get_commit_list', - return_value=['commit1', 'commit2']) - @mock.patch('continuous_integration.BaseCi.repo_dir', - return_value='/path/to/repo') - def test_download_latest_build(self, mock_repo_dir, mock_get_commit_list, - mock_download_build): - """Tests that downloading the latest build works as intended under normal - circumstances.""" - self.assertEqual(self.deployment.download_latest_build(), - EXPECTED_LATEST_BUILD_PATH) - expected_artifact_name = 'address-commit2' - mock_download_build.assert_called_with(expected_artifact_name, - EXPECTED_LATEST_BUILD_PATH) - - @mock.patch('filestore.github_actions.GithubActionsFilestore.download_build', - side_effect=Exception) - @mock.patch('repo_manager.RepoManager.get_commit_list', - return_value=['commit1', 'commit2']) - @mock.patch('continuous_integration.BaseCi.repo_dir', - return_value='/path/to/repo') - def test_download_latest_build_fail(self, mock_repo_dir, mock_get_commit_list, - _): - """Tests that download_latest_build returns None when it fails to download a - build.""" - self.assertIsNone(self.deployment.download_latest_build()) - @mock.patch('filestore.github_actions.GithubActionsFilestore.upload_build') - def test_upload_build(self, mock_upload_build): - """Tests that upload_build works as intended.""" - self.deployment.upload_build('commit') - mock_upload_build.assert_called_with('address-commit', - '/workspace/build-out') - - -class NoClusterFuzzDeploymentTest(fake_filesystem_unittest.TestCase): - """Tests for NoClusterFuzzDeployment.""" +class DownloadUrlTest(unittest.TestCase): + """Tests that download_url works.""" + URL = 'example.com/file' + FILE_PATH = '/tmp/file' + + @mock.patch('time.sleep') + @mock.patch('urllib.request.urlretrieve', return_value=True) + def test_download_url_no_error(self, mocked_urlretrieve, _): + """Tests that download_url works when there is no error.""" + self.assertTrue( + clusterfuzz_deployment.download_url(self.URL, self.FILE_PATH)) + self.assertEqual(1, mocked_urlretrieve.call_count) + + @mock.patch('time.sleep') + @mock.patch('logging.error') + @mock.patch('urllib.request.urlretrieve', + side_effect=urllib.error.HTTPError(None, None, None, None, None)) + def test_download_url_http_error(self, mocked_urlretrieve, mocked_error, _): + """Tests that download_url doesn't retry when there is an HTTP error.""" + self.assertFalse( + clusterfuzz_deployment.download_url(self.URL, self.FILE_PATH)) + mocked_error.assert_called_with('Unable to download from: %s.', self.URL) + self.assertEqual(1, mocked_urlretrieve.call_count) + + @mock.patch('time.sleep') + @mock.patch('logging.error') + @mock.patch('urllib.request.urlretrieve', side_effect=ConnectionResetError) + def test_download_url_connection_error(self, mocked_urlretrieve, mocked_error, + mocked_sleep): + """Tests that download_url doesn't retry when there is an HTTP error.""" + self.assertFalse( + clusterfuzz_deployment.download_url(self.URL, self.FILE_PATH)) + self.assertEqual(3, mocked_urlretrieve.call_count) + self.assertEqual(3, mocked_sleep.call_count) + mocked_error.assert_called_with('Failed to download %s, %d times.', + self.URL, 3) + + +class DownloadAndUnpackZipTest(fake_filesystem_unittest.TestCase): + """Tests download_and_unpack_zip.""" def setUp(self): self.setUpPyfakefs() - config = test_helpers.create_run_config(workspace=WORKSPACE, - is_github=False) - workspace = workspace_utils.Workspace(config) - self.deployment = clusterfuzz_deployment.get_clusterfuzz_deployment( - config, workspace) - self.corpus_dir = os.path.join(workspace.corpora, EXAMPLE_FUZZER) - - @mock.patch('logging.info') - def test_download_corpus(self, mock_info): - """Tests that download corpus returns the path to the empty corpus - directory.""" - self.deployment.download_corpus(EXAMPLE_FUZZER, self.corpus_dir) - mock_info.assert_called_with( - 'Not downloading corpus because no ClusterFuzz deployment.') - self.assertTrue(os.path.exists(self.corpus_dir)) - - @parameterized.parameterized.expand([ - ('upload_build', ('commit',), - 'Not uploading latest build because no ClusterFuzz deployment.'), - ('upload_corpus', ('target', 'corpus-dir'), - 'Not uploading corpus because no ClusterFuzz deployment.'), - ('upload_crashes', tuple(), - 'Not uploading crashes because no ClusterFuzz deployment.'), - ('download_latest_build', tuple(), - 'Not downloading latest build because no ClusterFuzz deployment.') - ]) - def test_noop_methods(self, method, method_args, expected_message): - """Tests that certain methods are noops for NoClusterFuzzDeployment.""" - with mock.patch('logging.info') as mock_info: - method = getattr(self.deployment, method) - self.assertIsNone(method(*method_args)) - mock_info.assert_called_with(expected_message) - - -class GetClusterFuzzDeploymentTest(unittest.TestCase): - """Tests for get_clusterfuzz_deployment.""" - - def setUp(self): - test_helpers.patch_environ(self) - os.environ['GITHUB_REPOSITORY'] = 'owner/myproject' - - @parameterized.parameterized.expand([ - (config_utils.BaseConfig.Platform.INTERNAL_GENERIC_CI, - clusterfuzz_deployment.OSSFuzz), - (config_utils.BaseConfig.Platform.INTERNAL_GITHUB, - clusterfuzz_deployment.OSSFuzz), - (config_utils.BaseConfig.Platform.EXTERNAL_GENERIC_CI, - clusterfuzz_deployment.NoClusterFuzzDeployment), - (config_utils.BaseConfig.Platform.EXTERNAL_GITHUB, - clusterfuzz_deployment.ClusterFuzzLite), - ]) - def test_get_clusterfuzz_deployment(self, platform, expected_deployment_cls): - """Tests that get_clusterfuzz_deployment returns the correct value.""" - with mock.patch('config_utils.BaseConfig.platform', - return_value=platform, - new_callable=mock.PropertyMock): - with mock.patch('filestore_utils.get_filestore', return_value=None): - config = _create_config() - workspace = workspace_utils.Workspace(config) - self.assertIsInstance( - clusterfuzz_deployment.get_clusterfuzz_deployment( - config, workspace), expected_deployment_cls) + @mock.patch('urllib.request.urlretrieve', return_value=True) + def test_bad_zip_download(self, _): + """Tests download_and_unpack_zip returns none when a bad zip is passed.""" + self.fs.create_file('/url_tmp.zip', contents='Test file.') + self.assertFalse( + clusterfuzz_deployment.download_and_unpack_zip('/not/a/real/url', + '/extract-directory')) if __name__ == '__main__': diff --git a/infra/cifuzz/config_utils.py b/infra/cifuzz/config_utils.py index bc73536bd..ad2cd36c6 100644 --- a/infra/cifuzz/config_utils.py +++ b/infra/cifuzz/config_utils.py @@ -16,44 +16,55 @@ import logging import enum import os -import sys import json import environment -# pylint: disable=wrong-import-position,import-error -sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) -import constants - -RUN_FUZZERS_MODES = ['batch', 'ci', 'coverage', 'prune'] -SANITIZERS = ['address', 'memory', 'undefined', 'coverage'] - -# TODO(metzman): Set these on config objects so there's one source of truth. -DEFAULT_ENGINE = 'libfuzzer' -DEFAULT_ARCHITECTURE = 'x86_64' - -# This module deals a lot with env variables. Many of these will be set by users -# and others beyond CIFuzz's control. Thus, you should be careful about using -# the environment.py helpers for getting env vars, since it can cause values -# that should be interpreted as strings to be returned as other types (bools or -# ints for example). The environment.py helpers should not be used for values -# that are supposed to be strings. +def _get_project_repo_name(): + return os.path.basename(environment.get('GITHUB_REPOSITORY', '')) def _get_pr_ref(event): if event == 'pull_request': - return os.getenv('GITHUB_REF') + return environment.get('GITHUB_REF') return None def _get_sanitizer(): - return os.getenv('SANITIZER', constants.DEFAULT_SANITIZER).lower() + return os.getenv('SANITIZER', 'address').lower() + + +def _get_project_name(): + # TODO(metzman): Remove OSS-Fuzz reference. + return os.getenv('OSS_FUZZ_PROJECT_NAME') def _is_dry_run(): """Returns True if configured to do a dry run.""" - return environment.get_bool('DRY_RUN', False) + return environment.get_bool('DRY_RUN', 'false') + + +def get_project_src_path(workspace): + """Returns the manually checked out path of the project's source if specified + or None.""" + # TODO(metzman): Get rid of MANUAL_SRC_PATH when Skia switches to + # PROJECT_SRC_PATH. + path = os.getenv('PROJECT_SRC_PATH', os.getenv('MANUAL_SRC_PATH')) + if not path: + logging.debug('No PROJECT_SRC_PATH.') + return path + + logging.debug('PROJECT_SRC_PATH set.') + if os.path.isabs(path): + return path + + # If |src| is not absolute, assume we are running in GitHub actions. + # TODO(metzman): Don't make this assumption. + return os.path.join(workspace, path) + + +DEFAULT_LANGUAGE = 'c++' def _get_language(): @@ -63,114 +74,12 @@ def _get_language(): # getting it from the project.yaml) is outweighed by the complexity in # implementing this. A lot of the complexity comes from our unittests not # setting a proper projet at this point. - return os.getenv('LANGUAGE', constants.DEFAULT_LANGUAGE) + return os.getenv('LANGUAGE', DEFAULT_LANGUAGE) # pylint: disable=too-few-public-methods,too-many-instance-attributes -class BaseCiEnvironment: - """Base class for CiEnvironment subclasses.""" - - @property - def workspace(self): - """Returns the workspace.""" - raise NotImplementedError('Child class must implment method.') - - @property - def git_sha(self): - """Returns the Git SHA to diff against.""" - raise NotImplementedError('Child class must implment method.') - - @property - def token(self): - """Returns the CI API token.""" - raise NotImplementedError('Child class must implment method.') - - @property - def project_src_path(self): - """Returns the manually checked out path of the project's source if - specified or None.""" - - path = os.getenv('PROJECT_SRC_PATH') - if not path: - logging.debug('No PROJECT_SRC_PATH.') - return path - - logging.debug('PROJECT_SRC_PATH set: %s.', path) - return path - - -class GenericCiEnvironment(BaseCiEnvironment): - """CI Environment for generic CI systems.""" - - @property - def workspace(self): - """Returns the workspace.""" - return os.getenv('WORKSPACE') - - @property - def git_sha(self): - """Returns the Git SHA to diff against.""" - return os.getenv('GIT_SHA') - - @property - def token(self): - """Returns the CI API token.""" - return os.getenv('TOKEN') - - @property - def project_repo_owner_and_name(self): - """Returns a tuple containing the project repo owner and None.""" - repository = os.getenv('REPOSITORY') - # Repo owner is a githubism. - return None, repository - - -class GithubEnvironment(BaseCiEnvironment): - """CI environment for GitHub.""" - - @property - def workspace(self): - """Returns the workspace.""" - return os.getenv('GITHUB_WORKSPACE') - - @property - def git_sha(self): - """Returns the Git SHA to diff against.""" - return os.getenv('GITHUB_SHA') - - @property - def token(self): - """Returns the CI API token.""" - return os.getenv('GITHUB_TOKEN') - - @property - def project_src_path(self): - """Returns the manually checked out path of the project's source if - specified or None. The path returned is relative to |self.workspace| since - on github the checkout will be relative to there.""" - # On GitHub, they don't know the absolute path, it is relative to - # |workspace|. - project_src_path = super().project_src_path - if project_src_path is None: - return project_src_path - return os.path.join(self.workspace, project_src_path) - - @property - def project_repo_owner_and_name(self): - """Returns a tuple containing the project repo owner and the name of the - repo.""" - # On GitHub this includes owner and repo name. - repository = os.getenv('GITHUB_REPOSITORY') - # Use os.path.split to split owner from repo. - return os.path.split(repository) - - -class ConfigError(Exception): - """Error for invalid configuration.""" - - class BaseConfig: """Object containing constant configuration for CIFuzz.""" @@ -179,144 +88,66 @@ class BaseConfig: EXTERNAL_GITHUB = 0 # Non-OSS-Fuzz on GitHub actions. INTERNAL_GITHUB = 1 # OSS-Fuzz on GitHub actions. INTERNAL_GENERIC_CI = 2 # OSS-Fuzz on any CI. - EXTERNAL_GENERIC_CI = 3 # Non-OSS-Fuzz on any CI. def __init__(self): - # Need to set these before calling self.platform. - self._github_event_path = os.getenv('GITHUB_EVENT_PATH') - self.is_github = bool(self._github_event_path) - logging.debug('Is github: %s.', self.is_github) - self.oss_fuzz_project_name = os.getenv('OSS_FUZZ_PROJECT_NAME') - - self._ci_env = _get_ci_environment(self.platform) - self.workspace = self._ci_env.workspace - - self.project_repo_owner, self.project_repo_name = ( - self._ci_env.project_repo_owner_and_name) - + self.workspace = os.getenv('GITHUB_WORKSPACE') + self.project_name = _get_project_name() # Check if failures should not be reported. self.dry_run = _is_dry_run() - self.sanitizer = _get_sanitizer() - - self.build_integration_path = ( - constants.DEFAULT_EXTERNAL_BUILD_INTEGRATION_PATH) + self.build_integration_path = os.getenv('BUILD_INTEGRATION_PATH') self.language = _get_language() - self.low_disk_space = environment.get_bool('LOW_DISK_SPACE', False) - - self.token = self._ci_env.token - self.git_store_repo = os.environ.get('GIT_STORE_REPO') - self.git_store_branch = os.environ.get('GIT_STORE_BRANCH') - self.git_store_branch_coverage = os.environ.get('GIT_STORE_BRANCH_COVERAGE', - self.git_store_branch) - self.docker_in_docker = os.environ.get('DOCKER_IN_DOCKER') - - # TODO(metzman): Fix tests to create valid configurations and get rid of - # CIFUZZ_TEST here and in presubmit.py. - if not os.getenv('CIFUZZ_TEST') and not self.validate(): - raise ConfigError('Invalid Configuration.') - - def validate(self): - """Returns False if the configuration is invalid.""" - # Do validation here so that unittests don't need to make a fully-valid - # config. - if not self.workspace: - logging.error('Must set WORKSPACE.') - return False - - if self.sanitizer not in SANITIZERS: - logging.error('Invalid SANITIZER: %s. Must be one of: %s.', - self.sanitizer, SANITIZERS) - return False - - if self.language not in constants.LANGUAGES: - logging.error('Invalid LANGUAGE: %s. Must be one of: %s.', self.language, - constants.LANGUAGES) - return False - - return True + event_path = os.getenv('GITHUB_EVENT_PATH') + self.is_github = bool(event_path) + logging.debug('Is github: %s.', self.is_github) + # TODO(metzman): Parse env like we do in ClusterFuzz. + self.low_disk_space = environment.get('LOW_DISK_SPACE', False) @property def is_internal(self): """Returns True if this is an OSS-Fuzz project.""" - return bool(self.oss_fuzz_project_name) + return not self.build_integration_path @property def platform(self): """Returns the platform CIFuzz is runnning on.""" if not self.is_internal: - if not self.is_github: - return self.Platform.EXTERNAL_GENERIC_CI return self.Platform.EXTERNAL_GITHUB - if self.is_github: return self.Platform.INTERNAL_GITHUB return self.Platform.INTERNAL_GENERIC_CI - @property - def is_coverage(self): - """Returns True if this CIFuzz run (building fuzzers and running them) for - generating a coverage report.""" - return self.sanitizer == 'coverage' - - -_CI_ENVIRONMENT_MAPPING = { - BaseConfig.Platform.EXTERNAL_GITHUB: GithubEnvironment, - BaseConfig.Platform.INTERNAL_GITHUB: GithubEnvironment, - BaseConfig.Platform.INTERNAL_GENERIC_CI: GenericCiEnvironment, - BaseConfig.Platform.EXTERNAL_GENERIC_CI: GenericCiEnvironment, -} - - -def _get_ci_environment(platform): - """Returns the CI environment object for |platform|.""" - return _CI_ENVIRONMENT_MAPPING[platform]() - class RunFuzzersConfig(BaseConfig): """Class containing constant configuration for running fuzzers in CIFuzz.""" + RUN_FUZZERS_MODES = {'batch', 'ci'} + def __init__(self): super().__init__() - # TODO(metzman): Pick a better default for pruning. self.fuzz_seconds = int(os.environ.get('FUZZ_SECONDS', 600)) self.run_fuzzers_mode = os.environ.get('RUN_FUZZERS_MODE', 'ci').lower() - if self.is_coverage: - self.run_fuzzers_mode = 'coverage' - - self.report_unreproducible_crashes = environment.get_bool( - 'REPORT_UNREPRODUCIBLE_CRASHES', False) - - # TODO(metzman): Fix tests to create valid configurations and get rid of - # CIFUZZ_TEST here and in presubmit.py. - if not os.getenv('CIFUZZ_TEST') and not self._run_config_validate(): - raise ConfigError('Invalid Run Configuration.') - - def _run_config_validate(self): - """Do extra validation on RunFuzzersConfig.__init__(). Do not name this - validate or else it will be called when using the parent's __init__ and will - fail. Returns True if valid.""" - if self.run_fuzzers_mode not in RUN_FUZZERS_MODES: - logging.error('Invalid RUN_FUZZERS_MODE: %s. Must be one of %s.', - self.run_fuzzers_mode, RUN_FUZZERS_MODES) - return False - - return True + if self.run_fuzzers_mode not in self.RUN_FUZZERS_MODES: + raise Exception( + ('Invalid RUN_FUZZERS_MODE %s not one of allowed choices: %s.' % + self.run_fuzzers_mode, self.RUN_FUZZERS_MODES)) class BuildFuzzersConfig(BaseConfig): """Class containing constant configuration for building fuzzers in CIFuzz.""" def _get_config_from_event_path(self, event): - if not self._github_event_path: + event_path = os.getenv('GITHUB_EVENT_PATH') + if not event_path: return - with open(self._github_event_path, encoding='utf-8') as file_handle: + with open(event_path, encoding='utf-8') as file_handle: event_data = json.load(file_handle) if event == 'push': self.base_commit = event_data['before'] logging.debug('base_commit: %s', self.base_commit) - elif event == 'pull_request': - self.pr_ref = f'refs/pull/{event_data["pull_request"]["number"]}/merge' + else: + self.pr_ref = 'refs/pull/{0}/merge'.format( + event_data['pull_request']['number']) logging.debug('pr_ref: %s', self.pr_ref) self.git_url = event_data['repository']['html_url'] @@ -324,8 +155,11 @@ class BuildFuzzersConfig(BaseConfig): def __init__(self): """Get the configuration from CIFuzz from the environment. These variables are set by GitHub or the user.""" + # TODO(metzman): Some of this config is very CI-specific. Move it into the + # CI class. super().__init__() - self.commit_sha = self._ci_env.git_sha + self.project_repo_name = _get_project_repo_name() + self.commit_sha = os.getenv('GITHUB_SHA') event = os.getenv('GITHUB_EVENT_NAME') self.pr_ref = None @@ -334,21 +168,13 @@ class BuildFuzzersConfig(BaseConfig): self._get_config_from_event_path(event) self.base_ref = os.getenv('GITHUB_BASE_REF') - self.project_src_path = self._ci_env.project_src_path + self.project_src_path = get_project_src_path(self.workspace) self.allowed_broken_targets_percentage = os.getenv( 'ALLOWED_BROKEN_TARGETS_PERCENTAGE') - self.bad_build_check = environment.get_bool('BAD_BUILD_CHECK', True) - # pylint: disable=consider-using-ternary - self.keep_unaffected_fuzz_targets = ( - # Not from a commit or PR. - (not self.base_ref and not self.base_commit) or - environment.get_bool('KEEP_UNAFFECTED_FUZZERS')) - self.upload_build = environment.get_bool('UPLOAD_BUILD', False) - if self.upload_build: - logging.info('Keeping all fuzzers because we are uploading build.') - self.keep_unaffected_fuzz_targets = True - - if self.sanitizer == 'coverage': - self.keep_unaffected_fuzz_targets = True - self.bad_build_check = False + self.bad_build_check = environment.get_bool('BAD_BUILD_CHECK', 'true') + + # TODO(metzman): Use better system for interpreting env vars. What if env + # var is set to '0'? + self.keep_unaffected_fuzz_targets = bool( + os.getenv('KEEP_UNAFFECTED_FUZZERS')) diff --git a/infra/cifuzz/config_utils_test.py b/infra/cifuzz/config_utils_test.py index 32499bfd0..6f87bd4c5 100644 --- a/infra/cifuzz/config_utils_test.py +++ b/infra/cifuzz/config_utils_test.py @@ -14,13 +14,11 @@ """Module for getting the configuration CIFuzz needs to run.""" import os import unittest -from unittest import mock import config_utils -import constants import test_helpers -# pylint: disable=no-self-use,protected-access +# pylint: disable=no-self-use class BaseConfigTest(unittest.TestCase): @@ -34,66 +32,18 @@ class BaseConfigTest(unittest.TestCase): def test_language_default(self): """Tests that the correct default language is set.""" + os.environ['BUILD_INTEGRATION_PATH'] = '/path' config = self._create_config() self.assertEqual(config.language, 'c++') def test_language(self): """Tests that the correct language is set.""" + os.environ['BUILD_INTEGRATION_PATH'] = '/path' language = 'python' os.environ['LANGUAGE'] = language config = self._create_config() self.assertEqual(config.language, language) - def test_is_coverage(self): - """Tests that is_coverage is set correctly.""" - # Test it is set when it is supposed to be. - os.environ['SANITIZER'] = 'coverage' - config = self._create_config() - self.assertTrue(config.is_coverage) - - # Test it is not set when it is not supposed to be. - os.environ['SANITIZER'] = 'address' - config = self._create_config() - self.assertFalse(config.is_coverage) - - @mock.patch('logging.error') - def test_validate_no_workspace(self, mock_error): - """Tests that validate returns False if GITHUB_WORKSPACE isn't set.""" - os.environ['OSS_FUZZ_PROJECT_NAME'] = 'example' - config = self._create_config() - self.assertFalse(config.validate()) - mock_error.assert_called_with('Must set WORKSPACE.') - - @mock.patch('logging.error') - def test_validate_invalid_language(self, mock_error): - """Tests that validate returns False if GITHUB_WORKSPACE isn't set.""" - os.environ['OSS_FUZZ_PROJECT_NAME'] = 'example' - os.environ['WORKSPACE'] = '/workspace' - os.environ['LANGUAGE'] = 'invalid-language' - config = self._create_config() - self.assertFalse(config.validate()) - mock_error.assert_called_with('Invalid LANGUAGE: %s. Must be one of: %s.', - os.environ['LANGUAGE'], constants.LANGUAGES) - - @mock.patch('logging.error') - def test_validate_invalid_sanitizer(self, mock_error): - """Tests that validate returns False if GITHUB_WORKSPACE isn't set.""" - os.environ['OSS_FUZZ_PROJECT_NAME'] = 'example' - os.environ['WORKSPACE'] = '/workspace' - os.environ['SANITIZER'] = 'invalid-sanitizer' - config = self._create_config() - self.assertFalse(config.validate()) - mock_error.assert_called_with('Invalid SANITIZER: %s. Must be one of: %s.', - os.environ['SANITIZER'], - config_utils.SANITIZERS) - - def test_validate(self): - """Tests that validate returns True if config is valid.""" - os.environ['OSS_FUZZ_PROJECT_NAME'] = 'example' - os.environ['WORKSPACE'] = '/workspace' - config = self._create_config() - self.assertTrue(config.validate()) - class BuildFuzzersConfigTest(unittest.TestCase): """Tests for BuildFuzzersConfig.""" @@ -111,151 +61,11 @@ class BuildFuzzersConfigTest(unittest.TestCase): config = self._create_config() self.assertEqual(config.base_ref, expected_base_ref) - def test_keep_unaffected_defaults_to_true(self): - """Tests that keep_unaffected_fuzz_targets defaults to true.""" - config = self._create_config() - self.assertTrue(config.keep_unaffected_fuzz_targets) - - def test_keep_unaffected_defaults_to_false_when_pr(self): - """Tests that keep_unaffected_fuzz_targets defaults to false when from a - pr.""" - os.environ['GITHUB_BASE_REF'] = 'base-ref' + def test_keep_unaffected_defaults_to_false(self): + """Tests that keep_unaffected_fuzz_targets defaults to false.""" config = self._create_config() self.assertFalse(config.keep_unaffected_fuzz_targets) -class RunFuzzersConfigTest(unittest.TestCase): - """Tests for RunFuzzersConfig.""" - - def setUp(self): - test_helpers.patch_environ(self) - - def _create_config(self): - return config_utils.RunFuzzersConfig() - - def test_coverage(self): - """Tests that run_fuzzers_mode is overriden properly based on - is_coverage.""" - # Test that it is overriden when it is supposed to be. - os.environ['SANITIZER'] = 'coverage' - os.environ['RUN_FUZZERS_MODE'] = 'ci' - config = self._create_config() - self.assertEqual(config.run_fuzzers_mode, 'coverage') - - # Test that it isn't overriden when it isn't supposed to be. - os.environ['SANITIZER'] = 'address' - run_fuzzers_mode = 'ci' - os.environ['RUN_FUZZERS_MODE'] = run_fuzzers_mode - config = self._create_config() - self.assertEqual(config.run_fuzzers_mode, run_fuzzers_mode) - - def test_run_config_validate(self): - """Tests that _run_config_validate returns True when the config is valid.""" - self.assertTrue(self._create_config()._run_config_validate()) - - @mock.patch('logging.error') - def test_run_config_invalid_mode(self, mock_error): - """Tests that _run_config_validate returns False when run_fuzzers_mode is - invalid.""" - fake_mode = 'fake-mode' - os.environ['RUN_FUZZERS_MODE'] = fake_mode - self.assertFalse(self._create_config()._run_config_validate()) - mock_error.assert_called_with( - 'Invalid RUN_FUZZERS_MODE: %s. Must be one of %s.', fake_mode, - config_utils.RUN_FUZZERS_MODES) - - -class GetProjectRepoOwnerAndNameTest(unittest.TestCase): - """Tests for BaseCiEnv.get_project_repo_owner_and_name.""" - - def setUp(self): - test_helpers.patch_environ(self) - self.repo_owner = 'repo-owner' - self.repo_name = 'repo-name' - self.github_env = config_utils.GithubEnvironment() - self.generic_ci_env = config_utils.GenericCiEnvironment() - - def test_unset_repository(self): - """Tests that the correct result is returned when repository is not set.""" - self.assertEqual(self.generic_ci_env.project_repo_owner_and_name, - (None, None)) - - def test_empty_repository(self): - """Tests that the correct result is returned when repository is an empty - string.""" - os.environ['REPOSITORY'] = '' - self.assertEqual(self.generic_ci_env.project_repo_owner_and_name, - (None, '')) - - def test_github_repository(self): - """Tests that the correct result is returned when repository contains the - owner and repo name (as it does on GitHub).""" - os.environ['GITHUB_REPOSITORY'] = f'{self.repo_owner}/{self.repo_name}' - self.assertEqual(self.github_env.project_repo_owner_and_name, - (self.repo_owner, self.repo_name)) - - def test_nongithub_repository(self): - """Tests that the correct result is returned when repository contains the - just the repo name (as it does outside of GitHub).""" - os.environ['REPOSITORY'] = self.repo_name - self.assertEqual(self.generic_ci_env.project_repo_owner_and_name, - (None, self.repo_name)) - - -class GetSanitizerTest(unittest.TestCase): - """Tests for _get_sanitizer.""" - - def setUp(self): - test_helpers.patch_environ(self) - self.sanitizer = 'memory' - - def test_default_value(self): - """Tests that the default value returned by _get_sanitizer is correct.""" - self.assertEqual(config_utils._get_sanitizer(), 'address') - - def test_normal_case(self): - """Tests that _get_sanitizer returns the correct value in normal cases.""" - os.environ['SANITIZER'] = self.sanitizer - self.assertEqual(config_utils._get_sanitizer(), self.sanitizer) - - def test_capitalization(self): - """Tests that that _get_sanitizer handles capitalization properly.""" - os.environ['SANITIZER'] = self.sanitizer.upper() - self.assertEqual(config_utils._get_sanitizer(), self.sanitizer) - - -class ProjectSrcPathTest(unittest.TestCase): - """Tests for project_src_path.""" - - def setUp(self): - test_helpers.patch_environ(self) - self.workspace = '/workspace' - os.environ['GITHUB_WORKSPACE'] = self.workspace - - self.project_src_dir_name = 'project-src' - - def test_unset(self): - """Tests that project_src_path returns None when no PROJECT_SRC_PATH is - set.""" - github_env = config_utils.GithubEnvironment() - self.assertIsNone(github_env.project_src_path) - - def test_github(self): - """Tests that project_src_path returns the correct result on GitHub.""" - os.environ['PROJECT_SRC_PATH'] = self.project_src_dir_name - expected_project_src_path = os.path.join(self.workspace, - self.project_src_dir_name) - github_env = config_utils.GithubEnvironment() - self.assertEqual(github_env.project_src_path, expected_project_src_path) - - def test_not_github(self): - """Tests that project_src_path returns the correct result not on - GitHub.""" - project_src_path = os.path.join('/', self.project_src_dir_name) - os.environ['PROJECT_SRC_PATH'] = project_src_path - generic_ci_env = config_utils.GenericCiEnvironment() - self.assertEqual(generic_ci_env.project_src_path, project_src_path) - - if __name__ == '__main__': unittest.main() diff --git a/infra/cifuzz/continuous_integration.py b/infra/cifuzz/continuous_integration.py index 47c4a7cbf..b2e8af28e 100644 --- a/infra/cifuzz/continuous_integration.py +++ b/infra/cifuzz/continuous_integration.py @@ -21,21 +21,16 @@ import logging # pylint: disable=wrong-import-position,import-error sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) import build_specified_commit -import docker import helper import repo_manager import retry import utils -import workspace_utils # pylint: disable=too-few-public-methods BuildPreparationResult = collections.namedtuple( 'BuildPreparationResult', ['success', 'image_repo_path', 'repo_manager']) -_IMAGE_BUILD_TRIES = 3 -_IMAGE_BUILD_BACKOFF = 2 - def fix_git_repo_for_diff(repo_manager_obj): """Fixes git repos cloned by the "checkout" action so that diffing works on @@ -52,34 +47,16 @@ class BaseCi: def __init__(self, config): self.config = config - self.workspace = workspace_utils.Workspace(config) - - def repo_dir(self): - """Returns the source repo path, if it has been checked out. None is - returned otherwise.""" - if not os.path.exists(self.workspace.repo_storage): - return None - - # Note: this assumes there is only one repo checked out here. - listing = os.listdir(self.workspace.repo_storage) - if len(listing) != 1: - raise RuntimeError('Invalid repo storage.') - - repo_path = os.path.join(self.workspace.repo_storage, listing[0]) - if not os.path.isdir(repo_path): - raise RuntimeError('Repo is not a directory.') - - return repo_path def prepare_for_fuzzer_build(self): """Builds the fuzzer builder image and gets the source code we need to fuzz.""" - raise NotImplementedError('Child class must implement method.') + raise NotImplementedError('Children must implement this method.') def get_diff_base(self): """Returns the base to diff against with git to get the change under test.""" - raise NotImplementedError('Child class must implement method.') + raise NotImplementedError('Children must implement this method.') def get_changed_code_under_test(self, repo_manager_obj): """Returns the changed files that need to be tested.""" @@ -88,38 +65,10 @@ class BaseCi: logging.info('Diffing against %s.', base) return repo_manager_obj.get_git_diff(base) - def get_build_command(self, host_repo_path, image_repo_path): - """Returns the command for building the project that is run inside the - project builder container.""" - raise NotImplementedError('Child class must implement method.') - - -def get_build_command(): - """Returns the command to build the project inside the project builder - container.""" - return 'compile' - - -def get_replace_repo_and_build_command(host_repo_path, image_repo_path): - """Returns the command to replace the repo located at |image_repo_path| with - |host_repo_path| and build the project inside the project builder - container.""" - rm_path = os.path.join(image_repo_path, '*') - image_src_path = os.path.dirname(image_repo_path) - build_command = get_build_command() - command = (f'cd / && rm -rf {rm_path} && cp -r {host_repo_path} ' - f'{image_src_path} && cd - && {build_command}') - return command - def get_ci(config): """Determines what kind of CI is being used and returns the object representing that system.""" - - if config.platform == config.Platform.EXTERNAL_GENERIC_CI: - # Non-OSS-Fuzz projects must bring their own source and their own build - # integration (which is relative to that source). - return ExternalGeneric(config) if config.platform == config.Platform.EXTERNAL_GITHUB: # Non-OSS-Fuzz projects must bring their own source and their own build # integration (which is relative to that source). @@ -178,35 +127,27 @@ class InternalGithub(GithubCiMixin, BaseCi): assert self.config.pr_ref or self.config.commit_sha # detect_main_repo builds the image as a side effect. inferred_url, image_repo_path = (build_specified_commit.detect_main_repo( - self.config.oss_fuzz_project_name, - repo_name=self.config.project_repo_name)) + self.config.project_name, repo_name=self.config.project_repo_name)) if not inferred_url or not image_repo_path: - logging.error('Could not detect repo.') - return BuildPreparationResult(success=False, - image_repo_path=None, - repo_manager=None) + logging.error('Could not detect repo from project %s.', + self.config.project_name) + return BuildPreparationResult(False, None, None) - os.makedirs(self.workspace.repo_storage, exist_ok=True) + git_workspace = os.path.join(self.config.workspace, 'storage') + os.makedirs(git_workspace, exist_ok=True) # Use the same name used in the docker image so we can overwrite it. image_repo_name = os.path.basename(image_repo_path) # Checkout project's repo in the shared volume. - manager = repo_manager.clone_repo_and_get_manager( - inferred_url, self.workspace.repo_storage, repo_name=image_repo_name) + manager = repo_manager.clone_repo_and_get_manager(inferred_url, + git_workspace, + repo_name=image_repo_name) checkout_specified_commit(manager, self.config.pr_ref, self.config.commit_sha) - return BuildPreparationResult(success=True, - image_repo_path=image_repo_path, - repo_manager=manager) - - def get_build_command(self, host_repo_path, image_repo_path): # pylint: disable=no-self-use - """Returns the command for building the project that is run inside the - project builder container. Command also replaces |image_repo_path| with - |host_repo_path|.""" - return get_replace_repo_and_build_command(host_repo_path, image_repo_path) + return BuildPreparationResult(True, image_repo_path, manager) class InternalGeneric(BaseCi): @@ -221,71 +162,35 @@ class InternalGeneric(BaseCi): logging.info('Building OSS-Fuzz project.') # detect_main_repo builds the image as a side effect. _, image_repo_path = (build_specified_commit.detect_main_repo( - self.config.oss_fuzz_project_name, - repo_name=self.config.project_repo_name)) + self.config.project_name, repo_name=self.config.project_repo_name)) if not image_repo_path: - logging.error('Could not detect repo.') - return BuildPreparationResult(success=False, - image_repo_path=None, - repo_manager=None) + logging.error('Could not detect repo from project %s.', + self.config.project_name) + return BuildPreparationResult(False, None, None) manager = repo_manager.RepoManager(self.config.project_src_path) - return BuildPreparationResult(success=True, - image_repo_path=image_repo_path, - repo_manager=manager) + return BuildPreparationResult(True, image_repo_path, manager) def get_diff_base(self): return 'origin...' - def get_build_command(self, host_repo_path, image_repo_path): # pylint: disable=no-self-use - """Returns the command for building the project that is run inside the - project builder container. Command also replaces |image_repo_path| with - |host_repo_path|.""" - return get_replace_repo_and_build_command(host_repo_path, image_repo_path) + +_IMAGE_BUILD_TRIES = 3 +_IMAGE_BUILD_BACKOFF = 2 @retry.wrap(_IMAGE_BUILD_TRIES, _IMAGE_BUILD_BACKOFF) -def build_external_project_docker_image(project_src, build_integration_path): +def build_external_project_docker_image(project_name, project_src, + build_integration_path): """Builds the project builder image for an external (non-OSS-Fuzz) project. Returns True on success.""" dockerfile_path = os.path.join(build_integration_path, 'Dockerfile') - command = [ - '-t', docker.EXTERNAL_PROJECT_IMAGE, '-f', dockerfile_path, project_src - ] + tag = 'gcr.io/oss-fuzz/{project_name}'.format(project_name=project_name) + command = ['-t', tag, '-f', dockerfile_path, project_src] return helper.docker_build(command) -class ExternalGeneric(BaseCi): - """CI implementation for generic CI for external (non-OSS-Fuzz) projects.""" - - def get_diff_base(self): - return 'origin...' - - def prepare_for_fuzzer_build(self): - logging.info('ExternalGeneric: preparing for fuzzer build.') - manager = repo_manager.RepoManager(self.config.project_src_path) - build_integration_abs_path = os.path.join( - manager.repo_dir, self.config.build_integration_path) - if not build_external_project_docker_image(manager.repo_dir, - build_integration_abs_path): - logging.error('Failed to build external project: %s.', - self.config.oss_fuzz_project_name) - return BuildPreparationResult(success=False, - image_repo_path=None, - repo_manager=None) - - image_repo_path = os.path.join('/src', self.config.project_repo_name) - return BuildPreparationResult(success=True, - image_repo_path=image_repo_path, - repo_manager=manager) - - def get_build_command(self, host_repo_path, image_repo_path): # pylint: disable=no-self-use - """Returns the command for building the project that is run inside the - project builder container.""" - return get_build_command() - - class ExternalGithub(GithubCiMixin, BaseCi): """Class representing CI for a non-OSS-Fuzz project on Github Actions.""" @@ -295,32 +200,24 @@ class ExternalGithub(GithubCiMixin, BaseCi): projects are expected to bring their own source code to CIFuzz. Returns True on success.""" logging.info('Building external project.') - os.makedirs(self.workspace.repo_storage, exist_ok=True) + git_workspace = os.path.join(self.config.workspace, 'storage') + os.makedirs(git_workspace, exist_ok=True) # Checkout before building, so we don't need to rely on copying the source # into the image. # TODO(metzman): Figure out if we want second copy at all. manager = repo_manager.clone_repo_and_get_manager( self.config.git_url, - self.workspace.repo_storage, + git_workspace, repo_name=self.config.project_repo_name) checkout_specified_commit(manager, self.config.pr_ref, self.config.commit_sha) - build_integration_abs_path = os.path.join( - manager.repo_dir, self.config.build_integration_path) - if not build_external_project_docker_image(manager.repo_dir, - build_integration_abs_path): + build_integration_path = os.path.join(manager.repo_dir, + self.config.build_integration_path) + if not build_external_project_docker_image( + self.config.project_name, manager.repo_dir, build_integration_path): logging.error('Failed to build external project.') - return BuildPreparationResult(success=False, - image_repo_path=None, - repo_manager=None) + return BuildPreparationResult(False, None, None) image_repo_path = os.path.join('/src', self.config.project_repo_name) - return BuildPreparationResult(success=True, - image_repo_path=image_repo_path, - repo_manager=manager) - - def get_build_command(self, host_repo_path, image_repo_path): # pylint: disable=no-self-use - """Returns the command for building the project that is run inside the - project builder container.""" - return get_build_command() + return BuildPreparationResult(True, image_repo_path, manager) diff --git a/infra/cifuzz/continuous_integration_test.py b/infra/cifuzz/continuous_integration_test.py deleted file mode 100644 index 7c7e3eefd..000000000 --- a/infra/cifuzz/continuous_integration_test.py +++ /dev/null @@ -1,87 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Tests for continuous_integration_module.""" -import os -import sys -import unittest -from unittest import mock - -import continuous_integration - -# pylint: disable=wrong-import-position,import-error -sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) - -import repo_manager - -# pylint: disable=no-self-use - - -class FixGitRepoForDiffTest(unittest.TestCase): - """Tests for fix_git_repo_for_diff.""" - - @mock.patch('utils.execute') - def test_fix_git_repo_for_diff(self, mock_execute): - """Tests that fix_git_repo_for_diff works as intended.""" - repo_dir = '/dir' - repo_manager_obj = repo_manager.RepoManager(repo_dir) - continuous_integration.fix_git_repo_for_diff(repo_manager_obj) - expected_command = [ - 'git', 'symbolic-ref', 'refs/remotes/origin/HEAD', - 'refs/remotes/origin/master' - ] - - mock_execute.assert_called_with(expected_command, location=repo_dir) - - -class GetBuildCommand(unittest.TestCase): - """Tests for get_build_command.""" - - def test_build_command(self): - """Tests that get_build_command works as intended.""" - self.assertEqual(continuous_integration.get_build_command(), 'compile') - - -class GetReplaceRepoAndBuildCommand(unittest.TestCase): - """Tests for get_replace_repo_and_build_command.""" - - def test_get_replace_repo_and_build_command(self): - """Tests that get_replace_repo_and_build_command works as intended.""" - host_repo_path = '/path/on/host/to/repo' - image_repo_path = '/src/repo' - command = continuous_integration.get_replace_repo_and_build_command( - host_repo_path, image_repo_path) - expected_command = ('cd / && rm -rf /src/repo/* && ' - 'cp -r /path/on/host/to/repo /src && cd - ' - '&& compile') - self.assertEqual(command, expected_command) - - -class BuildExternalProjetDockerImage(unittest.TestCase): - """Tests for build_external_project_docker_image.""" - - @mock.patch('helper.docker_build') - def test_build_external_project_docker_image(self, mock_docker_build): - """Tests that build_external_project_docker_image works as intended.""" - build_integration_path = '.clusterfuzzlite' - project_src = '/path/to/project/src' - continuous_integration.build_external_project_docker_image( - project_src, build_integration_path) - - mock_docker_build.assert_called_with([ - '-t', 'external-project', '-f', - os.path.join('.clusterfuzzlite', 'Dockerfile'), project_src - ]) - - -# TODO(metzman): Write tests for the rest of continuous_integration.py. diff --git a/infra/cifuzz/get_coverage.py b/infra/cifuzz/coverage.py index b4b2d25d6..9a179c59d 100644 --- a/infra/cifuzz/get_coverage.py +++ b/infra/cifuzz/coverage.py @@ -12,44 +12,57 @@ # See the License for the specific language governing permissions and # limitations under the License. """Module for determining coverage of fuzz targets.""" -import json import logging import os import sys - -import http_utils +import json +import urllib.error +import urllib.request # pylint: disable=wrong-import-position,import-error sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) import utils -# The path to get OSS-Fuzz project's latest report json file.` -OSS_FUZZ_LATEST_COVERAGE_INFO_PATH = 'oss-fuzz-coverage/latest_report_info/' +# The path to get project's latest report json file. +LATEST_REPORT_INFO_PATH = 'oss-fuzz-coverage/latest_report_info/' -# pylint: disable=too-few-public-methods -class CoverageError(Exception): - """Exceptions for project coverage.""" +class OssFuzzCoverageGetter: + """Gets coverage data for a project from OSS-Fuzz.""" + def __init__(self, project_name, repo_path): + """Constructor for OssFuzzCoverageGetter. Callers should check that + fuzzer_stats_url is initialized.""" + self.project_name = project_name + self.repo_path = _normalize_repo_path(repo_path) + self.fuzzer_stats_url = _get_fuzzer_stats_dir_url(self.project_name) -class BaseCoverage: - """Gets coverage data for a project.""" + def get_target_coverage_report(self, target): + """Get the coverage report for a specific fuzz target. - def __init__(self, repo_path): - self.repo_path = _normalize_repo_path(repo_path) + Args: + target: The name of the fuzz target whose coverage is requested. + + Returns: + The target's coverage json dict or None on failure. + """ + if not self.fuzzer_stats_url: + return None + + target_url = utils.url_join(self.fuzzer_stats_url, target + '.json') + return get_json_from_url(target_url) def get_files_covered_by_target(self, target): - """Returns a list of source files covered by the specific fuzz target. + """Gets a list of source files covered by the specific fuzz target. Args: target: The name of the fuzz target whose coverage is requested. Returns: - A list of files that the fuzz target covers or None. + A list of files that the fuzz targets covers or None. """ - target_cov = self.get_target_coverage(target) + target_cov = self.get_target_coverage_report(target) if not target_cov: - logging.info('No coverage available for %s', target) return None coverage_per_file = get_coverage_per_file(target_cov) @@ -75,53 +88,33 @@ class BaseCoverage: return affected_file_list - def get_target_coverage(self, target): - """Get the coverage report for a specific fuzz target. - - Args: - target: The name of the fuzz target whose coverage is requested. - - Returns: - The target's coverage json dict or None on failure. - """ - raise NotImplementedError('Child class must implement method.') - -class OSSFuzzCoverage(BaseCoverage): - """Gets coverage data for a project from OSS-Fuzz.""" - - def __init__(self, repo_path, oss_fuzz_project_name): - """Constructor for OSSFuzzCoverage.""" - super().__init__(repo_path) - self.oss_fuzz_project_name = oss_fuzz_project_name - self.fuzzer_stats_url = _get_oss_fuzz_fuzzer_stats_dir_url( - self.oss_fuzz_project_name) - if self.fuzzer_stats_url is None: - raise CoverageError('Could not get latest coverage.') +def is_file_covered(file_cov): + """Returns whether the file is covered.""" + return file_cov['summary']['regions']['covered'] - def get_target_coverage(self, target): - """Get the coverage report for a specific fuzz target. - Args: - target: The name of the fuzz target whose coverage is requested. +def get_coverage_per_file(target_cov): + """Returns the coverage per file within |target_cov|.""" + return target_cov['data'][0]['files'] - Returns: - The target's coverage json dict or None on failure. - """ - if not self.fuzzer_stats_url: - return None - target_url = utils.url_join(self.fuzzer_stats_url, target + '.json') - return http_utils.get_json_from_url(target_url) +def _normalize_repo_path(repo_path): + """Normalizes and returns |repo_path| to make sure cases like /src/curl and + /src/curl/ are both handled.""" + repo_path = os.path.normpath(repo_path) + if not repo_path.endswith('/'): + repo_path += '/' + return repo_path -def _get_oss_fuzz_latest_cov_report_info(oss_fuzz_project_name): +def _get_latest_cov_report_info(project_name): """Gets and returns a dictionary containing the latest coverage report info for |project|.""" latest_report_info_url = utils.url_join(utils.GCS_BASE_URL, - OSS_FUZZ_LATEST_COVERAGE_INFO_PATH, - oss_fuzz_project_name + '.json') - latest_cov_info = http_utils.get_json_from_url(latest_report_info_url) + LATEST_REPORT_INFO_PATH, + project_name + '.json') + latest_cov_info = get_json_from_url(latest_report_info_url) if latest_cov_info is None: logging.error('Could not get the coverage report json from url: %s.', latest_report_info_url) @@ -129,17 +122,16 @@ def _get_oss_fuzz_latest_cov_report_info(oss_fuzz_project_name): return latest_cov_info -def _get_oss_fuzz_fuzzer_stats_dir_url(oss_fuzz_project_name): - """Gets latest coverage report info for a specific OSS-Fuzz project from - GCS. +def _get_fuzzer_stats_dir_url(project_name): + """Gets latest coverage report info for a specific OSS-Fuzz project from GCS. Args: - oss_fuzz_project_name: The name of the project. + project_name: The name of the relevant OSS-Fuzz project. Returns: The projects coverage report info in json dict or None on failure. """ - latest_cov_info = _get_oss_fuzz_latest_cov_report_info(oss_fuzz_project_name) + latest_cov_info = _get_latest_cov_report_info(project_name) if not latest_cov_info: return None @@ -153,52 +145,25 @@ def _get_oss_fuzz_fuzzer_stats_dir_url(oss_fuzz_project_name): return fuzzer_stats_dir_url -class FilesystemCoverage(BaseCoverage): - """Class that gets a project's coverage from the filesystem.""" - - def __init__(self, repo_path, project_coverage_dir): - super().__init__(repo_path) - self.project_coverage_dir = project_coverage_dir - - def get_target_coverage(self, target): - """Get the coverage report for a specific fuzz target. - - Args: - target: The name of the fuzz target whose coverage is requested. - - Returns: - The target's coverage json dict or None on failure. - """ - logging.info('Getting coverage for %s from filesystem.', target) - fuzzer_stats_json_path = os.path.join(self.project_coverage_dir, - 'fuzzer_stats', target + '.json') - if not os.path.exists(fuzzer_stats_json_path): - logging.warning('%s does not exist.', fuzzer_stats_json_path) - return None - - with open(fuzzer_stats_json_path) as fuzzer_stats_json_file_handle: - try: - return json.load(fuzzer_stats_json_file_handle) - except json.decoder.JSONDecodeError as err: - logging.error('Could not decode: %s. Error: %s.', - fuzzer_stats_json_path, err) - return None - +def get_json_from_url(url): + """Gets a json object from a specified HTTP URL. -def is_file_covered(file_cov): - """Returns whether the file is covered.""" - return file_cov['summary']['regions']['covered'] - - -def get_coverage_per_file(target_cov): - """Returns the coverage per file within |target_cov|.""" - return target_cov['data'][0]['files'] + Args: + url: The url of the json to be downloaded. + Returns: + A dictionary deserialized from JSON or None on failure. + """ + try: + response = urllib.request.urlopen(url) + except urllib.error.HTTPError: + logging.error('HTTP error with url %s.', url) + return None -def _normalize_repo_path(repo_path): - """Normalizes and returns |repo_path| to make sure cases like /src/curl and - /src/curl/ are both handled.""" - repo_path = os.path.normpath(repo_path) - if not repo_path.endswith('/'): - repo_path += '/' - return repo_path + try: + # read().decode() fixes compatibility issue with urllib response object. + result_json = json.loads(response.read().decode()) + except (ValueError, TypeError, json.JSONDecodeError) as err: + logging.error('Loading json from url %s failed with: %s.', url, str(err)) + return None + return result_json diff --git a/infra/cifuzz/coverage_test.py b/infra/cifuzz/coverage_test.py new file mode 100644 index 000000000..1b24d798c --- /dev/null +++ b/infra/cifuzz/coverage_test.py @@ -0,0 +1,194 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Tests for coverage.py""" +import os +import json +import unittest +from unittest import mock + +import coverage + +# pylint: disable=protected-access + +TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)), + 'test_data') + +PROJECT_NAME = 'curl' +REPO_PATH = '/src/curl' +FUZZ_TARGET = 'curl_fuzzer' +PROJECT_COV_JSON_FILENAME = 'example_curl_cov.json' +FUZZ_TARGET_COV_JSON_FILENAME = 'example_curl_fuzzer_cov.json' +INVALID_TARGET = 'not-a-fuzz-target' + +with open(os.path.join(TEST_DATA_PATH, + PROJECT_COV_JSON_FILENAME),) as cov_file_handle: + PROJECT_COV_INFO = json.loads(cov_file_handle.read()) + + +class GetFuzzerStatsDirUrlTest(unittest.TestCase): + """Tests _get_fuzzer_stats_dir_url.""" + + @mock.patch('coverage.get_json_from_url', + return_value={ + 'fuzzer_stats_dir': + 'gs://oss-fuzz-coverage/systemd/fuzzer_stats/20210303' + }) + def test_get_valid_project(self, mocked_get_json_from_url): + """Tests that a project's coverage report can be downloaded and parsed. + + NOTE: This test relies on the PROJECT_NAME repo's coverage report. + The "example" project was not used because it has no coverage reports. + """ + result = coverage._get_fuzzer_stats_dir_url(PROJECT_NAME) + (url,), _ = mocked_get_json_from_url.call_args + self.assertEqual( + 'https://storage.googleapis.com/oss-fuzz-coverage/' + 'latest_report_info/curl.json', url) + + expected_result = ( + 'https://storage.googleapis.com/oss-fuzz-coverage/systemd/fuzzer_stats/' + '20210303') + self.assertEqual(result, expected_result) + + def test_get_invalid_project(self): + """Tests that passing a bad project returns None.""" + self.assertIsNone(coverage._get_fuzzer_stats_dir_url('not-a-proj')) + + +class GetTargetCoverageReportTest(unittest.TestCase): + """Tests get_target_coverage_report.""" + + def setUp(self): + with mock.patch('coverage._get_latest_cov_report_info', + return_value=PROJECT_COV_INFO): + self.coverage_getter = coverage.OssFuzzCoverageGetter( + PROJECT_NAME, REPO_PATH) + + @mock.patch('coverage.get_json_from_url', return_value={}) + def test_valid_target(self, mocked_get_json_from_url): + """Tests that a target's coverage report can be downloaded and parsed.""" + self.coverage_getter.get_target_coverage_report(FUZZ_TARGET) + (url,), _ = mocked_get_json_from_url.call_args + self.assertEqual( + 'https://storage.googleapis.com/oss-fuzz-coverage/' + 'curl/fuzzer_stats/20200226/curl_fuzzer.json', url) + + def test_invalid_target(self): + """Tests that passing an invalid target coverage report returns None.""" + self.assertIsNone( + self.coverage_getter.get_target_coverage_report(INVALID_TARGET)) + + @mock.patch('coverage._get_latest_cov_report_info', return_value=None) + def test_invalid_project_json(self, _): + """Tests an invalid project JSON results in None being returned.""" + coverage_getter = coverage.OssFuzzCoverageGetter(PROJECT_NAME, REPO_PATH) + self.assertIsNone(coverage_getter.get_target_coverage_report(FUZZ_TARGET)) + + +class GetFilesCoveredByTargetTest(unittest.TestCase): + """Tests get_files_covered_by_target.""" + + def setUp(self): + with mock.patch('coverage._get_latest_cov_report_info', + return_value=PROJECT_COV_INFO): + self.coverage_getter = coverage.OssFuzzCoverageGetter( + PROJECT_NAME, REPO_PATH) + + def test_valid_target(self): + """Tests that covered files can be retrieved from a coverage report.""" + with open(os.path.join(TEST_DATA_PATH, + FUZZ_TARGET_COV_JSON_FILENAME),) as file_handle: + fuzzer_cov_info = json.loads(file_handle.read()) + + with mock.patch('coverage.OssFuzzCoverageGetter.get_target_coverage_report', + return_value=fuzzer_cov_info): + file_list = self.coverage_getter.get_files_covered_by_target(FUZZ_TARGET) + + curl_files_list_path = os.path.join(TEST_DATA_PATH, + 'example_curl_file_list.json') + with open(curl_files_list_path) as file_handle: + expected_file_list = json.loads(file_handle.read()) + self.assertCountEqual(file_list, expected_file_list) + + def test_invalid_target(self): + """Tests passing invalid fuzz target returns None.""" + self.assertIsNone( + self.coverage_getter.get_files_covered_by_target(INVALID_TARGET)) + + +class IsFileCoveredTest(unittest.TestCase): + """Tests for is_file_covered.""" + + def test_is_file_covered_covered(self): + """Tests that is_file_covered returns True for a covered file.""" + file_coverage = { + 'filename': '/src/systemd/src/basic/locale-util.c', + 'summary': { + 'regions': { + 'count': 204, + 'covered': 200, + 'notcovered': 200, + 'percent': 98.03 + } + } + } + self.assertTrue(coverage.is_file_covered(file_coverage)) + + def test_is_file_covered_not_covered(self): + """Tests that is_file_covered returns False for a not covered file.""" + file_coverage = { + 'filename': '/src/systemd/src/basic/locale-util.c', + 'summary': { + 'regions': { + 'count': 204, + 'covered': 0, + 'notcovered': 0, + 'percent': 0 + } + } + } + self.assertFalse(coverage.is_file_covered(file_coverage)) + + +class GetLatestCovReportInfo(unittest.TestCase): + """Tests that _get_latest_cov_report_info works as intended.""" + + PROJECT = 'project' + LATEST_REPORT_INFO_URL = ('https://storage.googleapis.com/oss-fuzz-coverage/' + 'latest_report_info/project.json') + + @mock.patch('logging.error') + @mock.patch('coverage.get_json_from_url', return_value={'coverage': 1}) + def test_get_latest_cov_report_info(self, mocked_get_json_from_url, + mocked_error): + """Tests that _get_latest_cov_report_info works as intended.""" + result = coverage._get_latest_cov_report_info(self.PROJECT) + self.assertEqual(result, {'coverage': 1}) + mocked_error.assert_not_called() + mocked_get_json_from_url.assert_called_with(self.LATEST_REPORT_INFO_URL) + + @mock.patch('logging.error') + @mock.patch('coverage.get_json_from_url', return_value=None) + def test_get_latest_cov_report_info_fail(self, _, mocked_error): + """Tests that _get_latest_cov_report_info works as intended when we can't + get latest report info.""" + result = coverage._get_latest_cov_report_info('project') + self.assertIsNone(result) + mocked_error.assert_called_with( + 'Could not get the coverage report json from url: %s.', + self.LATEST_REPORT_INFO_URL) + + +if __name__ == '__main__': + unittest.main() diff --git a/infra/cifuzz/docker.py b/infra/cifuzz/docker.py index 935773d92..eb993e28d 100644 --- a/infra/cifuzz/docker.py +++ b/infra/cifuzz/docker.py @@ -12,52 +12,23 @@ # See the License for the specific language governing permissions and # limitations under the License. """Module for dealing with docker.""" -import logging import os import sys # pylint: disable=wrong-import-position,import-error sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) -import constants import utils BASE_BUILDER_TAG = 'gcr.io/oss-fuzz-base/base-builder' +BASE_RUNNER_TAG = 'gcr.io/oss-fuzz-base/base-runner' +MSAN_LIBS_BUILDER_TAG = 'gcr.io/oss-fuzz-base/msan-libs-builder' PROJECT_TAG_PREFIX = 'gcr.io/oss-fuzz/' -# Default fuzz configuration. -_DEFAULT_DOCKER_RUN_ARGS = [ - '--cap-add', 'SYS_PTRACE', '-e', - 'FUZZING_ENGINE=' + constants.DEFAULT_ENGINE, '-e', - 'ARCHITECTURE=' + constants.DEFAULT_ARCHITECTURE, '-e', 'CIFUZZ=True' -] - -EXTERNAL_PROJECT_IMAGE = 'external-project' - -_DEFAULT_DOCKER_RUN_COMMAND = [ - 'docker', - 'run', - '--rm', - '--privileged', -] - - -def get_docker_env_vars(env_mapping): - """Returns a list of docker arguments that sets each key in |env_mapping| as - an env var and the value of that key in |env_mapping| as the value.""" - env_var_args = [] - for env_var, env_var_val in env_mapping.items(): - env_var_args.extend(['-e', f'{env_var}={env_var_val}']) - return env_var_args - def get_project_image_name(project): """Returns the name of the project builder image for |project_name|.""" - # TODO(ochang): We may need unique names to support parallel fuzzing. - if project: - return PROJECT_TAG_PREFIX + project - - return EXTERNAL_PROJECT_IMAGE + return PROJECT_TAG_PREFIX + project def delete_images(images): @@ -65,49 +36,3 @@ def delete_images(images): command = ['docker', 'rmi', '-f'] + images utils.execute(command) utils.execute(['docker', 'builder', 'prune', '-f']) - - -def get_base_docker_run_args(workspace, - sanitizer=constants.DEFAULT_SANITIZER, - language=constants.DEFAULT_LANGUAGE, - docker_in_docker=False): - """Returns arguments that should be passed to every invocation of 'docker - run'.""" - docker_args = _DEFAULT_DOCKER_RUN_ARGS.copy() - env_mapping = { - 'SANITIZER': sanitizer, - 'FUZZING_LANGUAGE': language, - 'OUT': workspace.out - } - docker_args += get_docker_env_vars(env_mapping) - docker_container = utils.get_container_name() - logging.info('Docker container: %s.', docker_container) - if docker_container and not docker_in_docker: - # Don't map specific volumes if in a docker container, it breaks when - # running a sibling container. - docker_args += ['--volumes-from', docker_container] - else: - docker_args += _get_args_mapping_host_path_to_container(workspace.workspace) - return docker_args, docker_container - - -def get_base_docker_run_command(workspace, - sanitizer=constants.DEFAULT_SANITIZER, - language=constants.DEFAULT_LANGUAGE, - docker_in_docker=False): - """Returns part of the command that should be used everytime 'docker run' is - invoked.""" - docker_args, docker_container = get_base_docker_run_args( - workspace, sanitizer, language, docker_in_docker=docker_in_docker) - command = _DEFAULT_DOCKER_RUN_COMMAND.copy() + docker_args - return command, docker_container - - -def _get_args_mapping_host_path_to_container(host_path, container_path=None): - """Get arguments to docker run that will map |host_path| a path on the host to - a path in the container. If |container_path| is specified, that path is mapped - to. If not, then |host_path| is mapped to itself in the container.""" - # WARNING: Do not use this function when running in production (and - # --volumes-from) is used for mapping volumes. It will break production. - container_path = host_path if container_path is None else container_path - return ['-v', f'{host_path}:{container_path}'] diff --git a/infra/cifuzz/docker_test.py b/infra/cifuzz/docker_test.py deleted file mode 100644 index b356138cb..000000000 --- a/infra/cifuzz/docker_test.py +++ /dev/null @@ -1,122 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Tests the functionality of the docker module.""" -import unittest -from unittest import mock - -import docker -import test_helpers -import workspace_utils - -CONTAINER_NAME = 'example-container' -config = test_helpers.create_run_config(oss_fuzz_project_name='project', - workspace='/workspace') -config.workspace = '/workspace' -WORKSPACE = workspace_utils.Workspace(config) -SANITIZER = 'example-sanitizer' -LANGUAGE = 'example-language' - - -class GetProjectImageTest(unittest.TestCase): - """Tests for get_project_image.""" - - def test_get_project_image(self): - """Tests that get_project_image_name works as intended.""" - project = 'my-project' - self.assertEqual(docker.get_project_image_name(project), - 'gcr.io/oss-fuzz/my-project') - - -class GetDeleteImagesTest(unittest.TestCase): - """Tests for delete_images.""" - - @mock.patch('utils.execute') - def test_delete_images(self, mock_execute): # pylint: disable=no-self-use - """Tests that get_project_image_name works as intended.""" - images = ['image'] - docker.delete_images(images) - expected_calls = [ - mock.call(['docker', 'rmi', '-f'] + images), - mock.call(['docker', 'builder', 'prune', '-f']) - ] - - mock_execute.assert_has_calls(expected_calls) - - -class GetBaseDockerRunArgsTest(unittest.TestCase): - """Tests get_base_docker_run_args.""" - - @mock.patch('utils.get_container_name', return_value=CONTAINER_NAME) - def test_get_base_docker_run_args_container(self, _): - """Tests that get_base_docker_run_args works as intended when inside a - container.""" - docker_args, docker_container = docker.get_base_docker_run_args( - WORKSPACE, SANITIZER, LANGUAGE) - self.assertEqual(docker_container, CONTAINER_NAME) - expected_docker_args = [] - expected_docker_args = [ - '--cap-add', - 'SYS_PTRACE', - '-e', - 'FUZZING_ENGINE=libfuzzer', - '-e', - 'ARCHITECTURE=x86_64', - '-e', - 'CIFUZZ=True', - '-e', - f'SANITIZER={SANITIZER}', - '-e', - f'FUZZING_LANGUAGE={LANGUAGE}', - '-e', - f'OUT={WORKSPACE.out}', - '--volumes-from', - CONTAINER_NAME, - ] - self.assertEqual(docker_args, expected_docker_args) - - @mock.patch('utils.get_container_name', return_value=None) - def test_get_base_docker_run_args_no_container(self, _): - """Tests that get_base_docker_run_args works as intended when not inside a - container.""" - docker_args, docker_container = docker.get_base_docker_run_args( - WORKSPACE, SANITIZER, LANGUAGE) - self.assertEqual(docker_container, None) - expected_docker_args = [ - '--cap-add', 'SYS_PTRACE', '-e', 'FUZZING_ENGINE=libfuzzer', '-e', - 'ARCHITECTURE=x86_64', '-e', 'CIFUZZ=True', '-e', - f'SANITIZER={SANITIZER}', '-e', f'FUZZING_LANGUAGE={LANGUAGE}', '-e', - f'OUT={WORKSPACE.out}', '-v', - f'{WORKSPACE.workspace}:{WORKSPACE.workspace}' - ] - self.assertEqual(docker_args, expected_docker_args) - - -class GetBaseDockerRunCommandTest(unittest.TestCase): - """Tests get_base_docker_run_args.""" - - @mock.patch('utils.get_container_name', return_value=None) - def test_get_base_docker_run_command_no_container(self, _): - """Tests that get_base_docker_run_args works as intended when not inside a - container.""" - docker_args, docker_container = docker.get_base_docker_run_command( - WORKSPACE, SANITIZER, LANGUAGE) - self.assertEqual(docker_container, None) - expected_docker_command = [ - 'docker', 'run', '--rm', '--privileged', '--cap-add', 'SYS_PTRACE', - '-e', 'FUZZING_ENGINE=libfuzzer', '-e', 'ARCHITECTURE=x86_64', '-e', - 'CIFUZZ=True', '-e', f'SANITIZER={SANITIZER}', '-e', - f'FUZZING_LANGUAGE={LANGUAGE}', '-e', f'OUT={WORKSPACE.out}', '-v', - f'{WORKSPACE.workspace}:{WORKSPACE.workspace}' - ] - self.assertEqual(docker_args, expected_docker_command) diff --git a/infra/cifuzz/environment.py b/infra/cifuzz/environment.py index e99a67910..4cc0f846b 100644 --- a/infra/cifuzz/environment.py +++ b/infra/cifuzz/environment.py @@ -46,6 +46,9 @@ def get_bool(env_var, default_value=None): lower_value = value.lower() allowed_values = {'true', 'false'} if lower_value not in allowed_values: - raise Exception(f'Bool env var {env_var} value {value} is invalid. ' - f'Must be one of {allowed_values}.') + raise Exception(('Bool env var {env_var} value {value} is invalid. ' + 'Must be one of {allowed_values}').format( + env_var=env_var, + value=value, + allowed_values=allowed_values)) return lower_value == 'true' diff --git a/infra/cifuzz/external-actions/build_fuzzers/action.yml b/infra/cifuzz/external-actions/build_fuzzers/action.yml deleted file mode 100644 index f45d02e20..000000000 --- a/infra/cifuzz/external-actions/build_fuzzers/action.yml +++ /dev/null @@ -1,63 +0,0 @@ -# action.yml -name: 'build-fuzzers' -description: "Builds an OSS-Fuzz project's fuzzers." -inputs: - language: - description: 'Programming language project is written in.' - required: false - default: 'c++' - dry-run: - description: 'If set, run the action without actually reporting a failure.' - default: false - allowed-broken-targets-percentage: - description: 'The percentage of broken targets allowed in bad_build_check.' - required: false - sanitizer: - description: 'The sanitizer to build the fuzzers with.' - default: 'address' - project-src-path: - description: "The path to the project's source code checkout." - required: false - bad-build-check: - description: "Whether or not OSS-Fuzz's check for bad builds should be done." - required: false - default: true - storage-repo: - description: | - The git repo to use for storing certain artifacts from fuzzing. - required: false - storage-repo-branch: - description: | - The branch of the git repo to use for storing certain artifacts from - fuzzing. - required: false - storage-repo-branch-coverage: - description: | - The branch of the git repo to use for storing coverage reports. - required: false - upload-build: - description: | - If set, will upload the build. - default: false - github-token: - description: | - Token for GitHub API. WARNING: THIS SHOULD NOT BE USED IN PRODUCTION YET - You should use "secrets.GITHUB_TOKEN" in your workflow file, do not - hardcode the token. - TODO(https://github.com/google/oss-fuzz/pull/5841#discussion_r639393361): - Document locking this down. - required: false -runs: - using: 'docker' - image: '../../../build_fuzzers.Dockerfile' - env: - OSS_FUZZ_PROJECT_NAME: ${{ inputs.oss-fuzz-project-name }} - LANGUAGE: ${{ inputs.language }} - DRY_RUN: ${{ inputs.dry-run}} - ALLOWED_BROKEN_TARGETS_PERCENTAGE: ${{ inputs.allowed-broken-targets-percentage}} - SANITIZER: ${{ inputs.sanitizer }} - PROJECT_SRC_PATH: ${{ inputs.project-src-path }} - GITHUB_TOKEN: ${{ inputs.github-token }} - LOW_DISK_SPACE: 'True' - BAD_BUILD_CHECK: ${{ inputs.bad-build-check }} - UPLOAD_BUILD: ${{ inputs.upload-build }} diff --git a/infra/cifuzz/external-actions/run_fuzzers/action.yml b/infra/cifuzz/external-actions/run_fuzzers/action.yml deleted file mode 100644 index cdefb5675..000000000 --- a/infra/cifuzz/external-actions/run_fuzzers/action.yml +++ /dev/null @@ -1,69 +0,0 @@ -# action.yml -name: 'run-fuzzers' -description: 'Runs fuzz target binaries for a specified length of time.' -inputs: - language: - description: 'Programming language project is written in.' - required: false - default: 'c++' - fuzz-seconds: - description: 'The total time allotted for fuzzing in seconds.' - required: true - default: 600 - dry-run: - description: 'If set, run the action without actually reporting a failure.' - default: false - sanitizer: - description: 'The sanitizer to run the fuzzers with.' - default: 'address' - run-fuzzers-mode: - description: | - The mode to run the fuzzers with ("ci" or "batch"). - "ci" is for fuzzing a pull request or commit. - "batch" is for non-interactive fuzzing of an entire project. - "batch" is in alpha and should not be used in production. - required: false - default: 'ci' - github-token: - description: | - Token for GitHub API. WARNING: THIS SHOULD NOT BE USED IN PRODUCTION YET - You should use "secrets.GITHUB_TOKEN" in your workflow file, do not - hardcode the token. - TODO(https://github.com/google/oss-fuzz/pull/5841#discussion_r639393361): - Document locking this down. - required: true - storage-repo: - description: | - The git repo to use for storing certain artifacts from fuzzing. - required: false - storage-repo-branch: - description: | - The branch of the git repo to use for storing certain artifacts from - fuzzing. - default: main - required: false - storage-repo-branch-coverage: - description: | - The branch of the git repo to use for storing coverage reports. - default: gh-pages - required: false - report-unreproducible-crashes: - description: 'If True, then unreproducible crashes will be reported by CIFuzz.' - required: false - default: false -runs: - using: 'docker' - image: '../../../run_fuzzers.Dockerfile' - env: - OSS_FUZZ_PROJECT_NAME: ${{ inputs.oss-fuzz-project-name }} - LANGUAGE: ${{ inputs.language }} - FUZZ_SECONDS: ${{ inputs.fuzz-seconds }} - DRY_RUN: ${{ inputs.dry-run}} - SANITIZER: ${{ inputs.sanitizer }} - RUN_FUZZERS_MODE: ${{ inputs.run-fuzzers-mode }} - GITHUB_TOKEN: ${{ inputs.github-token }} - LOW_DISK_SPACE: 'True' - GIT_STORE_REPO: ${{ inputs.storage-repo }} - GIT_STORE_BRANCH: ${{ inputs.storage-repo-branch }} - GIT_STORE_BRANCH_COVERAGE: ${{ inputs.storage-repo-branch-coverage }} - REPORT_UNREPRODUCIBLE_CRASHES: ${{ inputs.report-unreproducible-crashes }} diff --git a/infra/cifuzz/filestore/__init__.py b/infra/cifuzz/filestore/__init__.py deleted file mode 100644 index d112f7b8c..000000000 --- a/infra/cifuzz/filestore/__init__.py +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Module for a generic filestore.""" - - -class FilestoreError(Exception): - """Error using the filestore.""" - - -# pylint: disable=unused-argument,no-self-use -class BaseFilestore: - """Base class for a filestore.""" - - def __init__(self, config): - self.config = config - - def upload_crashes(self, name, directory): - """Uploads the crashes at |directory| to |name|.""" - raise NotImplementedError('Child class must implement method.') - - def upload_corpus(self, name, directory, replace=False): - """Uploads the corpus at |directory| to |name|.""" - raise NotImplementedError('Child class must implement method.') - - def upload_build(self, name, directory): - """Uploads the build at |directory| to |name|.""" - raise NotImplementedError('Child class must implement method.') - - def upload_coverage(self, name, directory): - """Uploads the coverage report at |directory| to |name|.""" - raise NotImplementedError('Child class must implement method.') - - def download_corpus(self, name, dst_directory): - """Downloads the corpus located at |name| to |dst_directory|.""" - raise NotImplementedError('Child class must implement method.') - - def download_build(self, name, dst_directory): - """Downloads the build with |name| to |dst_directory|.""" - raise NotImplementedError('Child class must implement method.') - - def download_coverage(self, dst_directory): - """Downloads the latest project coverage report.""" - raise NotImplementedError('Child class must implement method.') diff --git a/infra/cifuzz/filestore/git/__init__.py b/infra/cifuzz/filestore/git/__init__.py deleted file mode 100644 index 5414003da..000000000 --- a/infra/cifuzz/filestore/git/__init__.py +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Module for a git based filestore.""" - -from distutils import dir_util -import logging -import os -import shutil -import subprocess -import sys -import tempfile - -import filestore - -# pylint: disable=wrong-import-position -INFRA_DIR = os.path.dirname( - os.path.dirname(os.path.dirname(os.path.dirname( - os.path.abspath(__file__))))) -sys.path.append(INFRA_DIR) - -import retry - -_PUSH_RETRIES = 3 -_PUSH_BACKOFF = 1 -_GIT_EMAIL = 'cifuzz@clusterfuzz.com' -_GIT_NAME = 'CIFuzz' -_CORPUS_DIR = 'corpus' -_COVERAGE_DIR = 'coverage' - - -def git_runner(repo_path): - """Returns a gits runner for the repo_path.""" - - def func(*args): - return subprocess.check_call(('git', '-C', repo_path) + args) - - return func - - -# pylint: disable=unused-argument,no-self-use -class GitFilestore(filestore.BaseFilestore): - """Generic git filestore. This still relies on another filestore provided by - the CI for larger artifacts or artifacts which make sense to be included as - the result of a workflow run.""" - - def __init__(self, config, ci_filestore): - super().__init__(config) - self.repo_path = tempfile.mkdtemp() - self._git = git_runner(self.repo_path) - self._clone(self.config.git_store_repo) - - self._ci_filestore = ci_filestore - - def __del__(self): - shutil.rmtree(self.repo_path) - - def _clone(self, repo_url): - """Clones repo URL.""" - self._git('clone', repo_url, '.') - self._git('config', '--local', 'user.email', _GIT_EMAIL) - self._git('config', '--local', 'user.name', _GIT_NAME) - - def _reset_git(self, branch): - """Resets the git repo.""" - self._git('fetch', 'origin') - try: - self._git('checkout', '-B', branch, 'origin/' + branch) - self._git('reset', '--hard', 'HEAD') - except subprocess.CalledProcessError: - self._git('checkout', '--orphan', branch) - - self._git('clean', '-fxd') - - # pylint: disable=too-many-arguments - @retry.wrap(_PUSH_RETRIES, _PUSH_BACKOFF) - def _upload_to_git(self, - message, - branch, - upload_path, - local_path, - replace=False): - """Uploads a directory to git. If `replace` is True, then existing contents - in the upload_path is deleted.""" - self._reset_git(branch) - - full_repo_path = os.path.join(self.repo_path, upload_path) - if replace and os.path.exists(full_repo_path): - shutil.rmtree(full_repo_path) - - dir_util.copy_tree(local_path, full_repo_path) - self._git('add', '.') - try: - self._git('commit', '-m', message) - except subprocess.CalledProcessError: - logging.debug('No changes, skipping git push.') - return - - self._git('push', 'origin', branch) - - def upload_crashes(self, name, directory): - """Uploads the crashes at |directory| to |name|.""" - return self._ci_filestore.upload_crashes(name, directory) - - def upload_corpus(self, name, directory, replace=False): - """Uploads the corpus at |directory| to |name|.""" - self._upload_to_git('Corpus upload', - self.config.git_store_branch, - os.path.join(_CORPUS_DIR, name), - directory, - replace=replace) - - def upload_build(self, name, directory): - """Uploads the build at |directory| to |name|.""" - return self._ci_filestore.upload_build(name, directory) - - def upload_coverage(self, name, directory): - """Uploads the coverage report at |directory| to |name|.""" - self._upload_to_git('Coverage upload', - self.config.git_store_branch_coverage, - os.path.join(_COVERAGE_DIR, name), - directory, - replace=True) - - def download_corpus(self, name, dst_directory): - """Downloads the corpus located at |name| to |dst_directory|.""" - self._reset_git(self.config.git_store_branch) - path = os.path.join(self.repo_path, _CORPUS_DIR, name) - if not os.path.exists(path): - logging.debug('Corpus does not exist at %s.', path) - return False - - dir_util.copy_tree(path, dst_directory) - return True - - def download_build(self, name, dst_directory): - """Downloads the build with |name| to |dst_directory|.""" - return self._ci_filestore.download_build(name, dst_directory) - - def download_coverage(self, name, dst_directory): - """Downloads the latest project coverage report.""" - self._reset_git(self.config.git_store_branch_coverage) - path = os.path.join(self.repo_path, _COVERAGE_DIR, name) - if not os.path.exists(path): - logging.debug('Coverage does not exist at %s.', path) - return False - - dir_util.copy_tree(path, dst_directory) - return True diff --git a/infra/cifuzz/filestore/git/git_test.py b/infra/cifuzz/filestore/git/git_test.py deleted file mode 100644 index 56be23bac..000000000 --- a/infra/cifuzz/filestore/git/git_test.py +++ /dev/null @@ -1,122 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Tests for git.""" -import filecmp -import os -import tempfile -import subprocess -import sys -import unittest -from unittest import mock - -# pylint: disable=wrong-import-position -INFRA_DIR = os.path.dirname( - os.path.dirname(os.path.dirname(os.path.dirname( - os.path.abspath(__file__))))) -sys.path.append(INFRA_DIR) - -from filestore import git -import test_helpers - -# pylint: disable=protected-access,no-self-use - - -class GitFilestoreTest(unittest.TestCase): - """Tests for GitFilestore.""" - - def setUp(self): - self.git_dir = tempfile.TemporaryDirectory() - self.addCleanup(self.git_dir.cleanup) - - self.local_dir = tempfile.TemporaryDirectory() - self.addCleanup(self.local_dir.cleanup) - - self.download_dir = tempfile.TemporaryDirectory() - self.addCleanup(self.download_dir.cleanup) - - with open(os.path.join(self.local_dir.name, 'a'), 'w') as handle: - handle.write('') - - os.makedirs(os.path.join(self.local_dir.name, 'b')) - - with open(os.path.join(self.local_dir.name, 'b', 'c'), 'w') as handle: - handle.write('') - - self.git_repo = git.git_runner(self.git_dir.name) - self.git_repo('init', '--bare') - - self.config = test_helpers.create_run_config( - git_store_repo='file://' + self.git_dir.name, - git_store_branch='main', - git_store_branch_coverage='cov-branch') - - self.mock_ci_filestore = mock.MagicMock() - self.git_store = git.GitFilestore(self.config, self.mock_ci_filestore) - - def assert_dirs_same(self, first, second): - """Asserts two dirs are the same.""" - dcmp = filecmp.dircmp(first, second) - if dcmp.diff_files or dcmp.left_only or dcmp.right_only: - return False - - return all( - self.assert_dirs_same(os.path.join(first, subdir), - os.path.join(second, subdir)) - for subdir in dcmp.common_dirs) - - def get_repo_filelist(self, branch): - """Get files in repo.""" - return subprocess.check_output([ - 'git', '-C', self.git_dir.name, 'ls-tree', '-r', '--name-only', branch - ]).decode().splitlines() - - def test_upload_download_corpus(self): - """Tests uploading and downloading corpus.""" - self.git_store.upload_corpus('target', self.local_dir.name) - self.git_store.download_corpus('target', self.download_dir.name) - self.assert_dirs_same(self.local_dir.name, self.download_dir.name) - - self.assertCountEqual([ - 'corpus/target/a', - 'corpus/target/b/c', - ], self.get_repo_filelist('main')) - - def test_upload_download_coverage(self): - """Tests uploading and downloading corpus.""" - self.git_store.upload_coverage('latest', self.local_dir.name) - self.git_store.download_coverage('latest', self.download_dir.name) - self.assert_dirs_same(self.local_dir.name, self.download_dir.name) - - self.assertCountEqual([ - 'coverage/latest/a', - 'coverage/latest/b/c', - ], self.get_repo_filelist('cov-branch')) - - def test_upload_crashes(self): - """Tests uploading crashes.""" - self.git_store.upload_crashes('current', self.local_dir.name) - self.mock_ci_filestore.upload_crashes.assert_called_with( - 'current', self.local_dir.name) - - def test_upload_build(self): - """Tests uploading build.""" - self.git_store.upload_build('sanitizer', self.local_dir.name) - self.mock_ci_filestore.upload_build.assert_called_with( - 'sanitizer', self.local_dir.name) - - def test_download_build(self): - """Tests downloading build.""" - self.git_store.download_build('sanitizer', self.download_dir.name) - self.mock_ci_filestore.download_build.assert_called_with( - 'sanitizer', self.download_dir.name) diff --git a/infra/cifuzz/filestore/github_actions/__init__.py b/infra/cifuzz/filestore/github_actions/__init__.py deleted file mode 100644 index 3b03f9c0b..000000000 --- a/infra/cifuzz/filestore/github_actions/__init__.py +++ /dev/null @@ -1,177 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Implementation of a filestore using Github actions artifacts.""" -import logging -import os -import shutil -import sys -import tarfile -import tempfile - -# pylint: disable=wrong-import-position,import-error -sys.path.append( - os.path.join(os.path.pardir, os.path.pardir, os.path.pardir, - os.path.dirname(os.path.abspath(__file__)))) - -import utils -import http_utils -import filestore -from filestore.github_actions import github_api - -UPLOAD_JS = os.path.join(os.path.dirname(__file__), 'upload.js') - - -def tar_directory(directory, archive_path): - """Tars a |directory| and stores archive at |archive_path|. |archive_path| - must end in .tar""" - assert archive_path.endswith('.tar') - # Do this because make_archive will append the extension to archive_path. - archive_path = os.path.splitext(archive_path)[0] - - root_directory = os.path.abspath(directory) - shutil.make_archive(archive_path, - 'tar', - root_dir=root_directory, - base_dir='./') - - -class GithubActionsFilestore(filestore.BaseFilestore): - """Implementation of BaseFilestore using Github actions artifacts. Relies on - github_actions_toolkit for using the GitHub actions API and the github_api - module for using GitHub's standard API. We need to use both because the GitHub - actions API is the only way to upload an artifact but it does not support - downloading artifacts from other runs. The standard GitHub API does support - this however.""" - - ARTIFACT_PREFIX = 'cifuzz-' - BUILD_PREFIX = 'build-' - CRASHES_PREFIX = 'crashes-' - CORPUS_PREFIX = 'corpus-' - COVERAGE_PREFIX = 'coverage-' - - def __init__(self, config): - super().__init__(config) - self.github_api_http_headers = github_api.get_http_auth_headers(config) - - def _get_artifact_name(self, name): - """Returns |name| prefixed with |self.ARITFACT_PREFIX| if it isn't already - prefixed. Otherwise returns |name|.""" - if name.startswith(self.ARTIFACT_PREFIX): - return name - return f'{self.ARTIFACT_PREFIX}{name}' - - def _upload_directory(self, name, directory): # pylint: disable=no-self-use - """Uploads |directory| as artifact with |name|.""" - name = self._get_artifact_name(name) - with tempfile.TemporaryDirectory() as temp_dir: - archive_path = os.path.join(temp_dir, name + '.tar') - tar_directory(directory, archive_path) - _raw_upload_directory(name, temp_dir) - - def upload_crashes(self, name, directory): - """Uploads the crashes at |directory| to |name|.""" - return _raw_upload_directory(self.CRASHES_PREFIX + name, directory) - - def upload_corpus(self, name, directory, replace=False): - """Uploads the corpus at |directory| to |name|.""" - # Not applicable as the the entire corpus is uploaded under a single - # artifact name. - del replace - return self._upload_directory(self.CORPUS_PREFIX + name, directory) - - def upload_build(self, name, directory): - """Uploads the build at |directory| to |name|.""" - return self._upload_directory(self.BUILD_PREFIX + name, directory) - - def upload_coverage(self, name, directory): - """Uploads the coverage report at |directory| to |name|.""" - return self._upload_directory(self.COVERAGE_PREFIX + name, directory) - - def download_corpus(self, name, dst_directory): # pylint: disable=unused-argument,no-self-use - """Downloads the corpus located at |name| to |dst_directory|.""" - return self._download_artifact(self.CORPUS_PREFIX + name, dst_directory) - - def _find_artifact(self, name): - """Finds an artifact using the GitHub API and returns it.""" - logging.debug('Listing artifacts.') - artifacts = self._list_artifacts() - artifact = github_api.find_artifact(name, artifacts) - logging.debug('Artifact: %s.', artifact) - return artifact - - def _download_artifact(self, name, dst_directory): - """Downloads artifact with |name| to |dst_directory|. Returns True on - success.""" - name = self._get_artifact_name(name) - - with tempfile.TemporaryDirectory() as temp_dir: - if not self._raw_download_artifact(name, temp_dir): - logging.warning('Could not download artifact: %s.', name) - return False - - artifact_tarfile_path = os.path.join(temp_dir, name + '.tar') - if not os.path.exists(artifact_tarfile_path): - logging.error('Artifact zip did not contain a tarfile.') - return False - - # TODO(jonathanmetzman): Replace this with archive.unpack from - # libClusterFuzz so we can avoid path traversal issues. - with tarfile.TarFile(artifact_tarfile_path) as artifact_tarfile: - artifact_tarfile.extractall(dst_directory) - return True - - def _raw_download_artifact(self, name, dst_directory): - """Downloads the artifact with |name| to |dst_directory|. Returns True on - success. Does not do any untarring or adding prefix to |name|.""" - artifact = self._find_artifact(name) - if not artifact: - logging.warning('Could not find artifact: %s.', name) - return False - download_url = artifact['archive_download_url'] - return http_utils.download_and_unpack_zip( - download_url, dst_directory, headers=self.github_api_http_headers) - - def _list_artifacts(self): - """Returns a list of artifacts.""" - return github_api.list_artifacts(self.config.project_repo_owner, - self.config.project_repo_name, - self.github_api_http_headers) - - def download_build(self, name, dst_directory): - """Downloads the build with name |name| to |dst_directory|.""" - return self._download_artifact(self.BUILD_PREFIX + name, dst_directory) - - def download_coverage(self, name, dst_directory): - """Downloads the latest project coverage report.""" - return self._download_artifact(self.COVERAGE_PREFIX + name, dst_directory) - - -def _upload_artifact_with_upload_js(name, artifact_paths, directory): - """Uploads the artifacts in |artifact_paths| that are located in |directory| - to |name|, using the upload.js script.""" - command = [UPLOAD_JS, name, directory] + artifact_paths - _, _, retcode = utils.execute(command) - return retcode == 0 - - -def _raw_upload_directory(name, directory): - """Uploads the artifacts located in |directory| to |name|. Does not do any - tarring or adding prefixes to |name|.""" - # Get file paths. - artifact_paths = [] - for root, _, curr_file_paths in os.walk(directory): - for file_path in curr_file_paths: - artifact_paths.append(os.path.join(root, file_path)) - logging.debug('Artifact paths: %s.', artifact_paths) - return _upload_artifact_with_upload_js(name, artifact_paths, directory) diff --git a/infra/cifuzz/filestore/github_actions/github_actions_test.py b/infra/cifuzz/filestore/github_actions/github_actions_test.py deleted file mode 100644 index 7745065a9..000000000 --- a/infra/cifuzz/filestore/github_actions/github_actions_test.py +++ /dev/null @@ -1,281 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Tests for github_actions.""" -import os -import shutil -import sys -import tarfile -import tempfile -import unittest -from unittest import mock - -from pyfakefs import fake_filesystem_unittest - -# pylint: disable=wrong-import-position -INFRA_DIR = os.path.dirname( - os.path.dirname(os.path.dirname(os.path.dirname( - os.path.abspath(__file__))))) -sys.path.append(INFRA_DIR) - -from filestore import github_actions -import test_helpers - -# pylint: disable=protected-access,no-self-use - - -class GithubActionsFilestoreTest(fake_filesystem_unittest.TestCase): - """Tests for GithubActionsFilestore.""" - - def setUp(self): - test_helpers.patch_environ(self) - self.token = 'example githubtoken' - self.owner = 'exampleowner' - self.repo = 'examplerepo' - os.environ['GITHUB_REPOSITORY'] = f'{self.owner}/{self.repo}' - os.environ['GITHUB_EVENT_PATH'] = '/fake' - self.config = test_helpers.create_run_config(token=self.token) - self.local_dir = '/local-dir' - self.testcase = os.path.join(self.local_dir, 'testcase') - - def _get_expected_http_headers(self): - return { - 'Authorization': f'token {self.token}', - 'Accept': 'application/vnd.github.v3+json', - } - - @mock.patch('filestore.github_actions.github_api.list_artifacts') - def test_list_artifacts(self, mock_list_artifacts): - """Tests that _list_artifacts works as intended.""" - filestore = github_actions.GithubActionsFilestore(self.config) - filestore._list_artifacts() - mock_list_artifacts.assert_called_with(self.owner, self.repo, - self._get_expected_http_headers()) - - @mock.patch('logging.warning') - @mock.patch('filestore.github_actions.GithubActionsFilestore._list_artifacts', - return_value=None) - @mock.patch('filestore.github_actions.github_api.find_artifact', - return_value=None) - def test_download_build_no_artifact(self, _, __, mock_warning): - """Tests that download_build returns None and doesn't exception when - find_artifact can't find an artifact.""" - filestore = github_actions.GithubActionsFilestore(self.config) - name = 'name' - build_dir = 'build-dir' - self.assertFalse(filestore.download_build(name, build_dir)) - mock_warning.assert_called_with('Could not download artifact: %s.', - 'cifuzz-build-' + name) - - @mock.patch('logging.warning') - @mock.patch('filestore.github_actions.GithubActionsFilestore._list_artifacts', - return_value=None) - @mock.patch('filestore.github_actions.github_api.find_artifact', - return_value=None) - def test_download_corpus_no_artifact(self, _, __, mock_warning): - """Tests that download_corpus_build returns None and doesn't exception when - find_artifact can't find an artifact.""" - filestore = github_actions.GithubActionsFilestore(self.config) - name = 'name' - dst_dir = 'local-dir' - self.assertFalse(filestore.download_corpus(name, dst_dir)) - mock_warning.assert_called_with('Could not download artifact: %s.', - 'cifuzz-corpus-' + name) - - @mock.patch('filestore.github_actions.tar_directory') - @mock.patch('filestore.github_actions._upload_artifact_with_upload_js') - def test_upload_corpus(self, mock_upload_artifact, mock_tar_directory): - """Test uploading corpus.""" - self._create_local_dir() - - def mock_tar_directory_impl(_, archive_path): - self.fs.create_file(archive_path) - - mock_tar_directory.side_effect = mock_tar_directory_impl - - filestore = github_actions.GithubActionsFilestore(self.config) - filestore.upload_corpus('target', self.local_dir) - self.assert_upload(mock_upload_artifact, mock_tar_directory, - 'corpus-target') - - @mock.patch('filestore.github_actions._upload_artifact_with_upload_js') - def test_upload_crashes(self, mock_upload_artifact): - """Test uploading crashes.""" - self._create_local_dir() - - filestore = github_actions.GithubActionsFilestore(self.config) - filestore.upload_crashes('current', self.local_dir) - mock_upload_artifact.assert_has_calls( - [mock.call('crashes-current', ['/local-dir/testcase'], '/local-dir')]) - - @mock.patch('filestore.github_actions.tar_directory') - @mock.patch('filestore.github_actions._upload_artifact_with_upload_js') - def test_upload_build(self, mock_upload_artifact, mock_tar_directory): - """Test uploading build.""" - self._create_local_dir() - - def mock_tar_directory_impl(_, archive_path): - self.fs.create_file(archive_path) - - mock_tar_directory.side_effect = mock_tar_directory_impl - - filestore = github_actions.GithubActionsFilestore(self.config) - filestore.upload_build('sanitizer', self.local_dir) - self.assert_upload(mock_upload_artifact, mock_tar_directory, - 'build-sanitizer') - - @mock.patch('filestore.github_actions.tar_directory') - @mock.patch('filestore.github_actions._upload_artifact_with_upload_js') - def test_upload_coverage(self, mock_upload_artifact, mock_tar_directory): - """Test uploading coverage.""" - self._create_local_dir() - - def mock_tar_directory_impl(_, archive_path): - self.fs.create_file(archive_path) - - mock_tar_directory.side_effect = mock_tar_directory_impl - - filestore = github_actions.GithubActionsFilestore(self.config) - filestore.upload_coverage('latest', self.local_dir) - self.assert_upload(mock_upload_artifact, mock_tar_directory, - 'coverage-latest') - - def assert_upload(self, mock_upload_artifact, mock_tar_directory, - expected_artifact_name): - """Tests that upload_directory invokes tar_directory and - artifact_client.upload_artifact properly.""" - # Don't assert what second argument will be since it's a temporary - # directory. - self.assertEqual(mock_tar_directory.call_args_list[0][0][0], self.local_dir) - - # Don't assert what second and third arguments will be since they are - # temporary directories. - expected_artifact_name = 'cifuzz-' + expected_artifact_name - self.assertEqual(mock_upload_artifact.call_args_list[0][0][0], - expected_artifact_name) - - # Assert artifacts list contains one tarfile. - artifacts_list = mock_upload_artifact.call_args_list[0][0][1] - self.assertEqual(len(artifacts_list), 1) - self.assertEqual(os.path.basename(artifacts_list[0]), - expected_artifact_name + '.tar') - - def _create_local_dir(self): - """Sets up pyfakefs and creates a corpus directory containing - self.testcase.""" - self.setUpPyfakefs() - self.fs.create_file(self.testcase, contents='hi') - - @mock.patch('filestore.github_actions.GithubActionsFilestore._find_artifact') - @mock.patch('http_utils.download_and_unpack_zip') - def test_download_artifact(self, mock_download_and_unpack_zip, - mock_find_artifact): - """Tests that _download_artifact works as intended.""" - artifact_download_url = 'http://example.com/download' - artifact_listing = { - 'expired': False, - 'name': 'corpus', - 'archive_download_url': artifact_download_url - } - mock_find_artifact.return_value = artifact_listing - - self._create_local_dir() - with tempfile.TemporaryDirectory() as temp_dir: - # Create a tarball. - archive_path = os.path.join(temp_dir, 'cifuzz-corpus.tar') - github_actions.tar_directory(self.local_dir, archive_path) - - artifact_download_dst_dir = os.path.join(temp_dir, 'dst') - os.mkdir(artifact_download_dst_dir) - - def mock_download_and_unpack_zip_impl(url, download_artifact_temp_dir, - headers): - self.assertEqual(url, artifact_download_url) - self.assertEqual(headers, self._get_expected_http_headers()) - shutil.copy( - archive_path, - os.path.join(download_artifact_temp_dir, - os.path.basename(archive_path))) - return True - - mock_download_and_unpack_zip.side_effect = ( - mock_download_and_unpack_zip_impl) - filestore = github_actions.GithubActionsFilestore(self.config) - self.assertTrue( - filestore._download_artifact('corpus', artifact_download_dst_dir)) - mock_find_artifact.assert_called_with('cifuzz-corpus') - self.assertTrue( - os.path.exists( - os.path.join(artifact_download_dst_dir, - os.path.basename(self.testcase)))) - - @mock.patch('filestore.github_actions.github_api.list_artifacts') - def test_find_artifact(self, mock_list_artifacts): - """Tests that _find_artifact works as intended.""" - artifact_listing_1 = { - 'expired': False, - 'name': 'other', - 'archive_download_url': 'http://download1' - } - artifact_listing_2 = { - 'expired': False, - 'name': 'artifact', - 'archive_download_url': 'http://download2' - } - artifact_listing_3 = { - 'expired': True, - 'name': 'artifact', - 'archive_download_url': 'http://download3' - } - artifact_listing_4 = { - 'expired': False, - 'name': 'artifact', - 'archive_download_url': 'http://download4' - } - artifacts = [ - artifact_listing_1, artifact_listing_2, artifact_listing_3, - artifact_listing_4 - ] - mock_list_artifacts.return_value = artifacts - filestore = github_actions.GithubActionsFilestore(self.config) - # Test that find_artifact will return the most recent unexpired artifact - # with the correct name. - self.assertEqual(filestore._find_artifact('artifact'), artifact_listing_2) - mock_list_artifacts.assert_called_with(self.owner, self.repo, - self._get_expected_http_headers()) - - -class TarDirectoryTest(unittest.TestCase): - """Tests for tar_directory.""" - - def test_tar_directory(self): - """Tests that tar_directory writes the archive to the correct location and - archives properly.""" - with tempfile.TemporaryDirectory() as temp_dir: - archive_path = os.path.join(temp_dir, 'myarchive.tar') - archived_dir = os.path.join(temp_dir, 'toarchive') - os.mkdir(archived_dir) - archived_filename = 'file1' - archived_file_path = os.path.join(archived_dir, archived_filename) - with open(archived_file_path, 'w') as file_handle: - file_handle.write('hi') - github_actions.tar_directory(archived_dir, archive_path) - self.assertTrue(os.path.exists(archive_path)) - - # Now check it archives correctly. - unpacked_directory = os.path.join(temp_dir, 'unpacked') - with tarfile.TarFile(archive_path) as artifact_tarfile: - artifact_tarfile.extractall(unpacked_directory) - unpacked_archived_file_path = os.path.join(unpacked_directory, - archived_filename) - self.assertTrue(os.path.exists(unpacked_archived_file_path)) diff --git a/infra/cifuzz/filestore/github_actions/github_api.py b/infra/cifuzz/filestore/github_actions/github_api.py deleted file mode 100644 index 191b75058..000000000 --- a/infra/cifuzz/filestore/github_actions/github_api.py +++ /dev/null @@ -1,108 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Module for dealing with the GitHub API. This is different from -github_actions_toolkit which only deals with the actions API. We need to use -both.""" -import logging -import os -import sys - -import requests - -import filestore - -# pylint: disable=wrong-import-position,import-error - -sys.path.append( - os.path.join(__file__, os.path.pardir, os.path.pardir, os.path.pardir, - os.path.pardir)) -import retry - -_MAX_ITEMS_PER_PAGE = 100 - -_GET_ATTEMPTS = 3 -_GET_BACKOFF = 1 - - -def get_http_auth_headers(config): - """Returns HTTP headers for authentication to the API.""" - authorization = f'token {config.token}' - return { - 'Authorization': authorization, - 'Accept': 'application/vnd.github.v3+json' - } - - -def _get_artifacts_list_api_url(repo_owner, repo_name): - """Returns the artifacts_api_url for |repo_name| owned by |repo_owner|.""" - return (f'https://api.github.com/repos/{repo_owner}/' - f'{repo_name}/actions/artifacts') - - -@retry.wrap(_GET_ATTEMPTS, _GET_BACKOFF) -def _do_get_request(*args, **kwargs): - """Wrapped version of requests.get that does retries.""" - return requests.get(*args, **kwargs) - - -def _get_items(url, headers): - """Generator that gets and yields items from a GitHub API endpoint (specified - by |URL|) sending |headers| with the get request.""" - # Github API response pages are 1-indexed. - page_counter = 1 - - # Set to infinity so we run loop at least once. - total_num_items = float('inf') - - item_num = 0 - while item_num < total_num_items: - params = {'per_page': _MAX_ITEMS_PER_PAGE, 'page': str(page_counter)} - response = _do_get_request(url, params=params, headers=headers) - response_json = response.json() - if not response.status_code == 200: - # Check that request was successful. - logging.error('Request to %s failed. Code: %d. Response: %s', - response.request.url, response.status_code, response_json) - raise filestore.FilestoreError('Github API request failed.') - - if total_num_items == float('inf'): - # Set proper total_num_items - total_num_items = response_json['total_count'] - - # Get the key for the items we are after. - keys = [key for key in response_json.keys() if key != 'total_count'] - assert len(keys) == 1, keys - items_key = keys[0] - - for item in response_json[items_key]: - yield item - item_num += 1 - - page_counter += 1 - - -def find_artifact(artifact_name, artifacts): - """Find the artifact with the name |artifact_name| in |artifacts|.""" - for artifact in artifacts: - # TODO(metzman): Handle multiple by making sure we download the latest. - if artifact['name'] == artifact_name and not artifact['expired']: - return artifact - return None - - -def list_artifacts(owner, repo, headers): - """Returns a generator of all the artifacts for |owner|/|repo|.""" - url = _get_artifacts_list_api_url(owner, repo) - logging.debug('Getting artifacts from: %s', url) - return _get_items(url, headers) diff --git a/infra/cifuzz/filestore/github_actions/github_api_test.py b/infra/cifuzz/filestore/github_actions/github_api_test.py deleted file mode 100644 index c7cad6db0..000000000 --- a/infra/cifuzz/filestore/github_actions/github_api_test.py +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Tests for github_api.""" -import unittest - -from filestore.github_actions import github_api -import test_helpers - - -class GetHttpAuthHeaders(unittest.TestCase): - """Tests for get_http_auth_headers.""" - - def test_get_http_auth_headers(self): - """Tests that get_http_auth_headers returns the correct result.""" - token = 'example githubtoken' - run_config = test_helpers.create_run_config(token=token) - expected_headers = { - 'Authorization': f'token {token}', - 'Accept': 'application/vnd.github.v3+json', - } - self.assertEqual(expected_headers, - github_api.get_http_auth_headers(run_config)) diff --git a/infra/cifuzz/filestore/github_actions/upload.js b/infra/cifuzz/filestore/github_actions/upload.js deleted file mode 100755 index cd025e560..000000000 --- a/infra/cifuzz/filestore/github_actions/upload.js +++ /dev/null @@ -1,33 +0,0 @@ -#!/usr/bin/env node -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// Script for uploading an artifact. Returns 0 on success. -// Usage: upload.js <aritfactName> <rootDirectory> <file 1>...<file N> - -const fs = require('fs'); -const artifact = require('@actions/artifact'); -const artifactClient = artifact.create() -const artifactName = process.argv[2]; -const rootDirectory = process.argv[3] -const files = process.argv.slice(4); -const options = { - continueOnError: true -} - -const uploadResult = artifactClient.uploadArtifact(artifactName, files, rootDirectory, options) -console.log(uploadResult); -if (uploadResult['failedItems']) { - return 1; -} -return 0; diff --git a/infra/cifuzz/filestore_utils.py b/infra/cifuzz/filestore_utils.py deleted file mode 100644 index d3aaecd82..000000000 --- a/infra/cifuzz/filestore_utils.py +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""External filestore interface. Cannot be depended on by filestore code.""" -import filestore -import filestore.git -import filestore.github_actions - - -def get_filestore(config): - """Returns the correct filestore based on the platform in |config|. - Raises an exception if there is no correct filestore for the platform.""" - # TODO(metzman): Force specifying of filestore. - if config.platform == config.Platform.EXTERNAL_GITHUB: - ci_filestore = filestore.github_actions.GithubActionsFilestore(config) - if not config.git_store_repo: - return ci_filestore - - return filestore.git.GitFilestore(config, ci_filestore) - - raise filestore.FilestoreError('Filestore doesn\'t support platform.') diff --git a/infra/cifuzz/filestore_utils_test.py b/infra/cifuzz/filestore_utils_test.py deleted file mode 100644 index db5fc5bc1..000000000 --- a/infra/cifuzz/filestore_utils_test.py +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Tests for filestore_utils.""" -import unittest -from unittest import mock - -import parameterized - -import config_utils -import filestore -from filestore import github_actions -import filestore_utils -import test_helpers - - -class GetFilestoreTest(unittest.TestCase): - """Tests for get_filestore.""" - - @parameterized.parameterized.expand([ - ({ - 'is_github': True, - }, github_actions.GithubActionsFilestore), - ]) - def test_get_filestore(self, config_kwargs, filestore_cls): - """Tests that get_filestore returns the right filestore given a certain - platform.""" - run_config = test_helpers.create_run_config(**config_kwargs) - filestore_impl = filestore_utils.get_filestore(run_config) - self.assertIsInstance(filestore_impl, filestore_cls) - - @mock.patch('config_utils.BaseConfig.platform', return_value='other') - @mock.patch('config_utils._get_ci_environment', - return_value=config_utils.GenericCiEnvironment()) - def test_get_filestore_unsupported_platform(self, _, __): - """Tests that get_filestore exceptions given a platform it doesn't - support.""" - run_config = test_helpers.create_run_config() - with self.assertRaises(filestore.FilestoreError): - filestore_utils.get_filestore(run_config) diff --git a/infra/cifuzz/fuzz_target.py b/infra/cifuzz/fuzz_target.py index ae92b14c9..c623bf60d 100644 --- a/infra/cifuzz/fuzz_target.py +++ b/infra/cifuzz/fuzz_target.py @@ -15,13 +15,17 @@ import collections import logging import os +import re import shutil import stat +import subprocess +import sys -import clusterfuzz.environment -import clusterfuzz.fuzz +import docker -import config_utils +# pylint: disable=wrong-import-position,import-error +sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) +import utils logging.basicConfig( format='%(asctime)s - %(name)s - %(levelname)s - %(message)s', @@ -29,59 +33,46 @@ logging.basicConfig( # Use a fixed seed for determinism. Use len_control=0 since we don't have enough # time fuzzing for len_control to make sense (probably). -LIBFUZZER_OPTIONS = ['-seed=1337', '-len_control=0'] +LIBFUZZER_OPTIONS = '-seed=1337 -len_control=0' # The number of reproduce attempts for a crash. REPRODUCE_ATTEMPTS = 10 -REPRODUCE_TIME_SECONDS = 30 - # Seconds on top of duration until a timeout error is raised. BUFFER_TIME = 10 # Log message if we can't check if crash reproduces on an recent build. -COULD_NOT_TEST_ON_CLUSTERFUZZ_MESSAGE = ( - 'Could not run previous build of target to determine if this code change ' - '(pr/commit) introduced crash. Assuming crash was newly introduced.') +COULD_NOT_TEST_ON_RECENT_MESSAGE = ( + 'Crash is reproducible. Could not run recent build of ' + 'target to determine if this code change (pr/commit) introduced crash. ' + 'Assuming this code change introduced crash.') -FuzzResult = collections.namedtuple('FuzzResult', - ['testcase', 'stacktrace', 'corpus_path']) +FuzzResult = collections.namedtuple('FuzzResult', ['testcase', 'stacktrace']) class ReproduceError(Exception): """Error for when we can't attempt to reproduce a crash.""" -def get_fuzz_target_corpus_dir(workspace, target_name): - """Returns the directory for storing |target_name|'s corpus in |workspace|.""" - return os.path.join(workspace.corpora, target_name) - - -def get_fuzz_target_pruned_corpus_dir(workspace, target_name): - """Returns the directory for storing |target_name|'s puned corpus in - |workspace|.""" - return os.path.join(workspace.pruned_corpora, target_name) - - -class FuzzTarget: # pylint: disable=too-many-instance-attributes +class FuzzTarget: """A class to manage a single fuzz target. Attributes: target_name: The name of the fuzz target. duration: The length of time in seconds that the target should run. target_path: The location of the fuzz target binary. - workspace: The workspace for storing things related to fuzzing. + out_dir: The location of where output artifacts are stored. """ # pylint: disable=too-many-arguments - def __init__(self, target_path, duration, workspace, clusterfuzz_deployment, + def __init__(self, target_path, duration, out_dir, clusterfuzz_deployment, config): """Represents a single fuzz target. Args: target_path: The location of the fuzz target binary. duration: The length of time in seconds the target should run. - workspace: The path used for storing things needed for fuzzing. + out_dir: The location of where the output from crashes should be stored. clusterfuzz_deployment: The object representing the ClusterFuzz deployment. config: The config of this project. @@ -89,39 +80,10 @@ class FuzzTarget: # pylint: disable=too-many-instance-attributes self.target_path = target_path self.target_name = os.path.basename(self.target_path) self.duration = int(duration) - self.workspace = workspace + self.out_dir = out_dir self.clusterfuzz_deployment = clusterfuzz_deployment self.config = config - self.latest_corpus_path = get_fuzz_target_corpus_dir( - self.workspace, self.target_name) - os.makedirs(self.latest_corpus_path, exist_ok=True) - self.pruned_corpus_path = get_fuzz_target_pruned_corpus_dir( - self.workspace, self.target_name) - os.makedirs(self.pruned_corpus_path, exist_ok=True) - - def _download_corpus(self): - """Downloads the corpus for the target from ClusterFuzz and returns the path - to the corpus. An empty directory is provided if the corpus can't be - downloaded or is empty.""" - self.clusterfuzz_deployment.download_corpus(self.target_name, - self.latest_corpus_path) - return self.latest_corpus_path - - def prune(self): - """Prunes the corpus and returns the result.""" - self._download_corpus() - with clusterfuzz.environment.Environment(config_utils.DEFAULT_ENGINE, - self.config.sanitizer, - self.target_path, - interactive=True): - engine_impl = clusterfuzz.fuzz.get_engine(config_utils.DEFAULT_ENGINE) - result = engine_impl.minimize_corpus(self.target_path, [], - [self.latest_corpus_path], - self.pruned_corpus_path, - self.workspace.artifacts, - self.duration) - - return FuzzResult(None, result.logs, self.pruned_corpus_path) + self.latest_corpus_path = None def fuzz(self): """Starts the fuzz target run for the length of time specified by duration. @@ -129,65 +91,85 @@ class FuzzTarget: # pylint: disable=too-many-instance-attributes Returns: FuzzResult namedtuple with stacktrace and testcase if applicable. """ - logging.info('Running fuzzer: %s.', self.target_name) - - self._download_corpus() - corpus_path = self.latest_corpus_path - - logging.info('Starting fuzzing') - with clusterfuzz.environment.Environment(config_utils.DEFAULT_ENGINE, - self.config.sanitizer, - self.target_path, - interactive=True) as env: - engine_impl = clusterfuzz.fuzz.get_engine(config_utils.DEFAULT_ENGINE) - options = engine_impl.prepare(corpus_path, env.target_path, env.build_dir) - options.merge_back_new_testcases = False - options.analyze_dictionary = False - options.arguments.extend(LIBFUZZER_OPTIONS) + logging.info('Fuzzer %s, started.', self.target_name) + docker_container = utils.get_container_name() + command = ['docker', 'run', '--rm', '--privileged'] + if docker_container: + command += [ + '--volumes-from', docker_container, '-e', 'OUT=' + self.out_dir + ] + else: + command += ['-v', '%s:%s' % (self.out_dir, '/out')] + + command += [ + '-e', 'FUZZING_ENGINE=libfuzzer', '-e', + 'SANITIZER=' + self.config.sanitizer, '-e', 'CIFUZZ=True', '-e', + 'RUN_FUZZER_MODE=interactive', docker.BASE_RUNNER_TAG, 'bash', '-c' + ] + + run_fuzzer_command = 'run_fuzzer {fuzz_target} {options}'.format( + fuzz_target=self.target_name, + options=LIBFUZZER_OPTIONS + ' -max_total_time=' + str(self.duration)) + + # If corpus can be downloaded use it for fuzzing. + self.latest_corpus_path = self.clusterfuzz_deployment.download_corpus( + self.target_name, self.out_dir) + if self.latest_corpus_path: + run_fuzzer_command = run_fuzzer_command + ' ' + self.latest_corpus_path + command.append(run_fuzzer_command) + + logging.info('Running command: %s', ' '.join(command)) + process = subprocess.Popen(command, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) - result = engine_impl.fuzz(self.target_path, options, - self.workspace.artifacts, self.duration) + try: + _, stderr = process.communicate(timeout=self.duration + BUFFER_TIME) + except subprocess.TimeoutExpired: + logging.error('Fuzzer %s timed out, ending fuzzing.', self.target_name) + return FuzzResult(None, None) # Libfuzzer timeout was reached. - if not result.crashes: + if not process.returncode: logging.info('Fuzzer %s finished with no crashes discovered.', self.target_name) - return FuzzResult(None, None, self.latest_corpus_path) - - # Only report first crash. - crash = result.crashes[0] - logging.info('Fuzzer: %s. Detected bug:\n%s', self.target_name, - crash.stacktrace) - - if self.is_crash_reportable(crash.input_path): + return FuzzResult(None, None) + + # Crash was discovered. + logging.info('Fuzzer %s, ended before timeout.', self.target_name) + testcase = self.get_testcase(stderr) + if not testcase: + logging.error(b'No testcase found in stacktrace: %s.', stderr) + return FuzzResult(None, None) + + utils.binary_print(b'Fuzzer: %s. Detected bug:\n%s' % + (self.target_name.encode(), stderr)) + if self.is_crash_reportable(testcase): # We found a bug in the fuzz target and we will report it. - return FuzzResult(crash.input_path, result.logs, self.latest_corpus_path) + return FuzzResult(testcase, stderr) # We found a bug but we won't report it. - return FuzzResult(None, None, self.latest_corpus_path) + return FuzzResult(None, None) - def free_disk_if_needed(self, delete_fuzz_target=True): + def free_disk_if_needed(self): """Deletes things that are no longer needed from fuzzing this fuzz target to save disk space if needed.""" if not self.config.low_disk_space: - logging.info('Not freeing disk space after running fuzz target.') return - logging.info('Deleting corpus and seed corpus of %s to save disk.', - self.target_name) + logging.info( + 'Deleting corpus, seed corpus and fuzz target of %s to save disk.', + self.target_name) # Delete the seed corpus, corpus, and fuzz target. - for corpus_path in [self.latest_corpus_path, self.pruned_corpus_path]: + if self.latest_corpus_path and os.path.exists(self.latest_corpus_path): # Use ignore_errors=True to fix # https://github.com/google/oss-fuzz/issues/5383. - shutil.rmtree(corpus_path, ignore_errors=True) + shutil.rmtree(self.latest_corpus_path, ignore_errors=True) + os.remove(self.target_path) target_seed_corpus_path = self.target_path + '_seed_corpus.zip' if os.path.exists(target_seed_corpus_path): os.remove(target_seed_corpus_path) - - if delete_fuzz_target: - logging.info('Deleting fuzz target: %s.', self.target_name) - os.remove(self.target_path) logging.info('Done deleting.') def is_reproducible(self, testcase, target_path): @@ -204,31 +186,41 @@ class FuzzTarget: # pylint: disable=too-many-instance-attributes Raises: ReproduceError if we can't attempt to reproduce the crash. """ + if not os.path.exists(target_path): - logging.info('Target: %s does not exist.', target_path) - raise ReproduceError(f'Target {target_path} not found.') + raise ReproduceError('Target %s not found.' % target_path) os.chmod(target_path, stat.S_IRWXO) - logging.info('Trying to reproduce crash using: %s.', testcase) - with clusterfuzz.environment.Environment(config_utils.DEFAULT_ENGINE, - self.config.sanitizer, - target_path, - interactive=True): - for _ in range(REPRODUCE_ATTEMPTS): - engine_impl = clusterfuzz.fuzz.get_engine(config_utils.DEFAULT_ENGINE) - result = engine_impl.reproduce(target_path, - testcase, - arguments=[], - max_time=REPRODUCE_TIME_SECONDS) - - if result.return_code != 0: - logging.info('Reproduce command returned: %s. Reproducible on %s.', - result.return_code, target_path) - - return True - - logging.info('Reproduce command returned: 0. Not reproducible on %s.', + target_dirname = os.path.dirname(target_path) + command = ['docker', 'run', '--rm', '--privileged'] + container = utils.get_container_name() + if container: + command += [ + '--volumes-from', container, '-e', 'OUT=' + target_dirname, '-e', + 'TESTCASE=' + testcase + ] + else: + command += [ + '-v', + '%s:/out' % target_dirname, '-v', + '%s:/testcase' % testcase + ] + + command += [ + '-t', docker.BASE_RUNNER_TAG, 'reproduce', self.target_name, '-runs=100' + ] + + logging.info('Running reproduce command: %s.', ' '.join(command)) + for _ in range(REPRODUCE_ATTEMPTS): + _, _, returncode = utils.execute(command) + if returncode != 0: + logging.info('Reproduce command returned: %s. Reproducible on %s.', + returncode, target_path) + + return True + + logging.info('Reproduce command returned 0. Not reproducible on %s.', target_path) return False @@ -247,52 +239,60 @@ class FuzzTarget: # pylint: disable=too-many-instance-attributes ReproduceError if we can't attempt to reproduce the crash on the PR build. """ if not os.path.exists(testcase): - raise ReproduceError(f'Testcase {testcase} not found.') + raise ReproduceError('Testcase %s not found.' % testcase) try: reproducible_on_code_change = self.is_reproducible( testcase, self.target_path) except ReproduceError as error: - logging.error('Could not check for crash reproducibility.' + logging.error('Could not run target when checking for reproducibility.' 'Please file an issue:' 'https://github.com/google/oss-fuzz/issues/new.') raise error if not reproducible_on_code_change: - logging.info('Crash is not reproducible.') - return self.config.report_unreproducible_crashes - - logging.info('Crash is reproducible.') - return self.is_crash_novel(testcase) + logging.info('Failed to reproduce the crash using the obtained testcase.') + return False - def is_crash_novel(self, testcase): - """Returns whether or not the crash is new. A crash is considered new if it - can't be reproduced on an older ClusterFuzz build of the target.""" - if not os.path.exists(testcase): - raise ReproduceError('Testcase %s not found.' % testcase) - clusterfuzz_build_dir = self.clusterfuzz_deployment.download_latest_build() + clusterfuzz_build_dir = self.clusterfuzz_deployment.download_latest_build( + self.out_dir) if not clusterfuzz_build_dir: # Crash is reproducible on PR build and we can't test on a recent # ClusterFuzz/OSS-Fuzz build. - logging.info(COULD_NOT_TEST_ON_CLUSTERFUZZ_MESSAGE) + logging.info(COULD_NOT_TEST_ON_RECENT_MESSAGE) return True clusterfuzz_target_path = os.path.join(clusterfuzz_build_dir, self.target_name) - try: reproducible_on_clusterfuzz_build = self.is_reproducible( testcase, clusterfuzz_target_path) except ReproduceError: # This happens if the project has ClusterFuzz builds, but the fuzz target # is not in it (e.g. because the fuzz target is new). - logging.info(COULD_NOT_TEST_ON_CLUSTERFUZZ_MESSAGE) + logging.info(COULD_NOT_TEST_ON_RECENT_MESSAGE) return True - if reproducible_on_clusterfuzz_build: - logging.info('The crash is reproducible on previous build. ' - 'Code change (pr/commit) did not introduce crash.') - return False - logging.info('The crash is not reproducible on previous build. ' - 'Code change (pr/commit) introduced crash.') - return True + if not reproducible_on_clusterfuzz_build: + logging.info('The crash is reproducible. The crash doesn\'t reproduce ' + 'on old builds. This code change probably introduced the ' + 'crash.') + return True + + logging.info('The crash is reproducible on old builds ' + '(without the current code change).') + return False + + def get_testcase(self, error_bytes): + """Gets the file from a fuzzer run stacktrace. + + Args: + error_bytes: The bytes containing the output from the fuzzer. + + Returns: + The path to the testcase or None if not found. + """ + match = re.search(rb'\bTest unit written to \.\/([^\s]+)', error_bytes) + if match: + return os.path.join(self.out_dir, match.group(1).decode('utf-8')) + return None diff --git a/infra/cifuzz/fuzz_target_test.py b/infra/cifuzz/fuzz_target_test.py index ecea6fbbf..8bec234dc 100644 --- a/infra/cifuzz/fuzz_target_test.py +++ b/infra/cifuzz/fuzz_target_test.py @@ -18,18 +18,12 @@ import tempfile import unittest from unittest import mock -import certifi -# Importing this later causes import failures with pytest for some reason. -# TODO(ochang): Figure out why. import parameterized -import google.cloud.ndb # pylint: disable=unused-import from pyfakefs import fake_filesystem_unittest -from clusterfuzz.fuzz import engine import clusterfuzz_deployment +import config_utils import fuzz_target -import test_helpers -import workspace_utils # NOTE: This integration test relies on # https://github.com/google/oss-fuzz/tree/master/projects/example project. @@ -38,118 +32,153 @@ EXAMPLE_PROJECT = 'example' # An example fuzzer that triggers an error. EXAMPLE_FUZZER = 'example_crash_fuzzer' -# Mock return values for engine_impl.reproduce. -EXECUTE_SUCCESS_RESULT = engine.ReproduceResult([], 0, 0, '') -EXECUTE_FAILURE_RESULT = engine.ReproduceResult([], 1, 0, '') +# The return value of a successful call to utils.execute. +EXECUTE_SUCCESS_RETVAL = ('', '', 0) + +# The return value of a failed call to utils.execute. +EXECUTE_FAILURE_RETVAL = ('', '', 1) def _create_config(**kwargs): """Creates a config object and then sets every attribute that is a key in |kwargs| to the corresponding value. Asserts that each key in |kwargs| is an attribute of Config.""" - defaults = { - 'is_github': True, - 'oss_fuzz_project_name': EXAMPLE_PROJECT, - 'workspace': '/workspace' - } + defaults = {'is_github': True, 'project_name': EXAMPLE_PROJECT} for default_key, default_value in defaults.items(): if default_key not in kwargs: kwargs[default_key] = default_value - return test_helpers.create_run_config(**kwargs) + with mock.patch('os.path.basename', return_value=None), mock.patch( + 'config_utils.get_project_src_path', + return_value=None), mock.patch('config_utils._is_dry_run', + return_value=True): + config = config_utils.RunFuzzersConfig() + + for key, value in kwargs.items(): + assert hasattr(config, key), 'Config doesn\'t have attribute: ' + key + setattr(config, key, value) + return config def _create_deployment(**kwargs): config = _create_config(**kwargs) - workspace = workspace_utils.Workspace(config) - return clusterfuzz_deployment.get_clusterfuzz_deployment(config, workspace) + return clusterfuzz_deployment.get_clusterfuzz_deployment(config) +# TODO(metzman): Use patch from test_libs/helpers.py in clusterfuzz so that we +# don't need to accept this as an argument in every test method. @mock.patch('utils.get_container_name', return_value='container') class IsReproducibleTest(fake_filesystem_unittest.TestCase): """Tests the is_reproducible method in the fuzz_target.FuzzTarget class.""" def setUp(self): """Sets up example fuzz target to test is_reproducible method.""" - self.fuzz_target_name = 'fuzz-target' - deployment = _create_deployment() - self.config = deployment.config - self.workspace = deployment.workspace - self.fuzz_target_path = os.path.join(self.workspace.out, - self.fuzz_target_name) - self.setUpPyfakefs() - self.fs.create_file(self.fuzz_target_path) + self.fuzz_target_path = '/example/path' self.testcase_path = '/testcase' - self.fs.create_file(self.testcase_path) - - self.target = fuzz_target.FuzzTarget(self.fuzz_target_path, - fuzz_target.REPRODUCE_ATTEMPTS, - self.workspace, deployment, - deployment.config) - - # ClusterFuzz requires ROOT_DIR. - root_dir = os.environ['ROOT_DIR'] - test_helpers.patch_environ(self, empty=True) - os.environ['ROOT_DIR'] = root_dir + deployment = _create_deployment() + self.test_target = fuzz_target.FuzzTarget(self.fuzz_target_path, + fuzz_target.REPRODUCE_ATTEMPTS, + '/example/outdir', deployment, + deployment.config) def test_reproducible(self, _): """Tests that is_reproducible returns True if crash is detected and that is_reproducible uses the correct command to reproduce a crash.""" - all_repro = [EXECUTE_FAILURE_RESULT] * fuzz_target.REPRODUCE_ATTEMPTS - with mock.patch('clusterfuzz.fuzz.get_engine') as mock_get_engine: - mock_get_engine().reproduce.side_effect = all_repro - - result = self.target.is_reproducible(self.testcase_path, - self.fuzz_target_path) - mock_get_engine().reproduce.assert_called_once_with( - '/workspace/build-out/fuzz-target', - '/testcase', - arguments=[], - max_time=30) + self._set_up_fakefs() + all_repro = [EXECUTE_FAILURE_RETVAL] * fuzz_target.REPRODUCE_ATTEMPTS + with mock.patch('utils.execute', side_effect=all_repro) as mocked_execute: + result = self.test_target.is_reproducible(self.testcase_path, + self.fuzz_target_path) + mocked_execute.assert_called_once_with([ + 'docker', 'run', '--rm', '--privileged', '--volumes-from', + 'container', '-e', 'OUT=/example', '-e', + 'TESTCASE=' + self.testcase_path, '-t', + 'gcr.io/oss-fuzz-base/base-runner', 'reproduce', 'path', '-runs=100' + ]) self.assertTrue(result) - self.assertEqual(1, mock_get_engine().reproduce.call_count) + self.assertEqual(1, mocked_execute.call_count) + + def _set_up_fakefs(self): + """Helper to setup pyfakefs and add important files to the fake + filesystem.""" + self.setUpPyfakefs() + self.fs.create_file(self.fuzz_target_path) + self.fs.create_file(self.testcase_path) def test_flaky(self, _): """Tests that is_reproducible returns True if crash is detected on the last attempt.""" - last_time_repro = [EXECUTE_SUCCESS_RESULT] * 9 + [EXECUTE_FAILURE_RESULT] - with mock.patch('clusterfuzz.fuzz.get_engine') as mock_get_engine: - mock_get_engine().reproduce.side_effect = last_time_repro + self._set_up_fakefs() + last_time_repro = [EXECUTE_SUCCESS_RETVAL] * 9 + [EXECUTE_FAILURE_RETVAL] + with mock.patch('utils.execute', + side_effect=last_time_repro) as mocked_execute: self.assertTrue( - self.target.is_reproducible(self.testcase_path, - self.fuzz_target_path)) + self.test_target.is_reproducible(self.testcase_path, + self.fuzz_target_path)) self.assertEqual(fuzz_target.REPRODUCE_ATTEMPTS, - mock_get_engine().reproduce.call_count) + mocked_execute.call_count) def test_nonexistent_fuzzer(self, _): """Tests that is_reproducible raises an error if it could not attempt reproduction because the fuzzer doesn't exist.""" with self.assertRaises(fuzz_target.ReproduceError): - self.target.is_reproducible(self.testcase_path, '/non-existent-path') + self.test_target.is_reproducible(self.testcase_path, '/non-existent-path') def test_unreproducible(self, _): """Tests that is_reproducible returns False for a crash that did not reproduce.""" - all_unrepro = [EXECUTE_SUCCESS_RESULT] * fuzz_target.REPRODUCE_ATTEMPTS - with mock.patch('clusterfuzz.fuzz.get_engine') as mock_get_engine: - mock_get_engine().reproduce.side_effect = all_unrepro - result = self.target.is_reproducible(self.testcase_path, - self.fuzz_target_path) + all_unrepro = [EXECUTE_SUCCESS_RETVAL] * fuzz_target.REPRODUCE_ATTEMPTS + self._set_up_fakefs() + with mock.patch('utils.execute', side_effect=all_unrepro): + result = self.test_target.is_reproducible(self.testcase_path, + self.fuzz_target_path) self.assertFalse(result) +class GetTestCaseTest(unittest.TestCase): + """Tests get_testcase.""" + + def setUp(self): + """Sets up example fuzz target to test get_testcase method.""" + deployment = _create_deployment() + self.test_target = fuzz_target.FuzzTarget('/example/path', 10, + '/example/outdir', deployment, + deployment.config) + + def test_valid_error_string(self): + """Tests that get_testcase returns the correct testcase give an error.""" + testcase_path = os.path.join(os.path.dirname(os.path.abspath(__file__)), + 'test_data', 'example_crash_fuzzer_output.txt') + with open(testcase_path, 'rb') as test_fuzz_output: + parsed_testcase = self.test_target.get_testcase(test_fuzz_output.read()) + self.assertEqual( + parsed_testcase, + '/example/outdir/crash-ad6700613693ef977ff3a8c8f4dae239c3dde6f5') + + def test_invalid_error_string(self): + """Tests that get_testcase returns None with a bad error string.""" + self.assertIsNone(self.test_target.get_testcase(b'')) + self.assertIsNone(self.test_target.get_testcase(b' Example crash string.')) + + def test_encoding(self): + """Tests that get_testcase accepts bytes and returns a string.""" + fuzzer_output = b'\x8fTest unit written to ./crash-1' + result = self.test_target.get_testcase(fuzzer_output) + self.assertTrue(isinstance(result, str)) + + class IsCrashReportableTest(fake_filesystem_unittest.TestCase): """Tests the is_crash_reportable method of FuzzTarget.""" def setUp(self): """Sets up example fuzz target to test is_crash_reportable method.""" - self.setUpPyfakefs() self.fuzz_target_path = '/example/do_stuff_fuzzer' deployment = _create_deployment() - self.target = fuzz_target.FuzzTarget(self.fuzz_target_path, 100, - deployment.workspace, deployment, - deployment.config) + self.test_target = fuzz_target.FuzzTarget(self.fuzz_target_path, 100, + '/example/outdir', deployment, + deployment.config) self.oss_fuzz_build_path = '/oss-fuzz-build' + self.setUpPyfakefs() self.fs.create_file(self.fuzz_target_path) self.oss_fuzz_target_path = os.path.join( self.oss_fuzz_build_path, os.path.basename(self.fuzz_target_path)) @@ -157,20 +186,18 @@ class IsCrashReportableTest(fake_filesystem_unittest.TestCase): self.testcase_path = '/testcase' self.fs.create_file(self.testcase_path, contents='') - # Do this to prevent pyfakefs from messing with requests. - self.fs.add_real_directory(os.path.dirname(certifi.__file__)) - @mock.patch('fuzz_target.FuzzTarget.is_reproducible', side_effect=[True, False]) @mock.patch('logging.info') - def test_new_reproducible_crash(self, mock_info, _): + def test_new_reproducible_crash(self, mocked_info, _): """Tests that a new reproducible crash returns True.""" with tempfile.TemporaryDirectory() as tmp_dir: - self.target.out_dir = tmp_dir - self.assertTrue(self.target.is_crash_reportable(self.testcase_path)) - mock_info.assert_called_with( - 'The crash is not reproducible on previous build. ' - 'Code change (pr/commit) introduced crash.') + self.test_target.out_dir = tmp_dir + self.assertTrue(self.test_target.is_crash_reportable(self.testcase_path)) + mocked_info.assert_called_with( + 'The crash is reproducible. The crash doesn\'t reproduce ' + 'on old builds. This code change probably introduced the ' + 'crash.') # yapf: disable @parameterized.parameterized.expand([ @@ -191,11 +218,12 @@ class IsCrashReportableTest(fake_filesystem_unittest.TestCase): side_effect=is_reproducible_retvals): with mock.patch('clusterfuzz_deployment.OSSFuzz.download_latest_build', return_value=self.oss_fuzz_build_path): - self.assertFalse(self.target.is_crash_reportable(self.testcase_path)) + self.assertFalse( + self.test_target.is_crash_reportable(self.testcase_path)) @mock.patch('logging.info') @mock.patch('fuzz_target.FuzzTarget.is_reproducible', return_value=[True]) - def test_reproducible_no_oss_fuzz_target(self, _, mock_info): + def test_reproducible_no_oss_fuzz_target(self, _, mocked_info): """Tests that is_crash_reportable returns True when a crash reproduces on the PR build but the target is not in the OSS-Fuzz build (usually because it is new).""" @@ -208,16 +236,17 @@ class IsCrashReportableTest(fake_filesystem_unittest.TestCase): with mock.patch( 'fuzz_target.FuzzTarget.is_reproducible', - side_effect=is_reproducible_side_effect) as mock_is_reproducible: + side_effect=is_reproducible_side_effect) as mocked_is_reproducible: with mock.patch('clusterfuzz_deployment.OSSFuzz.download_latest_build', return_value=self.oss_fuzz_build_path): - self.assertTrue(self.target.is_crash_reportable(self.testcase_path)) - mock_is_reproducible.assert_any_call(self.testcase_path, - self.oss_fuzz_target_path) - mock_info.assert_called_with( - 'Could not run previous build of target to determine if this code ' - 'change (pr/commit) introduced crash. Assuming crash was newly ' - 'introduced.') + self.assertTrue(self.test_target.is_crash_reportable( + self.testcase_path)) + mocked_is_reproducible.assert_any_call(self.testcase_path, + self.oss_fuzz_target_path) + mocked_info.assert_called_with( + 'Crash is reproducible. Could not run recent build of ' + 'target to determine if this code change (pr/commit) introduced crash. ' + 'Assuming this code change introduced crash.') if __name__ == '__main__': diff --git a/infra/cifuzz/generate_coverage_report.py b/infra/cifuzz/generate_coverage_report.py deleted file mode 100644 index 9901c452a..000000000 --- a/infra/cifuzz/generate_coverage_report.py +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Module for generating coverage reports.""" -import os - -import base_runner_utils -import fuzz_target -import utils - - -def run_coverage_command(config, workspace): - """Runs the coverage command in base-runner to generate a coverage report.""" - env = base_runner_utils.get_env(config, workspace) - env['HTTP_PORT'] = '' - env['COVERAGE_EXTRA_ARGS'] = '' - env['CORPUS_DIR'] = workspace.corpora - env['COVERAGE_OUTPUT_DIR'] = workspace.coverage_report - command = 'coverage' - return utils.execute(command, env=env) - - -def download_corpora(fuzz_target_paths, clusterfuzz_deployment): - """Downloads corpora for fuzz targets in |fuzz_target_paths| using - |clusterfuzz_deployment| to download corpora from ClusterFuzz/OSS-Fuzz.""" - for target_path in fuzz_target_paths: - target_name = os.path.basename(target_path) - corpus_dir = fuzz_target.get_fuzz_target_corpus_dir( - clusterfuzz_deployment.workspace, target_name) - clusterfuzz_deployment.download_corpus(target_name, corpus_dir) - - -def generate_coverage_report(fuzz_target_paths, workspace, - clusterfuzz_deployment, config): - """Generates a coverage report using Clang's source based coverage.""" - download_corpora(fuzz_target_paths, clusterfuzz_deployment) - run_coverage_command(config, workspace) - clusterfuzz_deployment.upload_coverage() diff --git a/infra/cifuzz/generate_coverage_report_test.py b/infra/cifuzz/generate_coverage_report_test.py deleted file mode 100644 index df2c9b206..000000000 --- a/infra/cifuzz/generate_coverage_report_test.py +++ /dev/null @@ -1,71 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Tests for generate_coverage_report.""" - -import unittest -from unittest import mock - -import generate_coverage_report -import test_helpers - -OUT_DIR = '/outdir' -PROJECT = 'example-project' -SANITIZER = 'coverage' - - -class TestRunCoverageCommand(unittest.TestCase): - """Tests run_coverage_command""" - - def setUp(self): - test_helpers.patch_environ(self, empty=True) - - @mock.patch('utils.execute') - def test_run_coverage_command(self, mock_execute): # pylint: disable=no-self-use - """Tests that run_coverage_command works as intended.""" - config = test_helpers.create_run_config(oss_fuzz_project_name=PROJECT, - sanitizer=SANITIZER) - workspace = test_helpers.create_workspace() - generate_coverage_report.run_coverage_command(config, workspace) - expected_command = 'coverage' - expected_env = { - 'SANITIZER': config.sanitizer, - 'FUZZING_LANGUAGE': config.language, - 'OUT': workspace.out, - 'CIFUZZ': 'True', - 'FUZZING_ENGINE': 'libfuzzer', - 'ARCHITECTURE': 'x86_64', - 'FUZZER_ARGS': '-rss_limit_mb=2560 -timeout=25', - 'HTTP_PORT': '', - 'COVERAGE_EXTRA_ARGS': '', - 'CORPUS_DIR': workspace.corpora, - 'COVERAGE_OUTPUT_DIR': workspace.coverage_report - } - mock_execute.assert_called_with(expected_command, env=expected_env) - - -class DownloadCorporaTest(unittest.TestCase): - """Tests for download_corpora.""" - - def test_download_corpora(self): # pylint: disable=no-self-use - """Tests that download_corpora works as intended.""" - clusterfuzz_deployment = mock.Mock() - clusterfuzz_deployment.workspace = test_helpers.create_workspace() - fuzz_target_paths = ['/path/to/fuzzer1', '/path/to/fuzzer2'] - expected_calls = [ - mock.call('fuzzer1', '/workspace/cifuzz-corpus/fuzzer1'), - mock.call('fuzzer2', '/workspace/cifuzz-corpus/fuzzer2') - ] - generate_coverage_report.download_corpora(fuzz_target_paths, - clusterfuzz_deployment) - clusterfuzz_deployment.download_corpus.assert_has_calls(expected_calls) diff --git a/infra/cifuzz/get_coverage_test.py b/infra/cifuzz/get_coverage_test.py deleted file mode 100644 index fcfc9bd25..000000000 --- a/infra/cifuzz/get_coverage_test.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Tests for get_coverage.py""" -import os -import json -import unittest -from unittest import mock - -from pyfakefs import fake_filesystem_unittest -import pytest - -import get_coverage - -# pylint: disable=protected-access - -TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)), - 'test_data') - -PROJECT_NAME = 'curl' -REPO_PATH = '/src/curl' -FUZZ_TARGET = 'curl_fuzzer' -PROJECT_COV_JSON_FILENAME = 'example_curl_cov.json' -FUZZ_TARGET_COV_JSON_FILENAME = 'example_curl_fuzzer_cov.json' -INVALID_TARGET = 'not-a-fuzz-target' - -with open(os.path.join(TEST_DATA_PATH, - PROJECT_COV_JSON_FILENAME),) as cov_file_handle: - PROJECT_COV_INFO = json.loads(cov_file_handle.read()) - - -class GetOssFuzzFuzzerStatsDirUrlTest(unittest.TestCase): - """Tests _get_oss_fuzz_fuzzer_stats_dir_url.""" - - @mock.patch('http_utils.get_json_from_url', - return_value={ - 'fuzzer_stats_dir': - 'gs://oss-fuzz-coverage/systemd/fuzzer_stats/20210303' - }) - def test_get_valid_project(self, mock_get_json_from_url): - """Tests that a project's coverage report can be downloaded and parsed. - - NOTE: This test relies on the PROJECT_NAME repo's coverage report. - The "example" project was not used because it has no coverage reports. - """ - result = get_coverage._get_oss_fuzz_fuzzer_stats_dir_url(PROJECT_NAME) - (url,), _ = mock_get_json_from_url.call_args - self.assertEqual( - 'https://storage.googleapis.com/oss-fuzz-coverage/' - 'latest_report_info/curl.json', url) - - expected_result = ( - 'https://storage.googleapis.com/oss-fuzz-coverage/systemd/fuzzer_stats/' - '20210303') - self.assertEqual(result, expected_result) - - def test_get_invalid_project(self): - """Tests that passing a bad project returns None.""" - self.assertIsNone( - get_coverage._get_oss_fuzz_fuzzer_stats_dir_url('not-a-proj')) - - -class OSSFuzzCoverageGetTargetCoverageTest(unittest.TestCase): - """Tests OSSFuzzCoverage.get_target_coverage.""" - - def setUp(self): - with mock.patch('get_coverage._get_oss_fuzz_latest_cov_report_info', - return_value=PROJECT_COV_INFO): - self.oss_fuzz_coverage = get_coverage.OSSFuzzCoverage( - REPO_PATH, PROJECT_NAME) - - @mock.patch('http_utils.get_json_from_url', return_value={}) - def test_valid_target(self, mock_get_json_from_url): - """Tests that a target's coverage report can be downloaded and parsed.""" - self.oss_fuzz_coverage.get_target_coverage(FUZZ_TARGET) - (url,), _ = mock_get_json_from_url.call_args - self.assertEqual( - 'https://storage.googleapis.com/oss-fuzz-coverage/' - 'curl/fuzzer_stats/20200226/curl_fuzzer.json', url) - - def test_invalid_target(self): - """Tests that passing an invalid target coverage report returns None.""" - self.assertIsNone( - self.oss_fuzz_coverage.get_target_coverage(INVALID_TARGET)) - - @mock.patch('get_coverage._get_oss_fuzz_latest_cov_report_info', - return_value=None) - def test_invalid_project_json(self, _): # pylint: disable=no-self-use - """Tests an invalid project JSON results in None being returned.""" - with pytest.raises(get_coverage.CoverageError): - get_coverage.OSSFuzzCoverage(REPO_PATH, PROJECT_NAME) - - -def _get_expected_curl_covered_file_list(): - """Returns the expected covered file list for - FUZZ_TARGET_COV_JSON_FILENAME.""" - curl_files_list_path = os.path.join(TEST_DATA_PATH, - 'example_curl_file_list.json') - with open(curl_files_list_path) as file_handle: - return json.loads(file_handle.read()) - - -def _get_example_curl_coverage(): - """Returns the contents of the fuzzer stats JSON file for - FUZZ_TARGET_COV_JSON_FILENAME.""" - with open(os.path.join(TEST_DATA_PATH, - FUZZ_TARGET_COV_JSON_FILENAME)) as file_handle: - return json.loads(file_handle.read()) - - -class OSSFuzzCoverageGetFilesCoveredByTargetTest(unittest.TestCase): - """Tests OSSFuzzCoverage.get_files_covered_by_target.""" - - def setUp(self): - with mock.patch('get_coverage._get_oss_fuzz_latest_cov_report_info', - return_value=PROJECT_COV_INFO): - self.oss_fuzz_coverage = get_coverage.OSSFuzzCoverage( - REPO_PATH, PROJECT_NAME) - - def test_valid_target(self): - """Tests that covered files can be retrieved from a coverage report.""" - fuzzer_cov_data = _get_example_curl_coverage() - with mock.patch('get_coverage.OSSFuzzCoverage.get_target_coverage', - return_value=fuzzer_cov_data): - file_list = self.oss_fuzz_coverage.get_files_covered_by_target( - FUZZ_TARGET) - - expected_file_list = _get_expected_curl_covered_file_list() - self.assertCountEqual(file_list, expected_file_list) - - def test_invalid_target(self): - """Tests passing invalid fuzz target returns None.""" - self.assertIsNone( - self.oss_fuzz_coverage.get_files_covered_by_target(INVALID_TARGET)) - - -class FilesystemCoverageGetFilesCoveredByTargetTest( - fake_filesystem_unittest.TestCase): - """Tests FilesystemCoverage.get_files_covered_by_target.""" - - def setUp(self): - _fuzzer_cov_data = _get_example_curl_coverage() - self._expected_file_list = _get_expected_curl_covered_file_list() - self.coverage_path = '/coverage' - self.filesystem_coverage = get_coverage.FilesystemCoverage( - REPO_PATH, self.coverage_path) - self.setUpPyfakefs() - self.fs.create_file(os.path.join(self.coverage_path, 'fuzzer_stats', - FUZZ_TARGET + '.json'), - contents=json.dumps(_fuzzer_cov_data)) - - def test_valid_target(self): - """Tests that covered files can be retrieved from a coverage report.""" - file_list = self.filesystem_coverage.get_files_covered_by_target( - FUZZ_TARGET) - self.assertCountEqual(file_list, self._expected_file_list) - - def test_invalid_target(self): - """Tests passing invalid fuzz target returns None.""" - self.assertIsNone( - self.filesystem_coverage.get_files_covered_by_target(INVALID_TARGET)) - - -class IsFileCoveredTest(unittest.TestCase): - """Tests for is_file_covered.""" - - def test_is_file_covered_covered(self): - """Tests that is_file_covered returns True for a covered file.""" - file_coverage = { - 'filename': '/src/systemd/src/basic/locale-util.c', - 'summary': { - 'regions': { - 'count': 204, - 'covered': 200, - 'notcovered': 200, - 'percent': 98.03 - } - } - } - self.assertTrue(get_coverage.is_file_covered(file_coverage)) - - def test_is_file_covered_not_covered(self): - """Tests that is_file_covered returns False for a not covered file.""" - file_coverage = { - 'filename': '/src/systemd/src/basic/locale-util.c', - 'summary': { - 'regions': { - 'count': 204, - 'covered': 0, - 'notcovered': 0, - 'percent': 0 - } - } - } - self.assertFalse(get_coverage.is_file_covered(file_coverage)) - - -class GetOssFuzzLatestCovReportInfo(unittest.TestCase): - """Tests that _get_oss_fuzz_latest_cov_report_info works as - intended.""" - - PROJECT = 'project' - LATEST_REPORT_INFO_URL = ('https://storage.googleapis.com/oss-fuzz-coverage/' - 'latest_report_info/project.json') - - @mock.patch('logging.error') - @mock.patch('http_utils.get_json_from_url', return_value={'coverage': 1}) - def test_get_oss_fuzz_latest_cov_report_info(self, mock_get_json_from_url, - mock_error): - """Tests that _get_oss_fuzz_latest_cov_report_info works as intended.""" - result = get_coverage._get_oss_fuzz_latest_cov_report_info(self.PROJECT) - self.assertEqual(result, {'coverage': 1}) - mock_error.assert_not_called() - mock_get_json_from_url.assert_called_with(self.LATEST_REPORT_INFO_URL) - - @mock.patch('logging.error') - @mock.patch('http_utils.get_json_from_url', return_value=None) - def test_get_oss_fuzz_latest_cov_report_info_fail(self, _, mock_error): - """Tests that _get_oss_fuzz_latest_cov_report_info works as intended when we - can't get latest report info.""" - result = get_coverage._get_oss_fuzz_latest_cov_report_info('project') - self.assertIsNone(result) - mock_error.assert_called_with( - 'Could not get the coverage report json from url: %s.', - self.LATEST_REPORT_INFO_URL) - - -if __name__ == '__main__': - unittest.main() diff --git a/infra/cifuzz/http_utils.py b/infra/cifuzz/http_utils.py deleted file mode 100644 index 931183593..000000000 --- a/infra/cifuzz/http_utils.py +++ /dev/null @@ -1,117 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Utility module for HTTP.""" -import json -import logging -import os -import sys -import tempfile -import zipfile - -import requests - -# pylint: disable=wrong-import-position,import-error -sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) -import retry - -_DOWNLOAD_URL_RETRIES = 3 -_DOWNLOAD_URL_BACKOFF = 1 - - -def download_and_unpack_zip(url, extract_directory, headers=None): - """Downloads and unpacks a zip file from an HTTP URL. - - Args: - url: A url to the zip file to be downloaded and unpacked. - extract_directory: The path where the zip file should be extracted to. - headers: (Optional) HTTP headers to send with the download request. - - Returns: - True on success. - """ - if headers is None: - headers = {} - - if not os.path.exists(extract_directory): - logging.error('Extract directory: %s does not exist.', extract_directory) - return False - - # Gives the temporary zip file a unique identifier in the case that - # that download_and_unpack_zip is done in parallel. - with tempfile.NamedTemporaryFile(suffix='.zip') as tmp_file: - if not download_url(url, tmp_file.name, headers=headers): - return False - - try: - with zipfile.ZipFile(tmp_file.name, 'r') as zip_file: - zip_file.extractall(extract_directory) - except zipfile.BadZipFile: - logging.error('Error unpacking zip from %s. Bad Zipfile.', url) - return False - - return True - - -def download_url(*args, **kwargs): - """Wrapper around _download_url that returns False if _download_url - exceptions.""" - try: - return _download_url(*args, **kwargs) - except Exception: # pylint: disable=broad-except - return False - - -def get_json_from_url(url): - """Gets a json object from a specified HTTP URL. - - Args: - url: The url of the json to be downloaded. - - Returns: - A dictionary deserialized from JSON or None on failure. - """ - response = requests.get(url) - try: - return response.json() - except (ValueError, TypeError, json.JSONDecodeError) as err: - logging.error('Loading json from url %s failed with: %s.', url, str(err)) - return None - - -@retry.wrap(_DOWNLOAD_URL_RETRIES, _DOWNLOAD_URL_BACKOFF) -def _download_url(url, filename, headers=None): - """Downloads the file located at |url|, using HTTP to |filename|. - - Args: - url: A url to a file to download. - filename: The path the file should be downloaded to. - headers: (Optional) HTTP headers to send with the download request. - - Returns: - True on success. - """ - if headers is None: - headers = {} - - response = requests.get(url, headers=headers) - - if response.status_code != 200: - logging.error('Unable to download from: %s. Code: %d. Content: %s.', url, - response.status_code, response.content) - return False - - with open(filename, 'wb') as file_handle: - file_handle.write(response.content) - - return True diff --git a/infra/cifuzz/http_utils_test.py b/infra/cifuzz/http_utils_test.py deleted file mode 100644 index 64d0598ac..000000000 --- a/infra/cifuzz/http_utils_test.py +++ /dev/null @@ -1,71 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Tests for http_utils.py""" - -import unittest -from unittest import mock - -from pyfakefs import fake_filesystem_unittest - -import http_utils - -mock_get_response = mock.MagicMock(status_code=200, content=b'') - - -class DownloadUrlTest(unittest.TestCase): - """Tests that download_url works.""" - URL = 'https://example.com/file' - FILE_PATH = '/tmp/file' - - @mock.patch('time.sleep') - @mock.patch('requests.get', return_value=mock_get_response) - def test_download_url_no_error(self, mock_urlretrieve, _): - """Tests that download_url works when there is no error.""" - self.assertTrue(http_utils.download_url(self.URL, self.FILE_PATH)) - self.assertEqual(1, mock_urlretrieve.call_count) - - @mock.patch('time.sleep') - @mock.patch('logging.error') - @mock.patch('requests.get', - return_value=mock.MagicMock(status_code=404, content=b'')) - def test_download_url_http_error(self, mock_get, mock_error, _): - """Tests that download_url doesn't retry when there is an HTTP error.""" - self.assertFalse(http_utils.download_url(self.URL, self.FILE_PATH)) - mock_error.assert_called_with( - 'Unable to download from: %s. Code: %d. Content: %s.', self.URL, 404, - b'') - self.assertEqual(1, mock_get.call_count) - - @mock.patch('time.sleep') - @mock.patch('requests.get', side_effect=ConnectionResetError) - def test_download_url_connection_error(self, mock_get, mock_sleep): - """Tests that download_url doesn't retry when there is an HTTP error.""" - self.assertFalse(http_utils.download_url(self.URL, self.FILE_PATH)) - self.assertEqual(4, mock_get.call_count) - self.assertEqual(3, mock_sleep.call_count) - - -class DownloadAndUnpackZipTest(fake_filesystem_unittest.TestCase): - """Tests download_and_unpack_zip.""" - - def setUp(self): - self.setUpPyfakefs() - - @mock.patch('requests.get', return_value=mock_get_response) - def test_bad_zip_download(self, _): - """Tests download_and_unpack_zip returns none when a bad zip is passed.""" - self.fs.create_file('/url_tmp.zip', contents='Test file.') - self.assertFalse( - http_utils.download_and_unpack_zip('/not/a/real/url', - '/extract-directory')) diff --git a/infra/cifuzz/package-lock.json b/infra/cifuzz/package-lock.json deleted file mode 100644 index 9ee58404c..000000000 --- a/infra/cifuzz/package-lock.json +++ /dev/null @@ -1,316 +0,0 @@ -{ - "name": "cifuzz", - "version": "1.0.0", - "lockfileVersion": 2, - "requires": true, - "packages": { - "": { - "version": "1.0.0", - "license": "Apache2", - "dependencies": { - "@actions/artifact": "^0.5.2" - } - }, - "node_modules/@actions/artifact": { - "version": "0.5.2", - "resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-0.5.2.tgz", - "integrity": "sha512-q/r8WSqyxBJ0ffLCRrtjCBTGnAYqP+ID4yG7f7YSlhrQ4thNg/d+Tq9f1YkLPKX46ZR97OWtGDY+oU/nxcqvLw==", - "dependencies": { - "@actions/core": "^1.2.6", - "@actions/http-client": "^1.0.11", - "@types/tmp": "^0.1.0", - "tmp": "^0.1.0", - "tmp-promise": "^2.0.2" - } - }, - "node_modules/@actions/core": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.6.0.tgz", - "integrity": "sha512-NB1UAZomZlCV/LmJqkLhNTqtKfFXJZAUPcfl/zqG7EfsQdeUJtaWO98SGbuQ3pydJ3fHl2CvI/51OKYlCYYcaw==", - "dependencies": { - "@actions/http-client": "^1.0.11" - } - }, - "node_modules/@actions/http-client": { - "version": "1.0.11", - "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-1.0.11.tgz", - "integrity": "sha512-VRYHGQV1rqnROJqdMvGUbY/Kn8vriQe/F9HR2AlYHzmKuM/p3kjNuXhmdBfcVgsvRWTz5C5XW5xvndZrVBuAYg==", - "dependencies": { - "tunnel": "0.0.6" - } - }, - "node_modules/@types/tmp": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/@types/tmp/-/tmp-0.1.0.tgz", - "integrity": "sha512-6IwZ9HzWbCq6XoQWhxLpDjuADodH/MKXRUIDFudvgjcVdjFknvmR+DNsoUeer4XPrEnrZs04Jj+kfV9pFsrhmA==" - }, - "node_modules/balanced-match": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", - "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==" - }, - "node_modules/brace-expansion": { - "version": "1.1.11", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", - "dependencies": { - "balanced-match": "^1.0.0", - "concat-map": "0.0.1" - } - }, - "node_modules/concat-map": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", - "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=" - }, - "node_modules/fs.realpath": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", - "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=" - }, - "node_modules/glob": { - "version": "7.2.0", - "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz", - "integrity": "sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==", - "dependencies": { - "fs.realpath": "^1.0.0", - "inflight": "^1.0.4", - "inherits": "2", - "minimatch": "^3.0.4", - "once": "^1.3.0", - "path-is-absolute": "^1.0.0" - }, - "engines": { - "node": "*" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, - "node_modules/inflight": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", - "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=", - "dependencies": { - "once": "^1.3.0", - "wrappy": "1" - } - }, - "node_modules/inherits": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", - "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" - }, - "node_modules/minimatch": { - "version": "3.0.4", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz", - "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==", - "dependencies": { - "brace-expansion": "^1.1.7" - }, - "engines": { - "node": "*" - } - }, - "node_modules/once": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", - "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=", - "dependencies": { - "wrappy": "1" - } - }, - "node_modules/path-is-absolute": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", - "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=", - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/rimraf": { - "version": "2.7.1", - "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz", - "integrity": "sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==", - "dependencies": { - "glob": "^7.1.3" - }, - "bin": { - "rimraf": "bin.js" - } - }, - "node_modules/tmp": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.1.0.tgz", - "integrity": "sha512-J7Z2K08jbGcdA1kkQpJSqLF6T0tdQqpR2pnSUXsIchbPdTI9v3e85cLW0d6WDhwuAleOV71j2xWs8qMPfK7nKw==", - "dependencies": { - "rimraf": "^2.6.3" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/tmp-promise": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/tmp-promise/-/tmp-promise-2.1.1.tgz", - "integrity": "sha512-Z048AOz/w9b6lCbJUpevIJpRpUztENl8zdv1bmAKVHimfqRFl92ROkmT9rp7TVBnrEw2gtMTol/2Cp2S2kJa4Q==", - "dependencies": { - "tmp": "0.1.0" - } - }, - "node_modules/tunnel": { - "version": "0.0.6", - "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz", - "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==", - "engines": { - "node": ">=0.6.11 <=0.7.0 || >=0.7.3" - } - }, - "node_modules/wrappy": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", - "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=" - } - }, - "dependencies": { - "@actions/artifact": { - "version": "0.5.2", - "resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-0.5.2.tgz", - "integrity": "sha512-q/r8WSqyxBJ0ffLCRrtjCBTGnAYqP+ID4yG7f7YSlhrQ4thNg/d+Tq9f1YkLPKX46ZR97OWtGDY+oU/nxcqvLw==", - "requires": { - "@actions/core": "^1.2.6", - "@actions/http-client": "^1.0.11", - "@types/tmp": "^0.1.0", - "tmp": "^0.1.0", - "tmp-promise": "^2.0.2" - } - }, - "@actions/core": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.6.0.tgz", - "integrity": "sha512-NB1UAZomZlCV/LmJqkLhNTqtKfFXJZAUPcfl/zqG7EfsQdeUJtaWO98SGbuQ3pydJ3fHl2CvI/51OKYlCYYcaw==", - "requires": { - "@actions/http-client": "^1.0.11" - } - }, - "@actions/http-client": { - "version": "1.0.11", - "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-1.0.11.tgz", - "integrity": "sha512-VRYHGQV1rqnROJqdMvGUbY/Kn8vriQe/F9HR2AlYHzmKuM/p3kjNuXhmdBfcVgsvRWTz5C5XW5xvndZrVBuAYg==", - "requires": { - "tunnel": "0.0.6" - } - }, - "@types/tmp": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/@types/tmp/-/tmp-0.1.0.tgz", - "integrity": "sha512-6IwZ9HzWbCq6XoQWhxLpDjuADodH/MKXRUIDFudvgjcVdjFknvmR+DNsoUeer4XPrEnrZs04Jj+kfV9pFsrhmA==" - }, - "balanced-match": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", - "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==" - }, - "brace-expansion": { - "version": "1.1.11", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", - "requires": { - "balanced-match": "^1.0.0", - "concat-map": "0.0.1" - } - }, - "concat-map": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", - "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=" - }, - "fs.realpath": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", - "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=" - }, - "glob": { - "version": "7.2.0", - "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz", - "integrity": "sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==", - "requires": { - "fs.realpath": "^1.0.0", - "inflight": "^1.0.4", - "inherits": "2", - "minimatch": "^3.0.4", - "once": "^1.3.0", - "path-is-absolute": "^1.0.0" - } - }, - "inflight": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", - "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=", - "requires": { - "once": "^1.3.0", - "wrappy": "1" - } - }, - "inherits": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", - "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" - }, - "minimatch": { - "version": "3.0.4", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz", - "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==", - "requires": { - "brace-expansion": "^1.1.7" - } - }, - "once": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", - "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=", - "requires": { - "wrappy": "1" - } - }, - "path-is-absolute": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", - "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=" - }, - "rimraf": { - "version": "2.7.1", - "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz", - "integrity": "sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==", - "requires": { - "glob": "^7.1.3" - } - }, - "tmp": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.1.0.tgz", - "integrity": "sha512-J7Z2K08jbGcdA1kkQpJSqLF6T0tdQqpR2pnSUXsIchbPdTI9v3e85cLW0d6WDhwuAleOV71j2xWs8qMPfK7nKw==", - "requires": { - "rimraf": "^2.6.3" - } - }, - "tmp-promise": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/tmp-promise/-/tmp-promise-2.1.1.tgz", - "integrity": "sha512-Z048AOz/w9b6lCbJUpevIJpRpUztENl8zdv1bmAKVHimfqRFl92ROkmT9rp7TVBnrEw2gtMTol/2Cp2S2kJa4Q==", - "requires": { - "tmp": "0.1.0" - } - }, - "tunnel": { - "version": "0.0.6", - "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz", - "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==" - }, - "wrappy": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", - "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=" - } - } -} diff --git a/infra/cifuzz/package.json b/infra/cifuzz/package.json deleted file mode 100644 index 5823747dd..000000000 --- a/infra/cifuzz/package.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "name": "cifuzz", - "version": "1.0.0", - "description": "", - "author": "Google", - "license": "Apache2", - "dependencies": { - "@actions/artifact": "^0.5.2" - } -} diff --git a/infra/cifuzz/requirements.txt b/infra/cifuzz/requirements.txt deleted file mode 100644 index 270c15547..000000000 --- a/infra/cifuzz/requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -clusterfuzz==2.5.6 -requests==2.25.1 diff --git a/infra/cifuzz/run_cifuzz.py b/infra/cifuzz/run_cifuzz.py deleted file mode 100644 index 0382d78a8..000000000 --- a/infra/cifuzz/run_cifuzz.py +++ /dev/null @@ -1,88 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Script for running CIFuzz end-to-end. This is meant to work outside any -docker image. This cannot depend on any CIFuzz code or third party packages.""" -import os -import subprocess -import sys -import tempfile -import logging - -INFRA_DIR = os.path.dirname(os.path.dirname(__file__)) -DEFAULT_ENVS = [('DRY_RUN', '0'), ('SANITIZER', 'address')] -BASE_CIFUZZ_DOCKER_TAG = 'gcr.io/oss-fuzz-base' - - -def set_default_env_var_if_unset(env_var, default_value): - """Sets the value of |env_var| in the environment to |default_value| if it was - not already set.""" - if env_var not in os.environ: - os.environ[env_var] = default_value - - -def docker_run(name, workspace, project_src_path): - """Runs a CIFuzz docker container with |name|.""" - command = [ - 'docker', 'run', '--name', name, '--rm', '-e', 'PROJECT_SRC_PATH', '-e', - 'OSS_FUZZ_PROJECT_NAME', '-e', 'WORKSPACE', '-e', 'REPOSITORY', '-e', - 'DRY_RUN', '-e', 'CI', '-e', 'SANITIZER', '-e', 'GIT_SHA' - ] - if project_src_path: - command += ['-v', f'{project_src_path}:{project_src_path}'] - command += [ - '-v', '/var/run/docker.sock:/var/run/docker.sock', '-v', - f'{workspace}:{workspace}', f'{BASE_CIFUZZ_DOCKER_TAG}/{name}' - ] - print('Running docker command:', command) - subprocess.run(command, check=True) - - -def docker_build(image): - """Builds the CIFuzz |image|. Only suitable for building CIFuzz images.""" - command = [ - 'docker', 'build', '-t', f'{BASE_CIFUZZ_DOCKER_TAG}/{image}', '--file', - f'{image}.Dockerfile', '.' - ] - subprocess.run(command, check=True, cwd=INFRA_DIR) - - -def main(): - """Builds and runs fuzzers using CIFuzz.""" - for env_var, default_value in DEFAULT_ENVS: - set_default_env_var_if_unset(env_var, default_value) - - repository = os.getenv('REPOSITORY') - assert repository - - project_src_path = os.getenv('PROJECT_SRC_PATH') - - with tempfile.TemporaryDirectory() as temp_dir: - if 'WORKSPACE' not in os.environ: - os.environ['WORKSPACE'] = temp_dir - - workspace = os.environ['WORKSPACE'] - - docker_build('build_fuzzers') - docker_run('build_fuzzers', workspace, project_src_path) - docker_build('run_fuzzers') - try: - docker_run('run_fuzzers', workspace, project_src_path) - except subprocess.CalledProcessError: - logging.error('run_fuzzers failed.') - return 1 - return 0 - - -if __name__ == '__main__': - sys.exit(main()) diff --git a/infra/cifuzz/run_fuzzers.py b/infra/cifuzz/run_fuzzers.py index 67c4c66fd..513cfb6fa 100644 --- a/infra/cifuzz/run_fuzzers.py +++ b/infra/cifuzz/run_fuzzers.py @@ -21,9 +21,7 @@ import time import clusterfuzz_deployment import fuzz_target -import generate_coverage_report import stack_parser -import workspace_utils # pylint: disable=wrong-import-position,import-error sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) @@ -43,17 +41,12 @@ class BaseFuzzTargetRunner: def __init__(self, config): self.config = config - self.workspace = workspace_utils.Workspace(config) self.clusterfuzz_deployment = ( - clusterfuzz_deployment.get_clusterfuzz_deployment( - self.config, self.workspace)) - + clusterfuzz_deployment.get_clusterfuzz_deployment(self.config)) # Set by the initialize method. + self.out_dir = None self.fuzz_target_paths = None - - def get_fuzz_targets(self): - """Returns fuzz targets in out directory.""" - return utils.get_fuzz_targets(self.workspace.out) + self.artifacts_dir = None def initialize(self): """Initialization method. Must be called before calling run_fuzz_targets. @@ -71,51 +64,55 @@ class BaseFuzzTargetRunner: self.config.fuzz_seconds) return False - if not os.path.exists(self.workspace.out): - logging.error('Out directory: %s does not exist.', self.workspace.out) + self.out_dir = os.path.join(self.config.workspace, 'out') + if not os.path.exists(self.out_dir): + logging.error('Out directory: %s does not exist.', self.out_dir) return False - if not os.path.exists(self.workspace.artifacts): - os.makedirs(self.workspace.artifacts) - elif (not os.path.isdir(self.workspace.artifacts) or - os.listdir(self.workspace.artifacts)): + self.artifacts_dir = os.path.join(self.out_dir, 'artifacts') + if not os.path.exists(self.artifacts_dir): + os.mkdir(self.artifacts_dir) + elif (not os.path.isdir(self.artifacts_dir) or + os.listdir(self.artifacts_dir)): logging.error('Artifacts path: %s exists and is not an empty directory.', - self.workspace.artifacts) + self.artifacts_dir) return False - self.fuzz_target_paths = self.get_fuzz_targets() + self.fuzz_target_paths = utils.get_fuzz_targets(self.out_dir) logging.info('Fuzz targets: %s', self.fuzz_target_paths) if not self.fuzz_target_paths: logging.error('No fuzz targets were found in out directory: %s.', - self.workspace.out) + self.out_dir) return False return True - def cleanup_after_fuzz_target_run(self, fuzz_target_obj): # pylint: disable=no-self-use - """Cleans up after running |fuzz_target_obj|.""" - raise NotImplementedError('Child class must implement method.') - def run_fuzz_target(self, fuzz_target_obj): # pylint: disable=no-self-use """Fuzzes with |fuzz_target_obj| and returns the result.""" - raise NotImplementedError('Child class must implement method.') + # TODO(metzman): Make children implement this so that the batch runner can + # do things differently. + result = fuzz_target_obj.fuzz() + fuzz_target_obj.free_disk_if_needed() + return result @property def quit_on_bug_found(self): """Property that is checked to determine if fuzzing should quit after first bug is found.""" - raise NotImplementedError('Child class must implement method.') + raise NotImplementedError('Child class must implement method') def get_fuzz_target_artifact(self, target, artifact_name): """Returns the path of a fuzzing artifact named |artifact_name| for |fuzz_target|.""" - artifact_name = (f'{target.target_name}-{self.config.sanitizer}-' - f'{artifact_name}') - return os.path.join(self.workspace.artifacts, artifact_name) + artifact_name = '{target_name}-{sanitizer}-{artifact_name}'.format( + target_name=target.target_name, + sanitizer=self.config.sanitizer, + artifact_name=artifact_name) + return os.path.join(self.artifacts_dir, artifact_name) def create_fuzz_target_obj(self, target_path, run_seconds): """Returns a fuzz target object.""" - return fuzz_target.FuzzTarget(target_path, run_seconds, self.workspace, + return fuzz_target.FuzzTarget(target_path, run_seconds, self.out_dir, self.clusterfuzz_deployment, self.config) def run_fuzz_targets(self): @@ -137,7 +134,6 @@ class BaseFuzzTargetRunner: target = self.create_fuzz_target_obj(target_path, run_seconds) start_time = time.time() result = self.run_fuzz_target(target) - self.cleanup_after_fuzz_target_run(target) # It's OK if this goes negative since we take max when determining # run_seconds. @@ -166,60 +162,6 @@ class BaseFuzzTargetRunner: return bug_found -class PruneTargetRunner(BaseFuzzTargetRunner): - """Runner that prunes corpora.""" - - @property - def quit_on_bug_found(self): - return False - - def run_fuzz_target(self, fuzz_target_obj): - """Prunes with |fuzz_target_obj| and returns the result.""" - result = fuzz_target_obj.prune() - logging.debug('Corpus path contents: %s.', os.listdir(result.corpus_path)) - self.clusterfuzz_deployment.upload_corpus(fuzz_target_obj.target_name, - result.corpus_path, - replace=True) - return result - - def cleanup_after_fuzz_target_run(self, fuzz_target_obj): # pylint: disable=no-self-use - """Cleans up after pruning with |fuzz_target_obj|.""" - fuzz_target_obj.free_disk_if_needed() - - -class CoverageTargetRunner(BaseFuzzTargetRunner): - """Runner that runs the 'coverage' command.""" - - @property - def quit_on_bug_found(self): - raise NotImplementedError('Not implemented for CoverageTargetRunner.') - - def get_fuzz_targets(self): - """Returns fuzz targets in out directory.""" - # We only want fuzz targets from the root because during the coverage build, - # a lot of the image's filesystem is copied into /out for the purpose of - # generating coverage reports. - # TOOD(metzman): Figure out if top_level_only should be the only behavior - # for this function. - return utils.get_fuzz_targets(self.workspace.out, top_level_only=True) - - def run_fuzz_targets(self): - """Generates a coverage report. Always returns False since it never finds - any bugs.""" - generate_coverage_report.generate_coverage_report( - self.fuzz_target_paths, self.workspace, self.clusterfuzz_deployment, - self.config) - return False - - def run_fuzz_target(self, fuzz_target_obj): # pylint: disable=no-self-use - """Fuzzes with |fuzz_target_obj| and returns the result.""" - raise NotImplementedError('Not implemented for CoverageTargetRunner.') - - def cleanup_after_fuzz_target_run(self, fuzz_target_obj): # pylint: disable=no-self-use - """Cleans up after running |fuzz_target_obj|.""" - raise NotImplementedError('Not implemented for CoverageTargetRunner.') - - class CiFuzzTargetRunner(BaseFuzzTargetRunner): """Runner for fuzz targets used in CI (patch-fuzzing) context.""" @@ -227,13 +169,6 @@ class CiFuzzTargetRunner(BaseFuzzTargetRunner): def quit_on_bug_found(self): return True - def cleanup_after_fuzz_target_run(self, fuzz_target_obj): # pylint: disable=no-self-use - """Cleans up after running |fuzz_target_obj|.""" - fuzz_target_obj.free_disk_if_needed() - - def run_fuzz_target(self, fuzz_target_obj): # pylint: disable=no-self-use - return fuzz_target_obj.fuzz() - class BatchFuzzTargetRunner(BaseFuzzTargetRunner): """Runner for fuzz targets used in batch fuzzing context.""" @@ -242,42 +177,14 @@ class BatchFuzzTargetRunner(BaseFuzzTargetRunner): def quit_on_bug_found(self): return False - def run_fuzz_target(self, fuzz_target_obj): - """Fuzzes with |fuzz_target_obj| and returns the result.""" - result = fuzz_target_obj.fuzz() - logging.debug('Corpus path contents: %s.', os.listdir(result.corpus_path)) - self.clusterfuzz_deployment.upload_corpus(fuzz_target_obj.target_name, - result.corpus_path) - return result - - def cleanup_after_fuzz_target_run(self, fuzz_target_obj): - """Cleans up after running |fuzz_target_obj|.""" - # This must be done after we upload the corpus, otherwise it will be deleted - # before we get a chance to upload it. We can't delete the fuzz target - # because it is needed when we upload the build. - fuzz_target_obj.free_disk_if_needed(delete_fuzz_target=False) - - def run_fuzz_targets(self): - result = super().run_fuzz_targets() - self.clusterfuzz_deployment.upload_crashes() - return result - - -_RUN_FUZZERS_MODE_RUNNER_MAPPING = { - 'batch': BatchFuzzTargetRunner, - 'coverage': CoverageTargetRunner, - 'prune': PruneTargetRunner, - 'ci': CiFuzzTargetRunner, -} - def get_fuzz_target_runner(config): """Returns a fuzz target runner object based on the run_fuzzers_mode of |config|.""" - runner = _RUN_FUZZERS_MODE_RUNNER_MAPPING[config.run_fuzzers_mode](config) - logging.info('RUN_FUZZERS_MODE is: %s. Runner: %s.', config.run_fuzzers_mode, - runner) - return runner + logging.info('RUN_FUZZERS_MODE is: %s', config.run_fuzzers_mode) + if config.run_fuzzers_mode == 'batch': + return BatchFuzzTargetRunner(config) + return CiFuzzTargetRunner(config) def run_fuzzers(config): # pylint: disable=too-many-locals diff --git a/infra/cifuzz/run_fuzzers_entrypoint.py b/infra/cifuzz/run_fuzzers_entrypoint.py index adfd1a960..46e208dc0 100644 --- a/infra/cifuzz/run_fuzzers_entrypoint.py +++ b/infra/cifuzz/run_fuzzers_entrypoint.py @@ -33,49 +33,19 @@ def delete_unneeded_docker_images(config): if not config.low_disk_space: return logging.info('Deleting builder docker images to save disk space.') - project_image = docker.get_project_image_name(config.oss_fuzz_project_name) + project_image = docker.get_project_image_name(config.project_name) images = [ project_image, - docker.BASE_BUILDER_TAG, - docker.BASE_BUILDER_TAG + ':xenial', - docker.BASE_BUILDER_TAG + '-go', - docker.BASE_BUILDER_TAG + '-jvm', - docker.BASE_BUILDER_TAG + '-python', - docker.BASE_BUILDER_TAG + '-rust', - docker.BASE_BUILDER_TAG + '-swift', + docker.BASE_RUNNER_TAG, + docker.MSAN_LIBS_BUILDER_TAG, ] docker.delete_images(images) -def run_fuzzers_entrypoint(): - """This is the entrypoint for the run_fuzzers github action. - This action can be added to any OSS-Fuzz project's workflow that uses - Github.""" - config = config_utils.RunFuzzersConfig() - # The default return code when an error occurs. - returncode = 1 - if config.dry_run: - # Sets the default return code on error to success. - returncode = 0 - - delete_unneeded_docker_images(config) - # Run the specified project's fuzzers from the build. - result = run_fuzzers.run_fuzzers(config) - if result == run_fuzzers.RunFuzzersResult.ERROR: - logging.error('Error occurred while running in workspace %s.', - config.workspace) - return returncode - if result == run_fuzzers.RunFuzzersResult.BUG_FOUND: - logging.info('Bug found.') - if not config.dry_run: - # Return 2 when a bug was found by a fuzzer causing the CI to fail. - return 2 - return 0 - - def main(): - """Runs project's fuzzers for CI tools. + """Runs OSS-Fuzz project's fuzzers for CI tools. This is the entrypoint for the run_fuzzers github action. + This action can be added to any OSS-Fuzz project's workflow that uses Github. NOTE: libFuzzer binaries must be located in the ${GITHUB_WORKSPACE}/out directory in order for this action to be used. This action will only fuzz the @@ -95,9 +65,32 @@ def main(): SANITIZER: The sanitizer to use when running fuzzers. Returns: - 0 on success or nonzero on failure. + 0 on success or 1 on failure. """ - return run_fuzzers_entrypoint() + config = config_utils.RunFuzzersConfig() + # The default return code when an error occurs. + returncode = 1 + if config.dry_run: + # Sets the default return code on error to success. + returncode = 0 + + if not config.workspace: + logging.error('This script needs to be run within Github actions.') + return returncode + + delete_unneeded_docker_images(config) + # Run the specified project's fuzzers from the build. + result = run_fuzzers.run_fuzzers(config) + if result == run_fuzzers.RunFuzzersResult.ERROR: + logging.error('Error occurred while running in workspace %s.', + config.workspace) + return returncode + if result == run_fuzzers.RunFuzzersResult.BUG_FOUND: + logging.info('Bug found.') + if not config.dry_run: + # Return 2 when a bug was found by a fuzzer causing the CI to fail. + return 2 + return 0 if __name__ == '__main__': diff --git a/infra/cifuzz/run_fuzzers_test.py b/infra/cifuzz/run_fuzzers_test.py index db442b188..b2659903c 100644 --- a/infra/cifuzz/run_fuzzers_test.py +++ b/infra/cifuzz/run_fuzzers_test.py @@ -12,7 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. """Tests for running fuzzers.""" -import json import os import sys import shutil @@ -23,7 +22,7 @@ from unittest import mock import parameterized from pyfakefs import fake_filesystem_unittest -import build_fuzzers +import config_utils import fuzz_target import run_fuzzers @@ -31,7 +30,6 @@ import run_fuzzers INFRA_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) sys.path.append(INFRA_DIR) -import helper import test_helpers # NOTE: This integration test relies on @@ -51,6 +49,22 @@ UNDEFINED_FUZZER = 'curl_fuzzer_undefined' FUZZ_SECONDS = 10 +def _create_config(**kwargs): + """Creates a config object and then sets every attribute that is a key in + |kwargs| to the corresponding value. Asserts that each key in |kwargs| is an + attribute of Config.""" + with mock.patch('os.path.basename', return_value=None), mock.patch( + 'config_utils.get_project_src_path', + return_value=None), mock.patch('config_utils._is_dry_run', + return_value=True): + config = config_utils.RunFuzzersConfig() + + for key, value in kwargs.items(): + assert hasattr(config, key), 'Config doesn\'t have attribute: ' + key + setattr(config, key, value) + return config + + class RunFuzzerIntegrationTestMixin: # pylint: disable=too-few-public-methods,invalid-name """Mixin for integration test classes that runbuild_fuzzers on builds of a specific sanitizer.""" @@ -58,43 +72,39 @@ class RunFuzzerIntegrationTestMixin: # pylint: disable=too-few-public-methods,i FUZZER_DIR = None FUZZER = None - def setUp(self): - """Patch the environ so that we can execute runner scripts.""" - test_helpers.patch_environ(self, runner=True) - def _test_run_with_sanitizer(self, fuzzer_dir, sanitizer): """Calls run_fuzzers on fuzzer_dir and |sanitizer| and asserts the run succeeded and that no bug was found.""" with test_helpers.temp_dir_copy(fuzzer_dir) as fuzzer_dir_copy: - config = test_helpers.create_run_config(fuzz_seconds=FUZZ_SECONDS, - workspace=fuzzer_dir_copy, - oss_fuzz_project_name='curl', - sanitizer=sanitizer) + config = _create_config(fuzz_seconds=FUZZ_SECONDS, + workspace=fuzzer_dir_copy, + project_name='curl', + sanitizer=sanitizer) result = run_fuzzers.run_fuzzers(config) self.assertEqual(result, run_fuzzers.RunFuzzersResult.NO_BUG_FOUND) -@unittest.skipIf(not os.getenv('INTEGRATION_TESTS'), - 'INTEGRATION_TESTS=1 not set') class RunMemoryFuzzerIntegrationTest(RunFuzzerIntegrationTestMixin, unittest.TestCase): """Integration test for build_fuzzers with an MSAN build.""" FUZZER_DIR = MEMORY_FUZZER_DIR FUZZER = MEMORY_FUZZER + @unittest.skipIf(not os.getenv('INTEGRATION_TESTS'), + 'INTEGRATION_TESTS=1 not set') def test_run_with_memory_sanitizer(self): """Tests run_fuzzers with a valid MSAN build.""" self._test_run_with_sanitizer(self.FUZZER_DIR, 'memory') -@unittest.skipIf(not os.getenv('INTEGRATION_TESTS'), - 'INTEGRATION_TESTS=1 not set') class RunUndefinedFuzzerIntegrationTest(RunFuzzerIntegrationTestMixin, unittest.TestCase): """Integration test for build_fuzzers with an UBSAN build.""" FUZZER_DIR = UNDEFINED_FUZZER_DIR FUZZER = UNDEFINED_FUZZER + @unittest.skipIf(not os.getenv('INTEGRATION_TESTS'), + 'INTEGRATION_TESTS=1 not set') def test_run_with_undefined_sanitizer(self): """Tests run_fuzzers with a valid UBSAN build.""" self._test_run_with_sanitizer(self.FUZZER_DIR, 'undefined') @@ -104,22 +114,19 @@ class BaseFuzzTargetRunnerTest(unittest.TestCase): """Tests BaseFuzzTargetRunner.""" def _create_runner(self, **kwargs): # pylint: disable=no-self-use - defaults = { - 'fuzz_seconds': FUZZ_SECONDS, - 'oss_fuzz_project_name': EXAMPLE_PROJECT - } + defaults = {'fuzz_seconds': FUZZ_SECONDS, 'project_name': EXAMPLE_PROJECT} for default_key, default_value in defaults.items(): if default_key not in kwargs: kwargs[default_key] = default_value - config = test_helpers.create_run_config(**kwargs) + config = _create_config(**kwargs) return run_fuzzers.BaseFuzzTargetRunner(config) def _test_initialize_fail(self, expected_error_args, **create_runner_kwargs): - with mock.patch('logging.error') as mock_error: + with mock.patch('logging.error') as mocked_error: runner = self._create_runner(**create_runner_kwargs) self.assertFalse(runner.initialize()) - mock_error.assert_called_with(*expected_error_args) + mocked_error.assert_called_with(*expected_error_args) @parameterized.parameterized.expand([(0,), (None,), (-1,)]) def test_initialize_invalid_fuzz_seconds(self, fuzz_seconds): @@ -127,10 +134,10 @@ class BaseFuzzTargetRunnerTest(unittest.TestCase): expected_error_args = ('Fuzz_seconds argument must be greater than 1, ' 'but was: %s.', fuzz_seconds) with tempfile.TemporaryDirectory() as tmp_dir: - out_path = os.path.join(tmp_dir, 'build-out') + out_path = os.path.join(tmp_dir, 'out') os.mkdir(out_path) - with mock.patch('utils.get_fuzz_targets') as mock_get_fuzz_targets: - mock_get_fuzz_targets.return_value = [ + with mock.patch('utils.get_fuzz_targets') as mocked_get_fuzz_targets: + mocked_get_fuzz_targets.return_value = [ os.path.join(out_path, 'fuzz_target') ] self._test_initialize_fail(expected_error_args, @@ -140,17 +147,16 @@ class BaseFuzzTargetRunnerTest(unittest.TestCase): def test_initialize_no_out_dir(self): """Tests initialize fails with no out dir.""" with tempfile.TemporaryDirectory() as tmp_dir: - out_path = os.path.join(tmp_dir, 'build-out') + out_path = os.path.join(tmp_dir, 'out') expected_error_args = ('Out directory: %s does not exist.', out_path) self._test_initialize_fail(expected_error_args, workspace=tmp_dir) def test_initialize_nonempty_artifacts(self): """Tests initialize with a file artifacts path.""" with tempfile.TemporaryDirectory() as tmp_dir: - out_path = os.path.join(tmp_dir, 'build-out') + out_path = os.path.join(tmp_dir, 'out') os.mkdir(out_path) - os.makedirs(os.path.join(tmp_dir, 'out')) - artifacts_path = os.path.join(tmp_dir, 'out', 'artifacts') + artifacts_path = os.path.join(out_path, 'artifacts') with open(artifacts_path, 'w') as artifacts_handle: artifacts_handle.write('fake') expected_error_args = ( @@ -161,9 +167,8 @@ class BaseFuzzTargetRunnerTest(unittest.TestCase): def test_initialize_bad_artifacts(self): """Tests initialize with a non-empty artifacts path.""" with tempfile.TemporaryDirectory() as tmp_dir: - out_path = os.path.join(tmp_dir, 'build-out') - os.mkdir(out_path) - artifacts_path = os.path.join(tmp_dir, 'out', 'artifacts') + out_path = os.path.join(tmp_dir, 'out') + artifacts_path = os.path.join(out_path, 'artifacts') os.makedirs(artifacts_path) artifact_path = os.path.join(artifacts_path, 'artifact') with open(artifact_path, 'w') as artifact_handle: @@ -175,37 +180,37 @@ class BaseFuzzTargetRunnerTest(unittest.TestCase): @mock.patch('utils.get_fuzz_targets') @mock.patch('logging.error') - def test_initialize_empty_artifacts(self, mock_log_error, - mock_get_fuzz_targets): + def test_initialize_empty_artifacts(self, mocked_log_error, + mocked_get_fuzz_targets): """Tests initialize with an empty artifacts dir.""" - mock_get_fuzz_targets.return_value = ['fuzz-target'] + mocked_get_fuzz_targets.return_value = ['fuzz-target'] with tempfile.TemporaryDirectory() as tmp_dir: - out_path = os.path.join(tmp_dir, 'build-out') - os.mkdir(out_path) - artifacts_path = os.path.join(tmp_dir, 'out', 'artifacts') + out_path = os.path.join(tmp_dir, 'out') + artifacts_path = os.path.join(out_path, 'artifacts') os.makedirs(artifacts_path) runner = self._create_runner(workspace=tmp_dir) self.assertTrue(runner.initialize()) - mock_log_error.assert_not_called() + mocked_log_error.assert_not_called() self.assertTrue(os.path.isdir(artifacts_path)) @mock.patch('utils.get_fuzz_targets') @mock.patch('logging.error') - def test_initialize_no_artifacts(self, mock_log_error, mock_get_fuzz_targets): + def test_initialize_no_artifacts(self, mocked_log_error, + mocked_get_fuzz_targets): """Tests initialize with no artifacts dir (the expected setting).""" - mock_get_fuzz_targets.return_value = ['fuzz-target'] + mocked_get_fuzz_targets.return_value = ['fuzz-target'] with tempfile.TemporaryDirectory() as tmp_dir: - out_path = os.path.join(tmp_dir, 'build-out') - os.mkdir(out_path) + out_path = os.path.join(tmp_dir, 'out') + os.makedirs(out_path) runner = self._create_runner(workspace=tmp_dir) self.assertTrue(runner.initialize()) - mock_log_error.assert_not_called() - self.assertTrue(os.path.isdir(os.path.join(tmp_dir, 'out', 'artifacts'))) + mocked_log_error.assert_not_called() + self.assertTrue(os.path.isdir(os.path.join(out_path, 'artifacts'))) def test_initialize_no_fuzz_targets(self): """Tests initialize with no fuzz targets.""" with tempfile.TemporaryDirectory() as tmp_dir: - out_path = os.path.join(tmp_dir, 'build-out') + out_path = os.path.join(tmp_dir, 'out') os.makedirs(out_path) expected_error_args = ('No fuzz targets were found in out directory: %s.', out_path) @@ -213,21 +218,18 @@ class BaseFuzzTargetRunnerTest(unittest.TestCase): def test_get_fuzz_target_artifact(self): """Tests that get_fuzz_target_artifact works as intended.""" - with tempfile.TemporaryDirectory() as tmp_dir: - runner = self._create_runner(workspace=tmp_dir) - crashes_dir = 'crashes-dir' - runner.crashes_dir = crashes_dir - artifact_name = 'artifact-name' - target = mock.MagicMock() - target_name = 'target_name' - target.target_name = target_name - - fuzz_target_artifact = runner.get_fuzz_target_artifact( - target, artifact_name) - expected_fuzz_target_artifact = os.path.join( - tmp_dir, 'out', 'artifacts', 'target_name-address-artifact-name') - - self.assertEqual(fuzz_target_artifact, expected_fuzz_target_artifact) + runner = self._create_runner() + artifacts_dir = 'artifacts-dir' + runner.artifacts_dir = artifacts_dir + artifact_name = 'artifact-name' + target = mock.MagicMock() + target_name = 'target_name' + target.target_name = target_name + fuzz_target_artifact = runner.get_fuzz_target_artifact( + target, artifact_name) + expected_fuzz_target_artifact = ( + 'artifacts-dir/target_name-address-artifact-name') + self.assertEqual(fuzz_target_artifact, expected_fuzz_target_artifact) class CiFuzzTargetRunnerTest(fake_filesystem_unittest.TestCase): @@ -239,176 +241,91 @@ class CiFuzzTargetRunnerTest(fake_filesystem_unittest.TestCase): @mock.patch('utils.get_fuzz_targets') @mock.patch('run_fuzzers.CiFuzzTargetRunner.run_fuzz_target') @mock.patch('run_fuzzers.CiFuzzTargetRunner.create_fuzz_target_obj') - def test_run_fuzz_targets_quits(self, mock_create_fuzz_target_obj, - mock_run_fuzz_target, mock_get_fuzz_targets): + def test_run_fuzz_targets_quits(self, mocked_create_fuzz_target_obj, + mocked_run_fuzz_target, + mocked_get_fuzz_targets): """Tests that run_fuzz_targets quits on the first crash it finds.""" workspace = 'workspace' - out_path = os.path.join(workspace, 'build-out') + out_path = os.path.join(workspace, 'out') self.fs.create_dir(out_path) - config = test_helpers.create_run_config( - fuzz_seconds=FUZZ_SECONDS, - workspace=workspace, - oss_fuzz_project_name=EXAMPLE_PROJECT) + config = _create_config(fuzz_seconds=FUZZ_SECONDS, + workspace=workspace, + project_name=EXAMPLE_PROJECT) runner = run_fuzzers.CiFuzzTargetRunner(config) - mock_get_fuzz_targets.return_value = ['target1', 'target2'] + mocked_get_fuzz_targets.return_value = ['target1', 'target2'] runner.initialize() testcase = os.path.join(workspace, 'testcase') self.fs.create_file(testcase) - stacktrace = 'stacktrace' - corpus_dir = 'corpus' - self.fs.create_dir(corpus_dir) - mock_run_fuzz_target.return_value = fuzz_target.FuzzResult( - testcase, stacktrace, corpus_dir) + stacktrace = b'stacktrace' + mocked_run_fuzz_target.return_value = fuzz_target.FuzzResult( + testcase, stacktrace) magic_mock = mock.MagicMock() magic_mock.target_name = 'target1' - mock_create_fuzz_target_obj.return_value = magic_mock + mocked_create_fuzz_target_obj.return_value = magic_mock self.assertTrue(runner.run_fuzz_targets()) - self.assertIn('target1-address-testcase', - os.listdir(runner.workspace.artifacts)) - self.assertEqual(mock_run_fuzz_target.call_count, 1) + self.assertIn('target1-address-testcase', os.listdir(runner.artifacts_dir)) + self.assertEqual(mocked_run_fuzz_target.call_count, 1) class BatchFuzzTargetRunnerTest(fake_filesystem_unittest.TestCase): - """Tests that BatchFuzzTargetRunnerTest works as intended.""" - WORKSPACE = 'workspace' - STACKTRACE = 'stacktrace' - CORPUS_DIR = 'corpus' + """Tests that CiFuzzTargetRunner works as intended.""" def setUp(self): self.setUpPyfakefs() - out_dir = os.path.join(self.WORKSPACE, 'build-out') - self.fs.create_dir(out_dir) - self.testcase1 = os.path.join(out_dir, 'testcase-aaa') - self.fs.create_file(self.testcase1) - self.testcase2 = os.path.join(out_dir, 'testcase-bbb') - self.fs.create_file(self.testcase2) - self.config = test_helpers.create_run_config(fuzz_seconds=FUZZ_SECONDS, - workspace=self.WORKSPACE, - is_github=True) - - @mock.patch('utils.get_fuzz_targets', return_value=['target1', 'target2']) - @mock.patch('clusterfuzz_deployment.ClusterFuzzLite.upload_build', - return_value=True) + + @mock.patch('utils.get_fuzz_targets') @mock.patch('run_fuzzers.BatchFuzzTargetRunner.run_fuzz_target') @mock.patch('run_fuzzers.BatchFuzzTargetRunner.create_fuzz_target_obj') - def test_run_fuzz_targets_quits(self, mock_create_fuzz_target_obj, - mock_run_fuzz_target, _, __): + def test_run_fuzz_targets_quits(self, mocked_create_fuzz_target_obj, + mocked_run_fuzz_target, + mocked_get_fuzz_targets): """Tests that run_fuzz_targets doesn't quit on the first crash it finds.""" - runner = run_fuzzers.BatchFuzzTargetRunner(self.config) - runner.initialize() + workspace = 'workspace' + out_path = os.path.join(workspace, 'out') + self.fs.create_dir(out_path) + config = _create_config(fuzz_seconds=FUZZ_SECONDS, + workspace=workspace, + project_name=EXAMPLE_PROJECT) + runner = run_fuzzers.BatchFuzzTargetRunner(config) + mocked_get_fuzz_targets.return_value = ['target1', 'target2'] + runner.initialize() + testcase1 = os.path.join(workspace, 'testcase-aaa') + testcase2 = os.path.join(workspace, 'testcase-bbb') + self.fs.create_file(testcase1) + self.fs.create_file(testcase2) + stacktrace = b'stacktrace' call_count = 0 - def mock_run_fuzz_target_impl(_): + def mock_run_fuzz_target(_): nonlocal call_count if call_count == 0: - testcase = self.testcase1 + testcase = testcase1 elif call_count == 1: - testcase = self.testcase2 + testcase = testcase2 assert call_count != 2 call_count += 1 - if not os.path.exists(self.CORPUS_DIR): - self.fs.create_dir(self.CORPUS_DIR) - return fuzz_target.FuzzResult(testcase, self.STACKTRACE, self.CORPUS_DIR) + return fuzz_target.FuzzResult(testcase, stacktrace) - mock_run_fuzz_target.side_effect = mock_run_fuzz_target_impl + mocked_run_fuzz_target.side_effect = mock_run_fuzz_target magic_mock = mock.MagicMock() magic_mock.target_name = 'target1' - mock_create_fuzz_target_obj.return_value = magic_mock + mocked_create_fuzz_target_obj.return_value = magic_mock self.assertTrue(runner.run_fuzz_targets()) - self.assertEqual(mock_run_fuzz_target.call_count, 2) - - @mock.patch('run_fuzzers.BaseFuzzTargetRunner.run_fuzz_targets', - return_value=False) - @mock.patch('clusterfuzz_deployment.ClusterFuzzLite.upload_crashes') - def test_run_fuzz_targets_upload_crashes_and_builds(self, mock_upload_crashes, - _): - """Tests that run_fuzz_targets uploads crashes and builds correctly.""" - runner = run_fuzzers.BatchFuzzTargetRunner(self.config) - # TODO(metzman): Don't rely on this failing gracefully. - runner.initialize() - - self.assertFalse(runner.run_fuzz_targets()) - self.assertEqual(mock_upload_crashes.call_count, 1) + self.assertIn('target1-address-testcase-aaa', + os.listdir(runner.artifacts_dir)) + self.assertEqual(mocked_run_fuzz_target.call_count, 2) -@unittest.skipIf(not os.getenv('INTEGRATION_TESTS'), - 'INTEGRATION_TESTS=1 not set') -class CoverageReportIntegrationTest(unittest.TestCase): - """Integration tests for coverage reports.""" - SANITIZER = 'coverage' - - def setUp(self): - test_helpers.patch_environ(self, runner=True) - - @mock.patch('filestore.github_actions._upload_artifact_with_upload_js') - def test_coverage_report(self, _): - """Tests generation of coverage reports end-to-end, from building to - generation.""" - - with test_helpers.docker_temp_dir() as temp_dir: - shared = os.path.join(temp_dir, 'shared') - os.mkdir(shared) - copy_command = ('cp -r /opt/code_coverage /shared && ' - 'cp $(which llvm-profdata) /shared && ' - 'cp $(which llvm-cov) /shared') - assert helper.docker_run([ - '-v', f'{shared}:/shared', 'gcr.io/oss-fuzz-base/base-runner', 'bash', - '-c', copy_command - ]) - - os.environ['CODE_COVERAGE_SRC'] = os.path.join(shared, 'code_coverage') - os.environ['PATH'] += os.pathsep + shared - # Do coverage build. - build_config = test_helpers.create_build_config( - oss_fuzz_project_name=EXAMPLE_PROJECT, - project_repo_name='oss-fuzz', - workspace=temp_dir, - commit_sha='0b95fe1039ed7c38fea1f97078316bfc1030c523', - base_commit='da0746452433dc18bae699e355a9821285d863c8', - sanitizer=self.SANITIZER, - is_github=True, - # Needed for test not to fail because of permissions issues. - bad_build_check=False) - self.assertTrue(build_fuzzers.build_fuzzers(build_config)) - - # TODO(metzman): Get rid of this here and make 'compile' do this. - chmod_command = ('chmod -R +r /out && ' - 'find /out -type d -exec chmod +x {} +') - - assert helper.docker_run([ - '-v', f'{os.path.join(temp_dir, "build-out")}:/out', - 'gcr.io/oss-fuzz-base/base-builder', 'bash', '-c', chmod_command - ]) - - # Generate report. - run_config = test_helpers.create_run_config(fuzz_seconds=FUZZ_SECONDS, - workspace=temp_dir, - sanitizer=self.SANITIZER, - run_fuzzers_mode='coverage', - is_github=True) - result = run_fuzzers.run_fuzzers(run_config) - self.assertEqual(result, run_fuzzers.RunFuzzersResult.NO_BUG_FOUND) - expected_summary_path = os.path.join( - TEST_DATA_PATH, 'example_coverage_report_summary.json') - with open(expected_summary_path) as file_handle: - expected_summary = json.loads(file_handle.read()) - actual_summary_path = os.path.join(temp_dir, 'cifuzz-coverage', - 'report', 'linux', 'summary.json') - with open(actual_summary_path) as file_handle: - actual_summary = json.loads(file_handle.read()) - self.assertEqual(expected_summary, actual_summary) - - -@unittest.skipIf(not os.getenv('INTEGRATION_TESTS'), - 'INTEGRATION_TESTS=1 not set') class RunAddressFuzzersIntegrationTest(RunFuzzerIntegrationTestMixin, unittest.TestCase): """Integration tests for build_fuzzers with an ASAN build.""" BUILD_DIR_NAME = 'cifuzz-latest-build' + @unittest.skipIf(not os.getenv('INTEGRATION_TESTS'), + 'INTEGRATION_TESTS=1 not set') def test_new_bug_found(self): """Tests run_fuzzers with a valid ASAN build.""" # Set the first return value to True, then the second to False to @@ -419,61 +336,46 @@ class RunAddressFuzzersIntegrationTest(RunFuzzerIntegrationTestMixin, with tempfile.TemporaryDirectory() as tmp_dir: workspace = os.path.join(tmp_dir, 'workspace') shutil.copytree(TEST_DATA_PATH, workspace) - config = test_helpers.create_run_config( - fuzz_seconds=FUZZ_SECONDS, - workspace=workspace, - oss_fuzz_project_name=EXAMPLE_PROJECT) + config = _create_config(fuzz_seconds=FUZZ_SECONDS, + workspace=workspace, + project_name=EXAMPLE_PROJECT) result = run_fuzzers.run_fuzzers(config) self.assertEqual(result, run_fuzzers.RunFuzzersResult.BUG_FOUND) + build_dir = os.path.join(workspace, 'out', self.BUILD_DIR_NAME) + self.assertNotEqual(0, len(os.listdir(build_dir))) + @unittest.skipIf(not os.getenv('INTEGRATION_TESTS'), + 'INTEGRATION_TESTS=1 not set') @mock.patch('fuzz_target.FuzzTarget.is_reproducible', side_effect=[True, True]) def test_old_bug_found(self, _): """Tests run_fuzzers with a bug found in OSS-Fuzz before.""" + config = _create_config(fuzz_seconds=FUZZ_SECONDS, + workspace=TEST_DATA_PATH, + project_name=EXAMPLE_PROJECT) with tempfile.TemporaryDirectory() as tmp_dir: workspace = os.path.join(tmp_dir, 'workspace') shutil.copytree(TEST_DATA_PATH, workspace) - config = test_helpers.create_run_config( - fuzz_seconds=FUZZ_SECONDS, - workspace=workspace, - oss_fuzz_project_name=EXAMPLE_PROJECT) + config = _create_config(fuzz_seconds=FUZZ_SECONDS, + workspace=TEST_DATA_PATH, + project_name=EXAMPLE_PROJECT) result = run_fuzzers.run_fuzzers(config) self.assertEqual(result, run_fuzzers.RunFuzzersResult.NO_BUG_FOUND) + build_dir = os.path.join(TEST_DATA_PATH, 'out', self.BUILD_DIR_NAME) + self.assertTrue(os.path.exists(build_dir)) + self.assertNotEqual(0, len(os.listdir(build_dir))) def test_invalid_build(self): """Tests run_fuzzers with an invalid ASAN build.""" with tempfile.TemporaryDirectory() as tmp_dir: - out_path = os.path.join(tmp_dir, 'build-out') + out_path = os.path.join(tmp_dir, 'out') os.mkdir(out_path) - config = test_helpers.create_run_config( - fuzz_seconds=FUZZ_SECONDS, - workspace=tmp_dir, - oss_fuzz_project_name=EXAMPLE_PROJECT) + config = _create_config(fuzz_seconds=FUZZ_SECONDS, + workspace=tmp_dir, + project_name=EXAMPLE_PROJECT) result = run_fuzzers.run_fuzzers(config) self.assertEqual(result, run_fuzzers.RunFuzzersResult.ERROR) -class GetFuzzTargetRunnerTest(unittest.TestCase): - """Tests for get_fuzz_fuzz_target_runner.""" - - @parameterized.parameterized.expand([ - ('batch', run_fuzzers.BatchFuzzTargetRunner), - ('ci', run_fuzzers.CiFuzzTargetRunner), - ('coverage', run_fuzzers.CoverageTargetRunner) - ]) - def test_get_fuzz_target_runner(self, run_fuzzers_mode, - fuzz_target_runner_cls): - """Tests that get_fuzz_target_runner returns the correct runner based on the - specified run_fuzzers_mode.""" - with tempfile.TemporaryDirectory() as tmp_dir: - run_config = test_helpers.create_run_config( - fuzz_seconds=FUZZ_SECONDS, - workspace=tmp_dir, - oss_fuzz_project_name='example', - run_fuzzers_mode=run_fuzzers_mode) - runner = run_fuzzers.get_fuzz_target_runner(run_config) - self.assertTrue(isinstance(runner, fuzz_target_runner_cls)) - - if __name__ == '__main__': unittest.main() diff --git a/infra/cifuzz/stack_parser.py b/infra/cifuzz/stack_parser.py index b53f875fe..69c44bc2e 100644 --- a/infra/cifuzz/stack_parser.py +++ b/infra/cifuzz/stack_parser.py @@ -18,30 +18,30 @@ import logging # From clusterfuzz: src/python/crash_analysis/crash_analyzer.py # Used to get the beginning of the stacktrace. STACKTRACE_TOOL_MARKERS = [ - 'AddressSanitizer', - 'ASAN:', - 'CFI: Most likely a control flow integrity violation;', - 'ERROR: libFuzzer', - 'KASAN:', - 'LeakSanitizer', - 'MemorySanitizer', - 'ThreadSanitizer', - 'UndefinedBehaviorSanitizer', - 'UndefinedSanitizer', + b'AddressSanitizer', + b'ASAN:', + b'CFI: Most likely a control flow integrity violation;', + b'ERROR: libFuzzer', + b'KASAN:', + b'LeakSanitizer', + b'MemorySanitizer', + b'ThreadSanitizer', + b'UndefinedBehaviorSanitizer', + b'UndefinedSanitizer', ] # From clusterfuzz: src/python/crash_analysis/crash_analyzer.py # Used to get the end of the stacktrace. STACKTRACE_END_MARKERS = [ - 'ABORTING', - 'END MEMORY TOOL REPORT', - 'End of process memory map.', - 'END_KASAN_OUTPUT', - 'SUMMARY:', - 'Shadow byte and word', - '[end of stack trace]', - '\nExiting', - 'minidump has been written', + b'ABORTING', + b'END MEMORY TOOL REPORT', + b'End of process memory map.', + b'END_KASAN_OUTPUT', + b'SUMMARY:', + b'Shadow byte and word', + b'[end of stack trace]', + b'\nExiting', + b'minidump has been written', ] @@ -82,5 +82,5 @@ def parse_fuzzer_output(fuzzer_output, parsed_output_file_path): summary_str = fuzzer_output[begin_stack:end_stack] # Write sections of fuzzer output to specific files. - with open(parsed_output_file_path, 'a') as summary_handle: + with open(parsed_output_file_path, 'ab') as summary_handle: summary_handle.write(summary_str) diff --git a/infra/cifuzz/stack_parser_test.py b/infra/cifuzz/stack_parser_test.py index 5a631b427..faf601fd5 100644 --- a/infra/cifuzz/stack_parser_test.py +++ b/infra/cifuzz/stack_parser_test.py @@ -46,12 +46,12 @@ class ParseOutputTest(fake_filesystem_unittest.TestCase): # Read the fuzzer output from disk. fuzzer_output_path = os.path.join(TEST_DATA_PATH, fuzzer_output_file) self.fs.add_real_file(fuzzer_output_path) - with open(fuzzer_output_path, 'r') as fuzzer_output_handle: + with open(fuzzer_output_path, 'rb') as fuzzer_output_handle: fuzzer_output = fuzzer_output_handle.read() bug_summary_path = '/bug-summary.txt' - with mock.patch('logging.info') as mock_info: + with mock.patch('logging.info') as mocked_info: stack_parser.parse_fuzzer_output(fuzzer_output, bug_summary_path) - mock_info.assert_not_called() + mocked_info.assert_not_called() with open(bug_summary_path) as bug_summary_handle: bug_summary = bug_summary_handle.read() @@ -67,10 +67,10 @@ class ParseOutputTest(fake_filesystem_unittest.TestCase): def test_parse_invalid_output(self): """Checks that no files are created when an invalid input was given.""" artifact_path = '/bug-summary.txt' - with mock.patch('logging.error') as mock_error: - stack_parser.parse_fuzzer_output('not a valid output_string', + with mock.patch('logging.error') as mocked_error: + stack_parser.parse_fuzzer_output(b'not a valid output_string', artifact_path) - assert mock_error.call_count + assert mocked_error.call_count self.assertFalse(os.path.exists(artifact_path)) diff --git a/infra/cifuzz/test_data/example_coverage_report_summary.json b/infra/cifuzz/test_data/example_coverage_report_summary.json deleted file mode 100644 index 0004a1b57..000000000 --- a/infra/cifuzz/test_data/example_coverage_report_summary.json +++ /dev/null @@ -1 +0,0 @@ -{"data": [{"files": [{"filename": "/src/my-git-repo/projects/example/my-api-repo/do_stuff_fuzzer.cpp", "summary": {"branches": {"count": 0, "covered": 0, "notcovered": 0, "percent": 0}, "functions": {"count": 1, "covered": 0, "percent": 0}, "instantiations": {"count": 1, "covered": 0, "percent": 0}, "lines": {"count": 5, "covered": 0, "percent": 0}, "regions": {"count": 1, "covered": 0, "notcovered": 1, "percent": 0}}}, {"filename": "/src/my-git-repo/projects/example/my-api-repo/my_api.cpp", "summary": {"branches": {"count": 10, "covered": 0, "notcovered": 10, "percent": 0}, "functions": {"count": 1, "covered": 0, "percent": 0}, "instantiations": {"count": 1, "covered": 0, "percent": 0}, "lines": {"count": 15, "covered": 0, "percent": 0}, "regions": {"count": 11, "covered": 0, "notcovered": 11, "percent": 0}}}], "totals": {"branches": {"count": 10, "covered": 0, "notcovered": 10, "percent": 0}, "functions": {"count": 2, "covered": 0, "percent": 0}, "instantiations": {"count": 2, "covered": 0, "percent": 0}, "lines": {"count": 20, "covered": 0, "percent": 0}, "regions": {"count": 12, "covered": 0, "notcovered": 12, "percent": 0}}}], "type": "llvm.coverage.json.export", "version": "2.0.1"}
\ No newline at end of file diff --git a/infra/cifuzz/test_data/external-project/.clusterfuzzlite/Dockerfile b/infra/cifuzz/test_data/external-project/oss-fuzz/Dockerfile index e24553825..e9dc33031 100644 --- a/infra/cifuzz/test_data/external-project/.clusterfuzzlite/Dockerfile +++ b/infra/cifuzz/test_data/external-project/oss-fuzz/Dockerfile @@ -18,5 +18,5 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make COPY . $SRC/external-project -WORKDIR $SRC/external-project -COPY .clusterfuzzlite/build.sh $SRC/ +WORKDIR external-project +COPY oss-fuzz/build.sh $SRC/ diff --git a/infra/cifuzz/test_data/external-project/.clusterfuzzlite/build.sh b/infra/cifuzz/test_data/external-project/oss-fuzz/build.sh index 2c52ef90f..2c52ef90f 100644 --- a/infra/cifuzz/test_data/external-project/.clusterfuzzlite/build.sh +++ b/infra/cifuzz/test_data/external-project/oss-fuzz/build.sh diff --git a/infra/cifuzz/test_data/memory/build-out/curl_fuzzer_memory b/infra/cifuzz/test_data/memory/out/curl_fuzzer_memory Binary files differindex c602ce970..c602ce970 100755 --- a/infra/cifuzz/test_data/memory/build-out/curl_fuzzer_memory +++ b/infra/cifuzz/test_data/memory/out/curl_fuzzer_memory diff --git a/infra/cifuzz/test_data/build-out/example_crash_fuzzer b/infra/cifuzz/test_data/out/example_crash_fuzzer Binary files differindex 704800dda..704800dda 100755 --- a/infra/cifuzz/test_data/build-out/example_crash_fuzzer +++ b/infra/cifuzz/test_data/out/example_crash_fuzzer diff --git a/infra/cifuzz/test_data/build-out/example_nocrash_fuzzer b/infra/cifuzz/test_data/out/example_nocrash_fuzzer Binary files differindex e4ff86042..e4ff86042 100755 --- a/infra/cifuzz/test_data/build-out/example_nocrash_fuzzer +++ b/infra/cifuzz/test_data/out/example_nocrash_fuzzer diff --git a/infra/cifuzz/test_data/undefined/build-out/curl_fuzzer_undefined b/infra/cifuzz/test_data/undefined/out/curl_fuzzer_undefined Binary files differindex 504cab108..504cab108 100755 --- a/infra/cifuzz/test_data/undefined/build-out/curl_fuzzer_undefined +++ b/infra/cifuzz/test_data/undefined/out/curl_fuzzer_undefined diff --git a/infra/cifuzz/test_helpers.py b/infra/cifuzz/test_helpers.py deleted file mode 100644 index 85b5a8a67..000000000 --- a/infra/cifuzz/test_helpers.py +++ /dev/null @@ -1,116 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Contains convenient helpers for writing tests.""" - -import contextlib -import os -import sys -import shutil -import tempfile -from unittest import mock - -import config_utils -import docker -import workspace_utils - -INFRA_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) -# pylint: disable=wrong-import-position,import-error -sys.path.append(INFRA_DIR) - -import helper - - -@mock.patch('config_utils._is_dry_run', return_value=True) -@mock.patch('config_utils.GenericCiEnvironment.project_src_path', - return_value=None) -@mock.patch('os.path.basename', return_value=None) -def _create_config(config_cls, _, __, ___, **kwargs): - """Creates a config object from |config_cls| and then sets every attribute - that is a key in |kwargs| to the corresponding value. Asserts that each key in - |kwargs| is an attribute of config.""" - with mock.patch('config_utils.BaseConfig.validate', return_value=True): - config = config_cls() - for key, value in kwargs.items(): - assert hasattr(config, key), 'Config doesn\'t have attribute: ' + key - setattr(config, key, value) - - return config - - -def create_build_config(**kwargs): - """Wrapper around _create_config for build configs.""" - return _create_config(config_utils.BuildFuzzersConfig, **kwargs) - - -def create_run_config(**kwargs): - """Wrapper around _create_config for run configs.""" - return _create_config(config_utils.RunFuzzersConfig, **kwargs) - - -def create_workspace(workspace_path='/workspace'): - """Returns a workspace located at |workspace_path| ('/workspace' by - default).""" - config = create_run_config(workspace=workspace_path) - return workspace_utils.Workspace(config) - - -def patch_environ(testcase_obj, env=None, empty=False, runner=False): - """Patch environment. |testcase_obj| is the unittest.TestCase that contains - tests. |env|, if specified, is a dictionary of environment variables to start - from. If |empty| is True then the new patched environment will be empty. If - |runner| is True then the necessary environment variables will be set to run - the scripts from base-runner.""" - if env is None: - env = {} - - patcher = mock.patch.dict(os.environ, env) - testcase_obj.addCleanup(patcher.stop) - patcher.start() - if empty: - for key in os.environ.copy(): - del os.environ[key] - - if runner: - # Add the scripts for base-runner to the path since the wont be in - # /usr/local/bin on host machines during testing. - base_runner_dir = os.path.join(INFRA_DIR, 'base-images', 'base-runner') - os.environ['PATH'] = (os.environ.get('PATH', '') + os.pathsep + - base_runner_dir) - if 'GOPATH' not in os.environ: - # A GOPATH must be set or else the coverage script fails, even for getting - # the coverage of non-Go programs. - os.environ['GOPATH'] = '/root/go' - - -@contextlib.contextmanager -def temp_dir_copy(directory): - """Context manager that yields a temporary copy of |directory|.""" - with tempfile.TemporaryDirectory() as temp_dir: - temp_copy_path = os.path.join(temp_dir, os.path.basename(directory)) - shutil.copytree(directory, temp_copy_path) - yield temp_copy_path - - -@contextlib.contextmanager -def docker_temp_dir(): - """Returns a temporary a directory that is useful for use with docker. On - cleanup this contextmanager uses docker to delete the directory's contents so - that if anything is owned by root it can be deleted (which - tempfile.TemporaryDirectory() cannot do) by non-root users.""" - with tempfile.TemporaryDirectory() as temp_dir: - yield temp_dir - helper.docker_run([ - '-v', f'{temp_dir}:/temp_dir', '-t', docker.BASE_BUILDER_TAG, - '/bin/bash', '-c', 'rm -rf /temp_dir/*' - ]) diff --git a/infra/cifuzz/workspace_utils.py b/infra/cifuzz/workspace_utils.py deleted file mode 100644 index ed296bc2b..000000000 --- a/infra/cifuzz/workspace_utils.py +++ /dev/null @@ -1,75 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Module for representing the workspace directory which CIFuzz uses.""" - -import os - - -class Workspace: - """Class representing the workspace directory.""" - - def __init__(self, config): - self.workspace = config.workspace - - def initialize_dir(self, directory): # pylint: disable=no-self-use - """Creates directory if it doesn't already exist, otherwise does nothing.""" - os.makedirs(directory, exist_ok=True) - - @property - def repo_storage(self): - """The parent directory for repo storage.""" - return os.path.join(self.workspace, 'storage') - - @property - def out(self): - """The out directory used for storing the fuzzer build built by - build_fuzzers.""" - # Don't use 'out' because it needs to be used by artifacts. - return os.path.join(self.workspace, 'build-out') - - @property - def work(self): - """The directory used as the work directory for the fuzzer build/run.""" - return os.path.join(self.workspace, 'work') - - @property - def artifacts(self): - """The directory used to store artifacts for download by CI-system users.""" - # This is hardcoded by a lot of clients, so we need to use this. - return os.path.join(self.workspace, 'out', 'artifacts') - - @property - def clusterfuzz_build(self): - """The directory where builds from ClusterFuzz are stored.""" - return os.path.join(self.workspace, 'cifuzz-prev-build') - - @property - def clusterfuzz_coverage(self): - """The directory where builds from ClusterFuzz are stored.""" - return os.path.join(self.workspace, 'cifuzz-prev-coverage') - - @property - def coverage_report(self): - """The directory where coverage reports generated by cifuzz are put.""" - return os.path.join(self.workspace, 'cifuzz-coverage') - - @property - def corpora(self): - """The directory where corpora from ClusterFuzz are stored.""" - return os.path.join(self.workspace, 'cifuzz-corpus') - - @property - def pruned_corpora(self): - """The directory where pruned corpora are stored.""" - return os.path.join(self.workspace, 'cifuzz-pruned-corpus') diff --git a/infra/constants.py b/infra/constants.py deleted file mode 100644 index a323a4368..000000000 --- a/infra/constants.py +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -"""Constants for OSS-Fuzz.""" - -DEFAULT_EXTERNAL_BUILD_INTEGRATION_PATH = '.clusterfuzzlite' - -DEFAULT_LANGUAGE = 'c++' -DEFAULT_SANITIZER = 'address' -DEFAULT_ARCHITECTURE = 'x86_64' -DEFAULT_ENGINE = 'libfuzzer' -LANGUAGES = [ - 'c', - 'c++', - 'go', - 'jvm', - 'python', - 'rust', - 'swift', -] -LANGUAGES_WITH_COVERAGE_SUPPORT = ['c', 'c++', 'go', 'jvm', 'rust', 'swift'] -SANITIZERS = [ - 'address', 'none', 'memory', 'undefined', 'dataflow', 'thread', 'coverage' -] -ARCHITECTURES = ['i386', 'x86_64'] -ENGINES = ['libfuzzer', 'afl', 'honggfuzz', 'dataflow', 'none'] diff --git a/infra/helper.py b/infra/helper.py index 805f39a99..e24df4ded 100755 --- a/infra/helper.py +++ b/infra/helper.py @@ -22,7 +22,6 @@ from multiprocessing.dummy import Pool as ThreadPool import argparse import datetime import errno -import logging import os import pipes import re @@ -30,31 +29,25 @@ import subprocess import sys import templates -import constants - OSS_FUZZ_DIR = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) BUILD_DIR = os.path.join(OSS_FUZZ_DIR, 'build') -BASE_RUNNER_IMAGE = 'gcr.io/oss-fuzz-base/base-runner' - -BASE_IMAGES = { - 'generic': [ - 'gcr.io/oss-fuzz-base/base-image', - 'gcr.io/oss-fuzz-base/base-clang', - 'gcr.io/oss-fuzz-base/base-builder', - BASE_RUNNER_IMAGE, - 'gcr.io/oss-fuzz-base/base-runner-debug', - ], - 'go': ['gcr.io/oss-fuzz-base/base-builder-go'], - 'jvm': ['gcr.io/oss-fuzz-base/base-builder-jvm'], - 'python': ['gcr.io/oss-fuzz-base/base-builder-python'], - 'rust': ['gcr.io/oss-fuzz-base/base-builder-rust'], - 'swift': ['gcr.io/oss-fuzz-base/base-builder-swift'], -} +BASE_IMAGES = [ + 'gcr.io/oss-fuzz-base/base-image', + 'gcr.io/oss-fuzz-base/base-clang', + 'gcr.io/oss-fuzz-base/base-builder', + 'gcr.io/oss-fuzz-base/base-runner', + 'gcr.io/oss-fuzz-base/base-runner-debug', + 'gcr.io/oss-fuzz-base/base-sanitizer-libs-builder', + 'gcr.io/oss-fuzz-base/msan-libs-builder', +] VALID_PROJECT_NAME_REGEX = re.compile(r'^[a-zA-Z0-9_-]+$') MAX_PROJECT_NAME_LENGTH = 26 +if sys.version_info[0] >= 3: + raw_input = input # pylint: disable=invalid-name + CORPUS_URL_FORMAT = ( 'gs://{project_name}-corpus.clusterfuzz-external.appspot.com/libFuzzer/' '{fuzz_target}/') @@ -62,158 +55,60 @@ CORPUS_BACKUP_URL_FORMAT = ( 'gs://{project_name}-backup.clusterfuzz-external.appspot.com/corpus/' 'libFuzzer/{fuzz_target}/') -LANGUAGE_REGEX = re.compile(r'[^\s]+') PROJECT_LANGUAGE_REGEX = re.compile(r'\s*language\s*:\s*([^\s]+)') -WORKDIR_REGEX = re.compile(r'\s*WORKDIR\s*([^\s]+)') - -LANGUAGES_WITH_BUILDER_IMAGES = {'go', 'jvm', 'python', 'rust', 'swift'} - -if sys.version_info[0] >= 3: - raw_input = input # pylint: disable=invalid-name +# Languages from project.yaml that have code coverage support. +LANGUAGES_WITH_COVERAGE_SUPPORT = ['c', 'c++', 'go', 'rust'] # pylint: disable=too-many-lines -class Project: - """Class representing a project that is in OSS-Fuzz or an external project - (ClusterFuzzLite user).""" - - def __init__( - self, - project_name_or_path, - is_external=False, - build_integration_path=constants.DEFAULT_EXTERNAL_BUILD_INTEGRATION_PATH): - self.is_external = is_external - if self.is_external: - self.path = os.path.abspath(project_name_or_path) - self.name = os.path.basename(self.path) - self.build_integration_path = os.path.join(self.path, - build_integration_path) - else: - self.name = project_name_or_path - self.path = os.path.join(OSS_FUZZ_DIR, 'projects', self.name) - self.build_integration_path = self.path - - @property - def dockerfile_path(self): - """Returns path to the project Dockerfile.""" - return os.path.join(self.build_integration_path, 'Dockerfile') - - @property - def language(self): - """Returns project language.""" - if self.is_external: - # TODO(metzman): Handle this properly. - return constants.DEFAULT_LANGUAGE - - project_yaml_path = os.path.join(self.path, 'project.yaml') - with open(project_yaml_path) as file_handle: - content = file_handle.read() - for line in content.splitlines(): - match = PROJECT_LANGUAGE_REGEX.match(line) - if match: - return match.group(1) - - logging.warning('Language not specified in project.yaml.') - return None - - @property - def out(self): - """Returns the out dir for the project. Creates it if needed.""" - return _get_out_dir(self.name) - - @property - def work(self): - """Returns the out dir for the project. Creates it if needed.""" - return _get_project_build_subdir(self.name, 'work') - - @property - def corpus(self): - """Returns the out dir for the project. Creates it if needed.""" - return _get_project_build_subdir(self.name, 'corpus') - - def main(): # pylint: disable=too-many-branches,too-many-return-statements - """Gets subcommand from program arguments and does it. Returns 0 on success 1 - on error.""" - logging.basicConfig(level=logging.INFO) - - parser = get_parser() - args = parse_args(parser) - - # Note: this has to happen after parse_args above as parse_args needs to know - # the original CWD for external projects. + """Get subcommand from program arguments and do it.""" os.chdir(OSS_FUZZ_DIR) if not os.path.exists(BUILD_DIR): os.mkdir(BUILD_DIR) + args = parse_args() + # We have different default values for `sanitizer` depending on the `engine`. # Some commands do not have `sanitizer` argument, so `hasattr` is necessary. if hasattr(args, 'sanitizer') and not args.sanitizer: if args.engine == 'dataflow': args.sanitizer = 'dataflow' else: - args.sanitizer = constants.DEFAULT_SANITIZER + args.sanitizer = 'address' if args.command == 'generate': - result = generate(args) - elif args.command == 'build_image': - result = build_image(args) - elif args.command == 'build_fuzzers': - result = build_fuzzers(args) - elif args.command == 'check_build': - result = check_build(args) - elif args.command == 'download_corpora': - result = download_corpora(args) - elif args.command == 'run_fuzzer': - result = run_fuzzer(args) - elif args.command == 'coverage': - result = coverage(args) - elif args.command == 'reproduce': - result = reproduce(args) - elif args.command == 'shell': - result = shell(args) - elif args.command == 'pull_images': - result = pull_images() - else: - # Print help string if no arguments provided. - parser.print_help() - result = False - return bool_to_retcode(result) - - -def bool_to_retcode(boolean): - """Returns 0 if |boolean| is Truthy, 0 is the standard return code for a - successful process execution. Returns 1 otherwise, indicating the process - failed.""" - return 0 if boolean else 1 - - -def parse_args(parser, args=None): - """Parses |args| using |parser| and returns parsed args. Also changes - |args.build_integration_path| to have correct default behavior.""" + return generate(args) + if args.command == 'build_image': + return build_image(args) + if args.command == 'build_fuzzers': + return build_fuzzers(args) + if args.command == 'check_build': + return check_build(args) + if args.command == 'download_corpora': + return download_corpora(args) + if args.command == 'run_fuzzer': + return run_fuzzer(args) + if args.command == 'coverage': + return coverage(args) + if args.command == 'reproduce': + return reproduce(args) + if args.command == 'shell': + return shell(args) + if args.command == 'pull_images': + return pull_images(args) + + return 0 + + +def parse_args(args=None): + """Parses args using argparser and returns parsed args.""" # Use default argument None for args so that in production, argparse does its # normal behavior, but unittesting is easier. - parsed_args = parser.parse_args(args) - project = getattr(parsed_args, 'project', None) - if not project: - return parsed_args - - # Use hacky method for extracting attributes so that ShellTest works. - # TODO(metzman): Fix this. - is_external = getattr(parsed_args, 'external', False) - parsed_args.project = Project(parsed_args.project, is_external) - return parsed_args - - -def _add_external_project_args(parser): - parser.add_argument( - '--external', - help='Is project external?', - default=False, - action='store_true', - ) + parser = get_parser() + return parser.parse_args(args) def get_parser(): # pylint: disable=too-many-statements @@ -223,28 +118,17 @@ def get_parser(): # pylint: disable=too-many-statements generate_parser = subparsers.add_parser( 'generate', help='Generate files for new project.') - generate_parser.add_argument('project') - generate_parser.add_argument( - '--language', - default=constants.DEFAULT_LANGUAGE, - choices=['c', 'c++', 'rust', 'go', 'jvm', 'swift', 'python'], - help='Project language.') - _add_external_project_args(generate_parser) + generate_parser.add_argument('project_name') build_image_parser = subparsers.add_parser('build_image', help='Build an image.') - build_image_parser.add_argument('project') + build_image_parser.add_argument('project_name') build_image_parser.add_argument('--pull', action='store_true', help='Pull latest base image.') - build_image_parser.add_argument('--cache', - action='store_true', - default=False, - help='Use docker cache when building image.') build_image_parser.add_argument('--no-pull', action='store_true', help='Do not pull latest base image.') - _add_external_project_args(build_image_parser) build_fuzzers_parser = subparsers.add_parser( 'build_fuzzers', help='Build fuzzers for a project.') @@ -252,15 +136,10 @@ def get_parser(): # pylint: disable=too-many-statements _add_engine_args(build_fuzzers_parser) _add_sanitizer_args(build_fuzzers_parser) _add_environment_args(build_fuzzers_parser) - _add_external_project_args(build_fuzzers_parser) - build_fuzzers_parser.add_argument('project') + build_fuzzers_parser.add_argument('project_name') build_fuzzers_parser.add_argument('source_path', help='path of local source', nargs='?') - build_fuzzers_parser.add_argument('--mount_path', - dest='mount_path', - help='path to mount local source in ' - '(defaults to WORKDIR)') build_fuzzers_parser.add_argument('--clean', dest='clean', action='store_true', @@ -275,26 +154,26 @@ def get_parser(): # pylint: disable=too-many-statements check_build_parser = subparsers.add_parser( 'check_build', help='Checks that fuzzers execute without errors.') _add_architecture_args(check_build_parser) - _add_engine_args(check_build_parser, choices=constants.ENGINES) - _add_sanitizer_args(check_build_parser, choices=constants.SANITIZERS) + _add_engine_args( + check_build_parser, + choices=['libfuzzer', 'afl', 'honggfuzz', 'dataflow', 'none']) + _add_sanitizer_args( + check_build_parser, + choices=['address', 'memory', 'undefined', 'dataflow', 'thread']) _add_environment_args(check_build_parser) - check_build_parser.add_argument('project', - help='name of the project or path (external)') + check_build_parser.add_argument('project_name', help='name of the project') check_build_parser.add_argument('fuzzer_name', help='name of the fuzzer', nargs='?') - _add_external_project_args(check_build_parser) run_fuzzer_parser = subparsers.add_parser( 'run_fuzzer', help='Run a fuzzer in the emulated fuzzing environment.') _add_engine_args(run_fuzzer_parser) _add_sanitizer_args(run_fuzzer_parser) _add_environment_args(run_fuzzer_parser) - _add_external_project_args(run_fuzzer_parser) run_fuzzer_parser.add_argument( '--corpus-dir', help='directory to store corpus for the fuzz target') - run_fuzzer_parser.add_argument('project', - help='name of the project or path (external)') + run_fuzzer_parser.add_argument('project_name', help='name of the project') run_fuzzer_parser.add_argument('fuzzer_name', help='name of the fuzzer') run_fuzzer_parser.add_argument('fuzzer_args', help='arguments to pass to the fuzzer', @@ -318,40 +197,35 @@ def get_parser(): # pylint: disable=too-many-statements coverage_parser.add_argument('--corpus-dir', help='specify location of corpus' ' to be used (requires --fuzz-target argument)') - coverage_parser.add_argument('project', - help='name of the project or path (external)') + coverage_parser.add_argument('project_name', help='name of the project') coverage_parser.add_argument('extra_args', help='additional arguments to ' 'pass to llvm-cov utility.', nargs='*') - _add_external_project_args(coverage_parser) download_corpora_parser = subparsers.add_parser( 'download_corpora', help='Download all corpora for a project.') download_corpora_parser.add_argument('--fuzz-target', help='specify name of a fuzz target') - download_corpora_parser.add_argument( - 'project', help='name of the project or path (external)') + download_corpora_parser.add_argument('project_name', + help='name of the project') reproduce_parser = subparsers.add_parser('reproduce', help='Reproduce a crash.') reproduce_parser.add_argument('--valgrind', action='store_true', help='run with valgrind') - reproduce_parser.add_argument('project', - help='name of the project or path (external)') + reproduce_parser.add_argument('project_name', help='name of the project') reproduce_parser.add_argument('fuzzer_name', help='name of the fuzzer') reproduce_parser.add_argument('testcase_path', help='path of local testcase') reproduce_parser.add_argument('fuzzer_args', help='arguments to pass to the fuzzer', nargs=argparse.REMAINDER) _add_environment_args(reproduce_parser) - _add_external_project_args(reproduce_parser) shell_parser = subparsers.add_parser( 'shell', help='Run /bin/bash within the builder container.') - shell_parser.add_argument('project', - help='name of the project or path (external)') + shell_parser.add_argument('project_name', help='name of the project') shell_parser.add_argument('source_path', help='path of local source', nargs='?') @@ -359,7 +233,6 @@ def get_parser(): # pylint: disable=too-many-statements _add_engine_args(shell_parser) _add_sanitizer_args(shell_parser) _add_environment_args(shell_parser) - _add_external_project_args(shell_parser) subparsers.add_parser('pull_images', help='Pull base images.') return parser @@ -370,33 +243,29 @@ def is_base_image(image_name): return os.path.exists(os.path.join('infra', 'base-images', image_name)) -def check_project_exists(project): +def check_project_exists(project_name): """Checks if a project exists.""" - if os.path.exists(project.path): - return True - - if project.is_external: - descriptive_project_name = project.path - else: - descriptive_project_name = project.name + if not os.path.exists(_get_project_dir(project_name)): + print(project_name, 'does not exist', file=sys.stderr) + return False - logging.error('"%s" does not exist.', descriptive_project_name) - return False + return True -def _check_fuzzer_exists(project, fuzzer_name): +def _check_fuzzer_exists(project_name, fuzzer_name): """Checks if a fuzzer exists.""" command = ['docker', 'run', '--rm'] - command.extend(['-v', '%s:/out' % project.out]) - command.append(BASE_RUNNER_IMAGE) + command.extend(['-v', '%s:/out' % _get_output_dir(project_name)]) + command.append('ubuntu:16.04') command.extend(['/bin/bash', '-c', 'test -f /out/%s' % fuzzer_name]) try: subprocess.check_call(command) except subprocess.CalledProcessError: - logging.error('%s does not seem to exist. Please run build_fuzzers first.', - fuzzer_name) + print(fuzzer_name, + 'does not seem to exist. Please run build_fuzzers first.', + file=sys.stderr) return False return True @@ -412,44 +281,76 @@ def _get_command_string(command): return ' '.join(pipes.quote(part) for part in command) -def _get_project_build_subdir(project, subdir_name): - """Creates the |subdir_name| subdirectory of the |project| subdirectory in - |BUILD_DIR| and returns its path.""" - directory = os.path.join(BUILD_DIR, subdir_name, project) +def _get_project_dir(project_name): + """Returns path to the project.""" + return os.path.join(OSS_FUZZ_DIR, 'projects', project_name) + + +def get_dockerfile_path(project_name): + """Returns path to the project Dockerfile.""" + return os.path.join(_get_project_dir(project_name), 'Dockerfile') + + +def _get_corpus_dir(project_name=''): + """Creates and returns path to /corpus directory for the given project (if + specified).""" + directory = os.path.join(BUILD_DIR, 'corpus', project_name) if not os.path.exists(directory): os.makedirs(directory) return directory -def _get_out_dir(project=''): +def _get_output_dir(project_name=''): """Creates and returns path to /out directory for the given project (if specified).""" - return _get_project_build_subdir(project, 'out') + directory = os.path.join(BUILD_DIR, 'out', project_name) + if not os.path.exists(directory): + os.makedirs(directory) + return directory -def _add_architecture_args(parser, choices=None): - """Adds common architecture args.""" - if choices is None: - choices = constants.ARCHITECTURES - parser.add_argument('--architecture', - default=constants.DEFAULT_ARCHITECTURE, - choices=choices) +def _get_work_dir(project_name=''): + """Creates and returns path to /work directory for the given project (if + specified).""" + directory = os.path.join(BUILD_DIR, 'work', project_name) + if not os.path.exists(directory): + os.makedirs(directory) -def _add_engine_args(parser, choices=None): - """Adds common engine args.""" - if choices is None: - choices = constants.ENGINES - parser.add_argument('--engine', - default=constants.DEFAULT_ENGINE, - choices=choices) + return directory -def _add_sanitizer_args(parser, choices=None): - """Adds common sanitizer args.""" - if choices is None: - choices = constants.SANITIZERS +def _get_project_language(project_name): + """Returns project language.""" + project_yaml_path = os.path.join(OSS_FUZZ_DIR, 'projects', project_name, + 'project.yaml') + with open(project_yaml_path) as file_handle: + content = file_handle.read() + for line in content.splitlines(): + match = PROJECT_LANGUAGE_REGEX.match(line) + if match: + return match.group(1) + + return None + + +def _add_architecture_args(parser, choices=('x86_64', 'i386')): + """Add common architecture args.""" + parser.add_argument('--architecture', default='x86_64', choices=choices) + + +def _add_engine_args(parser, + choices=('libfuzzer', 'afl', 'honggfuzz', 'dataflow', + 'none')): + """Add common engine args.""" + parser.add_argument('--engine', default='libfuzzer', choices=choices) + + +def _add_sanitizer_args(parser, + choices=('address', 'memory', 'undefined', 'coverage', + 'dataflow', 'thread')): + """Add common sanitizer args.""" parser.add_argument( '--sanitizer', default=None, @@ -458,50 +359,47 @@ def _add_sanitizer_args(parser, choices=None): def _add_environment_args(parser): - """Adds common environment args.""" + """Add common environment args.""" parser.add_argument('-e', action='append', help="set environment variable e.g. VAR=value") -def build_image_impl(project, cache=True, pull=False): - """Builds image.""" - image_name = project.name +def build_image_impl(image_name, no_cache=False, pull=False): + """Build image.""" - if is_base_image(image_name): + proj_is_base_image = is_base_image(image_name) + if proj_is_base_image: image_project = 'oss-fuzz-base' - docker_build_dir = os.path.join(OSS_FUZZ_DIR, 'infra', 'base-images', - image_name) - dockerfile_path = os.path.join(docker_build_dir, 'Dockerfile') + dockerfile_dir = os.path.join('infra', 'base-images', image_name) else: - if not check_project_exists(project): - return False - dockerfile_path = project.dockerfile_path - docker_build_dir = project.path image_project = 'oss-fuzz' + if not check_project_exists(image_name): + return False - if pull and not pull_images(project.language): - return False + dockerfile_dir = os.path.join('projects', image_name) build_args = [] - if not cache: + if no_cache: build_args.append('--no-cache') build_args += [ - '-t', - 'gcr.io/%s/%s' % (image_project, image_name), '--file', dockerfile_path + '-t', 'gcr.io/%s/%s' % (image_project, image_name), dockerfile_dir ] - build_args.append(docker_build_dir) - return docker_build(build_args) + + return docker_build(build_args, pull=pull) def _env_to_docker_args(env_list): - """Turns envirnoment variable list into docker arguments.""" + """Turn envirnoment variable list into docker arguments.""" return sum([['-e', v] for v in env_list], []) +WORKDIR_REGEX = re.compile(r'\s*WORKDIR\s*([^\s]+)') + + def workdir_from_lines(lines, default='/src'): - """Gets the WORKDIR from the given lines.""" + """Get the WORKDIR from the given lines.""" for line in reversed(lines): # reversed to get last WORKDIR. match = re.match(WORKDIR_REGEX, line) if match: @@ -516,16 +414,18 @@ def workdir_from_lines(lines, default='/src'): return default -def _workdir_from_dockerfile(project): - """Parses WORKDIR from the Dockerfile for the given project.""" - with open(project.dockerfile_path) as file_handle: +def _workdir_from_dockerfile(project_name): + """Parse WORKDIR from the Dockerfile for the given project.""" + dockerfile_path = get_dockerfile_path(project_name) + + with open(dockerfile_path) as file_handle: lines = file_handle.readlines() - return workdir_from_lines(lines, default=os.path.join('/src', project.name)) + return workdir_from_lines(lines, default=os.path.join('/src', project_name)) def docker_run(run_args, print_output=True): - """Calls `docker run`.""" + """Call `docker run`.""" command = ['docker', 'run', '--rm', '--privileged'] # Support environments with a TTY. @@ -534,29 +434,32 @@ def docker_run(run_args, print_output=True): command.extend(run_args) - logging.info('Running: %s.', _get_command_string(command)) + print('Running:', _get_command_string(command)) stdout = None if not print_output: stdout = open(os.devnull, 'w') try: subprocess.check_call(command, stdout=stdout, stderr=subprocess.STDOUT) - except subprocess.CalledProcessError: - return False + except subprocess.CalledProcessError as error: + return error.returncode - return True + return 0 -def docker_build(build_args): - """Calls `docker build`.""" +def docker_build(build_args, pull=False): + """Call `docker build`.""" command = ['docker', 'build'] + if pull: + command.append('--pull') + command.extend(build_args) - logging.info('Running: %s.', _get_command_string(command)) + print('Running:', _get_command_string(command)) try: subprocess.check_call(command) except subprocess.CalledProcessError: - logging.error('Docker build failed.') + print('docker build failed.', file=sys.stderr) return False return True @@ -565,22 +468,22 @@ def docker_build(build_args): def docker_pull(image): """Call `docker pull`.""" command = ['docker', 'pull', image] - logging.info('Running: %s', _get_command_string(command)) + print('Running:', _get_command_string(command)) try: subprocess.check_call(command) except subprocess.CalledProcessError: - logging.error('Docker pull failed.') + print('docker pull failed.', file=sys.stderr) return False return True def build_image(args): - """Builds docker image.""" + """Build docker image.""" if args.pull and args.no_pull: - logging.error('Incompatible arguments --pull and --no-pull.') - return False + print('Incompatible arguments --pull and --no-pull.') + return 1 if args.pull: pull = True @@ -591,74 +494,89 @@ def build_image(args): pull = y_or_n.lower() == 'y' if pull: - logging.info('Pulling latest base images...') + print('Pulling latest base images...') else: - logging.info('Using cached base images...') + print('Using cached base images...') # If build_image is called explicitly, don't use cache. - if build_image_impl(args.project, cache=args.cache, pull=pull): - return True + if build_image_impl(args.project_name, no_cache=True, pull=pull): + return 0 - return False + return 1 def build_fuzzers_impl( # pylint: disable=too-many-arguments,too-many-locals,too-many-branches - project, + project_name, clean, engine, sanitizer, architecture, env_to_add, source_path, - mount_path=None): - """Builds fuzzers.""" - if not build_image_impl(project): - return False + no_cache=False, + mount_location=None): + """Build fuzzers.""" + if not build_image_impl(project_name, no_cache=no_cache): + return 1 + + project_out_dir = _get_output_dir(project_name) + project_work_dir = _get_work_dir(project_name) + project_language = _get_project_language(project_name) + if not project_language: + print('WARNING: language not specified in project.yaml. Build may fail.') if clean: - logging.info('Cleaning existing build artifacts.') + print('Cleaning existing build artifacts.') # Clean old and possibly conflicting artifacts in project's out directory. docker_run([ '-v', - '%s:/out' % project.out, '-t', - 'gcr.io/oss-fuzz/%s' % project.name, '/bin/bash', '-c', 'rm -rf /out/*' + '%s:/out' % project_out_dir, '-t', + 'gcr.io/oss-fuzz/%s' % project_name, '/bin/bash', '-c', 'rm -rf /out/*' ]) docker_run([ '-v', - '%s:/work' % project.work, '-t', - 'gcr.io/oss-fuzz/%s' % project.name, '/bin/bash', '-c', 'rm -rf /work/*' + '%s:/work' % project_work_dir, '-t', + 'gcr.io/oss-fuzz/%s' % project_name, '/bin/bash', '-c', 'rm -rf /work/*' ]) else: - logging.info('Keeping existing build artifacts as-is (if any).') + print('Keeping existing build artifacts as-is (if any).') env = [ 'FUZZING_ENGINE=' + engine, 'SANITIZER=' + sanitizer, 'ARCHITECTURE=' + architecture, ] - _add_oss_fuzz_ci_if_needed(env) - - if project.language: - env.append('FUZZING_LANGUAGE=' + project.language) + if project_language: + env.append('FUZZING_LANGUAGE=' + project_language) if env_to_add: env += env_to_add + # Copy instrumented libraries. + if sanitizer == 'memory': + docker_run([ + '-v', + '%s:/work' % project_work_dir, 'gcr.io/oss-fuzz-base/msan-libs-builder', + 'bash', '-c', 'cp -r /msan /work' + ]) + env.append('MSAN_LIBS_PATH=' + '/work/msan') + command = ['--cap-add', 'SYS_PTRACE'] + _env_to_docker_args(env) if source_path: - workdir = _workdir_from_dockerfile(project) - if mount_path: + workdir = _workdir_from_dockerfile(project_name) + if mount_location: command += [ '-v', - '%s:%s' % (_get_absolute_path(source_path), mount_path), + '%s:%s' % (_get_absolute_path(source_path), mount_location), ] else: if workdir == '/src': - logging.error('Cannot use local checkout with "WORKDIR: /src".') - return False + print('Cannot use local checkout with "WORKDIR: /src".', + file=sys.stderr) + return 1 command += [ '-v', @@ -667,52 +585,50 @@ def build_fuzzers_impl( # pylint: disable=too-many-arguments,too-many-locals,to command += [ '-v', - '%s:/out' % project.out, '-v', - '%s:/work' % project.work, '-t', - 'gcr.io/oss-fuzz/%s' % project.name + '%s:/out' % project_out_dir, '-v', + '%s:/work' % project_work_dir, '-t', + 'gcr.io/oss-fuzz/%s' % project_name ] - result = docker_run(command) - if not result: - logging.error('Building fuzzers failed.') - return False - - return True + result_code = docker_run(command) + if result_code: + print('Building fuzzers failed.', file=sys.stderr) + return result_code + # Patch MSan builds to use instrumented shared libraries. + if sanitizer == 'memory': + docker_run([ + '-v', + '%s:/out' % project_out_dir, '-v', + '%s:/work' % project_work_dir + ] + _env_to_docker_args(env) + [ + 'gcr.io/oss-fuzz-base/base-sanitizer-libs-builder', 'patch_build.py', + '/out' + ]) -def build_fuzzers(args): - """Builds fuzzers.""" - return build_fuzzers_impl(args.project, - args.clean, - args.engine, - args.sanitizer, - args.architecture, - args.e, - args.source_path, - mount_path=args.mount_path) + return 0 -def _add_oss_fuzz_ci_if_needed(env): - """Adds value of |OSS_FUZZ_CI| environment variable to |env| if it is set.""" - oss_fuzz_ci = os.getenv('OSS_FUZZ_CI') - if oss_fuzz_ci: - env.append('OSS_FUZZ_CI=' + oss_fuzz_ci) +def build_fuzzers(args): + """Build fuzzers.""" + return build_fuzzers_impl(args.project_name, args.clean, args.engine, + args.sanitizer, args.architecture, args.e, + args.source_path) def check_build(args): """Checks that fuzzers in the container execute without errors.""" - if not check_project_exists(args.project): - return False + if not check_project_exists(args.project_name): + return 1 if (args.fuzzer_name and - not _check_fuzzer_exists(args.project, args.fuzzer_name)): - return False + not _check_fuzzer_exists(args.project_name, args.fuzzer_name)): + return 1 - fuzzing_language = args.project.language - if not fuzzing_language: - fuzzing_language = constants.DEFAULT_LANGUAGE - logging.warning('Language not specified in project.yaml. Defaulting to %s.', - fuzzing_language) + fuzzing_language = _get_project_language(args.project_name) + if fuzzing_language is None: + print('WARNING: language not specified in project.yaml. Defaulting to C++.') + fuzzing_language = 'c++' env = [ 'FUZZING_ENGINE=' + args.engine, @@ -720,12 +636,13 @@ def check_build(args): 'ARCHITECTURE=' + args.architecture, 'FUZZING_LANGUAGE=' + fuzzing_language, ] - _add_oss_fuzz_ci_if_needed(env) if args.e: env += args.e run_args = _env_to_docker_args(env) + [ - '-v', '%s:/out' % args.project.out, '-t', BASE_RUNNER_IMAGE + '-v', + '%s:/out' % _get_output_dir(args.project_name), '-t', + 'gcr.io/oss-fuzz-base/base-runner' ] if args.fuzzer_name: @@ -733,45 +650,39 @@ def check_build(args): else: run_args.append('test_all.py') - result = docker_run(run_args) - if result: - logging.info('Check build passed.') + exit_code = docker_run(run_args) + if exit_code == 0: + print('Check build passed.') else: - logging.error('Check build failed.') + print('Check build failed.') - return result + return exit_code -def _get_fuzz_targets(project): - """Returns names of fuzz targest build in the project's /out directory.""" +def _get_fuzz_targets(project_name): + """Return names of fuzz targest build in the project's /out directory.""" fuzz_targets = [] - for name in os.listdir(project.out): + for name in os.listdir(_get_output_dir(project_name)): if name.startswith('afl-'): continue - if name.startswith('jazzer_'): - continue - if name == 'llvm-symbolizer': - continue - path = os.path.join(project.out, name) - # Python and JVM fuzz targets are only executable for the root user, so - # we can't use os.access. - if os.path.isfile(path) and (os.stat(path).st_mode & 0o111): + path = os.path.join(_get_output_dir(project_name), name) + if os.path.isfile(path) and os.access(path, os.X_OK): fuzz_targets.append(name) return fuzz_targets -def _get_latest_corpus(project, fuzz_target, base_corpus_dir): - """Downloads the latest corpus for the given fuzz target.""" +def _get_latest_corpus(project_name, fuzz_target, base_corpus_dir): + """Download the latest corpus for the given fuzz target.""" corpus_dir = os.path.join(base_corpus_dir, fuzz_target) if not os.path.exists(corpus_dir): os.makedirs(corpus_dir) - if not fuzz_target.startswith(project.name + '_'): - fuzz_target = '%s_%s' % (project.name, fuzz_target) + if not fuzz_target.startswith(project_name + '_'): + fuzz_target = '%s_%s' % (project_name, fuzz_target) - corpus_backup_url = CORPUS_BACKUP_URL_FORMAT.format(project_name=project.name, + corpus_backup_url = CORPUS_BACKUP_URL_FORMAT.format(project_name=project_name, fuzz_target=fuzz_target) command = ['gsutil', 'ls', corpus_backup_url] @@ -782,7 +693,8 @@ def _get_latest_corpus(project, fuzz_target, base_corpus_dir): # Some fuzz targets (e.g. new ones) may not have corpus yet, just skip those. if corpus_listing.returncode: - logging.warning('Corpus for %s not found:\n', fuzz_target) + print('WARNING: corpus for {0} not found:\n'.format(fuzz_target), + file=sys.stderr) return if output: @@ -796,73 +708,80 @@ def _get_latest_corpus(project, fuzz_target, base_corpus_dir): os.remove(archive_path) else: # Sync the working corpus copy if a minimized backup is not available. - corpus_url = CORPUS_URL_FORMAT.format(project_name=project.name, + corpus_url = CORPUS_URL_FORMAT.format(project_name=project_name, fuzz_target=fuzz_target) command = ['gsutil', '-m', '-q', 'rsync', '-R', corpus_url, corpus_dir] subprocess.check_call(command) def download_corpora(args): - """Downloads most recent corpora from GCS for the given project.""" - if not check_project_exists(args.project): - return False + """Download most recent corpora from GCS for the given project.""" + if not check_project_exists(args.project_name): + return 1 try: with open(os.devnull, 'w') as stdout: subprocess.check_call(['gsutil', '--version'], stdout=stdout) except OSError: - logging.error('gsutil not found. Please install it from ' - 'https://cloud.google.com/storage/docs/gsutil_install') + print( + 'ERROR: gsutil not found. Please install it from ' + 'https://cloud.google.com/storage/docs/gsutil_install', + file=sys.stderr) return False if args.fuzz_target: fuzz_targets = [args.fuzz_target] else: - fuzz_targets = _get_fuzz_targets(args.project) + fuzz_targets = _get_fuzz_targets(args.project_name) - corpus_dir = args.project.corpus + corpus_dir = _get_corpus_dir(args.project_name) + if not os.path.exists(corpus_dir): + os.makedirs(corpus_dir) def _download_for_single_target(fuzz_target): try: - _get_latest_corpus(args.project, fuzz_target, corpus_dir) + _get_latest_corpus(args.project_name, fuzz_target, corpus_dir) return True except Exception as error: # pylint:disable=broad-except - logging.error('Corpus download for %s failed: %s.', fuzz_target, - str(error)) + print('ERROR: corpus download for %s failed: %s' % + (fuzz_target, str(error)), + file=sys.stderr) return False - logging.info('Downloading corpora for %s project to %s.', args.project.name, - corpus_dir) + print('Downloading corpora for %s project to %s' % + (args.project_name, corpus_dir)) thread_pool = ThreadPool() return all(thread_pool.map(_download_for_single_target, fuzz_targets)) def coverage(args): - """Generates code coverage using clang source based code coverage.""" + """Generate code coverage using clang source based code coverage.""" if args.corpus_dir and not args.fuzz_target: - logging.error( - '--corpus-dir requires specifying a particular fuzz target using ' - '--fuzz-target') - return False - - if not check_project_exists(args.project): - return False - - if args.project.language not in constants.LANGUAGES_WITH_COVERAGE_SUPPORT: - logging.error( - 'Project is written in %s, coverage for it is not supported yet.', - args.project.language) - return False - - if (not args.no_corpus_download and not args.corpus_dir and - not args.project.is_external): + print( + 'ERROR: --corpus-dir requires specifying a particular fuzz target ' + 'using --fuzz-target', + file=sys.stderr) + return 1 + + if not check_project_exists(args.project_name): + return 1 + + project_language = _get_project_language(args.project_name) + if project_language not in LANGUAGES_WITH_COVERAGE_SUPPORT: + print( + 'ERROR: Project is written in %s, coverage for it is not supported yet.' + % project_language, + file=sys.stderr) + return 1 + + if not args.no_corpus_download and not args.corpus_dir: if not download_corpora(args): - return False + return 1 env = [ 'FUZZING_ENGINE=libfuzzer', - 'FUZZING_LANGUAGE=%s' % args.project.language, - 'PROJECT=%s' % args.project.name, + 'FUZZING_LANGUAGE=%s' % project_language, + 'PROJECT=%s' % args.project_name, 'SANITIZER=coverage', 'HTTP_PORT=%s' % args.port, 'COVERAGE_EXTRA_ARGS=%s' % ' '.join(args.extra_args), @@ -878,41 +797,41 @@ def coverage(args): if args.corpus_dir: if not os.path.exists(args.corpus_dir): - logging.error('The path provided in --corpus-dir argument does not ' - 'exist.') - return False + print('ERROR: the path provided in --corpus-dir argument does not exist', + file=sys.stderr) + return 1 corpus_dir = os.path.realpath(args.corpus_dir) run_args.extend(['-v', '%s:/corpus/%s' % (corpus_dir, args.fuzz_target)]) else: - run_args.extend(['-v', '%s:/corpus' % args.project.corpus]) + run_args.extend(['-v', '%s:/corpus' % _get_corpus_dir(args.project_name)]) run_args.extend([ '-v', - '%s:/out' % args.project.out, + '%s:/out' % _get_output_dir(args.project_name), '-t', - BASE_RUNNER_IMAGE, + 'gcr.io/oss-fuzz-base/base-runner', ]) run_args.append('coverage') if args.fuzz_target: run_args.append(args.fuzz_target) - result = docker_run(run_args) - if result: - logging.info('Successfully generated clang code coverage report.') + exit_code = docker_run(run_args) + if exit_code == 0: + print('Successfully generated clang code coverage report.') else: - logging.error('Failed to generate clang code coverage report.') + print('Failed to generate clang code coverage report.') - return result + return exit_code def run_fuzzer(args): """Runs a fuzzer in the container.""" - if not check_project_exists(args.project): - return False + if not check_project_exists(args.project_name): + return 1 - if not _check_fuzzer_exists(args.project, args.fuzzer_name): - return False + if not _check_fuzzer_exists(args.project_name, args.fuzzer_name): + return 1 env = [ 'FUZZING_ENGINE=' + args.engine, @@ -927,8 +846,9 @@ def run_fuzzer(args): if args.corpus_dir: if not os.path.exists(args.corpus_dir): - logging.error('The path provided in --corpus-dir argument does not exist') - return False + print('ERROR: the path provided in --corpus-dir argument does not exist', + file=sys.stderr) + return 1 corpus_dir = os.path.realpath(args.corpus_dir) run_args.extend([ '-v', @@ -938,9 +858,9 @@ def run_fuzzer(args): run_args.extend([ '-v', - '%s:/out' % args.project.out, + '%s:/out' % _get_output_dir(args.project_name), '-t', - BASE_RUNNER_IMAGE, + 'gcr.io/oss-fuzz-base/base-runner', 'run_fuzzer', args.fuzzer_name, ] + args.fuzzer_args) @@ -949,25 +869,25 @@ def run_fuzzer(args): def reproduce(args): - """Reproduces a specific test case from a specific project.""" - return reproduce_impl(args.project, args.fuzzer_name, args.valgrind, args.e, - args.fuzzer_args, args.testcase_path) + """Reproduce a specific test case from a specific project.""" + return reproduce_impl(args.project_name, args.fuzzer_name, args.valgrind, + args.e, args.fuzzer_args, args.testcase_path) def reproduce_impl( # pylint: disable=too-many-arguments - project, + project_name, fuzzer_name, valgrind, env_to_add, fuzzer_args, testcase_path, - run_function=docker_run, - err_result=False): + runner=docker_run, + err_result=1): """Reproduces a testcase in the container.""" - if not check_project_exists(project): + if not check_project_exists(project_name): return err_result - if not _check_fuzzer_exists(project, fuzzer_name): + if not _check_fuzzer_exists(project_name, fuzzer_name): return err_result debugger = '' @@ -986,7 +906,7 @@ def reproduce_impl( # pylint: disable=too-many-arguments run_args = _env_to_docker_args(env) + [ '-v', - '%s:/out' % project.out, + '%s:/out' % _get_output_dir(project_name), '-v', '%s:/testcase' % _get_absolute_path(testcase_path), '-t', @@ -996,109 +916,55 @@ def reproduce_impl( # pylint: disable=too-many-arguments '-runs=100', ] + fuzzer_args - return run_function(run_args) - + return runner(run_args) -def _validate_project_name(project_name): - """Validates |project_name| is a valid OSS-Fuzz project name.""" - if len(project_name) > MAX_PROJECT_NAME_LENGTH: - logging.error( - 'Project name needs to be less than or equal to %d characters.', - MAX_PROJECT_NAME_LENGTH) - return False - if not VALID_PROJECT_NAME_REGEX.match(project_name): - logging.info('Invalid project name: %s.', project_name) - return False - - return True - - -def _validate_language(language): - if not LANGUAGE_REGEX.match(language): - logging.error('Invalid project language %s.', language) - return False +def generate(args): + """Generate empty project files.""" + if len(args.project_name) > MAX_PROJECT_NAME_LENGTH: + print('Project name needs to be less than or equal to %d characters.' % + MAX_PROJECT_NAME_LENGTH, + file=sys.stderr) + return 1 - return True + if not VALID_PROJECT_NAME_REGEX.match(args.project_name): + print('Invalid project name.', file=sys.stderr) + return 1 + directory = os.path.join('projects', args.project_name) -def _create_build_integration_directory(directory): - """Returns True on successful creation of a build integration directory. - Suitable for OSS-Fuzz and external projects.""" try: - os.makedirs(directory) + os.mkdir(directory) except OSError as error: if error.errno != errno.EEXIST: raise - logging.error('%s already exists.', directory) - return False - return True - - -def _template_project_file(filename, template, template_args, directory): - """Templates |template| using |template_args| and writes the result to - |directory|/|filename|. Sets the file to executable if |filename| is - build.sh.""" - file_path = os.path.join(directory, filename) - with open(file_path, 'w') as file_handle: - file_handle.write(template % template_args) - - if filename == 'build.sh': - os.chmod(file_path, 0o755) - - -def generate(args): - """Generates empty project files.""" - return _generate_impl(args.project, args.language) - + print(directory, 'already exists.', file=sys.stderr) + return 1 -def _get_current_datetime(): - """Returns this year. Needed for mocking.""" - return datetime.datetime.now() + print('Writing new files to', directory) + template_args = { + 'project_name': args.project_name, + 'year': datetime.datetime.now().year + } + with open(os.path.join(directory, 'project.yaml'), 'w') as file_handle: + file_handle.write(templates.PROJECT_YAML_TEMPLATE % template_args) -def _base_builder_from_language(language): - """Returns the base builder for the specified language.""" - if language not in LANGUAGES_WITH_BUILDER_IMAGES: - return 'base-builder' - return 'base-builder-{language}'.format(language=language) - - -def _generate_impl(project, language): - """Implementation of generate(). Useful for testing.""" - if project.is_external: - # External project. - project_templates = templates.EXTERNAL_TEMPLATES - else: - # Internal project. - if not _validate_project_name(project.name): - return False - project_templates = templates.TEMPLATES - - if not _validate_language(language): - return False - - directory = project.build_integration_path - if not _create_build_integration_directory(directory): - return False + with open(os.path.join(directory, 'Dockerfile'), 'w') as file_handle: + file_handle.write(templates.DOCKER_TEMPLATE % template_args) - logging.info('Writing new files to: %s.', directory) + build_sh_path = os.path.join(directory, 'build.sh') + with open(build_sh_path, 'w') as file_handle: + file_handle.write(templates.BUILD_TEMPLATE % template_args) - template_args = { - 'project_name': project.name, - 'base_builder': _base_builder_from_language(language), - 'language': language, - 'year': _get_current_datetime().year - } - for filename, template in project_templates.items(): - _template_project_file(filename, template, template_args, directory) - return True + os.chmod(build_sh_path, 0o755) + return 0 def shell(args): """Runs a shell within a docker image.""" - if not build_image_impl(args.project): - return False + if not build_image_impl(args.project_name): + return 1 env = [ 'FUZZING_ENGINE=' + args.engine, @@ -1106,18 +972,18 @@ def shell(args): 'ARCHITECTURE=' + args.architecture, ] - if args.project.name != 'base-runner-debug': - env.append('FUZZING_LANGUAGE=' + args.project.language) + if args.project_name != 'base-runner-debug': + env.append('FUZZING_LANGUAGE=' + _get_project_language(args.project_name)) if args.e: env += args.e - if is_base_image(args.project.name): + if is_base_image(args.project_name): image_project = 'oss-fuzz-base' - out_dir = _get_out_dir() + out_dir = _get_output_dir() else: image_project = 'oss-fuzz' - out_dir = args.project.out + out_dir = _get_output_dir(args.project_name) run_args = _env_to_docker_args(env) if args.source_path: @@ -1129,25 +995,21 @@ def shell(args): run_args.extend([ '-v', '%s:/out' % out_dir, '-v', - '%s:/work' % args.project.work, '-t', - 'gcr.io/%s/%s' % (image_project, args.project.name), '/bin/bash' + '%s:/work' % _get_work_dir(args.project_name), '-t', + 'gcr.io/%s/%s' % (image_project, args.project_name), '/bin/bash' ]) docker_run(run_args) - return True + return 0 -def pull_images(language=None): - """Pulls base images used to build projects in language lang (or all if lang - is None).""" - for base_image_lang, base_images in BASE_IMAGES.items(): - if (language is None or base_image_lang == 'generic' or - base_image_lang == language): - for base_image in base_images: - if not docker_pull(base_image): - return False +def pull_images(_): + """Pull base images.""" + for base_image in BASE_IMAGES: + if not docker_pull(base_image): + return 1 - return True + return 0 if __name__ == '__main__': diff --git a/infra/helper_test.py b/infra/helper_test.py index 951eba47a..d899a835b 100644 --- a/infra/helper_test.py +++ b/infra/helper_test.py @@ -13,224 +13,23 @@ # limitations under the License. """Tests for helper.py""" -import datetime -import os -import tempfile import unittest from unittest import mock -from pyfakefs import fake_filesystem_unittest - -import constants import helper -import templates - -# pylint: disable=no-self-use,protected-access -class ShellTest(unittest.TestCase): +class TestShell(unittest.TestCase): """Tests 'shell' command.""" @mock.patch('helper.docker_run') @mock.patch('helper.build_image_impl') - def test_base_runner_debug(self, _, __): + def test_base_runner_debug(self, mocked_build_image_impl, _): """Tests that shell base-runner-debug works as intended.""" image_name = 'base-runner-debug' unparsed_args = ['shell', image_name] - parser = helper.get_parser() - args = helper.parse_args(parser, unparsed_args) + args = helper.parse_args(unparsed_args) args.sanitizer = 'address' result = helper.shell(args) - self.assertTrue(result) - - -class BuildImageImplTest(unittest.TestCase): - """Tests for build_image_impl.""" - - @mock.patch('helper.docker_build') - def test_no_cache(self, mock_docker_build): - """Tests that cache=False is handled properly.""" - image_name = 'base-image' - helper.build_image_impl(helper.Project(image_name), cache=False) - self.assertIn('--no-cache', mock_docker_build.call_args_list[0][0][0]) - - @mock.patch('helper.docker_build') - @mock.patch('helper.pull_images') - def test_pull(self, mock_pull_images, _): - """Tests that pull=True is handled properly.""" - image_name = 'base-image' - project = helper.Project(image_name, is_external=True) - self.assertTrue(helper.build_image_impl(project, pull=True)) - mock_pull_images.assert_called_with('c++') - - @mock.patch('helper.docker_build') - def test_base_image(self, mock_docker_build): - """Tests that build_image_impl works as intended with a base-image.""" - image_name = 'base-image' - self.assertTrue(helper.build_image_impl(helper.Project(image_name))) - build_dir = os.path.join(helper.OSS_FUZZ_DIR, - 'infra/base-images/base-image') - mock_docker_build.assert_called_with([ - '-t', 'gcr.io/oss-fuzz-base/base-image', '--file', - os.path.join(build_dir, 'Dockerfile'), build_dir - ]) - - @mock.patch('helper.docker_build') - def test_oss_fuzz_project(self, mock_docker_build): - """Tests that build_image_impl works as intended with an OSS-Fuzz - project.""" - project_name = 'example' - self.assertTrue(helper.build_image_impl(helper.Project(project_name))) - build_dir = os.path.join(helper.OSS_FUZZ_DIR, 'projects', project_name) - mock_docker_build.assert_called_with([ - '-t', 'gcr.io/oss-fuzz/example', '--file', - os.path.join(build_dir, 'Dockerfile'), build_dir - ]) - - @mock.patch('helper.docker_build') - def test_external_project(self, mock_docker_build): - """Tests that build_image_impl works as intended with a non-OSS-Fuzz - project.""" - with tempfile.TemporaryDirectory() as temp_dir: - project_src_path = os.path.join(temp_dir, 'example') - os.mkdir(project_src_path) - build_integration_path = 'build-integration' - project = helper.Project(project_src_path, - is_external=True, - build_integration_path=build_integration_path) - self.assertTrue(helper.build_image_impl(project)) - mock_docker_build.assert_called_with([ - '-t', 'gcr.io/oss-fuzz/example', '--file', - os.path.join(project_src_path, build_integration_path, 'Dockerfile'), - project_src_path - ]) - - -class GenerateImplTest(fake_filesystem_unittest.TestCase): - """Tests for _generate_impl.""" - PROJECT_NAME = 'newfakeproject' - PROJECT_LANGUAGE = 'python' - - def setUp(self): - self.setUpPyfakefs() - self.fs.add_real_directory(helper.OSS_FUZZ_DIR) - - def _verify_templated_files(self, template_dict, directory, language): - template_args = { - 'project_name': self.PROJECT_NAME, - 'year': 2021, - 'base_builder': helper._base_builder_from_language(language), - 'language': language, - } - for filename, template in template_dict.items(): - file_path = os.path.join(directory, filename) - with open(file_path, 'r') as file_handle: - contents = file_handle.read() - self.assertEqual(contents, template % template_args) - - @mock.patch('helper._get_current_datetime', - return_value=datetime.datetime(year=2021, month=1, day=1)) - def test_generate_oss_fuzz_project(self, _): - """Tests that the correct files are generated for an OSS-Fuzz project.""" - helper._generate_impl(helper.Project(self.PROJECT_NAME), - self.PROJECT_LANGUAGE) - self._verify_templated_files( - templates.TEMPLATES, - os.path.join(helper.OSS_FUZZ_DIR, 'projects', self.PROJECT_NAME), - self.PROJECT_LANGUAGE) - - def test_generate_external_project(self): - """Tests that the correct files are generated for a non-OSS-Fuzz project.""" - build_integration_path = '/newfakeproject/build-integration' - helper._generate_impl( - helper.Project('/newfakeproject/', - is_external=True, - build_integration_path=build_integration_path), - self.PROJECT_LANGUAGE) - self._verify_templated_files(templates.EXTERNAL_TEMPLATES, - build_integration_path, self.PROJECT_LANGUAGE) - - def test_generate_swift_project(self): - """Tests that the swift project uses the correct base image.""" - helper._generate_impl(helper.Project(self.PROJECT_NAME), 'swift') - self._verify_templated_files( - templates.TEMPLATES, - os.path.join(helper.OSS_FUZZ_DIR, 'projects', self.PROJECT_NAME), - 'swift') - - -class ProjectTest(fake_filesystem_unittest.TestCase): - """Tests for Project class.""" - - def setUp(self): - self.project_name = 'project' - self.internal_project = helper.Project(self.project_name) - self.external_project_path = os.path.join('/path', 'to', self.project_name) - self.external_project = helper.Project(self.external_project_path, - is_external=True) - self.setUpPyfakefs() - - def test_init_external_project(self): - """Tests __init__ method for external projects.""" - self.assertEqual(self.external_project.name, self.project_name) - self.assertEqual(self.external_project.path, self.external_project_path) - self.assertEqual( - self.external_project.build_integration_path, - os.path.join(self.external_project_path, - constants.DEFAULT_EXTERNAL_BUILD_INTEGRATION_PATH)) - - def test_init_internal_project(self): - """Tests __init__ method for internal projects.""" - self.assertEqual(self.internal_project.name, self.project_name) - path = os.path.join(helper.OSS_FUZZ_DIR, 'projects', self.project_name) - self.assertEqual(self.internal_project.path, path) - self.assertEqual(self.internal_project.build_integration_path, path) - - def test_dockerfile_path_internal_project(self): - """Tests that dockerfile_path works as intended.""" - self.assertEqual( - self.internal_project.dockerfile_path, - os.path.join(helper.OSS_FUZZ_DIR, 'projects', self.project_name, - 'Dockerfile')) - - def test_dockerfile_path_external_project(self): - """Tests that dockerfile_path works as intended.""" - self.assertEqual( - self.external_project.dockerfile_path, - os.path.join(self.external_project_path, - constants.DEFAULT_EXTERNAL_BUILD_INTEGRATION_PATH, - 'Dockerfile')) - - def test_out(self): - """Tests that out works as intended.""" - out_dir = self.internal_project.out - self.assertEqual( - out_dir, - os.path.join(helper.OSS_FUZZ_DIR, 'build', 'out', self.project_name)) - self.assertTrue(os.path.exists(out_dir)) - - def test_work(self): - """Tests that work works as intended.""" - work_dir = self.internal_project.work - self.assertEqual( - work_dir, - os.path.join(helper.OSS_FUZZ_DIR, 'build', 'work', self.project_name)) - self.assertTrue(os.path.exists(work_dir)) - - def test_corpus(self): - """Tests that corpus works as intended.""" - corpus_dir = self.internal_project.corpus - self.assertEqual( - corpus_dir, - os.path.join(helper.OSS_FUZZ_DIR, 'build', 'corpus', self.project_name)) - self.assertTrue(os.path.exists(corpus_dir)) - - def test_language_internal_project(self): - """Tests that language works as intended for an internal project.""" - project_yaml_path = os.path.join(self.internal_project.path, 'project.yaml') - self.fs.create_file(project_yaml_path, contents='language: python') - self.assertEqual(self.internal_project.language, 'python') - - def test_language_external_project(self): - """Tests that language works as intended for an external project.""" - self.assertEqual(self.external_project.language, 'c++') + mocked_build_image_impl.assert_called_with(image_name) + self.assertEqual(result, 0) diff --git a/infra/presubmit.py b/infra/presubmit.py index 6db1862be..90b4f90ac 100755 --- a/infra/presubmit.py +++ b/infra/presubmit.py @@ -1,5 +1,5 @@ #!/usr/bin/env python3 -# Copyright 2020 Google LLC +# Copyright 2020 Google LLC. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,7 +14,7 @@ # limitations under the License. # ################################################################################ -"""Checks code for common issues before submitting.""" +"""Check code for common issues before submitting.""" import argparse import os @@ -23,8 +23,6 @@ import sys import unittest import yaml -import constants - _SRC_ROOT = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) @@ -64,8 +62,8 @@ def _check_one_lib_fuzzing_engine(build_sh_file): def check_lib_fuzzing_engine(paths): - """Calls _check_one_lib_fuzzing_engine on each path in |paths|. Returns True - if the result of every call is True.""" + """Call _check_one_lib_fuzzing_engine on each path in |paths|. Return True if + the result of every call is True.""" return all([_check_one_lib_fuzzing_engine(path) for path in paths]) @@ -75,9 +73,9 @@ class ProjectYamlChecker: # Sections in a project.yaml and the constant values that they are allowed # to have. SECTIONS_AND_CONSTANTS = { - 'sanitizers': constants.SANITIZERS, - 'architectures': constants.ARCHITECTURES, - 'fuzzing_engines': constants.ENGINES, + 'sanitizers': {'address', 'none', 'memory', 'undefined', 'dataflow'}, + 'architectures': {'i386', 'x86_64'}, + 'fuzzing_engines': {'afl', 'libfuzzer', 'honggfuzz', 'dataflow', 'none'}, } # Note: this list must be updated when we allow new sections. @@ -102,6 +100,15 @@ class ProjectYamlChecker: 'view_restrictions', ] + LANGUAGES_SUPPORTED = [ + 'c', + 'c++', + 'go', + 'jvm', + 'python', + 'rust', + ] + # Note that some projects like boost only have auto-ccs. However, forgetting # primary contact is probably a mistake. REQUIRED_SECTIONS = ['primary_contact', 'main_repo'] @@ -114,7 +121,7 @@ class ProjectYamlChecker: self.success = True def do_checks(self): - """Does all project.yaml checks. Returns True if they pass.""" + """Do all project.yaml checks. Return True if they pass.""" if self.is_disabled(): return True @@ -124,43 +131,23 @@ class ProjectYamlChecker: self.check_valid_section_names, self.check_valid_emails, self.check_valid_language, - self.check_dataflow, ] for check_function in checks: check_function() return self.success def is_disabled(self): - """Returns True if this project is disabled.""" + """Is this project disabled.""" return self.data.get('disabled', False) def error(self, message): - """Prints an error message and sets self.success to False.""" + """Print an error message and set self.success to False.""" self.success = False print('Error in {filename}: {message}'.format(filename=self.filename, message=message)) - def check_dataflow(self): - """Checks that if "dataflow" is specified in "fuzzing_engines", it is also - specified in "sanitizers", and that if specified in "sanitizers", it is also - specified in "fuzzing_engines". Returns True if this condition is met.""" - engines = self.data.get('fuzzing_engines', []) - dfsan_engines = 'dataflow' in engines - sanitizers = self.data.get('sanitizers', []) - dfsan_sanitizers = 'dataflow' in sanitizers - - if dfsan_engines and not dfsan_sanitizers: - self.error('"dataflow" only specified in "fuzzing_engines" must also be ' - 'specified in "sanitizers" or in neither.') - return - - if dfsan_sanitizers and not dfsan_engines: - self.error('"dataflow" only specified in "sanitizers" must also be ' - 'specified in "fuzzing_engines" or in neither.') - return - def check_project_yaml_constants(self): - """Returns True if certain sections only have certain constant values.""" + """Check that certain sections only have certain constant values.""" for section, allowed_constants in self.SECTIONS_AND_CONSTANTS.items(): if section not in self.data: continue @@ -185,20 +172,20 @@ class ProjectYamlChecker: self.error('Not allowed value in the project.yaml: ' + str(constant)) def check_valid_section_names(self): - """Returns True if all section names are valid.""" + """Check that only valid sections are included.""" for name in self.data: if name not in self.VALID_SECTION_NAMES: self.error('{name} is not a valid section name ({valid_names})'.format( name=name, valid_names=self.VALID_SECTION_NAMES)) def check_required_sections(self): - """Returns True if all required sections are in |self.data|.""" + """Check that all required sections are present.""" for section in self.REQUIRED_SECTIONS: if section not in self.data: self.error(section + ' section is missing.') def check_valid_emails(self): - """Returns True if emails are valid looking..""" + """Check that emails are valid looking.""" # Get email addresses. email_addresses = [] primary_contact = self.data.get('primary_contact') @@ -214,18 +201,18 @@ class ProjectYamlChecker: self.error(email_address + ' is an invalid email address.') def check_valid_language(self): - """Returns True if the language is specified and valid.""" + """Check that the language is specified and valid.""" language = self.data.get('language') if not language: self.error('Missing "language" attribute in project.yaml.') - elif language not in constants.LANGUAGES: + elif language not in self.LANGUAGES_SUPPORTED: self.error( '"language: {language}" is not supported ({supported}).'.format( - language=language, supported=constants.LANGUAGES)) + language=language, supported=self.LANGUAGES_SUPPORTED)) def _check_one_project_yaml(project_yaml_filename): - """Does checks on the project.yaml file. Returns True on success.""" + """Do checks on the project.yaml file.""" if not _is_project_file(project_yaml_filename, 'project.yaml'): return True @@ -234,13 +221,13 @@ def _check_one_project_yaml(project_yaml_filename): def check_project_yaml(paths): - """Calls _check_one_project_yaml on each path in |paths|. Returns True if the - result of every call is True.""" + """Call _check_one_project_yaml on each path in |paths|. Return True if + the result of every call is True.""" return all([_check_one_project_yaml(path) for path in paths]) def do_checks(changed_files): - """Runs all presubmit checks. Returns False if any fails.""" + """Run all presubmit checks return False if any fails.""" checks = [ check_license, yapf, lint, check_project_yaml, check_lib_fuzzing_engine ] @@ -258,7 +245,6 @@ _CHECK_LICENSE_EXTENSIONS = [ '.cc', '.cpp', '.css', - '.Dockerfile', '.h', '.htm', '.html', @@ -267,21 +253,17 @@ _CHECK_LICENSE_EXTENSIONS = [ '.py', '.sh', ] -THIRD_PARTY_DIR_NAME = 'third_party' _LICENSE_STRING = 'http://www.apache.org/licenses/LICENSE-2.0' def check_license(paths): - """Validates license header.""" + """Validate license header.""" if not paths: return True success = True for path in paths: - path_parts = str(path).split(os.sep) - if any(path_part == THIRD_PARTY_DIR_NAME for path_part in path_parts): - continue filename = os.path.basename(path) extension = os.path.splitext(path)[1] if (filename not in _CHECK_LICENSE_FILENAMES and @@ -297,7 +279,7 @@ def check_license(paths): def bool_to_returncode(success): - """Returns 0 if |success|. Otherwise returns 1.""" + """Return 0 if |success|. Otherwise return 1.""" if success: print('Success.') return 0 @@ -312,7 +294,7 @@ def is_nonfuzzer_python(path): def lint(_=None): - """Runs python's linter on infra. Returns False if it fails linting.""" + """Run python's linter on infra. Return False if it fails linting.""" command = ['python3', '-m', 'pylint', '-j', '0', 'infra'] returncode = subprocess.run(command, check=False).returncode @@ -320,9 +302,9 @@ def lint(_=None): def yapf(paths, validate=True): - """Does yapf on |path| if it is Python file. Only validates format if - |validate|. Otherwise, formats the file. Returns False if validation or - formatting fails.""" + """Do yapf on |path| if it is Python file. Only validates format if + |validate| otherwise, formats the file. Returns False if validation + or formatting fails.""" paths = [path for path in paths if is_nonfuzzer_python(path)] if not paths: return True @@ -336,9 +318,9 @@ def yapf(paths, validate=True): def get_changed_files(): - """Returns a list of absolute paths of files changed in this git branch.""" + """Return a list of absolute paths of files changed in this git branch.""" branch_commit_hash = subprocess.check_output( - ['git', 'merge-base', 'HEAD', 'origin/HEAD']).strip().decode() + ['git', 'merge-base', 'FETCH_HEAD', 'origin/HEAD']).strip().decode() diff_commands = [ # Return list of modified files in the commits on this branch. @@ -372,9 +354,9 @@ def run_build_tests(): def run_nonbuild_tests(parallel): - """Runs all tests but build tests. Does them in parallel if |parallel|. The - reason why we exclude build tests is because they use an emulator that - prevents them from being used in parallel.""" + """Run all tests but build tests. Do it in parallel if |parallel|. The reason + why we exclude build tests is because they use an emulator that prevents them + from being used in parallel.""" # We look for all project directories because otherwise pytest won't run tests # that are not in valid modules (e.g. "base-images"). relevant_dirs = set() @@ -387,34 +369,21 @@ def run_nonbuild_tests(parallel): # pass directories to pytest. command = [ 'pytest', + # Test errors with error: "ModuleNotFoundError: No module named 'apt'. + '--ignore-glob=infra/base-images/base-sanitizer-libs-builder/*', '--ignore-glob=infra/build/*', ] if parallel: command.extend(['-n', 'auto']) command += list(relevant_dirs) print('Running non-build tests.') + return subprocess.run(command, check=False).returncode == 0 - # TODO(metzman): Get rid of this once config_utils stops using it. - env = os.environ.copy() - env['CIFUZZ_TEST'] = '1' - - return subprocess.run(command, check=False, env=env).returncode == 0 - -def run_tests(_=None, parallel=False, build_tests=True, nonbuild_tests=True): +def run_tests(_=None, parallel=False): """Runs all unit tests.""" - build_success = True - nonbuild_success = True - if nonbuild_tests: - nonbuild_success = run_nonbuild_tests(parallel) - else: - print('Skipping nonbuild tests as specified.') - - if build_tests: - build_success = run_build_tests() - else: - print('Skipping build tests as specified.') - + nonbuild_success = run_nonbuild_tests(parallel) + build_success = run_build_tests() return nonbuild_success and build_success @@ -442,17 +411,6 @@ def main(): action='store_true', help='Run tests in parallel.', default=False) - parser.add_argument('-s', - '--skip-build-tests', - action='store_true', - help='Skip build tests which are slow and must run ' - 'sequentially.', - default=False) - parser.add_argument('-n', - '--skip-nonbuild-tests', - action='store_true', - help='Only do build tests.', - default=False) args = parser.parse_args() if args.all_files: @@ -476,10 +434,7 @@ def main(): return bool_to_returncode(success) if args.command == 'infra-tests': - success = run_tests(relevant_files, - parallel=args.parallel, - build_tests=(not args.skip_build_tests), - nonbuild_tests=(not args.skip_nonbuild_tests)) + success = run_tests(relevant_files, parallel=args.parallel) return bool_to_returncode(success) # Do all the checks (but no tests). diff --git a/infra/pytest.ini b/infra/pytest.ini index 2a10272e2..d9bb3737e 100644 --- a/infra/pytest.ini +++ b/infra/pytest.ini @@ -1,3 +1,2 @@ [pytest] -python_files = *_test.py -log_cli = true
\ No newline at end of file +python_files = *_test.py
\ No newline at end of file diff --git a/infra/repo_manager.py b/infra/repo_manager.py index 07880d81a..a0b97b3ef 100644 --- a/infra/repo_manager.py +++ b/infra/repo_manager.py @@ -135,7 +135,7 @@ class RepoManager: check_result=True) self.git(['remote', 'update'], check_result=True) - def get_commit_list(self, newest_commit, oldest_commit=None, limit=None): + def get_commit_list(self, newest_commit, oldest_commit=None): """Gets the list of commits(inclusive) between the old and new commits. Args: @@ -162,11 +162,7 @@ class RepoManager: else: commit_range = newest_commit - limit_args = [] - if limit: - limit_args.append(f'--max-count={limit}') - - out, _, err_code = self.git(['rev-list', commit_range] + limit_args) + out, _, err_code = self.git(['rev-list', commit_range]) commits = out.split('\n') commits = [commit for commit in commits if commit] if err_code or not commits: diff --git a/infra/retry.py b/infra/retry.py index 1f6d54b8d..1a94180c6 100644 --- a/infra/retry.py +++ b/infra/retry.py @@ -56,9 +56,9 @@ def wrap(retries, """Handle retry.""" if (exception is None or isinstance(exception, exception_type)) and num_try < tries: - logging.info('Retrying on %s failed with %s. Retrying again.', - function_with_type, - sys.exc_info()[1]) + logging.log('Retrying on %s failed with %s. Retrying again.', + function_with_type, + sys.exc_info()[1]) sleep(get_delay(num_try, delay, backoff)) return True diff --git a/infra/run_fuzzers.Dockerfile b/infra/run_fuzzers.Dockerfile index 8c8d7bb1b..b00bb12b9 100644 --- a/infra/run_fuzzers.Dockerfile +++ b/infra/run_fuzzers.Dockerfile @@ -13,8 +13,7 @@ # limitations under the License. # ################################################################################ -# Docker image for running fuzzers on CIFuzz (the run_fuzzers action on GitHub -# actions). +# Docker image to run the CIFuzz action run_fuzzers in. FROM gcr.io/oss-fuzz-base/cifuzz-base @@ -23,9 +22,5 @@ FROM gcr.io/oss-fuzz-base/cifuzz-base # just expand to '/opt/oss-fuzz'. ENTRYPOINT ["python3", "/opt/oss-fuzz/infra/cifuzz/run_fuzzers_entrypoint.py"] -WORKDIR ${OSS_FUZZ_ROOT}/infra - # Copy infra source code. -ADD . ${OSS_FUZZ_ROOT}/infra - -RUN python3 -m pip install -r ${OSS_FUZZ_ROOT}/infra/cifuzz/requirements.txt +ADD . ${OSS_FUZZ_ROOT}/infra
\ No newline at end of file diff --git a/infra/templates.py b/infra/templates.py index 3db291453..f16da924f 100755 --- a/infra/templates.py +++ b/infra/templates.py @@ -17,7 +17,7 @@ PROJECT_YAML_TEMPLATE = """\ homepage: "<your_project_homepage>" -language: %(language)s" +language: <programming_language> # Example values: c, c++, go, rust. primary_contact: "<primary_contact_email>" main_repo: "https://path/to/main/repo.git" """ @@ -39,21 +39,13 @@ DOCKER_TEMPLATE = """\ # ################################################################################ -FROM gcr.io/oss-fuzz-base/%(base_builder)s +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool RUN git clone --depth 1 <git_url> %(project_name)s # or use other version control WORKDIR %(project_name)s COPY build.sh $SRC/ """ -EXTERNAL_DOCKER_TEMPLATE = """\ -FROM gcr.io/oss-fuzz-base/%(base_builder)s:v1 -RUN apt-get update && apt-get install -y make autoconf automake libtool -RUN COPY . $SRC/%(project_name)s -WORKDIR %(project_name)s -COPY .clusterfuzzlite/build.sh $SRC/ -""" - BUILD_TEMPLATE = """\ #!/bin/bash -eu # Copyright %(year)d Google LLC @@ -84,30 +76,3 @@ BUILD_TEMPLATE = """\ # /path/to/name_of_fuzzer.cc -o $OUT/name_of_fuzzer \\ # $LIB_FUZZING_ENGINE /path/to/library.a """ - -EXTERNAL_BUILD_TEMPLATE = """\ -#!/bin/bash -eu - -# build project -# e.g. -# ./autogen.sh -# ./configure -# make -j$(nproc) all - -# build fuzzers -# e.g. -# $CXX $CXXFLAGS -std=c++11 -Iinclude \\ -# /path/to/name_of_fuzzer.cc -o $OUT/name_of_fuzzer \\ -# $LIB_FUZZING_ENGINE /path/to/library.a -""" - -TEMPLATES = { - 'build.sh': BUILD_TEMPLATE, - 'Dockerfile': DOCKER_TEMPLATE, - 'project.yaml': PROJECT_YAML_TEMPLATE -} - -EXTERNAL_TEMPLATES = { - 'build.sh': EXTERNAL_BUILD_TEMPLATE, - 'Dockerfile': EXTERNAL_DOCKER_TEMPLATE -} diff --git a/infra/test_helpers.py b/infra/test_helpers.py new file mode 100644 index 000000000..be0b1b811 --- /dev/null +++ b/infra/test_helpers.py @@ -0,0 +1,39 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Contains convenient helpers for writing tests.""" + +import contextlib +import os +import shutil +import tempfile +from unittest import mock + + +def patch_environ(testcase_obj, env=None): + """Patch environment.""" + if env is None: + env = {} + + patcher = mock.patch.dict(os.environ, env) + testcase_obj.addCleanup(patcher.stop) + patcher.start() + + +@contextlib.contextmanager +def temp_dir_copy(directory): + """Context manager that yields a temporary copy of |directory|.""" + with tempfile.TemporaryDirectory() as temp_dir: + temp_copy_path = os.path.join(temp_dir, os.path.basename(directory)) + shutil.copytree(directory, temp_copy_path) + yield temp_copy_path diff --git a/infra/test_repos.py b/infra/test_repos.py index 389876864..fb12fbec5 100644 --- a/infra/test_repos.py +++ b/infra/test_repos.py @@ -27,7 +27,7 @@ import os ExampleRepo = collections.namedtuple('ExampleRepo', [ 'project_name', 'oss_repo_name', 'git_repo_name', 'image_location', 'git_url', 'new_commit', 'old_commit', 'intro_commit', 'fuzz_target', - 'testcase_path' + 'test_case_path' ]) TEST_DIR_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), @@ -36,8 +36,6 @@ TEST_DIR_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), # WARNING: Tests are dependent upon the following repos existing and the # specified commits existing. # TODO(metzman): Fix this problem. -# TODO(metzman): The testcases got deleted here because the test that used them -# was skipped. Probably worth deleting the test. TEST_REPOS = [ ExampleRepo(project_name='curl', oss_repo_name='curl', @@ -48,7 +46,7 @@ TEST_REPOS = [ new_commit='dda418266c99ceab368d723facb52069cbb9c8d5', intro_commit='df26f5f9c36e19cd503c0e462e9f72ad37b84c82', fuzz_target='curl_fuzzer_ftp', - testcase_path=os.path.join(TEST_DIR_PATH, 'curl_test_data')), + test_case_path=os.path.join(TEST_DIR_PATH, 'curl_test_data')), ExampleRepo(project_name='libarchive', oss_repo_name='libarchive', git_repo_name='libarchive', @@ -58,8 +56,8 @@ TEST_REPOS = [ new_commit='458e49358f17ec58d65ab1c45cf299baaf3c98d1', intro_commit='840266712006de5e737f8052db920dfea2be4260', fuzz_target='libarchive_fuzzer', - testcase_path=os.path.join(TEST_DIR_PATH, - 'libarchive_test_data')), + test_case_path=os.path.join(TEST_DIR_PATH, + 'libarchive_test_data')), ExampleRepo(project_name='gonids', oss_repo_name='gonids', git_repo_name='gonids', @@ -69,7 +67,7 @@ TEST_REPOS = [ new_commit='', intro_commit='', fuzz_target='', - testcase_path='') + test_case_path='') ] INVALID_REPO = ExampleRepo(project_name='notaproj', @@ -81,4 +79,4 @@ INVALID_REPO = ExampleRepo(project_name='notaproj', new_commit='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', intro_commit='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', fuzz_target='NONEFUZZER', - testcase_path='not/a/path') + test_case_path='not/a/path') diff --git a/infra/triage-party/README.md b/infra/triage-party/README.md deleted file mode 100644 index 2ab424148..000000000 --- a/infra/triage-party/README.md +++ /dev/null @@ -1,13 +0,0 @@ -# triage-party - -This folder contains the triage party config and deploy script for the oss-fuzz instance of [triage-party](https://github.com/google/triage-party). - -To make changes to triage party, you'll need to: -1. Make changes to the [config](oss-fuzz.yaml) -1. Deploy a new revision to Cloud Run via [deploy.sh](deploy.sh): - -``` -GITHUB_TOKEN_PATH=[path to file containing github token] DB_PASS=[CloudSQL database password] ./deploy.sh -``` - -Visit https://triage-party-pahypmb2lq-uc.a.run.app to join the party! diff --git a/infra/triage-party/deploy.sh b/infra/triage-party/deploy.sh deleted file mode 100755 index cabdf43ab..000000000 --- a/infra/triage-party/deploy.sh +++ /dev/null @@ -1,42 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -eux - - -export PROJECT=oss-fuzz -export IMAGE=gcr.io/oss-fuzz-base/triage-party -export SERVICE_NAME=triage-party -export CONFIG_FILE=config/examples/oss-fuzz.yaml - - -# Copy triage-party into tmp dir, and copy config into correct spot -readonly clean_repo=$(mktemp -d) -git clone --depth 1 https://github.com/google/triage-party.git "${clean_repo}" -cp ./oss-fuzz.yaml "${clean_repo}"/${CONFIG_FILE} -cd "${clean_repo}" - - -docker build -t "${IMAGE}" --build-arg "CFG=./${CONFIG_FILE}" . -docker push "${IMAGE}" || exit 2 - -readonly token="$(cat "${GITHUB_TOKEN_PATH}")" -gcloud beta run deploy "${SERVICE_NAME}" \ - --project "${PROJECT}" \ - --image "${IMAGE}" \ - --set-env-vars="GITHUB_TOKEN=${token},PERSIST_BACKEND=cloudsql,PERSIST_PATH=tp:${DB_PASS}@tcp(oss-fuzz/us-central1/triage-party)/tp" \ - --allow-unauthenticated \ - --region us-central1 \ - --memory 384Mi \ - --platform managed diff --git a/infra/triage-party/oss-fuzz.yaml b/infra/triage-party/oss-fuzz.yaml deleted file mode 100644 index 107e53e40..000000000 --- a/infra/triage-party/oss-fuzz.yaml +++ /dev/null @@ -1,172 +0,0 @@ -settings: - name: oss-fuzz - repos: - - https://github.com/google/oss-fuzz - -collections: - - id: Fuzzing Issues - name: Fuzzing Issues - dedup: true - description: > - Status of issues across oss-fuzz repos - rules: - # People who need a response - - fuzz-issue-updated-support - # fuzzing issues - - fuzz-bugs - - fuzz-priority - # Issues needing reprioritization - - fuzz-many-reactions - - fuzz-many-commenters - - fuzz-issue-zombies - # People with questions - - fuzz-issue-has-question - - id: PRs - fuzzing - name: OSS Fuzz PRs - description: > - Status of PRs in OSS-Fuzz - rules: - - prs-fuzz - - fuzz-pr-approved-stale - - fuzz-pr-unapproved-stale - - -rules: - ### Pull requests - - prs-fuzz: - name: "OSS Fuzz PRs" - type: pull_request - resolution: "Review requests or mark them as do-not-merge/work-in-progress" - filters: - - title: "!.*(WIP|wip).*" - - tag: "!(changes-requested|draft|approved)" - repos: - - https://github.com/google/oss-fuzz - - # PR's needing closure - fuzz-pr-approved-stale: - name: "Pull requests: Approved and getting old" - resolution: "Merge PR" - type: pull_request - filters: - - label: "approved" - - updated: +2d - - responded: +1d - repos: - - https://github.com/google/oss-fuzz - - fuzz-pr-unapproved-stale: - name: "Pull Requests: Stale" - resolution: "Add comment and/or close PR" - type: pull_request - filters: - - created: +3d - - updated: +2d - - responded: +1d - - tag: "!draft" - repos: - - https://github.com/google/oss-fuzz - - pr-approved-stale: - name: "Pull requests: Approved and getting old" - resolution: "Merge PR" - type: pull_request - filters: - - label: "approved" - - updated: +5d - - responded: +2d - - pr-unapproved-stale: - name: "Pull Requests: Stale" - type: pull_request - resolution: "Add comment and/or close PR" - filters: - - created: +20d - - updated: +5d - - responded: +2d - - - ### Fuzzing Issues - - fuzz-bugs: - name: "Fuzzing bugs that have not been commented on for 6 months" - resolution: "comment a status update" - type: issue - filters: - - label: "bug" - - responded: +180d - - tag: "!member-last" - repos: - - https://github.com/google/oss-fuzz - - - fuzz-priority: - name: "Fuzzing priority issues that have not been commented on for 6 months" - resolution: "comment a status update" - type: issue - filters: - - label: "priority" - - responded: +180d - - tag: "!member-last" - repos: - - https://github.com/google/oss-fuzz - - - fuzz-many-reactions: - name: "many reactions, low priority" - resolution: "Upgrade to priority" - filters: - - reactions: ">3" - - reactions-per-month: ">0.75" - - label: "!priority" - repos: - - https://github.com/google/oss-fuzz - - fuzz-many-commenters: - name: "many commenters, low priority" - resolution: "Upgrade to priority" - filters: - - commenters: ">2" - - commenters-per-month: ">1.9" - - created: "+30d" - - label: "!priority" - repos: - - https://github.com/google/oss-fuzz - - fuzz-issue-zombies: - name: "Screaming into the void" - resolution: "Reopen, or ask folks to open a new issue" - type: issue - filters: - - state: closed - - updated: -7d - - tag: recv - - comments-while-closed: ">1" - repos: - - https://github.com/google/oss-fuzz - - # People with questions - fuzz-issue-has-question: - name: "Overdue answers for a question" - resolution: "Add a comment" - type: issue - filters: - - tag: recv-q - - tag: "!member-last" - - tag: "!contributor-last" - - responded: +6d - repos: - - https://github.com/google/oss-fuzz - - fuzz-issue-updated-support: - name: "Open support requests" - resolution: "Add a comment" - type: issue - filters: - - tag: recv - - tag: "!member-last" - - tag: "!contributor-last" - - responded: +6d - repos: - - https://github.com/google/oss-fuzz diff --git a/infra/utils.py b/infra/utils.py index f0b58a4da..fe5dd8730 100644 --- a/infra/utils.py +++ b/infra/utils.py @@ -17,7 +17,6 @@ import logging import os import posixpath import re -import shlex import stat import subprocess import sys @@ -26,8 +25,7 @@ import helper ALLOWED_FUZZ_TARGET_EXTENSIONS = ['', '.exe'] FUZZ_TARGET_SEARCH_STRING = 'LLVMFuzzerTestOneInput' -VALID_TARGET_NAME_REGEX = re.compile(r'^[a-zA-Z0-9_-]+$') -BLOCKLISTED_TARGET_NAME_REGEX = re.compile(r'^(jazzer_driver.*)$') +VALID_TARGET_NAME = re.compile(r'^[a-zA-Z0-9_-]+$') # Location of google cloud storage for latest OSS-Fuzz builds. GCS_BASE_URL = 'https://storage.googleapis.com/' @@ -40,25 +38,16 @@ def chdir_to_root(): os.chdir(helper.OSS_FUZZ_DIR) -def command_to_string(command): - """Returns the stringfied version of |command| a list representing a binary to - run and arguments to pass to it or a string representing a binary to run.""" - if isinstance(command, str): - return command - return shlex.join(command) - - -def execute(command, env=None, location=None, check_result=False): - """Runs a shell command in the specified directory location. +def execute(command, location=None, check_result=False): + """ Runs a shell command in the specified directory location. Args: command: The command as a list to be run. - env: (optional) an environment to pass to Popen to run the command in. - location (optional): The directory to run command in. - check_result (optional): Should an exception be thrown on failure. + location: The directory the command is run in. + check_result: Should an exception be thrown on failed command. Returns: - stdout, stderr, returncode. + stdout, stderr, error code. Raises: RuntimeError: running a command resulted in an error. @@ -69,27 +58,24 @@ def execute(command, env=None, location=None, check_result=False): process = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, - cwd=location, - env=env) + cwd=location) out, err = process.communicate() out = out.decode('utf-8', errors='ignore') err = err.decode('utf-8', errors='ignore') - - command_str = command_to_string(command) if err: - logging.debug('Stderr of command "%s" is: %s.', command_str, err) + logging.debug('Stderr of command \'%s\' is %s.', ' '.join(command), err) if check_result and process.returncode: - raise RuntimeError('Executing command "{0}" failed with error: {1}.'.format( - command_str, err)) + raise RuntimeError( + 'Executing command \'{0}\' failed with error: {1}.'.format( + ' '.join(command), err)) return out, err, process.returncode -def get_fuzz_targets(path, top_level_only=False): - """Gets fuzz targets in a directory. +def get_fuzz_targets(path): + """Get list of fuzz targets in a directory. Args: path: A path to search for fuzz targets in. - top_level_only: If True, only search |path|, do not recurse into subdirs. Returns: A list of paths to fuzzers or an empty list if None. @@ -98,9 +84,6 @@ def get_fuzz_targets(path, top_level_only=False): return [] fuzz_target_paths = [] for root, _, fuzzers in os.walk(path): - if top_level_only and path != root: - continue - for fuzzer in fuzzers: file_path = os.path.join(root, fuzzer) if is_fuzz_target_local(file_path): @@ -129,17 +112,11 @@ def is_fuzz_target_local(file_path): Copied from clusterfuzz src/python/bot/fuzzers/utils.py with slight modifications. """ - # pylint: disable=too-many-return-statements filename, file_extension = os.path.splitext(os.path.basename(file_path)) - if not VALID_TARGET_NAME_REGEX.match(filename): + if not VALID_TARGET_NAME.match(filename): # Check fuzz target has a valid name (without any special chars). return False - if BLOCKLISTED_TARGET_NAME_REGEX.match(filename): - # Check fuzz target an explicitly disallowed name (e.g. binaries used for - # jazzer-based targets). - return False - if file_extension not in ALLOWED_FUZZ_TARGET_EXTENSIONS: # Ignore files with disallowed extensions (to prevent opening e.g. .zips). return False @@ -158,7 +135,7 @@ def is_fuzz_target_local(file_path): def binary_print(string): - """Prints string. Can print a binary string.""" + """Print that can print a binary string.""" if isinstance(string, bytes): string += b'\n' else: diff --git a/infra/utils_test.py b/infra/utils_test.py index 9b7fbc903..aa6ec7ba7 100644 --- a/infra/utils_test.py +++ b/infra/utils_test.py @@ -24,7 +24,7 @@ import helper EXAMPLE_PROJECT = 'example' TEST_OUT_DIR = os.path.join(os.path.dirname(os.path.abspath(__file__)), - 'cifuzz', 'test_data', 'build-out') + 'cifuzz', 'test_data', 'out') class IsFuzzTargetLocalTest(unittest.TestCase): @@ -118,33 +118,17 @@ class BinaryPrintTest(unittest.TestCase): def test_string(self): # pylint: disable=no-self-use """Tests that utils.binary_print can print a regular string.""" # Should execute without raising any exceptions. - with mock.patch('sys.stdout.buffer.write') as mock_write: + with mock.patch('sys.stdout.buffer.write') as mocked_write: utils.binary_print('hello') - mock_write.assert_called_with('hello\n') + mocked_write.assert_called_with('hello\n') @unittest.skip('Causes spurious failures because of side-effects.') def test_binary_string(self): # pylint: disable=no-self-use """Tests that utils.binary_print can print a bianry string.""" # Should execute without raising any exceptions. - with mock.patch('sys.stdout.buffer.write') as mock_write: + with mock.patch('sys.stdout.buffer.write') as mocked_write: utils.binary_print(b'hello') - mock_write.assert_called_with(b'hello\n') - - -class CommandToStringTest(unittest.TestCase): - """Tests for command_to_string.""" - - def test_string(self): - """Tests that command_to_string returns the argument passed to it when it is - passed a string.""" - command = 'command' - self.assertEqual(utils.command_to_string(command), command) - - def test_list(self): - """Tests that command_to_string returns the correct stringwhen it is passed - a list.""" - command = ['command', 'arg1', 'arg2'] - self.assertEqual(utils.command_to_string(command), 'command arg1 arg2') + mocked_write.assert_called_with(b'hello\n') if __name__ == '__main__': diff --git a/projects/apache-commons/CompressSevenZFuzzer.java b/projects/apache-commons/CompressSevenZFuzzer.java deleted file mode 100644 index 8bc19321f..000000000 --- a/projects/apache-commons/CompressSevenZFuzzer.java +++ /dev/null @@ -1,39 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -import org.apache.commons.compress.archivers.sevenz.SevenZFile; -import org.apache.commons.compress.archivers.sevenz.SevenZFileOptions; -import org.apache.commons.compress.utils.SeekableInMemoryByteChannel; - -import java.io.IOException; -import java.util.logging.LogManager; - -public class CompressSevenZFuzzer { - private static final SevenZFileOptions options = new SevenZFileOptions.Builder() - .withMaxMemoryLimitInKb(1_000_000) - .build(); - - public static void fuzzerInitialize() { - LogManager.getLogManager().reset(); - } - - public static void fuzzerTestOneInput(byte[] data) { - try { - new SevenZFile(new SeekableInMemoryByteChannel(data), options).close(); - } catch (IOException ignored) { - } - } -} diff --git a/projects/apache-commons/CompressTarFuzzer.java b/projects/apache-commons/CompressTarFuzzer.java deleted file mode 100644 index 2df863dfa..000000000 --- a/projects/apache-commons/CompressTarFuzzer.java +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -import org.apache.commons.compress.archivers.tar.TarFile; - -import java.io.IOException; -import java.util.logging.LogManager; - -public class CompressTarFuzzer { - public static void fuzzerInitialize() { - LogManager.getLogManager().reset(); - } - - public static void fuzzerTestOneInput(byte[] data) { - try { - new TarFile(data).close(); - } catch (IOException ignored) { - } - } -} diff --git a/projects/apache-commons/CompressZipFuzzer.java b/projects/apache-commons/CompressZipFuzzer.java deleted file mode 100644 index bc9a8a0e6..000000000 --- a/projects/apache-commons/CompressZipFuzzer.java +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -import org.apache.commons.compress.archivers.zip.ZipFile; -import org.apache.commons.compress.utils.SeekableInMemoryByteChannel; - -import java.io.IOException; -import java.util.logging.LogManager; - -public class CompressZipFuzzer { - public static void fuzzerInitialize() { - LogManager.getLogManager().reset(); - } - - public static void fuzzerTestOneInput(byte[] data) { - try { - new ZipFile(new SeekableInMemoryByteChannel(data)).close(); - } catch (IOException ignored) { - } - } -} diff --git a/projects/apache-commons/Dockerfile b/projects/apache-commons/Dockerfile deleted file mode 100644 index 55b460cc0..000000000 --- a/projects/apache-commons/Dockerfile +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-jvm - -RUN curl -L https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.zip -o maven.zip && \ - unzip maven.zip -d $SRC/maven && \ - rm -rf maven.zip - -ENV MVN $SRC/maven/apache-maven-3.6.3/bin/mvn - -# Dictionaries -RUN git clone --depth 1 https://github.com/google/fuzzing && \ - mv fuzzing/dictionaries/zip.dict $SRC/CompressZipFuzzer.dict && \ - mv fuzzing/dictionaries/gif.dict $SRC/ImagingGifFuzzer.dict && \ - mv fuzzing/dictionaries/jpeg.dict $SRC/ImagingJpegFuzzer.dict && \ - mv fuzzing/dictionaries/png.dict $SRC/ImagingPngFuzzer.dict && \ - mv fuzzing/dictionaries/tiff.dict $SRC/ImagingTiffFuzzer.dict && \ - rm -rf fuzzing - -# Seed corpus (go-fuzz-corpus) -RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus && \ - zip -j $SRC/CompressTarFuzzer_seed_corpus.zip go-fuzz-corpus/tar/corpus/* && \ - zip -j $SRC/CompressZipFuzzer_seed_corpus.zip go-fuzz-corpus/zip/corpus/* && \ - zip -j $SRC/ImagingBmpFuzzer_seed_corpus.zip go-fuzz-corpus/bmp/corpus/* && \ - zip -j $SRC/ImagingGifFuzzer_seed_corpus.zip go-fuzz-corpus/gif/corpus/* && \ - zip -j $SRC/ImagingJpegFuzzer_seed_corpus.zip go-fuzz-corpus/jpeg/corpus/* && \ - zip -j $SRC/ImagingPngFuzzer_seed_corpus.zip go-fuzz-corpus/png/corpus/* && \ - zip -j $SRC/ImagingTiffFuzzer_seed_corpus.zip go-fuzz-corpus/tiff/corpus/* && \ - rm -rf go-fuzz-corpus - -# Compress -RUN git clone --depth 1 https://gitbox.apache.org/repos/asf/commons-compress.git - -RUN zip -uj $SRC/CompressTarFuzzer_seed_corpus.zip commons-compress/src/test/resources/*.tar && \ - zip -uj $SRC/CompressZipFuzzer_seed_corpus.zip commons-compress/src/test/resources/*.zip && \ - zip -j $SRC/CompressSevenZFuzzer_seed_corpus.zip commons-compress/src/test/resources/bla.7z - -# Imaging -RUN git clone --depth 1 https://gitbox.apache.org/repos/asf/commons-imaging.git - -# Geometry -RUN git clone --depth 1 https://gitbox.apache.org/repos/asf/commons-geometry.git - -# Copy build script and all fuzzers -COPY build.sh $SRC/ -COPY *Fuzzer.java $SRC/ -WORKDIR $SRC/ diff --git a/projects/apache-commons/GeometryObjFuzzer.java b/projects/apache-commons/GeometryObjFuzzer.java deleted file mode 100644 index 6b8900f4b..000000000 --- a/projects/apache-commons/GeometryObjFuzzer.java +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -import java.io.ByteArrayInputStream; -import java.io.UncheckedIOException; - -import org.apache.commons.geometry.io.core.input.StreamGeometryInput; -import org.apache.commons.geometry.io.euclidean.threed.BoundaryReadHandler3D; -import org.apache.commons.geometry.io.euclidean.threed.obj.ObjBoundaryReadHandler3D; -import org.apache.commons.numbers.core.Precision; - -public class GeometryObjFuzzer { - public static void fuzzerTestOneInput(final byte[] data) { - try { - final BoundaryReadHandler3D handler = new ObjBoundaryReadHandler3D(); - final Precision.DoubleEquivalence precision = Precision.doubleEquivalenceOfEpsilon(1e-20); - - // check standard read - handler.read(new StreamGeometryInput(new ByteArrayInputStream(data)), precision); - - // check mesh read - handler.readTriangleMesh(new StreamGeometryInput(new ByteArrayInputStream(data)), precision); - } catch (UncheckedIOException | IllegalArgumentException | IllegalStateException ignored) { - // expected exception types; ignore - } - } -} diff --git a/projects/apache-commons/GeometryStlBinaryFuzzer.java b/projects/apache-commons/GeometryStlBinaryFuzzer.java deleted file mode 100644 index 3df154700..000000000 --- a/projects/apache-commons/GeometryStlBinaryFuzzer.java +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -import java.io.ByteArrayInputStream; -import java.io.UncheckedIOException; - -import org.apache.commons.geometry.io.core.input.StreamGeometryInput; -import org.apache.commons.geometry.io.euclidean.threed.BoundaryReadHandler3D; -import org.apache.commons.geometry.io.euclidean.threed.stl.StlBoundaryReadHandler3D; -import org.apache.commons.numbers.core.Precision; - -public class GeometryStlBinaryFuzzer { - public static void fuzzerTestOneInput(final byte[] data) { - try { - final BoundaryReadHandler3D handler = new StlBoundaryReadHandler3D(); - final Precision.DoubleEquivalence precision = Precision.doubleEquivalenceOfEpsilon(1e-20); - - // check standard read - handler.read(new StreamGeometryInput(new ByteArrayInputStream(data)), precision); - - // check mesh read - handler.readTriangleMesh(new StreamGeometryInput(new ByteArrayInputStream(data)), precision); - } catch (UncheckedIOException | IllegalArgumentException | IllegalStateException ignored) { - // expected exception types; ignore - } - } -} diff --git a/projects/apache-commons/GeometryStlTextFuzzer.java b/projects/apache-commons/GeometryStlTextFuzzer.java deleted file mode 100644 index 5bddb17d5..000000000 --- a/projects/apache-commons/GeometryStlTextFuzzer.java +++ /dev/null @@ -1,55 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -import java.nio.charset.StandardCharsets; - -import java.io.ByteArrayInputStream; -import java.io.UncheckedIOException; - -import org.apache.commons.geometry.io.core.input.StreamGeometryInput; -import org.apache.commons.geometry.io.euclidean.threed.BoundaryReadHandler3D; -import org.apache.commons.geometry.io.euclidean.threed.stl.StlBoundaryReadHandler3D; -import org.apache.commons.numbers.core.Precision; - -public class GeometryStlTextFuzzer { - public static void fuzzerTestOneInput(final byte[] data) { - // prepend the "solid" STL keyword to the input to ensure it is interpreted - // as text STL input - final byte[] dataWithPrefix = join("solid ".getBytes(StandardCharsets.US_ASCII), data); - - try { - final BoundaryReadHandler3D handler = new StlBoundaryReadHandler3D(); - - final Precision.DoubleEquivalence precision = Precision.doubleEquivalenceOfEpsilon(1e-20); - - // check standard read - handler.read(new StreamGeometryInput(new ByteArrayInputStream(dataWithPrefix)), precision); - - // check mesh read - handler.readTriangleMesh(new StreamGeometryInput(new ByteArrayInputStream(dataWithPrefix)), precision); - } catch (UncheckedIOException | IllegalArgumentException | IllegalStateException ignored) { - // expected exception types; ignore - } - } - - private static byte[] join(final byte[] a, final byte[] b) { - final byte[] result = new byte[a.length + b.length]; - System.arraycopy(a, 0, result, 0, a.length); - System.arraycopy(b, 0, result, a.length, b.length); - - return result; - } -} diff --git a/projects/apache-commons/GeometryTextFuzzer.java b/projects/apache-commons/GeometryTextFuzzer.java deleted file mode 100644 index ab318f2a8..000000000 --- a/projects/apache-commons/GeometryTextFuzzer.java +++ /dev/null @@ -1,41 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -import java.io.ByteArrayInputStream; -import java.io.UncheckedIOException; - -import org.apache.commons.geometry.io.core.input.StreamGeometryInput; -import org.apache.commons.geometry.io.euclidean.threed.BoundaryReadHandler3D; -import org.apache.commons.geometry.io.euclidean.threed.txt.TextBoundaryReadHandler3D; -import org.apache.commons.numbers.core.Precision; - -public class GeometryTextFuzzer { - public static void fuzzerTestOneInput(final byte[] data) { - try { - final BoundaryReadHandler3D handler = new TextBoundaryReadHandler3D(); - - final Precision.DoubleEquivalence precision = Precision.doubleEquivalenceOfEpsilon(1e-20); - - // check standard read - handler.read(new StreamGeometryInput(new ByteArrayInputStream(data)), precision); - - // check mesh read - handler.readTriangleMesh(new StreamGeometryInput(new ByteArrayInputStream(data)), precision); - } catch (UncheckedIOException | IllegalArgumentException | IllegalStateException ignored) { - // expected exception types; ignore - } - } -} diff --git a/projects/apache-commons/ImagingBmpFuzzer.java b/projects/apache-commons/ImagingBmpFuzzer.java deleted file mode 100644 index c9071705f..000000000 --- a/projects/apache-commons/ImagingBmpFuzzer.java +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -import java.io.IOException; -import java.util.HashMap; -import org.apache.commons.imaging.ImageReadException; -import org.apache.commons.imaging.common.bytesource.ByteSourceArray; -import org.apache.commons.imaging.formats.bmp.BmpImageParser; - -public class ImagingBmpFuzzer { - public static void fuzzerTestOneInput(byte[] input) { - try { - new BmpImageParser().getBufferedImage(new ByteSourceArray(input), new HashMap<>()); - } catch (IOException | ImageReadException ignored) { - } - } -} diff --git a/projects/apache-commons/ImagingGifFuzzer.java b/projects/apache-commons/ImagingGifFuzzer.java deleted file mode 100644 index 6c59cf42d..000000000 --- a/projects/apache-commons/ImagingGifFuzzer.java +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -import java.io.IOException; -import java.util.HashMap; -import org.apache.commons.imaging.ImageReadException; -import org.apache.commons.imaging.common.bytesource.ByteSourceArray; -import org.apache.commons.imaging.formats.gif.GifImageParser; - -public class ImagingGifFuzzer { - public static void fuzzerTestOneInput(byte[] input) { - try { - new GifImageParser().getBufferedImage(new ByteSourceArray(input), new HashMap<>()); - } catch (IOException | ImageReadException ignored) { - } - } -} diff --git a/projects/apache-commons/ImagingJpegFuzzer.java b/projects/apache-commons/ImagingJpegFuzzer.java deleted file mode 100644 index a40004e75..000000000 --- a/projects/apache-commons/ImagingJpegFuzzer.java +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -import java.io.IOException; -import java.util.HashMap; -import org.apache.commons.imaging.ImageReadException; -import org.apache.commons.imaging.common.bytesource.ByteSourceArray; -import org.apache.commons.imaging.formats.jpeg.JpegImageParser; - -public class ImagingJpegFuzzer { - public static void fuzzerTestOneInput(byte[] input) { - try { - new JpegImageParser().getBufferedImage(new ByteSourceArray(input), new HashMap<>()); - } catch (IOException | ImageReadException ignored) { - } - } -} diff --git a/projects/apache-commons/ImagingPngFuzzer.java b/projects/apache-commons/ImagingPngFuzzer.java deleted file mode 100644 index 406480dd0..000000000 --- a/projects/apache-commons/ImagingPngFuzzer.java +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -import java.io.IOException; -import java.util.HashMap; -import org.apache.commons.imaging.ImageReadException; -import org.apache.commons.imaging.common.bytesource.ByteSourceArray; -import org.apache.commons.imaging.formats.png.PngImageParser; - -public class ImagingPngFuzzer { - public static void fuzzerTestOneInput(byte[] input) { - try { - new PngImageParser().getBufferedImage(new ByteSourceArray(input), new HashMap<>()); - } catch (IOException | ImageReadException ignored) { - } - } -} diff --git a/projects/apache-commons/ImagingTiffFuzzer.java b/projects/apache-commons/ImagingTiffFuzzer.java deleted file mode 100644 index 683375196..000000000 --- a/projects/apache-commons/ImagingTiffFuzzer.java +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -import java.io.IOException; -import java.util.HashMap; -import org.apache.commons.imaging.ImageReadException; -import org.apache.commons.imaging.common.bytesource.ByteSourceArray; -import org.apache.commons.imaging.formats.tiff.TiffImageParser; - -public class ImagingTiffFuzzer { - public static void fuzzerTestOneInput(byte[] input) { - try { - new TiffImageParser().getBufferedImage(new ByteSourceArray(input), new HashMap<>()); - } catch (IOException | ImageReadException ignored) { - } - } -} diff --git a/projects/apache-commons/build.sh b/projects/apache-commons/build.sh deleted file mode 100755 index 6716afdfa..000000000 --- a/projects/apache-commons/build.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Move seed corpus and dictionary. -mv $SRC/{*.zip,*.dict} $OUT - -PROJECTS="compress imaging geometry" -GEOMETRY_MODULE="commons-geometry-io-euclidean" - -for project in $PROJECTS; do - cd $SRC/commons-$project - MAVEN_ARGS="-Dmaven.test.skip=true -Djavac.src.version=15 -Djavac.target.version=15 -Djdk.version=15" - CURRENT_VERSION=$($MVN org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate \ - -Dexpression=project.version -q -DforceStdout) - - if [ $project = 'geometry' ]; then - # commons-geometry is a multi-module project and requires special handling in order - # to build and extract the proper module (commons-geometry-io-euclidean) - $MVN package org.apache.maven.plugins:maven-shade-plugin:3.2.4:shade -am -pl $GEOMETRY_MODULE $MAVEN_ARGS - cp "$GEOMETRY_MODULE/target/$GEOMETRY_MODULE-$CURRENT_VERSION.jar" $OUT/commons-$project.jar - else - $MVN package org.apache.maven.plugins:maven-shade-plugin:3.2.4:shade $MAVEN_ARGS - cp "target/commons-$project-$CURRENT_VERSION.jar" $OUT/commons-$project.jar - fi - - ALL_JARS="commons-$project.jar" - - # The classpath at build-time includes the project jars in $OUT as well as the - # Jazzer API. - BUILD_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "$OUT/%s:"):$JAZZER_API_PATH - - # All .jar and .class files lie in the same directory as the fuzzer at runtime. - RUNTIME_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "\$this_dir/%s:"):\$this_dir - - for fuzzer in $(find $SRC -iname "$project"'*Fuzzer.java'); do - fuzzer_basename=$(basename -s .java $fuzzer) - javac -cp $BUILD_CLASSPATH $fuzzer - cp $SRC/$fuzzer_basename.class $OUT/ - - # Create an execution wrapper that executes Jazzer with the correct arguments. - echo "#!/bin/sh -# LLVMFuzzerTestOneInput for fuzzer detection. -this_dir=\$(dirname \"\$0\") -LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \ -\$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \ ---cp=$RUNTIME_CLASSPATH \ ---target_class=$fuzzer_basename \ ---jvm_args=\"-Xmx2048m;-Djava.awt.headless=true\" \ -\$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename - done -done diff --git a/projects/apache-commons/project.yaml b/projects/apache-commons/project.yaml deleted file mode 100644 index 8d7aa5a14..000000000 --- a/projects/apache-commons/project.yaml +++ /dev/null @@ -1,13 +0,0 @@ -homepage: "https://commons.apache.org" -language: jvm -primary_contact: "boards@gmail.com" -auto_ccs: - - "fuzz-testing@commons.apache.org" - - "brunodepaulak@gmail.com" - - "meumertzheim@code-intelligence.com" - - "peteralfredlee@gmail.com" -fuzzing_engines: - - libfuzzer -main_repo: "https://gitbox.apache.org/repos/asf/commons-compress.git" -sanitizers: - - address diff --git a/projects/apache-httpd/Dockerfile b/projects/apache-httpd/Dockerfile deleted file mode 100644 index 39b419e60..000000000 --- a/projects/apache-httpd/Dockerfile +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake libtool wget libpcre3 \ - libpcre3-dev uuid-dev pkg-config libtool-bin - -RUN git clone https://github.com/AdaLogics/fuzz-headers - -RUN wget https://github.com/libexpat/libexpat/releases/download/R_2_4_1/expat-2.4.1.tar.gz && \ - tar -xf expat-2.4.1.tar.gz && \ - cd expat-2.4.1 && \ - ./configure && \ - make && \ - make install - -RUN git clone --depth=1 https://github.com/apache/httpd -WORKDIR httpd -COPY build.sh $SRC/ -COPY fuzz_*.c $SRC/ -COPY patches.diff $SRC/ diff --git a/projects/apache-httpd/build.sh b/projects/apache-httpd/build.sh deleted file mode 100755 index 59cf78606..000000000 --- a/projects/apache-httpd/build.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -unset CPP -unset CXX - -git apply --ignore-space-change --ignore-whitespace $SRC/patches.diff - -# Download apr and place in httpd srclib folder. Apr-2.0 includes apr-utils -svn checkout https://svn.apache.org/repos/asf/apr/apr/trunk/ srclib/apr - -# Build httpd -./buildconf -./configure --with-included-apr --enable-pool-debug -make - -# Build the fuzzers -for fuzzname in utils parse tokenize addr_parse uri request preq; do - $CC $CFLAGS $LIB_FUZZING_ENGINE \ - -I$SRC/fuzz-headers/lang/c -I./include -I./os/unix \ - -I./srclib/apr/include -I./srclib/apr-util/include/ \ - $SRC/fuzz_${fuzzname}.c -o $OUT/fuzz_${fuzzname} \ - ./modules.o buildmark.o \ - -Wl,--start-group ./server/.libs/libmain.a \ - ./modules/core/.libs/libmod_so.a \ - ./modules/http/.libs/libmod_http.a \ - ./server/mpm/event/.libs/libevent.a \ - ./os/unix/.libs/libos.a \ - ./srclib/apr/.libs/libapr-2.a \ - -Wl,--end-group -luuid -lpcre -lcrypt -lexpat -done diff --git a/projects/apache-httpd/fuzz_parse.c b/projects/apache-httpd/fuzz_parse.c deleted file mode 100644 index fb87db532..000000000 --- a/projects/apache-httpd/fuzz_parse.c +++ /dev/null @@ -1,70 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include "apr.h" -#include "apr_file_io.h" -#include "apr_poll.h" -#include "apr_portable.h" -#include "apr_proc_mutex.h" -#include "apr_signal.h" -#include "apr_strings.h" -#include "apr_thread_mutex.h" -#include "apr_thread_proc.h" - -#define APR_WANT_STRFUNC -#include "apr_file_io.h" -#include "apr_fnmatch.h" -#include "apr_want.h" - -#include "apr_poll.h" -#include "apr_want.h" - -#include "ap_config.h" -#include "ap_expr.h" -#include "ap_listen.h" -#include "ap_provider.h" -#include "ap_regex.h" - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - char *new_str = (char *)malloc(size + 1); - if (new_str == NULL) { - return 0; - } - memcpy(new_str, data, size); - new_str[size] = '\0'; - - apr_pool_initialize(); - apr_pool_t *v = NULL; - apr_pool_create(&v, NULL); - - int only_ascii = 1; - for (int i = 0; i < size; i++) { - // Avoid unnessary exits because of non-ascii characters. - if (new_str[i] < 0x01 || new_str[i] > 0x7f) { - only_ascii = 0; - } - // Avoid forced exits beause of, e.g. unsupported characters or recursion - // depth - if (new_str[i] == 0x5c || new_str[i] == '{') { - only_ascii = 0; - } - } - - // Now parse - if (only_ascii) { - ap_expr_info_t val; - ap_expr_parse(v, v, &val, new_str, NULL); - } - - apr_pool_terminate(); - free(new_str); - return 0; -} diff --git a/projects/apache-httpd/fuzz_preq.c b/projects/apache-httpd/fuzz_preq.c deleted file mode 100644 index 2d8d9215f..000000000 --- a/projects/apache-httpd/fuzz_preq.c +++ /dev/null @@ -1,84 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include "apr.h" -#include "apr_file_io.h" -#include "apr_poll.h" -#include "apr_portable.h" -#include "apr_proc_mutex.h" -#include "apr_signal.h" -#include "apr_strings.h" -#include "apr_thread_mutex.h" -#include "apr_thread_proc.h" - -#define APR_WANT_STRFUNC -#include "apr_file_io.h" -#include "apr_fnmatch.h" -#include "apr_want.h" - -#include "apr_poll.h" -#include "apr_want.h" - -#include "ap_config.h" -#include "ap_expr.h" -#include "ap_listen.h" -#include "ap_provider.h" -#include "ap_regex.h" - -#include "ada_fuzz_header.h" -#include "apreq_parser.h" - -apr_status_t hookfunc(apreq_hook_t *hook, apreq_param_t *param, - apr_bucket_brigade *bb) { - return 0; -} - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - af_gb_init(); - - const uint8_t *data2 = data; - size_t size2 = size; - - /* get random data for the fuzzer */ - char *new_str = af_gb_get_null_terminated(&data2, &size2); - char *new_str2 = af_gb_get_null_terminated(&data2, &size2); - - if (new_str != NULL && new_str2 != NULL) { - apr_pool_initialize(); - apr_pool_t *v = NULL; - apr_pool_create(&v, NULL); - - apr_bucket_alloc_t *bucket = apr_bucket_alloc_create(v); - apr_bucket_brigade *brigade = apr_brigade_create(v, bucket); - apr_brigade_write(brigade, NULL, NULL, new_str, strlen(new_str)); - - apreq_parser_t parser; - parser.content_type = new_str2; - parser.temp_dir = "/tmp/"; - parser.brigade_limit = 10; - parser.pool = v; - parser.ctx = NULL; - parser.bucket_alloc = bucket; - - parser.hook = apreq_hook_make(parser.pool, hookfunc, NULL, parser.ctx); - - apr_table_t *table = apr_table_make(parser.pool, 10); - if (af_get_short(&data2, &size2) % 2 == 0) { - apreq_parse_multipart(&parser, table, brigade); - } else { - apreq_parse_urlencoded(&parser, table, brigade); - } - - apr_pool_terminate(); - } - af_gb_cleanup(); - return 0; -} diff --git a/projects/apache-httpd/fuzz_request.c b/projects/apache-httpd/fuzz_request.c deleted file mode 100644 index 05a42c69d..000000000 --- a/projects/apache-httpd/fuzz_request.c +++ /dev/null @@ -1,138 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include "apr.h" -#include "apr_file_io.h" -#include "apr_poll.h" -#include "apr_portable.h" -#include "apr_proc_mutex.h" -#include "apr_signal.h" -#include "apr_strings.h" -#include "apr_thread_mutex.h" -#include "apr_thread_proc.h" -#include "http_core.h" - -#define APR_WANT_STRFUNC -#include "apr_file_io.h" -#include "apr_fnmatch.h" -#include "apr_want.h" - -#include "apr_poll.h" -#include "apr_want.h" - -#include "ap_config.h" -#include "ap_expr.h" -#include "ap_listen.h" -#include "ap_provider.h" -#include "ap_regex.h" - -#include "ada_fuzz_header.h" - -static const char *http_scheme2(const request_rec *r) { - /* - * The http module shouldn't return anything other than - * "http" (the default) or "https". - */ - if (r->server->server_scheme && - (strcmp(r->server->server_scheme, "https") == 0)) - return "https"; - - return "http"; -} - -extern request_rec *ap_create_request(conn_rec *conn); -extern int read_request_line(request_rec *r, apr_bucket_brigade *bb); - -int LLVMFuzzerInitialize(int *argc, char ***argv) { - apr_pool_create(&apr_hook_global_pool, NULL); - ap_open_stderr_log(apr_hook_global_pool); - ap_hook_http_scheme(http_scheme2, NULL, NULL, APR_HOOK_REALLY_LAST); - return 0; -} - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - af_gb_init(); - - const uint8_t *data2 = data; - size_t size2 = size; - - /* get random data for the fuzzer */ - char *new_str = af_gb_get_null_terminated(&data2, &size2); - char *new_str2 = af_gb_get_null_terminated(&data2, &size2); - char *new_str3 = af_gb_get_null_terminated(&data2, &size2); - char *new_str4 = af_gb_get_null_terminated(&data2, &size2); - char *new_str5 = af_gb_get_null_terminated(&data2, &size2); - if (new_str != NULL && - new_str2 != NULL && - new_str3 != NULL && - new_str4 != NULL && - new_str5 != NULL) { - - /* this is the main fuzzing logic */ - - apr_pool_initialize(); - apr_pool_t *v = NULL; - apr_pool_create(&v, NULL); - - conn_rec conn; - conn.pool = v; - server_rec base_server; - conn.base_server = &base_server; - conn.bucket_alloc = apr_bucket_alloc_create(conn.pool); - ap_method_registry_init(conn.pool); - - //server_rec server; - - /* Simulate ap_read_request */ - request_rec *r = NULL; - r = ap_create_request(&conn); - - /* create a logs array for the request */ - struct ap_logconf logs = {}; - char *log_levels = calloc(1000, 1); - memset(log_levels, 0, 1000); - logs.module_levels = log_levels; - r->log = &logs; - if (r != NULL) { - apr_bucket_brigade *tmp_bb = apr_brigade_create(r->pool, r->connection->bucket_alloc); - conn.keepalive = AP_CONN_UNKNOWN; - - ap_run_pre_read_request(r, conn); - - core_server_config conf_mod; - conf_mod.http_conformance = (char)af_get_short(&data2, &size2); - conf_mod.http09_enable = (char)af_get_short(&data2, &size2); - conf_mod.http_methods = (char)af_get_short(&data2, &size2); - void **module_config_arr = malloc(1000); - module_config_arr[0] = &conf_mod; - - r->server->module_config = module_config_arr; - ap_set_core_module_config(r->server->module_config, &conf_mod); - - /* randomise content of request */ - r->unparsed_uri = new_str; - r->uri = new_str2; - r->server->server_scheme = new_str3; - r->method = new_str4; - r->the_request = new_str5; - - /* main target */ - ap_parse_request_line(r); - - free(module_config_arr); - } - free(log_levels); - apr_pool_terminate(); - } - - af_gb_cleanup(); - return 0; -} diff --git a/projects/apache-httpd/fuzz_tokenize.c b/projects/apache-httpd/fuzz_tokenize.c deleted file mode 100644 index 1de629558..000000000 --- a/projects/apache-httpd/fuzz_tokenize.c +++ /dev/null @@ -1,34 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include <stddef.h> -#include <stdint.h> -#include <stdlib.h> - -#include "apr_strings.h" - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - apr_pool_t *pool; - apr_pool_initialize(); - if (apr_pool_create(&pool, NULL) != APR_SUCCESS) { - abort(); - } - - char *arg_str = strndup((const char *)data, size); - char **argv_out; - apr_tokenize_to_argv(arg_str, &argv_out, pool); - - free(arg_str); - apr_pool_destroy(pool); - apr_terminate(); - - return 0; -} diff --git a/projects/apache-httpd/fuzz_uri.c b/projects/apache-httpd/fuzz_uri.c deleted file mode 100644 index 789b96f05..000000000 --- a/projects/apache-httpd/fuzz_uri.c +++ /dev/null @@ -1,65 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include "apr.h" -#include "apr_file_io.h" -#include "apr_poll.h" -#include "apr_portable.h" -#include "apr_proc_mutex.h" -#include "apr_signal.h" -#include "apr_strings.h" -#include "apr_thread_mutex.h" -#include "apr_thread_proc.h" - -#define APR_WANT_STRFUNC -#include "apr_file_io.h" -#include "apr_fnmatch.h" -#include "apr_want.h" - -#include "apr_poll.h" -#include "apr_want.h" - -#include "apr_uri.h" - -#include "ap_config.h" -#include "ap_expr.h" -#include "ap_listen.h" -#include "ap_provider.h" -#include "ap_regex.h" - -#include "ada_fuzz_header.h" - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - af_gb_init(); - const uint8_t *data2 = data; - size_t size2 = size; - - // Get a NULL terminated string - char *cstr = af_gb_get_null_terminated(&data2, &size2); - - // Fuzz URI routines - if (cstr && apr_pool_initialize() == APR_SUCCESS) { - apr_pool_t *pool = NULL; - apr_pool_create(&pool, NULL); - - apr_uri_t tmp_uri; - if (apr_uri_parse(pool, cstr, &tmp_uri) == APR_SUCCESS) { - apr_uri_unparse(pool, &tmp_uri, 0); - } - apr_uri_parse_hostinfo(pool, cstr, &tmp_uri); - - // Cleanup - apr_pool_terminate(); - } - - af_gb_cleanup(); - return 0; -} diff --git a/projects/apache-httpd/fuzz_utils.c b/projects/apache-httpd/fuzz_utils.c deleted file mode 100644 index 8fb2d255e..000000000 --- a/projects/apache-httpd/fuzz_utils.c +++ /dev/null @@ -1,182 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include "apr.h" -#include "apr_file_io.h" -#include "apr_poll.h" -#include "apr_portable.h" -#include "apr_proc_mutex.h" -#include "apr_signal.h" -#include "apr_strings.h" -#include "apr_thread_mutex.h" -#include "apr_thread_proc.h" - -#define APR_WANT_STRFUNC -#include "apr_file_io.h" -#include "apr_fnmatch.h" -#include "apr_want.h" - -#include "apr_poll.h" -#include "apr_want.h" - -#include "ap_config.h" -#include "ap_expr.h" -#include "ap_listen.h" -#include "ap_provider.h" -#include "ap_regex.h" - -#include "ada_fuzz_header.h" - - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - // Initialize fuzzing garbage collector. We use this to easily - // get data types seeded with random input from the fuzzer. - af_gb_init(); - - const uint8_t *data2 = data; - size_t size2 = size; - - char *new_str = af_gb_get_null_terminated(&data2, &size2); - char *new_dst = af_gb_get_null_terminated(&data2, &size2); - if (new_str != NULL && new_dst != NULL) { - - // Targets that do not require a pool - ap_cstr_casecmp(new_str, new_str); - ap_getparents(new_str); - ap_unescape_url(new_str); - ap_unescape_urlencoded(new_str); - ap_strcmp_match(new_str, new_dst); - - char *ns3 = af_gb_get_null_terminated(&data2, &size2); - if (ns3 != NULL) { - ap_no2slash(ns3); - } - - char *ns11 = af_gb_get_null_terminated(&data2, &size2); - if (ns11) { - char *ns10 = malloc(strlen(ns11)*3+1); // big enough for worst-case URL-escaped input. - ap_escape_path_segment_buffer(ns10, ns11); - free(ns10); - } - - // Pool initialisation - if (apr_pool_initialize() == APR_SUCCESS) { - apr_pool_t *pool = NULL; - apr_pool_create(&pool, NULL); - - // Targets that require a pool - ns3 = af_gb_get_null_terminated(&data2, &size2); - if (ns3 != NULL) { - ap_make_dirstr_parent(pool, ns3); - } - - ap_field_noparam(pool, new_str); - - ap_escape_shell_cmd(pool, new_str); - ap_os_escape_path(pool, new_str, 0); - ap_escape_html2(pool, new_str, 0); - ap_escape_logitem(pool, new_str); - - // This line causes some issues if something bad is allocated - ap_escape_quotes(pool, new_str); - - if (size > 2) { - ap_cstr_casecmpn(new_str, new_str + 2, size - 2); - } - - char *d = malloc(size * 2); - ap_escape_errorlog_item(d, new_str, size * 2); - free(d); - - // base64 - char *decoded = NULL; - decoded = ap_pbase64decode(pool, new_str); - ap_pbase64encode(pool, new_str); - - char *ns12 = af_gb_get_null_terminated(&data2, &size2); - if (ns12 != NULL) { - char *d; - apr_size_t dlen; - ap_pbase64decode_strict(pool, ns12, &d, &dlen); - } - - char *tmp_s = new_str; - ap_getword_conf2(pool, &tmp_s); - - // str functions - ap_strcasecmp_match(tmp_s, new_dst); - ap_strcasestr(tmp_s, new_dst); - - // List functions - tmp_s = new_str; - ap_get_list_item(pool, &tmp_s); - tmp_s = new_str; - ap_find_list_item(pool, &tmp_s, "kjahsdfkj"); - ap_find_token(pool, tmp_s, "klsjdfk"); - ap_find_last_token(pool, tmp_s, "sdadf"); - ap_is_chunked(pool, tmp_s); - - apr_array_header_t *offers = NULL; - ap_parse_token_list_strict(pool, new_str, &offers, 0); - - char *tmp_null = NULL; - ap_pstr2_alnum(pool, new_str, &tmp_null); - - // Word functions - tmp_s = new_str; - ap_getword(pool, &tmp_s, 0); - - tmp_s = new_str; - ap_getword_white_nc(pool, &tmp_s); - - tmp_s = new_str; - ap_get_token(pool, &tmp_s, 1); - - tmp_s = new_str; - ap_escape_urlencoded(pool, tmp_s); - - apr_interval_time_t timeout; - ap_timeout_parameter_parse(new_str, &timeout, "ms"); - - tmp_s = new_str; - ap_content_type_tolower(tmp_s); - - - char filename[256]; - sprintf(filename, "/tmp/libfuzzer.%d", getpid()); - FILE *fp = fopen(filename, "wb"); - fwrite(data, size, 1, fp); - fclose(fp); - - // Fuzzer logic here - ap_configfile_t *cfg; - ap_pcfg_openfile(&cfg, pool, filename); - char tmp_line[100]; - if ((af_get_short(&data2, &size2) % 2) == 0) { - ap_cfg_getline(tmp_line, 100, cfg); - } - else { - cfg->getstr = NULL; - ap_cfg_getline(tmp_line, 100, cfg); - } - // Fuzzer logic end - - unlink(filename); - - // Cleanup - apr_pool_terminate(); - } - } - - // Cleanup all of the memory allocated by the fuzz headers. - af_gb_cleanup(); - return 0; -} diff --git a/projects/apache-httpd/patches.diff b/projects/apache-httpd/patches.diff deleted file mode 100644 index d93b12b98..000000000 --- a/projects/apache-httpd/patches.diff +++ /dev/null @@ -1,44 +0,0 @@ -diff --git a/server/apreq_parser_header.c b/server/apreq_parser_header.c -index 19588be..7067e58 100644 ---- a/server/apreq_parser_header.c -+++ b/server/apreq_parser_header.c -@@ -89,7 +89,7 @@ static apr_status_t split_header_line(apreq_param_t **p, - if (s != APR_SUCCESS) - return s; - -- assert(nlen >= len); -+ if (!(nlen >= len)) { return APR_EBADARG; } assert(nlen >= len); - end->iov_len = len; - nlen -= len; - -@@ -103,13 +103,13 @@ static apr_status_t split_header_line(apreq_param_t **p, - if (s != APR_SUCCESS) - return s; - -- assert(glen >= dlen); -+ if (!(glen >= dlen)) { return APR_EBADARG; } assert(glen >= dlen); - glen -= dlen; - e = APR_BUCKET_NEXT(e); - } - - /* copy value */ -- assert(vlen > 0); -+ if (!(vlen > 0)) { return APR_EBADARG; } assert(vlen > 0); - dest = v->data; - while (vlen > 0) { - -@@ -119,12 +119,12 @@ static apr_status_t split_header_line(apreq_param_t **p, - - memcpy(dest, data, dlen); - dest += dlen; -- assert(vlen >= dlen); -+ if (!(vlen >= dlen)) { return APR_EBADARG; } assert(vlen >= dlen); - vlen -= dlen; - e = APR_BUCKET_NEXT(e); - } - -- assert(dest[-1] == '\n'); -+ if (!(dest[-1] == '\n')) { return APR_EBADARG; } assert(dest[-1] == '\n'); - - if (dest[-2] == '\r') - --dest; diff --git a/projects/apache-httpd/project.yaml b/projects/apache-httpd/project.yaml deleted file mode 100644 index 4b7652b6e..000000000 --- a/projects/apache-httpd/project.yaml +++ /dev/null @@ -1,8 +0,0 @@ -homepage: "https://httpd.apache.org/" -language: c -primary_contact: "david@adalogics.com" -auto_ccs: - - "stefan.eissing@gmail.com" - - "covener@gmail.com" - - "ylavic.dev@gmail.com" -main_repo: "https://github.com/apache/httpd" diff --git a/projects/assimp/Dockerfile b/projects/assimp/Dockerfile index cf7ccd6e8..88564a72a 100644 --- a/projects/assimp/Dockerfile +++ b/projects/assimp/Dockerfile @@ -1,4 +1,4 @@ -# Copyright 2021 Google LLC +# Copyright 2019 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/projects/assimp/build.sh b/projects/assimp/build.sh index 4cb8bea37..55efcb7ce 100644 --- a/projects/assimp/build.sh +++ b/projects/assimp/build.sh @@ -1,5 +1,5 @@ #!/bin/bash -eu -# Copyright 2021 Google LLC +# Copyright 2019 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,12 +16,10 @@ ################################################################################ # generate build env and build assimp -cmake CMakeLists.txt -G "Ninja" -DBUILD_SHARED_LIBS=OFF -DASSIMP_BUILD_ZLIB=ON \ - -DASSIMP_BUILD_TESTS=OFF -DASSIMP_BUILD_ASSIMP_TOOLS=OFF \ - -DASSIMP_BUILD_SAMPLES=OFF +cmake CMakeLists.txt -G "Ninja" -DBUILD_SHARED_LIBS=OFF -DASSIMP_BUILD_ZLIB=ON -DASSIMP_BUILD_TESTS=OFF -DASSIMP_BUILD_ASSIMP_TOOLS=OFF -DASSIMP_BUILD_SAMPLES=OFF cmake --build . -# Build the fuzzer -$CXX $CXXFLAGS $LIB_FUZZING_ENGINE -std=c++11 -I$SRC/assimp/include \ - fuzz/assimp_fuzzer.cc -o $OUT/assimp_fuzzer \ - ./lib/libassimp.a ./contrib/zlib/libzlibstatic.a +# build the fuzzer +$CXX $CXXFLAGS -std=c++11 -I$SRC/assimp/include \ + fuzz/assimp_fuzzer.cc -o $OUT/assimp_fuzzer \ + $LIB_FUZZING_ENGINE $SRC/assimp/lib/libassimp.a $SRC/assimp/lib/libIrrXML.a $SRC/assimp/lib/libzlibstatic.a diff --git a/projects/assimp/project.yaml b/projects/assimp/project.yaml index 10d056fd1..834e912f7 100644 --- a/projects/assimp/project.yaml +++ b/projects/assimp/project.yaml @@ -3,8 +3,7 @@ language: c++ primary_contact: "kim.kulling@googlemail.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory -# experimental: True + - memory: + experimental: True - undefined main_repo: 'https://github.com/assimp/assimp.git' diff --git a/projects/assimp/project_proposed.yaml b/projects/assimp/project_proposed.yaml new file mode 100644 index 000000000..612e75b98 --- /dev/null +++ b/projects/assimp/project_proposed.yaml @@ -0,0 +1,10 @@ +homepage: "https://github.com/assimp/assimp" +primary_contact: "kim.kulling@googlemail.com" +auto_ccs: + - "kientzle@gmail.com" + - "martin@matuska.org" +sanitizers: + - address + - memory: + experimental: True + - undefined diff --git a/projects/bazel-rules-fuzzing-test-java/Dockerfile b/projects/bazel-rules-fuzzing-test-java/Dockerfile deleted file mode 100644 index 89e8b8759..000000000 --- a/projects/bazel-rules-fuzzing-test-java/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-jvm - -RUN git clone https://github.com/bazelbuild/rules_fuzzing.git -WORKDIR $SRC/rules_fuzzing/ -COPY build.sh $SRC/ diff --git a/projects/bazel-rules-fuzzing-test-java/build.sh b/projects/bazel-rules-fuzzing-test-java/build.sh deleted file mode 100644 index 4698ebd92..000000000 --- a/projects/bazel-rules-fuzzing-test-java/build.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -eu -# -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Due to https://github.com/bazelbuild/bazel/issues/11128, affecting Bazel 4.0 -# or earlier, we cannot use the "@rules_fuzzing//" prefix for the label-typed -# cc_engine configuration flag when fuzzing directly the rules_fuzzing workspace. -# -# This is NOT needed for any other Bazel repository that depends on -# rules_fuzzing. -export BAZEL_EXTRA_BUILD_FLAGS="--//fuzzing:cc_engine=@rules_fuzzing_oss_fuzz//:oss_fuzz_engine" - -bazel_build_fuzz_tests diff --git a/projects/bazel-rules-fuzzing-test-java/project.yaml b/projects/bazel-rules-fuzzing-test-java/project.yaml deleted file mode 100644 index 888c37f86..000000000 --- a/projects/bazel-rules-fuzzing-test-java/project.yaml +++ /dev/null @@ -1,13 +0,0 @@ -homepage: "https://github.com/bazelbuild/rules_fuzzing" -language: jvm -primary_contact: "test@example.com" - -fuzzing_engines: - - libfuzzer - -sanitizers: - - address - - undefined - -# This is a test project. -disabled: true diff --git a/projects/bazel-rules-fuzzing-test/build.sh b/projects/bazel-rules-fuzzing-test/build.sh index 4698ebd92..056e16b3d 100644 --- a/projects/bazel-rules-fuzzing-test/build.sh +++ b/projects/bazel-rules-fuzzing-test/build.sh @@ -16,12 +16,7 @@ # ################################################################################ -# Due to https://github.com/bazelbuild/bazel/issues/11128, affecting Bazel 4.0 -# or earlier, we cannot use the "@rules_fuzzing//" prefix for the label-typed -# cc_engine configuration flag when fuzzing directly the rules_fuzzing workspace. -# -# This is NOT needed for any other Bazel repository that depends on -# rules_fuzzing. -export BAZEL_EXTRA_BUILD_FLAGS="--//fuzzing:cc_engine=@rules_fuzzing_oss_fuzz//:oss_fuzz_engine" +# This is an example build script for projects using the rules_fuzzing library +# for Bazel. bazel_build_fuzz_tests diff --git a/projects/bearssl/Dockerfile b/projects/bearssl/Dockerfile index 6f14e63ce..2a5d3e76a 100644 --- a/projects/bearssl/Dockerfile +++ b/projects/bearssl/Dockerfile @@ -20,5 +20,5 @@ RUN git clone --depth 1 https://www.bearssl.org/git/BearSSL RUN git clone --depth 1 https://github.com/randombit/botan.git RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz-corpora -RUN wget https://boostorg.jfrog.io/artifactory/main/release/1.74.0/source/boost_1_74_0.tar.bz2 +RUN wget https://dl.bintray.com/boostorg/release/1.74.0/source/boost_1_74_0.tar.bz2 COPY build.sh $SRC/ diff --git a/projects/bearssl/project.yaml b/projects/bearssl/project.yaml index 720d4577c..d9b20ae0e 100644 --- a/projects/bearssl/project.yaml +++ b/projects/bearssl/project.yaml @@ -6,8 +6,7 @@ auto_ccs: sanitizers: - address - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory architectures: - x86_64 - i386 diff --git a/projects/bignum-fuzzer/Dockerfile b/projects/bignum-fuzzer/Dockerfile index b1c36eb66..6b7483642 100644 --- a/projects/bignum-fuzzer/Dockerfile +++ b/projects/bignum-fuzzer/Dockerfile @@ -15,12 +15,12 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y software-properties-common curl sudo mercurial autoconf bison texinfo libboost-all-dev cmake wget +RUN apt-get update && apt-get install -y software-properties-common python-software-properties wget curl sudo mercurial autoconf bison texinfo libboost-all-dev cmake -RUN wget https://www.bytereef.org/software/mpdecimal/releases/mpdecimal-2.5.1.tar.gz +RUN wget https://www.bytereef.org/software/mpdecimal/releases/mpdecimal-2.5.0.tar.gz RUN git clone --depth 1 https://github.com/guidovranken/bignum-fuzzer RUN git clone --depth 1 https://github.com/openssl/openssl RUN hg clone https://gmplib.org/repo/gmp/ libgmp/ RUN git clone https://boringssl.googlesource.com/boringssl -RUN git clone --depth 1 -b development_2.x https://github.com/ARMmbed/mbedtls +RUN git clone --depth 1 https://github.com/ARMmbed/mbedtls COPY build.sh $SRC/ diff --git a/projects/bignum-fuzzer/build.sh b/projects/bignum-fuzzer/build.sh index 737120006..8c29baff4 100755 --- a/projects/bignum-fuzzer/build.sh +++ b/projects/bignum-fuzzer/build.sh @@ -20,8 +20,8 @@ #source $HOME/.cargo/env # Build libmpdec -tar zxf mpdecimal-2.5.1.tar.gz -cd mpdecimal-2.5.1 +tar zxf mpdecimal-2.5.0.tar.gz +cd mpdecimal-2.5.0 ./configure && make -j$(nproc) cd $SRC/openssl @@ -60,7 +60,7 @@ LIBGMP_INCLUDE_PATH=$SRC/libgmp LIBGMP_A_PATH=$SRC/libgmp/.libs/libgmp.a make # Build libmpdec module cd $SRC/bignum-fuzzer/modules/libmpdec -LIBMPDEC_A_PATH=$SRC/mpdecimal-2.5.1/libmpdec/libmpdec.a LIBMPDEC_INCLUDE_PATH=$SRC/mpdecimal-2.5.1/libmpdec make +LIBMPDEC_A_PATH=$SRC/mpdecimal-2.5.0/libmpdec/libmpdec.a LIBMPDEC_INCLUDE_PATH=$SRC/mpdecimal-2.5.0/libmpdec make BASE_CXXFLAGS=$CXXFLAGS diff --git a/projects/binutils/build.sh b/projects/binutils/build.sh index 2b5142483..c5d903881 100755 --- a/projects/binutils/build.sh +++ b/projects/binutils/build.sh @@ -29,9 +29,7 @@ sed -i 's/vfprintf (stderr/\/\//' elfcomm.c sed -i 's/fprintf (stderr/\/\//' elfcomm.c cd ../ -./configure --disable-gdb --disable-gdbserver --disable-gdbsupport \ - --disable-libdecnumber --disable-readline --disable-sim \ - --enable-targets=all --disable-werror +./configure --disable-gdb --enable-targets=all make MAKEINFO=true && true # Make fuzzer directory @@ -60,16 +58,13 @@ for i in readelf; do done # Link the files -# Only link if they exist -if ([ -f dwarf.o ] && [ -f elfcomm.o ] && [ -f version.o ]); then - ## Readelf - $CXX $CXXFLAGS $LIB_FUZZING_ENGINE -W -Wall -I./../zlib -o fuzz_readelf fuzz_readelf.o version.o unwind-ia64.o dwarf.o elfcomm.o ../libctf/.libs/libctf-nobfd.a -L/src/binutils-gdb/zlib -lz ../libiberty/libiberty.a - mv fuzz_readelf $OUT/fuzz_readelf +## Readelf +$CXX $CXXFLAGS $LIB_FUZZING_ENGINE -W -Wall -I./../zlib -o fuzz_readelf fuzz_readelf.o version.o unwind-ia64.o dwarf.o elfcomm.o ../libctf/.libs/libctf-nobfd.a -L/src/binutils-gdb/zlib -lz ../libiberty/libiberty.a +mv fuzz_readelf $OUT/fuzz_readelf - ### Set up seed corpus for readelf in the form of a single ELF file. - zip fuzz_readelf_seed_corpus.zip /src/fuzz_readelf_seed_corpus/simple_elf - mv fuzz_readelf_seed_corpus.zip $OUT/ +### Set up seed corpus for readelf in the form of a single ELF file. +zip fuzz_readelf_seed_corpus.zip /src/fuzz_readelf_seed_corpus/simple_elf +mv fuzz_readelf_seed_corpus.zip $OUT/ - ## Copy over the options file - cp $SRC/fuzz_readelf.options $OUT/fuzz_readelf.options -fi +## Copy over the options file +cp $SRC/fuzz_readelf.options $OUT/fuzz_readelf.options diff --git a/projects/binutils/fuzz_readelf.c b/projects/binutils/fuzz_readelf.c index 9df34fda5..a222e0c09 100644 --- a/projects/binutils/fuzz_readelf.c +++ b/projects/binutils/fuzz_readelf.c @@ -28,18 +28,18 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) fwrite(data, size, 1, fp); fclose(fp); - do_syms = true; - do_reloc = true; - do_unwind = true; - do_dynamic = true; - do_header = true; - do_sections = true; - do_section_groups = true; - do_segments = true; - do_version = true; - do_histogram = true; - do_arch = true; - do_notes = true; + do_syms = TRUE; + do_reloc = TRUE; + do_unwind = TRUE; + do_dynamic = TRUE; + do_header = TRUE; + do_sections = TRUE; + do_section_groups = TRUE; + do_segments = TRUE; + do_version = TRUE; + do_histogram = TRUE; + do_arch = TRUE; + do_notes = TRUE; // Main fuzz entrypoint process_file(filename); diff --git a/projects/bitcoin-core/Dockerfile b/projects/bitcoin-core/Dockerfile deleted file mode 100644 index 61972719b..000000000 --- a/projects/bitcoin-core/Dockerfile +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-rust - -# Packages taken from: -# * https://github.com/bitcoin/bitcoin/blob/master/doc/build-unix.md#dependency-build-instructions -# * https://github.com/bitcoin/bitcoin/blob/master/depends/README.md#for-linux-including-i386-arm-cross-compilation -RUN apt-get update && apt-get install -y \ - build-essential libtool autotools-dev automake pkg-config bsdmainutils python3 \ - make automake cmake curl g++-multilib libtool binutils-gold bsdmainutils pkg-config patch bison \ - wget zip - -RUN git clone --depth=1 https://github.com/bitcoin/bitcoin.git bitcoin-core -RUN git clone --depth=1 https://github.com/bitcoin-core/qa-assets bitcoin-core/assets -RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz -RUN git clone --depth 1 https://github.com/bitcoin-core/secp256k1.git -RUN git clone --depth 1 https://github.com/randombit/botan.git -RUN git clone --depth 1 https://github.com/trezor/trezor-firmware.git -RUN git clone --depth 1 https://github.com/google/wycheproof.git -RUN wget https://boostorg.jfrog.io/artifactory/main/release/1.74.0/source/boost_1_74_0.tar.bz2 -WORKDIR bitcoin-core -COPY build.sh $SRC/ -COPY build_cryptofuzz.sh $SRC/ diff --git a/projects/bitcoin-core/build.sh b/projects/bitcoin-core/build.sh deleted file mode 100755 index a89691a38..000000000 --- a/projects/bitcoin-core/build.sh +++ /dev/null @@ -1,97 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -$SRC/build_cryptofuzz.sh - -cd $SRC/bitcoin-core/ - -# Build dependencies -# This will also force static builds -if [ "$ARCHITECTURE" = "i386" ]; then - export BUILD_TRIPLET="i686-pc-linux-gnu" -else - export BUILD_TRIPLET="x86_64-pc-linux-gnu" -fi -( - cd depends - sed -i --regexp-extended '/.*rm -rf .*extract_dir.*/d' ./funcs.mk # Keep extracted source - make HOST=$BUILD_TRIPLET DEBUG=1 NO_QT=1 NO_WALLET=1 NO_ZMQ=1 NO_UPNP=1 NO_NATPMP=1 boost_cxxflags="-std=c++17 -fvisibility=hidden -fPIC ${CXXFLAGS}" libevent_cflags="${CFLAGS}" -j$(nproc) -) - -# Build the fuzz targets - -sed -i "s|PROVIDE_FUZZ_MAIN_FUNCTION|NEVER_PROVIDE_MAIN_FOR_OSS_FUZZ|g" "./configure.ac" -./autogen.sh - -# Temporarily compile with O2 to work around clang-13 (and later) UBSan -# -fsanitize=vptr,object-size false positive that only happens with -O1 -if [ "$SANITIZER" = "undefined" ]; then - export CFLAGS="$CFLAGS -O2" - export CXXFLAGS="$CXXFLAGS -O2" -fi - -# OSS-Fuzz will provide CC, CXX, etc. So only set: -# * --enable-fuzz, see https://github.com/bitcoin/bitcoin/blob/master/doc/fuzzing.md -# * CONFIG_SITE, see https://github.com/bitcoin/bitcoin/blob/master/depends/README.md -if [ "$SANITIZER" = "memory" ]; then - CONFIG_SITE="$PWD/depends/$BUILD_TRIPLET/share/config.site" ./configure --enable-fuzz SANITIZER_LDFLAGS="$LIB_FUZZING_ENGINE" --with-asm=no -else - CONFIG_SITE="$PWD/depends/$BUILD_TRIPLET/share/config.site" ./configure --enable-fuzz SANITIZER_LDFLAGS="$LIB_FUZZING_ENGINE" -fi - - -if [ "$SANITIZER" = "memory" ]; then - # MemorySanitizer (MSAN) does not support tracking memory initialization done by - # using the Linux getrandom syscall. Avoid using getrandom by undefining - # HAVE_SYS_GETRANDOM. See https://github.com/google/sanitizers/issues/852 for - # details. - grep -v HAVE_SYS_GETRANDOM src/config/bitcoin-config.h > src/config/bitcoin-config.h.tmp - mv src/config/bitcoin-config.h.tmp src/config/bitcoin-config.h -fi - -make -j$(nproc) - -WRITE_ALL_FUZZ_TARGETS_AND_ABORT="/tmp/a" "./src/test/fuzz/fuzz" || true -readarray FUZZ_TARGETS < "/tmp/a" -if [ -n "${OSS_FUZZ_CI-}" ]; then - # When running in CI, check the first targets only to save time and disk space - FUZZ_TARGETS=( ${FUZZ_TARGETS[@]:0:2} ) -fi - -# OSS-Fuzz requires a separate and self-contained binary for each fuzz target. -# To inject the fuzz target name in the finished binary, compile the fuzz -# executable with a "magic string" as the name of the fuzz target. -# -# An alternative to mocking the string in the finished binary would be to -# replace the string in the source code and re-invoke 'make'. This is slower, -# so use the hack. -export MAGIC_STR="b5813eee2abc9d3358151f298b75a72264ffa119d2f71ae7fefa15c4b70b4bc5b38e87e3107a730f25891ea428b2b4fabe7a84f5bfa73c79e0479e085e4ff157" -sed -i "s|.*std::getenv(\"FUZZ\").*|std::string fuzz_target{\"$MAGIC_STR\"};|g" "./src/test/fuzz/fuzz.cpp" -sed -i "s|.find(fuzz_target)|.find(fuzz_target.c_str())|g" "./src/test/fuzz/fuzz.cpp" -make -j$(nproc) - -# Replace the magic string with the actual name of each fuzz target -for fuzz_target in ${FUZZ_TARGETS[@]}; do - python3 -c "c_str_target=b\"${fuzz_target}\x00\";c_str_magic=b\"$MAGIC_STR\";c=open('./src/test/fuzz/fuzz','rb').read();c=c.replace(c_str_magic, c_str_target+c_str_magic[len(c_str_target):]);open(\"$OUT/$fuzz_target\",'wb').write(c)" - chmod +x "$OUT/$fuzz_target" - ( - cd assets/fuzz_seed_corpus - if [ -d "$fuzz_target" ]; then - zip --recurse-paths --quiet --junk-paths "$OUT/${fuzz_target}_seed_corpus.zip" "${fuzz_target}" - fi - ) -done diff --git a/projects/bitcoin-core/build_cryptofuzz.sh b/projects/bitcoin-core/build_cryptofuzz.sh deleted file mode 100755 index 4e6d91ab4..000000000 --- a/projects/bitcoin-core/build_cryptofuzz.sh +++ /dev/null @@ -1,175 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL" -export LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" - -# Install Boost headers -cd $SRC/ -tar jxf boost_1_74_0.tar.bz2 -cd boost_1_74_0/ -CFLAGS="" CXXFLAGS="" ./bootstrap.sh -CFLAGS="" CXXFLAGS="" ./b2 headers -export CXXFLAGS="$CXXFLAGS -I $SRC/boost_1_74_0/" - -# Preconfigure libsecp256k1 -cd $SRC/secp256k1/ -autoreconf -ivf -export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_SECP256K1" - -function build_libsecp256k1() { - # Build libsecp256k1 - cd $SRC/secp256k1/ - - if test -f "Makefile"; then - # Remove old configuration if it exists - make clean - - # Prevent the error: - # "configuration mismatch, invalid ECMULT_WINDOW_SIZE. Try deleting ecmult_static_pre_g.h before the build." - rm -f src/ecmult_static_pre_g.h - fi - - SECP256K1_CONFIGURE_PARAMS=" - --enable-static - --disable-tests - --disable-benchmark - --disable-exhaustive-tests - --enable-module-recovery - --enable-experimental - --enable-module-schnorrsig - --enable-module-ecdh" - - if [[ $CFLAGS = *sanitize=memory* ]] - then - ./configure $SECP256K1_CONFIGURE_PARAMS --with-asm=no "$@" - else - ./configure $SECP256K1_CONFIGURE_PARAMS "$@" - fi - make - - export SECP256K1_INCLUDE_PATH=$(realpath .) - export LIBSECP256K1_A_PATH=$(realpath .libs/libsecp256k1.a) - - # Build libsecp256k1 Cryptofuzz module - cd $SRC/cryptofuzz/modules/secp256k1/ - make -B -j$(nproc) -} - -# Build Trezor firmware -cd $SRC/trezor-firmware/crypto/ -# Rename blake2b_* functions to avoid symbol collisions with other libraries -sed -i "s/\<blake2b_\([A-Za-z_]\)/trezor_blake2b_\1/g" *.c *.h -sed -i 's/\<blake2b(/trezor_blake2b(/g' *.c *.h -cd ../../ -export TREZOR_FIRMWARE_PATH=$(realpath trezor-firmware) -export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_TREZOR_FIRMWARE" - -# Build Botan -cd $SRC/botan -if [[ $CFLAGS != *-m32* ]] -then - ./configure.py --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator --build-targets=static --without-documentation -else - ./configure.py --cpu=x86_32 --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator --build-targets=static --without-documentation -fi -make -j$(nproc) - -export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_BOTAN -DCRYPTOFUZZ_BOTAN_IS_ORACLE" -export LIBBOTAN_A_PATH="$SRC/botan/libbotan-3.a" -export BOTAN_INCLUDE_PATH="$SRC/botan/build/include" - -# Build Cryptofuzz -cd $SRC/cryptofuzz -python gen_repository.py -rm extra_options.h -echo -n '"' >>extra_options.h -echo -n '--operations=' >>extra_options.h -echo -n 'Digest,' >>extra_options.h -echo -n 'HMAC,' >>extra_options.h -echo -n 'KDF_HKDF,' >>extra_options.h -echo -n 'SymmetricEncrypt,' >>extra_options.h -echo -n 'SymmetricDecrypt,' >>extra_options.h -echo -n 'ECC_PrivateToPublic,' >>extra_options.h -echo -n 'ECC_ValidatePubkey,' >>extra_options.h -echo -n 'ECC_Point_Add,' >>extra_options.h -echo -n 'ECC_Point_Mul,' >>extra_options.h -echo -n 'ECDSA_Sign,' >>extra_options.h -echo -n 'ECDSA_Verify,' >>extra_options.h -echo -n 'ECDSA_Recover,' >>extra_options.h -echo -n 'Schnorr_Sign,' >>extra_options.h -echo -n 'Schnorr_Verify,' >>extra_options.h -echo -n 'ECDH_Derive,' >>extra_options.h -echo -n 'BignumCalc_Mod_2Exp256 ' >>extra_options.h -echo -n 'BignumCalc_Mod_SECP256K1 ' >>extra_options.h -echo -n '--curves=secp256k1 ' >>extra_options.h -echo -n '--digests=NULL,SHA1,SHA256,SHA512,RIPEMD160,SHA3-256,SIPHASH64 ' >>extra_options.h -echo -n '--ciphers=CHACHA20,AES_256_CBC ' >>extra_options.h -echo -n '--calcops=' >>extra_options.h -# Bitcoin Core arith_uint256.cpp operations -echo -n 'Add,And,Div,IsEq,IsGt,IsGte,IsLt,IsLte,IsOdd,Mul,NumBits,Or,Set,Sub,Xor,' >>extra_options.h -# libsecp256k1 scalar operations -echo -n 'IsZero,IsOne,IsEven,Add,Mul,InvMod,IsEq,CondSet,Bit,Set,RShift ' >>extra_options.h -echo -n '"' >>extra_options.h -cd modules/bitcoin/ -export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_BITCOIN" -make -B -j$(nproc) -cd ../trezor/ -make -B -j$(nproc) -cd ../botan/ -make -B -j$(nproc) - -cd ../schnorr_fun/ -export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_SCHNORR_FUN" -if [[ $CFLAGS != *-m32* ]] -then - make -else - make -f Makefile.i386 -fi - -cd ../../ - -# Build with 3 configurations of libsecp256k1 -# Discussion: https://github.com/google/oss-fuzz/pull/5717#issuecomment-842765383 - -build_libsecp256k1 "--with-ecmult-window=2" "--with-ecmult-gen-precision=2" -cd $SRC/cryptofuzz/ -make -B -j$(nproc) -cp cryptofuzz $OUT/cryptofuzz-bitcoin-cryptography-w2-p2 - -build_libsecp256k1 "--with-ecmult-window=15" "--with-ecmult-gen-precision=4" -cd $SRC/cryptofuzz/ -rm cryptofuzz -make -cp cryptofuzz $OUT/cryptofuzz-bitcoin-cryptography-w15-p4 - -build_libsecp256k1 "--with-ecmult-window=20" "--with-ecmult-gen-precision=8" -cd $SRC/cryptofuzz/ -rm cryptofuzz -make -cp cryptofuzz $OUT/cryptofuzz-bitcoin-cryptography-w20-p8 - -# Convert Wycheproof test vectors to Cryptofuzz corpus format -mkdir $SRC/corpus-cryptofuzz-wycheproof/ -find $SRC/wycheproof/testvectors/ -type f -name 'ecdsa_secp256k1_*' -exec $SRC/cryptofuzz/cryptofuzz --from-wycheproof={},$SRC/corpus-cryptofuzz-wycheproof/ \; -# Pack the Wycheproof test vectors -zip -j cryptofuzz-bitcoin-cryptography_seed_corpus.zip $SRC/corpus-cryptofuzz-wycheproof/* -# Use them as the seed corpus for each of the fuzzers -cp cryptofuzz-bitcoin-cryptography_seed_corpus.zip $OUT/cryptofuzz-bitcoin-cryptography-w2-p2_seed_corpus.zip -cp cryptofuzz-bitcoin-cryptography_seed_corpus.zip $OUT/cryptofuzz-bitcoin-cryptography-w15-p4_seed_corpus.zip -cp cryptofuzz-bitcoin-cryptography_seed_corpus.zip $OUT/cryptofuzz-bitcoin-cryptography-w20-p8_seed_corpus.zip diff --git a/projects/bitcoin-core/project.yaml b/projects/bitcoin-core/project.yaml deleted file mode 100644 index 9d6f33663..000000000 --- a/projects/bitcoin-core/project.yaml +++ /dev/null @@ -1,22 +0,0 @@ -homepage: "https://github.com/bitcoin/bitcoin" -main_repo: 'https://github.com/bitcoin/bitcoin.git' -language: c++ -primary_contact: "marco@chaincode.com" -auto_ccs: - - "fanquake@gmail.com" - - "john@brink.dev" - - "jonas@chaincode.com" - - "laanwj@gmail.com" - - "pieter@chaincode.com" - - "thomas.j.bitcoin@protonmail.com" -sanitizers: - - address - - undefined - - memory -architectures: - - x86_64 - - i386 -fuzzing_engines: - - libfuzzer - - honggfuzz - - afl diff --git a/projects/blackfriday/Dockerfile b/projects/blackfriday/Dockerfile deleted file mode 100644 index 66975f758..000000000 --- a/projects/blackfriday/Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-go -RUN git clone --depth 1 --branch v2 https://github.com/russross/blackfriday -COPY build.sh render_fuzzer.go $SRC/ -WORKDIR $SRC/blackfriday diff --git a/projects/blackfriday/build.sh b/projects/blackfriday/build.sh deleted file mode 100644 index 791e35b18..000000000 --- a/projects/blackfriday/build.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -cp $SRC/render_fuzzer.go . - -rm go.mod -go mod init github.com/russross/blackfriday - -compile_go_fuzzer github.com/russross/blackfriday Fuzz render_fuzzer diff --git a/projects/blackfriday/project.yaml b/projects/blackfriday/project.yaml deleted file mode 100644 index 749932648..000000000 --- a/projects/blackfriday/project.yaml +++ /dev/null @@ -1,11 +0,0 @@ -homepage: "https://github.com/russross/blackfriday" -main_repo: "https://github.com/russross/blackfriday" -primary_contact: "security-tps@google.com" -auto_ccs : - - "jvoisin@google.com" - - "Adam@adalogics.com" -language: go -fuzzing_engines: -- libfuzzer -sanitizers: -- address diff --git a/projects/blackfriday/render_fuzzer.go b/projects/blackfriday/render_fuzzer.go deleted file mode 100644 index 851f3ce55..000000000 --- a/projects/blackfriday/render_fuzzer.go +++ /dev/null @@ -1,21 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -package blackfriday - -func Fuzz(data []byte) int { - Run(data) - return 0 -} diff --git a/projects/bleach/Dockerfile b/projects/bleach/Dockerfile index b5b1f43be..1d31647a2 100644 --- a/projects/bleach/Dockerfile +++ b/projects/bleach/Dockerfile @@ -14,11 +14,11 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-python +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone \ --depth 1 \ - --branch main \ + --branch master \ https://github.com/mozilla/bleach.git WORKDIR bleach diff --git a/projects/bleach/build.sh b/projects/bleach/build.sh index 5428291c8..b3b617975 100644 --- a/projects/bleach/build.sh +++ b/projects/bleach/build.sh @@ -30,5 +30,5 @@ for fuzzer in $(find $SRC -name '*_fuzzer.py'); do this_dir=\$(dirname \"\$0\") ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \ \$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename + chmod u+x $OUT/$fuzzer_basename done diff --git a/projects/bleach/linkify_fuzzer.py b/projects/bleach/linkify_fuzzer.py index 7de97641f..6a42b079c 100644 --- a/projects/bleach/linkify_fuzzer.py +++ b/projects/bleach/linkify_fuzzer.py @@ -16,8 +16,7 @@ import sys import atheris -with atheris.instrument_imports(): - import bleach +import bleach def TestOneInput(input_bytes): diff --git a/projects/bleach/sanitize_fuzzer.py b/projects/bleach/sanitize_fuzzer.py index 3ae4344ce..33378167c 100644 --- a/projects/bleach/sanitize_fuzzer.py +++ b/projects/bleach/sanitize_fuzzer.py @@ -16,8 +16,7 @@ import sys import atheris -with atheris.instrument_imports(): - import bleach +import bleach def TestOneInput(input_bytes): diff --git a/projects/bloaty/Dockerfile b/projects/bloaty/Dockerfile index e47be5674..7a08527b2 100644 --- a/projects/bloaty/Dockerfile +++ b/projects/bloaty/Dockerfile @@ -15,7 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y cmake ninja-build g++ libz-dev +RUN apt-get update && apt-get install -y cmake ninja-build g++ RUN git clone --depth 1 https://github.com/google/bloaty.git bloaty WORKDIR bloaty COPY build.sh $SRC/ diff --git a/projects/bls-signatures/Dockerfile b/projects/bls-signatures/Dockerfile deleted file mode 100644 index 5faedbb97..000000000 --- a/projects/bls-signatures/Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake libtool wget python lzip libgmp-dev -RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz -RUN git clone --depth 1 https://github.com/supranational/blst -RUN git clone --depth 1 https://github.com/Chia-Network/bls-signatures.git -RUN git clone --depth 1 https://github.com/herumi/mcl.git -RUN git clone --depth 1 https://github.com/randombit/botan.git -RUN wget https://boostorg.jfrog.io/artifactory/main/release/1.74.0/source/boost_1_74_0.tar.bz2 -RUN wget https://gmplib.org/download/gmp/gmp-6.2.1.tar.lz -RUN wget https://download.libsodium.org/libsodium/releases/libsodium-1.0.18-stable.tar.gz -COPY build.sh $SRC/ diff --git a/projects/bls-signatures/build.sh b/projects/bls-signatures/build.sh deleted file mode 100755 index 2ba7f97ed..000000000 --- a/projects/bls-signatures/build.sh +++ /dev/null @@ -1,250 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL -D_LIBCPP_DEBUG=1" -if [[ "$SANITIZER" = "memory" ]] -then - export CXXFLAGS="$CXXFLAGS -DMSAN" -fi -export LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" -export LINK_FLAGS="" - -# Install Boost headers -cd $SRC/ -tar jxf boost_1_74_0.tar.bz2 -cd boost_1_74_0/ -CFLAGS="" CXXFLAGS="" ./bootstrap.sh -CFLAGS="" CXXFLAGS="" ./b2 headers -cp -R boost/ /usr/include/ - -# Configure Cryptofuzz -cd $SRC/cryptofuzz/ -python gen_repository.py -rm extra_options.h -echo -n '"' >>extra_options.h -echo -n "--force-module=blst " >>extra_options.h -echo -n "--operations=" >>extra_options.h -echo -n "BignumCalc," >>extra_options.h -echo -n "BignumCalc_Fp2," >>extra_options.h -echo -n "BignumCalc_Fp12," >>extra_options.h -echo -n "BLS_BatchVerify," >>extra_options.h -echo -n "BLS_FinalExp," >>extra_options.h -echo -n "BLS_GenerateKeyPair," >>extra_options.h -echo -n "BLS_HashToG1," >>extra_options.h -echo -n "BLS_HashToG2," >>extra_options.h -echo -n "BLS_IsG1OnCurve," >>extra_options.h -echo -n "BLS_IsG2OnCurve," >>extra_options.h -echo -n "BLS_Pairing," >>extra_options.h -echo -n "BLS_PrivateToPublic," >>extra_options.h -echo -n "BLS_PrivateToPublic_G2," >>extra_options.h -echo -n "BLS_Sign," >>extra_options.h -echo -n "BLS_Verify," >>extra_options.h -echo -n "BLS_Compress_G1," >>extra_options.h -echo -n "BLS_Compress_G2," >>extra_options.h -echo -n "BLS_Decompress_G1," >>extra_options.h -echo -n "BLS_Decompress_G2," >>extra_options.h -echo -n "BLS_G1_Add," >>extra_options.h -echo -n "BLS_G1_Mul," >>extra_options.h -echo -n "BLS_G1_IsEq," >>extra_options.h -echo -n "BLS_G1_Neg," >>extra_options.h -echo -n "BLS_G2_Add," >>extra_options.h -echo -n "BLS_G2_Mul," >>extra_options.h -echo -n "BLS_G2_IsEq," >>extra_options.h -echo -n "BLS_G2_Neg," >>extra_options.h -echo -n "BLS_Aggregate_G1", >>extra_options.h -echo -n "BLS_Aggregate_G2", >>extra_options.h -echo -n "BignumCalc_Mod_BLS12_381_P," >>extra_options.h -echo -n "BignumCalc_Mod_BLS12_381_R," >>extra_options.h -echo -n "KDF_HKDF," >>extra_options.h -echo -n "Misc " >>extra_options.h -echo -n "--digests=SHA256 " >>extra_options.h -echo -n '"' >>extra_options.h - - -if [[ $CFLAGS = *-m32* ]] -then - # Build and install libgmp - cd $SRC/ - mkdir $SRC/libgmp-install - tar xf gmp-6.2.1.tar.lz - cd $SRC/gmp-6.2.1/ - autoreconf -ivf - if [[ $CFLAGS != *-m32* ]] - then - ./configure --prefix="$SRC/libgmp-install/" --enable-cxx - else - setarch i386 ./configure --prefix="$SRC/libgmp-install/" --enable-cxx - fi - make -j$(nproc) - make install - export CXXFLAGS="$CXXFLAGS -I $SRC/libgmp-install/include/" -fi - -function build_blst() { - if [[ "$SANITIZER" == "memory" ]] - then - # Patch to disable assembly - touch new_no_asm.h - echo "#if LIMB_T_BITS==32" >>new_no_asm.h - echo "typedef unsigned long long llimb_t;" >>new_no_asm.h - echo "#else" >>new_no_asm.h - echo "typedef __uint128_t llimb_t;" >>new_no_asm.h - echo "#endif" >>new_no_asm.h - cat src/no_asm.h >>new_no_asm.h - mv new_no_asm.h src/no_asm.h - - CFLAGS="$CFLAGS -D__BLST_NO_ASM__ -D__BLST_PORTABLE__" ./build.sh - else - ./build.sh - fi - - export BLST_LIBBLST_A_PATH=$(realpath libblst.a) - export BLST_INCLUDE_PATH=$(realpath bindings/) - export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_BLST" -} - -# Build blst (normal) -cp -R $SRC/blst/ $SRC/blst_normal/ -cd $SRC/blst_normal/ -build_blst - -# Build Chia -if [[ $CFLAGS != *sanitize=memory* && $CFLAGS != *-m32* ]] -then - # Build and install libsodium - cd $SRC/ - mkdir $SRC/libsodium-install - tar zxf libsodium-1.0.18-stable.tar.gz - cd $SRC/libsodium-stable/ - autoreconf -ivf - ./configure --prefix="$SRC/libsodium-install/" - make -j$(nproc) - make install - export CXXFLAGS="$CXXFLAGS -I $SRC/libsodium-install/include/" - export LINK_FLAGS="$LINK_FLAGS $SRC/libsodium-install/lib/libsodium.a" - - cd $SRC/bls-signatures/ - mkdir build/ - cd build/ - if [[ $CFLAGS = *-m32* ]] - then - export CHIA_ARCH="X86" - else - export CHIA_ARCH="X64" - fi - cmake .. -DBUILD_BLS_PYTHON_BINDINGS=0 -DBUILD_BLS_TESTS=0 -DBUILD_BLS_BENCHMARKS=0 -DARCH=$CHIA_ARCH - make -j$(nproc) - export CHIA_BLS_LIBBLS_A_PATH=$(realpath src/libbls.a) - export CHIA_BLS_LIBRELIC_S_A_PATH=$(realpath _deps/relic-build/lib/librelic_s.a) - export CHIA_BLS_LIBSODIUM_A_PATH=$(realpath _deps/sodium-build/libsodium.a) - export CHIA_BLS_INCLUDE_PATH=$(realpath ../src/) - export CHIA_BLS_RELIC_INCLUDE_PATH_1=$(realpath _deps/relic-build/include/) - export CHIA_BLS_RELIC_INCLUDE_PATH_2=$(realpath _deps/relic-src/include/) - export LINK_FLAGS="$LINK_FLAGS -lgmp" - export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_CHIA_BLS" -fi - -# Build mcl -if [[ "$SANITIZER" != "memory" ]] -then - cd $SRC/mcl/ - mkdir build/ - cd build/ - if [[ $CFLAGS != *-m32* ]] - then - cmake .. -DMCL_STATIC_LIB=on - export LINK_FLAGS="$LINK_FLAGS -lgmp" - else - cmake .. -DMCL_STATIC_LIB=on \ - -DGMP_INCLUDE_DIR="$SRC/libgmp-install/include/" \ - -DGMP_LIBRARY="$SRC/libgmp-install/lib/libgmp.a" \ - -DGMP_GMPXX_INCLUDE_DIR="$SRC/libgmp-install/include/" \ - -DGMP_GMPXX_LIBRARY="$SRC/libgmp-install/lib/libgmpxx.a" \ - -DMCL_USE_ASM=off - export LINK_FLAGS="$LINK_FLAGS $SRC/libgmp-install/lib/libgmp.a" - fi - make - export MCL_INCLUDE_PATH=$(realpath ../include/) - export MCL_LIBMCL_A_PATH=$(realpath lib/libmcl.a) - export MCL_LIBMCLBN384_A_PATH=$(realpath lib/libmclbn384.a) - export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_MCL" -fi - -# Build Botan -cd $SRC/botan/ -if [[ $CFLAGS != *-m32* ]] -then - ./configure.py --cc-bin=$CXX \ - --cc-abi-flags="$CXXFLAGS" \ - --disable-shared \ - --disable-modules=locking_allocator,x509,tls \ - --build-targets=static \ - --without-documentation -else - ./configure.py --cpu=x86_32 \ - --cc-bin=$CXX \ - --cc-abi-flags="$CXXFLAGS" \ - --disable-shared \ - --disable-modules=locking_allocator,x509,tls \ - --build-targets=static \ - --without-documentation -fi -make -j$(nproc) - -export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_BOTAN -DCRYPTOFUZZ_BOTAN_IS_ORACLE" -export LIBBOTAN_A_PATH="$SRC/botan/libbotan-3.a" -export BOTAN_INCLUDE_PATH="$SRC/botan/build/include" - -# Build modules -cd $SRC/cryptofuzz/modules/botan/ -make -B - -cd $SRC/cryptofuzz/modules/blst/ -make -B - -if [[ $CFLAGS != *sanitize=memory* && $CFLAGS != *-m32* ]] -then - cd $SRC/cryptofuzz/modules/chia_bls/ - make -B -fi - -if [[ "$SANITIZER" != "memory" ]] -then - cd $SRC/cryptofuzz/modules/mcl/ - make -B -fi - -# Build Cryptofuzz -cd $SRC/cryptofuzz/ -make -B -j - -cp cryptofuzz $OUT/cryptofuzz-bls-signatures - -# Build blst (optimized for size) -cp -R $SRC/blst/ $SRC/blst_optimize_size/ -cd $SRC/blst_optimize_size/ -export CFLAGS="$CFLAGS -D__OPTIMIZE_SIZE__" -build_blst - -cd $SRC/cryptofuzz/modules/blst/ -make -B - -# Build Cryptofuzz -cd $SRC/cryptofuzz/ -rm entry.o; make - -cp cryptofuzz $OUT/cryptofuzz-bls-signatures_optimize_size diff --git a/projects/bls-signatures/project.yaml b/projects/bls-signatures/project.yaml deleted file mode 100644 index a96f270ac..000000000 --- a/projects/bls-signatures/project.yaml +++ /dev/null @@ -1,20 +0,0 @@ -homepage: "https://github.com/supranational/blst" -language: c++ -primary_contact: "guidovranken@gmail.com" -main_repo: "https://github.com/supranational/blst.git" -sanitizers: - - address - - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory -architectures: - - x86_64 - - i386 -auto_ccs: - - "kelly@supranational.net" - - "diederik.loerakker@ethereum.org" - - "hoffmang@chia.net" - - "bram@chia.net" - - "mariano@chia.net" - - "arvid@chia.net" - - "bill@chia.net" diff --git a/projects/boost-json/Dockerfile b/projects/boost-json/Dockerfile deleted file mode 100644 index 5aaa1f658..000000000 --- a/projects/boost-json/Dockerfile +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright 2017 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -#RUN apt-get update && apt-get install -y g++ - -RUN git clone --depth 1 --single-branch --branch master https://github.com/boostorg/boost.git -RUN pwd -RUN ls -RUN git -C boost submodule update --init libs/json -RUN git -C boost/libs/json checkout develop -RUN git -C boost submodule update --init --depth 1 \ -libs/align/ \ -libs/assert \ -libs/config/ \ -libs/container \ -libs/container_hash/ \ -libs/core \ -libs/exception/ \ -libs/headers/ \ -libs/intrusive/ \ -libs/io \ -libs/move/ \ -libs/mp11/ \ -libs/smart_ptr/ \ -libs/static_assert \ -libs/system/ \ -libs/throw_exception/ \ -libs/type_traits/ \ -libs/utility/ \ -tools/boost_install \ -tools/build - -WORKDIR boost -COPY build.sh $SRC/ - diff --git a/projects/boost-json/project.yaml b/projects/boost-json/project.yaml deleted file mode 100644 index 43e6325ee..000000000 --- a/projects/boost-json/project.yaml +++ /dev/null @@ -1,8 +0,0 @@ -homepage: "http://www.boost.org/" -language: c++ -primary_contact: "pauldreikossfuzz@gmail.com" -auto_ccs: - - "vinnie.falco@gmail.com" - - "grisumbras@gmail.com" - - "pdimov@gmail.com" -main_repo: 'https://github.com/boostorg/json.git' diff --git a/projects/boost/Dockerfile b/projects/boost/Dockerfile index f05e6bbb4..ac2fe3768 100644 --- a/projects/boost/Dockerfile +++ b/projects/boost/Dockerfile @@ -15,7 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y g++ python +RUN apt-get update && apt-get install -y g++ RUN git clone --recursive https://github.com/boostorg/boost.git WORKDIR boost diff --git a/projects/boost/boost_regex_fuzzer.cc b/projects/boost/boost_regex_fuzzer.cc index dbc5ea831..018a04b4b 100644 --- a/projects/boost/boost_regex_fuzzer.cc +++ b/projects/boost/boost_regex_fuzzer.cc @@ -1,14 +1,3 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ // From https://svn.boost.org/trac10/ticket/12818 // This fuzz target can likely be enhanced to exercise more code. // The ideal place for this fuzz target is the boost repository. @@ -36,16 +25,16 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { size_t regex_length = fuzzed_data.ConsumeIntegral<uint8_t>(); // Second value is regexp string whose length is `regex_length` std::string regex_string = fuzzed_data.ConsumeBytesAsString(regex_length); - try { - boost::regex e(regex_string); - // Last value is the text to be matched - std::string text = fuzzed_data.ConsumeRemainingBytesAsString(); + boost::regex e(regex_string); + // Last value is the text to be matched + std::string text = fuzzed_data.ConsumeRemainingBytesAsString(); #ifdef DEBUG std::cout << "Regexp string: " << regex_string << "Size: " << regex_string.size() << std::endl; std::cout << "Text: " << text << "Size: " << text.size() << std::endl; #endif + try { boost::match_results<std::string::const_iterator> what; bool match = boost::regex_match(text, what, e, boost::match_default | boost::match_partial); diff --git a/projects/boost/build.sh b/projects/boost/build.sh index 37552ed3b..b34d55f35 100755 --- a/projects/boost/build.sh +++ b/projects/boost/build.sh @@ -16,9 +16,7 @@ ################################################################################ # Build boost -CXXFLAGS="$CXXFLAGS -stdlib=libc++ -pthread" LDFLAGS="-stdlib=libc++" \ - ./bootstrap.sh --with-toolset=clang --prefix=/usr; -./b2 toolset=clang cxxflags="$CXXFLAGS -stdlib=libc++ -pthread" linkflags="-stdlib=libc++ -pthread" headers; +./bootstrap.sh && ./b2 headers # Very simple build rule, but sufficient here. #boost regexp diff --git a/projects/botan/project.yaml b/projects/botan/project.yaml index 7a4c648c3..becbd8144 100644 --- a/projects/botan/project.yaml +++ b/projects/botan/project.yaml @@ -7,7 +7,6 @@ auto_ccs: - "norritt@bytefortress.de" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined -main_repo: 'https://github.com/randombit/botan.git'
\ No newline at end of file +main_repo: 'https://github.com/randombit/botan.git' diff --git a/projects/bs4/Dockerfile b/projects/bs4/Dockerfile index 9e7454a73..9a0de0749 100644 --- a/projects/bs4/Dockerfile +++ b/projects/bs4/Dockerfile @@ -14,9 +14,9 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-python +FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get install -y bzr python-lxml python-html5lib +RUN apt install -y bzr python-lxml python-html5lib RUN pip3 install 2to3 soupsieve html5lib lxml RUN pip3 install bzr+lp:beautifulsoup diff --git a/projects/bs4/bs4_fuzzer.py b/projects/bs4/bs4_fuzzer.py index b5125121a..119426174 100644 --- a/projects/bs4/bs4_fuzzer.py +++ b/projects/bs4/bs4_fuzzer.py @@ -14,13 +14,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +import logging import sys +import warnings import atheris -with atheris.instrument_imports(): - import logging - import warnings - from bs4 import BeautifulSoup +from bs4 import BeautifulSoup try: @@ -34,7 +33,6 @@ except ImportError: pass -@atheris.instrument_func def TestOneInput(data): """TestOneInput gets random data from the fuzzer, and throws it at bs4.""" if len(data) < 1: diff --git a/projects/bs4/build.sh b/projects/bs4/build.sh index 2fec546b7..111be4645 100644 --- a/projects/bs4/build.sh +++ b/projects/bs4/build.sh @@ -29,5 +29,5 @@ this_dir=\$(dirname \"\$0\") LD_PRELOAD=\$this_dir/sanitizer_with_fuzzer.so \ ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \ \$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename + chmod u+x $OUT/$fuzzer_basename done diff --git a/projects/caddy/Dockerfile b/projects/caddy/Dockerfile deleted file mode 100644 index 95949c0e1..000000000 --- a/projects/caddy/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-go - -RUN git clone --depth 1 https://github.com/caddyserver/caddy $GOPATH/src/github.com/caddyserver/caddy/v2 - -COPY build.sh $SRC/ -WORKDIR $SRC/caddy diff --git a/projects/caddy/build.sh b/projects/caddy/build.sh deleted file mode 100644 index add1a066d..000000000 --- a/projects/caddy/build.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -cd "$GOPATH"/src/github.com/caddyserver/caddy/v2 - -find . -name '*_fuzz.go' | while read -r target -do -# Arguments are : -# path of the package with the fuzz target -# name of the fuzz function -# name of the fuzzer to be built -# optional tag to be used by go build and such - - fuzzed_func=$(grep -o "Fuzz[a-zA-Z]\+" "$target") - fuzzer_name=$(echo "$fuzzed_func" | sed -E 's/([A-Z])/-\L\1/g' | sed 's/^-//') - # find the relative directory and remove the first `.` (`./` is removed for root) - target_dir=$(dirname "$target"); target_dir="${target_dir//.}"; - target_corpus_name="${fuzzer_name}_seed_corpus.zip" - - curl -s -f -O "https://raw.githubusercontent.com/caddyserver/caddy/fuzz-seed-corpus/${target_corpus_name}" || true - compile_go_fuzzer github.com/caddyserver/caddy/v2"$target_dir" "$fuzzed_func" "$fuzzer_name" gofuzz -done diff --git a/projects/caddy/project.yaml b/projects/caddy/project.yaml deleted file mode 100644 index d229dba34..000000000 --- a/projects/caddy/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://caddyserver.com/" -language: go -primary_contact: "msaa1990@gmail.com" -auto_ccs: - - "Adam@adalogics.com" -fuzzing_engines: - - libfuzzer -sanitizers: - - address -main_repo: "https://github.com/caddyserver/caddy.git"
\ No newline at end of file diff --git a/projects/cairo/Dockerfile b/projects/cairo/Dockerfile index 671fa74b3..7463bbd45 100644 --- a/projects/cairo/Dockerfile +++ b/projects/cairo/Dockerfile @@ -14,8 +14,8 @@ # ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y python3-pip gtk-doc-tools libffi-dev autotools-dev libtool gperf -RUN pip3 install -U meson==0.56.0 ninja +RUN apt-get update && apt-get install -y python3-pip gtk-doc-tools libffi-dev +RUN pip3 install -U meson==0.55.3 ninja RUN git clone --depth 1 git://git.sv.nongnu.org/freetype/freetype2.git ADD https://ftp.gnome.org/pub/gnome/sources/glib/2.64/glib-2.64.2.tar.xz $SRC diff --git a/projects/capnproto/Dockerfile b/projects/capnproto/Dockerfile index b95cda7ec..dffaa4580 100644 --- a/projects/capnproto/Dockerfile +++ b/projects/capnproto/Dockerfile @@ -15,7 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y autoconf automake libtool zlib1g-dev +RUN apt-get update && apt-get install -y cmake zlib1g-dev RUN git clone --depth 1 https://github.com/capnproto/capnproto WORKDIR $SRC/capnproto COPY build.sh $SRC/ diff --git a/projects/capnproto/build.sh b/projects/capnproto/build.sh index 8bb80635c..176418d05 100755 --- a/projects/capnproto/build.sh +++ b/projects/capnproto/build.sh @@ -16,9 +16,8 @@ ################################################################################ # build project -cd c++ -autoreconf -i -./configure --disable-shared +mkdir build +cd build +cmake -DBUILD_SHARED_LIBS=OFF .. make -j$(nproc) -make -j$(nproc) capnp-llvm-fuzzer-testcase -cp *fuzzer* $OUT/ +cp c++/src/capnp/*fuzzer* $OUT/ diff --git a/projects/capnproto/project.yaml b/projects/capnproto/project.yaml index 5d9f841ff..e8cffba08 100644 --- a/projects/capnproto/project.yaml +++ b/projects/capnproto/project.yaml @@ -3,8 +3,6 @@ language: c++ primary_contact: "security@sandstorm.io" auto_ccs: - "p.antoine@catenacyber.fr" - - "kenton@cloudflare.com" sanitizers: - address - - undefined main_repo: 'https://github.com/capnproto/capnproto' diff --git a/projects/cascadia/Dockerfile b/projects/cascadia/Dockerfile index 6f4f5d7b2..094b5e10e 100644 --- a/projects/cascadia/Dockerfile +++ b/projects/cascadia/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone https://github.com/andybalholm/cascadia COPY build.sh $SRC/ diff --git a/projects/casync/project.yaml b/projects/casync/project.yaml index e664b047d..e2d38b870 100644 --- a/projects/casync/project.yaml +++ b/projects/casync/project.yaml @@ -4,10 +4,9 @@ primary_contact: "lennart@poettering.net" sanitizers: - address - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory auto_ccs: - zbyszek@in.waw.pl - poettering@gmail.com - fsumsal@redhat.com -main_repo: 'https://github.com/systemd/casync'
\ No newline at end of file +main_repo: 'https://github.com/systemd/casync' diff --git a/projects/cel-cpp/Dockerfile b/projects/cel-cpp/Dockerfile index a95e74048..6c4b67eef 100644 --- a/projects/cel-cpp/Dockerfile +++ b/projects/cel-cpp/Dockerfile @@ -16,7 +16,6 @@ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install python openjdk-11-jdk -y RUN git clone --depth 1 https://github.com/google/cel-cpp/ COPY build.sh $SRC/ RUN mkdir $SRC/cel-cpp/fuzz/ @@ -24,5 +23,5 @@ COPY BUILD fuzz*.cc $SRC/cel-cpp/fuzz/ COPY WORKSPACE .bazelrc $SRC/ RUN cat WORKSPACE >> $SRC/cel-cpp/WORKSPACE RUN cat .bazelrc >> $SRC/cel-cpp/.bazelrc -RUN echo "4.1.0" > $SRC/cel-cpp/.bazelversion +RUN echo "4.0.0" > $SRC/cel-cpp/.bazelversion WORKDIR $SRC/cel-cpp diff --git a/projects/cel-cpp/build.sh b/projects/cel-cpp/build.sh index b204d1cb6..5a6315a35 100755 --- a/projects/cel-cpp/build.sh +++ b/projects/cel-cpp/build.sh @@ -15,4 +15,18 @@ # ################################################################################ -bazel_build_fuzz_tests +declare -r QUERY=' + let all_fuzz_tests = attr(tags, "fuzz-test", "//...") in + $all_fuzz_tests - attr(tags, "no-oss-fuzz", $all_fuzz_tests) +' + +declare -r PACKAGE_SUFFIX="_oss_fuzz" +declare -r OSS_FUZZ_TESTS="$(bazel query "${QUERY}" | sed "s/$/${PACKAGE_SUFFIX}/")" + +bazel build -c opt --config=oss-fuzz --linkopt=-lc++ \ + --action_env=CC="${CC}" --action_env=CXX="${CXX}" \ + ${OSS_FUZZ_TESTS[*]} + +for oss_fuzz_archive in $(find bazel-bin/ -name "*${PACKAGE_SUFFIX}.tar"); do + tar -xvf "${oss_fuzz_archive}" -C "${OUT}" +done diff --git a/projects/cel-cpp/fuzz_parse.cc b/projects/cel-cpp/fuzz_parse.cc index 8aaba0bba..f4755d319 100644 --- a/projects/cel-cpp/fuzz_parse.cc +++ b/projects/cel-cpp/fuzz_parse.cc @@ -16,17 +16,14 @@ #include <string> -#include "parser/options.h" #include "parser/parser.h" #define MAX_RECURSION 0x100 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { std::string str (reinterpret_cast<const char*>(data), size); - google::api::expr::parser::ParserOptions options; - options.max_recursion_depth = MAX_RECURSION; try { - auto parse_status = google::api::expr::parser::Parse(str, "fuzzinput", options); + auto parse_status = google::api::expr::parser::Parse(str, "fuzzinput", MAX_RECURSION); if (!parse_status.ok()) { parse_status.status().message(); } diff --git a/projects/cel-cpp/project.yaml b/projects/cel-cpp/project.yaml index 14fb2f112..ad4bf90e3 100644 --- a/projects/cel-cpp/project.yaml +++ b/projects/cel-cpp/project.yaml @@ -7,6 +7,5 @@ auto_ccs : sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory +- memory main_repo: 'https://github.com/google/cel-cpp' diff --git a/projects/cel-go/Dockerfile b/projects/cel-go/Dockerfile deleted file mode 100644 index cac4a1e49..000000000 --- a/projects/cel-go/Dockerfile +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-go -RUN git clone --depth 1 https://github.com/google/cel-go - -RUN apt-get update && apt-get install -y protobuf-compiler libprotobuf-dev binutils cmake \ - ninja-build liblzma-dev libz-dev pkg-config autoconf libtool -RUN git clone --depth 1 https://github.com/google/libprotobuf-mutator.git -RUN mkdir LPM; \ - cd LPM; \ - cmake $SRC/libprotobuf-mutator -GNinja -DLIB_PROTO_MUTATOR_DOWNLOAD_PROTOBUF=ON -DLIB_PROTO_MUTATOR_TESTING=OFF -DCMAKE_BUILD_TYPE=Release; \ - ninja; - -RUN git clone --depth 1 https://github.com/mdempsky/go114-fuzz-build.git - -RUN go get google.golang.org/protobuf/cmd/protoc-gen-go - -COPY go-lpm.cc $SRC/ - -COPY fuzz*.go $SRC/cel-go/cel/ -COPY build.sh $SRC/ -COPY *.proto $SRC/ -WORKDIR $SRC/cel-go diff --git a/projects/cel-go/build.sh b/projects/cel-go/build.sh deleted file mode 100755 index f27842b02..000000000 --- a/projects/cel-go/build.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -mkdir fuzzlpm -$SRC/LPM/external.protobuf/bin/protoc --cpp_out=fuzzlpm/ -I$SRC/ $SRC/cel-go-lpm.proto - -$CXX $CXXFLAGS -c -I fuzzlpm/ -I $SRC/LPM/external.protobuf/include fuzzlpm/cel-go-lpm.pb.cc -$CXX $CXXFLAGS -c -I. -I ../libprotobuf-mutator/ -I $SRC/LPM/external.protobuf/include $SRC/go-lpm.cc - -( -cd $SRC/go114-fuzz-build -sed -i -e 's/LLVMFuzzerTestOneInput/LPMFuzzerTestOneInput/' main.go -go build -) - -$SRC/LPM/external.protobuf/bin/protoc --go_out=fuzzlpm/ -I$SRC/ $SRC/cel-go-lpm.proto -cp fuzzlpm/github.com/google/cel-go/cel/*.pb.go cel/ - -$SRC/go114-fuzz-build/go114-fuzz-build -func FuzzEval -o fuzz_lpm.a github.com/google/cel-go/cel -$CXX $CXXFLAGS $LIB_FUZZING_ENGINE cel-go-lpm.pb.o go-lpm.o fuzz_lpm.a $SRC/LPM/src/libfuzzer/libprotobuf-mutator-libfuzzer.a $SRC/LPM/src/libprotobuf-mutator.a $SRC/LPM/external.protobuf/lib/libprotobuf.a -o $OUT/fuzz_lpm - -compile_go_fuzzer github.com/google/cel-go/cel FuzzCompile fuzz_compile diff --git a/projects/cel-go/cel-go-lpm.proto b/projects/cel-go/cel-go-lpm.proto deleted file mode 100644 index 5bcfeeb60..000000000 --- a/projects/cel-go/cel-go-lpm.proto +++ /dev/null @@ -1,25 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -syntax = "proto3"; -package celgolpm; - -option go_package = "github.com/google/cel-go/cel"; - -message FuzzVariables { - string expr = 1; - map<string,string> inputs = 2; -} diff --git a/projects/cel-go/fuzz_compile.go b/projects/cel-go/fuzz_compile.go deleted file mode 100644 index a7398da48..000000000 --- a/projects/cel-go/fuzz_compile.go +++ /dev/null @@ -1,18 +0,0 @@ -package cel - -func FuzzCompile(data []byte) int { - env, err := NewEnv() - if err != nil { - panic("impossible to create env") - } - ast, issues := env.Compile(string(data)) - if issues != nil && issues.Err() != nil { - return 0 - } - _, err = env.Program(ast) - if err != nil { - return 0 - } - - return 1 -} diff --git a/projects/cel-go/fuzz_eval.go b/projects/cel-go/fuzz_eval.go deleted file mode 100644 index 8b2764c60..000000000 --- a/projects/cel-go/fuzz_eval.go +++ /dev/null @@ -1,39 +0,0 @@ -package cel - -import ( - "github.com/golang/protobuf/proto" - - "github.com/google/cel-go/checker/decls" - exprpb "google.golang.org/genproto/googleapis/api/expr/v1alpha1" -) - -func FuzzEval(data []byte) int { - gen := &FuzzVariables{} - err := proto.Unmarshal(data, gen) - if err != nil { - panic("Failed to unmarshal LPM generated variables") - } - - declares := make([]*exprpb.Decl, 0, len(gen.Inputs)) - for k, _ := range gen.Inputs { - declares = append(declares, decls.NewVar(k, decls.String)) - } - env, err := NewEnv(Declarations(declares...)) - if err != nil { - panic("impossible to create env") - } - - ast, issues := env.Compile(gen.Expr) - if issues != nil && issues.Err() != nil { - return 0 - } - prg, err := env.Program(ast) - if err != nil { - return 0 - } - //fmt.Printf("loltry %#+v\n", gen) - - _, _, err = prg.Eval(gen.Inputs) - - return 1 -} diff --git a/projects/cel-go/go-lpm.cc b/projects/cel-go/go-lpm.cc deleted file mode 100644 index 9a341bc7e..000000000 --- a/projects/cel-go/go-lpm.cc +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -#include "fuzzlpm/cel-go-lpm.pb.h" -#include "src/libfuzzer/libfuzzer_macro.h" - -extern "C" void LPMFuzzerTestOneInput(const uint8_t *buffer, size_t size); - -DEFINE_PROTO_FUZZER(const celgolpm::FuzzVariables& input) { - size_t size = input.ByteSizeLong(); - if (size > 0) { - uint8_t *buffer = (uint8_t *) malloc(size); - //printf("debugs %d: %s\n", size, input.DebugString().c_str()); - input.SerializeToArray((uint8_t *) buffer, size); - LPMFuzzerTestOneInput(buffer, size); - free(buffer); - } -} diff --git a/projects/cel-go/project.yaml b/projects/cel-go/project.yaml deleted file mode 100644 index ad7f632b5..000000000 --- a/projects/cel-go/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://opensource.google/projects/cel" -primary_contact: "tswadell@google.com" -auto_ccs: - - "p.antoine@catenacyber.fr" -language: go -fuzzing_engines: - - libfuzzer -sanitizers: - - address -main_repo: 'https://github.com/google/cel-go' diff --git a/projects/cfengine/Dockerfile b/projects/cfengine/Dockerfile deleted file mode 100644 index 24b70d8b2..000000000 --- a/projects/cfengine/Dockerfile +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y \ - build-essential autoconf automake libssl-dev \ - libpcre3 libpcre3-dev bison libbison-dev \ - libacl1 libacl1-dev libpq-dev lmdb-utils \ - liblmdb-dev libpam0g-dev flex libtool - -RUN git clone --depth 1 https://github.com/cfengine/core --recursive -WORKDIR core -COPY build.sh string_fuzzer.c $SRC/ diff --git a/projects/cfengine/build.sh b/projects/cfengine/build.sh deleted file mode 100755 index 4a2d542c7..000000000 --- a/projects/cfengine/build.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -./autogen.sh -./configure -make V=1 -j$(nproc) - -cd libpromises -mv $SRC/string_fuzzer.c . -find . -name "*.o" -exec ar rcs fuzz_lib.a {} \; -$CC $CFLAGS -I./ -c string_fuzzer.c -o string_fuzzer.o -$CC $CXXFLAGS $LIB_FUZZING_ENGINE string_fuzzer.o \ - -o $OUT/string_fuzzer fuzz_lib.a \ - ../libntech/libutils/.libs/libutils.a diff --git a/projects/cfengine/project.yaml b/projects/cfengine/project.yaml deleted file mode 100644 index 4db793d6e..000000000 --- a/projects/cfengine/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://github.com/cfengine/core" -main_repo: "https://github.com/cfengine/core" -language: c++ -primary_contact: "vratislav.podzimek@northern.tech" -auto_ccs: - - "Adam@adalogics.com" -sanitizers: - - address - - undefined - - memory diff --git a/projects/cfengine/string_fuzzer.c b/projects/cfengine/string_fuzzer.c deleted file mode 100644 index b7d5cfb83..000000000 --- a/projects/cfengine/string_fuzzer.c +++ /dev/null @@ -1,40 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include <stdint.h> -#include <string.h> -#include <stdlib.h> -#include <string_expressions.h> - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size){ - if(size<4) { - return 0; - } - for (int i=0; i<size; i++) { - if(data[i]==0) { - return 0; - } - } - char *new_str = (char *)malloc(size+1); - if (new_str == NULL){ - return 0; - } - memcpy(new_str, data, size); - new_str[size] = '\0'; - int len = strlen(new_str); - - StringParseResult res = ParseStringExpression(new_str, 0, len); - - FreeStringExpression(res.result); - free(new_str); - return 0; -} diff --git a/projects/cilium/Dockerfile b/projects/cilium/Dockerfile index e263f368d..89f2f0016 100644 --- a/projects/cilium/Dockerfile +++ b/projects/cilium/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y wget RUN wget https://raw.githubusercontent.com/google/AFL/master/dictionaries/json.dict -O $OUT/fuzz.dict diff --git a/projects/cilium/project.yaml b/projects/cilium/project.yaml index ff788e206..0d75f4422 100644 --- a/projects/cilium/project.yaml +++ b/projects/cilium/project.yaml @@ -2,13 +2,9 @@ homepage: "https://cilium.io" language: go primary_contact: "security@cilium.io" auto_ccs: -- "andre@isovalent.com" -- "joe@isovalent.com" +- "tom@isovalent.com" - "natalia@isovalent.com" -- "robin@isovalent.com" -- "tom.payne@isovalent.com" - "adam@adalogics.com" -main_repo: "https://github.com/cilium/cilium.git" fuzzing_engines: - libfuzzer sanitizers: diff --git a/projects/civetweb/project.yaml b/projects/civetweb/project.yaml index f09c3f8cb..f191b2a7c 100755 --- a/projects/civetweb/project.yaml +++ b/projects/civetweb/project.yaml @@ -4,6 +4,7 @@ language: c fuzzing_engines: - libfuzzer - honggfuzz + - dataflow auto_ccs: - "xt4ubq@gmail.com" - "david@adalogics.com" diff --git a/projects/clamav/Dockerfile b/projects/clamav/Dockerfile index 629595880..0d4cc0338 100644 --- a/projects/clamav/Dockerfile +++ b/projects/clamav/Dockerfile @@ -28,7 +28,7 @@ RUN git clone --depth 1 https://github.com/Cisco-Talos/clamav-mussels-cookbook.g RUN mkdir /mussels RUN cd ${SRC}/clamav-mussels-cookbook && \ - msl build libclamav_deps -t host-static -w /mussels/work -i /mussels/install + msl build clamav_deps -t host-static -w /mussels/work -i /mussels/install # Collect clamav source & fuzz corpus RUN git clone --depth 1 https://github.com/Cisco-Talos/clamav-devel.git diff --git a/projects/clamav/build.sh b/projects/clamav/build.sh index 826021bfe..1f7e902ed 100755 --- a/projects/clamav/build.sh +++ b/projects/clamav/build.sh @@ -42,7 +42,7 @@ cmake ${SRC}/clamav-devel \ -DOPENSSL_CRYPTO_LIBRARY="$CLAMAV_DEPENDENCIES/lib/libcrypto.a" \ -DOPENSSL_SSL_LIBRARY="$CLAMAV_DEPENDENCIES/lib/libssl.a" \ -DZLIB_LIBRARY="$CLAMAV_DEPENDENCIES/lib/libssl.a" \ - -DLIBXML2_INCLUDE_DIR="$CLAMAV_DEPENDENCIES/include/libxml2" \ + -DLIBXML2_INCLUDE_DIR="$CLAMAV_DEPENDENCIES/include" \ -DLIBXML2_LIBRARY="$CLAMAV_DEPENDENCIES/lib/libxml2.a" \ -DPCRE2_INCLUDE_DIR="$CLAMAV_DEPENDENCIES/include" \ -DPCRE2_LIBRARY="$CLAMAV_DEPENDENCIES/lib/libpcre2-8.a" \ diff --git a/projects/clib/Dockerfile b/projects/clib/Dockerfile index d46f75291..92e14901e 100644 --- a/projects/clib/Dockerfile +++ b/projects/clib/Dockerfile @@ -15,7 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make cmake libcurl4-gnutls-dev -qq +RUN apt-get update && apt-get install -y make cmake ninja libcurl4-gnutls-dev -qq RUN git clone https://github.com/clibs/clib WORKDIR $SRC/ COPY build.sh $SRC/ diff --git a/projects/clib/build.sh b/projects/clib/build.sh index 166ee45f7..c48ba9d76 100644 --- a/projects/clib/build.sh +++ b/projects/clib/build.sh @@ -29,10 +29,8 @@ $CC $CFLAGS -Wno-unused-function -U__STRICT_ANSI__ \ -I./deps/asprintf $CC $CFLAGS $LIB_FUZZING_ENGINE fuzz_manifest.o \ - -o $OUT/fuzz_manifest src/common/clib-settings.c src/common/clib-package.c \ + -o $OUT/fuzz_manifest src/common/clib-package.c \ src/common/clib-cache.c src/clib-configure.c \ -I./deps/asprintf -I./deps -I./asprintf \ fuzz_lib.a -L/usr/lib/x86_64-linux-gnu -lcurl -echo "[libfuzzer]" > $OUT/fuzz_manifest.options -echo "detect_leaks=0" >> $OUT/fuzz_manifest.options diff --git a/projects/clickhouse/Dockerfile b/projects/clickhouse/Dockerfile deleted file mode 100644 index cd835bea1..000000000 --- a/projects/clickhouse/Dockerfile +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder - -RUN apt-get update -y \ - && env DEBIAN_FRONTEND=noninteractive \ - apt-get install --yes --no-install-recommends \ - bash \ - wget \ - curl \ - ccache \ - expect \ - ninja-build \ - perl \ - pkg-config \ - python3 \ - python3-lxml \ - python3-requests \ - python3-termcolor \ - sudo \ - tzdata - -RUN git clone -j 8 --recursive https://github.com/ClickHouse/ClickHouse $SRC/ClickHouse -WORKDIR $SRC/ClickHouse - -COPY build.sh $SRC/ diff --git a/projects/clickhouse/build.sh b/projects/clickhouse/build.sh deleted file mode 100755 index a0415f085..000000000 --- a/projects/clickhouse/build.sh +++ /dev/null @@ -1,107 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -mkdir $SRC/ClickHouse/build -cd $SRC/ClickHouse/build - -sed -i -e '/warnings.cmake)/d' $SRC/ClickHouse/CMakeLists.txt - -# It will be hard to maintain any compilation fails (if any) in two repositories. -# Also ClickHouse won't compile without this. -# It is very strange, because we have as many warnings as you could imagine. -sed -i -e 's/add_warning(/no_warning(/g' $SRC/ClickHouse/CMakeLists.txt - -# ClickHouse uses libcxx from contrib. -# Enabling this manually will cause duplicate symbols at linker stage. -CXXFLAGS=${CXXFLAGS//-stdlib=libc++/} - -CLICKHOUSE_CMAKE_FLAGS=( - "-DCMAKE_CXX_COMPILER_LAUNCHER=/usr/bin/ccache" - "-DCMAKE_C_COMPILER=$CC" - "-DCMAKE_CXX_COMPILER=$CXX" - "-DCMAKE_BUILD_TYPE=RelWithDebInfo" - "-DLIB_FUZZING_ENGINE:STRING=$LIB_FUZZING_ENGINE" - "-DENABLE_EMBEDDED_COMPILER=0" - "-DENABLE_THINLTO=0" - "-DENABLE_TESTS=0" - "-DENABLE_EXAMPLES=0" - "-DENABLE_UTILS=0" - "-DENABLE_JEMALLOC=0" - "-DENABLE_FUZZING=1" - "-DENABLE_CLICKHOUSE_ODBC_BRIDGE=OFF" - "-DENABLE_LIBRARIES=0" - "-DENABLE_SSL=1" - "-DUSE_INTERNAL_SSL_LIBRARY=1" - "-DUSE_UNWIND=ON" - "-DGLIBC_COMPATIBILITY=OFF" -) - -if [ "$SANITIZER" = "coverage" ]; then - cmake -G Ninja $SRC/ClickHouse ${CLICKHOUSE_CMAKE_FLAGS[@]} -DCMAKE_CXX_FLAGS="$CXXFLAGS" -DCMAKE_C_FLAGS="$CFLAGS" -DWITH_COVERAGE=1 -else - cmake -G Ninja $SRC/ClickHouse ${CLICKHOUSE_CMAKE_FLAGS[@]} -DCMAKE_CXX_FLAGS="$CXXFLAGS" -DCMAKE_C_FLAGS="$CFLAGS" -DWITH_COVERAGE=1 -DSANITIZE=$SANITIZER -fi - -NUM_JOBS=$(($(nproc || grep -c ^processor /proc/cpuinfo) / 2)) - -TARGETS=$(find $SRC/ClickHouse/src -name '*_fuzzer.cpp' -execdir basename {} .cpp ';' | tr '\n' ' ') - -for FUZZER_TARGET in $TARGETS -do - ninja -j $NUM_JOBS $FUZZER_TARGET - # Find this binary in build directory and strip it - TEMP=$(find $SRC/ClickHouse/build -name $FUZZER_TARGET) - strip --strip-unneeded $TEMP -done - -# copy out fuzzer binaries -find $SRC/ClickHouse/build -name '*_fuzzer' -exec cp -v '{}' $OUT ';' - -# copy out fuzzer options and dictionaries -cp $SRC/ClickHouse/tests/fuzz/*.dict $OUT/ -cp $SRC/ClickHouse/tests/fuzz/*.options $OUT/ - -# prepare corpus dirs -mkdir $SRC/ClickHouse/tests/fuzz/lexer_fuzzer.in/ -mkdir $SRC/ClickHouse/tests/fuzz/select_parser_fuzzer.in/ -mkdir $SRC/ClickHouse/tests/fuzz/create_parser_fuzzer.in/ - -# prepare corpus -cp $SRC/ClickHouse/tests/queries/0_stateless/*.sql $SRC/ClickHouse/tests/fuzz/lexer_fuzzer.in/ -cp $SRC/ClickHouse/tests/queries/0_stateless/*.sql $SRC/ClickHouse/tests/fuzz/select_parser_fuzzer.in/ -cp $SRC/ClickHouse/tests/queries/0_stateless/*.sql $SRC/ClickHouse/tests/fuzz/create_parser_fuzzer.in/ -cp $SRC/ClickHouse/tests/queries/1_stateful/*.sql $SRC/ClickHouse/tests/fuzz/lexer_fuzzer.in/ -cp $SRC/ClickHouse/tests/queries/1_stateful/*.sql $SRC/ClickHouse/tests/fuzz/select_parser_fuzzer.in/ -cp $SRC/ClickHouse/tests/queries/1_stateful/*.sql $SRC/ClickHouse/tests/fuzz/create_parser_fuzzer.in/ - -# copy out corpus -cd $SRC/ClickHouse/tests/fuzz -for dir in *_fuzzer.in; do - fuzzer=$(basename $dir .in) - zip -rj "$OUT/${fuzzer}_seed_corpus.zip" "${dir}/" -done - -# copy sources for code coverage if required -if [ "$SANITIZER" = "coverage" ]; then - mkdir -p $OUT/src/ClickHouse/ - cp -rL --parents $SRC/ClickHouse/src $OUT - cp -rL --parents $SRC/ClickHouse/base $OUT - cp -rL --parents $SRC/ClickHouse/programs $OUT -fi - -# Just check binaries size -BINARIES_SIZE=$(find $SRC/ClickHouse/build -name '*_fuzzer' -exec du -sh '{}' ';') diff --git a/projects/clickhouse/project.yaml b/projects/clickhouse/project.yaml index 9e505f227..9c0c7cf92 100644 --- a/projects/clickhouse/project.yaml +++ b/projects/clickhouse/project.yaml @@ -1,18 +1,6 @@ homepage: "https://clickhouse.tech/" language: c++ -primary_contact: "clickhouse-security@yandex-team.com" +primary_contact: "clickhouse-feedback@yandex-team.com" auto_ccs: - "security@yandex-team.com" - "kyprizel@gmail.com" - - "jakalletti@gmail.com" - - "man2gm@gmail.com" - - "kochetovnicolai@gmail.com" - - "hq.zero.iq@gmail.com" - - "pn.cheremushkin@gmail.com" -sanitizers: - - address - - memory - - undefined -fuzzing_engines: - - libfuzzer -main_repo: 'https://github.com/ClickHouse/ClickHouse.git' diff --git a/projects/cmake/project.yaml b/projects/cmake/project.yaml index 17c5b3e8d..8ab35334c 100644 --- a/projects/cmake/project.yaml +++ b/projects/cmake/project.yaml @@ -7,5 +7,4 @@ auto_ccs: sanitizers: - address - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory diff --git a/projects/containerd/Dockerfile b/projects/containerd/Dockerfile deleted file mode 100644 index 7ae42468b..000000000 --- a/projects/containerd/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-go -RUN apt-get update && apt-get install -y btrfs-progs libc-dev pkg-config libseccomp-dev gcc wget libbtrfs-dev -RUN git clone --depth 1 https://github.com/containerd/containerd -COPY build.sh $SRC/ -WORKDIR $SRC/containerd diff --git a/projects/containerd/build.sh b/projects/containerd/build.sh deleted file mode 100644 index e5a1e6b6b..000000000 --- a/projects/containerd/build.sh +++ /dev/null @@ -1,19 +0,0 @@ -#/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -$SRC/containerd/contrib/fuzz/oss_fuzz_build.sh - diff --git a/projects/containerd/project.yaml b/projects/containerd/project.yaml deleted file mode 100644 index 4875cd66a..000000000 --- a/projects/containerd/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://github.com/containerd/containerd" -main_repo: "https://github.com/containerd/containerd" -primary_contact: "security@containerd.io" -auto_ccs : - - "adam@adalogics.com" -language: go -fuzzing_engines: - - libfuzzer -sanitizers: - - address diff --git a/projects/cosign/Dockerfile b/projects/cosign/Dockerfile index bb094925a..f0282dd16 100644 --- a/projects/cosign/Dockerfile +++ b/projects/cosign/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go -RUN apt-get update && apt-get install -y pkg-config libpcsclite-dev +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/sigstore/cosign COPY build.sh $SRC/ diff --git a/projects/cosmos-sdk/Dockerfile b/projects/cosmos-sdk/Dockerfile deleted file mode 100644 index 0e5fe8b93..000000000 --- a/projects/cosmos-sdk/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-go -RUN git clone --single-branch --branch fuzz-packages https://github.com/cosmos/cosmos-sdk - -COPY build.sh $SRC -WORKDIR $SRC/cosmos-sdk diff --git a/projects/cosmos-sdk/build.sh b/projects/cosmos-sdk/build.sh deleted file mode 100755 index a86511424..000000000 --- a/projects/cosmos-sdk/build.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -bash -x ./fuzz/oss-fuzz-build.sh diff --git a/projects/cosmos-sdk/project.yaml b/projects/cosmos-sdk/project.yaml deleted file mode 100644 index fbe2cd1d2..000000000 --- a/projects/cosmos-sdk/project.yaml +++ /dev/null @@ -1,11 +0,0 @@ -homepage: "https://github.com/cosmos/cosmos-sdk" -primary_contact: "fuzzing@orijtech.com" -auto_ccs: - - emmanuel@orijtech.com - - cuong@orijtech.com -language: go -fuzzing_engines: - - libfuzzer -sanitizers: - - address -main_repo: "https://github.com/cosmos/cosmos-sdk" diff --git a/projects/cpp-httplib/project.yaml b/projects/cpp-httplib/project.yaml index 9043e407a..0c90fa007 100644 --- a/projects/cpp-httplib/project.yaml +++ b/projects/cpp-httplib/project.yaml @@ -9,7 +9,7 @@ auto_ccs : - "ankitlohia@google.com" sanitizers: - address + - dataflow - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory -main_repo: 'https://github.com/yhirose/cpp-httplib.git'
\ No newline at end of file + - memory +main_repo: 'https://github.com/yhirose/cpp-httplib.git' diff --git a/projects/cpython3/Dockerfile b/projects/cpython3/Dockerfile index 972ed6f22..6ca60d408 100644 --- a/projects/cpython3/Dockerfile +++ b/projects/cpython3/Dockerfile @@ -1,18 +1,3 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update diff --git a/projects/cpython3/project.yaml b/projects/cpython3/project.yaml index e454e36c9..7edfd24b4 100644 --- a/projects/cpython3/project.yaml +++ b/projects/cpython3/project.yaml @@ -6,6 +6,5 @@ auto_ccs: - "ammar@ammaraskar.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory - - undefined
\ No newline at end of file + - memory + - undefined diff --git a/projects/cras/Dockerfile b/projects/cras/Dockerfile index 3a533f6aa..71b2b121f 100644 --- a/projects/cras/Dockerfile +++ b/projects/cras/Dockerfile @@ -19,7 +19,7 @@ ################################################################################ # Defines a docker image that can build cras fuzzers. # -FROM gcr.io/oss-fuzz-base/base-builder-rust +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get -y update && \ apt-get install -y \ @@ -40,7 +40,6 @@ RUN apt-get -y update && \ libtool \ libudev-dev \ wget \ - vim \ zip RUN apt-get clean RUN cd /tmp && git clone https://github.com/ndevilla/iniparser.git && \ diff --git a/projects/cras/build.sh b/projects/cras/build.sh index 410ade7b6..84f50b1d2 100755 --- a/projects/cras/build.sh +++ b/projects/cras/build.sh @@ -44,5 +44,3 @@ done zip -j ${OUT}/rclient_message_corpus.zip ${SRC}/adhd/cras/src/fuzz/corpus/* cp "${SRC}/adhd/cras/src/fuzz/cras_hfp_slc.dict" "${OUT}/cras_hfp_slc.dict" -# Add *.rs soft link for coverage build -ln -s ${SRC}/adhd/cras/src/server/rust/src/* ${SRC} diff --git a/projects/cras/project.yaml b/projects/cras/project.yaml index 3e0c9f6ac..330b02549 100644 --- a/projects/cras/project.yaml +++ b/projects/cras/project.yaml @@ -1,16 +1,12 @@ homepage: "https://www.chromium.org" language: c++ -primary_contact: "paulhsia@chromium.org" +primary_contact: "dgreid@chromium.org" auto_ccs: - "hychao@chromium.org" - "cychiang@chromium.org" + - "paulhsia@chromium.org" - "yuhsuan@chromium.org" - "enshuo@chromium.org" + - "tzungbi@chromium.org" - "cujomalainey@chromium.org" - - "benzh@chromium.org" - - "judyhsiao@chromium.org" - - "johnylin@chromium.org" - - "aaronyu@chromium.org" - - "hunghsienchen@chromium.org" -builds_per_day: 2 main_repo: 'https://chromium.googlesource.com/chromiumos/third_party/adhd' diff --git a/projects/cryptofuzz/Dockerfile b/projects/cryptofuzz/Dockerfile index 1a1cb9ac3..7ed5d425b 100644 --- a/projects/cryptofuzz/Dockerfile +++ b/projects/cryptofuzz/Dockerfile @@ -14,13 +14,14 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust -ENV GOPATH /root/go -ENV PATH $PATH:/root/.go/bin:$GOPATH/bin -RUN install_go.sh +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && \ - apt-get install -y software-properties-common wget make autoconf automake libtool build-essential cmake mercurial gyp ninja-build zlib1g-dev libsqlite3-dev bison flex texinfo + apt-get install -y apt-transport-https ca-certificates gnupg software-properties-common wget && \ + wget -O - https://apt.kitware.com/keys/kitware-archive-latest.asc 2>/dev/null | apt-key add - && \ + apt-add-repository 'deb https://apt.kitware.com/ubuntu/ xenial main' && \ + apt-get update && \ + apt-get install -y software-properties-common python-software-properties make autoconf automake libtool build-essential cmake mercurial gyp ninja-build zlib1g-dev libsqlite3-dev bison flex texinfo RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz-corpora @@ -35,14 +36,15 @@ RUN git clone --depth 1 -b oss-fuzz https://github.com/project-everest/hacl-star RUN git clone --depth 1 https://github.com/google/cityhash.git RUN git clone --depth 1 https://github.com/randombit/botan.git RUN git clone --depth 1 https://github.com/wolfSSL/wolfssl.git -RUN git clone --depth 1 -b development_2.x https://github.com/ARMmbed/mbedtls.git +RUN git clone --depth 1 https://github.com/ARMmbed/mbedtls.git RUN hg clone https://hg.mozilla.org/projects/nspr -#RUN hg clone https://hg.mozilla.org/projects/nss +RUN hg clone https://hg.mozilla.org/projects/nss RUN git clone --depth 1 https://github.com/jedisct1/libsodium.git RUN git clone --depth 1 https://github.com/libtom/libtomcrypt.git -#RUN git clone --depth 1 https://github.com/microsoft/SymCrypt.git +RUN git clone --depth 1 https://github.com/microsoft/SymCrypt.git +RUN git clone --depth 1 https://git.lysator.liu.se/nettle/nettle RUN hg clone https://gmplib.org/repo/gmp/ libgmp/ -RUN wget https://www.bytereef.org/software/mpdecimal/releases/mpdecimal-2.5.1.tar.gz +RUN wget https://www.bytereef.org/software/mpdecimal/releases/mpdecimal-2.5.0.tar.gz RUN git clone --depth 1 https://github.com/indutny/bn.js.git RUN git clone --depth 1 https://github.com/MikeMcl/bignumber.js.git RUN git clone --depth 1 https://github.com/guidovranken/libfuzzer-js.git @@ -50,14 +52,8 @@ RUN git clone --depth 1 https://github.com/brix/crypto-js.git RUN git clone --depth 1 https://github.com/LoupVaillant/Monocypher.git RUN git clone --depth 1 https://github.com/trezor/trezor-firmware.git RUN git clone --depth 1 https://github.com/Cyan4973/xxHash.git -RUN git clone --depth 1 https://github.com/paulmillr/noble-ed25519.git -RUN git clone --depth 1 https://github.com/paulmillr/noble-bls12-381.git -RUN git clone --depth 1 https://github.com/paulmillr/noble-secp256k1.git -RUN git clone --depth 1 https://github.com/supranational/blst.git -RUN git clone --depth 1 https://github.com/bitcoin-core/secp256k1.git RUN apt-get remove -y libunwind8 RUN apt-get install -y libssl-dev -RUN wget https://boostorg.jfrog.io/artifactory/main/release/1.74.0/source/boost_1_74_0.tar.bz2 -RUN wget https://nodejs.org/dist/v14.17.1/node-v14.17.1-linux-x64.tar.xz +RUN wget https://dl.bintray.com/boostorg/release/1.74.0/source/boost_1_74_0.tar.bz2 COPY build.sh xxd.c $SRC/ diff --git a/projects/cryptofuzz/build.sh b/projects/cryptofuzz/build.sh index 3df921820..9aa3c948b 100755 --- a/projects/cryptofuzz/build.sh +++ b/projects/cryptofuzz/build.sh @@ -20,15 +20,6 @@ export GO111MODULE=off -if [[ $CFLAGS != *sanitize=memory* && $CFLAGS != *-m32* ]] -then - # Install nodejs/npm - # It is required for building noble-bls12-381 - cd $SRC/ - tar Jxf node-v14.17.1-linux-x64.tar.xz - export PATH="$PATH:$SRC/node-v14.17.1-linux-x64/bin/" -fi - # Compile xxd $CC $SRC/xxd.c -o /usr/bin/xxd @@ -59,6 +50,9 @@ go get golang.org/x/crypto/ripemd160 # This enables runtime checks for C++-specific undefined behaviour. export CXXFLAGS="$CXXFLAGS -D_GLIBCXX_DEBUG" +# Prevent Boost compilation error with -std=c++17 +export CXXFLAGS="$CXXFLAGS -D_LIBCPP_ENABLE_CXX17_REMOVED_AUTO_PTR" + export CXXFLAGS="$CXXFLAGS -I $SRC/cryptofuzz/fuzzing-headers/include" if [[ $CFLAGS = *sanitize=memory* ]] then @@ -93,23 +87,23 @@ then fi # Compile NSS -#if [[ $CFLAGS != *-m32* ]] -#then -# mkdir $SRC/nss-nspr -# mv $SRC/nss $SRC/nss-nspr/ -# mv $SRC/nspr $SRC/nss-nspr/ -# cd $SRC/nss-nspr/ -# -# CXX="$CXX -stdlib=libc++" LDFLAGS="$CFLAGS" nss/build.sh --enable-fips --static --disable-tests --fuzz=oss -# -# export NSS_NSPR_PATH=$(realpath $SRC/nss-nspr/) -# export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NSS" -# export LINK_FLAGS="$LINK_FLAGS -lsqlite3" -# -# # Compile Cryptofuzz NSS module -# cd $SRC/cryptofuzz/modules/nss -# make -B -#fi +if [[ $CFLAGS != *-m32* ]] +then + mkdir $SRC/nss-nspr + mv $SRC/nss $SRC/nss-nspr/ + mv $SRC/nspr $SRC/nss-nspr/ + cd $SRC/nss-nspr/ + + CXX="$CXX -stdlib=libc++" LDFLAGS="$CFLAGS" nss/build.sh --enable-fips --static --disable-tests --fuzz=oss + + export NSS_NSPR_PATH=$(realpath $SRC/nss-nspr/) + export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NSS" + export LINK_FLAGS="$LINK_FLAGS -lsqlite3" + + # Compile Cryptofuzz NSS module + cd $SRC/cryptofuzz/modules/nss + make -B +fi # Compile Monocypher cd $SRC/Monocypher/ @@ -147,93 +141,53 @@ then make -B fi -## Build blst -#cd $SRC/blst/ -## Patch to disable assembly -## This is to prevent false positives, see: -## https://github.com/google/oss-fuzz/issues/5914 -#touch new_no_asm.h -#echo "#if LIMB_T_BITS==32" >>new_no_asm.h -#echo "typedef unsigned long long llimb_t;" >>new_no_asm.h -#echo "#else" >>new_no_asm.h -#echo "typedef __uint128_t llimb_t;" >>new_no_asm.h -#echo "#endif" >>new_no_asm.h -#cat src/no_asm.h >>new_no_asm.h -#mv new_no_asm.h src/no_asm.h -#CFLAGS="$CFLAGS -D__BLST_NO_ASM__ -D__BLST_PORTABLE__" ./build.sh -#export BLST_LIBBLST_A_PATH=$(realpath libblst.a) -#export BLST_INCLUDE_PATH=$(realpath bindings/) -#export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_BLST" -# -## Compile Cryptofuzz blst module -#cd $SRC/cryptofuzz/modules/blst/ -#make -B -j$(nproc) - -# Build libsecp256k1 -cd $SRC/secp256k1/ -autoreconf -ivf -export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_SECP256K1" -if [[ $CFLAGS = *sanitize=memory* ]] +# Compile SymCrypt +cd $SRC/SymCrypt/ +if [[ $CFLAGS != *sanitize=array-bounds* ]] then - ./configure --enable-static --disable-tests --disable-benchmark --disable-exhaustive-tests --enable-module-recovery --enable-experimental --enable-module-schnorrsig --enable-module-ecdh --with-asm=no -else - ./configure --enable-static --disable-tests --disable-benchmark --disable-exhaustive-tests --enable-module-recovery --enable-experimental --enable-module-schnorrsig --enable-module-ecdh -fi -make -export SECP256K1_INCLUDE_PATH=$(realpath .) -export LIBSECP256K1_A_PATH=$(realpath .libs/libsecp256k1.a) + # Unittests don't build with clang and are not needed anyway + sed -i "s/^add_subdirectory(unittest)$//g" CMakeLists.txt -# Compile Cryptofuzz libsecp256k1 module -cd $SRC/cryptofuzz/modules/secp256k1/ -make -B -j$(nproc) - -if [[ $CFLAGS != *sanitize=memory* && $CFLAGS != *-m32* ]] -then - # noble-secp256k1 - cd $SRC/cryptofuzz/modules/noble-secp256k1/ - export NOBLE_SECP256K1_PATH="$SRC/noble-secp256k1/index.js" - export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NOBLE_SECP256K1" - make -B + mkdir b/ + cd b/ + cmake ../ + make -j$(nproc) - # noble-bls12-381 - cd $SRC/noble-bls12-381/ - cp math.ts new_index.ts - $(awk '/^export/ {print "tail -n +"FNR+1" index.ts"; exit}' index.ts) >>new_index.ts - mv new_index.ts index.ts - npm install && npm run build - export NOBLE_BLS12_381_PATH=$(realpath index.js) - export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NOBLE_BLS12_381" - cd $SRC/cryptofuzz/modules/noble-bls12-381/ - make -B + export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_SYMCRYPT" + export SYMCRYPT_INCLUDE_PATH=$(realpath ../inc/) + export LIBSYMCRYPT_COMMON_A_PATH=$(realpath lib/x86_64/Generic/libsymcrypt_common.a) + export SYMCRYPT_GENERIC_A_PATH=$(realpath lib/x86_64/Generic/symcrypt_generic.a) - # noble-ed25519 - cd $SRC/cryptofuzz/modules/noble-ed25519/ - export NOBLE_ED25519_PATH="$SRC/noble-ed25519/index.js" - export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NOBLE_ED25519" + # Compile Cryptofuzz SymCrypt module + cd $SRC/cryptofuzz/modules/symcrypt make -B fi -## Compile SymCrypt -#cd $SRC/SymCrypt/ -#if [[ $CFLAGS != *sanitize=array-bounds* ]] -#then -# # Unittests don't build with clang and are not needed anyway -# sed -i "s/^add_subdirectory(unittest)$//g" CMakeLists.txt -# -# mkdir b/ -# cd b/ -# cmake ../ -# make -j$(nproc) -# -# export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_SYMCRYPT" -# export SYMCRYPT_INCLUDE_PATH=$(realpath ../inc/) -# export LIBSYMCRYPT_COMMON_A_PATH=$(realpath lib/x86_64/Generic/libsymcrypt_common.a) -# export SYMCRYPT_GENERIC_A_PATH=$(realpath lib/x86_64/Generic/symcrypt_generic.a) -# -# # Compile Cryptofuzz SymCrypt module -# cd $SRC/cryptofuzz/modules/symcrypt -# make -B -#fi +# Compile Nettle +mkdir $SRC/nettle-install/ +cd $SRC/nettle/ +bash .bootstrap +if [[ $CFLAGS != *sanitize=memory* ]] +then + ./configure --disable-documentation --disable-openssl --prefix=`realpath ../nettle-install` +else + ./configure --disable-documentation --disable-openssl --disable-assembler --prefix=`realpath ../nettle-install` +fi +make -j$(nproc) +make install +if [[ $CFLAGS != *-m32* ]] +then +export LIBNETTLE_A_PATH=`realpath ../nettle-install/lib/libnettle.a` +export LIBHOGWEED_A_PATH=`realpath ../nettle-install/lib/libhogweed.a` +else +export LIBNETTLE_A_PATH=`realpath ../nettle-install/lib32/libnettle.a` +export LIBHOGWEED_A_PATH=`realpath ../nettle-install/lib32/libhogweed.a` +fi +export NETTLE_INCLUDE_PATH=`realpath ../nettle-install/include` +export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NETTLE" +# Compile Cryptofuzz Nettle module +cd $SRC/cryptofuzz/modules/nettle +make -B # Compile libgmp if [[ $CFLAGS != *sanitize=memory* ]] @@ -257,8 +211,8 @@ fi # Compile mpdecimal cd $SRC/ -tar zxf mpdecimal-2.5.1.tar.gz -cd mpdecimal-2.5.1/ +tar zxf mpdecimal-2.5.0.tar.gz +cd mpdecimal-2.5.0/ ./configure cd libmpdec/ make libmpdec.a -j$(nproc) @@ -449,27 +403,27 @@ then make -B fi -#if [[ $CFLAGS != *-m32* ]] -#then -# # Compile Cryptofuzz (NSS-based) -# cd $SRC/cryptofuzz -# LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL $INCLUDE_PATH_FLAGS" make -B -j$(nproc) -# -# # Generate dictionary -# ./generate_dict -# -# # Copy fuzzer -# cp $SRC/cryptofuzz/cryptofuzz $OUT/cryptofuzz-nss -# # Copy dictionary -# cp $SRC/cryptofuzz/cryptofuzz-dict.txt $OUT/cryptofuzz-nss.dict -# # Copy seed corpus -# cp $SRC/cryptofuzz-corpora/libressl_latest.zip $OUT/cryptofuzz-nss_seed_corpus.zip -# -# rm $SRC/cryptofuzz/modules/nss/module.a -# -# CXXFLAGS=${CXXFLAGS//"-DCRYPTOFUZZ_NSS"/} -# LINK_FLAGS=${LINK_FLAGS//"-lsqlite3"/} -#fi +if [[ $CFLAGS != *-m32* ]] +then + # Compile Cryptofuzz (NSS-based) + cd $SRC/cryptofuzz + LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL $INCLUDE_PATH_FLAGS" make -B -j$(nproc) + + # Generate dictionary + ./generate_dict + + # Copy fuzzer + cp $SRC/cryptofuzz/cryptofuzz $OUT/cryptofuzz-nss + # Copy dictionary + cp $SRC/cryptofuzz/cryptofuzz-dict.txt $OUT/cryptofuzz-nss.dict + # Copy seed corpus + cp $SRC/cryptofuzz-corpora/libressl_latest.zip $OUT/cryptofuzz-nss_seed_corpus.zip + + rm $SRC/cryptofuzz/modules/nss/module.a + + CXXFLAGS=${CXXFLAGS//"-DCRYPTOFUZZ_NSS"/} + LINK_FLAGS=${LINK_FLAGS//"-lsqlite3"/} +fi if [[ $CFLAGS != *sanitize=memory* ]] then diff --git a/projects/dart/project.yaml b/projects/dart/project.yaml index fe43ad46c..155fe23dd 100644 --- a/projects/dart/project.yaml +++ b/projects/dart/project.yaml @@ -6,6 +6,4 @@ auto_ccs : sanitizers: - address -fuzzing_engines: -- libfuzzer main_repo: 'https://github.com/dart-lang/sdk.git' diff --git a/projects/dav1d/Dockerfile b/projects/dav1d/Dockerfile index 0df0a5b3e..81a4e590a 100644 --- a/projects/dav1d/Dockerfile +++ b/projects/dav1d/Dockerfile @@ -15,6 +15,10 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder + +ADD nasm.list /etc/apt/sources.list.d/nasm.list +ADD nasm_apt.pin /etc/apt/preferences + RUN apt-get update && \ apt-get install --no-install-recommends -y curl python3-pip python3-setuptools python3-wheel nasm && \ pip3 install meson ninja diff --git a/projects/dav1d/nasm.list b/projects/dav1d/nasm.list new file mode 100644 index 000000000..673ee997b --- /dev/null +++ b/projects/dav1d/nasm.list @@ -0,0 +1,2 @@ +# use nasm from a newer ubuntu release +deb http://archive.ubuntu.com/ubuntu/ focal universe diff --git a/projects/dav1d/nasm_apt.pin b/projects/dav1d/nasm_apt.pin new file mode 100644 index 000000000..d1932e9dd --- /dev/null +++ b/projects/dav1d/nasm_apt.pin @@ -0,0 +1,7 @@ +Package: * +Pin: release n=focal +Pin-Priority: 1 + +Package: nasm +Pin: release n=focal +Pin-Priority: 555 diff --git a/projects/dav1d/project.yaml b/projects/dav1d/project.yaml index 3ef83d8bf..76c2349eb 100644 --- a/projects/dav1d/project.yaml +++ b/projects/dav1d/project.yaml @@ -6,9 +6,8 @@ auto_ccs: - "kempfjb@gmail.com" - "b@rr-dav.id.au" - "dav1d-fuzz@videolan.org" - - "psilokos@twoorioles.com" - - "gramner@twoorioles.com" vendor_ccs: + - "negge@mozilla.com" - "twsmith@mozilla.com" sanitizers: - address diff --git a/projects/dgraph/Dockerfile b/projects/dgraph/Dockerfile deleted file mode 100644 index 1f63ea49f..000000000 --- a/projects/dgraph/Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-go -RUN git clone --depth 1 https://github.com/dgraph-io/dgraph -COPY build.sh $SRC/ -WORKDIR $SRC/dgraph diff --git a/projects/dgraph/build.sh b/projects/dgraph/build.sh deleted file mode 100644 index f8c215b24..000000000 --- a/projects/dgraph/build.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -compile_go_fuzzer github.com/dgraph-io/dgraph/gql Fuzz parser_fuzzer diff --git a/projects/dgraph/project.yaml b/projects/dgraph/project.yaml deleted file mode 100644 index 74971bab7..000000000 --- a/projects/dgraph/project.yaml +++ /dev/null @@ -1,14 +0,0 @@ -homepage: "https://dgraph.io" -main_repo: "https://github.com/dgraph-io/dgraph" -primary_contact: "Adam@adalogics.com" -auto_ccs : - - "pawan@dgraph.io" - - "manish@dgraph.io" - - "ibrahim@dgraph.io" - - "daniel@dgraph.io" - - "vvbalaji@dgraph.io" -language: go -fuzzing_engines: - - libfuzzer -sanitizers: - - address diff --git a/projects/django/Dockerfile b/projects/django/Dockerfile index 25af43134..a73872fca 100644 --- a/projects/django/Dockerfile +++ b/projects/django/Dockerfile @@ -15,8 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && \ - apt-get install -y build-essential libncursesw5-dev libreadline-dev libssl-dev libgdbm-dev libc6-dev libsqlite3-dev tk-dev libbz2-dev zlib1g-dev libffi-dev wget +RUN apt-get install -y build-essential libncursesw5-dev libreadline-dev libssl-dev libgdbm-dev libc6-dev libsqlite3-dev tk-dev libbz2-dev zlib1g-dev libffi-dev wget RUN wget -q https://github.com/python/cpython/archive/v3.8.7.tar.gz RUN git clone --depth 1 https://github.com/django/django-fuzzers.git RUN git clone --depth 1 https://github.com/django/django.git diff --git a/projects/django/build.sh b/projects/django/build.sh index 962b9f9e0..b4e25a48e 100755 --- a/projects/django/build.sh +++ b/projects/django/build.sh @@ -61,7 +61,7 @@ cp -R $CPYTHON_INSTALL_PATH $OUT/ rm -rf $OUT/django-dependencies mkdir $OUT/django-dependencies -$CPYTHON_INSTALL_PATH/bin/pip3 install asgiref pytz sqlparse backports.zoneinfo -t $OUT/django-dependencies +$CPYTHON_INSTALL_PATH/bin/pip3 install asgiref pytz sqlparse -t $OUT/django-dependencies cd $SRC/django-fuzzers rm $CPYTHON_INSTALL_PATH/lib/python3.8/lib-dynload/_tkinter*.so diff --git a/projects/dlplibs/project.yaml b/projects/dlplibs/project.yaml index 4e5b6d3de..7d3ed33ed 100644 --- a/projects/dlplibs/project.yaml +++ b/projects/dlplibs/project.yaml @@ -3,6 +3,5 @@ language: c++ primary_contact: "dtardon@redhat.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined diff --git a/projects/dng_sdk/Dockerfile b/projects/dng_sdk/Dockerfile deleted file mode 100644 index 976e9dd07..000000000 --- a/projects/dng_sdk/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y wget cmake libjpeg-turbo8-dev zlib1g-dev -RUN git clone https://android.googlesource.com/platform/external/dng_sdk/ -COPY build.sh $SRC/ -WORKDIR dng_sdk diff --git a/projects/dng_sdk/build.sh b/projects/dng_sdk/build.sh deleted file mode 100755 index 9d7af3805..000000000 --- a/projects/dng_sdk/build.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# compile source -cd ./source -rm dng_xmp* -find . -name "*.cpp" -exec $CXX $CXXFLAGS -DqDNGUseLibJPEG=1 -DqDNGUseXMP=0 -DqDNGThreadSafe=1 -c {} \; -ar cr libdns_sdk.a *.o - -# compile fuzzer -$CXX $CXXFLAGS $LIB_FUZZING_ENGINE ../fuzzer/dng_parser_fuzzer.cpp -o $OUT/dng_parser_fuzzer \ - ./libdns_sdk.a -I./ -l:libjpeg.a -lz - -# move seeds -cd ../fuzzer/seeds/CVE_2020_9589 -zip -q $OUT/dng_parser_fuzzer_seed_corpus.zip *.dng diff --git a/projects/dng_sdk/project.yaml b/projects/dng_sdk/project.yaml deleted file mode 100644 index 616b70fc2..000000000 --- a/projects/dng_sdk/project.yaml +++ /dev/null @@ -1,6 +0,0 @@ -homepage: "https://android.googlesource.com/platform/external/dng_sdk/" -language: c++ -primary_contact: "adaubert@google.com" -auto_ccs: - - david@adalogics.com -main_repo: 'https://android.googlesource.com/platform/external/dng_sdk/' diff --git a/projects/dnsmasq/Dockerfile b/projects/dnsmasq/Dockerfile deleted file mode 100644 index 6ab50ce2f..000000000 --- a/projects/dnsmasq/Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake libtool -RUN git clone --depth 1 git://thekelleys.org.uk/dnsmasq.git dnsmasq -WORKDIR dnsmasq -COPY build.sh $SRC/ -COPY fuzz*.c $SRC/ -COPY fuzz*.h $SRC/ - -COPY fuzz_patch.patch $SRC/ diff --git a/projects/dnsmasq/build.sh b/projects/dnsmasq/build.sh deleted file mode 100755 index 8fc7b21d9..000000000 --- a/projects/dnsmasq/build.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -export ASAN_OPTIONS="detect_leaks=0" - -git apply --ignore-space-change --ignore-whitespace $SRC/fuzz_patch.patch - -export OSS_CFLAGS="$CFLAGS -g" - -sed -i 's/CFLAGS =/CFLAGS = ${OSS_CFLAGS} /g' ./Makefile -sed -i 's/LDFLAGS =/LDFLAGS = ${OSS_CFLAGS} /g' ./Makefile - -# Do some modificatiosn to the source -sed -i 's/recvmsg(/fuzz_recvmsg(/g' ./src/dhcp-common.c -sed -i 's/recvmsg(/fuzz_recvmsg(/g' ./src/netlink.c -sed -i 's/ioctl(/fuzz_ioctl(/g' ./src/dhcp.c -sed -i 's/ioctl(/fuzz_ioctl(/g' ./src/network.c - -sed -i 's/if (errno != 0/if (errno == 123123/g' ./src/netlink.c - -echo "" >> ./src/dnsmasq.c -echo "ssize_t fuzz_recvmsg(int sockfd, struct msghdr *msg, int flags) {return -1;}" >> ./src/dnsmasq.c -echo "int fuzz_ioctl(int fd, unsigned long request, void *arg) {return -1;}" >> ./src/dnsmasq.c -make - -# Remove main function and create an archive -cd ./src -sed -i 's/int main (/int main2 (/g' ./dnsmasq.c -sed -i 's/fuzz_recvmsg(/fuzz_recvmsg2(/g' ./dnsmasq.c -sed -i 's/fuzz_ioctl(/fuzz_ioctl2(/g' ./dnsmasq.c - -rm dnsmasq.o -$CC $CFLAGS -c dnsmasq.c -o dnsmasq.o -I./ -DVERSION=\'\"UNKNOWN\"\' -ar cr libdnsmasq.a *.o - -sed -i 's/class/class2/g' ./dnsmasq.h -sed -i 's/new/new2/g' ./dnsmasq.h - -# Build the fuzzers -for fuzz_name in dhcp6 rfc1035 auth dhcp util; do - $CC $CFLAGS -c $SRC/fuzz_${fuzz_name}.c -I./ -I$SRC/ -DVERSION=\'\"UNKNOWN\"\' -g - $CC $CFLAGS $LIB_FUZZING_ENGINE ./fuzz_${fuzz_name}.o libdnsmasq.a -o $OUT/fuzz_${fuzz_name} -done diff --git a/projects/dnsmasq/fuzz_auth.c b/projects/dnsmasq/fuzz_auth.c deleted file mode 100644 index 4a233e13e..000000000 --- a/projects/dnsmasq/fuzz_auth.c +++ /dev/null @@ -1,72 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include "fuzz_header.h" - -/* - * Targets answer_auth - */ -void FuzzAuth(const uint8_t **data2, size_t *size2) { - const uint8_t *data = *data2; - size_t size = *size2; - - int i1 = get_int(&data, &size); - int i2 = get_int(&data, &size); - int i3 = get_int(&data, &size); - - if (size > (sizeof(struct dns_header) +50)) { - char *new_data = malloc(size+1); - memset(new_data, 0, size); - memcpy(new_data, data, size); - new_data[size] = '\0'; - pointer_arr[pointer_idx++] = (void*)new_data; - - time_t now; - union mysockaddr peer_addr; - answer_auth((struct dns_header *)new_data, new_data + size, size, now, &peer_addr, i1, i2, i3); - } -} - -/* - * Fuzzer entrypoint. - */ -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - daemon = NULL; - if (size < 1) { - return 0; - } - - // Initialize mini garbage collector - gb_init(); - - // Get a value we can use to decide which target to hit. - int i = (int)data[0]; - data += 1; - size -= 1; - - int succ = init_daemon(&data, &size); - - if (succ == 0) { - cache_init(); - blockdata_init(); - - FuzzAuth(&data, &size); - - cache_start_insert(); - fuzz_blockdata_cleanup(); - } - - // Free data in mini garbage collector. - gb_cleanup(); - - return 0; -} diff --git a/projects/dnsmasq/fuzz_dhcp.c b/projects/dnsmasq/fuzz_dhcp.c deleted file mode 100644 index 4ba61ca3b..000000000 --- a/projects/dnsmasq/fuzz_dhcp.c +++ /dev/null @@ -1,87 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include "fuzz_header.h" - -/* - * Targets answer_auth - */ -void FuzzDhcp(const uint8_t **data2, size_t *size2) { - const uint8_t *data = *data2; - size_t size = *size2; - time_t now; - int pxe_fd = 0; - - struct iovec *dhpa = malloc(sizeof(struct iovec)); - if (dhpa == NULL) return; - - char *content = malloc(300); - if (content == NULL) { - free(dhpa); - return; - } - - dhpa->iov_base = content; - dhpa->iov_len = 300; - - daemon->dhcp_packet = *dhpa; - - syscall_data = data; - syscall_size = size; - - dhcp_packet(now, pxe_fd); - - // dnsmasq may change the iov_base if the buffer needs expansion. - // Do not free in that case, only free if the buffer stays that same. - if (daemon->dhcp_packet.iov_base == content) { - free(content); - } - else{ - free(daemon->dhcp_packet.iov_base); - } - - free(dhpa); -} - -/* - * Fuzzer entrypoint. - */ -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - daemon = NULL; - if (size < 1) { - return 0; - } - - // Initialize mini garbage collector - gb_init(); - - // Get a value we can use to decide which target to hit. - int i = (int)data[0]; - data += 1; - size -= 1; - - int succ = init_daemon(&data, &size); - - if (succ == 0) { - cache_init(); - blockdata_init(); - - FuzzDhcp(&data, &size); - - cache_start_insert(); - fuzz_blockdata_cleanup(); - } - - // Free data in mini garbage collector. - gb_cleanup(); - return 0; -} diff --git a/projects/dnsmasq/fuzz_dhcp6.c b/projects/dnsmasq/fuzz_dhcp6.c deleted file mode 100644 index fd7a85839..000000000 --- a/projects/dnsmasq/fuzz_dhcp6.c +++ /dev/null @@ -1,83 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include "fuzz_header.h" - -/* - * Targets answer_auth - */ - static int val213 = 0; -void FuzzDhcp(const uint8_t **data2, size_t *size2) { - const uint8_t *data = *data2; - size_t size = *size2; - - - time_t now; - int pxe_fd = 0; - - struct iovec *dhpa = malloc(sizeof(struct iovec)); - if (dhpa == NULL) return; - - char *content = malloc(300); - if (content == NULL) { - free(dhpa); - return; - } - - dhpa->iov_base = content; - dhpa->iov_len = 300; - - daemon->dhcp_packet = *dhpa; - - syscall_data = data; - syscall_size = size; - - dhcp6_packet(now); - - free(dhpa); - free(content); -} - -/* - * Fuzzer entrypoint. - */ -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - daemon = NULL; - if (size < 1) { - return 0; - } - - // Initialize mini garbage collector - gb_init(); - - // Get a value we can use to decide which target to hit. - int i = (int)data[0]; - data += 1; - size -= 1; - - int succ = init_daemon(&data, &size); - - if (succ == 0) { - cache_init(); - blockdata_init(); - - FuzzDhcp(&data, &size); - - cache_start_insert(); - fuzz_blockdata_cleanup(); - } - - // Free data in mini garbage collector. - gb_cleanup(); - - return 0; -} diff --git a/projects/dnsmasq/fuzz_header.h b/projects/dnsmasq/fuzz_header.h deleted file mode 100644 index 748e709fc..000000000 --- a/projects/dnsmasq/fuzz_header.h +++ /dev/null @@ -1,579 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include "dnsmasq.h" - -extern void fuzz_blockdata_cleanup(); - -// Simple garbage collector -#define GB_SIZE 100 - -void *pointer_arr[GB_SIZE]; -static int pointer_idx = 0; - -// If the garbage collector is used then this must be called as first thing -// during a fuzz run. -void gb_init() { - pointer_idx = 0; - - for (int i = 0; i < GB_SIZE; i++) { - pointer_arr[i] = NULL; - } -} - -void gb_cleanup() { - for(int i = 0; i < GB_SIZE; i++) { - if (pointer_arr[i] != NULL) { - free(pointer_arr[i]); - } - } -} - -char *get_null_terminated(const uint8_t **data, size_t *size) { -#define STR_SIZE 75 - if (*size < STR_SIZE || (int)*size < 0) { - return NULL; - } - - char *new_s = malloc(STR_SIZE + 1); - memcpy(new_s, *data, STR_SIZE); - new_s[STR_SIZE] = '\0'; - - *data = *data+STR_SIZE; - *size -= STR_SIZE; - return new_s; -} - -char *gb_get_random_data(const uint8_t **data, size_t *size, size_t to_get) { - if (*size < to_get || (int)*size < 0) { - return NULL; - } - - char *new_s = malloc(to_get); - memcpy(new_s, *data, to_get); - - pointer_arr[pointer_idx++] = (void*)new_s; - - *data = *data + to_get; - *size -= to_get; - - return new_s; -} - -char *gb_get_null_terminated(const uint8_t **data, size_t *size) { - - char *nstr = get_null_terminated(data, size); - if (nstr == NULL) { - return NULL; - } - pointer_arr[pointer_idx++] = (void*)nstr; - return nstr; -} - -char *gb_alloc_data(size_t len) { - char *ptr = calloc(1, len); - pointer_arr[pointer_idx++] = (void*)ptr; - - return ptr; -} - -short get_short(const uint8_t **data, size_t *size) { - if (*size <= 0) return 0; - short c = (short)(*data)[0]; - *data += 1; - *size-=1; - return c; -} - -int get_int(const uint8_t **data, size_t *size) { - if (*size <= 4) return 0; - const uint8_t *ptr = *data; - int val = *((int*)ptr); - *data += 4; - *size -= 4; - return val; -} -// end simple garbage collector. - -const uint8_t *syscall_data = NULL; -size_t syscall_size = 0; - - -int fuzz_ioctl(int fd, unsigned long request, void *arg) { - int fd2 = fd; - unsigned long request2 = request; - void *arg_ptr = arg; - - // SIOCGSTAMP - if (request == SIOCGSTAMP) { - struct timeval *tv = (struct timeval*)arg_ptr; - if (tv == NULL) { - return 0; - } - - char *rand_tv = gb_get_random_data(&syscall_data, &syscall_size, sizeof(struct timeval)); - if (rand_tv == NULL) { - return -1; - } - - memcpy(tv, rand_tv, sizeof(struct timeval)); - return 0; - } - - if (request == SIOCGIFNAME) { - //printf("We got a SIOCGIFNAME\n"); - struct ifreq *ifr = (struct ifreq*)arg_ptr; - if (ifr == NULL) { - return -1; - } - for (int i = 0; i < IF_NAMESIZE; i++) { - if (syscall_size > 0 && syscall_data != NULL) { - ifr->ifr_name[i] = (char)*syscall_data; - syscall_data += 1; - syscall_size -= 1; - } - else { - ifr->ifr_name[i] = 'A'; - } - } - ifr->ifr_name[IF_NAMESIZE-1] = '\0'; - return 0; - //return -1; - } - if (request == SIOCGIFFLAGS) { - return 0; - } - if (request == SIOCGIFADDR) { - return 0; - } - - // - int retval = ioctl(fd2, request2, arg_ptr); - return retval; -} - - -// Sysytem call wrappers -static char v = 0; -ssize_t fuzz_recvmsg(int sockfd, struct msghdr *msg, int flags) { - - struct iovec *target = msg->msg_iov; - - //printf("recvmsg 1 \n"); - if (syscall_size > 1) { - char r = *syscall_data; - syscall_data += 1; - syscall_size -= 1; - - if (r == 12) { - //printf("recvmsg 2\n"); - return -1; - } - } - - int j = 0; - if (msg->msg_control != NULL) { - for (;j < CMSG_SPACE(sizeof(struct in_pktinfo)); j++) - { - if (syscall_size > 0 && syscall_data != NULL) { - ((char*)msg->msg_control)[j] = *syscall_data; - syscall_data += 1; - syscall_size -= 1; - } - else { - ((char*)msg->msg_control)[j] = 'A'; - } - } - } - - int i = 0; - for (; i < target->iov_len; i++) { - if (syscall_size > 0 && syscall_data != NULL) { - ((char*)target->iov_base)[i] = *syscall_data; - syscall_data += 1; - syscall_size -= 1; - } - else { - ((char*)target->iov_base)[i] = 'A'; - } - } - - if (msg->msg_namelen > 0) { - memset(msg->msg_name, 0, msg->msg_namelen); - } - - return i; -} - - -// dnsmasq specific stuff -int init_daemon(const uint8_t **data2, size_t *size2) { - const uint8_t *data = *data2; - size_t size = *size2; - - int retval = 0; - -#define CLEAN_IF_NULL(arg) if (arg == NULL) goto cleanup; - - // Initialize daemon - daemon = (struct daemon*)gb_alloc_data(sizeof(struct daemon)); - CLEAN_IF_NULL(daemon) - - // daemon misc - daemon->max_ttl = get_int(&data, &size); - daemon->neg_ttl = get_int(&data, &size); - daemon->local_ttl = get_int(&data, &size); - daemon->min_cache_ttl = get_int(&data, &size); - - // daemon->namebuff. - char *daemon_namebuff = gb_get_null_terminated(&data, &size); - daemon->namebuff = daemon_namebuff; - - // daemon->naptr - struct naptr *naptr_ptr = (struct naptr*)gb_alloc_data(sizeof(struct naptr)); - char *naptr_name = gb_get_null_terminated(&data, &size); - char *naptr_replace = gb_get_null_terminated(&data, &size); - char *naptr_regexp = gb_get_null_terminated(&data, &size); - char *naptr_services = gb_get_null_terminated(&data, &size); - char *naptr_flags = gb_get_null_terminated(&data, &size); - - CLEAN_IF_NULL(naptr_ptr) - CLEAN_IF_NULL(naptr_name) - CLEAN_IF_NULL(naptr_replace) - CLEAN_IF_NULL(naptr_regexp) - CLEAN_IF_NULL(naptr_services) - CLEAN_IF_NULL(naptr_flags) - - naptr_ptr->name = naptr_name; - naptr_ptr->replace = naptr_replace; - naptr_ptr->regexp = naptr_regexp; - naptr_ptr->services = naptr_services; - naptr_ptr->flags = naptr_flags; - - daemon->naptr = naptr_ptr; - - // daemon->int_names - struct interface_name *int_namses = (struct interface_name*)gb_alloc_data(sizeof(struct interface_name)); - - char *int_name = gb_get_null_terminated(&data, &size); - char *int_intr = gb_get_null_terminated(&data, &size); - CLEAN_IF_NULL(int_namses) - CLEAN_IF_NULL(int_name) - CLEAN_IF_NULL(int_intr) - int_namses->name = int_name; - int_namses->intr = int_intr; - - struct addrlist *d_addrlist = (struct addrlist*)gb_alloc_data(sizeof(struct addrlist)); - CLEAN_IF_NULL(d_addrlist) - d_addrlist->flags = get_int(&data, &size); - d_addrlist->prefixlen = get_int(&data, &size); - int_namses->addr = d_addrlist; - - daemon->int_names = int_namses; - - if (size > *size2) { - goto cleanup; - } - - // daemon->addrbuf - char *adbuf = gb_alloc_data(200); - CLEAN_IF_NULL(adbuf) - daemon->addrbuff = adbuf; - - // daemon->auth_zones - struct auth_zone *d_az = (struct auth_zone*)gb_alloc_data(sizeof(struct auth_zone)); - char *auth_domain = gb_get_null_terminated(&data, &size); - - CLEAN_IF_NULL(d_az) - CLEAN_IF_NULL(auth_domain) - d_az->domain = auth_domain; - daemon->auth_zones = d_az; - - // deamon->mxnames - struct mx_srv_record *mx_srv_rec = (struct mx_srv_record*)gb_alloc_data(sizeof(struct mx_srv_record)); - char *mx_name = gb_get_null_terminated(&data, &size); - char *mx_target = gb_get_null_terminated(&data, &size); - - CLEAN_IF_NULL(mx_srv_rec) - CLEAN_IF_NULL(mx_target) - CLEAN_IF_NULL(mx_name) - - mx_srv_rec->next = daemon->mxnames; - daemon->mxnames = mx_srv_rec; - mx_srv_rec->name = mx_name; - mx_srv_rec->target = mx_target; - mx_srv_rec->issrv = get_int(&data, &size); - mx_srv_rec->weight = get_int(&data, &size); - mx_srv_rec->priority = get_int(&data, &size); - mx_srv_rec->srvport = get_int(&data, &size); - //data += 40; - //size -= 40; - - if (size > *size2) { - goto cleanup; - } - - // daemon->txt - struct txt_record *txt_record = (struct txt_record *)gb_alloc_data(sizeof(struct txt_record)); - char *txt_record_name = gb_get_null_terminated(&data, &size); - char *txt_record_txt = gb_get_null_terminated(&data, &size); - - CLEAN_IF_NULL(txt_record) - CLEAN_IF_NULL(txt_record_name) - CLEAN_IF_NULL(txt_record_txt) - - txt_record->name = txt_record_name; - txt_record->txt = (unsigned char*)txt_record_txt; - txt_record->class2 = (get_short(&data, &size) % 10); - daemon->txt = txt_record; - - // daemon->rr - struct txt_record *rr_record = (struct txt_record *)gb_alloc_data(sizeof(struct txt_record)); - char *rr_record_name = gb_get_null_terminated(&data, &size); - char *rr_record_txt = gb_get_null_terminated(&data, &size); - - CLEAN_IF_NULL(rr_record) - CLEAN_IF_NULL(rr_record_name) - CLEAN_IF_NULL(rr_record_txt) - - rr_record->name = rr_record_name; - rr_record->txt = (unsigned char*)rr_record_txt; - rr_record->class2 = (get_short(&data, &size) % 10); - daemon->rr = rr_record; - - if (size > *size2) { - goto cleanup; - } - - // daemon->relay4 - //struct dhcp_relay *dr = (struct dhcp_relay*)gb_alloc_data(sizeof(struct dhcp_relay)); - struct dhcp_relay *dr = (struct dhcp_relay*)gb_get_random_data(&data, &size, sizeof(struct dhcp_relay)); - char *dr_interface = gb_get_null_terminated(&data, &size); - - CLEAN_IF_NULL(dr) - CLEAN_IF_NULL(dr_interface) - dr->interface = dr_interface; - dr->next = NULL; - dr->current = NULL; - daemon->relay4 = dr; - - // deamon->bridges - struct dhcp_bridge *db = (struct dhcp_bridge*)gb_alloc_data(sizeof(struct dhcp_bridge)); - char *db_interface = gb_get_null_terminated(&data, &size); - - CLEAN_IF_NULL(db) - CLEAN_IF_NULL(db_interface) - - if (strlen(db_interface) > IF_NAMESIZE) { - for (int i = 0; i < IF_NAMESIZE; i++) { - db->iface[i] = db_interface[i]; - } - } else { - for (int i = 0; i < strlen(db_interface); i++) { - db->iface[i] = db_interface[i]; - } - } - - - struct dhcp_bridge *db_alias = (struct dhcp_bridge*)gb_alloc_data(sizeof(struct dhcp_bridge)); - //struct dhcp_bridge *db_alias = (struct dhcp_bridge*)gb_get_random_data(&data, &size, sizeof(struct dhcp_bridge)); - char *db_alias_interface = gb_get_null_terminated(&data, &size); - - CLEAN_IF_NULL(db_alias) - CLEAN_IF_NULL(db_alias_interface) - - if (strlen(db_alias_interface) > IF_NAMESIZE) { - for (int i = 0; i < IF_NAMESIZE; i++) { - db_alias->iface[i] = db_alias_interface[i]; - } - } else { - for (int i = 0; i < strlen(db_alias_interface); i++) { - db_alias->iface[i] = db_alias_interface[i]; - } - } - db->alias = db_alias; - daemon->bridges = db; - - // daemon->if_names - struct iname *in = (struct iname*)gb_get_random_data(&data, &size, sizeof(struct iname)); - char *iname_name = gb_get_null_terminated(&data, &size); - - CLEAN_IF_NULL(in) - CLEAN_IF_NULL(iname_name) - - in->name = iname_name; - in->next = NULL; - - daemon->if_names = in; - - // daemon->if_addrs - struct iname *in_addr = (struct iname*)gb_get_random_data(&data, &size, sizeof(struct iname)); - char *iname_name_addr = gb_get_null_terminated(&data, &size); - - CLEAN_IF_NULL(in_addr) - CLEAN_IF_NULL(iname_name_addr) - - in_addr->name = iname_name_addr; - in_addr->next = NULL; - - daemon->if_addrs = in_addr; - - // daemon->if_except - struct iname *in_except = (struct iname*)gb_get_random_data(&data, &size, sizeof(struct iname)); - char *iname_name_except = gb_get_null_terminated(&data, &size); - - CLEAN_IF_NULL(in_except) - CLEAN_IF_NULL(iname_name_except) - - in_except->name = iname_name_except; - in_except->next = NULL; - - daemon->if_except = in_except; - - // daemon->dhcp_except - struct iname *except = (struct iname*)gb_get_random_data(&data, &size, sizeof(struct iname)); - char *name_except = gb_get_null_terminated(&data, &size); - - CLEAN_IF_NULL(except) - CLEAN_IF_NULL(name_except) - - except->name = name_except; - except->next = NULL; - - daemon->dhcp_except = except; - - // daemon->authinterface - struct iname *auth_interface = (struct iname*)gb_get_random_data(&data, &size, sizeof(struct iname)); - char *auth_name = gb_get_null_terminated(&data, &size); - - CLEAN_IF_NULL(auth_interface) - CLEAN_IF_NULL(auth_name) - - auth_interface->name = auth_name; - auth_interface->next = NULL; - - daemon->authinterface = auth_interface; - - - // daemon->cnames - struct cname *cn = (struct cname*)gb_alloc_data(sizeof(struct cname)); - char *cname_alias = gb_get_null_terminated(&data, &size); - char *cname_target = gb_get_null_terminated(&data, &size); - - CLEAN_IF_NULL(cn) - CLEAN_IF_NULL(cname_alias) - CLEAN_IF_NULL(cname_target) - - cn->alias = cname_alias; - cn->target = cname_target; - daemon->cnames = cn; - - - // daemon->ptr - struct ptr_record *ptr = (struct ptr_record *)gb_alloc_data(sizeof(struct ptr_record)); - CLEAN_IF_NULL(ptr) - - char *ptr_name = gb_get_null_terminated(&data, &size); - CLEAN_IF_NULL(ptr_name) - ptr->name = ptr_name; - daemon->ptr = ptr; - - if (size > *size2) { - goto cleanup; - } - - // daemon->dhcp - struct dhcp_context *dhcp_c = (struct dhcp_context *) gb_get_random_data(&data, &size, sizeof(struct dhcp_context)); - - char *dhcp_c_temp_in = gb_get_null_terminated(&data, &size); - - struct dhcp_netid *dhcp_c_netid = (struct dhcp_netid *) gb_alloc_data(sizeof(struct dhcp_netid)); - char *dhcp_netid_net = gb_get_null_terminated(&data, &size); - - CLEAN_IF_NULL(dhcp_c) - CLEAN_IF_NULL(dhcp_c_temp_in) - CLEAN_IF_NULL(dhcp_c_netid) - CLEAN_IF_NULL(dhcp_netid_net) - - dhcp_c->next = NULL; - dhcp_c->current = NULL; - dhcp_c_netid->net = dhcp_netid_net; - dhcp_c->filter = dhcp_c_netid; - dhcp_c->template_interface = dhcp_c_temp_in; - - daemon->dhcp = dhcp_c; - - - // daemon->dhcp6 - struct dhcp_context *dhcp6_c = (struct dhcp_context *) gb_get_random_data(&data, &size, sizeof(struct dhcp_context)); - - char *dhcp6_c_temp_in = gb_get_null_terminated(&data, &size); - - struct dhcp_netid *dhcp6_c_netid = (struct dhcp_netid *) gb_alloc_data(sizeof(struct dhcp_netid)); - char *dhcp6_netid_net = gb_get_null_terminated(&data, &size); - - CLEAN_IF_NULL(dhcp6_c) - CLEAN_IF_NULL(dhcp6_c_temp_in) - CLEAN_IF_NULL(dhcp6_c_netid) - CLEAN_IF_NULL(dhcp6_netid_net) - - dhcp6_c->next = NULL; - dhcp6_c->current = NULL; - dhcp6_c_netid->net = dhcp6_netid_net; - dhcp6_c->filter = dhcp6_c_netid; - dhcp6_c->template_interface = dhcp6_c_temp_in; - - daemon->dhcp6 = dhcp6_c; - - // daemon->doing_dhcp6 - daemon->doing_dhcp6 = 1; - - // daemon->dhcp_buffs - char *dhcp_buff = gb_alloc_data(DHCP_BUFF_SZ); - char *dhcp_buff2 = gb_alloc_data(DHCP_BUFF_SZ); - char *dhcp_buff3 = gb_alloc_data(DHCP_BUFF_SZ); - - CLEAN_IF_NULL(dhcp_buff) - CLEAN_IF_NULL(dhcp_buff2) - CLEAN_IF_NULL(dhcp_buff3) - - daemon->dhcp_buff = dhcp_buff; - daemon->dhcp_buff2 = dhcp_buff2; - daemon->dhcp_buff3 = dhcp_buff3; - - - - // daemon->ignore_addr - struct bogus_addr *bb = (struct bogus_addr *)gb_alloc_data(sizeof(struct bogus_addr)); - CLEAN_IF_NULL(bb) - - daemon->ignore_addr = bb; - - // daemon->doctors - if (size > *size2) { - goto cleanup; - } - - struct doctor *doctors = (struct doctor *)gb_alloc_data(sizeof(struct doctor)); - CLEAN_IF_NULL(doctors) - - doctors->next = NULL; - daemon->doctors = doctors; - - retval = 0; - goto ret; -cleanup: - retval = -1; - -ret: - return retval; -} diff --git a/projects/dnsmasq/fuzz_patch.patch b/projects/dnsmasq/fuzz_patch.patch deleted file mode 100644 index 50f7cab38..000000000 --- a/projects/dnsmasq/fuzz_patch.patch +++ /dev/null @@ -1,170 +0,0 @@ -diff --git a/src/blockdata.c b/src/blockdata.c -index 0986285..852c961 100644 ---- a/src/blockdata.c -+++ b/src/blockdata.c -@@ -15,16 +15,22 @@ - */ - - #include "dnsmasq.h" -+#include <assert.h> - - static struct blockdata *keyblock_free; - static unsigned int blockdata_count, blockdata_hwm, blockdata_alloced; - -+void *total_allocated[200] = {0}; -+static int fuzz_total_alloc_ptr = 0; -+ - static void blockdata_expand(int n) - { - struct blockdata *new = whine_malloc(n * sizeof(struct blockdata)); - - if (new) - { -+ assert(fuzz_total_alloc_ptr < 200); -+ total_allocated[fuzz_total_alloc_ptr++] = (void*)new; - int i; - - new[n-1].next = keyblock_free; -@@ -45,11 +51,23 @@ void blockdata_init(void) - blockdata_count = 0; - blockdata_hwm = 0; - -+ fuzz_total_alloc_ptr = 0; -+ for (int m = 0; m < 200; m++) -+ total_allocated[m] = NULL; -+ - /* Note that daemon->cachesize is enforced to have non-zero size if OPT_DNSSEC_VALID is set */ - if (option_bool(OPT_DNSSEC_VALID)) - blockdata_expand(daemon->cachesize); - } - -+void fuzz_blockdata_cleanup() { -+ for (int i = 0; i < 200; i++) { -+ if (total_allocated[i] != NULL) { -+ free(total_allocated[i]); -+ } -+ } -+} -+ - void blockdata_report(void) - { - my_syslog(LOG_INFO, _("pool memory in use %zu, max %zu, allocated %zu"), -diff --git a/src/dhcp.c b/src/dhcp.c -index e500bc2..7215590 100644 ---- a/src/dhcp.c -+++ b/src/dhcp.c -@@ -183,18 +183,26 @@ void dhcp_packet(time_t now, int pxe_fd) - recvtime = tv.tv_sec; - - if (msg.msg_controllen >= sizeof(struct cmsghdr)) -- for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) -- if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO) -- { -- union { -- unsigned char *c; -- struct in_pktinfo *p; -- } p; -- p.c = CMSG_DATA(cmptr); -- iface_index = p.p->ipi_ifindex; -- if (p.p->ipi_addr.s_addr != INADDR_BROADCAST) -- unicast_dest = 1; -- } -+ { -+ int tmp_val = 0; -+ for (cmptr = CMSG_FIRSTHDR(&msg); -+ cmptr && tmp_val < 1; -+ tmp_val++) { -+ //cmptr = CMSG_NXTHDR(&msg, cmptr)) { -+ tmp_val++; -+ if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO) -+ { -+ union { -+ unsigned char *c; -+ struct in_pktinfo *p; -+ } p; -+ p.c = CMSG_DATA(cmptr); -+ iface_index = p.p->ipi_ifindex; -+ if (p.p->ipi_addr.s_addr != INADDR_BROADCAST) -+ unicast_dest = 1; -+ } -+ } -+ } - - #elif defined(HAVE_BSD_NETWORK) - if (msg.msg_controllen >= sizeof(struct cmsghdr)) -diff --git a/src/dhcp6.c b/src/dhcp6.c -index ae1f5c1..ce7397d 100644 ---- a/src/dhcp6.c -+++ b/src/dhcp6.c -@@ -116,10 +116,14 @@ void dhcp6_packet(time_t now) - msg.msg_iov = &daemon->dhcp_packet; - msg.msg_iovlen = 1; - -- if ((sz = recv_dhcp_packet(daemon->dhcp6fd, &msg)) == -1) -+ if ((sz = recv_dhcp_packet(daemon->dhcp6fd, &msg)) == -1){ - return; -- -- for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) -+ } -+ -+ int tmp_val = 0; -+// for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) { -+ for (cmptr = CMSG_FIRSTHDR(&msg); cmptr && tmp_val < 1; tmp_val++) { -+ tmp_val++; - if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo) - { - union { -@@ -131,9 +135,11 @@ void dhcp6_packet(time_t now) - if_index = p.p->ipi6_ifindex; - dst_addr = p.p->ipi6_addr; - } -+ } - -- if (!indextoname(daemon->dhcp6fd, if_index, ifr.ifr_name)) -+ if (!indextoname(daemon->dhcp6fd, if_index, ifr.ifr_name)) { - return; -+ } - - if ((port = relay_reply6(&from, sz, ifr.ifr_name)) != 0) - { -diff --git a/src/netlink.c b/src/netlink.c -index 7840ef9..2419897 100644 ---- a/src/netlink.c -+++ b/src/netlink.c -@@ -197,8 +197,13 @@ int iface_enumerate(int family, void *parm, int (*callback)()) - if (errno != 0) - return 0; - -+ int valval = 0; - while (1) - { -+ valval++; -+ if (valval > 300) { -+ return -1; -+ } - if ((len = netlink_recv(0)) == -1) - { - if (errno == ENOBUFS) -diff --git a/src/network.c b/src/network.c -index 296c7bd..c03961a 100644 ---- a/src/network.c -+++ b/src/network.c -@@ -697,6 +697,7 @@ int enumerate_interfaces(int reset) - struct auth_zone *zone; - #endif - struct server *serv; -+ int iteration = 0; - - /* Do this max once per select cycle - also inhibits netlink socket use - in TCP child processes. */ -@@ -734,6 +735,10 @@ int enumerate_interfaces(int reset) - } - - again: -+ if (iteration > 100) { -+ return 0; -+ } -+ iteration += 1; - /* Mark interfaces for garbage collection */ - for (iface = daemon->interfaces; iface; iface = iface->next) - iface->found = 0; diff --git a/projects/dnsmasq/fuzz_rfc1035.c b/projects/dnsmasq/fuzz_rfc1035.c deleted file mode 100644 index fb563f804..000000000 --- a/projects/dnsmasq/fuzz_rfc1035.c +++ /dev/null @@ -1,271 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include "fuzz_header.h" - -/* - * Targets "extract_addresses" - */ -void FuzzExtractTheAddress(const uint8_t **data2, size_t *size2) { - const uint8_t *data = *data2; - size_t size = *size2; - - char *new_name = NULL; - new_name = get_null_terminated(&data, &size); - pointer_arr[pointer_idx++] = (void*)new_name; - - int is_sign = get_int(&data, &size); - int check_rebind = get_int(&data, &size); - int secure = get_int(&data, &size); - - if (size > (sizeof(struct dns_header) +50)) { - char *new_data = malloc(size); - memset(new_data, 0, size); - memcpy(new_data, data, size); - pointer_arr[pointer_idx++] = (void*)new_data; - - time_t now; - int doctored = 0; - extract_addresses((struct dns_header *)new_data, size, new_name, now, NULL, NULL, is_sign, check_rebind, 0, secure, &doctored); - } -} - - -/* - * Targets "answer_request" - */ -void FuzzAnswerTheRequest(const uint8_t **data2, size_t *size2) { - const uint8_t *data = *data2; - size_t size = *size2; - - struct in_addr local_addr; - struct in_addr local_netmask; - time_t now; - - int i1 = get_int(&data, &size); - int i2 = get_int(&data, &size); - int i3 = get_int(&data, &size); - - if (size > (sizeof(struct dns_header) +50)) { - char *new_data = malloc(size); - memset(new_data, 0, size); - memcpy(new_data, data, size); - pointer_arr[pointer_idx++] = (void*)new_data; - - answer_request((struct dns_header *)new_data, new_data+size, size, local_addr, local_netmask, now, i1, i2, i3); - } - -} - -/* - * Targets "check_for_ignored_address" - */ -void FuzzIgnoredAddress(const uint8_t **data2, size_t *size2) { - const uint8_t *data = *data2; - size_t size = *size2; - - if (size > (sizeof(struct dns_header) +50)) { - //return 0; - char *new_data = malloc(size); - memset(new_data, 0, size); - memcpy(new_data, data, size); - pointer_arr[pointer_idx++] = (void*)new_data; - - check_for_ignored_address((struct dns_header *)new_data, size); - } -} - -/* - * Targets "check_for_local_domain" - */ -void FuzzCheckLocalDomain(const uint8_t **data2, size_t *size2) { - const uint8_t *data = *data2; - size_t size = *size2; - - - char *new_data = malloc(size+1); - memset(new_data, 0, size); - memcpy(new_data, data, size); - new_data[size] = '\0'; - pointer_arr[pointer_idx++] = (void*)new_data; - - time_t now; - check_for_local_domain(new_data, now); -} - -/* - * Targets "extract_request" - */ -void FuzzExtractRequest(const uint8_t **data2, size_t *size2) { - const uint8_t *data = *data2; - size_t size = *size2; - - char *new_name = NULL; - new_name = get_null_terminated(&data, &size); - - if (new_name == NULL) { - return ; - } - pointer_arr[pointer_idx++] = (void*)new_name; - - if (size > (sizeof(struct dns_header) +50)) { - char *new_data = malloc(size+1); - memset(new_data, 0, size); - memcpy(new_data, data, size); - new_data[size] = '\0'; - pointer_arr[pointer_idx++] = (void*)new_data; - - unsigned short typeb; - extract_request((struct dns_header *)new_data, size, new_name, &typeb); - } -} - - -/* - * Targets "in_arpa_name_2_addr" - */ -void FuzzArpaName2Addr(const uint8_t **data2, size_t *size2) { - const uint8_t *data = *data2; - size_t size = *size2; - - char *new_name = NULL; - new_name = get_null_terminated(&data, &size); - - if (new_name == NULL) { - return ; - } - pointer_arr[pointer_idx++] = (void*)new_name; - union all_addr addr; - in_arpa_name_2_addr(new_name, &addr); - return; -} - -void FuzzResizePacket(const uint8_t **data2, size_t *size2) { - const uint8_t *data = *data2; - size_t size = *size2; - - char *new_packet = malloc(50); - - if (size > (sizeof(struct dns_header) + 50)) { - char *new_data = malloc(size+1); - memset(new_data, 0, size); - memcpy(new_data, data, size); - new_data[size] = '\0'; - pointer_arr[pointer_idx++] = (void*)new_data; - - resize_packet((struct dns_header *)new_data, size, (unsigned char*)new_packet, 50); - } - free(new_packet); -} - -void FuzzSetupReply(const uint8_t **data2, size_t *size2) { - const uint8_t *data = *data2; - size_t size = *size2; - - if (size > (sizeof(struct dns_header) + 50)) { - char *new_data = malloc(size+1); - memset(new_data, 0, size); - memcpy(new_data, data, size); - new_data[size] = '\0'; - pointer_arr[pointer_idx++] = (void*)new_data; - - setup_reply((struct dns_header *)new_data, 0, 0); - } -} - - -void FuzzCheckForBogusWildcard(const uint8_t **data2, size_t *size2) { - const uint8_t *data = *data2; - size_t size = *size2; - - char *nname = gb_get_null_terminated(&data, &size); - if (nname == NULL) { - return; - } - - - if (size > (sizeof(struct dns_header) + 50)) { - char *new_data = malloc(size+1); - memset(new_data, 0, size); - memcpy(new_data, data, size); - new_data[size] = '\0'; - pointer_arr[pointer_idx++] = (void*)new_data; - - time_t now; - check_for_bogus_wildcard((struct dns_header *)new_data, size, nname, now); - } -} - - -/* - * Fuzzer entrypoint. - */ - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - daemon = NULL; - //printf("Running fuzzer\n"); - if (size < 1) { - return 0; - } - - // Initialize mini garbage collector - gb_init(); - - // Get a value we can use to decide which target to hit. - int i = (int)data[0]; - data += 1; - size -= 1; - - int succ = init_daemon(&data, &size); - - if (succ == 0) { - cache_init(); - blockdata_init(); - - //i = 7; -#define TS 9 - if ((i % TS) == 0) { - FuzzExtractTheAddress(&data,&size); - } - else if ((i % TS) == 1) { - FuzzAnswerTheRequest(&data,&size); - } - else if ((i % TS) == 2) { - FuzzCheckLocalDomain(&data, &size); - } - else if ((i % TS) == 3) { - FuzzExtractRequest(&data, &size); - } - else if ((i % TS) == 4) { - FuzzArpaName2Addr(&data, &size); - } - else if ((i %TS) == 5) { - FuzzResizePacket(&data, &size); - } - else if ((i %TS) == 6) { - FuzzSetupReply(&data, &size); - } - else if ((i % TS) == 7) { - FuzzCheckForBogusWildcard(&data, &size); - } - else { - FuzzIgnoredAddress(&data, &size); - } - cache_start_insert(); - fuzz_blockdata_cleanup(); - } - - // Free data in mini garbage collector. - gb_cleanup(); - - return 0; -} diff --git a/projects/dnsmasq/fuzz_util.c b/projects/dnsmasq/fuzz_util.c deleted file mode 100644 index 7ab723ccd..000000000 --- a/projects/dnsmasq/fuzz_util.c +++ /dev/null @@ -1,66 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include "fuzz_header.h" - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - // init fuzz garbage collector - gb_init(); - - int succ = init_daemon(&data, &size); - if (succ == 0) { - char *t1 = gb_get_null_terminated(&data, &size); - char *t2 = gb_get_null_terminated(&data, &size); - if (t1 != NULL && t2 != NULL) { - - // Util logic - hostname_isequal(t1, t2); - - legal_hostname(t1); - char *tmp = canonicalise(t2, NULL); - if (tmp != NULL) { - free(tmp); - } - - char *tmp_out = (char *)malloc(30); - int mac_type; - parse_hex(t1, (unsigned char *)tmp_out, 30, NULL, NULL); - parse_hex(t1, (unsigned char *)tmp_out, 30, NULL, &mac_type); - free(tmp_out); - - wildcard_match(t1, t2); - if (strlen(t1) < strlen(t2)) { - wildcard_matchn(t1, t2, strlen(t1)); - } else { - wildcard_matchn(t1, t2, strlen(t2)); - } - hostname_issubdomain(t1, t2); - - union all_addr addr1; - memset(&addr1, 0, sizeof(union all_addr)); - is_name_synthetic(0, t1, &addr1); - - if (size > sizeof(struct dns_header)) { - hash_questions(data, size, t2); - - rrfilter(data, size, 0); - } - } - - fuzz_blockdata_cleanup(); - } - - // cleanup - gb_cleanup(); - - return 0; -} diff --git a/projects/dnsmasq/project.yaml b/projects/dnsmasq/project.yaml deleted file mode 100644 index 51d7e1e07..000000000 --- a/projects/dnsmasq/project.yaml +++ /dev/null @@ -1,6 +0,0 @@ -homepage: "https://thekelleys.org.uk/dnsmasq/doc.html" -language: c -primary_contact: "simon@thekelleys.org.uk" -main_repo: "git://thekelleys.org.uk/dnsmasq.git" -auto_ccs: - - "david@adalogics.com" diff --git a/projects/draco/project.yaml b/projects/draco/project.yaml index 96396bfe6..04ef12e18 100644 --- a/projects/draco/project.yaml +++ b/projects/draco/project.yaml @@ -4,7 +4,4 @@ primary_contact: "fgalligan@google.com" auto_ccs: - "ostava@google.com" - "vytyaz@google.com" -fuzzing_engines: - - libfuzzer - - honggfuzz main_repo: 'https://github.com/google/draco' diff --git a/projects/dragonfly/Dockerfile b/projects/dragonfly/Dockerfile index 1399802d1..46870a6db 100644 --- a/projects/dragonfly/Dockerfile +++ b/projects/dragonfly/Dockerfile @@ -14,7 +14,20 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder +RUN go get github.com/go-openapi/swag \ + github.com/go-openapi/validate \ + gopkg.in/warnings.v0 \ + github.com/gorilla/mux \ + github.com/prometheus/client_golang/prometheus \ + github.com/pkg/errors \ + github.com/sirupsen/logrus \ + gopkg.in/gcfg.v1 \ + github.com/valyala/fasthttp \ + gopkg.in/natefinch/lumberjack.v2 \ + github.com/emirpasic/gods/maps/treemap \ + github.com/emirpasic/gods/utils \ + github.com/willf/bitset RUN git clone https://github.com/dragonflyoss/Dragonfly COPY build.sh $SRC/ WORKDIR $SRC/Dragonfly diff --git a/projects/duckdb/Dockerfile b/projects/duckdb/Dockerfile deleted file mode 100644 index b084a7404..000000000 --- a/projects/duckdb/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN git clone https://github.com/duckdb/duckdb duckdb -WORKDIR duckdb -COPY build.sh $SRC/ -COPY parse_fuzz_test.cpp $SRC/duckdb/parse_fuzz_test.cpp diff --git a/projects/duckdb/build.sh b/projects/duckdb/build.sh deleted file mode 100755 index 096147346..000000000 --- a/projects/duckdb/build.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -make -THIRD_PARTY_LIBS=$(find ./build/release/third_party/ -name "*.a") -$CXX $CXXFLAGS $LIB_FUZZING_ENGINE ./parse_fuzz_test.cpp \ - -o $OUT/parse_fuzz_test -I./ -I./src/include \ - ./build/release/src/libduckdb_static.a \ - ${THIRD_PARTY_LIBS} diff --git a/projects/duckdb/parse_fuzz_test.cpp b/projects/duckdb/parse_fuzz_test.cpp deleted file mode 100644 index fdae6bdc3..000000000 --- a/projects/duckdb/parse_fuzz_test.cpp +++ /dev/null @@ -1,23 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include "duckdb/parser/parser.hpp" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) -{ - std::string input(reinterpret_cast<const char*>(data), size); - duckdb::Parser parser; - try { - parser.ParseQuery(input); - } catch (std::exception &e) {} - - return 0; -} diff --git a/projects/duckdb/project.yaml b/projects/duckdb/project.yaml deleted file mode 100644 index 3de096c0a..000000000 --- a/projects/duckdb/project.yaml +++ /dev/null @@ -1,7 +0,0 @@ -homepage: "https://duckdb.org/" -language: c++ -primary_contact: "quack@duckdb.org" -main_repo: "https://github.com/duckdb/duckdb/" -auto_ccs: - - "hannes.muehleisen@gmail.com" - - "david@adalogics.com" diff --git a/projects/easywsclient/project.yaml b/projects/easywsclient/project.yaml index d7822c854..c3be9c4fd 100644 --- a/projects/easywsclient/project.yaml +++ b/projects/easywsclient/project.yaml @@ -3,10 +3,9 @@ language: c++ primary_contact: "dhbaird@gmail.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined architectures: - x86_64 - i386 -main_repo: 'https://github.com/dhbaird/easywsclient'
\ No newline at end of file +main_repo: 'https://github.com/dhbaird/easywsclient' diff --git a/projects/ecc-diff-fuzzer/Dockerfile b/projects/ecc-diff-fuzzer/Dockerfile index 6defc0039..0ea8a4e4b 100644 --- a/projects/ecc-diff-fuzzer/Dockerfile +++ b/projects/ecc-diff-fuzzer/Dockerfile @@ -14,10 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust -ENV GOPATH /root/go -ENV PATH $PATH:/root/.go/bin:$GOPATH/bin -RUN install_go.sh +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make cmake bzip2 autoconf automake gettext libtool python curl RUN rustup target add i686-unknown-linux-gnu #use different package sources for recent npm @@ -26,9 +23,9 @@ RUN bash nodesource_setup.sh RUN apt install -y nodejs RUN npm install -g browserify RUN npm install elliptic -RUN git clone --depth 1 https://github.com/bellard/quickjs quickjs +RUN git clone --depth 1 https://github.com/horhof/quickjs quickjs RUN git clone --depth 1 https://github.com/catenacyber/elliptic-curve-differential-fuzzer.git ecfuzzer -RUN git clone --recursive --depth 1 -b development_2.x https://github.com/ARMmbed/mbedtls.git mbedtls +RUN git clone --recursive --depth 1 https://github.com/ARMmbed/mbedtls.git mbedtls RUN git clone --depth 1 https://github.com/ANSSI-FR/libecc.git libecc RUN git clone --depth 1 https://github.com/openssl/openssl.git openssl RUN git clone --depth 1 git://git.gnupg.org/libgpg-error.git libgpg-error diff --git a/projects/ecc-diff-fuzzer/build.sh b/projects/ecc-diff-fuzzer/build.sh index d05c14ae9..9b951cae8 100755 --- a/projects/ecc-diff-fuzzer/build.sh +++ b/projects/ecc-diff-fuzzer/build.sh @@ -123,7 +123,6 @@ cp quickjs*.h /usr/local/include/ cp libquickjs.a /usr/local/lib/ ) -export CARGO_BUILD_TARGET="x86_64-unknown-linux-gnu" #build fuzz target cd ecfuzzer if [ "$ARCHITECTURE" = 'i386' ]; then diff --git a/projects/eigen/solver_fuzzer.cc b/projects/eigen/solver_fuzzer.cc index 0cd8b6c88..86651ecf0 100644 --- a/projects/eigen/solver_fuzzer.cc +++ b/projects/eigen/solver_fuzzer.cc @@ -18,6 +18,7 @@ #include <string> #include "Eigen/Core" +#include "Eigen/src/Core/Matrix.h" using ::Eigen::Matrix; using ::Eigen::Dynamic; diff --git a/projects/envoy/build.sh b/projects/envoy/build.sh index 6c188fc4e..09086a2cc 100755 --- a/projects/envoy/build.sh +++ b/projects/envoy/build.sh @@ -38,64 +38,9 @@ fi export FUZZING_CFLAGS="$CFLAGS" export FUZZING_CXXFLAGS="$CXXFLAGS" -# Disable instrumentation in various external libraries. These -# are fuzzed elsewhere. -# The following disables both coverage-instrumentation and other sanitizer instrumentation. -# We disable instrumentation in: -# antlr4 -# google_protobuf -# absl -# googltest -# grpc -# boringssl -# re2 -# upb -# brotli -# cel_cpp -# yaml_cpp -# wasm_cpp_host -# libprotobuf-mutator -# google_url (gurl) -# lightstep_tracer -# In addition to this, we disable instrumentation in all *.pb.cc (protobuf-generated files) -# and everything in the bazel-out directory. -declare -r DI="$( -if [ "$SANITIZER" != "coverage" ] -then -# Envoy code. Disable coverage instrumentation - echo " --per_file_copt=^.*source/extensions/access_loggers/.*\.cc\$@-fsanitize-coverage=0" - echo " --per_file_copt=^.*source/common/protobuf/.*\.cc\$@-fsanitize-coverage=0" - -# Envoy test code. Disable coverage instrumentation - echo " --per_file_copt=^.*test/.*\.cc\$@-fsanitize-coverage=0" - -# External dependencies. Disable all instrumentation. - echo " --per_file_copt=^.*antlr4_runtimes.*\.cpp\$@-fsanitize-coverage=0,-fno-sanitize=all" - echo " --per_file_copt=^.*com_google_protobuf.*\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all" - echo " --per_file_copt=^.*com_google_absl.*\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all" - echo " --per_file_copt=^.*googletest.*\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all" - echo " --per_file_copt=^.*com_github_grpc_grpc.*\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all" - echo " --per_file_copt=^.*boringssl.*\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all" - echo " --per_file_copt=^.*com_googlesource_code_re2.*\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all" - echo " --per_file_copt=^.*upb.*\.cpp\$@-fsanitize-coverage=0,-fno-sanitize=all" - echo " --per_file_copt=^.*org_brotli.*\.cpp\$@-fsanitize-coverage=0,-fno-sanitize=all" - echo " --per_file_copt=^.*com_google_cel_cpp.*\.cpp\$@-fsanitize-coverage=0,-fno-sanitize=all" - echo " --per_file_copt=^.*com_github_jbeder_yaml_cpp.*\.cpp\$@-fsanitize-coverage=0,-fno-sanitize=all" - echo " --per_file_copt=^.*proxy_wasm_cpp_host/.*\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all" - echo " --per_file_copt=^.*com_github_google_libprotobuf_mutator/.*\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all" - echo " --per_file_copt=^.*com_googlesource_googleurl/.*\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all" - echo " --per_file_copt=^.*com_lightstep_tracer_cpp/.*\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all" - -# All protobuf code and code in bazel-out - echo " --per_file_copt=^.*\.pb\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all" - echo " --per_file_copt=^.*bazel-out/.*\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all" -fi -)" - - # Benchmark about 3 GB per CPU (10 threads for 28.8 GB RAM) # TODO(asraa): Remove deprecation warnings when Envoy and deps moves to C++17 -bazel build --verbose_failures --dynamic_mode=off ${DI} \ +bazel build --verbose_failures --dynamic_mode=off \ --spawn_strategy=standalone --genrule_strategy=standalone \ --local_cpu_resources=HOST_CPUS*0.32 \ --//source/extensions/wasm_runtime/v8:enabled=false \ diff --git a/projects/envoy/project.yaml b/projects/envoy/project.yaml index bb9481c9c..5fae1498a 100644 --- a/projects/envoy/project.yaml +++ b/projects/envoy/project.yaml @@ -12,12 +12,11 @@ auto_ccs: - "asraa@google.com" - "adip@google.com" - "avd@google.com" + - "skerner@google.com" + - "rdsmith@google.com" - "chaoqinli@google.com" - "yanjunxiang@google.com" + - "arquebus@appspot.gserviceaccount.com" - "david@adalogics.com" - - "kbaichoo@google.com" - - "pcrao@google.com" - - "tyxia@google.com" - - "krajshiva@google.com" coverage_extra_args: -ignore-filename-regex=.*\.cache.*envoy_deps_cache.* main_repo: 'https://github.com/envoyproxy/envoy.git' diff --git a/projects/espeak-ng/Dockerfile b/projects/espeak-ng/Dockerfile deleted file mode 100644 index 674c629ca..000000000 --- a/projects/espeak-ng/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt install -y automake autoconf libtool pkg-config -RUN git clone --depth 1 https://github.com/espeak-ng/espeak-ng -COPY build.sh $SRC -WORKDIR $SRC/espeak-ng diff --git a/projects/espeak-ng/build.sh b/projects/espeak-ng/build.sh deleted file mode 100755 index 079db4dc1..000000000 --- a/projects/espeak-ng/build.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - - -# build project -export ASAN_OPTIONS=detect_leaks=0 -./autogen.sh -./configure --with-libfuzzer=yes --disable-shared --with-speechplayer=no -make check || true -cp tests/ssml-fuzzer.test $OUT/ssml-fuzzer -cp -r espeak-ng-data/ $OUT/ diff --git a/projects/espeak-ng/project.yaml b/projects/espeak-ng/project.yaml deleted file mode 100644 index 142a78de5..000000000 --- a/projects/espeak-ng/project.yaml +++ /dev/null @@ -1,14 +0,0 @@ -homepage: "https://github.com/espeak-ng/espeak-ng" -language: c++ -primary_contact: "msclrhd@googlemail.com" -auto_ccs: -- "valdis.vitolins@gmail.com" -- "p.antoine@catenacyber.fr" -- "sascha.brawer@gmail.com" - -sanitizers: -- address -fuzzing_engines: -- libfuzzer -- afl -main_repo: 'https://github.com/espeak-ng/espeak-ng' diff --git a/projects/etcd/Dockerfile b/projects/etcd/Dockerfile deleted file mode 100644 index 789f755b7..000000000 --- a/projects/etcd/Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-go -RUN git clone --depth 1 https://github.com/etcd-io/etcd -COPY wal_fuzzer.go build.sh $SRC/ -WORKDIR $SRC/etcd diff --git a/projects/etcd/build.sh b/projects/etcd/build.sh deleted file mode 100644 index 6df485bc8..000000000 --- a/projects/etcd/build.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -mv $SRC/wal_fuzzer.go $SRC/etcd/server/storage/wal/ -compile_go_fuzzer go.etcd.io/etcd/server/v3/storage/wal FuzzWalCreate fuzz_wal_create - diff --git a/projects/etcd/project.yaml b/projects/etcd/project.yaml deleted file mode 100644 index 4470f5c58..000000000 --- a/projects/etcd/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://etcd.io" -main_repo: "https://github.com/etcd-io/etcd" -primary_contact: "ptab@google.com" -auto_ccs : - - "adam@adalogics.com" -language: go -fuzzing_engines: - - libfuzzer -sanitizers: - - address diff --git a/projects/etcd/wal_fuzzer.go b/projects/etcd/wal_fuzzer.go deleted file mode 100644 index 8b21e381a..000000000 --- a/projects/etcd/wal_fuzzer.go +++ /dev/null @@ -1,58 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -package wal - -import ( - "bytes" - "io/ioutil" - "os" - - "go.etcd.io/etcd/raft/v3/raftpb" - "go.etcd.io/etcd/server/v3/storage/wal/walpb" - "go.uber.org/zap" -) - -func FuzzWalCreate(data []byte) int { - p, err := ioutil.TempDir("/tmp", "waltest") - if err != nil { - return -1 - } - defer os.RemoveAll(p) - w, err := Create(zap.NewExample(), p, data) - if err != nil { - return 0 - } - if err = w.SaveSnapshot(walpb.Snapshot{}); err != nil { - return 0 - } - if err = w.Save(raftpb.HardState{}, []raftpb.Entry{{Index: 0}}); err != nil { - return 0 - } - w.Close() - neww, err := Open(zap.NewExample(), p, walpb.Snapshot{}) - if err != nil { - return 0 - } - defer neww.Close() - metadata, _, _, err := neww.ReadAll() - if err != nil { - return 0 - } - if !bytes.Equal(data, metadata) { - panic("data and metadata are not equal, but they should be") - } - return 1 -} diff --git a/projects/exiv2/Dockerfile b/projects/exiv2/Dockerfile deleted file mode 100644 index 1540fe47f..000000000 --- a/projects/exiv2/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder - -RUN apt-get update && apt-get install -y cmake make ccache python3 libexpat1-dev zlib1g-dev libssh-dev libcurl4-openssl-dev libxml2-utils -RUN git clone https://github.com/Exiv2/exiv2 exiv2 -WORKDIR exiv2 - -COPY build.sh $SRC/ diff --git a/projects/exiv2/build.sh b/projects/exiv2/build.sh deleted file mode 100755 index 568d851a0..000000000 --- a/projects/exiv2/build.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Added to fix a false positive result: https://github.com/google/oss-fuzz/issues/6489 -CXXFLAGS="${CXXFLAGS} -fno-sanitize=float-divide-by-zero" - -# Build Exiv2 -mkdir -p build -cd build -cmake -DEXIV2_ENABLE_PNG=ON -DEXIV2_ENABLE_WEBREADY=ON -DEXIV2_ENABLE_CURL=OFF -DEXIV2_ENABLE_BMFF=ON -DEXIV2_TEAM_WARNINGS_AS_ERRORS=ON -DBUILD_SHARED_LIBS=OFF -DCMAKE_CXX_COMPILER="${CXX}" -DCMAKE_CXX_FLAGS="${CXXFLAGS}" -DEXIV2_BUILD_FUZZ_TESTS=ON -DEXIV2_TEAM_OSS_FUZZ=ON -DLIB_FUZZING_ENGINE="${LIB_FUZZING_ENGINE}" .. -make -j $(nproc) - -# Copy binary and dictionary to $OUT -cp ./bin/fuzz-read-print-write $OUT -cp ../fuzz/exiv2.dict $OUT/fuzz-read-print-write.dict - -# Initialize the corpus, using the files in test/data -mkdir corpus -for f in $(find ../test/data -type f -size -20k); do - s=$(sha1sum "$f" | awk '{print $1}') - cp $f corpus/$s -done - -zip -j $OUT/fuzz-read-print-write.zip corpus/* diff --git a/projects/exiv2/project.yaml b/projects/exiv2/project.yaml deleted file mode 100644 index 29838abe7..000000000 --- a/projects/exiv2/project.yaml +++ /dev/null @@ -1,9 +0,0 @@ -homepage: "https://www.exiv2.org" -language: c++ -primary_contact: "kevinbackhouse@github.com" -sanitizers: - - address - - undefined -architectures: - - x86_64 -main_repo: 'https://github.com/Exiv2/exiv2' diff --git a/projects/exprtk/project.yaml b/projects/exprtk/project.yaml index ec2f75010..ac0747e76 100644 --- a/projects/exprtk/project.yaml +++ b/projects/exprtk/project.yaml @@ -10,6 +10,5 @@ fuzzing_engines: sanitizers: - address - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory main_repo: 'https://github.com/ArashPartow/exprtk.git' diff --git a/projects/fast-dds/Dockerfile b/projects/fast-dds/Dockerfile index 414d421d9..df5782e63 100644 --- a/projects/fast-dds/Dockerfile +++ b/projects/fast-dds/Dockerfile @@ -21,5 +21,6 @@ RUN git clone --depth 1 https://github.com/chriskohlhoff/asio/ RUN git clone --depth 1 https://github.com/eProsima/Fast-CDR.git RUN git clone --depth 1 https://github.com/eProsima/foonathan_memory_vendor.git RUN git clone --depth 1 https://github.com/eProsima/Fast-DDS.git +COPY patch.diff $SRC COPY build.sh $SRC WORKDIR $SRC/Fast-DDS diff --git a/projects/fast-dds/build.sh b/projects/fast-dds/build.sh index 74c460f52..6831dffe3 100755 --- a/projects/fast-dds/build.sh +++ b/projects/fast-dds/build.sh @@ -18,7 +18,6 @@ ( cd ../tinyxml2 -make clean make -j$(nproc) all cp libtinyxml2.a /usr/local/lib/ cp *.h /usr/local/include/ @@ -47,6 +46,7 @@ cmake --build . --target install ) # build project +git apply ../patch.diff mkdir build && cd build cmake .. -DBUILD_SHARED_LIBS=OFF make -j $(nproc) diff --git a/projects/fast-dds/patch.diff b/projects/fast-dds/patch.diff new file mode 100644 index 000000000..e4f0ba2ed --- /dev/null +++ b/projects/fast-dds/patch.diff @@ -0,0 +1,74 @@ +diff --git a/src/cpp/CMakeLists.txt b/src/cpp/CMakeLists.txt +index b7fb777..615e955 100644 +--- a/src/cpp/CMakeLists.txt ++++ b/src/cpp/CMakeLists.txt +@@ -484,6 +484,11 @@ elseif(NOT EPROSIMA_INSTALLER) + endif() + endif() + ++if(DEFINED ENV{LIB_FUZZING_ENGINE}) ++ add_executable(fuzz_processCDRMsg rtps/messages/fuzz_processCDRMsg.cpp) ++ target_link_libraries(fuzz_processCDRMsg ${PROJECT_NAME} $ENV{LIB_FUZZING_ENGINE}) ++endif() ++ + ############################################################################### + # Packaging + ############################################################################### +diff --git a/src/cpp/rtps/messages/MessageReceiver.cpp b/src/cpp/rtps/messages/MessageReceiver.cpp +index 962ca9b..0e82082 100644 +--- a/src/cpp/rtps/messages/MessageReceiver.cpp ++++ b/src/cpp/rtps/messages/MessageReceiver.cpp +@@ -324,7 +324,11 @@ void MessageReceiver::processCDRMsg( + + reset(); + ++#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION ++ GuidPrefix_t participantGuidPrefix; ++#else + GuidPrefix_t participantGuidPrefix = participant_->getGuid().guidPrefix; ++#endif + dest_guid_prefix_ = participantGuidPrefix; + + msg->pos = 0; //Start reading at 0 +@@ -513,7 +517,9 @@ void MessageReceiver::processCDRMsg( + submessage->pos = next_msg_pos; + } + ++#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + participant_->assert_remote_participant_liveliness(source_guid_prefix_); ++#endif + } + + bool MessageReceiver::checkRTPSHeader( +diff --git a/src/cpp/rtps/messages/fuzz_processCDRMsg.cpp b/src/cpp/rtps/messages/fuzz_processCDRMsg.cpp +new file mode 100644 +index 0000000..6a71817 +--- /dev/null ++++ b/src/cpp/rtps/messages/fuzz_processCDRMsg.cpp +@@ -0,0 +1,26 @@ ++#include <stdio.h> ++#include <stdlib.h> ++#include <stdint.h> ++#include <stdarg.h> ++#include <string.h> ++ ++#include <fastrtps/rtps/messages/MessageReceiver.h> ++#include <fastdds/rtps/attributes/RTPSParticipantAttributes.h> ++ ++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ++ const eprosima::fastrtps::rtps::Locator_t remoteLocator; ++ eprosima::fastrtps::rtps::MessageReceiver* rcv = new eprosima::fastrtps::rtps::MessageReceiver(NULL, 4096); ++ ++ eprosima::fastrtps::rtps::CDRMessage_t msg(0); ++ msg.wraps = true; ++ msg.buffer = const_cast<eprosima::fastrtps::rtps::octet*>(data); ++ msg.length = size; ++ msg.max_size = size; ++ msg.reserved_size = size; ++ ++ // TODO: Should we unlock in case UnregisterReceiver is called from callback ? ++ rcv->processCDRMsg(remoteLocator, &msg); ++ delete rcv; ++ return 0; ++} ++ diff --git a/projects/fasthttp/Dockerfile b/projects/fasthttp/Dockerfile index 6edf310b2..368470692 100644 --- a/projects/fasthttp/Dockerfile +++ b/projects/fasthttp/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/valyala/fasthttp COPY build.sh $SRC/ diff --git a/projects/fastjson/Dockerfile b/projects/fastjson/Dockerfile index a61633303..9c196148d 100644 --- a/projects/fastjson/Dockerfile +++ b/projects/fastjson/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/valyala/fastjson COPY build.sh $SRC/ diff --git a/projects/fastjson2/Dockerfile b/projects/fastjson2/Dockerfile index ba6eae0b2..e8c9f4ec8 100644 --- a/projects/fastjson2/Dockerfile +++ b/projects/fastjson2/Dockerfile @@ -15,7 +15,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-jvm +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y maven RUN git clone --depth 1 https://github.com/google/fuzzing && \ diff --git a/projects/fastjson2/build.sh b/projects/fastjson2/build.sh index 56f2f2d6f..121c3249a 100644 --- a/projects/fastjson2/build.sh +++ b/projects/fastjson2/build.sh @@ -47,5 +47,5 @@ LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \ --target_class=$fuzzer_basename \ --jvm_args=\"-Xmx2048m\" \ \$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename + chmod u+x $OUT/$fuzzer_basename done diff --git a/projects/ffmpeg/Dockerfile b/projects/ffmpeg/Dockerfile index 552cd3229..bb0bb58ac 100644 --- a/projects/ffmpeg/Dockerfile +++ b/projects/ffmpeg/Dockerfile @@ -15,9 +15,11 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder +ADD bionic.list /etc/apt/sources.list.d/bionic.list +ADD nasm_apt.pin /etc/apt/preferences RUN apt-get update && apt-get install -y make autoconf automake libtool build-essential \ libass-dev libfreetype6-dev libsdl1.2-dev \ - libvdpau-dev libxcb1-dev libxcb-shm0-dev libdrm-dev \ + libvdpau-dev libxcb1-dev libxcb-shm0-dev \ pkg-config texinfo libbz2-dev zlib1g-dev yasm cmake mercurial wget \ xutils-dev libpciaccess-dev nasm rsync @@ -26,6 +28,7 @@ RUN git clone https://git.ffmpeg.org/ffmpeg.git ffmpeg RUN wget https://www.alsa-project.org/files/pub/lib/alsa-lib-1.1.0.tar.bz2 RUN git clone --depth 1 https://github.com/mstorsjo/fdk-aac.git RUN git clone --depth 1 git://anongit.freedesktop.org/xorg/lib/libXext +RUN git clone --depth 1 git://anongit.freedesktop.org/git/xorg/lib/libXfixes RUN git clone --depth 1 https://github.com/intel/libva RUN git clone --depth 1 -b libvdpau-1.2 git://people.freedesktop.org/~aplattner/libvdpau RUN git clone --depth 1 https://chromium.googlesource.com/webm/libvpx diff --git a/projects/ffmpeg/bionic.list b/projects/ffmpeg/bionic.list new file mode 100644 index 000000000..8621803a7 --- /dev/null +++ b/projects/ffmpeg/bionic.list @@ -0,0 +1,2 @@ +# use nasm 2.13.02 from bionic +deb http://archive.ubuntu.com/ubuntu/ bionic universe diff --git a/projects/ffmpeg/build.sh b/projects/ffmpeg/build.sh index 2e432428a..90da59c44 100755 --- a/projects/ffmpeg/build.sh +++ b/projects/ffmpeg/build.sh @@ -29,7 +29,6 @@ export LD_LIBRARY_PATH="$FFMPEG_DEPS_PATH/lib" cd $SRC bzip2 -f -d alsa-lib-* tar xf alsa-lib-* -rm alsa-lib-*.tar cd alsa-lib-* ./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-shared make clean @@ -51,6 +50,13 @@ make clean make -j$(nproc) make install +cd $SRC/libXfixes +./autogen.sh +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static +make clean +make -j$(nproc) +make install + cd $SRC/libva ./autogen.sh ./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-shared @@ -139,7 +145,7 @@ PKG_CONFIG_PATH="$FFMPEG_DEPS_PATH/lib/pkgconfig" ./configure \ make clean make -j$(nproc) install -# Download test samples, will be used as seed corpus. +# Download test sampes, will be used as seed corpus. # DISABLED. # TODO: implement a better way to maintain a minimized seed corpora # for all targets. As of 2017-05-04 now the combined size of corpora @@ -156,10 +162,6 @@ export TEMP_VAR_CODEC="AV_CODEC_ID_H264" export TEMP_VAR_CODEC_TYPE="VIDEO" CONDITIONALS=`grep 'BSF 1$' config.h | sed 's/#define CONFIG_\(.*\)_BSF 1/\1/'` -if [ -n "${OSS_FUZZ_CI-}" ]; then - # When running in CI, check the first targets only to save time and disk space - CONDITIONALS=( ${CONDITIONALS[@]:0:2} ) -fi for c in $CONDITIONALS ; do fuzzer_name=ffmpeg_BSF_${c}_fuzzer symbol=`echo $c | sed "s/.*/\L\0/"` @@ -170,10 +172,6 @@ done # Build fuzzers for decoders. CONDITIONALS=`grep 'DECODER 1$' config.h | sed 's/#define CONFIG_\(.*\)_DECODER 1/\1/'` -if [ -n "${OSS_FUZZ_CI-}" ]; then - # When running in CI, check the first targets only to save time and disk space - CONDITIONALS=( ${CONDITIONALS[@]:0:2} ) -fi for c in $CONDITIONALS ; do fuzzer_name=ffmpeg_AV_CODEC_ID_${c}_fuzzer symbol=`echo $c | sed "s/.*/\L\0/"` @@ -194,7 +192,6 @@ rm `find fate-suite -name '*.dec'` rm `find fate-suite -name '*.pcm'` zip -r $OUT/${fuzzer_name}_seed_corpus.zip fate-suite -zip -r $OUT/ffmpeg_AV_CODEC_ID_HEVC_fuzzer_seed_corpus.zip fate-suite/hevc fate-suite/hevc-conformance # Build fuzzer for demuxer fed at IO level fuzzer_name=ffmpeg_IO_DEMUXER_fuzzer @@ -232,10 +229,6 @@ PKG_CONFIG_PATH="$FFMPEG_DEPS_PATH/lib/pkgconfig" ./configure \ --disable-demuxer=rtp,rtsp,sdp \ CONDITIONALS=`grep 'DEMUXER 1$' config.h | sed 's/#define CONFIG_\(.*\)_DEMUXER 1/\1/'` -if [ -n "${OSS_FUZZ_CI-}" ]; then - # When running in CI, check the first targets only to save time and disk space - CONDITIONALS=( ${CONDITIONALS[@]:0:2} ) -fi for c in $CONDITIONALS ; do fuzzer_name=ffmpeg_dem_${c}_fuzzer symbol=`echo $c | sed "s/.*/\L\0/"` diff --git a/projects/ffmpeg/nasm_apt.pin b/projects/ffmpeg/nasm_apt.pin new file mode 100644 index 000000000..69099026b --- /dev/null +++ b/projects/ffmpeg/nasm_apt.pin @@ -0,0 +1,7 @@ +Package: * +Pin: release n=bionic +Pin-Priority: 1 + +Package: nasm +Pin: release n=bionic +Pin-Priority: 555 diff --git a/projects/file/project.yaml b/projects/file/project.yaml index e148c56a6..d0518477b 100644 --- a/projects/file/project.yaml +++ b/projects/file/project.yaml @@ -3,8 +3,7 @@ language: c++ primary_contact: "zoulasc@gmail.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined architectures: - x86_64 diff --git a/projects/firefox/Dockerfile b/projects/firefox/Dockerfile index 515e9df26..1d19ca82e 100644 --- a/projects/firefox/Dockerfile +++ b/projects/firefox/Dockerfile @@ -15,16 +15,13 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && \ - apt-get install -y software-properties-common && \ - add-apt-repository -y ppa:ubuntu-toolchain-r/test && \ - apt-get update && \ - apt-get upgrade -y && \ - apt-get install -y --no-install-recommends \ - gawk \ - libstdc++6 \ - m4 \ - python +RUN add-apt-repository -y ppa:ubuntu-toolchain-r/test +RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends \ + gawk \ + libstdc++6 \ + m4 \ + python \ + software-properties-common # This wrapper of cargo seems to interfere with our build system. RUN rm -f /usr/local/bin/cargo diff --git a/projects/flac/build.sh b/projects/flac/build.sh index 3ccf5495d..c94ba22f7 100755 --- a/projects/flac/build.sh +++ b/projects/flac/build.sh @@ -53,7 +53,7 @@ cd $SRC/fuzzing-headers # Build fuzzers cd $SRC/flac-fuzzers/ -$CXX $CXXFLAGS -I $SRC/flac/include/ -I $SRC/ExoPlayer/extensions/flac/src/main/jni/ -I /usr/lib/jvm/java-11-openjdk-amd64/include/ -I /usr/lib/jvm/java-11-openjdk-amd64/include/linux/ fuzzer_exo.cpp \ +$CXX $CXXFLAGS -I $SRC/flac/include/ -I $SRC/ExoPlayer/extensions/flac/src/main/jni/ -I /usr/lib/jvm/java-8-openjdk-amd64/include/ -I /usr/lib/jvm/java-8-openjdk-amd64/include/linux/ fuzzer_exo.cpp \ $SRC/flac/src/libFLAC++/.libs/libFLAC++.a $SRC/flac/src/libFLAC/.libs/libFLAC.a $SRC/libogg-install/lib/libogg.a $LIB_FUZZING_ENGINE -o $OUT/fuzzer_exo $CXX $CXXFLAGS -I $SRC/flac/include/ fuzzer_decoder.cpp $SRC/flac/src/libFLAC++/.libs/libFLAC++.a $SRC/flac/src/libFLAC/.libs/libFLAC.a $SRC/libogg-install/lib/libogg.a $LIB_FUZZING_ENGINE -o $OUT/fuzzer_decoder $CXX $CXXFLAGS -I $SRC/flac/include/ fuzzer_encoder.cpp $SRC/flac/src/libFLAC++/.libs/libFLAC++.a $SRC/flac/src/libFLAC/.libs/libFLAC.a $SRC/libogg-install/lib/libogg.a $LIB_FUZZING_ENGINE -o $OUT/fuzzer_encoder diff --git a/projects/flatbuffers/Dockerfile b/projects/flatbuffers/Dockerfile index 83caf67c0..d51dac792 100644 --- a/projects/flatbuffers/Dockerfile +++ b/projects/flatbuffers/Dockerfile @@ -15,7 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make cmake +RUN apt-get update && apt-get install -y make cmake ninja RUN git clone https://github.com/google/flatbuffers WORKDIR $SRC/ diff --git a/projects/flate2-rs/Dockerfile b/projects/flate2-rs/Dockerfile deleted file mode 100644 index 1309ff0fb..000000000 --- a/projects/flate2-rs/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright 2021 Google LL -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust -RUN git clone --depth 1 https://github.com/rust-lang/flate2-rs -WORKDIR $SRC - -COPY build.sh $SRC/ diff --git a/projects/flate2-rs/build.sh b/projects/flate2-rs/build.sh deleted file mode 100644 index c0ee06a9c..000000000 --- a/projects/flate2-rs/build.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -cd $SRC/flate2-rs -cargo fuzz build -O -cp fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_gz_roundtrip $OUT/fuzz_gz_roundtrip diff --git a/projects/flate2-rs/project.yaml b/projects/flate2-rs/project.yaml deleted file mode 100644 index 05a29a9b8..000000000 --- a/projects/flate2-rs/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://github.com/rust-lang/flate2-rs" -main_repo: "https://github.com/rust-lang/flate2-rs" -primary_contact: "david@adalogics.com" -sanitizers: - - address -fuzzing_engines: - - libfuzzer -language: rust -auto_ccs: - - "alex@alexcrichton.com" diff --git a/projects/fluent-bit/build.sh b/projects/fluent-bit/build.sh index bf5aac315..e68e5b819 100755 --- a/projects/fluent-bit/build.sh +++ b/projects/fluent-bit/build.sh @@ -14,11 +14,7 @@ # limitations under the License. # ################################################################################ -cd fluent-bit -sed -i 's/malloc(/fuzz_malloc(/g' ./lib/msgpack-c/src/zone.c -sed -i 's/struct msgpack_zone_chunk {/void *fuzz_malloc(size_t size) {if (size > 0xa00000) return NULL;\nreturn malloc(size);}\nstruct msgpack_zone_chunk {/g' ./lib/msgpack-c/src/zone.c - -cd build +cd fluent-bit/build export CFLAGS="$CFLAGS -fcommon -DFLB_TESTS_OSSFUZZ=ON" export CXXFLAGS="$CXXFLAGS -fcommon -DFLB_TESTS_OSSFUZZ=ON" @@ -27,14 +23,8 @@ export CXXFLAGS="$CXXFLAGS -fcommon -DFLB_TESTS_OSSFUZZ=ON" INPUT_PLUGINS="-DFLB_IN_COLLECTD=OFF -DFLB_IN_CPU=OFF -DFLB_IN_DISK=OFF -DFLB_IN_DOCKER=OFF -DFLB_IN_EXEC=OFF -DFLB_IN_FORWARD=OFF -DFLB_IN_HEAD=OFF -DFLB_IN_HEALTH=OFF -DFLB_IN_KMSG=OFF -DFLB_IN_MEM=OFF -DFLB_IN_MQTT=OFF -DFLB_IN_NETIF=OFF -DFLB_IN_PROC=OFF -DFLB_IN_RANDOM=OFF -DFLB_IN_SERIAL=OFF -DFLB_IN_STDIN=OFF -DFLB_IN_SYSLOG=OFF -DFLB_IN_SYSTEMD=OFF -DFLB_IN_TAIL=OFF -DFLB_IN_TCP=OFF -DFLB_IN_THERMAL=OFF -DFLB_IN_WINLOG=OFF" OUTPUT_PLUGINS="-DFLB_STREAM_PROCESSOR=Off -DFLB_LUAJIT=OFF -DFLB_FILTER_GREP=OFF -DFLB_FILTER_REWRITE_TAG=OFF -DFLB_OUT_AZURE=OFF -DFLB_OUT_BIGQUERY=OFF -DFLB_OUT_COUNTER=OFF -DFLB_OUT_DATADOG=OFF -DFLB_OUT_ES=OFF -DFLB_OUT_FILE=OFF -DFLB_OUT_FLOWCOUNTER=OFF -DFLB_OUT_FORWARD=OFF -DFLB_OUT_GELF=OFF -DFLB_OUT_HTTP=OFF -DFLB_OUT_INFLUXDB=OFF -DFLB_OUT_KAFKA=OFF -DFLB_OUT_KAFKA_REST=OFF -DFLB_OUT_NATS=OFF -DFLB_OUT_NULL=OFF -DFLB_OUT_PGSQL=OFF -DFLB_OUT_PLOT=OFF -DFLB_OUT_SLACK=OFF -DFLB_OUT_SPLUNK=OFF -DFLB_OUT_STACKDRIVER=OFF -DFLB_OUT_STDOUT=OFF -DFLB_OUT_TCP=OFF -DFLB_OUT_SYSLOG=OFF -DFLB_OUT_NRLOGS=OFF -DFLB_OUT_LOKI=OFF" FILTER_PLUGINS="-DFLB_FILTER_PARSER=ON -DFLB_FILTER_RECORD_MODIFIER=OFF -DFLB_FILTER_MODIFY=OFF -DFLB_FILTER_THROTTLE=OFF -DFLB_FILTER_KUBERNETES=OFF -DFLB_FILTER_NEST=OFF -DFLB_FILTER_PARSER=OFF -DFLB_FILTER_AWS=OFF -DFLB_FILTER_ALTER_SIZE=OFF" -EXTRA_FLAGS="-DFLB_BINARY=OFF -DFLB_EXAMPLES=OFF DFLB_METRICS=ON -DFLB_DEBUG=On -DMBEDTLS_FATAL_WARNINGS=OFF" -cmake -DFLB_TESTS_INTERNAL=ON \ - -DFLB_TESTS_INTERNAL_FUZZ=ON \ - -DFLB_TESTS_OSSFUZZ=ON \ - ${EXTRA_FLAGS} \ - ${INPUT_PLUGINS} \ - ${FILTER_PLUGINS} \ - ${OUTPUT_PLUGINS} .. + +cmake -DFLB_METRICS=ON -DFLB_DEBUG=On -DMBEDTLS_FATAL_WARNINGS=OFF -DFLB_TESTS_INTERNAL=ON -DFLB_TESTS_INTERNAL_FUZZ=ON -DFLB_TESTS_OSSFUZZ=ON ${INPUT_PLUGINS} ${FILTER_PLUGINS} ${OUTPUT_PLUGINS} .. make # Create options files diff --git a/projects/fluent-bit/project.yaml b/projects/fluent-bit/project.yaml index 968e23a0d..aca7cccc6 100755 --- a/projects/fluent-bit/project.yaml +++ b/projects/fluent-bit/project.yaml @@ -4,5 +4,4 @@ language: c++ auto_ccs: - "david@adalogics.com" - "wppttt@amazon.com" - - "zh0512xx@gmail.com" main_repo: 'https://github.com/fluent/fluent-bit/' diff --git a/projects/freeradius/Dockerfile b/projects/freeradius/Dockerfile deleted file mode 100644 index 083532ebc..000000000 --- a/projects/freeradius/Dockerfile +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt install -y libtalloc-dev libkqueue-dev - -# OpenSSL 1.1 -ARG OPENSSL_VERSION=1.1.1g -ARG OPENSSL_HASH=ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46 -RUN set -ex \ - && curl -s -O https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz \ - && echo "${OPENSSL_HASH} openssl-${OPENSSL_VERSION}.tar.gz" | sha256sum -c \ - && tar -xzf openssl-${OPENSSL_VERSION}.tar.gz \ - && cd openssl-${OPENSSL_VERSION} \ - && ./Configure linux-x86_64 no-shared --static "$CFLAGS" \ - && make build_generated \ - && make libcrypto.a \ - && make install -ENV OPENSSL_ROOT_DIR=/usr/local/openssl-${OPENSSL_VERSION} - -RUN git clone --depth 1 https://github.com/FreeRADIUS/freeradius-server.git -COPY build.sh $SRC -COPY patch.diff $SRC -WORKDIR $SRC/freeradius-server diff --git a/projects/freeradius/build.sh b/projects/freeradius/build.sh deleted file mode 100755 index 17f2c0ae8..000000000 --- a/projects/freeradius/build.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -function copy_lib - { - local fuzzer_path=$1 - local lib=$2 - cp $(ldd ${fuzzer_path} | grep "${lib}" | awk '{ print $3 }') ${OUT}/lib - } - -mkdir -p $OUT/lib - -git apply --ignore-whitespace $SRC/patch.diff -# build project -./configure --enable-fuzzer --enable-address-sanitizer -# make tries to compile regular programs as fuzz targets -# so -i flag ignores these errors -make -i -j$(nproc) -make -i install -# use shared libraries -ldconfig -ls ./build/bin/local/fuzzer_* | while read i; do - patchelf --set-rpath '$ORIGIN/lib' ${i} - copy_lib ${i} libfreeradius - copy_lib ${i} talloc - copy_lib ${i} kqueue - cp ${i} $OUT/ -done -cp -r /usr/local/share/freeradius/dictionary $OUT/dict -# export FR_DICTIONARY_DIR=/out/dictionary/ -# export FR_LIBRARY_PATH=/out/lib/ diff --git a/projects/freeradius/patch.diff b/projects/freeradius/patch.diff deleted file mode 100644 index 5436820d8..000000000 --- a/projects/freeradius/patch.diff +++ /dev/null @@ -1,64 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 56e9600..ad488e8 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -21,7 +21,7 @@ dnl # - dnl ############################################################# - - AC_PREREQ([2.59]) --export CFLAGS LIBS LDFLAGS CPPFLAGS -+#export CFLAGS LIBS LDFLAGS CPPFLAGS - - AC_INIT([freeradius],[$]Id[$],[http://bugs.freeradius.org],,[http://www.freeradius.org]) - AC_CONFIG_SRCDIR([src/bin/radiusd.c]) -@@ -185,7 +185,7 @@ dnl # -g3 so nice things like macro values are included. Other arguments are - dnl # added later when we know what compiler were using. - dnl # - if test "x$developer" = "xyes"; then -- : ${CFLAGS=-g3} -+ : ${CFLAGS="$CFLAGS -g3"} - fi - - dnl # - -diff --git a/src/bin/fuzzer.c b/src/bin/fuzzer.c -index 9c2eb50..82d6fd6 100644 ---- a/src/bin/fuzzer.c -+++ b/src/bin/fuzzer.c -@@ -125,7 +125,21 @@ int LLVMFuzzerInitialize(int *argc, char ***argv) - } - } - -- if (!dict_dir) dict_dir = DICTDIR; -+ int free_dict = 0; -+ int free_lib = 0; -+ if (!dict_dir) { -+ dict_dir = malloc(strlen((*argv)[0]) + 1); -+ memcpy(dict_dir, (*argv)[0], strlen((*argv)[0]) + 1); -+ snprintf(strrchr(dict_dir, '/'), 6, "/dict"); -+ free_dict = 1; -+ } -+ if (!lib_dir) { -+ lib_dir = malloc(strlen((*argv)[0]) + 1); -+ memcpy(lib_dir, (*argv)[0], strlen((*argv)[0]) + 1); -+ snprintf(strrchr(lib_dir, '/'), 5, "/lib"); -+ setenv("FR_LIBRARY_PATH", lib_dir, 1); -+ free_lib = 1; -+ } - - /* - * When jobs=N is specified the fuzzer spawns worker processes via -@@ -182,6 +196,13 @@ int LLVMFuzzerInitialize(int *argc, char ***argv) - - init = true; - -+ if (free_lib) { -+ free(lib_dir); -+ } -+ if (free_dict) { -+ free(dict_dir); -+ } -+ - return 1; - } - diff --git a/projects/freeradius/project.yaml b/projects/freeradius/project.yaml deleted file mode 100644 index a04dae509..000000000 --- a/projects/freeradius/project.yaml +++ /dev/null @@ -1,11 +0,0 @@ -homepage: "https://freeradius.org" -language: c++ -primary_contact: "a.cudbardb@gmail.com" -auto_ccs: -- "adekok@gmail.com" -- "p.antoine@catenacyber.fr" -main_repo: 'https://github.com/FreeRADIUS/freeradius-server.git' -fuzzing_engines: -- libfuzzer -sanitizers: -- address diff --git a/projects/freetype2/project.yaml b/projects/freetype2/project.yaml index c747e1bd0..964977286 100644 --- a/projects/freetype2/project.yaml +++ b/projects/freetype2/project.yaml @@ -2,6 +2,7 @@ homepage: "https://www.freetype.org/" language: c++ primary_contact: "lemzwerg@gmail.com" auto_ccs: + - "darnold@adobe.com" - "lemzwerg@googlemail.com" - "HinTak.Leung@gmail.com" - "ewaldhew@gmail.com" diff --git a/projects/fribidi/Dockerfile b/projects/fribidi/Dockerfile deleted file mode 100644 index b4d9ea75d..000000000 --- a/projects/fribidi/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y python3-pip pkg-config && \ - pip3 install meson==0.53.0 ninja -RUN git clone --depth 1 https://github.com/fribidi/fribidi.git -WORKDIR fribidi -COPY build.sh $SRC/ diff --git a/projects/fribidi/build.sh b/projects/fribidi/build.sh deleted file mode 100755 index aa8f60acc..000000000 --- a/projects/fribidi/build.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# setup -build=$WORK/build - -# cleanup -rm -rf $build -mkdir -p $build - -# Build the library. -meson --default-library=static --wrap-mode=nodownload -Ddocs=false \ - -Dfuzzer_ldflags="$(echo $LIB_FUZZING_ENGINE)" \ - $build \ - || (cat build/meson-logs/meson-log.txt && false) - -# Build the fuzzers. -ninja -v -j$(nproc) -C $build bin/fribidi-fuzzer -mv $build/bin/fribidi-fuzzer $OUT/ - -# Archive and copy to $OUT seed corpus if the build succeeded. -zip $OUT/fribidi-fuzzer_seed_corpus.zip test/*.{input,reference} test/fuzzing/* diff --git a/projects/fribidi/project.yaml b/projects/fribidi/project.yaml deleted file mode 100644 index 7fbac3aa0..000000000 --- a/projects/fribidi/project.yaml +++ /dev/null @@ -1,17 +0,0 @@ -homepage: "https://github.com/fribidi/fribidi" -language: c -primary_contact: "dov.grobgeld@gmail.com" -auto_ccs: - - "behdad.esfahbod@gmail.com" - - "behdad@gnu.org" - - "ebrahim@gnu.org" - - "dr.khaled.hosny@gmail.com" -fuzzing_engines: - - libfuzzer - - afl - - honggfuzz -sanitizers: - - address - - undefined - - memory -main_repo: 'https://github.com/fribidi/fribidi.git' diff --git a/projects/frr/Dockerfile b/projects/frr/Dockerfile deleted file mode 100644 index 3286cc63e..000000000 --- a/projects/frr/Dockerfile +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder - -RUN apt-get update && apt-get install -y git autoconf automake libtool make \ - libreadline-dev texinfo libjson-c-dev pkg-config bison flex python3-pip \ - libc-ares-dev python3-dev python3-sphinx build-essential libsystemd-dev \ - libsnmp-dev libcap-dev libelf-dev libpcre3-dev libpcre2-dev -RUN pip3 install pytest -RUN git clone https://github.com/CESNET/libyang.git - -RUN git clone --depth 1 --branch fuzz https://github.com/FRRouting/frr - -RUN git clone --depth 1 https://github.com/qlyoung/corpi -COPY build.sh $SRC -WORKDIR $SRC/frr diff --git a/projects/frr/build.sh b/projects/frr/build.sh deleted file mode 100755 index ad1584e47..000000000 --- a/projects/frr/build.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - - -function copy_lib - { - local fuzzer_path=$1 - local lib=$2 - cp $(ldd ${fuzzer_path} | grep "${lib}" | awk '{ print $3 }') ${OUT}/lib/ || true - } - -mkdir -p $OUT/lib - -# build dependency -( -cd $SRC/libyang -mkdir build; cd build -cmake -DBUILD_SHARED_LIBS=OFF -DENABLE_LYD_PRIV=ON -DCMAKE_INSTALL_PREFIX:PATH=/usr \ - -D CMAKE_BUILD_TYPE:String="Release" .. -make -j$(nproc) -make install -) - -# build project -export ASAN_OPTIONS=detect_leaks=0 -./bootstrap.sh -./configure --enable-libfuzzer --enable-static --enable-static-bin --sbindir=$SRC/bin -make -j$(nproc) -make install -cp ./lib/.libs/libfrr.so.0 $OUT/lib/ -cp $SRC/bin/bgpd $OUT/ -cp $SRC/bin/ospfd $OUT/ -cp $SRC/bin/pimd $OUT/ -cp $SRC/bin/zebra $OUT/ - -# build corpus -cd $SRC/corpi -find . -type d -maxdepth 1 | while read i; do zip -j $OUT/"$i"_seed_corpus.zip "$i"/*; done - -find $OUT -maxdepth 1 -type f -executable | while read i; do - grep "LLVMFuzzerTestOneInput" ${i} > /dev/null 2>&1 || continue - patchelf --set-rpath '$ORIGIN/lib' ${i} - copy_lib ${i} libpcre2 - copy_lib ${i} libyang - copy_lib ${i} libelf - copy_lib ${i} libjson-c -done - -patchelf --remove-needed libpcre2-8.so.0 $OUT/lib/libyang.so.2 diff --git a/projects/frr/project.yaml b/projects/frr/project.yaml deleted file mode 100644 index 8955c4f0e..000000000 --- a/projects/frr/project.yaml +++ /dev/null @@ -1,11 +0,0 @@ -homepage: "https://frrouting.org" -language: c++ -primary_contact: "security@lists.frrouting.org" -auto_ccs: -- "qlyoung@qlyoung.net" -- "equinox-ossfuzz@diac24.net" -- "menotdonald@gmail.com" -- "mjs.ietf@gmail.com" -fuzzing_engines: - - libfuzzer -main_repo: 'https://github.com/FRRouting/frr' diff --git a/projects/gcloud-go/Dockerfile b/projects/gcloud-go/Dockerfile index fe2f3b253..1d2b38e53 100644 --- a/projects/gcloud-go/Dockerfile +++ b/projects/gcloud-go/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder LABEL maintainer="codyoss@google.com" RUN go get cloud.google.com/go/spanner COPY build.sh $SRC/ diff --git a/projects/gdal/project.yaml b/projects/gdal/project.yaml index 447fe103c..d0bbfe4b3 100644 --- a/projects/gdal/project.yaml +++ b/projects/gdal/project.yaml @@ -9,7 +9,6 @@ auto_ccs: - "athomas@thinkspatial.com.au" - "ari.jolma@gmail.com" - "bjorn.harrtell@gmail.com" - - "nyall.dawson@gmail.com" architectures: - x86_64 - i386 diff --git a/projects/gdbm/Dockerfile b/projects/gdbm/Dockerfile deleted file mode 100644 index 69ade39ef..000000000 --- a/projects/gdbm/Dockerfile +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright 2021 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get -qq update && \ - apt-get install -qq \ - build-essential\ - git\ - autopoint\ - automake\ - autoconf\ - bison\ - flex\ - libtool\ - texinfo\ - gettext -RUN git clone --depth 1 https://git.gnu.org.ua/gdbm.git -WORKDIR gdbm -COPY build.sh $SRC/ diff --git a/projects/gdbm/build.sh b/projects/gdbm/build.sh deleted file mode 100644 index 9c21c8e96..000000000 --- a/projects/gdbm/build.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Bootstrap and configure project -./bootstrap --no-po -./configure --disable-shared --enable-debug --disable-nls -# Build project -make -j$(nproc) all -# Build fuzzer -cd fuzz -$CC $CFLAGS -c -I.. -I../src -ogdbm_fuzzer.o gdbm_fuzzer.c -$CXX $CFLAGS -ogdbm_fuzzer gdbm_fuzzer.o ../src/libgdbmapp.a ../src/.libs/libgdbm.a $LIB_FUZZING_ENGINE - -cp gdbm_fuzzer $OUT -cp gdbm_fuzzer.rc $OUT - -# Create seed -PATH=$SRC/gdbm/src:$PATH sh ./build_seed.sh -C seed -zip -rj "$OUT/gdbm_fuzzer_seed_corpus.zip" seed/ diff --git a/projects/gdbm/project.yaml b/projects/gdbm/project.yaml deleted file mode 100644 index 2169eeabf..000000000 --- a/projects/gdbm/project.yaml +++ /dev/null @@ -1,6 +0,0 @@ -homepage: "https://www.gnu.org.ua/software/gdbm" -language: c -primary_contact: "sergey.poznyakoff@gmail.com" -auto_ccs: - - "gray@gnu.org" -main_repo: "https://git.gnu.org.ua/gdbm.git" diff --git a/projects/geos/Dockerfile b/projects/geos/Dockerfile deleted file mode 100644 index a9db2a717..000000000 --- a/projects/geos/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y cmake -# fallback to github if main git server is not responding -RUN git clone --depth 1 https://git.osgeo.org/gitea/geos/geos.git || git clone --depth 1 https://github.com/libgeos/geos.git -COPY build.sh $SRC -COPY patch.diff $SRC -WORKDIR $SRC/geos diff --git a/projects/geos/build.sh b/projects/geos/build.sh deleted file mode 100755 index 5d5c59afe..000000000 --- a/projects/geos/build.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# build project -git apply ../patch.diff -mkdir build -cd build -cmake -DBUILD_SHARED_LIBS=OFF .. -make -j$(nproc) -cp bin/fuzz* $OUT/ diff --git a/projects/geos/patch.diff b/projects/geos/patch.diff deleted file mode 100644 index 60c13f72d..000000000 --- a/projects/geos/patch.diff +++ /dev/null @@ -1,106 +0,0 @@ -diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt -index 14506516..2e236476 100644 ---- a/tests/CMakeLists.txt -+++ b/tests/CMakeLists.txt -@@ -11,4 +11,5 @@ - add_subdirectory(unit) - add_subdirectory(xmltester) - add_subdirectory(bigtest) -+add_subdirectory(fuzz) - -diff --git a/tests/fuzz/CMakeLists.txt b/tests/fuzz/CMakeLists.txt -new file mode 100644 -index 00000000..d0bd7a02 ---- /dev/null -+++ b/tests/fuzz/CMakeLists.txt -@@ -0,0 +1,15 @@ -+################################################################################ -+# Part of CMake configuration for GEOS -+# -+# Copyright (C) 2018 Mateusz Loskot <mateusz@loskot.net> -+# -+# This is free software; you can redistribute and/or modify it under -+# the terms of the GNU Lesser General Public Licence as published -+# by the Free Software Foundation. -+# See the COPYING file for more information. -+################################################################################ -+if(DEFINED ENV{LIB_FUZZING_ENGINE}) -+ add_executable(fuzz_geo2 fuzz_geo2.c) -+ target_include_directories(fuzz_geo2 PUBLIC $<BUILD_INTERFACE:${CMAKE_SOURCE_DIR}/include>) -+ target_link_libraries(fuzz_geo2 geos_c $ENV{LIB_FUZZING_ENGINE}) -+endif() -diff --git a/tests/fuzz/fuzz_geo2.c b/tests/fuzz/fuzz_geo2.c -new file mode 100644 -index 00000000..ceee7ea6 ---- /dev/null -+++ b/tests/fuzz/fuzz_geo2.c -@@ -0,0 +1,69 @@ -+#include <stdio.h> -+#include <stdlib.h> -+#include <stdint.h> -+#include <stdarg.h> -+#include <string.h> -+ -+#include "geos_c.h" -+ -+static int initialized = 0; -+FILE * flogOut; -+ -+void -+notice(const char *fmt, ...) { -+ va_list ap; -+ fprintf( flogOut, "NOTICE: "); -+ va_start (ap, fmt); -+ vfprintf( flogOut, fmt, ap); -+ va_end(ap); -+ fprintf( flogOut, "\n" ); -+} -+ -+void -+log_and_exit(const char *fmt, ...) { -+ va_list ap; -+ fprintf( flogOut, "ERROR: "); -+ va_start (ap, fmt); -+ vfprintf( flogOut, fmt, ap); -+ va_end(ap); -+ fprintf( flogOut, "\n" ); -+} -+ -+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -+ if (initialized == 0) { -+ flogOut = fopen("/dev/null", "wb"); -+ initGEOS(notice, log_and_exit); -+ initialized = 1; -+ } -+ size_t sep; -+ for (sep = 0; sep < Size; sep ++) { -+ if (Data[sep] == 0) { -+ break; -+ } -+ } -+ if (sep == Size) { -+ return 0; -+ } -+ GEOSGeometry *g1 = GEOSGeomFromWKT(Data); -+ -+ if (g1 != NULL) { -+ GEOSGeometry *g2 = GEOSGeomFromWKB_buf(Data+sep, Size-sep); -+ if (g2 != NULL) { -+ size_t usize; -+ GEOSGeometry *g3 = GEOSIntersection(g1, g2); -+ GEOSGeom_destroy(g3); -+ g3 = GEOSDifference(g1, g2); -+ GEOSGeom_destroy(g3); -+ g3 = GEOSUnion(g1, g2); -+ GEOSGeom_destroy(g3); -+ unsigned char* uptr = GEOSGeomToWKB_buf(g1, &usize); -+ free(uptr); -+ GEOSGeom_destroy(g2); -+ } -+ char * r = GEOSGeomToWKT(g1); -+ free(r); -+ GEOSGeom_destroy(g1); -+ } -+ return 0; -+} -+ diff --git a/projects/geos/project.yaml b/projects/geos/project.yaml deleted file mode 100644 index 91a71ebaa..000000000 --- a/projects/geos/project.yaml +++ /dev/null @@ -1,12 +0,0 @@ -homepage: "https://geos.osgeo.org" -language: c++ -primary_contact: "mtnclimb@gmail.com" -auto_ccs : -- "strk@kbt.io" -- "lr@pcorp.us" -- "p.antoine@catenacyber.fr" - -sanitizers: -- address -- undefined -main_repo: 'https://git.osgeo.org/gitea/geos/geos.git' diff --git a/projects/ghostscript/project.yaml b/projects/ghostscript/project.yaml index 6a4a2db9e..d1f91d415 100644 --- a/projects/ghostscript/project.yaml +++ b/projects/ghostscript/project.yaml @@ -10,6 +10,5 @@ auto_ccs: - "kdlee@chromium.org" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory -main_repo: 'git://git.ghostscript.com/ghostpdl.git'
\ No newline at end of file + - memory +main_repo: 'git://git.ghostscript.com/ghostpdl.git' diff --git a/projects/git/Dockerfile b/projects/git/Dockerfile index eb487434d..91c05e426 100644 --- a/projects/git/Dockerfile +++ b/projects/git/Dockerfile @@ -20,7 +20,7 @@ RUN apt-get update && \ cvs cvsps gettext libcgi-pm-perl libcurl4-gnutls-dev \ libdbd-sqlite3-perl liberror-perl libexpat1-dev libhttp-date-perl \ libio-pty-perl libmailtools-perl libpcre2-dev libpcre3-dev libsvn-perl \ - perl-modules libyaml-perl libz-dev python subversion tcl unzip \ + libtime-modules-perl libyaml-perl libz-dev python subversion tcl unzip \ asciidoc docbook-xsl xmlto libssl-dev zip RUN git clone https://github.com/git/git git WORKDIR git diff --git a/projects/gitea/Dockerfile b/projects/gitea/Dockerfile index 2defa813c..940312337 100644 --- a/projects/gitea/Dockerfile +++ b/projects/gitea/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone https://github.com/go-gitea/gitea COPY build.sh $SRC/ WORKDIR $SRC/gitea diff --git a/projects/glib/Dockerfile b/projects/glib/Dockerfile index 25b520411..72449d549 100644 --- a/projects/glib/Dockerfile +++ b/projects/glib/Dockerfile @@ -16,7 +16,7 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y python3-pip -RUN unset CFLAGS CXXFLAGS && pip3 install -U meson ninja +RUN pip3 install -U meson ninja RUN git clone --depth 1 https://gitlab.gnome.org/GNOME/glib WORKDIR glib COPY build.sh $SRC/ diff --git a/projects/glib/project.yaml b/projects/glib/project.yaml index 62cb33095..64889c879 100644 --- a/projects/glib/project.yaml +++ b/projects/glib/project.yaml @@ -8,7 +8,6 @@ auto_ccs: sanitizers: - address - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory +- memory help_url: https://gitlab.gnome.org/GNOME/glib/tree/master/fuzzing#how-to-reproduce-oss-fuzz-bugs-locally -main_repo: 'https://gitlab.gnome.org/GNOME/glib'
\ No newline at end of file +main_repo: 'https://gitlab.gnome.org/GNOME/glib' diff --git a/projects/gnupg/Dockerfile b/projects/gnupg/Dockerfile index 5392d97b2..57dc9050d 100644 --- a/projects/gnupg/Dockerfile +++ b/projects/gnupg/Dockerfile @@ -16,11 +16,6 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool gettext bzip2 gnupg bison flex -# Install automake 1.16.3 from future. See: -# * https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=6ca540715139899137e1f86c7e1dcbd0288f15b3 -# * https://packages.ubuntu.com/en/hirsute/automake -RUN sed -i -e 's/focal/hirsute/g' /etc/apt/sources.list -RUN apt-get update && apt-get install -y --reinstall automake RUN git clone --depth 1 git://git.gnupg.org/libgpg-error.git libgpg-error RUN git clone --depth 1 git://git.gnupg.org/libgcrypt.git libgcrypt diff --git a/projects/gnupg/fuzzgnupg.diff b/projects/gnupg/fuzzgnupg.diff index f736fae29..226c86c4c 100644 --- a/projects/gnupg/fuzzgnupg.diff +++ b/projects/gnupg/fuzzgnupg.diff @@ -1,10 +1,10 @@ diff --git a/configure.ac b/configure.ac -index 7b398f3df..ee69b3063 100644 +index 5bb366e76..ee9403149 100644 --- a/configure.ac +++ b/configure.ac -@@ -991,6 +991,15 @@ if test x"$use_tofu" = xyes ; then - fi - fi +@@ -991,6 +991,15 @@ AC_CHECK_LIB(util, openpty, + ]) + AC_SUBST(LIBUTIL_LIBS) +# TODO choose when to build fuzzing with option ? +AC_CHECK_LIB(FuzzingEngine, main, @@ -15,19 +15,19 @@ index 7b398f3df..ee69b3063 100644 +AC_CHECK_PROG(HAVE_CLANGXX, clang++, 1) +AM_CONDITIONAL(HAVE_LIB_FUZZING_ENGINE, [test "$have_fuzz" = yes -a "$HAVE_CLANGXX" = 1]) + - AM_CONDITIONAL(SQLITE3, test "$have_sqlite" = "yes") - - if test x"$use_tofu" = xyes ; then -@@ -2149,6 +2158,7 @@ tests/migrations/Makefile - tests/tpm2dtests/Makefile + # shred is used to clean temporary plain text files. + AC_PATH_PROG(SHRED, shred, /usr/bin/shred) + AC_DEFINE_UNQUOTED(SHRED, +@@ -2094,6 +2103,7 @@ tests/migrations/Makefile + tests/gpgsm/Makefile tests/gpgme/Makefile tests/pkits/Makefile +tests/fuzz/Makefile g10/gpg.w32-manifest - tools/gpg-connect-agent.w32-manifest - tools/gpgconf.w32-manifest + ]) + diff --git a/g10/Makefile.am b/g10/Makefile.am -index eb23573b7..785ac2b4b 100644 +index 2b92daf33..505d98f5e 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -47,6 +47,7 @@ endif @@ -38,14 +38,14 @@ index eb23573b7..785ac2b4b 100644 if !HAVE_W32CE_SYSTEM noinst_PROGRAMS += gpgv endif -@@ -164,6 +165,9 @@ gpg_sources = server.c \ - gpg_SOURCES = gpg.c \ +@@ -164,6 +165,9 @@ gpg_SOURCES = gpg.c \ keyedit.c keyedit.h \ $(gpg_sources) + +libgpg_a_SOURCES = keyedit.c keyedit.h \ + $(gpg_sources) + - + #gpgcompose_SOURCES = gpgcompose.c $(gpg_sources) gpgv_SOURCES = gpgv.c \ $(common_source) \ diff --git a/g10/armor.c b/g10/armor.c @@ -63,7 +63,7 @@ index eb2d28bca..594f5bd2d 100644 diff --git a/g10/call-dirmngr.h b/g10/call-dirmngr.h -index c0f1e0cec..52652a0e0 100644 +index 285c4cb4d..7af328c2a 100644 --- a/g10/call-dirmngr.h +++ b/g10/call-dirmngr.h @@ -19,6 +19,8 @@ @@ -122,10 +122,10 @@ index e7a6f2b11..9a9ab5460 100644 } while (zs->avail_out && zrc != Z_STREAM_END && zrc != Z_BUF_ERROR && !leave); diff --git a/g10/parse-packet.c b/g10/parse-packet.c -index bb05eabb7..638d895d0 100644 +index 2f92c1d2c..41e077a6a 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c -@@ -806,7 +806,12 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, +@@ -738,7 +738,12 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, * the uncompressing layer - in some error cases it just loops * and spits out 0xff bytes. */ log_error ("%s: garbled packet detected\n", iobuf_where (inp)); @@ -139,10 +139,10 @@ index bb05eabb7..638d895d0 100644 if (out && pkttype) diff --git a/g10/plaintext.c b/g10/plaintext.c -index 3e169d93f..aa83ffbe0 100644 +index f9e0a4296..7b9709c08 100644 --- a/g10/plaintext.c +++ b/g10/plaintext.c -@@ -617,10 +617,16 @@ ask_for_detached_datafile (gcry_md_hd_t md, gcry_md_hd_t md2, +@@ -656,10 +656,16 @@ ask_for_detached_datafile (gcry_md_hd_t md, gcry_md_hd_t md2, if (!fp) { @@ -160,10 +160,10 @@ index 3e169d93f..aa83ffbe0 100644 do_hash (md, md2, fp, textmode); iobuf_close (fp); diff --git a/g10/sig-check.c b/g10/sig-check.c -index 8dd18b2e2..9f5db89f9 100644 +index 4c172d692..bd87f00ad 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c -@@ -783,8 +783,9 @@ check_revocation_keys (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig) +@@ -760,8 +760,9 @@ check_revocation_keys (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig) { gcry_md_hd_t md; @@ -176,15 +176,15 @@ index 8dd18b2e2..9f5db89f9 100644 /* Note: check_signature only checks that the signature is good. It does not fail if the key is revoked. */ diff --git a/tests/Makefile.am b/tests/Makefile.am -index f29b68a53..e788c9916 100644 +index b9be6aaa6..d6659eaf1 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am -@@ -24,7 +24,13 @@ else - tpm2dtests = - endif +@@ -18,7 +18,13 @@ + + ## Process this file with automake to produce Makefile.in --SUBDIRS = gpgscm openpgp cms migrations gpgme pkits $(tpm2dtests) . -+SUBDIRS = gpgscm openpgp cms migrations gpgme pkits $(tpm2dtests) +-SUBDIRS = gpgscm openpgp migrations gpgsm gpgme pkits . ++SUBDIRS = gpgscm openpgp migrations gpgsm gpgme pkits + +if MAINTAINER_MODE +SUBDIRS += fuzz @@ -196,7 +196,7 @@ index f29b68a53..e788c9916 100644 diff --git a/tests/fuzz/Makefile.am b/tests/fuzz/Makefile.am new file mode 100644 -index 000000000..eb2216d3e +index 000000000..3bf039a54 --- /dev/null +++ b/tests/fuzz/Makefile.am @@ -0,0 +1,84 @@ diff --git a/projects/gnupg/project.yaml b/projects/gnupg/project.yaml index 516132eca..c2c6ab2ca 100644 --- a/projects/gnupg/project.yaml +++ b/projects/gnupg/project.yaml @@ -2,6 +2,3 @@ homepage: "https://www.gnupg.org" language: c++ primary_contact: "p.antoine@catenacyber.fr" main_repo: 'git://git.gnupg.org/gnupg.git' -fuzzing_engines: - - libfuzzer - - honggfuzz diff --git a/projects/gnutls/Dockerfile b/projects/gnutls/Dockerfile index 5d902272e..46304293d 100644 --- a/projects/gnutls/Dockerfile +++ b/projects/gnutls/Dockerfile @@ -38,7 +38,7 @@ RUN git clone git://git.savannah.gnu.org/gnulib.git RUN git clone --depth=1 https://git.savannah.gnu.org/git/libunistring.git RUN git clone --depth=1 https://gitlab.com/libidn/libidn2.git RUN hg clone https://gmplib.org/repo/gmp/ gmp -RUN git clone https://gitlab.com/gnutls/libtasn1.git +RUN git clone --depth=1 https://gitlab.com/gnutls/libtasn1.git RUN git clone --depth=1 https://git.lysator.liu.se/nettle/nettle.git RUN git clone --depth=1 --recursive https://gitlab.com/gnutls/gnutls.git diff --git a/projects/gnutls/build.sh b/projects/gnutls/build.sh index 730838c54..a44282784 100755 --- a/projects/gnutls/build.sh +++ b/projects/gnutls/build.sh @@ -16,9 +16,9 @@ ################################################################################ export DEPS_PATH=$SRC/deps -export PKG_CONFIG_PATH=$DEPS_PATH/lib64/pkgconfig:$DEPS_PATH/lib/pkgconfig +export PKG_CONFIG_PATH=$DEPS_PATH/lib/pkgconfig export CPPFLAGS="-I$DEPS_PATH/include" -export LDFLAGS="-L$DEPS_PATH/lib -L$DEPS_PATH/lib64" +export LDFLAGS="-L$DEPS_PATH/lib" export GNULIB_SRCDIR=$SRC/gnulib cd $SRC/libunistring diff --git a/projects/go-attestation/Dockerfile b/projects/go-attestation/Dockerfile index 33999bef3..4e1651c92 100644 --- a/projects/go-attestation/Dockerfile +++ b/projects/go-attestation/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN go get -u -d github.com/google/go-attestation/... diff --git a/projects/go-coredns/Dockerfile b/projects/go-coredns/Dockerfile index 8dab305c9..7991879d2 100644 --- a/projects/go-coredns/Dockerfile +++ b/projects/go-coredns/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder ENV GO111MODULE=on RUN git clone --depth 1 https://github.com/coredns/coredns $GOPATH/src/github.com/coredns/coredns diff --git a/projects/go-dns/Dockerfile b/projects/go-dns/Dockerfile index 3819ff263..a5576e704 100644 --- a/projects/go-dns/Dockerfile +++ b/projects/go-dns/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN go get -t github.com/miekg/dns COPY build.sh $SRC/ diff --git a/projects/go-ethereum/Dockerfile b/projects/go-ethereum/Dockerfile index 3904fced0..8323922d7 100644 --- a/projects/go-ethereum/Dockerfile +++ b/projects/go-ethereum/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --single-branch --depth=1 https://github.com/ethereum/go-ethereum $GOPATH/src/github.com/ethereum/go-ethereum RUN (cd $GOPATH/src/github.com/ethereum/go-ethereum && go mod download) diff --git a/projects/go-ethereum/project.yaml b/projects/go-ethereum/project.yaml index 062e5a1c7..a4c853230 100644 --- a/projects/go-ethereum/project.yaml +++ b/projects/go-ethereum/project.yaml @@ -4,8 +4,6 @@ auto_ccs : - "fjl@ethereum.org" - "martin.swende@ethereum.org" - "marius.vanderwijden@ethereum.org" - - "garyrong@ethereum.org" - - "zsfelfoldi@ethereum.org" language: go fuzzing_engines: - libfuzzer diff --git a/projects/go-json-iterator/Dockerfile b/projects/go-json-iterator/Dockerfile index fa3d9305a..5d4cf02f3 100644 --- a/projects/go-json-iterator/Dockerfile +++ b/projects/go-json-iterator/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone https://github.com/json-iterator/go json-iterator COPY fuzz_json.go $SRC/json-iterator/ diff --git a/projects/go-redis/Dockerfile b/projects/go-redis/Dockerfile index 0bcc651ed..b0ad17734 100644 --- a/projects/go-redis/Dockerfile +++ b/projects/go-redis/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone https://github.com/go-redis/redis redis COPY build.sh $SRC/ WORKDIR $SRC/redis diff --git a/projects/go-redis/build.sh b/projects/go-redis/build.sh index 38c2db69f..e297cd37c 100644 --- a/projects/go-redis/build.sh +++ b/projects/go-redis/build.sh @@ -13,4 +13,5 @@ # See the License for the specific language governing permissions and # limitations under the License. -compile_go_fuzzer github.com/go-redis/redis/v8/fuzz Fuzz fuzz gofuzz +#github.com/go-redis/redis/fuzz is not a module, so needs local build +compile_go_fuzzer ./fuzz Fuzz fuzz gofuzz diff --git a/projects/go-sftp/Dockerfile b/projects/go-sftp/Dockerfile index 59c82b2ae..0269d8ee4 100644 --- a/projects/go-sftp/Dockerfile +++ b/projects/go-sftp/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/pkg/sftp COPY build.sh $SRC/ diff --git a/projects/go-snappy/Dockerfile b/projects/go-snappy/Dockerfile index 59ff120fd..d6d08afd0 100644 --- a/projects/go-snappy/Dockerfile +++ b/projects/go-snappy/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/golang/snappy COPY build.sh $SRC/ diff --git a/projects/go-snappy/project.yaml b/projects/go-snappy/project.yaml index 42eca5303..8a732ccb3 100644 --- a/projects/go-snappy/project.yaml +++ b/projects/go-snappy/project.yaml @@ -8,4 +8,3 @@ fuzzing_engines: sanitizers: - address main_repo: 'https://github.com/golang/snappy' -disabled: true diff --git a/projects/go-sqlite3/Dockerfile b/projects/go-sqlite3/Dockerfile index e2936b4a5..f1b10e165 100644 --- a/projects/go-sqlite3/Dockerfile +++ b/projects/go-sqlite3/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 http://github.com/mattn/go-sqlite3 $GOPATH/src/github.com/mattn/go-sqlite3 COPY build.sh $SRC/ diff --git a/projects/golang-protobuf/Dockerfile b/projects/golang-protobuf/Dockerfile index 8c7272eb7..1347a7691 100644 --- a/projects/golang-protobuf/Dockerfile +++ b/projects/golang-protobuf/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder ENV GO111MODULE="on" ENV GOFUZZ111MODULE="on" diff --git a/projects/golang/Dockerfile b/projects/golang/Dockerfile index ff5cd2fc1..1118ce48d 100644 --- a/projects/golang/Dockerfile +++ b/projects/golang/Dockerfile @@ -14,9 +14,14 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder -RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus golang -COPY build.sh text_fuzzer.go math_big_fuzzer.go $SRC/ +RUN mkdir -p $GOPATH/src/github.com/dvyukov/ && \ + cd $GOPATH/src/github.com/dvyukov/ && \ + git clone https://github.com/dvyukov/go-fuzz-corpus + +COPY build.sh $SRC/ + +ENV GO111MODULE="off" WORKDIR $SRC/golang diff --git a/projects/golang/build.sh b/projects/golang/build.sh index 99868c4ca..064378aa5 100755 --- a/projects/golang/build.sh +++ b/projects/golang/build.sh @@ -12,37 +12,41 @@ # See the License for the specific language governing permissions and # limitations under the License. -# These two dependencies cause build issues and are not used by oss-fuzz: -rm -r sqlparser -rm -r parser +function compile_fuzzer { + fuzzer=$(basename $1) -mkdir math && cp $SRC/math_big_fuzzer.go ./math/ + compile_go_fuzzer "github.com/dvyukov/go-fuzz-corpus/$fuzzer" Fuzz $fuzzer -go get -u golang.org/x/text -mkdir text && cp $SRC/text_fuzzer.go ./text/ + # Pack the seed corpus + zip -r $OUT/fuzzer-${fuzzer}_seed_corpus.zip \ + $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/$fuzzer/corpus +} + +export -f compile_fuzzer + +# Use this to attempt to compile all +#find $SRC/go-fuzz-corpus -mindepth 1 -maxdepth 1 -type d -exec bash -c 'compile_fuzzer "$@"' bash {} \; + +compile_fuzzer asn1 +#compile_fuzzer bzip2 +compile_fuzzer csv +compile_fuzzer elliptic +compile_fuzzer flate +compile_fuzzer fmt +#compile_fuzzer gif +compile_fuzzer gzip +compile_fuzzer httpreq +compile_fuzzer httpresp +compile_fuzzer jpeg +compile_fuzzer json +compile_fuzzer lzw +compile_fuzzer mime +compile_fuzzer multipart +compile_fuzzer png +compile_fuzzer tar +compile_fuzzer time +#compile_fuzzer url +compile_fuzzer xml +compile_fuzzer zip +compile_fuzzer zlib -go mod init "github.com/dvyukov/go-fuzz-corpus" -export FUZZ_ROOT="github.com/dvyukov/go-fuzz-corpus" -compile_go_fuzzer $FUZZ_ROOT/text FuzzAcceptLanguage accept_language_fuzzer -compile_go_fuzzer $FUZZ_ROOT/text FuzzCurrency currency_fuzzer -compile_go_fuzzer $FUZZ_ROOT/math FuzzBigIntCmp1 big_cmp_fuzzer1 -compile_go_fuzzer $FUZZ_ROOT/math FuzzBigIntCmp2 big_cmp_fuzzer2 -compile_go_fuzzer $FUZZ_ROOT/math FuzzRatSetString big_rat_fuzzer -compile_go_fuzzer $FUZZ_ROOT/asn1 Fuzz asn_fuzzer -compile_go_fuzzer $FUZZ_ROOT/csv Fuzz csv_fuzzer -compile_go_fuzzer $FUZZ_ROOT/elliptic Fuzz elliptic_fuzzer -compile_go_fuzzer $FUZZ_ROOT/flate Fuzz flate_fuzzer -compile_go_fuzzer $FUZZ_ROOT/fmt Fuzz fmt_fuzzer -compile_go_fuzzer $FUZZ_ROOT/gzip Fuzz gzip_fuzzer -compile_go_fuzzer $FUZZ_ROOT/httpreq Fuzz httpreq_fuzzer -compile_go_fuzzer $FUZZ_ROOT/jpeg Fuzz jpeg_fuzzer -compile_go_fuzzer $FUZZ_ROOT/json Fuzz json_fuzzer -compile_go_fuzzer $FUZZ_ROOT/lzw Fuzz lzw_fuzzer -compile_go_fuzzer $FUZZ_ROOT/mime Fuzz mime_fuzzer -compile_go_fuzzer $FUZZ_ROOT/multipart Fuzz multipart_fuzzer -compile_go_fuzzer $FUZZ_ROOT/png Fuzz png_fuzzer -compile_go_fuzzer $FUZZ_ROOT/tar Fuzz tar_fuzzer -compile_go_fuzzer $FUZZ_ROOT/time Fuzz time_fuzzer -compile_go_fuzzer $FUZZ_ROOT/xml Fuzz xml_fuzzer -compile_go_fuzzer $FUZZ_ROOT/zip Fuzz zip_fuzzer -compile_go_fuzzer $FUZZ_ROOT/zlib Fuzz zlib_fuzzer diff --git a/projects/golang/math_big_fuzzer.go b/projects/golang/math_big_fuzzer.go deleted file mode 100644 index 60946bc46..000000000 --- a/projects/golang/math_big_fuzzer.go +++ /dev/null @@ -1,63 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - - -package mathfuzzer - -import "math/big" - -func FuzzBigIntCmp1(data []byte) int { - if !isDivisibleBy(len(data), 2) { - return -1 - } - i1 := new(big.Int) - i2 := new(big.Int) - - half := len(data) / 2 - - halfOne := data[:half] - halfTwo := data[half:] - - i1.SetBytes(halfOne) - i2.SetBytes(halfTwo) - - i1.Cmp(i2) - return 1 -} - -func FuzzBigIntCmp2(data []byte) int { - if !isDivisibleBy(len(data), 2) { - return -1 - } - x, y := new(big.Int), new(big.Int) - half := len(data)/2 - if err := x.UnmarshalText(data[:half]); err != nil { - return 0 - } - if err := y.UnmarshalText(data[half:]); err != nil { - return 0 - } - x.Cmp(y) - return 1 -} - -func FuzzRatSetString(data []byte) int { - _, _ = new(big.Rat).SetString(string(data)) - return 1 -} - -func isDivisibleBy(n int, divisibleby int) bool { - return (n % divisibleby) == 0 -} diff --git a/projects/golang/project.yaml b/projects/golang/project.yaml index 0fe496b60..ed1e86329 100644 --- a/projects/golang/project.yaml +++ b/projects/golang/project.yaml @@ -1,11 +1,9 @@ homepage: "https://golang.org/" -main_repo: "https://github.com/golang/go" primary_contact: "golang-fuzz@googlegroups.com" auto_ccs: + - "mmoroz@chromium.org" - "josharian@gmail.com" - "emmanuel@orijtech.com" - - "Adam@adalogics.com" - - "cuong.manhle.vn@gmail.com" language: go sanitizers: - address diff --git a/projects/golang/text_fuzzer.go b/projects/golang/text_fuzzer.go deleted file mode 100644 index d7686ae72..000000000 --- a/projects/golang/text_fuzzer.go +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -package fuzztext - -import ( - "golang.org/x/text/currency" - "golang.org/x/text/language" -) - -func FuzzAcceptLanguage(data []byte) int { - _, _, _ = language.ParseAcceptLanguage(string(data)) - return 1 -} - -func FuzzCurrency(data []byte) int { - // Create tag - t, err := language.Parse(string(data)) - if err != nil { - return 0 - } - _, _ = currency.FromTag(t) - return 1 -} diff --git a/projects/gonids/Dockerfile b/projects/gonids/Dockerfile index 13175c904..66e9a8933 100644 --- a/projects/gonids/Dockerfile +++ b/projects/gonids/Dockerfile @@ -14,10 +14,10 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go -RUN git clone --depth 1 https://github.com/google/gonids +FROM gcr.io/oss-fuzz-base/base-builder +RUN go get -t github.com/google/gonids ADD https://rules.emergingthreats.net/open/suricata/emerging.rules.zip emerging.rules.zip COPY build.sh $SRC/ -WORKDIR $SRC/gonids +WORKDIR $SRC/ diff --git a/projects/gonids/build.sh b/projects/gonids/build.sh index 7397c5089..590045f9e 100755 --- a/projects/gonids/build.sh +++ b/projects/gonids/build.sh @@ -17,7 +17,6 @@ compile_go_fuzzer github.com/google/gonids FuzzParseRule fuzz_parserule -cd $SRC unzip emerging.rules.zip cd rules i=0 diff --git a/projects/gopacket/Dockerfile b/projects/gopacket/Dockerfile index 7f6c09a9e..f8816e597 100644 --- a/projects/gopacket/Dockerfile +++ b/projects/gopacket/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN go get github.com/google/gopacket COPY build.sh $SRC/ diff --git a/projects/gpac/Dockerfile b/projects/gpac/Dockerfile index 0784e48ad..cf7fc8043 100755 --- a/projects/gpac/Dockerfile +++ b/projects/gpac/Dockerfile @@ -16,7 +16,8 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y build-essential pkg-config libz-dev -RUN git clone https://github.com/gpac/gpac && git clone https://github.com/gpac/testsuite +RUN git clone https://github.com/gpac/gpac WORKDIR $SRC COPY build.sh $SRC/ +COPY fuzz_parse.c $SRC/ diff --git a/projects/gpac/build.sh b/projects/gpac/build.sh index 3bce7248e..904f5f234 100755 --- a/projects/gpac/build.sh +++ b/projects/gpac/build.sh @@ -18,8 +18,8 @@ cd gpac ./configure --static-build --extra-cflags="${CFLAGS}" --extra-ldflags="${CFLAGS}" make +cp $SRC/fuzz_parse.c . -cp $SRC/testsuite/oss-fuzzers/fuzz_parse.c . $CC $CFLAGS $LIB_FUZZING_ENGINE fuzz_parse.c -o $OUT/fuzz_parse \ -I./include -I./ ./bin/gcc/libgpac_static.a \ -lm -lz -lpthread -DGPAC_HAVE_CONFIG_H diff --git a/projects/apache-httpd/fuzz_addr_parse.c b/projects/gpac/fuzz_parse.c index 3fc00ab6b..b7c9ac9a6 100644 --- a/projects/apache-httpd/fuzz_addr_parse.c +++ b/projects/gpac/fuzz_parse.c @@ -9,29 +9,28 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ -#include <stddef.h> -#include <stdint.h> -#include <stdlib.h> +#include <stdio.h> +#include <unistd.h> -#include "apr_network_io.h" +#include <gpac/internal/isomedia_dev.h> +#include <gpac/constants.h> int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - apr_pool_t *pool; - apr_pool_initialize(); - if (apr_pool_create(&pool, NULL) != APR_SUCCESS) { - abort(); - } + char filename[256]; + sprintf(filename, "/tmp/libfuzzer.%d", getpid()); - char *addr = NULL; - char *scope_id = NULL; - apr_port_t port = 0; - char *input_string = strndup((const char *)data, size); + FILE *fp = fopen(filename, "wb"); + if (!fp) { + return 0; + } + fwrite(data, size, 1, fp); + fclose(fp); - apr_parse_addr_port(&addr, &scope_id, &port, input_string, pool); - - free(input_string); - apr_pool_destroy(pool); - apr_terminate(); - - return 0; + GF_ISOFile *movie = NULL; + movie = gf_isom_open_file(filename, GF_ISOM_OPEN_READ_DUMP, NULL); + if (movie != NULL) { + gf_isom_close(movie); + } + unlink(filename); + return 0; } diff --git a/projects/graphicsmagick/Dockerfile b/projects/graphicsmagick/Dockerfile index 7596b61a2..97f3a561d 100644 --- a/projects/graphicsmagick/Dockerfile +++ b/projects/graphicsmagick/Dockerfile @@ -29,7 +29,7 @@ RUN git clone --depth 1 https://github.com/libjpeg-turbo/libjpeg-turbo RUN git clone https://git.savannah.nongnu.org/r/freetype/freetype2.git/ RUN git clone --depth 1 https://github.com/pnggroup/libpng RUN git clone --depth 1 https://github.com/mm2/Little-CMS -RUN git clone http://git.ghostscript.com/ghostpdl.git +RUN git clone https://git.ghostscript.com/ghostpdl.git RUN git clone --depth 1 https://gitlab.com/federicomenaquintero/bzip2.git RUN git clone --depth 1 https://github.com/jasper-software/jasper RUN git clone --depth 1 https://gitlab.gnome.org/GNOME/libxml2.git diff --git a/projects/graphicsmagick/project.yaml b/projects/graphicsmagick/project.yaml index 319db4429..7b16f6cb0 100644 --- a/projects/graphicsmagick/project.yaml +++ b/projects/graphicsmagick/project.yaml @@ -8,8 +8,7 @@ auto_ccs: sanitizers: - address - memory -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - undefined architectures: - x86_64 - i386 diff --git a/projects/grpc-gateway/Dockerfile b/projects/grpc-gateway/Dockerfile index e6ef61cd7..9a7cad2f3 100644 --- a/projects/grpc-gateway/Dockerfile +++ b/projects/grpc-gateway/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder ENV GO111MODULE on RUN git clone https://github.com/grpc-ecosystem/grpc-gateway COPY build.sh $SRC/ diff --git a/projects/grpc-go/Dockerfile b/projects/grpc-go/Dockerfile index fa10f6d32..dc00af586 100644 --- a/projects/grpc-go/Dockerfile +++ b/projects/grpc-go/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder ENV GO111MODULE=on RUN go get google.golang.org/protobuf/cmd/protoc-gen-go google.golang.org/grpc/cmd/protoc-gen-go-grpc RUN git clone --depth 1 https://github.com/grpc/grpc-go $GOPATH/src/google.golang.org/grpc diff --git a/projects/grpc-httpjson-transcoding/Dockerfile b/projects/grpc-httpjson-transcoding/Dockerfile deleted file mode 100644 index 1746a42a4..000000000 --- a/projects/grpc-httpjson-transcoding/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -MAINTAINER nareddyt@google.com - -RUN apt-get update && apt-get install python -y -RUN git clone https://github.com/grpc-ecosystem/grpc-httpjson-transcoding.git -WORKDIR $SRC/grpc-httpjson-transcoding/ -COPY build.sh $SRC/ diff --git a/projects/grpc-httpjson-transcoding/build.sh b/projects/grpc-httpjson-transcoding/build.sh deleted file mode 100755 index 85e8e0b06..000000000 --- a/projects/grpc-httpjson-transcoding/build.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -eu -# -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# This project uses bazel rules_fuzzing. - -bazel_build_fuzz_tests diff --git a/projects/grpc-httpjson-transcoding/project.yaml b/projects/grpc-httpjson-transcoding/project.yaml deleted file mode 100644 index 07997d252..000000000 --- a/projects/grpc-httpjson-transcoding/project.yaml +++ /dev/null @@ -1,20 +0,0 @@ -homepage: "https://github.com/grpc-ecosystem/grpc-httpjson-transcoding" -main_repo: "https://github.com/grpc-ecosystem/grpc-httpjson-transcoding.git" -language: c++ -primary_contact: "nareddyt@google.com" -auto_ccs: -- "yangshuo@google.com" -- "taoxuy@google.com" -- "qiwzhang@google.com" -- "justinmp@google.com" - -fuzzing_engines: -- libfuzzer -- afl -- honggfuzz - -sanitizers: -- address -- undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory
\ No newline at end of file diff --git a/projects/grpc-swift/Dockerfile b/projects/grpc-swift/Dockerfile deleted file mode 100644 index 981ebe9d2..000000000 --- a/projects/grpc-swift/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-swift - -# specific to project -RUN apt-get update && apt-get install -y zlib1g-dev -RUN git clone --depth 1 https://github.com/grpc/grpc-swift -COPY build.sh $SRC -WORKDIR $SRC/grpc-swift diff --git a/projects/grpc-swift/build.sh b/projects/grpc-swift/build.sh deleted file mode 100755 index a27f3719c..000000000 --- a/projects/grpc-swift/build.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -. precompile_swift -# build project -cd FuzzTesting -swift build -c debug $SWIFTFLAGS - -( -cd .build/debug/ -find . -maxdepth 1 -type f -name "*Fuzzer" -executable | while read i; do cp $i $OUT/"$i"-debug; done -) -swift build -c release $SWIFTFLAGS -( -cd .build/release/ -find . -maxdepth 1 -type f -name "*Fuzzer" -executable | while read i; do cp $i $OUT/"$i"-release; done -) diff --git a/projects/grpc-swift/project.yaml b/projects/grpc-swift/project.yaml deleted file mode 100644 index 2b5c23049..000000000 --- a/projects/grpc-swift/project.yaml +++ /dev/null @@ -1,13 +0,0 @@ -homepage: "https://github.com/grpc/grpc-swift" -language: swift -primary_contact: "gbarnett@apple.com" -auto_ccs : -- "lukasa@apple.com" -- "pp_adams@apple.com" -- "p.antoine@catenacyber.fr" -fuzzing_engines: -- libfuzzer -sanitizers: -- address -- thread -main_repo: 'https://github.com/grpc/grpc-swift' diff --git a/projects/grpc/Dockerfile b/projects/grpc/Dockerfile index 5999a2c59..6d2a31074 100644 --- a/projects/grpc/Dockerfile +++ b/projects/grpc/Dockerfile @@ -16,7 +16,7 @@ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y software-properties-common +RUN apt-get update && apt-get install -y software-properties-common python-software-properties RUN add-apt-repository ppa:webupd8team/java RUN apt-get update && apt-get -y install \ vim \ @@ -38,7 +38,6 @@ RUN apt-get update && apt-get install -y \ # Install Python packages from PyPI RUN pip install --upgrade pip==10.0.1 RUN pip install virtualenv -RUN pip install incremental==16.10.1 RUN pip install futures==2.2.0 enum34==1.0.4 protobuf==3.5.2.post1 six==1.10.0 twisted==17.5.0 #======================== diff --git a/projects/gstreamer/Dockerfile b/projects/gstreamer/Dockerfile index 1a8834852..46318a5c3 100644 --- a/projects/gstreamer/Dockerfile +++ b/projects/gstreamer/Dockerfile @@ -13,23 +13,18 @@ # limitations under the License. # ################################################################################ + FROM gcr.io/oss-fuzz-base/base-builder +# Install the build dependencies -RUN apt-get update && \ - apt-get install -y make autoconf automake libtool build-essential pkg-config bison flex gettext \ - libffi-dev liblzma-dev libtheora-dev libogg-dev zlib1g-dev libcairo2-dev \ - python3-pip ninja-build && \ - pip3 install meson==0.55.1 +# install the minimum -# We must install libvorbis from scratch as otherwise we will run into -# undefined functions in Ubuntu 20.04 -RUN git clone --depth 1 https://gitlab.xiph.org/xiph/vorbis.git && \ - cd $SRC/vorbis && \ - ./autogen.sh && \ - ./configure --enable-static && \ - make clean && \ - make -j$(nproc) && \ - make install +RUN sed -i '/^#\sdeb-src /s/^#//' "/etc/apt/sources.list" && \ + apt-get update && \ + apt-get install -y build-essential pkg-config bison flex gettext \ + libffi-dev liblzma-dev libvorbis-dev libtheora-dev libogg-dev zlib1g-dev \ + python3-pip && \ + pip3 install meson==0.55.1 ninja==1.10.0.post2 ADD https://ftp.gnome.org/pub/gnome/sources/glib/2.64/glib-2.64.2.tar.xz $SRC @@ -40,8 +35,6 @@ RUN \ git clone --depth 1 --recursive https://gitlab.freedesktop.org/gstreamer/gst-plugins-base.git gst-plugins-base && \ git clone --depth 1 --recursive https://gitlab.freedesktop.org/gstreamer/gst-ci.git gst-ci -RUN sed -i 's/theoraenc theoradec theora/theoraenc theoradec theora cairo/g' $SRC/gst-ci/fuzzing/build-oss-fuzz.sh - ADD https://people.freedesktop.org/~bilboed/gst-discoverer_seed_corpus.zip $SRC WORKDIR gstreamer diff --git a/projects/gvisor/Dockerfile b/projects/gvisor/Dockerfile deleted file mode 100644 index 598664ee2..000000000 --- a/projects/gvisor/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-go -RUN git clone --depth 1 --branch go https://github.com/google/gvisor -COPY build.sh state_fuzzer.go $SRC/ -ENV GVISOR_ROOT $SRC/gvisor -WORKDIR $GVISOR_ROOT diff --git a/projects/gvisor/build.sh b/projects/gvisor/build.sh deleted file mode 100644 index 7a1ee279a..000000000 --- a/projects/gvisor/build.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -mv $SRC/state_fuzzer.go $GVISOR_ROOT/ -compile_go_fuzzer gvisor.dev/gvisor FuzzStateLoad state_load_fuzz diff --git a/projects/gvisor/project.yaml b/projects/gvisor/project.yaml deleted file mode 100644 index b44a8adc2..000000000 --- a/projects/gvisor/project.yaml +++ /dev/null @@ -1,11 +0,0 @@ -homepage: "https://github.com/google/gvisor" -main_repo: "https://github.com/google/gvisor" -primary_contact: "krakauer@google.com" -auto_ccs : - - "gvisor-dev@googlegroups.com" - - "adam@adalogics.com" -language: go -fuzzing_engines: - - libfuzzer -sanitizers: - - address diff --git a/projects/gvisor/state_fuzzer.go b/projects/gvisor/state_fuzzer.go deleted file mode 100644 index b44f07a50..000000000 --- a/projects/gvisor/state_fuzzer.go +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -package fuzzing - -import ( - "bytes" - "context" - "gvisor.dev/gvisor/pkg/buffer" - "gvisor.dev/gvisor/pkg/state" -) - -func FuzzStateLoad(data []byte) int { - ctx := context.Background() - var toLoad *buffer.View - _, _ = state.Load(ctx, bytes.NewReader(data), toLoad) - return 1 -} diff --git a/projects/h2o/build.sh b/projects/h2o/build.sh index 22b655d02..96c10de64 100755 --- a/projects/h2o/build.sh +++ b/projects/h2o/build.sh @@ -22,7 +22,6 @@ cp ./h2o-fuzzer-* $OUT/ zip -jr $OUT/h2o-fuzzer-http1_seed_corpus.zip $SRC/h2o/fuzz/http1-corpus zip -jr $OUT/h2o-fuzzer-http2_seed_corpus.zip $SRC/h2o/fuzz/http2-corpus -zip -jr $OUT/h2o-fuzzer-http3_seed_corpus.zip $SRC/h2o/fuzz/http3-corpus zip -jr $OUT/h2o-fuzzer-url_seed_corpus.zip $SRC/h2o/fuzz/url-corpus cp $SRC/*.options $SRC/h2o/fuzz/*.dict $OUT/ diff --git a/projects/h2o/h2o-fuzzer-http3.options b/projects/h2o/h2o-fuzzer-http3.options deleted file mode 100644 index 97ff13ba7..000000000 --- a/projects/h2o/h2o-fuzzer-http3.options +++ /dev/null @@ -1,4 +0,0 @@ -[libfuzzer] -close_fd_mask = 3 -max_len = 16384 -dict = http.dict diff --git a/projects/h2o/project.yaml b/projects/h2o/project.yaml index bc965024f..3c32e81ef 100644 --- a/projects/h2o/project.yaml +++ b/projects/h2o/project.yaml @@ -8,10 +8,5 @@ auto_ccs: - "frederik.deweerdt@gmail.com" - "kazuhooku@gmail.com" - "i.nagata110@gmail.com" - - "hfujita@fastly.com" - "security@fastly.com" - - "mtakayama@fastly.com" - - "gfuji@fastly.com" - - "nalramli@fastly.com" - main_repo: 'https://github.com/h2o/h2o' diff --git a/projects/h3/Dockerfile b/projects/h3/Dockerfile deleted file mode 100644 index 98f6e6ca4..000000000 --- a/projects/h3/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake libtool \ - pkg-config -RUN git clone --depth 1 https://github.com/uber/h3 -WORKDIR h3 -COPY build.sh h3_fuzzer.c $SRC/ diff --git a/projects/h3/build.sh b/projects/h3/build.sh deleted file mode 100755 index 126327e2f..000000000 --- a/projects/h3/build.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -mkdir build -cd build -sed -i '21d' $SRC/h3/CMakeLists.txt -cmake .. -make -j$(nproc) -$CC $CFLAGS -DH3_PREFIX="" \ - -I/src/h3/src/apps/applib/include \ - -I/src/h3/src/h3lib/include \ - -I/src/h3/build/src/h3lib/include \ - -o h3_fuzzer.o \ - -c $SRC/h3_fuzzer.c - -$CC $CFLAGS $LIB_FUZZING_ENGINE -rdynamic \ - h3_fuzzer.o \ - -o $OUT/h3_fuzzer \ - lib/libh3.a - diff --git a/projects/h3/h3_fuzzer.c b/projects/h3/h3_fuzzer.c deleted file mode 100644 index 5d6073380..000000000 --- a/projects/h3/h3_fuzzer.c +++ /dev/null @@ -1,71 +0,0 @@ -/* -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -*/ - -#include <stdint.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include "h3api.h" -#include "utility.h" - -static const Direction DIGITS[7] = {CENTER_DIGIT, K_AXES_DIGIT, J_AXES_DIGIT, - JK_AXES_DIGIT, I_AXES_DIGIT, IK_AXES_DIGIT, - IJ_AXES_DIGIT}; - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - if (size < sizeof(H3Index)) { - return 0; - } - H3Index h3; - memcpy(&h3, data, sizeof(H3Index)); - - H3Index input[] = {h3, h3}; - int inputSize = sizeof(input) / sizeof(H3Index); - - // fuzz compactCells - H3Index *compacted = calloc(inputSize, sizeof(H3Index)); - H3Error errCompact = compactCells(input, compacted, inputSize); - - // fuzz uncompactCells - int compactedCount = 0; - for (int i = 0; i < inputSize; i++) { - if (compacted[i] != 0) { - compactedCount++; - } - } - if (compactedCount < 2) { - int uncompactRes = 10; - int64_t uncompactedSize; - H3Error err2 = - uncompactCellsSize(compacted, inputSize, uncompactRes, &uncompactedSize); - - H3Index *uncompacted = calloc(uncompactedSize, sizeof(H3Index)); - H3Error err3 = uncompactCells(compacted, compactedCount, uncompacted, - uncompactedSize, uncompactRes); - free(uncompacted); - } - - // fuzz h3NeighborRotations - int rotations = 0; - for (int i = 0; i < 7; i++) { - h3NeighborRotations(h3, DIGITS[i], &rotations); - } - free(compacted); - return 0; -} diff --git a/projects/h3/project.yaml b/projects/h3/project.yaml deleted file mode 100644 index fdfbbfbe6..000000000 --- a/projects/h3/project.yaml +++ /dev/null @@ -1,13 +0,0 @@ -homepage: "https://github.com/uber/h3" -language: c -primary_contact: "isaacnf0x@gmail.com" -auto_ccs: - - "Adam@adalogics.com" - - "h3-dev@googlegroups.com" - - "isv.damocles@gmail.com" - - "ajfriend@gmail.com" -sanitizers: - - address - - undefined - - memory -main_repo: 'https://github.com/uber/h3' diff --git a/projects/harfbuzz/build.sh b/projects/harfbuzz/build.sh index c43b25312..3509a67f8 100755 --- a/projects/harfbuzz/build.sh +++ b/projects/harfbuzz/build.sh @@ -41,9 +41,9 @@ mv $build/test/fuzzing/hb-{shape,draw,subset,set}-fuzzer $OUT/ # Archive and copy to $OUT seed corpus if the build succeeded. mkdir all-fonts for d in \ - test/shape/data/in-house/fonts \ - test/shape/data/aots/fonts \ - test/shape/data/text-rendering-tests/fonts \ + test/shaping/data/in-house/fonts \ + test/shaping/data/aots/fonts \ + test/shaping/data/text-rendering-tests/fonts \ test/api/fonts \ test/fuzzing/fonts \ perf/fonts \ diff --git a/projects/hcl/Dockerfile b/projects/hcl/Dockerfile deleted file mode 100644 index 122beca6b..000000000 --- a/projects/hcl/Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright 2021 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-go -RUN git clone --depth 1 https://github.com/hashicorp/hcl -COPY build.sh $SRC -WORKDIR $SRC/hcl
\ No newline at end of file diff --git a/projects/hcl/build.sh b/projects/hcl/build.sh deleted file mode 100644 index 986e1009f..000000000 --- a/projects/hcl/build.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FUZZERS_BASE=$SRC/hcl/hclsyntax/fuzz -FUZZERS_PACKAGE=github.com/hashicorp/hcl/v2/hclsyntax/fuzz -FUZZER_CLASS=Fuzz - -for THE_FUZZER in config expr template traversal -do - THE_FUZZER_NAME="fuzz_"$THE_FUZZER - compile_go_fuzzer $FUZZERS_PACKAGE/$THE_FUZZER $FUZZER_CLASS $THE_FUZZER_NAME - - OUTDIR=$OUT/$THE_FUZZER_NAME"_seed_corpus" - mkdir $OUTDIR - find $FUZZERS_BASE/$THE_FUZZER/corpus -type f | while read FNAME - do - SHASUM_NAME=$(shasum "$FNAME" | awk '{print $1}') - cp "$FNAME" $OUTDIR - done - zip -r $OUTDIR".zip" $OUTDIR - rm -rf $OUTDIR -done
\ No newline at end of file diff --git a/projects/hcl/project.yaml b/projects/hcl/project.yaml deleted file mode 100644 index 4abeeb5f5..000000000 --- a/projects/hcl/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://github.com/hashicorp/hcl" -language: go -auto_ccs: - - federico.maggi@gmail.com -fuzzing_engines: - - libfuzzer -sanitizers: - - address -primary_contact: "security@hashicorp.com" -main_repo: 'https://github.com/hashicorp/hcl'
\ No newline at end of file diff --git a/projects/hermes/Dockerfile b/projects/hermes/Dockerfile index 70f4293fc..eb59a38da 100644 --- a/projects/hermes/Dockerfile +++ b/projects/hermes/Dockerfile @@ -16,16 +16,9 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && \ - apt-get install -y make autoconf automake libtool wget \ - python zip libreadline-dev libatomic-ops-dev - -RUN pip3 install meson ninja -RUN ln -s /usr/local/bin/ninja /usr/bin/ninja - -RUN wget https://github.com/unicode-org/icu/archive/refs/tags/cldr/2021-08-25.tar.gz && \ - tar xzvf ./2021-08-25.tar.gz && \ - mv ./icu-cldr-2021-08-25/icu4c $SRC/icu + apt-get install -y make autoconf automake libtool wget libicu-dev \ + ninja-build python zip libreadline-dev libatomic-ops-dev RUN git clone https://github.com/facebook/hermes.git -WORKDIR $SRC +WORKDIR hermes COPY build.sh $SRC/ diff --git a/projects/hermes/build.sh b/projects/hermes/build.sh index 7bf7a9b4d..01c11f3c0 100755 --- a/projects/hermes/build.sh +++ b/projects/hermes/build.sh @@ -15,23 +15,6 @@ # ################################################################################ -# build ICU for linking statically. -cd $SRC/icu/source -./configure --disable-shared --enable-static --disable-layoutex \ - --disable-tests --disable-samples --with-data-packaging=static -make install -j$(nproc) - -# Ugly ugly hack to get static linking to work for icu. -cd lib -ls *.a | xargs -n1 ar x -rm *.a -ar r libicu.a *.{ao,o} -ln -s $PWD/libicu.a /usr/lib/x86_64-linux-gnu/libicudata.a -ln -s $PWD/libicu.a /usr/lib/x86_64-linux-gnu/libicuuc.a -ln -s $PWD/libicu.a /usr/lib/x86_64-linux-gnu/libicui18n.a - -cd $SRC/hermes - if [ "${SANITIZER}" = address ] then CONFIGURE_FLAGS="--enable-asan" diff --git a/projects/hermes/project.yaml b/projects/hermes/project.yaml index baeedb69a..0e614fe6d 100644 --- a/projects/hermes/project.yaml +++ b/projects/hermes/project.yaml @@ -2,9 +2,8 @@ homepage: "https://github.com/facebook/hermes" language: c++ primary_contact: "neildhar@fb.com" auto_ccs: + - "dulinr@fb.com" - "mhl@fb.com" - - "avp@fb.com" - - "jsx@fb.com" vendor_ccs: - "oss-fuzz@fb.com" fuzzing_engines: diff --git a/projects/hostap/project.yaml b/projects/hostap/project.yaml index 9d95c6e2c..db978e157 100644 --- a/projects/hostap/project.yaml +++ b/projects/hostap/project.yaml @@ -11,10 +11,9 @@ fuzzing_engines: sanitizers: - address - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - dataflow architectures: - x86_64 - i386 -main_repo: 'git://w1.fi/srv/git/hostap.git'
\ No newline at end of file +main_repo: 'git://w1.fi/srv/git/hostap.git' diff --git a/projects/http-pattern-matcher/Dockerfile b/projects/http-pattern-matcher/Dockerfile deleted file mode 100644 index ab029ccf3..000000000 --- a/projects/http-pattern-matcher/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -MAINTAINER nareddyt@google.com - -RUN apt-get update && apt-get install python -y -RUN git clone https://github.com/google/http_pattern_matcher.git -WORKDIR $SRC/http_pattern_matcher/ -COPY build.sh $SRC/ diff --git a/projects/http-pattern-matcher/build.sh b/projects/http-pattern-matcher/build.sh deleted file mode 100755 index 85e8e0b06..000000000 --- a/projects/http-pattern-matcher/build.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -eu -# -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# This project uses bazel rules_fuzzing. - -bazel_build_fuzz_tests diff --git a/projects/http-pattern-matcher/project.yaml b/projects/http-pattern-matcher/project.yaml deleted file mode 100644 index 40a541ea4..000000000 --- a/projects/http-pattern-matcher/project.yaml +++ /dev/null @@ -1,20 +0,0 @@ -homepage: "https://github.com/google/http_pattern_matcher" -main_repo: "https://github.com/google/http_pattern_matcher.git" -language: c++ -primary_contact: "nareddyt@google.com" -auto_ccs: -- "yangshuo@google.com" -- "taoxuy@google.com" -- "qiwzhang@google.com" -- "justinmp@google.com" - -fuzzing_engines: -- libfuzzer -- afl -- honggfuzz - -sanitizers: -- address -- undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory diff --git a/projects/httparse/Dockerfile b/projects/httparse/Dockerfile index 9b7b32082..cffcc9f12 100644 --- a/projects/httparse/Dockerfile +++ b/projects/httparse/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone https://github.com/seanmonstar/httparse WORKDIR $SRC diff --git a/projects/httplib2/Dockerfile b/projects/httplib2/Dockerfile index 55a17f9b8..f7dcaf210 100644 --- a/projects/httplib2/Dockerfile +++ b/projects/httplib2/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-python +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/httplib2/httplib2 COPY build.sh $SRC/ diff --git a/projects/httplib2/build.sh b/projects/httplib2/build.sh index ba9410d8e..3a3d0eae7 100644 --- a/projects/httplib2/build.sh +++ b/projects/httplib2/build.sh @@ -15,7 +15,7 @@ # ################################################################################ -pip3 install six pytest +pip3 install six python3 setup.py install # Build fuzzers in $OUT. @@ -31,5 +31,5 @@ this_dir=\$(dirname \"\$0\") LD_PRELOAD=\$this_dir/sanitizer_with_fuzzer.so \ ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \ \$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename + chmod u+x $OUT/$fuzzer_basename done diff --git a/projects/hugo/Dockerfile b/projects/hugo/Dockerfile index 351c19418..bfba1a283 100644 --- a/projects/hugo/Dockerfile +++ b/projects/hugo/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone https://github.com/gohugoio/hugo COPY build.sh fuzz.go $SRC/ diff --git a/projects/hugo/fuzz.go b/projects/hugo/fuzz.go index bfb23cfb3..7a22e6d50 100644 --- a/projects/hugo/fuzz.go +++ b/projects/hugo/fuzz.go @@ -24,6 +24,7 @@ import ( "github.com/gohugoio/hugo/hugofs" "github.com/gohugoio/hugo/langs" "github.com/spf13/afero" + "github.com/spf13/viper" ) func newFuzzDeps(cfg config.Provider) *deps.Deps { @@ -42,7 +43,7 @@ func newFuzzDeps(cfg config.Provider) *deps.Deps { } func FuzzMarkdownify(data []byte) int { - v := config.New() + v := viper.New() v.Set("contentDir", "content") ns := New(newFuzzDeps(v)) diff --git a/projects/hunspell/project.yaml b/projects/hunspell/project.yaml index 248ffa272..48c3f88af 100644 --- a/projects/hunspell/project.yaml +++ b/projects/hunspell/project.yaml @@ -8,10 +8,9 @@ vendor_ccs: - "twsmith@mozilla.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined architectures: - i386 - x86_64 -main_repo: 'https://github.com/hunspell/hunspell.git'
\ No newline at end of file +main_repo: 'https://github.com/hunspell/hunspell.git' diff --git a/projects/hyperium/Dockerfile b/projects/hyperium/Dockerfile deleted file mode 100644 index 419302358..000000000 --- a/projects/hyperium/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust - -RUN git clone https://github.com/hyperium/http -RUN git clone https://github.com/hyperium/h2 -WORKDIR $SRC - -COPY build.sh $SRC/ diff --git a/projects/hyperium/build.sh b/projects/hyperium/build.sh deleted file mode 100755 index 72c29e574..000000000 --- a/projects/hyperium/build.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -cd $SRC/http -cargo fuzz build -O -cp ./fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_http $OUT/ - -cd $SRC/h2 -cargo fuzz build -O -cp ./fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_client $OUT/ -cp ./fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_e2e $OUT/ -cp ./fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_hpack $OUT/ - -for fuzz_name in fuzz_e2e fuzz_client; do - echo "[libfuzzer]" > $OUT/${fuzz_name}.options - echo "detect_leaks=0" >> $OUT/${fuzz_name}.options -done diff --git a/projects/hyperium/project.yaml b/projects/hyperium/project.yaml deleted file mode 100644 index c3d3d9fc2..000000000 --- a/projects/hyperium/project.yaml +++ /dev/null @@ -1,12 +0,0 @@ -homepage: "https://github.com/hyperium/" -main_repo: "https://github.com/hyperium/" -primary_contact: "sean.monstar@gmail.com" -sanitizers: - - address -fuzzing_engines: - - libfuzzer -language: rust -auto_ccs: - - "ver@buoyant.io" - - "eliza@buoyant.io" - - "david@adalogics.com" diff --git a/projects/ibmswtpm2/project.yaml b/projects/ibmswtpm2/project.yaml index 9af192dfc..c1c6a969b 100644 --- a/projects/ibmswtpm2/project.yaml +++ b/projects/ibmswtpm2/project.yaml @@ -7,6 +7,5 @@ auto_ccs: - "david.wooten@ieee.org" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory - - undefined
\ No newline at end of file + - memory + - undefined diff --git a/projects/icu/project.yaml b/projects/icu/project.yaml index 4ad93fd0a..d38b523a2 100644 --- a/projects/icu/project.yaml +++ b/projects/icu/project.yaml @@ -11,7 +11,6 @@ auto_ccs: - ftang@google.com sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory -main_repo: 'https://github.com/unicode-org/icu.git'
\ No newline at end of file +main_repo: 'https://github.com/unicode-org/icu.git' diff --git a/projects/image-png/Dockerfile b/projects/image-png/Dockerfile index 48be67685..cb953de6d 100644 --- a/projects/image-png/Dockerfile +++ b/projects/image-png/Dockerfile @@ -13,10 +13,11 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool curl cmake python llvm-dev libclang-dev clang RUN git clone https://github.com/image-rs/image-png WORKDIR $SRC COPY build.sh $SRC/ +COPY buf_independent.rs $SRC/image-png/fuzz/fuzz_targets/buf_independent.rs diff --git a/projects/image-png/buf_independent.rs b/projects/image-png/buf_independent.rs new file mode 100644 index 000000000..f4a1f312c --- /dev/null +++ b/projects/image-png/buf_independent.rs @@ -0,0 +1,74 @@ +#![no_main] +extern crate libfuzzer_sys; +use libfuzzer_sys::fuzz_target; +extern crate png; + +use std::io::{BufRead, Read, Result}; + +/// A reader that reads at most `n` bytes. +struct SmalBuf<R: BufRead> { + inner: R, + cap: usize, +} + +impl<R: BufRead> SmalBuf<R> { + fn new(inner: R, cap: usize) -> Self { + SmalBuf { inner, cap } + } +} + +impl<R: BufRead> Read for SmalBuf<R> { + fn read(&mut self, buf: &mut [u8]) -> Result<usize> { + let len = buf.len().min(self.cap); + self.inner.read(&mut buf[..len]) + } +} + +impl<R: BufRead> BufRead for SmalBuf<R> { + fn fill_buf(&mut self) -> Result<&[u8]> { + let buf = self.inner.fill_buf()?; + let len = buf.len().min(self.cap); + Ok(&buf[..len]) + } + + fn consume(&mut self, amt: usize) { + assert!(amt <= self.cap); + self.inner.consume(amt) + } +} + +fuzz_target!(|data: &[u8]| { + // Small limits, we don't need them hopefully. + let limits = png::Limits { bytes: 1 << 16 }; + + let reference = png::Decoder::new_with_limits(data, limits); + let smal = png::Decoder::new_with_limits(SmalBuf::new(data, 1), limits); + + let _ = png_compare(reference, smal); +}); + +#[inline(always)] +fn png_compare<R: BufRead, S: BufRead>(reference: png::Decoder<R>, smal: png::Decoder<S>) + -> std::result::Result<png::OutputInfo, ()> +{ + let mut smal = Some(smal); + let (info, mut reference) = reference.read_info().map_err(|_| { + assert!(smal.take().unwrap().read_info().is_err()); + })?; + + let (sinfo, mut smal) = smal.take().unwrap().read_info().expect("Deviation"); + assert_eq!(info, sinfo); + + if info.buffer_size() > 5_000_000 { + return Err(()); + } + + let mut ref_data = vec![0; info.buffer_size()]; + let mut smal_data = vec![0; info.buffer_size()]; + + let _rref = reference.next_frame(&mut ref_data); + let _rsmal = smal.next_frame(&mut smal_data); + + assert_eq!(smal_data, ref_data); + return Ok(info); +} diff --git a/projects/image-rs/Dockerfile b/projects/image-rs/Dockerfile deleted file mode 100644 index 636bc2b30..000000000 --- a/projects/image-rs/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust - -RUN git clone https://github.com/image-rs/image -WORKDIR $SRC/image - -COPY build.sh $SRC/ diff --git a/projects/image-rs/build.sh b/projects/image-rs/build.sh deleted file mode 100755 index c33f11cb7..000000000 --- a/projects/image-rs/build.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -cargo fuzz build -O -cargo fuzz list | while read i; do - cp fuzz/target/x86_64-unknown-linux-gnu/release/$i $OUT/ -done diff --git a/projects/image-rs/project.yaml b/projects/image-rs/project.yaml deleted file mode 100644 index 62ae5800d..000000000 --- a/projects/image-rs/project.yaml +++ /dev/null @@ -1,11 +0,0 @@ -homepage: "https://docs.rs/image/0.23.14/image" -main_repo: "https://github.com/image-rs/image" -primary_contact: "andreas.molzer@gmx.de" -sanitizers: - - address -fuzzing_engines: - - libfuzzer -language: rust -auto_ccs: - - "fintelia@gmail.com" - - "p.antoine@catenacyber.fr" diff --git a/projects/imageio/Dockerfile b/projects/imageio/Dockerfile index eeef9140d..87c1811d5 100644 --- a/projects/imageio/Dockerfile +++ b/projects/imageio/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-python +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone https://github.com/imageio/imageio COPY build.sh $SRC/ diff --git a/projects/imageio/build.sh b/projects/imageio/build.sh index 8bf0fe5ab..aeef84ec7 100644 --- a/projects/imageio/build.sh +++ b/projects/imageio/build.sh @@ -29,5 +29,5 @@ for fuzzer in $(find . -name 'fuzz_*.py'); do this_dir=\$(dirname \"\$0\") ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \ \$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename + chmod u+x $OUT/$fuzzer_basename done diff --git a/projects/imagemagick/project.yaml b/projects/imagemagick/project.yaml index ed95c7d34..509c8c1bc 100644 --- a/projects/imagemagick/project.yaml +++ b/projects/imagemagick/project.yaml @@ -7,8 +7,7 @@ auto_ccs: - urban.warrior.fuzz@gmail.com sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined architectures: - x86_64 diff --git a/projects/influxdb/Dockerfile b/projects/influxdb/Dockerfile index d108fe892..e00af1465 100644 --- a/projects/influxdb/Dockerfile +++ b/projects/influxdb/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder MAINTAINER william@influxdata.com RUN go get github.com/influxdata/influxdb RUN go get github.com/dgrijalva/jwt-go diff --git a/projects/ipfs/Dockerfile b/projects/ipfs/Dockerfile index 1deea86a0..aee4c4ce1 100644 --- a/projects/ipfs/Dockerfile +++ b/projects/ipfs/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/ipfs/go-datastore COPY build.sh $SRC/ diff --git a/projects/istio/Dockerfile b/projects/istio/Dockerfile index 896268867..4ba44e2a5 100644 --- a/projects/istio/Dockerfile +++ b/projects/istio/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone https://github.com/istio/istio COPY build.sh $SRC/ WORKDIR $SRC/istio diff --git a/projects/istio/build.sh b/projects/istio/build.sh index 2ec972309..cb148e828 100644 --- a/projects/istio/build.sh +++ b/projects/istio/build.sh @@ -15,5 +15,6 @@ # ################################################################################ -$SRC/istio/tests/fuzz/oss_fuzz_build.sh +compile_go_fuzzer ./tests/fuzz FuzzParseInputs fuzz_parse_inputs +compile_go_fuzzer ./tests/fuzz FuzzParseAndBuildSchema fuzz_parse_and_build_schema diff --git a/projects/jackson-core/Dockerfile b/projects/jackson-core/Dockerfile index 73e630b2a..1ff785046 100644 --- a/projects/jackson-core/Dockerfile +++ b/projects/jackson-core/Dockerfile @@ -15,7 +15,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-jvm +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y maven RUN git clone --depth 1 https://github.com/google/fuzzing diff --git a/projects/jackson-core/build.sh b/projects/jackson-core/build.sh index 4023cf96d..5cbf19c20 100644 --- a/projects/jackson-core/build.sh +++ b/projects/jackson-core/build.sh @@ -53,5 +53,5 @@ LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \ --target_class=$fuzzer_basename \ --jvm_args=\"-Xmx2048m\" \ \$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename + chmod u+x $OUT/$fuzzer_basename done diff --git a/projects/jackson-dataformat-xml/Dockerfile b/projects/jackson-dataformat-xml/Dockerfile deleted file mode 100644 index 65f1195cc..000000000 --- a/projects/jackson-dataformat-xml/Dockerfile +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-jvm - -RUN curl -L https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.zip -o maven.zip && \ - unzip maven.zip -d $SRC/maven && \ - rm -rf maven.zip - -ENV MVN $SRC/maven/apache-maven-3.6.3/bin/mvn - -RUN git clone --depth 1 https://github.com/google/fuzzing && \ - mv fuzzing/dictionaries/xml.dict $SRC/XmlFuzzer.dict && \ - rm -rf fuzzing - -RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus && \ - zip -j $SRC/XmlFuzzer_seed_corpus.zip go-fuzz-corpus/xml/corpus/* && \ - rm -rf go-fuzz-corpus - -ENV JACKSON_BRANCH=2.13 - -RUN git clone --depth 1 --branch=$JACKSON_BRANCH https://github.com/FasterXML/jackson-dataformat-xml - -COPY build.sh $SRC/ -COPY XmlFuzzer.java $SRC/ -WORKDIR $SRC/jackson-dataformat-xml diff --git a/projects/jackson-dataformat-xml/XmlFuzzer.java b/projects/jackson-dataformat-xml/XmlFuzzer.java deleted file mode 100644 index aeb2e8e44..000000000 --- a/projects/jackson-dataformat-xml/XmlFuzzer.java +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.dataformat.xml.XmlMapper; -import java.io.IOException; - -public class XmlFuzzer { - public static void fuzzerTestOneInput(byte[] input) { - ObjectMapper mapper = new XmlMapper(); - try { - mapper.readTree(input); - } catch (IOException ignored) { - } - } -} diff --git a/projects/jackson-dataformat-xml/build.sh b/projects/jackson-dataformat-xml/build.sh deleted file mode 100644 index 9be88a954..000000000 --- a/projects/jackson-dataformat-xml/build.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Move seed corpus and dictionary. -mv $SRC/{*.zip,*.dict} $OUT - -MAVEN_ARGS="-P!java14+ -Dmaven.test.skip=true -Djavac.src.version=15 -Djavac.target.version=15" -$MVN package org.apache.maven.plugins:maven-shade-plugin:3.2.4:shade $MAVEN_ARGS -CURRENT_VERSION=$($MVN org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate \ - -Dexpression=project.version -q -DforceStdout) -cp "target/jackson-dataformat-xml-$CURRENT_VERSION.jar" $OUT/jackson-dataformat-xml.jar - -ALL_JARS="jackson-dataformat-xml.jar" - -# The classpath at build-time includes the project jars in $OUT as well as the -# Jazzer API. -BUILD_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "$OUT/%s:"):$JAZZER_API_PATH - -# All .jar and .class files lie in the same directory as the fuzzer at runtime. -RUNTIME_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "\$this_dir/%s:"):\$this_dir - -for fuzzer in $(find $SRC -name '*Fuzzer.java'); do - fuzzer_basename=$(basename -s .java $fuzzer) - javac -cp $BUILD_CLASSPATH $fuzzer - cp $SRC/$fuzzer_basename.class $OUT/ - - # Create an execution wrapper that executes Jazzer with the correct arguments. - echo "#!/bin/sh -# LLVMFuzzerTestOneInput for fuzzer detection. -this_dir=\$(dirname \"\$0\") -LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \ -\$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \ ---cp=$RUNTIME_CLASSPATH \ ---target_class=$fuzzer_basename \ ---jvm_args=\"-Xmx2048m\" \ -\$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename -done diff --git a/projects/jackson-dataformat-xml/project.yaml b/projects/jackson-dataformat-xml/project.yaml deleted file mode 100644 index 7109fd04f..000000000 --- a/projects/jackson-dataformat-xml/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://github.com/FasterXML/jackson-dataformat-xml" -language: jvm -primary_contact: "tatu@fasterxml.com" -auto_ccs: - - "meumertzheim@code-intelligence.com" -fuzzing_engines: - - libfuzzer -main_repo: "https://github.com/FasterXML/jackson-dataformat-xml" -sanitizers: - - address diff --git a/projects/jackson-dataformats-binary/Dockerfile b/projects/jackson-dataformats-binary/Dockerfile index 700e3ea9c..0e4ea8213 100644 --- a/projects/jackson-dataformats-binary/Dockerfile +++ b/projects/jackson-dataformats-binary/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-jvm +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y maven ENV JACKSON_BRANCH=2.13 diff --git a/projects/jackson-dataformats-binary/build.sh b/projects/jackson-dataformats-binary/build.sh index 7cfdbb143..3c3c0afe6 100644 --- a/projects/jackson-dataformats-binary/build.sh +++ b/projects/jackson-dataformats-binary/build.sh @@ -62,5 +62,5 @@ LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \ --target_class=$fuzzer_basename \ --jvm_args=\"-Xmx2048m\" \ \$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename + chmod u+x $OUT/$fuzzer_basename done diff --git a/projects/janet/build.sh b/projects/janet/build.sh index 2279e80da..062730779 100755 --- a/projects/janet/build.sh +++ b/projects/janet/build.sh @@ -18,5 +18,5 @@ export CFLAGS="$CFLAGS -fPIC" cd janet make -$CC $CFLAGS -std=c99 -Isrc/include -Isrc/conf -fPIC -o fuzz_dostring.o -c ./test/fuzzers/fuzz_dostring.c -$CXX $CXXFLAGS $LIB_FUZZING_ENGINE fuzz_dostring.o build/libjanet.a -o $OUT/fuzz_dostring +clang $CFLAGS -std=c99 -Isrc/include -Isrc/conf -fPIC -o fuzz_dostring.o -c ./test/fuzzers/fuzz_dostring.c +clang++ $CXXFLAGS $LIB_FUZZING_ENGINE fuzz_dostring.o build/libjanet.a -o $OUT/fuzz_dostring diff --git a/projects/janus-gateway/Dockerfile b/projects/janus-gateway/Dockerfile index 6cf0e14f8..f0c56cd3b 100644 --- a/projects/janus-gateway/Dockerfile +++ b/projects/janus-gateway/Dockerfile @@ -22,7 +22,7 @@ RUN apt-get update && apt-get install -y \ gtk-doc-tools \ libconfig-dev \ libglib2.0-dev \ - libgnutls28-dev \ + libgnutls-dev \ libini-config-dev \ libjansson-dev \ libnice-dev \ diff --git a/projects/janus-gateway/project.yaml b/projects/janus-gateway/project.yaml index db1b17886..f2a640aa5 100644 --- a/projects/janus-gateway/project.yaml +++ b/projects/janus-gateway/project.yaml @@ -5,8 +5,7 @@ auto_ccs: - "lminiero@gmail.com" sanitizers: - address + - memory - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory coverage_extra_args: -ignore-filename-regex=.*glib.* -ignore-filename-regex=.*log.c main_repo: 'https://github.com/meetecho/janus-gateway.git' diff --git a/projects/java-example/Dockerfile b/projects/java-example/Dockerfile index 18ed9e1bc..316e9a888 100644 --- a/projects/java-example/Dockerfile +++ b/projects/java-example/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-jvm +FROM gcr.io/oss-fuzz-base/base-builder COPY build.sh $SRC/ diff --git a/projects/java-example/ExampleFuzzerNative.cpp b/projects/java-example/ExampleFuzzerNative.cpp index 565f75cf9..7ae0de80d 100644 --- a/projects/java-example/ExampleFuzzerNative.cpp +++ b/projects/java-example/ExampleFuzzerNative.cpp @@ -16,21 +16,15 @@ #include "ExampleFuzzerNative.h" -#include <limits> #include <string> // simple function containing a crash that requires coverage and string compare // instrumentation for the fuzzer to find -__attribute__((optnone)) void parseInternal(const std::string &input) { - constexpr int bar = std::numeric_limits<int>::max() - 5; - // Crashes with UBSan. - if (bar + input[0] == 300) { - return; - } +void parseInternal(const std::string &input) { if (input[0] == 'a' && input[1] == 'b' && input[5] == 'c') { if (input.find("secret_in_native_library") != std::string::npos) { - // Crashes with ASan. - [[maybe_unused]] char foo = input[input.size() + 2]; + // BOOM + *(char *)1 = 2; } } } diff --git a/projects/java-example/build.sh b/projects/java-example/build.sh index c2fcd449b..63f4c95f9 100755 --- a/projects/java-example/build.sh +++ b/projects/java-example/build.sh @@ -17,9 +17,8 @@ # Build native library. JVM_INCLUDES="-I$JAVA_HOME/include -I$JAVA_HOME/include/linux" -mkdir $OUT/native $CXX $CXXFLAGS $JVM_INCLUDES -fPIC -shared \ - ExampleFuzzerNative.cpp -o $OUT/native/libnative.so + ExampleFuzzerNative.cpp -o $OUT/libnative.so BUILD_CLASSPATH=$JAZZER_API_PATH @@ -32,7 +31,7 @@ for fuzzer in $(find $SRC -name '*Fuzzer.java' -or -name '*FuzzerNative.java'); cp $SRC/$fuzzer_basename.class $OUT/ if [[ $fuzzer_basename == *FuzzerNative ]]; then - driver=jazzer_driver_with_sanitizer + driver=jazzer_driver_asan else driver=jazzer_driver fi @@ -42,12 +41,12 @@ for fuzzer in $(find $SRC -name '*Fuzzer.java' -or -name '*FuzzerNative.java'); echo "#!/bin/sh # LLVMFuzzerTestOneInput for fuzzer detection. this_dir=\$(dirname \"\$0\") -LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir/native \ +LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \ ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \ \$this_dir/$driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \ --cp=$RUNTIME_CLASSPATH \ --target_class=$fuzzer_basename \ --jvm_args=\"-Xmx2048m\" \ \$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename + chmod u+x $OUT/$fuzzer_basename done diff --git a/projects/java-example/default.options b/projects/java-example/default.options index 8cda4b283..59318037a 100644 --- a/projects/java-example/default.options +++ b/projects/java-example/default.options @@ -1,6 +1,3 @@ [asan] handle_segv=1 allow_user_segv_handler=1 - -[ubsan] -handle_segv=1 diff --git a/projects/java-example/project.yaml b/projects/java-example/project.yaml index 6401e228f..e71c40577 100644 --- a/projects/java-example/project.yaml +++ b/projects/java-example/project.yaml @@ -1,5 +1,4 @@ homepage: "https://github.com/CodeIntelligenceTesting/jazzer" -disabled: true language: jvm primary_contact: "meumertzheim@code-intelligence.com" fuzzing_engines: @@ -7,4 +6,3 @@ fuzzing_engines: main_repo: "https://github.com/CodeIntelligenceTesting/jazzer" sanitizers: - address - - undefined diff --git a/projects/javaparser/build.sh b/projects/javaparser/build.sh deleted file mode 100755 index a93135018..000000000 --- a/projects/javaparser/build.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Build the jar. -CURRENT_VERSION=$(mvn org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate \ --Dexpression=project.version -q -DforceStdout) -mvn package -Dmaven.test.skip=true -cp "javaparser-core/target/javaparser-core-$CURRENT_VERSION.jar" $OUT/javaparser.jar - -# The jar files containing the project (separated by spaces). -PROJECT_JARS=javaparser.jar - -# Build fuzzers in $OUT. -BUILD_CLASSPATH=$(echo $PROJECT_JARS | xargs printf -- "$OUT/%s:"):$JAZZER_API_PATH - -# All jars and class files lie in the same directory as the fuzzer at runtime. -RUNTIME_CLASSPATH=$(echo $PROJECT_JARS | xargs printf -- "\$this_dir/%s:"):.:\$this_dir - -for fuzzer in $(find $SRC -name '*Fuzzer.java'); do - fuzzer_basename=$(basename -s .java $fuzzer) - javac -cp $BUILD_CLASSPATH $fuzzer - cp $SRC/$fuzzer_basename.class $OUT/ - - # Create execution wrapper. - echo "#!/bin/sh -# LLVMFuzzerTestOneInput for fuzzer detection. -this_dir=\$(dirname \"\$0\") -LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \ -\$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \ ---cp=$RUNTIME_CLASSPATH \ ---target_class=$fuzzer_basename \ ---jvm_args=\"-Xmx2048m\" \ -\$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename -done diff --git a/projects/javaparser/parseFuzzer.java b/projects/javaparser/parseFuzzer.java deleted file mode 100644 index 662f3fb47..000000000 --- a/projects/javaparser/parseFuzzer.java +++ /dev/null @@ -1,41 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -import com.code_intelligence.jazzer.api.FuzzedDataProvider; - -import static com.github.javaparser.ParseStart.COMPILATION_UNIT; -import com.github.javaparser.JavaParser; -import com.github.javaparser.ParseResult; -import com.github.javaparser.ast.CompilationUnit; -import com.github.javaparser.ParserConfiguration; -import static com.github.javaparser.Providers.provider; - -import java.io.ByteArrayInputStream; -import java.io.InputStream; - -public class parseFuzzer { - public static void fuzzerTestOneInput(FuzzedDataProvider data) { - String datastring = data.consumeRemainingAsString(); - InputStream datastream = new ByteArrayInputStream(datastring.getBytes()); - try { - ParserConfiguration configuration = new ParserConfiguration(); - final ParseResult<CompilationUnit> result = new JavaParser(configuration) - .parse(COMPILATION_UNIT, provider(datastream, configuration.getCharacterEncoding())); - } catch (Exception e) { - return; - } - } -} diff --git a/projects/javaparser/project.yaml b/projects/javaparser/project.yaml deleted file mode 100644 index f62cb7749..000000000 --- a/projects/javaparser/project.yaml +++ /dev/null @@ -1,11 +0,0 @@ -homepage: "https://javaparser.org" -language: jvm -primary_contact: "MysterAitch@users.noreply.github.com" -auto_ccs: - - "p.antoine@catenacyber.fr" - - "jean-pierre.lerbscher@jperf.com" -fuzzing_engines: - - libfuzzer -main_repo: "https://github.com/javaparser/javaparser" -sanitizers: - - address diff --git a/projects/jbig2dec/jbig2_fuzzer.cc b/projects/jbig2dec/jbig2_fuzzer.cc index c10b871a3..4b94f2c7d 100644 --- a/projects/jbig2dec/jbig2_fuzzer.cc +++ b/projects/jbig2dec/jbig2_fuzzer.cc @@ -27,7 +27,7 @@ #define KBYTE ((size_t) 1024) #define MBYTE (1024 * KBYTE) #define GBYTE (1024 * MBYTE) -#define MAX_ALLOCATION (32 * MBYTE) +#define MAX_ALLOCATION (1 * GBYTE) static size_t used; diff --git a/projects/json-patch/Dockerfile b/projects/json-patch/Dockerfile deleted file mode 100644 index 81eabb40d..000000000 --- a/projects/json-patch/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-go -RUN git clone --depth 1 https://github.com/evanphx/json-patch - -COPY fuzz_*.go $SRC/json-patch/ - -COPY build.sh $SRC/ -WORKDIR $SRC/json-patch diff --git a/projects/json-patch/build.sh b/projects/json-patch/build.sh deleted file mode 100755 index d13e7abf8..000000000 --- a/projects/json-patch/build.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -compile_go_fuzzer github.com/evanphx/json-patch FuzzCreateMerge fuzz_create_merge -compile_go_fuzzer github.com/evanphx/json-patch FuzzDecodeApply fuzz_decode_apply diff --git a/projects/json-patch/fuzz_create_merge.go b/projects/json-patch/fuzz_create_merge.go deleted file mode 100644 index b7cb330e0..000000000 --- a/projects/json-patch/fuzz_create_merge.go +++ /dev/null @@ -1,26 +0,0 @@ -package jsonpatch - -import ( - "bytes" -) - -func FuzzCreateMerge(data []byte) int { - s := bytes.Split(data, []byte{0}) - if len(s) != 3 { - return 0 - } - original := s[0] - target := s[1] - alternative := s[2] - - patch, err := CreateMergePatch(original, target) - if err != nil { - return 0 - } - _, err = MergePatch(alternative, patch) - if err != nil { - return 0 - } - - return 1 -} diff --git a/projects/json-patch/fuzz_decode_apply.go b/projects/json-patch/fuzz_decode_apply.go deleted file mode 100644 index 315955804..000000000 --- a/projects/json-patch/fuzz_decode_apply.go +++ /dev/null @@ -1,25 +0,0 @@ -package jsonpatch - -import ( - "bytes" -) - -func FuzzDecodeApply(data []byte) int { - s := bytes.Split(data, []byte{0}) - if len(s) != 2 { - return 0 - } - patchJSON := s[0] - original := s[1] - - patch, err := DecodePatch(patchJSON) - if err != nil { - return 0 - } - - _, err = patch.Apply(original) - if err != nil { - return 0 - } - return 1 -} diff --git a/projects/json-patch/project.yaml b/projects/json-patch/project.yaml deleted file mode 100644 index a66ada930..000000000 --- a/projects/json-patch/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://github.com/evanphx/json-patch" -primary_contact: "evan@phx.io" -auto_ccs: - - "p.antoine@catenacyber.fr" -language: go -fuzzing_engines: - - libfuzzer -sanitizers: - - address -main_repo: 'https://github.com/evanphx/json-patch' diff --git a/projects/json-sanitizer/Dockerfile b/projects/json-sanitizer/Dockerfile index 9d1052aed..f36a13622 100644 --- a/projects/json-sanitizer/Dockerfile +++ b/projects/json-sanitizer/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-jvm +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y maven diff --git a/projects/json-sanitizer/build.sh b/projects/json-sanitizer/build.sh index dd4063bbb..64df5e5c5 100755 --- a/projects/json-sanitizer/build.sh +++ b/projects/json-sanitizer/build.sh @@ -56,5 +56,5 @@ LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \ --target_class=$fuzzer_basename \ --jvm_args=\"-Xmx2048m\" \ \$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename + chmod u+x $OUT/$fuzzer_basename done diff --git a/projects/json/project.yaml b/projects/json/project.yaml index 927bfc52a..83f48e222 100644 --- a/projects/json/project.yaml +++ b/projects/json/project.yaml @@ -6,6 +6,5 @@ auto_ccs: sanitizers: - address - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory -main_repo: 'https://github.com/nlohmann/json.git'
\ No newline at end of file + - memory +main_repo: 'https://github.com/nlohmann/json.git' diff --git a/projects/json5format/Dockerfile b/projects/json5format/Dockerfile index 64c8793c9..c0117a59e 100644 --- a/projects/json5format/Dockerfile +++ b/projects/json5format/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/google/json5format WORKDIR $SRC diff --git a/projects/jsoncpp/project.yaml b/projects/jsoncpp/project.yaml index 51795d443..8dc8f020f 100644 --- a/projects/jsoncpp/project.yaml +++ b/projects/jsoncpp/project.yaml @@ -6,6 +6,5 @@ auto_ccs: sanitizers: - address - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory -main_repo: 'https://github.com/open-source-parsers/jsoncpp'
\ No newline at end of file + - memory +main_repo: 'https://github.com/open-source-parsers/jsoncpp' diff --git a/projects/jsonnet/build.sh b/projects/jsonnet/build.sh index d51c7048a..5386efb14 100644 --- a/projects/jsonnet/build.sh +++ b/projects/jsonnet/build.sh @@ -28,5 +28,4 @@ fuzzer=convert_jsonnet_fuzzer $CXX $CXXFLAGS -I${INSTALL_DIR}/include $LIB_FUZZING_ENGINE \ $fuzzer.cc -o $OUT/$fuzzer \ ${INSTALL_DIR}/build/libjsonnet.a \ - ${INSTALL_DIR}/build/libmd5.a \ - ${INSTALL_DIR}/build/libryml.a + ${INSTALL_DIR}/build/libmd5.a diff --git a/projects/jsonnet/project.yaml b/projects/jsonnet/project.yaml index feec146c7..4b33850c3 100644 --- a/projects/jsonnet/project.yaml +++ b/projects/jsonnet/project.yaml @@ -2,12 +2,12 @@ homepage: "https://github.com/google/jsonnet" language: c++ primary_contact: "dcunnin@google.com" auto_ccs: + - "wwweiwang@google.com" - "sparkprime@gmail.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined labels: diff --git a/projects/jsonparser/Dockerfile b/projects/jsonparser/Dockerfile index 38f310fbe..a5d91faf6 100644 --- a/projects/jsonparser/Dockerfile +++ b/projects/jsonparser/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/buger/jsonparser COPY build.sh $SRC/ diff --git a/projects/jsonschema/Dockerfile b/projects/jsonschema/Dockerfile index 007e01c11..ffec717b1 100644 --- a/projects/jsonschema/Dockerfile +++ b/projects/jsonschema/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-python +FROM gcr.io/oss-fuzz-base/base-builder RUN pip3 install hypothesis RUN git clone --depth=1 https://github.com/Julian/jsonschema diff --git a/projects/jsonschema/build.sh b/projects/jsonschema/build.sh index 3ba97abb3..71d4ad600 100644 --- a/projects/jsonschema/build.sh +++ b/projects/jsonschema/build.sh @@ -30,5 +30,5 @@ this_dir=\$(dirname \"\$0\") LD_PRELOAD=\$this_dir/sanitizer_with_fuzzer.so \ ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \ \$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename + chmod u+x $OUT/$fuzzer_basename done diff --git a/projects/jsoup/Dockerfile b/projects/jsoup/Dockerfile deleted file mode 100644 index d83f7b5f7..000000000 --- a/projects/jsoup/Dockerfile +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-jvm - -RUN curl -L https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.zip -o maven.zip && \ - unzip maven.zip -d $SRC/maven && \ - rm -rf maven.zip - -ENV MVN $SRC/maven/apache-maven-3.6.3/bin/mvn - -RUN git clone --depth 1 https://github.com/google/fuzzing && \ - mv fuzzing/dictionaries/html.dict $SRC/HtmlFuzzer.dict && \ - mv fuzzing/dictionaries/xml.dict $SRC/XmlFuzzer.dict && \ - rm -rf fuzzing - -RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus && \ - zip -j $SRC/XmlFuzzer_seed_corpus.zip go-fuzz-corpus/xml/corpus/* && \ - rm -rf go-fuzz-corpus - -RUN git clone --depth 1 https://github.com/jhy/jsoup/ - -COPY build.sh $SRC/ -COPY HtmlFuzzer.java XmlFuzzer.java $SRC/ -WORKDIR $SRC/jsoup diff --git a/projects/jsoup/XmlFuzzer.java b/projects/jsoup/XmlFuzzer.java deleted file mode 100644 index ddce20beb..000000000 --- a/projects/jsoup/XmlFuzzer.java +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -import com.code_intelligence.jazzer.api.FuzzedDataProvider; - -import org.jsoup.Jsoup; -import org.jsoup.parser.Parser; - -public class XmlFuzzer { - public static void fuzzerTestOneInput(FuzzedDataProvider data) { - Jsoup.parse(data.consumeRemainingAsString(), "", Parser.xmlParser()); - } -} diff --git a/projects/jsoup/build.sh b/projects/jsoup/build.sh deleted file mode 100755 index 4bbe473e3..000000000 --- a/projects/jsoup/build.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Move seed corpus and dictionary. -mv $SRC/{*.zip,*.dict} $OUT - -MAVEN_ARGS="-Dmaven.test.skip=true -Djavac.src.version=15 -Djavac.target.version=15" -$MVN package org.apache.maven.plugins:maven-shade-plugin:3.2.4:shade $MAVEN_ARGS -CURRENT_VERSION=$($MVN org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate \ - -Dexpression=project.version -q -DforceStdout) -cp "target/jsoup-$CURRENT_VERSION.jar" $OUT/jsoup.jar - -ALL_JARS="jsoup.jar" - -# The classpath at build-time includes the project jars in $OUT as well as the -# Jazzer API. -BUILD_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "$OUT/%s:"):$JAZZER_API_PATH - -# All .jar and .class files lie in the same directory as the fuzzer at runtime. -RUNTIME_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "\$this_dir/%s:"):\$this_dir - -for fuzzer in $(find $SRC -name '*Fuzzer.java'); do - fuzzer_basename=$(basename -s .java $fuzzer) - javac -cp $BUILD_CLASSPATH $fuzzer - cp $SRC/$fuzzer_basename.class $OUT/ - - # Create an execution wrapper that executes Jazzer with the correct arguments. - echo "#!/bin/sh -# LLVMFuzzerTestOneInput for fuzzer detection. -this_dir=\$(dirname \"\$0\") -LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \ -\$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \ ---cp=$RUNTIME_CLASSPATH \ ---target_class=$fuzzer_basename \ ---jvm_args=\"-Xmx2048m\" \ -\$@" > $OUT/$fuzzer_basename - chmod u+x $OUT/$fuzzer_basename -done diff --git a/projects/jsoup/project.yaml b/projects/jsoup/project.yaml deleted file mode 100644 index 6f47c2974..000000000 --- a/projects/jsoup/project.yaml +++ /dev/null @@ -1,11 +0,0 @@ -homepage: "https://github.com/jhy/jsoup/" -language: jvm -primary_contact: "jonathan@hedley.net" -auto_ccs: - - "wagner@code-intelligence.com" - - "ffrr33aakk@gmail.com" -fuzzing_engines: - - libfuzzer -main_repo: "https://github.com/jhy/jsoup/" -sanitizers: - - address diff --git a/projects/juju/Dockerfile b/projects/juju/Dockerfile deleted file mode 100644 index e4c15cb86..000000000 --- a/projects/juju/Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-go -RUN git clone --depth 1 https://github.com/juju/juju -COPY build.sh storage_fuzzer.go $SRC/ -WORKDIR $SRC/juju diff --git a/projects/juju/project.yaml b/projects/juju/project.yaml deleted file mode 100644 index 709249ffb..000000000 --- a/projects/juju/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://juju.is" -main_repo: "https://github.com/juju/juju" -primary_contact: "stickupkid@gmail.com" -auto_ccs : - - "adam@adalogics.com" -language: go -fuzzing_engines: - - libfuzzer -sanitizers: - - address diff --git a/projects/juju/storage_fuzzer.go b/projects/juju/storage_fuzzer.go deleted file mode 100644 index 17e2a0e06..000000000 --- a/projects/juju/storage_fuzzer.go +++ /dev/null @@ -1,24 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -package storage - -func Fuzz(data []byte) int { - _, err := ParseConstraints(string(data)) - if err != nil { - return 0 - } - return 1 -} diff --git a/projects/kamailio/build.sh b/projects/kamailio/build.sh index 5d94cec47..2b7c3735b 100755 --- a/projects/kamailio/build.sh +++ b/projects/kamailio/build.sh @@ -22,8 +22,7 @@ export LD_EXTRA_OPTS="${CFLAGS}" sed -i 's/int main(/int main2(/g' ./src/main.c -export MEMPKG=sys -make Q=verbose || true +make || true cd src mkdir objects && find . -name "*.o" -exec cp {} ./objects/ \; ar -r libkamilio.a ./objects/*.o @@ -31,7 +30,3 @@ cd ../ $CC $CFLAGS $LIB_FUZZING_ENGINE ./misc/fuzz/fuzz_uri.c -o $OUT/fuzz_uri \ -DFAST_LOCK -D__CPU_i386 ./src/libkamilio.a \ -I./src/ -I./src/core/parser -ldl -lresolv -lm - -$CC $CFLAGS $LIB_FUZZING_ENGINE ./misc/fuzz/fuzz_parse_msg.c -o $OUT/fuzz_parse_msg \ - -DFAST_LOCK -D__CPU_i386 ./src/libkamilio.a \ - -I./src/ -I./src/core/parser -ldl -lresolv -lm diff --git a/projects/kamailio/project.yaml b/projects/kamailio/project.yaml index ae2ce665d..46020a0c6 100755 --- a/projects/kamailio/project.yaml +++ b/projects/kamailio/project.yaml @@ -5,5 +5,3 @@ language: c auto_ccs: - "miconda@gmail.com" - "david@adalogics.com" - - "mail@gilawa.com" - - "qxork.droid@gmail.com" diff --git a/projects/karchive/project.yaml b/projects/karchive/project.yaml index 2318ce540..0e023cd43 100644 --- a/projects/karchive/project.yaml +++ b/projects/karchive/project.yaml @@ -3,7 +3,6 @@ language: c++ primary_contact: tsdgeos@gmail.com sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined -main_repo: 'https://invent.kde.org/frameworks/karchive.git'
\ No newline at end of file +main_repo: 'https://invent.kde.org/frameworks/karchive.git' diff --git a/projects/kcodecs/Dockerfile b/projects/kcodecs/Dockerfile index 1c563cf0d..3d70e831a 100644 --- a/projects/kcodecs/Dockerfile +++ b/projects/kcodecs/Dockerfile @@ -15,8 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get install --yes cmake -RUN curl -L http://ftp.gnu.org/pub/gnu/gperf/gperf-3.1.tar.gz -O +RUN apt-get install --yes cmake gperf RUN git clone --depth 1 --branch=5.15 git://code.qt.io/qt/qtbase.git RUN git clone --depth 1 https://invent.kde.org/frameworks/kcodecs.git RUN git clone --depth 1 https://invent.kde.org/frameworks/extra-cmake-modules.git diff --git a/projects/kcodecs/build.sh b/projects/kcodecs/build.sh index 85f5be3d0..2f8c857b1 100644 --- a/projects/kcodecs/build.sh +++ b/projects/kcodecs/build.sh @@ -16,20 +16,6 @@ ################################################################################ cd $SRC -tar xzf gperf*.tar.gz && rm -f gperf*.tar.gz -cd gperf* -FUZZ_CFLAGS="${CFLAGS}" -FUZZ_CXXFLAGS="${CXXFLAGS}" -unset CFLAGS -unset CXXFLAGS -# gperf is a code generator, so no need to sanitize it -./configure --prefix=/usr -make -j$(nproc) install -export CFLAGS="${FUZZ_CFLAGS}" -export CXXFLAGS="${FUZZ_CXXFLAGS}" - - -cd $SRC cd extra-cmake-modules cmake . make install diff --git a/projects/kcodecs/project.yaml b/projects/kcodecs/project.yaml index b698f6320..1b731e3f3 100644 --- a/projects/kcodecs/project.yaml +++ b/projects/kcodecs/project.yaml @@ -3,7 +3,6 @@ language: c++ primary_contact: tsdgeos@gmail.com sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined -main_repo: 'https://invent.kde.org/frameworks/kcodecs.git'
\ No newline at end of file +main_repo: 'https://invent.kde.org/frameworks/kcodecs.git' diff --git a/projects/keystone/project.yaml b/projects/keystone/project.yaml index 4bb1e0b1a..860313b1c 100644 --- a/projects/keystone/project.yaml +++ b/projects/keystone/project.yaml @@ -6,7 +6,6 @@ auto_ccs : - "stalkr@stalkr.net" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined -main_repo: 'https://github.com/keystone-engine/keystone.git'
\ No newline at end of file +main_repo: 'https://github.com/keystone-engine/keystone.git' diff --git a/projects/kimageformats/Dockerfile b/projects/kimageformats/Dockerfile index 060709fdd..4acc31c91 100644 --- a/projects/kimageformats/Dockerfile +++ b/projects/kimageformats/Dockerfile @@ -22,8 +22,8 @@ RUN git clone --depth 1 https://invent.kde.org/frameworks/extra-cmake-modules.gi RUN git clone --depth 1 --branch=5.15 git://code.qt.io/qt/qtbase.git RUN git clone --depth 1 https://invent.kde.org/frameworks/karchive.git RUN git clone --depth 1 https://invent.kde.org/frameworks/kimageformats.git -RUN git clone --depth 1 -b v3.1.0 https://aomedia.googlesource.com/aom -RUN git clone --depth 1 -b v0.9.1 https://github.com/AOMediaCodec/libavif.git +RUN git clone --depth 1 -b v2.0.2 https://aomedia.googlesource.com/aom +RUN git clone --depth 1 -b v0.9.0 https://github.com/AOMediaCodec/libavif.git RUN git clone --depth 1 https://github.com/strukturag/libde265.git RUN git clone --depth 1 https://github.com/strukturag/libheif.git COPY build.sh $SRC diff --git a/projects/kimageformats/build.sh b/projects/kimageformats/build.sh index 537056e47..0ffa60bbb 100644 --- a/projects/kimageformats/build.sh +++ b/projects/kimageformats/build.sh @@ -103,7 +103,7 @@ echo "$HANDLER_TYPES" | while read class format; do fuzz_target_name=kimgio_${format}_fuzzer $SRC/qtbase/bin/moc $SRC/kimageformats/src/imageformats/$format.cpp -o $format.moc - $CXX $CXXFLAGS -fPIC -DHANDLER=$class -std=c++17 $SRC/kimgio_fuzzer.cc $SRC/kimageformats/src/imageformats/$format.cpp -o $OUT/$fuzz_target_name -I $SRC/qtbase/include/QtCore/ -I $SRC/qtbase/include/ -I $SRC/qtbase/include//QtGui -I $SRC/kimageformats/src/imageformats/ -I $SRC/karchive/src/ -I $SRC/qtbase/mkspecs/linux-clang-libc++/ -I $SRC/libavif/include/ -I . -L $SRC/qtbase/lib $SRC/libavif/build/libavif.a /usr/local/lib/libheif.a /usr/local/lib/liblibde265.a $SRC/aom/build.libavif/libaom.a -lQt5Gui -lQt5Core -lqtlibpng -lqtharfbuzz -lm -lqtpcre2 -ldl -lpthread $LIB_FUZZING_ENGINE /usr/local/lib/libzip.a /usr/local/lib/libz.a -lKF5Archive /usr/local/lib/libz.a + $CXX $CXXFLAGS -fPIC -DHANDLER=$class -std=c++14 $SRC/kimgio_fuzzer.cc $SRC/kimageformats/src/imageformats/$format.cpp -o $OUT/$fuzz_target_name -I $SRC/qtbase/include/QtCore/ -I $SRC/qtbase/include/ -I $SRC/qtbase/include//QtGui -I $SRC/kimageformats/src/imageformats/ -I $SRC/karchive/src/ -I $SRC/qtbase/mkspecs/linux-clang-libc++/ -I $SRC/libavif/include/ -I . -L $SRC/qtbase/lib $SRC/libavif/build/libavif.a /usr/local/lib/libheif.a /usr/local/lib/liblibde265.a $SRC/aom/build.libavif/libaom.a -lQt5Gui -lQt5Core -lqtlibpng -lqtharfbuzz -lm -lqtpcre2 -ldl -lpthread $LIB_FUZZING_ENGINE /usr/local/lib/libzip.a /usr/local/lib/libz.a -lKF5Archive /usr/local/lib/libz.a find . -name "*.${format}" | zip -q $OUT/${fuzz_target_name}_seed_corpus.zip -@ ) diff --git a/projects/kimageformats/project.yaml b/projects/kimageformats/project.yaml index a36df366c..d2551a802 100644 --- a/projects/kimageformats/project.yaml +++ b/projects/kimageformats/project.yaml @@ -3,7 +3,6 @@ language: c++ primary_contact: tsdgeos@gmail.com sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined main_repo: 'https://invent.kde.org/frameworks/kimageformats.git' diff --git a/projects/knot-dns/build.sh b/projects/knot-dns/build.sh index b49aa69d1..e451813fe 100755 --- a/projects/knot-dns/build.sh +++ b/projects/knot-dns/build.sh @@ -20,7 +20,7 @@ # Cribbed from projects/wget2, thanks rockdaboot@gmail.com export DEPS_PATH=$SRC/knot_deps -export PKG_CONFIG_PATH=$DEPS_PATH/lib64/pkgconfig:$DEPS_PATH/lib/pkgconfig +export PKG_CONFIG_PATH=$DEPS_PATH/lib/pkgconfig export CPPFLAGS="-I$DEPS_PATH/include" export LDFLAGS="-L$DEPS_PATH/lib" export GNULIB_SRCDIR=$SRC/gnulib @@ -75,9 +75,6 @@ make check # Set up fuzzing seeds git submodule update --init -- ./fuzz_packet.in +find ./fuzz_packet.in/ -type f -exec zip -u $OUT/fuzz_packet_seed_corpus.zip {} \; git submodule update --init -- ./fuzz_zscanner.in -# ./fuzz_dname_to_str.in/ and ./fuzz_dname_from_str.in/ are stored in the base repository -find ./fuzz_packet.in/ -type f -exec zip -u $OUT/fuzz_packet_seed_corpus.zip {} \; -find ./fuzz_zscanner.in/ -type f -exec zip -u $OUT/fuzz_zscanner_seed_corpus.zip {} \; -find ./fuzz_dname_to_str.in/ -type f -exec zip -u $OUT/fuzz_dname_to_str_seed_corpus.zip {} \; -find ./fuzz_dname_from_str.in/ -type f -exec zip -u $OUT/fuzz_dname_from_str_seed_corpus.zip {} \; +find ./fuzz_zscanner.in/ -type f -exec zip -u $OUT/fuzz_zscanner_seed_corpus.zip {} \; diff --git a/projects/kryo/DeserializeCollectionsFuzzer.java b/projects/kryo/DeserializeCollectionsFuzzer.java deleted file mode 100644 index f28e378ef..000000000 --- a/projects/kryo/DeserializeCollectionsFuzzer.java +++ /dev/null @@ -1,69 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -import com.code_intelligence.jazzer.api.FuzzedDataProvider; - -import com.esotericsoftware.kryo.Kryo; -import com.esotericsoftware.kryo.io.Input; -import com.esotericsoftware.kryo.KryoException; -import com.esotericsoftware.kryo.serializers.CompatibleFieldSerializer; - -import java.util.*; - -public class DeserializeCollectionsFuzzer { - public static void fuzzerTestOneInput(FuzzedDataProvider data) { - Kryo kryo = new Kryo(); - kryo.register(SomeClass.class); - - kryo.setReferences(data.consumeBoolean()); - if (data.consumeBoolean()) - kryo.setDefaultSerializer(CompatibleFieldSerializer.class); - - Input in = new Input(data.consumeRemainingAsBytes()); - try { - kryo.readObject(in, SomeClass.class); - } catch (KryoException e) { - } finally { - in.close(); - } - } - - public static final class SomeClass { - List<String> _emptyList = Collections.emptyList(); - Set<String> _emptySet = Collections.emptySet(); - Map<String, String> _emptyMap = Collections.emptyMap(); - List<String> _singletonList = Collections.singletonList("foo"); - Set<String> _singletonSet = Collections.emptySet(); - Map<String, String> _singletonMap; - TreeSet<String> _treeSet; - TreeMap<String, Integer> _treeMap; - List<String> _arrayList; - Set<String> _hashSet; - Map<String, Integer> _hashMap; - List<Integer> _asList = Arrays.asList(1, 2, 3); - int[] _intArray; - long[] _longArray; - short[] _shortArray; - float[] _floatArray; - double[] _doubleArray; - byte[] _byteArray; - char[] _charArray; - String[] _stringArray; - Integer[] _integerArray; - BitSet _bitSet; - } - -} diff --git a/projects/kryo/DeserializeNumbersFuzzer.java b/projects/kryo/DeserializeNumbersFuzzer.java deleted file mode 100644 index 80137c780..000000000 --- a/projects/kryo/DeserializeNumbersFuzzer.java +++ /dev/null @@ -1,76 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -import com.code_intelligence.jazzer.api.FuzzedDataProvider; - -import com.esotericsoftware.kryo.Kryo; -import com.esotericsoftware.kryo.io.Input; -import com.esotericsoftware.kryo.KryoException; -import com.esotericsoftware.kryo.serializers.CompatibleFieldSerializer; - -import java.util.*; -import java.util.concurrent.atomic.AtomicInteger; -import java.util.concurrent.atomic.AtomicLong; -import java.math.BigDecimal; -import java.math.BigInteger; - -public class DeserializeNumbersFuzzer { - public static void fuzzerTestOneInput(FuzzedDataProvider data) { - Kryo kryo = new Kryo(); - kryo.register(SomeClass.class); - - kryo.setReferences(data.consumeBoolean()); - if (data.consumeBoolean()) - kryo.setDefaultSerializer(CompatibleFieldSerializer.class); - - Input in = new Input(data.consumeRemainingAsBytes()); - try { - kryo.readObject(in, SomeClass.class); - } catch (KryoException e) { - } finally { - in.close(); - } - } - - public static final class SomeClass { - Date _date; - TimeZone _timeZone; - Calendar _calendar; - Locale _locale; - Integer[] _integerArray; - boolean _boolean; - char _char; - byte _byte; - short _short; - int _int1; - int _int2; - long _long; - float _float; - double _double; - Boolean _Boolean; - Character _Character; - Byte _Byte; - Short _Short; - Integer _Integer; - Long _Long; - Float _Float; - Double _Double; - BigInteger _bigInteger; - BigDecimal _bigDecimal; - AtomicInteger _atomicInteger; - AtomicLong _atomicLong; - } -} diff --git a/projects/kryo/DeserializeStringFuzzer.java b/projects/kryo/DeserializeStringFuzzer.java deleted file mode 100644 index 9fe77ec23..000000000 --- a/projects/kryo/DeserializeStringFuzzer.java +++ /dev/null @@ -1,45 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -import com.code_intelligence.jazzer.api.FuzzedDataProvider; - -import com.esotericsoftware.kryo.Kryo; -import com.esotericsoftware.kryo.io.Input; -import com.esotericsoftware.kryo.KryoException; -import com.esotericsoftware.kryo.serializers.CompatibleFieldSerializer; - -public class DeserializeStringFuzzer { - public static void fuzzerTestOneInput(FuzzedDataProvider data) { - Kryo kryo = new Kryo(); - kryo.register(SomeClass.class); - - kryo.setReferences(data.consumeBoolean()); - if (data.consumeBoolean()) - kryo.setDefaultSerializer(CompatibleFieldSerializer.class); - - Input in = new Input(data.consumeRemainingAsBytes()); - try { - kryo.readObject(in, SomeClass.class); - } catch (KryoException e) { - } finally { - in.close(); - } - } - - public static final class SomeClass { - String value; - } -} diff --git a/projects/kryo/build.sh b/projects/kryo/build.sh deleted file mode 100644 index 9d53d396b..000000000 --- a/projects/kryo/build.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -MAVEN_ARGS="-Dmaven.test.skip=true -Djavac.src.version=15 -Djavac.target.version=15" - -$MVN package org.apache.maven.plugins:maven-shade-plugin:3.2.4:shade $MAVEN_ARGS -current_version=$($MVN org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate \ --Dexpression=project.version -q -DforceStdout) -cp "target/kryo-$current_version.jar" $OUT/kryo.jar - -ALL_JARS="kryo.jar" - -# The classpath at build-time includes the project jars in $OUT as well as the -# Jazzer API. -BUILD_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "$OUT/%s:"):$JAZZER_API_PATH - -# All .jar and .class files lie in the same directory as the fuzzer at runtime. -RUNTIME_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "\$this_dir/%s:"):\$this_dir - -for fuzzer in $(find $SRC -name '*Fuzzer.java'); do - fuzzer_basename=$(basename -s .java $fuzzer) - javac --enable-preview --release 15 -cp $BUILD_CLASSPATH $fuzzer - cp $SRC/$fuzzer_basename.class $OUT/ - cp $SRC/${fuzzer_basename}\$SomeClass.class $OUT/ - - # Create an execution wrapper that executes Jazzer with the correct arguments. - echo "#!/bin/sh -# LLVMFuzzerTestOneInput for fuzzer detection. -this_dir=\$(dirname \"\$0\") -LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \ -\$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \ ---cp=$RUNTIME_CLASSPATH \ ---target_class=$fuzzer_basename \ ---jvm_args=\"-Xmx2048m;--enable-preview\" \ -\$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename -done diff --git a/projects/kryo/project.yaml b/projects/kryo/project.yaml deleted file mode 100644 index 8b747ac5f..000000000 --- a/projects/kryo/project.yaml +++ /dev/null @@ -1,12 +0,0 @@ -homepage: "http://esotericsoftware.com/" -language: jvm -primary_contact: "thomas@umschalt.com" -auto_ccs: - - "meumertzheim@code-intelligence.com" - - "wagner@code-intelligence.com" - - "meumertzheim@code-intelligence.com" -fuzzing_engines: - - libfuzzer -main_repo: "https://github.com/EsotericSoftware/kryo" -sanitizers: - - address diff --git a/projects/kubernetes/Dockerfile b/projects/kubernetes/Dockerfile index e6391ad97..e4ebed882 100644 --- a/projects/kubernetes/Dockerfile +++ b/projects/kubernetes/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN go get github.com/ianlancetaylor/demangle RUN git clone --depth 1 https://github.com/kubernetes/kubernetes.git diff --git a/projects/lame/project.yaml b/projects/lame/project.yaml index 630fd7647..b6bd38292 100644 --- a/projects/lame/project.yaml +++ b/projects/lame/project.yaml @@ -5,8 +5,7 @@ auto_ccs: - "bouvigne@gmail.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory architectures: - x86_64 - - i386
\ No newline at end of file + - i386 diff --git a/projects/leveldb/project.yaml b/projects/leveldb/project.yaml index 710887fd1..7eecedc2f 100644 --- a/projects/leveldb/project.yaml +++ b/projects/leveldb/project.yaml @@ -6,6 +6,5 @@ auto_ccs : - "david@adalogics.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory -main_repo: 'https://github.com/google/leveldb.git'
\ No newline at end of file + - memory +main_repo: 'https://github.com/google/leveldb.git' diff --git a/projects/libaom/Dockerfile b/projects/libaom/Dockerfile index 2bfa6aaf2..a911f3367 100644 --- a/projects/libaom/Dockerfile +++ b/projects/libaom/Dockerfile @@ -18,5 +18,5 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y cmake yasm wget RUN git clone https://aomedia.googlesource.com/aom ADD https://storage.googleapis.com/aom-test-data/fuzzer/dec_fuzzer_seed_corpus.zip $SRC/ -COPY build.sh $SRC/ +COPY build.sh av1_dec_fuzzer.dict $SRC/ WORKDIR aom diff --git a/projects/libaom/av1_dec_fuzzer.dict b/projects/libaom/av1_dec_fuzzer.dict new file mode 100644 index 000000000..fb1638864 --- /dev/null +++ b/projects/libaom/av1_dec_fuzzer.dict @@ -0,0 +1,5 @@ +# IVF Signature + version (bytes 0-5) +kw1="DKIF\x00\x00" + +# AV1 codec fourCC (bytes 8-11) +kw2="AV01" diff --git a/projects/libaom/build.sh b/projects/libaom/build.sh index 590b45ac5..fc25bbf4c 100755 --- a/projects/libaom/build.sh +++ b/projects/libaom/build.sh @@ -65,5 +65,5 @@ $CXX $CXXFLAGS -std=c++11 \ # copy seed corpus. cp $SRC/dec_fuzzer_seed_corpus.zip $OUT/${fuzzer_name}_seed_corpus.zip -cp $SRC/aom/examples/av1_dec_fuzzer.dict $OUT/${fuzzer_name}.dict +cp $SRC/av1_dec_fuzzer.dict $OUT/${fuzzer_name}.dict diff --git a/projects/libaom/project.yaml b/projects/libaom/project.yaml index 02fe38768..dedc30485 100644 --- a/projects/libaom/project.yaml +++ b/projects/libaom/project.yaml @@ -6,10 +6,10 @@ sanitizers: - memory - undefined auto_ccs: +- huisu@google.com - jaikk@google.com - jzern@google.com - wtc@google.com -- yunqingwang@google.com vendor_ccs: - twsmith@mozilla.com main_repo: 'https://aomedia.googlesource.com/aom' diff --git a/projects/libarchive/Dockerfile b/projects/libarchive/Dockerfile index c41e51ca7..bd076691e 100644 --- a/projects/libarchive/Dockerfile +++ b/projects/libarchive/Dockerfile @@ -16,12 +16,12 @@ FROM gcr.io/oss-fuzz-base/base-builder +# Installing optional libraries can utilize more code path and/or improve +# performance (avoid calling external programs). RUN apt-get update && apt-get install -y make autoconf automake libtool pkg-config \ libbz2-dev liblzo2-dev liblzma-dev liblz4-dev libz-dev \ - libssl-dev libacl1-dev libattr1-dev lrzip \ - liblz4-tool lzop zstd lcab genisoimage jlha-utils rar default-jdk + libxml2-dev libssl-dev libacl1-dev libattr1-dev lrzip \ + liblz4-tool lzop zstd lcab genisoimage jlha-utils rar default-jdk RUN git clone --depth 1 https://github.com/libarchive/libarchive.git -RUN git clone --depth 1 https://gitlab.gnome.org/GNOME/libxml2.git - +WORKDIR libarchive COPY build.sh libarchive_fuzzer.cc $SRC/ -WORKDIR $SRC diff --git a/projects/libarchive/build.sh b/projects/libarchive/build.sh index a46a44d2a..87587a57d 100755 --- a/projects/libarchive/build.sh +++ b/projects/libarchive/build.sh @@ -15,35 +15,18 @@ # ################################################################################ -# compile libxml2 from source so we can statically link -DEPS=/deps -mkdir ${DEPS} -cd $SRC/libxml2 -./autogen.sh \ - --without-debug \ - --without-ftp \ - --without-http \ - --without-legacy \ - --without-python -make -j$(nproc) -make install -cp .libs/libxml2.a ${DEPS}/ -cd $SRC/libarchive - -sed -i 's/-Wall//g' ./CMakeLists.txt -sed -i 's/-Werror//g' ./CMakeLists.txt - -mkdir build2 -cd build2 -cmake ../ -make +# build the project +./build/autogen.sh +./configure +make -j$(nproc) all # build seed cp $SRC/libarchive/contrib/oss-fuzz/corpus.zip\ - $OUT/libarchive_fuzzer_seed_corpus.zip + $OUT/libarchive_fuzzer_seed_corpus.zip # build fuzzer(s) -$CXX $CXXFLAGS -I../libarchive \ +$CXX $CXXFLAGS -Ilibarchive \ $SRC/libarchive_fuzzer.cc -o $OUT/libarchive_fuzzer \ - $LIB_FUZZING_ENGINE ./libarchive/libarchive.a \ - -lcrypto -lacl -llzma -llz4 -lbz2 -lz ${DEPS}/libxml2.a + $LIB_FUZZING_ENGINE .libs/libarchive.a \ + -Wl,-Bstatic -lbz2 -llzo2 -lxml2 -llzma -lz -lcrypto -llz4 -licuuc \ + -licudata -Wl,-Bdynamic diff --git a/projects/libass/Dockerfile b/projects/libass/Dockerfile index 88801cc85..b0758cef1 100644 --- a/projects/libass/Dockerfile +++ b/projects/libass/Dockerfile @@ -15,10 +15,11 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake libtool pkg-config libfontconfig1-dev libfreetype-dev libfribidi-dev python3-pip && \ +RUN apt-get update && apt-get install -y make autoconf automake libtool pkg-config libfreetype6-dev libfontconfig1-dev python3-pip && \ pip3 install meson==0.53.0 ninja RUN git clone --depth 1 https://github.com/libass/libass.git +RUN git clone --depth 1 https://github.com/behdad/fribidi.git RUN git clone --depth 1 https://github.com/harfbuzz/harfbuzz.git COPY build.sh libass_fuzzer.cc *.dict *.options $SRC/ diff --git a/projects/libass/build.sh b/projects/libass/build.sh index 8e313fdfd..44006e37f 100755 --- a/projects/libass/build.sh +++ b/projects/libass/build.sh @@ -15,6 +15,10 @@ # ################################################################################ +cd $SRC/fribidi +./autogen.sh --disable-docs --enable-static=yes --enable-shared=no --with-pic=yes --prefix=/work/ +make install + cd $SRC/harfbuzz # setup @@ -29,7 +33,6 @@ CFLAGS="$CFLAGS -fno-sanitize=vptr" \ CXXFLAGS="$CXXFLAGS -fno-sanitize=vptr" \ meson --default-library=static --wrap-mode=nodownload \ -Dfuzzer_ldflags="$(echo $LIB_FUZZING_ENGINE)" \ - -Dtests=disabled \ --prefix=/work/ --libdir=lib $build \ || (cat build/meson-logs/meson-log.txt && false) meson install -C $build @@ -41,11 +44,10 @@ export PKG_CONFIG_PATH=/work/lib/pkgconfig ./configure --disable-asm make -j$(nproc) -$CXX $CXXFLAGS -std=c++11 -I$SRC/libass \ +$CXX $CXXFLAGS -std=c++11 -I$SRC/libass -L/work/lib \ $SRC/libass_fuzzer.cc -o $OUT/libass_fuzzer \ $LIB_FUZZING_ENGINE libass/.libs/libass.a \ - -Wl,-Bstatic \ - $(pkg-config --static --libs fontconfig freetype2 fribidi harfbuzz | sed 's/-lm //g') \ - -Wl,-Bdynamic + -Wl,-Bstatic -lfontconfig -lfribidi -lfreetype -lharfbuzz -lz -lpng12 \ + -lexpat -Wl,-Bdynamic cp $SRC/*.dict $SRC/*.options $OUT/ diff --git a/projects/libass/libass_fuzzer.cc b/projects/libass/libass_fuzzer.cc index 8cb11a68c..5254faff4 100644 --- a/projects/libass/libass_fuzzer.cc +++ b/projects/libass/libass_fuzzer.cc @@ -1,21 +1,3 @@ -/* -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -*/ - #include <stdio.h> #include <stdlib.h> @@ -30,35 +12,29 @@ void msg_callback(int level, const char *fmt, va_list va, void *data) { static const int kFrameWidth = 1280; static const int kFrameHeight = 720; -struct init { - init(int frame_w, int frame_h) { - ass_library = ass_library_init(); - if (!ass_library) { - printf("ass_library_init failed!\n"); - exit(1); - } - - ass_set_message_cb(ass_library, msg_callback, NULL); +static bool init(int frame_w, int frame_h) { + ass_library = ass_library_init(); + if (!ass_library) { + printf("ass_library_init failed!\n"); + exit(1); + } - ass_renderer = ass_renderer_init(ass_library); - if (!ass_renderer) { - printf("ass_renderer_init failed!\n"); - exit(1); - } + ass_set_message_cb(ass_library, msg_callback, NULL); - ass_set_frame_size(ass_renderer, frame_w, frame_h); - ass_set_fonts(ass_renderer, nullptr, "sans-serif", - ASS_FONTPROVIDER_AUTODETECT, nullptr, 1); + ass_renderer = ass_renderer_init(ass_library); + if (!ass_renderer) { + printf("ass_renderer_init failed!\n"); + exit(1); } - ~init() { - ass_renderer_done(ass_renderer); - ass_library_done(ass_library); - } -}; + ass_set_frame_size(ass_renderer, frame_w, frame_h); + ass_set_fonts(ass_renderer, nullptr, "sans-serif", + ASS_FONTPROVIDER_AUTODETECT, nullptr, 1); + return true; +} extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - static init initialized(kFrameWidth, kFrameHeight); + static bool initialized = init(kFrameWidth, kFrameHeight); ASS_Track *track = ass_read_memory(ass_library, (char *)data, size, nullptr); if (!track) return 0; diff --git a/projects/libass/project.yaml b/projects/libass/project.yaml index 9fdaf42f9..bfcb93edc 100644 --- a/projects/libass/project.yaml +++ b/projects/libass/project.yaml @@ -1,9 +1,10 @@ homepage: "https://github.com/libass/libass" language: c++ -primary_contact: "chortos@inbox.lv" +primary_contact: "greg@kinoho.net" auto_ccs: - - "greg@kinoho.net" - "rodger.combs@gmail.com" + - "nfxjfg@gmail.com" + - "chortos@inbox.lv" - "vabnick@gmail.com" sanitizers: - address diff --git a/projects/libavc/project.yaml b/projects/libavc/project.yaml index 845e5230f..1f5422f5e 100644 --- a/projects/libavc/project.yaml +++ b/projects/libavc/project.yaml @@ -12,12 +12,10 @@ vendor_ccs: - bcreasey@google.com - hamzeh@google.com - geuteneier@google.com + - hollyhall@google.com + - mikelogan@google.com - maverickm@google.com - warrenwright@google.com - - ailport@google.com - - kimtony@google.com - - faerber@google.com - - greendonald@google.com architectures: - x86_64 - i386 diff --git a/projects/libavif/Dockerfile b/projects/libavif/Dockerfile index c1d918b70..a1f030e95 100644 --- a/projects/libavif/Dockerfile +++ b/projects/libavif/Dockerfile @@ -15,11 +15,19 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder + +ADD bionic.list /etc/apt/sources.list.d/bionic.list +ADD nasm_apt.pin /etc/apt/preferences + RUN apt-get update && \ - apt-get install --no-install-recommends -y curl python3-pip python3-setuptools python3-wheel cmake git nasm && \ + apt-get install --no-install-recommends -y curl python3-pip python3-setuptools python3-wheel cmake git && \ pip3 install meson ninja RUN git clone --depth 1 https://github.com/AOMediaCodec/libavif.git libavif WORKDIR libavif +RUN curl -L https://download.videolan.org/contrib/nasm/nasm-2.14.tar.gz | tar xvz +RUN cd nasm-2.14 && ./configure && make -j2 && ln -s `pwd`/nasm /usr/bin/nasm && cd .. +RUN nasm --version + COPY build.sh avif_decode_seed_corpus.zip $SRC/ diff --git a/projects/libavif/bionic.list b/projects/libavif/bionic.list new file mode 100644 index 000000000..8621803a7 --- /dev/null +++ b/projects/libavif/bionic.list @@ -0,0 +1,2 @@ +# use nasm 2.13.02 from bionic +deb http://archive.ubuntu.com/ubuntu/ bionic universe diff --git a/projects/libavif/build.sh b/projects/libavif/build.sh index fe7eba079..130709fb9 100755 --- a/projects/libavif/build.sh +++ b/projects/libavif/build.sh @@ -16,7 +16,7 @@ ################################################################################ # build dav1d -cd ext && bash dav1d_oss_fuzz.sh && cd .. +cd ext && bash dav1d.cmd && cd .. # build libavif mkdir build diff --git a/projects/libavif/nasm_apt.pin b/projects/libavif/nasm_apt.pin new file mode 100644 index 000000000..69099026b --- /dev/null +++ b/projects/libavif/nasm_apt.pin @@ -0,0 +1,7 @@ +Package: * +Pin: release n=bionic +Pin-Priority: 1 + +Package: nasm +Pin: release n=bionic +Pin-Priority: 555 diff --git a/projects/libcacard/Dockerfile b/projects/libcacard/Dockerfile index 7d7a0abf6..5e280b94d 100644 --- a/projects/libcacard/Dockerfile +++ b/projects/libcacard/Dockerfile @@ -15,7 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y pkg-config libglib2.0-dev gyp libsqlite3-dev mercurial python3-pip python +RUN apt-get update && apt-get install -y pkg-config libglib2.0-dev gyp libsqlite3-dev mercurial python3-pip # Because Ubuntu has really ancient meson out there RUN pip3 install meson ninja diff --git a/projects/libcacard/build.sh b/projects/libcacard/build.sh index f12cb416d..719502e90 100755 --- a/projects/libcacard/build.sh +++ b/projects/libcacard/build.sh @@ -33,11 +33,7 @@ sed -i "s/Debug//g" dist/Debug/lib/pkgconfig/nss.pc sed -i "s/\/lib/\/lib\/Debug/g" dist/Debug/lib/pkgconfig/nss.pc sed -i "s/include\/nspr/public\/nss/g" dist/Debug/lib/pkgconfig/nss.pc sed -i "s/NSPR/NSS/g" dist/Debug/lib/pkgconfig/nss.pc -LIBS="-lssl -lsmime -lnssdev -lnss_static -lpk11wrap_static -lcryptohi" -LIBS="$LIBS -lcerthi -lcertdb -lnssb -lnssutil -lnsspki -ldl -lm -lsqlite" -LIBS="$LIBS -lsoftokn_static -lsha-x86_c_lib -lfreebl_static" -LIBS="$LIBS -lgcm-aes-x86_c_lib -lhw-acc-crypto-avx -lhw-acc-crypto-avx2" -sed -i "s/Libs:.*/Libs: -L\${libdir} $LIBS/g" dist/Debug/lib/pkgconfig/nss.pc +sed -i "s/Libs:.*/Libs: -L\${libdir} -lssl -lsmime -lnssdev -lnss_static -lpk11wrap_static -lcryptohi -lcerthi -lcertdb -lnssb -lnssutil -lnsspki -ldl -lm -lsqlite -lsoftokn_static -lfreebl_static -lgcm-aes-x86_c_lib -lhw-acc-crypto-avx -lhw-acc-crypto-avx2 /g" dist/Debug/lib/pkgconfig/nss.pc echo "Requires: nspr" >> dist/Debug/lib/pkgconfig/nss.pc export NSS_NSPR_PATH=$(realpath $SRC/nss-nspr/) diff --git a/projects/proftpd/Dockerfile b/projects/libchewing/Dockerfile index fe6b37f30..4a77e243a 100644 --- a/projects/proftpd/Dockerfile +++ b/projects/libchewing/Dockerfile @@ -1,4 +1,4 @@ -# Copyright 2021 Google Inc. +# Copyright 2016 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,8 +15,8 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake libtool \ - pkg-config cmake check -RUN git clone --depth 1 https://github.com/proftpd/proftpd -WORKDIR proftpd -COPY build.sh fuzzer.c $SRC/ +RUN apt-get update && apt-get install -y make autoconf automake libtool texinfo + +RUN git clone --depth 1 https://github.com/chewing/libchewing.git +WORKDIR libchewing +COPY build.sh chewing_fuzzer_common.[ch] chewing_*_fuzzer.c $SRC/ diff --git a/projects/libchewing/build.sh b/projects/libchewing/build.sh new file mode 100755 index 000000000..e721a0b28 --- /dev/null +++ b/projects/libchewing/build.sh @@ -0,0 +1,39 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# build the library. +./autogen.sh +./configure --disable-shared --enable-static --without-sqlite3 +make clean +make -j$(nproc) all + +# build your fuzzer(s) +make -C test CFLAGS="$CFLAGS -Dmain=stress_main -Drand=get_fuzz_input" stress.o + +$CC $CFLAGS -c $SRC/chewing_fuzzer_common.c -o $WORK/chewing_fuzzer_common.o + +for variant in default random_init dynamic_config; do + $CC $CFLAGS -c $SRC/chewing_${variant}_fuzzer.c -o $WORK/chewing_${variant}_fuzzer.o + $CXX $CXXFLAGS \ + -o $OUT/chewing_${variant}_fuzzer \ + $WORK/chewing_${variant}_fuzzer.o $WORK/chewing_fuzzer_common.o \ + test/stress.o test/.libs/libtesthelper.a src/.libs/libchewing.a \ + $LIB_FUZZING_ENGINE +done + +# install data files +make -j$(nproc) -C data pkgdatadir=$OUT install diff --git a/projects/libchewing/chewing_default_fuzzer.c b/projects/libchewing/chewing_default_fuzzer.c new file mode 100644 index 000000000..dd6fc7a84 --- /dev/null +++ b/projects/libchewing/chewing_default_fuzzer.c @@ -0,0 +1,15 @@ +#include <stdio.h> + +#include "chewing_fuzzer_common.h" + +int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + fuzz_input = fuzz_ptr = data; + fuzz_size = size; + + const char* stress_argv[] = { + "./chewing_fuzzer", "-loop", "1", NULL, + }; + stress_main(sizeof(stress_argv) / sizeof(stress_argv[0]) - 1, + (char**)stress_argv); + return 0; +} diff --git a/projects/libchewing/chewing_dynamic_config_fuzzer.c b/projects/libchewing/chewing_dynamic_config_fuzzer.c new file mode 100644 index 000000000..5479c1ee1 --- /dev/null +++ b/projects/libchewing/chewing_dynamic_config_fuzzer.c @@ -0,0 +1,15 @@ +#include <stdio.h> + +#include "chewing_fuzzer_common.h" + +int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + fuzz_input = fuzz_ptr = data; + fuzz_size = size; + + const char* stress_argv[] = { + "./chewing_fuzzer", "-loop", "1", "-extra", NULL, + }; + stress_main(sizeof(stress_argv) / sizeof(stress_argv[0]) - 1, + (char**)stress_argv); + return 0; +} diff --git a/projects/libchewing/chewing_fuzzer_common.c b/projects/libchewing/chewing_fuzzer_common.c new file mode 100644 index 000000000..34426ea37 --- /dev/null +++ b/projects/libchewing/chewing_fuzzer_common.c @@ -0,0 +1,32 @@ +#include "chewing_fuzzer_common.h" + +#include <libgen.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +static char userphrase_path[] = "/tmp/chewing_userphrase.db.XXXXXX"; + +int LLVMFuzzerInitialize(int* argc, char*** argv) { + char* exe_path = (*argv)[0]; + + // dirname() can modify its argument. + char* exe_path_copy = strdup(exe_path); + char* dir = dirname(exe_path_copy); + + // Assume data files are at the same location as executable. + setenv("CHEWING_PATH", dir, 0); + free(exe_path_copy); + + // Specify user db of this process. So we can run multiple fuzzers at the + // same time. + mktemp(userphrase_path); + setenv("TEST_USERPHRASE_PATH", userphrase_path, 0); + return 0; +} + +int get_fuzz_input() { + if (fuzz_ptr - fuzz_input >= fuzz_size) + return EOF; + return *fuzz_ptr++; +} diff --git a/projects/libchewing/chewing_fuzzer_common.h b/projects/libchewing/chewing_fuzzer_common.h new file mode 100644 index 000000000..5032d655c --- /dev/null +++ b/projects/libchewing/chewing_fuzzer_common.h @@ -0,0 +1,13 @@ +#ifndef CHEWING_FUZZER_COMMON_H +#define CHEWING_FUZZER_COMMON_H + +#include <stddef.h> +#include <stdint.h> + +const uint8_t* fuzz_ptr; +const uint8_t* fuzz_input; +size_t fuzz_size; + +int stress_main(int argc, char** argv); + +#endif diff --git a/projects/libchewing/chewing_random_init_fuzzer.c b/projects/libchewing/chewing_random_init_fuzzer.c new file mode 100644 index 000000000..e0d755f7d --- /dev/null +++ b/projects/libchewing/chewing_random_init_fuzzer.c @@ -0,0 +1,15 @@ +#include <stdio.h> + +#include "chewing_fuzzer_common.h" + +int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + fuzz_input = fuzz_ptr = data; + fuzz_size = size; + + const char* stress_argv[] = { + "./chewing_fuzzer", "-loop", "1", "-init", NULL, + }; + stress_main(sizeof(stress_argv) / sizeof(stress_argv[0]) - 1, + (char**)stress_argv); + return 0; +} diff --git a/projects/libchewing/project.yaml b/projects/libchewing/project.yaml new file mode 100644 index 000000000..1dd3e6e7f --- /dev/null +++ b/projects/libchewing/project.yaml @@ -0,0 +1,5 @@ +homepage: "http://chewing.im/" +language: c++ +disabled: true +view_restrictions: none +main_repo: 'https://github.com/chewing/libchewing.git' diff --git a/projects/libecc/Dockerfile b/projects/libecc/Dockerfile deleted file mode 100644 index aaeed8e41..000000000 --- a/projects/libecc/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake libtool wget python -RUN git clone https://github.com/ANSSI-FR/libecc.git -RUN git clone --depth 1 https://github.com/randombit/botan.git -RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz -RUN wget https://boostorg.jfrog.io/artifactory/main/release/1.74.0/source/boost_1_74_0.tar.bz2 -COPY build.sh $SRC/ diff --git a/projects/libecc/build.sh b/projects/libecc/build.sh deleted file mode 100755 index 558b85260..000000000 --- a/projects/libecc/build.sh +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL" -export LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" - -# Install Boost headers -cd $SRC/ -tar jxf boost_1_74_0.tar.bz2 -cd boost_1_74_0/ -CFLAGS="" CXXFLAGS="" ./bootstrap.sh -CFLAGS="" CXXFLAGS="" ./b2 headers -cp -R boost/ /usr/include/ - -# Build libecc -cd $SRC/libecc -git checkout cryptofuzz -export CFLAGS="$CFLAGS -DUSE_CRYPTOFUZZ" -make -j$(nproc) build/libsign.a -export LIBECC_PATH=$(realpath .) -export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_LIBECC" - -# Build Botan -cd $SRC/botan -if [[ $CFLAGS != *-m32* ]] -then - ./configure.py --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator,x509,tls --build-targets=static --without-documentation -else - ./configure.py --cpu=x86_32 --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator,x509,tls --build-targets=static --without-documentation -fi -make -j$(nproc) - -export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_BOTAN -DCRYPTOFUZZ_BOTAN_IS_ORACLE" -export LIBBOTAN_A_PATH="$SRC/botan/libbotan-3.a" -export BOTAN_INCLUDE_PATH="$SRC/botan/build/include" - -# Build Cryptofuzz -cd $SRC/cryptofuzz -python gen_repository.py -rm extra_options.h -echo -n '"' >>extra_options.h -echo -n '--force-module=libecc ' >>extra_options.h -echo -n '--operations=Digest,ECC_PrivateToPublic,ECDSA_Sign,ECDSA_Verify,ECGDSA_Sign,ECGDSA_Verify,ECRDSA_Sign,ECRDSA_Verify,ECC_Point_Add,ECC_Point_Mul,BignumCalc ' >>extra_options.h -echo -n '--curves=brainpool224r1,brainpool256r1,brainpool384r1,brainpool512r1,secp192r1,secp224r1,secp256r1,secp384r1,secp521r1,secp256k1 ' >>extra_options.h -echo -n '--digests=NULL,SHA224,SHA256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHA384,SHA512,SHA512-224,SHA512-256,SM3,SHAKE256_114,STREEBOG-256,STREEBOG-512 ' >>extra_options.h -echo -n '--calcops=Add,AddMod,And,Bit,GCD,InvMod,IsOdd,IsOne,IsZero,LShift1,Mod,Mul,MulMod,NumBits,Or,RShift,Sqr,Sub,SubMod,Xor ' >>extra_options.h -echo -n '"' >>extra_options.h -cd modules/libecc/ -make -B -j$(nproc) -cd ../botan/ -make -B -j$(nproc) -cd ../../ -make -B -j$(nproc) - -cp cryptofuzz $OUT/cryptofuzz-libecc diff --git a/projects/libecc/project.yaml b/projects/libecc/project.yaml deleted file mode 100644 index 2fe474fc8..000000000 --- a/projects/libecc/project.yaml +++ /dev/null @@ -1,14 +0,0 @@ -homepage: "https://github.com/ANSSI-FR/libecc" -language: c++ -primary_contact: "guidovranken@gmail.com" -main_repo: "https://github.com/ANSSI-FR/libecc.git" -auto_ccs: - - "dev.libecc@gmail.com" -sanitizers: - - address - - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory -architectures: - - x86_64 - - i386 diff --git a/projects/libevent/Dockerfile b/projects/libevent/Dockerfile index 0c34bd755..04fdc04f2 100644 --- a/projects/libevent/Dockerfile +++ b/projects/libevent/Dockerfile @@ -15,7 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake libtool cmake pkg-config +RUN apt-get update && apt-get install -y make autoconf automake libtool cmake RUN git clone --depth 1 https://github.com/libevent/libevent.git libevent WORKDIR libevent COPY build.sh *.cc $SRC/ diff --git a/projects/libevent/project.yaml b/projects/libevent/project.yaml index be4d8bd89..feb600c25 100644 --- a/projects/libevent/project.yaml +++ b/projects/libevent/project.yaml @@ -3,10 +3,9 @@ language: c++ primary_contact: "a3at.mail@gmail.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined architectures: - x86_64 - i386 -main_repo: 'https://github.com/libevent/libevent.git'
\ No newline at end of file +main_repo: 'https://github.com/libevent/libevent.git' diff --git a/projects/libfdk-aac/project.yaml b/projects/libfdk-aac/project.yaml index 922606a14..0613f7290 100644 --- a/projects/libfdk-aac/project.yaml +++ b/projects/libfdk-aac/project.yaml @@ -1,5 +1,4 @@ homepage: https://android.googlesource.com/platform/external/aac/ -main_repo: 'https://android.googlesource.com/platform/external/aac/' language: c++ primary_contact: audio-fdk@iis.fraunhofer.de auto_ccs: @@ -8,12 +7,10 @@ vendor_ccs: - bcreasey@google.com - hamzeh@google.com - geuteneier@google.com + - hollyhall@google.com + - mikelogan@google.com - maverickm@google.com - warrenwright@google.com - - ailport@google.com - - kimtony@google.com - - faerber@google.com - - greendonald@google.com fuzzing_engines: - libfuzzer - afl diff --git a/projects/libfido2/project.yaml b/projects/libfido2/project.yaml index d335eea9b..5a351a07c 100644 --- a/projects/libfido2/project.yaml +++ b/projects/libfido2/project.yaml @@ -9,8 +9,7 @@ auto_ccs: sanitizers: - address - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory fuzzing_engines: - libfuzzer -main_repo: 'https://github.com/Yubico/libfido2'
\ No newline at end of file +main_repo: 'https://github.com/Yubico/libfido2' diff --git a/projects/libheif/build.sh b/projects/libheif/build.sh index 7c303ea72..70618a2d2 100755 --- a/projects/libheif/build.sh +++ b/projects/libheif/build.sh @@ -74,8 +74,7 @@ PKG_CONFIG="pkg-config --static" PKG_CONFIG_PATH="$DEPS_PATH/lib/pkgconfig" ./co --enable-static \ --disable-examples \ --disable-go \ - --enable-libfuzzer="$LIB_FUZZING_ENGINE" \ - CPPFLAGS="-I$DEPS_PATH/include" + --enable-libfuzzer="$LIB_FUZZING_ENGINE" make clean make -j$(nproc) diff --git a/projects/libhevc/project.yaml b/projects/libhevc/project.yaml index 4af0cab3f..5d84b08e7 100644 --- a/projects/libhevc/project.yaml +++ b/projects/libhevc/project.yaml @@ -12,12 +12,10 @@ vendor_ccs: - bcreasey@google.com - hamzeh@google.com - geuteneier@google.com + - hollyhall@google.com + - mikelogan@google.com - maverickm@google.com - warrenwright@google.com - - ailport@google.com - - kimtony@google.com - - faerber@google.com - - greendonald@google.com architectures: - x86_64 - i386 diff --git a/projects/libhtp/project.yaml b/projects/libhtp/project.yaml index 753887a28..3b861d5bd 100644 --- a/projects/libhtp/project.yaml +++ b/projects/libhtp/project.yaml @@ -7,7 +7,6 @@ auto_ccs : sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory +- memory - undefined -main_repo: 'https://github.com/OISF/libhtp.git'
\ No newline at end of file +main_repo: 'https://github.com/OISF/libhtp.git' diff --git a/projects/libidn/Dockerfile b/projects/libidn/Dockerfile index e6aebff2b..3bb5413cf 100644 --- a/projects/libidn/Dockerfile +++ b/projects/libidn/Dockerfile @@ -22,7 +22,7 @@ RUN apt-get update && apt-get install -y \ autoconf-archive \ automake \ libtool \ - gettext gengetopt curl gperf wget + gettext gengetopt curl gperf RUN git clone --depth=1 https://git.savannah.gnu.org/git/libidn.git diff --git a/projects/libidn/build.sh b/projects/libidn/build.sh index 5aa0ea3a8..b66d8b940 100755 --- a/projects/libidn/build.sh +++ b/projects/libidn/build.sh @@ -18,10 +18,10 @@ # avoid iconv() memleak on Ubuntu 16.04 image (breaks test suite) export ASAN_OPTIONS=detect_leaks=0 -./bootstrap -./configure --enable-static --disable-doc -make -j -make -j check +make CFGFLAGS="--enable-static --disable-doc" +make clean +make -j1 +make -j$(nproc) check cd fuzz make oss-fuzz diff --git a/projects/libigl/Dockerfile b/projects/libigl/Dockerfile deleted file mode 100644 index 2fba95aa0..000000000 --- a/projects/libigl/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make -RUN git clone --depth 1 https://github.com/libigl/libigl -WORKDIR $SRC/libigl -COPY igl_fuzzer.cpp \ - build.sh \ - $SRC/ - diff --git a/projects/libigl/build.sh b/projects/libigl/build.sh deleted file mode 100755 index d2a39f17e..000000000 --- a/projects/libigl/build.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -mkdir build-dir && cd build-dir -cmake -DLIBIGL_WITH_OPENGL=OFF \ - -DLIBIGL_WITH_OPENGL_GLFW=OFF \ - -DLIBIGL_WITH_OPENGL_GLFW_IMGUI=OFF \ - -DLIBIGL_WITH_COMISO=OFF \ - -DLIBIGL_WITH_EMBREE=OFF \ - -DLIBIGL_WITH_PNG=OFF \ - -DLIBIGL_WITH_TETGEN=OFF \ - -DLIBIGL_WITH_TRIANGLE=OFF \ - -DLIBIGL_WITH_PREDICATES=OFF \ - -DLIBIGL_WITH_XML=OFF \ - -DLIBIGL_BUILD_TESTS=OFF \ - .. -make -j$(nproc) - -$CXX $CXXFLAGS -DIGL_STATIC_LIBRARY \ - -I/src/libigl/include \ - -isystem /src/libigl/cmake/../include \ - -isystem /src/libigl/cmake/../external/eigen \ - -c $SRC/igl_fuzzer.cpp -o fuzzer.o -$CXX $CXXFLAGS $LIB_FUZZING_ENGINE fuzzer.o \ - -o $OUT/igl_fuzzer $SRC/libigl/build-dir/libigl.a diff --git a/projects/libigl/igl_fuzzer.cpp b/projects/libigl/igl_fuzzer.cpp deleted file mode 100644 index 34e4dfe9a..000000000 --- a/projects/libigl/igl_fuzzer.cpp +++ /dev/null @@ -1,37 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include <stdint.h> -#include <string.h> -#include <stdlib.h> -#include <igl/MshLoader.h> -#include <iostream> - -extern "C" -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size){ - char *nullt_string = (char *)malloc(size+1); - if (nullt_string == NULL){ - return 0; - } - memcpy(nullt_string, data, size); - nullt_string[size] = '\0'; - std::ofstream fuzz_file; - fuzz_file.open ("fuzz_file.msh"); - fuzz_file << nullt_string; - fuzz_file.close(); - try { - igl::MshLoader msh_loader("fuzz_file.msh"); - } catch (...) {} - free(nullt_string); - return 0; -} - diff --git a/projects/libigl/project.yaml b/projects/libigl/project.yaml deleted file mode 100644 index 411d0da3d..000000000 --- a/projects/libigl/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://libigl.github.io" -language: c++ -primary_contact: "github@jdumas.org" -auto_ccs: - - "Adam@adalogics.com" -sanitizers: - - address - - undefined - - memory -main_repo: "https://github.com/libigl/libigl" diff --git a/projects/libjpeg-turbo/Dockerfile b/projects/libjpeg-turbo/Dockerfile index 74f1249f9..40c8f49f6 100644 --- a/projects/libjpeg-turbo/Dockerfile +++ b/projects/libjpeg-turbo/Dockerfile @@ -15,13 +15,12 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make yasm cmake +RUN apt-get update && apt-get install -y make autoconf automake libtool yasm curl cmake RUN git clone --depth 1 https://github.com/libjpeg-turbo/libjpeg-turbo -RUN git clone --depth 1 https://github.com/libjpeg-turbo/seed-corpora -RUN cd seed-corpora && zip -r ../decompress_fuzzer_seed_corpus.zip afl-testcases/jpeg* bugs/decompress* $SRC/libjpeg-turbo/testimages/*.jpg -RUN cd seed-corpora && zip -r ../compress_fuzzer_seed_corpus.zip afl-testcases/bmp afl-testcases/gif* bugs/compress* $SRC/libjpeg-turbo/testimages/*.bmp $SRC/libjpeg-turbo/testimages/*.ppm -RUN rm -rf seed-corpora +RUN mkdir afl-testcases +RUN cd afl-testcases/ && curl https://lcamtuf.coredump.cx/afl/demo/afl_testcases.tgz | tar -xz +RUN zip libjpeg_turbo_fuzzer_seed_corpus.zip afl-testcases/jpeg/full/images/* afl-testcases/jpeg_turbo/full/images/* $SRC/libjpeg-turbo/testimages/* WORKDIR libjpeg-turbo -RUN cp fuzz/build.sh $SRC/ +COPY build.sh libjpeg_turbo_fuzzer.cc $SRC/ diff --git a/projects/juju/build.sh b/projects/libjpeg-turbo/build.sh index 7dc892c23..e500e20bc 100644..100755 --- a/projects/juju/build.sh +++ b/projects/libjpeg-turbo/build.sh @@ -1,5 +1,5 @@ #!/bin/bash -eu -# Copyright 2021 Google LLC +# Copyright 2016 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,11 +15,12 @@ # ################################################################################ -mv $SRC/storage_fuzzer.go $SRC/juju/storage/ +cmake . -DCMAKE_INSTALL_PREFIX=$WORK -DENABLE_STATIC:bool=on +make "-j$(nproc)" +make install -if [[ $SANITIZER = *coverage* ]]; then - compile_go_fuzzer github.com/juju/juju/storage Fuzz storage_fuzzer - exit 0 -fi +$CXX $CXXFLAGS -std=c++11 -I. \ + $SRC/libjpeg_turbo_fuzzer.cc -o $OUT/libjpeg_turbo_fuzzer \ + $LIB_FUZZING_ENGINE "$WORK/lib/libturbojpeg.a" -compile_go_fuzzer ./storage Fuzz storage_fuzzer +cp $SRC/libjpeg_turbo_fuzzer_seed_corpus.zip $OUT/ diff --git a/projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc b/projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc new file mode 100644 index 000000000..1b9ffd62f --- /dev/null +++ b/projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc @@ -0,0 +1,67 @@ +/* +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +*/ + +#include <stdint.h> +#include <stdlib.h> + +#include <memory> + +#include <turbojpeg.h> + + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + tjhandle jpegDecompressor = tjInitDecompress(); + + int width, height, subsamp, colorspace; + int res = tjDecompressHeader3( + jpegDecompressor, data, size, &width, &height, &subsamp, &colorspace); + + // Bail out if decompressing the headers failed, the width or height is 0, + // or the image is too large (avoids slowing down too much). Cast to size_t to + // avoid overflows on the multiplication + if (res != 0 || width == 0 || height == 0 || ((size_t)width * height > (1024 * 1024))) { + tjDestroy(jpegDecompressor); + return 0; + } + + const int buffer_size = width * height * 3; + std::unique_ptr<unsigned char[]> buf(new unsigned char[buffer_size]); + tjDecompress2( + jpegDecompressor, data, size, buf.get(), width, 0, height, TJPF_RGB, 0); + + // For memory sanitizer, test each output byte + const unsigned char* raw_buf = buf.get(); + int count = 0; + for( int i = 0; i < buffer_size; i++ ) + { + if (raw_buf[i]) + { + count ++; + } + } + if (count == buffer_size) + { + // Do something with side effect, so that all the above tests don't + // get removed by the optimizer. + free(malloc(1)); + } + + tjDestroy(jpegDecompressor); + + return 0; +} diff --git a/projects/libjpeg-turbo/project.yaml b/projects/libjpeg-turbo/project.yaml index 88d56ec28..4ed2d5567 100644 --- a/projects/libjpeg-turbo/project.yaml +++ b/projects/libjpeg-turbo/project.yaml @@ -1,5 +1,5 @@ -homepage: "https://libjpeg-turbo.org" -language: c +homepage: "https://github.com/libjpeg-turbo/libjpeg-turbo" +language: c++ primary_contact: "drc@virtualgl.org" vendor_ccs: - "aosmond@mozilla.com" diff --git a/projects/libjxl/Dockerfile b/projects/libjxl/Dockerfile deleted file mode 100644 index 0d52e8809..000000000 --- a/projects/libjxl/Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2021 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y cmake ninja-build pkg-config -RUN git clone --depth 1 https://github.com/libjxl/libjxl.git -# We only need these sub-projects for the fuzzers. -RUN git -C libjxl submodule update --init --recommend-shallow \ - third_party/highway third_party/lodepng third_party/skcms third_party/brotli - -WORKDIR libjxl -COPY build.sh $SRC/ diff --git a/projects/libjxl/build.sh b/projects/libjxl/build.sh deleted file mode 100755 index 091c55a6c..000000000 --- a/projects/libjxl/build.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -build_args=( - -G Ninja - -DBUILD_TESTING=OFF - -DJPEGXL_ENABLE_BENCHMARK=OFF - -DJPEGXL_ENABLE_DEVTOOLS=ON - -DJPEGXL_ENABLE_EXAMPLES=OFF - -DJPEGXL_ENABLE_FUZZERS=ON - -DJPEGXL_ENABLE_MANPAGES=OFF - -DJPEGXL_ENABLE_SJPEG=OFF - -DJPEGXL_ENABLE_VIEWERS=OFF - -DCMAKE_BUILD_TYPE=Release -) - -# Build and generate a fuzzer corpus in release mode without instrumentation. -# This is done in a subshell since we change the environment. -( - unset CFLAGS - unset CXXFLAGS - export AFL_NOOPT=1 - - mkdir -p ${WORK}/libjxl-corpus - cd ${WORK}/libjxl-corpus - cmake "${build_args[@]}" "${SRC}/libjxl" - ninja clean - ninja fuzzer_corpus - - # Generate a fuzzer corpus. - mkdir -p djxl_fuzzer_corpus - tools/fuzzer_corpus -q -r djxl_fuzzer_corpus - zip -q -j "${OUT}/djxl_fuzzer_seed_corpus.zip" djxl_fuzzer_corpus/* -) - -# Build the fuzzers in release mode but force the inclusion of JXL_DASSERT() -# checks. -export CXXFLAGS="${CXXFLAGS} -DJXL_IS_DEBUG_BUILD=1" - -mkdir -p ${WORK}/libjxl-fuzzer -cd ${WORK}/libjxl-fuzzer -cmake \ - "${build_args[@]}" \ - -DJPEGXL_FUZZER_LINK_FLAGS="${LIB_FUZZING_ENGINE}" \ - "${SRC}/libjxl" - -fuzzers=( - color_encoding_fuzzer - djxl_fuzzer - fields_fuzzer - icc_codec_fuzzer - rans_fuzzer -) - -ninja clean -ninja "${fuzzers[@]}" -for fuzzer in "${fuzzers[@]}"; do - cp tools/${fuzzer} "${OUT}/" -done diff --git a/projects/libjxl/project.yaml b/projects/libjxl/project.yaml deleted file mode 100644 index d3707f0a1..000000000 --- a/projects/libjxl/project.yaml +++ /dev/null @@ -1,12 +0,0 @@ -homepage: "https://github.com/libjxl/libjxl" -language: c++ -primary_contact: "libjxl-security@google.com" -auto_ccs: - - "deymo@google.com" - - "veluca@google.com" -sanitizers: - - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory - - undefined -main_repo: 'https://github.com/libjxl/libjxl.git'
\ No newline at end of file diff --git a/projects/libldac/project.yaml b/projects/libldac/project.yaml index c850debe8..189adf0bd 100644 --- a/projects/libldac/project.yaml +++ b/projects/libldac/project.yaml @@ -7,12 +7,10 @@ vendor_ccs: - bcreasey@google.com - hamzeh@google.com - geuteneier@google.com + - hollyhall@google.com + - mikelogan@google.com - maverickm@google.com - warrenwright@google.com - - ailport@google.com - - kimtony@google.com - - faerber@google.com - - greendonald@google.com fuzzing_engines: - libfuzzer - afl diff --git a/projects/liblouis/Dockerfile b/projects/liblouis/Dockerfile index 2d6649e44..40a17c099 100644 --- a/projects/liblouis/Dockerfile +++ b/projects/liblouis/Dockerfile @@ -16,7 +16,7 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool \ - pkg-config zlib1g-dev libpci-dev + pkg-config zlib1g-dev pciutils-dev libpci-dev RUN git clone --depth 1 https://github.com/liblouis/liblouis WORKDIR liblouis COPY build.sh $SRC/ diff --git a/projects/libmpeg2/project.yaml b/projects/libmpeg2/project.yaml index e88f915e4..a3ec5d4ff 100644 --- a/projects/libmpeg2/project.yaml +++ b/projects/libmpeg2/project.yaml @@ -12,12 +12,10 @@ vendor_ccs: - bcreasey@google.com - hamzeh@google.com - geuteneier@google.com + - hollyhall@google.com + - mikelogan@google.com - maverickm@google.com - warrenwright@google.com - - ailport@google.com - - kimtony@google.com - - faerber@google.com - - greendonald@google.com architectures: - x86_64 - i386 diff --git a/projects/libpg_query/Dockerfile b/projects/libpg_query/Dockerfile deleted file mode 100644 index 90f173b33..000000000 --- a/projects/libpg_query/Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN git clone --depth 1 https://github.com/pganalyze/libpg_query libpg_query -WORKDIR libpg_query -COPY build.sh $SRC/ diff --git a/projects/libpg_query/build.sh b/projects/libpg_query/build.sh deleted file mode 100755 index 0b5aa9f01..000000000 --- a/projects/libpg_query/build.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -make build -$CC $CFLAGS $LIB_FUZZING_ENGINE ./test/fuzz/fuzz_parser.c ./libpg_query.a -I./ -o $OUT/fuzz_parser diff --git a/projects/libpg_query/project.yaml b/projects/libpg_query/project.yaml deleted file mode 100644 index 11d7e74c2..000000000 --- a/projects/libpg_query/project.yaml +++ /dev/null @@ -1,7 +0,0 @@ -homepage: "https://pganalyze.com/" -language: c -primary_contact: "team@pganalyze.com" -main_repo: "https://github.com/pganalyze/pg_query" -auto_ccs: - - "lukas@pganalyze.com" - - "david@adalogics.com" diff --git a/projects/libphonenumber/Dockerfile b/projects/libphonenumber/Dockerfile index 85f278ff3..c75d78c58 100644 --- a/projects/libphonenumber/Dockerfile +++ b/projects/libphonenumber/Dockerfile @@ -15,27 +15,12 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder +RUN apt-get update && apt-get install -y autoconf automake libtool g++ cmake-curses-gui libgtest-dev libre2-dev libicu-dev libboost-dev libboost-thread-dev libboost-system-dev binutils ninja-build liblzma-dev libz-dev pkg-config wget openjdk-8-jdk -RUN apt-get update && apt-get install -y autoconf automake \ - cmake cmake-curses-gui libre2-dev \ - libicu-dev libboost-dev libboost-thread-dev libboost-system-dev \ - libgflags-dev libgoogle-glog-dev libssl-dev \ - protobuf-compiler libtool wget default-jre icu-devtools -RUN apt-get install -y libgtest-dev && \ - cd /usr/src/googletest/googletest && \ - mkdir build && \ - cd build && \ - cmake .. && \ - make && \ - mkdir /usr/local/lib/googletest && \ - ln -sn /usr/local/lib/googletest/libgtest.a /usr/lib/libgtest.a && \ - ln -sn /usr/local/lib/googletest/libgtest_main.a /usr/lib/libgtest_main.a && \ - rm /lib/x86_64-linux-gnu/libgtest.a && \ - ln -sn /usr/local/lib/googletest/libgtest.a /lib/x86_64-linux-gnu/libgtest.a -RUN wget https://github.com/unicode-org/icu/releases/download/release-66-rc/icu4c-66rc-src.tgz && \ - tar xzvf icu4c-66rc-src.tgz +WORKDIR $SRC/ RUN git clone https://github.com/google/libphonenumber +RUN wget https://github.com/unicode-org/icu/releases/download/release-55-2/icu4c-55_2-src.tgz && tar xzvf icu4c-55_2-src.tgz + COPY build.sh $SRC/ COPY phonefuzz.cc $SRC/ -WORKDIR $SRC/ diff --git a/projects/libphonenumber/build.sh b/projects/libphonenumber/build.sh index 768275e29..ec67ec68e 100755 --- a/projects/libphonenumber/build.sh +++ b/projects/libphonenumber/build.sh @@ -68,18 +68,20 @@ sed -i 's/set (BUILD_SHARED_LIB true)/set (BUILD_SHARED_LIB false)/g' CMakeLists sed -i 's/list (APPEND CMAKE_C_FLAGS "-pthread")/string (APPEND CMAKE_C_FLAGS " -pthread")/g' CMakeLists.txt mkdir build && cd build -cmake -DUSE_BOOST=OFF -DBUILD_GEOCODER=OFF \ - -DPROTOBUF_LIB="/src/protobuf/src/.libs/libprotobuf.a" \ - -DBUILD_STATIC_LIB=ON \ +cmake -DUSE_BOOST=OFF -DBUILD_GEOCODER=OFF -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON \ -DICU_UC_INCLUDE_DIR=$SRC/icu/source/comon \ -DICU_UC_LIB=$DEPS_PATH/lib/libicuuc.a \ -DICU_I18N_INCLUDE_DIR=$SRC/icu/source/i18n/ \ - -DICU_I18N_LIB=$DEPS_PATH/lib/libicui18n.a \ - ../ + -DICU_I18N_LIB=$DEPS_PATH/lib/libicui18n.a ../ make +cd ../ # Build our fuzzer -$CXX -I$SRC/libphonenumber/cpp/src $CXXFLAGS -o phonefuzz.o -c $SRC/phonefuzz.cc -$CXX $CXXFLAGS $LIB_FUZZING_ENGINE phonefuzz.o -o $OUT/phonefuzz \ - ./libphonenumber.a $SRC/protobuf/src/.libs/libprotobuf.a \ +cp $SRC/*fuzz.cc . +$CXX -I/src/libphonenumber/cpp/src $CXXFLAGS -o phonefuzz.o -c phonefuzz.cc + +$CXX $CXXFLAGS $LIB_FUZZING_ENGINE phonefuzz.o -o phonefuzz \ + build/libphonenumber.a $SRC/protobuf/src/.libs/libprotobuf.a \ $DEPS_PATH/lib/libicu.a -lpthread + +cp phonefuzz $OUT/ diff --git a/projects/libpng/project.yaml b/projects/libpng/project.yaml index 1e9d786a1..66b280b43 100644 --- a/projects/libpng/project.yaml +++ b/projects/libpng/project.yaml @@ -7,7 +7,6 @@ vendor_ccs: - "twsmith@mozilla.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined -main_repo: 'https://github.com/glennrp/libpng.git'
\ No newline at end of file +main_repo: 'https://github.com/glennrp/libpng.git' diff --git a/projects/libpsl/Dockerfile b/projects/libpsl/Dockerfile index 89dd36572..303c5bba2 100644 --- a/projects/libpsl/Dockerfile +++ b/projects/libpsl/Dockerfile @@ -34,8 +34,12 @@ RUN apt-get update && apt-get install -y \ python RUN git clone git://git.savannah.gnu.org/gnulib.git +ENV GNULIB_TOOL=$SRC/gnulib/gnulib-tool +ENV GNULIB_SRCDIR=$SRC/gnulib + RUN git clone --depth=1 https://git.savannah.gnu.org/git/libunistring.git -RUN git clone --depth=1 https://gitlab.com/libidn/libidn2.git +RUN git clone --depth=1 https://gitlab.com/libidn/libidn2.git && \ + rmdir libidn2/gnulib && ln -s $SRC/gnulib libidn2/gnulib RUN git clone --depth=1 https://git.savannah.gnu.org/git/libidn.git RUN wget https://github.com/unicode-org/icu/releases/download/release-59-2/icu4c-59_2-src.tgz && tar xvfz icu4c-59_2-src.tgz diff --git a/projects/libpsl/build.sh b/projects/libpsl/build.sh index 8aba395c3..0dd93b532 100755 --- a/projects/libpsl/build.sh +++ b/projects/libpsl/build.sh @@ -20,9 +20,6 @@ export PKG_CONFIG_PATH=$DEPS_PATH/lib/pkgconfig export CPPFLAGS="-I$DEPS_PATH/include" export LDFLAGS="-L$DEPS_PATH/lib" export CONFIG_SITE=$SRC/config.site -export GNULIB_SRCDIR=$SRC/gnulib -export GNULIB_TOOL=$GNULIB_SRCDIR/gnulib-tool - cd $SRC/icu/source UBSAN_OPTIONS=detect_leaks=0 \ @@ -33,32 +30,29 @@ CPPFLAGS="$CPPFLAGS -fno-sanitize=vptr" \ --disable-tests --disable-samples --with-data-packaging=static --prefix=$DEPS_PATH # ugly hack to avoid build error echo '#include <locale.h>' >>i18n/digitlst.h - -# Hack so that upgrade to Ubuntu 20.04 works. -ln -s /usr/include/locale.h /usr/include/xlocale.h - -make -j +make -j$(nproc) make install cd $SRC/libunistring ./autogen.sh ASAN_OPTIONS=detect_leaks=0 UBSAN_OPTIONS=detect_leaks=0 \ ./configure --enable-static --disable-shared --prefix=$DEPS_PATH -make -j +make -j$(nproc) make install cd $SRC/libidn -./bootstrap ASAN_OPTIONS=detect_leaks=0 UBSAN_OPTIONS=detect_leaks=0 \ - ./configure --enable-static --disable-shared --disable-doc --prefix=$DEPS_PATH -make -j + make CFGFLAGS="--enable-static --disable-shared --disable-doc --prefix=$DEPS_PATH" +make clean +make -j1 +make -j$(nproc) check make install cd $SRC/libidn2 ./bootstrap ASAN_OPTIONS=detect_leaks=0 UBSAN_OPTIONS=detect_leaks=0 \ ./configure --enable-static --disable-shared --disable-doc --disable-gcc-warnings --prefix=$DEPS_PATH -make -j +make -j$(nproc) make install @@ -88,8 +82,8 @@ for build in $builds; do ASAN_OPTIONS=detect_leaks=0 UBSAN_OPTIONS=detect_leaks=0 \ ./configure --enable-static --disable-shared --disable-gtk-doc $BUILD_FLAGS --prefix=$DEPS_PATH make clean - make -j - make -j check + make -j$(nproc) + make -j$(nproc) check make -C fuzz oss-fuzz find fuzz -name '*_fuzzer' -exec cp -v '{}' $OUT ';' done diff --git a/projects/libra/Dockerfile b/projects/libra/Dockerfile index cc541e3ac..426e54792 100644 --- a/projects/libra/Dockerfile +++ b/projects/libra/Dockerfile @@ -15,7 +15,7 @@ ################################################################################ # google oss-fuzz stuff -FROM gcr.io/oss-fuzz-base/base-builder-rust +FROM gcr.io/oss-fuzz-base/base-builder # install other tools we might need RUN apt-get update && apt-get install -y cmake curl diff --git a/projects/librawspeed/Dockerfile b/projects/librawspeed/Dockerfile index a480f1542..54bb66d3a 100644 --- a/projects/librawspeed/Dockerfile +++ b/projects/librawspeed/Dockerfile @@ -18,7 +18,7 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && \ apt-get install -y apt-transport-https ca-certificates gnupg software-properties-common wget && \ wget -O - https://apt.kitware.com/keys/kitware-archive-latest.asc 2>/dev/null | apt-key add - && \ - apt-add-repository 'deb https://apt.kitware.com/ubuntu/ focal main' && \ + apt-add-repository 'deb https://apt.kitware.com/ubuntu/ xenial main' && \ apt-get update && apt-get install -y cmake make RUN git clone --depth 1 https://github.com/darktable-org/rawspeed.git librawspeed WORKDIR librawspeed diff --git a/projects/libreoffice/Dockerfile b/projects/libreoffice/Dockerfile index e6eeb4c65..6e8d21188 100644 --- a/projects/libreoffice/Dockerfile +++ b/projects/libreoffice/Dockerfile @@ -20,9 +20,156 @@ RUN sed -i -e '/^#\s*deb-src.*\smain\s\+restricted/s/^#//' /etc/apt/sources.list #build requirements RUN apt-get update && apt-get build-dep -y libreoffice RUN apt-get install -y wget yasm locales && locale-gen en_US.UTF-8 +#xenial gperf too old +RUN sed -i -e 's/xenial/bionic/g' /etc/apt/sources.list +RUN apt-get update && apt-get install gperf +#cache build dependencies +ADD https://dev-www.libreoffice.org/src/c74b7223abe75949b4af367942d96c7a-crosextrafonts-carlito-20130920.tar.gz \ + https://dev-www.libreoffice.org/src/e7a384790b13c29113e22e596ade9687-LinLibertineG-20120116.zip \ + https://dev-www.libreoffice.org/src/Amiri-0.111.zip \ + https://dev-www.libreoffice.org/src/ReemKufi-0.7.zip \ + https://dev-www.libreoffice.org/src/edc4d741888bc0d38e32dbaa17149596-source-sans-pro-2.010R-ro-1.065R-it.tar.gz \ + https://dev-www.libreoffice.org/src/907d6e99f241876695c19ff3db0b8923-source-code-pro-2.030R-ro-1.050R-it.tar.gz \ + https://dev-www.libreoffice.org/src/134d8262145fc793c6af494dcace3e71-liberation-fonts-ttf-1.07.4.tar.gz \ + https://dev-www.libreoffice.org/src/1725634df4bb3dcb1b2c91a6175f8789-GentiumBasic_1102.zip \ + https://dev-www.libreoffice.org/src/33e1e61fab06a547851ed308b4ffef42-dejavu-fonts-ttf-2.37.zip \ + https://dev-www.libreoffice.org/src/368f114c078f94214a308a74c7e991bc-crosextrafonts-20130214.tar.gz \ + https://dev-www.libreoffice.org/src/5c781723a0d9ed6188960defba8e91cf-liberation-fonts-ttf-2.00.1.tar.gz \ + https://dev-www.libreoffice.org/extern/49a64f3bcf20a7909ba2751349231d6652ded9cd2840e961b5164d09de3ffa63-opens___.ttf \ + https://dev-www.libreoffice.org/src/noto-fonts-20171024.tar.gz \ + https://dev-www.libreoffice.org/src/amiri-0.109.zip \ + https://dev-www.libreoffice.org/src/ttf-kacst_2.01+mry.tar.gz \ + https://dev-www.libreoffice.org/src/ReemKufi-0.6.tar.gz \ + https://dev-www.libreoffice.org/src/Scheherazade-2.100.zip \ + https://dev-www.libreoffice.org/src/EmojiOneColor-SVGinOT-1.3.tar.gz \ + https://dev-www.libreoffice.org/src/culmus-0.131.tar.gz \ + https://dev-www.libreoffice.org/src/libre-hebrew-1.0.tar.gz \ + https://dev-www.libreoffice.org/src/alef-1.001.tar.gz \ + https://dev-www.libreoffice.org/src/a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz \ + https://dev-www.libreoffice.org/src/5ade6ae2a99bc1e9e57031ca88d36dad-hyphen-2.8.8.tar.gz \ + https://dev-www.libreoffice.org/src/48d647fbd8ef8889e5a7f422c1bfda94-clucene-core-2.3.3.4.tar.gz \ + https://dev-www.libreoffice.org/src/boost_1_66_0.tar.bz2 \ + https://dev-www.libreoffice.org/src/expat-2.2.5.tar.bz2 \ + https://dev-www.libreoffice.org/src/libjpeg-turbo-1.5.2.tar.gz \ + https://dev-www.libreoffice.org/src/lcms2-2.8.tar.gz \ + https://dev-www.libreoffice.org/src/0168229624cfac409e766913506961a8-ucpp-1.3.2.tar.gz \ + https://dev-www.libreoffice.org/src/libexttextcat-3.4.5.tar.xz \ + https://dev-www.libreoffice.org/src/1f5def51ca0026cd192958ef07228b52-rasqal-0.9.33.tar.gz \ + https://dev-www.libreoffice.org/src/a39f6c07ddb20d7dd2ff1f95fa21e2cd-raptor2-2.0.15.tar.gz \ + https://dev-www.libreoffice.org/src/e5be03eda13ef68aabab6e42aa67715e-redland-1.0.17.tar.gz \ + https://dev-www.libreoffice.org/src/cppunit-1.14.0.tar.gz \ + https://dev-www.libreoffice.org/src/openldap-2.4.45.tgz \ + https://dev-www.libreoffice.org/src/neon-0.30.2.tar.gz \ + https://dev-www.libreoffice.org/src/e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz \ + https://dev-www.libreoffice.org/src/cairo-1.15.12.tar.xz \ + https://dev-www.libreoffice.org/src/curl-7.60.0.tar.gz \ + https://dev-www.libreoffice.org/src/xmlsec1-1.2.26.tar.gz \ + https://dev-www.libreoffice.org/src/liblangtag-0.6.2.tar.bz2 \ + https://dev-www.libreoffice.org/src/libabw-0.1.2.tar.xz \ + https://dev-www.libreoffice.org/src/libcdr-0.1.4.tar.xz \ + https://dev-www.libreoffice.org/src/libcmis-0.5.1.tar.gz \ + https://dev-www.libreoffice.org/src/libe-book-0.1.3.tar.xz \ + https://dev-www.libreoffice.org/src/libetonyek-0.1.8.tar.xz \ + https://dev-www.libreoffice.org/src/libfreehand-0.1.2.tar.xz \ + https://dev-www.libreoffice.org/src/libmspub-0.1.4.tar.xz \ + https://dev-www.libreoffice.org/src/libmwaw-0.3.14.tar.xz \ + https://dev-www.libreoffice.org/src/libodfgen-0.1.6.tar.bz2 \ + https://dev-www.libreoffice.org/src/liborcus-0.13.4.tar.gz \ + https://dev-www.libreoffice.org/src/libpagemaker-0.0.4.tar.xz \ + https://dev-www.libreoffice.org/src/libpng-1.6.34.tar.xz \ + https://dev-www.libreoffice.org/src/librevenge-0.0.4.tar.bz2 \ + https://dev-www.libreoffice.org/src/libstaroffice-0.0.6.tar.xz \ + https://dev-www.libreoffice.org/src/libvisio-0.1.6.tar.xz \ + https://dev-www.libreoffice.org/src/libwpd-0.10.2.tar.xz \ + https://dev-www.libreoffice.org/src/libwpg-0.3.2.tar.xz \ + https://dev-www.libreoffice.org/src/libwps-0.4.10.tar.xz \ + https://dev-www.libreoffice.org/src/libzmf-0.0.2.tar.xz \ + https://dev-www.libreoffice.org/src/zlib-1.2.11.tar.xz \ + https://dev-www.libreoffice.org/src/poppler-0.66.0.tar.xz \ + https://dev-www.libreoffice.org/src/mdds-1.3.1.tar.bz2 \ + https://dev-www.libreoffice.org/src/openssl-1.0.2o.tar.gz \ + https://dev-www.libreoffice.org/src/language-subtag-registry-2018-04-23.tar.bz2 \ + https://dev-www.libreoffice.org/src/graphite2-minimal-1.3.10.tgz \ + https://dev-www.libreoffice.org/src/harfbuzz-1.8.4.tar.bz2 \ + https://dev-www.libreoffice.org/src/bae83fa5dc7f081768daace6e199adc3-glm-0.9.4.6-libreoffice.zip \ + https://dev-www.libreoffice.org/src/icu4c-62_1-src.tgz \ + https://dev-www.libreoffice.org/src/icu4c-62_1-data.zip \ + https://dev-www.libreoffice.org/src/libxml2-2.9.8.tar.gz \ + https://dev-www.libreoffice.org/src/libxslt-1.1.32.tar.gz \ + https://dev-www.libreoffice.org/src/hunspell-1.6.2.tar.gz \ + https://dev-www.libreoffice.org/src/lxml-4.1.1.tgz \ + https://dev-www.libreoffice.org/src/freetype-2.8.1.tar.bz2 \ + https://dev-www.libreoffice.org/src/fontconfig-2.12.6.tar.bz2 \ + https://dev-www.libreoffice.org/src/libepoxy-1.3.1.tar.bz2 \ + https://dev-www.libreoffice.org/src/gpgme-1.9.0.tar.bz2 \ + https://dev-www.libreoffice.org/src/libassuan-2.5.1.tar.bz2 \ + https://dev-www.libreoffice.org/src/libgpg-error-1.27.tar.bz2 \ + https://dev-www.libreoffice.org/src/libepubgen-0.1.1.tar.xz \ + https://dev-www.libreoffice.org/src/libnumbertext-1.0.4.tar.xz \ + https://dev-www.libreoffice.org/src/libqxp-0.0.1.tar.xz \ + https://dev-www.libreoffice.org/src/a233181e03d3c307668b4c722d881661-mariadb_client-2.0.0-src.tar.gz $SRC/ +#fuzzing dictionaries +ADD https://raw.githubusercontent.com/rc0r/afl-fuzz/master/dictionaries/gif.dict \ + https://raw.githubusercontent.com/rc0r/afl-fuzz/master/dictionaries/jpeg.dict \ + https://raw.githubusercontent.com/rc0r/afl-fuzz/master/dictionaries/png.dict \ + https://raw.githubusercontent.com/rc0r/afl-fuzz/master/dictionaries/tiff.dict \ + https://raw.githubusercontent.com/rc0r/afl-fuzz/master/dictionaries/xml.dict \ + https://raw.githubusercontent.com/rc0r/afl-fuzz/master/dictionaries/html_tags.dict $SRC/ +#fuzzing corpuses +ADD https://lcamtuf.coredump.cx/afl/demo/afl_testcases.tgz $SRC/ +RUN mkdir afl-testcases && cd afl-testcases/ && tar xf $SRC/afl_testcases.tgz && cd .. && \ + zip -q $SRC/jpgfuzzer_seed_corpus.zip afl-testcases/jpeg*/full/images/* && \ + zip -q $SRC/giffuzzer_seed_corpus.zip afl-testcases/gif*/full/images/* && \ + zip -q $SRC/bmpfuzzer_seed_corpus.zip afl-testcases/bmp*/full/images/* && \ + zip -q $SRC/pngfuzzer_seed_corpus.zip afl-testcases/png*/full/images/* +RUN svn export https://github.com/khaledhosny/ots/trunk/tests/fonts $SRC/sample-sft-fonts/ots +RUN svn export https://github.com/unicode-org/text-rendering-tests/trunk/fonts/ $SRC/sample-sft-fonts/unicode-org +RUN svn export https://github.com/harfbuzz/harfbuzz/trunk/test/shaping/data/in-house/fonts $SRC/sample-sft-fonts/harfbuzz +ADD https://github.com/adobe-fonts/adobe-variable-font-prototype/releases/download/1.001/AdobeVFPrototype.otf $SRC/sample-sft-fonts/adobe +RUN zip -qr $SRC/sftfuzzer_seed_corpus.zip $SRC/sample-sft-fonts +ADD https://dev-www.libreoffice.org/corpus/wmffuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/xbmfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/xpmfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/svmfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/pcdfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/dxffuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/metfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/ppmfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/psdfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/epsfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/pctfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/pcxfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/rasfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/tgafuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/tiffuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/hwpfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/602fuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/lwpfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/pptfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/rtffuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/olefuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/cgmfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/ww2fuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/ww6fuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/ww8fuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/qpwfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/slkfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/fodtfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/fodsfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/fodgfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/fodpfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/xlsfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/scrtffuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/wksfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/diffuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/docxfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/xlsxfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/pptxfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/mmlfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/mtpfuzzer_seed_corpus.zip \ + https://dev-www.libreoffice.org/corpus/htmlfuzzer_seed_corpus.zip $SRC/ #clone source -RUN git clone --depth 1 https://git.libreoffice.org/core libreoffice +RUN git clone --depth 1 git://anongit.freedesktop.org/libreoffice/core libreoffice WORKDIR libreoffice -RUN ./bin/oss-fuzz-setup.sh COPY build.sh $SRC/ diff --git a/projects/libreoffice/project.yaml b/projects/libreoffice/project.yaml index 43542a990..bcf9a4fe6 100644 --- a/projects/libreoffice/project.yaml +++ b/projects/libreoffice/project.yaml @@ -1,16 +1,6 @@ homepage: "https://www.libreoffice.org/" language: c++ primary_contact: "caolanm@redhat.com" -sanitizers: - - address - - memory: - experimental: True - - undefined -fuzzing_engines: - # see https://github.com/google/oss-fuzz/issues/6233 for missing afl - - libfuzzer - - honggfuzz -builds_per_day: 2 auto_ccs: - "officesecurity@lists.freedesktop.org" - "damjan.jov@gmail.com" diff --git a/projects/libressl/Dockerfile b/projects/libressl/Dockerfile index 3861c8546..964569aaf 100644 --- a/projects/libressl/Dockerfile +++ b/projects/libressl/Dockerfile @@ -20,7 +20,7 @@ RUN git clone --depth 1 https://github.com/libressl-portable/portable.git libres RUN git clone --depth 1 https://github.com/libressl-portable/fuzz.git libressl.fuzzers RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz-corpora -RUN wget https://boostorg.jfrog.io/artifactory/main/release/1.74.0/source/boost_1_74_0.tar.bz2 +RUN wget https://dl.bintray.com/boostorg/release/1.74.0/source/boost_1_74_0.tar.bz2 WORKDIR libressl RUN ./update.sh COPY build.sh *.options $SRC/ diff --git a/projects/libressl/build.sh b/projects/libressl/build.sh index 5c639e63f..48cf9599c 100755 --- a/projects/libressl/build.sh +++ b/projects/libressl/build.sh @@ -24,6 +24,9 @@ CFLAGS="" CXXFLAGS="" ./bootstrap.sh CFLAGS="" CXXFLAGS="" ./b2 headers cp -R boost/ /usr/include/ +# Prevent Boost compilation error with -std=c++17 +export CXXFLAGS="$CXXFLAGS -D_LIBCPP_ENABLE_CXX17_REMOVED_AUTO_PTR" + mkdir -p $WORK/libressl cd $WORK/libressl diff --git a/projects/libsass/project.yaml b/projects/libsass/project.yaml index fb5521b84..7c1c2f365 100644 --- a/projects/libsass/project.yaml +++ b/projects/libsass/project.yaml @@ -4,11 +4,10 @@ primary_contact: "xzyfer@gmail.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined labels: data_context_fuzzer: - sundew -main_repo: 'https://github.com/sass/libsass.git'
\ No newline at end of file +main_repo: 'https://github.com/sass/libsass.git' diff --git a/projects/libspectre/project.yaml b/projects/libspectre/project.yaml index 8509ec6b0..d98823235 100755 --- a/projects/libspectre/project.yaml +++ b/projects/libspectre/project.yaml @@ -7,8 +7,10 @@ fuzzing_engines: - libfuzzer - afl - honggfuzz + - dataflow sanitizers: - address - undefined - memory + - dataflow main_repo: 'https://gitlab.freedesktop.org/libspectre/libspectre.git' diff --git a/projects/libssh/project.yaml b/projects/libssh/project.yaml index 7cb24c4b9..5c643216c 100644 --- a/projects/libssh/project.yaml +++ b/projects/libssh/project.yaml @@ -7,7 +7,6 @@ auto_ccs: - "anderson.sasaki@gmail.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined -main_repo: 'https://git.libssh.org/projects/libssh.git'
\ No newline at end of file +main_repo: 'https://git.libssh.org/projects/libssh.git' diff --git a/projects/libssh2/build.sh b/projects/libssh2/build.sh index 26bb4906c..decc46778 100755 --- a/projects/libssh2/build.sh +++ b/projects/libssh2/build.sh @@ -15,6 +15,5 @@ # ################################################################################ -apt-get update # Run the OSS-Fuzz script in the project. ./tests/ossfuzz/ossfuzz.sh diff --git a/projects/libtasn1/project.yaml b/projects/libtasn1/project.yaml index 3490c8fb9..9380ae94a 100644 --- a/projects/libtasn1/project.yaml +++ b/projects/libtasn1/project.yaml @@ -10,8 +10,10 @@ fuzzing_engines: - afl - libfuzzer - honggfuzz + - dataflow sanitizers: - address - memory - undefined + - dataflow main_repo: 'https://gitlab.com/gnutls/libtasn1.git' diff --git a/projects/libtiff/project.yaml b/projects/libtiff/project.yaml index 000f9108f..6c7666b48 100644 --- a/projects/libtiff/project.yaml +++ b/projects/libtiff/project.yaml @@ -5,10 +5,9 @@ auto_ccs: - paul.l.kehrer@gmail.com sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined architectures: - x86_64 - i386 -main_repo: 'https://gitlab.com/libtiff/libtiff'
\ No newline at end of file +main_repo: 'https://gitlab.com/libtiff/libtiff' diff --git a/projects/libtpms/Dockerfile b/projects/libtpms/Dockerfile index 2f1800010..50496fe6a 100644 --- a/projects/libtpms/Dockerfile +++ b/projects/libtpms/Dockerfile @@ -19,8 +19,8 @@ RUN \ apt-get update && \ apt-get install -y \ make autoconf automake libtool \ - libstdc++-9-dev \ - libssl-dev libseccomp-dev pkg-config + libstdc++-5-dev \ + libssl-dev libseccomp-dev RUN git clone --depth 1 https://github.com/stefanberger/libtpms libtpms WORKDIR libtpms COPY build.sh $SRC/ diff --git a/projects/libusb/libusb_fuzzer.cc b/projects/libusb/libusb_fuzzer.cc index ad6432112..8e543a725 100644 --- a/projects/libusb/libusb_fuzzer.cc +++ b/projects/libusb/libusb_fuzzer.cc @@ -21,31 +21,29 @@ #include "libusb/libusbi.h" extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - struct libusb_transfer *transfer = NULL; + struct libusb_transfer *transfer; FuzzedDataProvider stream(data, size); uint8_t bmRequestType = stream.ConsumeIntegral<uint8_t>(); uint8_t bRequest = stream.ConsumeIntegral<uint8_t>(); uint16_t wValue = stream.ConsumeIntegral<uint16_t>(); uint16_t wIndex = stream.ConsumeIntegral<uint16_t>(); uint16_t wLength = stream.ConsumeIntegral<uint16_t>(); - std::string input = stream.ConsumeRandomLengthString(); - const char *d = input.c_str(); + std::vector<char> data_ = stream.ConsumeRemainingBytes<char>(); + unsigned char* buffer = reinterpret_cast<unsigned char*>(data_.data()); transfer = libusb_alloc_transfer(0); if (!transfer) { return LIBUSB_ERROR_NO_MEM; } - libusb_fill_control_setup((unsigned char *)d, bmRequestType, bRequest, wValue, wIndex, wLength); + if (!buffer) { + libusb_free_transfer(transfer); + return LIBUSB_ERROR_NO_MEM; + } - // Cleanup. - // We cannot call libusb_free_transfer as no callbacks has occurred. Calling - // libusb_free_transfer without this will trigger false positive errors. - struct usbi_transfer *itransfer = LIBUSB_TRANSFER_TO_USBI_TRANSFER(transfer); - usbi_mutex_destroy(&itransfer->lock); - size_t priv_size = PTR_ALIGN(usbi_backend.transfer_priv_size); - unsigned char *ptr = (unsigned char *)itransfer - priv_size; - free(ptr); + libusb_fill_control_setup( + buffer, bmRequestType, bRequest, wValue, wIndex, wLength); + libusb_free_transfer(transfer); return 0; } diff --git a/projects/libvips/Dockerfile b/projects/libvips/Dockerfile index 378e6005b..e792dff45 100644 --- a/projects/libvips/Dockerfile +++ b/projects/libvips/Dockerfile @@ -16,39 +16,29 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y \ + curl \ automake \ - autopoint \ cmake \ - curl \ - gettext \ - glib2.0-dev \ - gobject-introspection \ + nasm \ gtk-doc-tools \ - libbrotli-dev \ + gobject-introspection \ + libfftw3-dev \ libexpat1-dev \ libffi-dev \ - libfftw3-dev \ libselinux1-dev \ - libtool \ - nasm \ - python3-pip -RUN pip3 install meson ninja + glib2.0-dev RUN mkdir afl-testcases RUN curl https://lcamtuf.coredump.cx/afl/demo/afl_testcases.tgz | tar xzC afl-testcases RUN git clone --depth 1 https://github.com/libvips/libvips RUN git clone --depth 1 https://github.com/madler/zlib.git RUN git clone --depth 1 https://github.com/libexif/libexif -RUN git clone --depth 1 https://github.com/mm2/Little-CMS.git lcms RUN git clone --depth 1 https://github.com/libjpeg-turbo/libjpeg-turbo RUN git clone --depth 1 https://github.com/glennrp/libpng.git -RUN git clone --depth 1 https://github.com/randy408/libspng.git +RUN git clone --depth 1 https://git.code.sf.net/p/giflib/code libgif RUN git clone --depth 1 https://chromium.googlesource.com/webm/libwebp -RUN git clone --depth 1 https://gitlab.com/libtiff/libtiff +RUN git clone --depth 1 https://gitlab.com/libtiff/libtiff RUN git clone --depth 1 https://aomedia.googlesource.com/aom RUN git clone --depth 1 https://github.com/strukturag/libheif -RUN git clone --depth 1 --recursive https://github.com/libjxl/libjxl.git -RUN git clone --depth 1 https://github.com/lovell/libimagequant.git -RUN git clone --depth 1 https://github.com/dloebl/cgif.git WORKDIR libvips COPY build.sh $SRC/ diff --git a/projects/libvips/build.sh b/projects/libvips/build.sh index 17b496890..21505d6ed 100755 --- a/projects/libvips/build.sh +++ b/projects/libvips/build.sh @@ -29,8 +29,7 @@ popd pushd $SRC/libexif autoreconf -fi ./configure \ - --enable-static \ - --disable-shared \ + --enable-shared=no \ --disable-docs \ --disable-dependency-tracking \ --prefix=$WORK @@ -38,18 +37,6 @@ make -j$(nproc) make install popd -# lcms -pushd $SRC/lcms -./autogen.sh -./configure \ - --enable-static \ - --disable-shared \ - --disable-dependency-tracking \ - --prefix=$WORK -make -j$(nproc) -make install -popd - # aom pushd $SRC/aom mkdir -p build/linux @@ -58,7 +45,7 @@ cmake -G "Unix Makefiles" \ -DCMAKE_C_COMPILER=$CC -DCMAKE_CXX_COMPILER=$CXX \ -DCMAKE_C_FLAGS="$CFLAGS" -DCMAKE_CXX_FLAGS="$CXXFLAGS" \ -DCMAKE_INSTALL_PREFIX=$WORK -DCMAKE_INSTALL_LIBDIR=lib \ - -DENABLE_SHARED=FALSE -DCONFIG_PIC=1 \ + -DENABLE_SHARED:bool=off -DCONFIG_PIC=1 \ -DENABLE_EXAMPLES=0 -DENABLE_DOCS=0 -DENABLE_TESTS=0 \ -DCONFIG_SIZE_LIMIT=1 \ -DDECODE_HEIGHT_LIMIT=12288 -DDECODE_WIDTH_LIMIT=12288 \ @@ -79,8 +66,7 @@ autoreconf -fi --enable-static \ --disable-examples \ --disable-go \ - --prefix=$WORK \ - CPPFLAGS=-I$WORK/include + --prefix=$WORK make clean make -j$(nproc) make install @@ -88,14 +74,14 @@ popd # libjpeg-turbo pushd $SRC/libjpeg-turbo -cmake . -DCMAKE_INSTALL_PREFIX=$WORK -DENABLE_STATIC=TRUE -DENABLE_SHARED=FALSE -DWITH_TURBOJPEG=FALSE +cmake . -DCMAKE_INSTALL_PREFIX=$WORK -DENABLE_STATIC:bool=on make -j$(nproc) make install popd # libpng pushd $SRC/libpng -sed -ie "s/option WARNING /& disabled/" scripts/pnglibconf.dfa +sed -ie "s/option WARNING /option WARNING disabled/" scripts/pnglibconf.dfa autoreconf -fi ./configure \ --prefix=$WORK \ @@ -105,13 +91,9 @@ make -j$(nproc) make install popd -# libspng -pushd $SRC/libspng -cmake . -DCMAKE_INSTALL_PREFIX=$WORK -DSPNG_STATIC=TRUE -DSPNG_SHARED=FALSE -DZLIB_ROOT=$WORK -make -j$(nproc) -make install -# Fix pkg-config file of libspng -sed -i'.bak' "s/-lspng/&_static/" $WORK/lib/pkgconfig/libspng.pc +# libgif +pushd $SRC/libgif +make libgif.a libgif.so install-include install-lib OFLAGS="-O2" PREFIX=$WORK popd # libwebp @@ -145,59 +127,9 @@ make -j$(nproc) make install popd -# jpeg-xl (libjxl) -pushd $SRC/libjxl -sed -i'.bak' "/add_subdirectory(tools)/d" CMakeLists.txt -# Don't overwrite our linker flags -sed -i'.bak' "/set(CMAKE_EXE_LINKER_FLAGS/{N;d;}" CMakeLists.txt -cmake -G "Unix Makefiles" \ - -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_C_COMPILER=$CC \ - -DCMAKE_CXX_COMPILER=$CXX \ - -DCMAKE_C_FLAGS="$CFLAGS" \ - -DCMAKE_CXX_FLAGS="$CXXFLAGS" \ - -DCMAKE_EXE_LINKER_FLAGS="$LDFLAGS" \ - -DCMAKE_MODULE_LINKER_FLAGS="$LDFLAGS" \ - -DCMAKE_INSTALL_PREFIX="$WORK" \ - -DCMAKE_THREAD_LIBS_INIT="-lpthread" \ - -DCMAKE_USE_PTHREADS_INIT=1 \ - -DBUILD_SHARED_LIBS=0 \ - -DBUILD_TESTING=0 \ - -DJPEGXL_STATIC=1 \ - -DJPEGXL_FORCE_SYSTEM_BROTLI=1 \ - -DJPEGXL_ENABLE_FUZZERS=0 \ - -DJPEGXL_ENABLE_MANPAGES=0 \ - -DJPEGXL_ENABLE_BENCHMARK=0 \ - -DJPEGXL_ENABLE_EXAMPLES=0 \ - -DJPEGXL_ENABLE_SKCMS=0 \ - -DJPEGXL_ENABLE_SJPEG=0 \ - . -make -j$(nproc) -make install -popd - -# libimagequant -pushd $SRC/libimagequant -meson setup --prefix=$WORK --libdir=lib --default-library=static build -cd build -ninja -j$(nproc) -ninja install -popd - -# cgif -pushd $SRC/cgif -meson setup --prefix=$WORK --libdir=lib --default-library=static build -cd build -ninja -j$(nproc) -ninja install -popd - # libvips -sed -i'.bak' "/test/d" Makefile.am -sed -i'.bak' "/tools/d" Makefile.am -PKG_CONFIG="pkg-config --static" ./autogen.sh \ +./autogen.sh \ --disable-shared \ - --disable-modules \ --disable-gtk-doc \ --disable-gtk-doc-html \ --disable-dependency-tracking \ @@ -224,27 +156,20 @@ for fuzzer in fuzz/*_fuzzer.cc; do -I/usr/lib/x86_64-linux-gnu/glib-2.0/include \ $WORK/lib/libvips.a \ $WORK/lib/libexif.a \ - $WORK/lib/liblcms2.a \ - $WORK/lib/libjpeg.a \ + $WORK/lib/libturbojpeg.a \ $WORK/lib/libpng.a \ - $WORK/lib/libspng_static.a \ $WORK/lib/libz.a \ + $WORK/lib/libgif.a \ $WORK/lib/libwebpmux.a \ $WORK/lib/libwebpdemux.a \ $WORK/lib/libwebp.a \ $WORK/lib/libtiff.a \ $WORK/lib/libheif.a \ $WORK/lib/libaom.a \ - $WORK/lib/libjxl.a \ - $WORK/lib/libjxl_threads.a \ - $WORK/lib/libhwy.a \ - $WORK/lib/libimagequant.a \ - $WORK/lib/libcgif.a \ $LIB_FUZZING_ENGINE \ -Wl,-Bstatic \ - -lfftw3 -lexpat -lbrotlienc -lbrotlidec -lbrotlicommon \ - -lgmodule-2.0 -lgio-2.0 -lgobject-2.0 -lffi -lglib-2.0 \ - -lresolv -lmount -lblkid -lselinux -lsepol -lpcre \ + -lfftw3 -lgmodule-2.0 -lgio-2.0 -lgobject-2.0 -lffi -lglib-2.0 -lpcre -lexpat \ + -lresolv -lsepol -lselinux \ -Wl,-Bdynamic -pthread ln -sf "seed_corpus.zip" "$OUT/${target}_seed_corpus.zip" done diff --git a/projects/libvips/project.yaml b/projects/libvips/project.yaml index a00ccab31..d4b27f81c 100644 --- a/projects/libvips/project.yaml +++ b/projects/libvips/project.yaml @@ -2,6 +2,7 @@ homepage: "https://github.com/libvips/libvips" language: c++ primary_contact: "jcupitt@gmail.com" auto_ccs: + - "oscar.mira@adevinta.com" - "kleisauke@gmail.com" - "lovell.fuller@gmail.com" main_repo: 'https://github.com/libvips/libvips' diff --git a/projects/libxml2/project.yaml b/projects/libxml2/project.yaml index 3b6abb925..873e81ee3 100644 --- a/projects/libxml2/project.yaml +++ b/projects/libxml2/project.yaml @@ -1,5 +1,6 @@ homepage: "http://www.xmlsoft.org/" language: c++ +primary_contact: "wellnhofer@aevum.de" vendor_ccs: - "akilsrin@apple.com" - "ddkilzer@apple.com" diff --git a/projects/libxslt/project.yaml b/projects/libxslt/project.yaml index 69e37c793..09fc8306c 100644 --- a/projects/libxslt/project.yaml +++ b/projects/libxslt/project.yaml @@ -1,5 +1,6 @@ homepage: "http://www.xmlsoft.org/libxslt/" language: c++ +primary_contact: "wellnhofer@aevum.de" vendor_ccs: - "ddkilzer@apple.com" - "schenney@chromium.org" diff --git a/projects/libyal/Dockerfile b/projects/libyal/Dockerfile index 3a2f067b4..c255806e9 100644 --- a/projects/libyal/Dockerfile +++ b/projects/libyal/Dockerfile @@ -21,7 +21,6 @@ RUN apt-get update && apt-get install -y make autoconf automake autopoint libtoo RUN git clone --depth 1 https://github.com/libyal/libfplist.git libfplist RUN git clone --depth 1 https://github.com/libyal/libftxf.git libftxf RUN git clone --depth 1 https://github.com/libyal/libfusn.git libfusn -RUN git clone --depth 1 https://github.com/libyal/libfwevt.git libfwevt RUN git clone --depth 1 https://github.com/libyal/libfwnt.git libfwnt RUN git clone --depth 1 https://github.com/libyal/libfwps.git libfwps RUN git clone --depth 1 https://github.com/libyal/libfwsi.git libfwsi @@ -50,13 +49,11 @@ RUN git clone --depth 1 https://github.com/libyal/libfsxfs.git libfsxfs RUN git clone --depth 1 https://github.com/libyal/libbde.git libbde RUN git clone --depth 1 https://github.com/libyal/libluksde.git libluksde RUN git clone --depth 1 https://github.com/libyal/libvsgpt.git libvsgpt -RUN git clone --depth 1 https://github.com/libyal/libvshadow.git libvshadow RUN git clone --depth 1 https://github.com/libyal/libvslvm.git libvslvm RUN git clone --depth 1 https://github.com/libyal/libvsmbr.git libvsmbr RUN git clone --depth 1 https://github.com/libyal/libewf.git libewf RUN git clone --depth 1 https://github.com/libyal/libmodi.git libmodi -RUN git clone --depth 1 https://github.com/libyal/libodraw.git libodraw RUN git clone --depth 1 https://github.com/libyal/libqcow.git libqcow RUN git clone --depth 1 https://github.com/libyal/libsmraw.git libsmraw RUN git clone --depth 1 https://github.com/libyal/libvhdi.git libvhdi diff --git a/projects/libyang/build.sh b/projects/libyang/build.sh index 9e1563216..cb5857dd8 100755 --- a/projects/libyang/build.sh +++ b/projects/libyang/build.sh @@ -16,7 +16,7 @@ ################################################################################ cd libyang -git checkout devel +git checkout libyang2 sed -i 's/add_subdirectory/#add_subdirectory/g' ./tools/CMakeLists.txt mkdir build && cd build diff --git a/projects/libzip/project.yaml b/projects/libzip/project.yaml index 916b01ad1..2743d394f 100644 --- a/projects/libzip/project.yaml +++ b/projects/libzip/project.yaml @@ -6,6 +6,5 @@ auto_ccs: sanitizers: - address - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory -main_repo: 'https://github.com/nih-at/libzip.git'
\ No newline at end of file + - memory +main_repo: 'https://github.com/nih-at/libzip.git' diff --git a/projects/lighttpd/build.sh b/projects/lighttpd/build.sh index 33ef7dbb4..5cd286a7b 100755 --- a/projects/lighttpd/build.sh +++ b/projects/lighttpd/build.sh @@ -20,4 +20,4 @@ make cd src $CC $CFLAGS -c $SRC/fuzz_burl.c -I. -I../include -$CXX $CXXFLAGS $LIB_FUZZING_ENGINE fuzz_burl.o burl.o buffer.o base64.o ck.o -o $OUT/fuzz_burl +$CXX $CXXFLAGS $LIB_FUZZING_ENGINE fuzz_burl.o burl.o buffer.o base64.o -o $OUT/fuzz_burl diff --git a/projects/linkerd2-proxy/Dockerfile b/projects/linkerd2-proxy/Dockerfile deleted file mode 100644 index 1abb1d4f2..000000000 --- a/projects/linkerd2-proxy/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-rust -RUN git clone --depth 1 https://github.com/linkerd/linkerd2-proxy - -COPY build.sh $SRC/ -WORKDIR $SRC diff --git a/projects/linkerd2-proxy/build.sh b/projects/linkerd2-proxy/build.sh deleted file mode 100755 index 81044bcb0..000000000 --- a/projects/linkerd2-proxy/build.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -TARGET_PATH="./fuzz/target/x86_64-unknown-linux-gnu/release" -BASE="$SRC/linkerd2-proxy/linkerd" -BUILD_FUZZER="cargo +nightly fuzz build " - -cd ${BASE}/app/inbound -${BUILD_FUZZER} -cp ${TARGET_PATH}/fuzz_target_1 $OUT/fuzz_inbound - -cd ${BASE}/addr/ -${BUILD_FUZZER} -cp ${TARGET_PATH}/fuzz_target_1 $OUT/fuzz_addr - -cd ${BASE}/dns -${BUILD_FUZZER} -cp ${TARGET_PATH}/fuzz_target_1 $OUT/fuzz_dns - -cd ${BASE}/proxy/http -${BUILD_FUZZER} -cp ${TARGET_PATH}/fuzz_target_1 $OUT/fuzz_http - -cd ${BASE}/tls -${BUILD_FUZZER} -cp ${TARGET_PATH}/fuzz_target_1 $OUT/fuzz_tls - -cd ${BASE}/transport-header -${BUILD_FUZZER} -cp ${TARGET_PATH}/fuzz_target_raw $OUT/fuzz_transport_raw -cp ${TARGET_PATH}/fuzz_target_structured $OUT/fuzz_transport_structured - -echo "[libfuzzer]" > $OUT/fuzz_transport_raw.options -echo "detect_leaks=0" >> $OUT/fuzz_transport_raw.options diff --git a/projects/linkerd2-proxy/project.yaml b/projects/linkerd2-proxy/project.yaml deleted file mode 100644 index c7ce398ed..000000000 --- a/projects/linkerd2-proxy/project.yaml +++ /dev/null @@ -1,12 +0,0 @@ -homepage: "https://linkerd.io/" -main_repo: "https://github.com/linkerd/linkerd2-proxy" -primary_contact: "ver@buoyant.io" -sanitizers: - - address -fuzzing_engines: - - libfuzzer -language: rust -auto_ccs: - - "eliza@buoyant.io" - - "kevinl@buoyant.io" - - "david@adalogics.com" diff --git a/projects/lldb-eval/build.sh b/projects/lldb-eval/build.sh deleted file mode 100644 index dee5c7cfe..000000000 --- a/projects/lldb-eval/build.sh +++ /dev/null @@ -1,93 +0,0 @@ -#!/bin/bash -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -( -cd $SRC/ -GITHUB_RELEASE="https://github.com/google/lldb-eval/releases/download/oss-fuzz-ubuntu-20.04" - -if [ "$SANITIZER" = "address" ] -then - LLVM_ARCHIVE="llvm-12.0.1-x86_64-linux-release-address.tar.gz" -elif [ "$SANITIZER" = "memory" ] -then - LLVM_ARCHIVE="llvm-12.0.1-x86_64-linux-release-memory.tar.gz" -elif [ "$SANITIZER" = "undefined" ] -then - LLVM_ARCHIVE="llvm-12.0.1-x86_64-linux-release.tar.gz" -elif [ "$SANITIZER" = "coverage" ] -then - # For coverage we also need the original source code. - wget --quiet $GITHUB_RELEASE/llvm-12.0.1-source.tar.gz - tar -xzf llvm-12.0.1-source.tar.gz - wget --quiet $GITHUB_RELEASE/llvm-12.0.1-x86_64-linux-release-genfiles.tar.gz - tar -xzf llvm-12.0.1-x86_64-linux-release-genfiles.tar.gz - - LLVM_ARCHIVE="llvm-12.0.1-x86_64-linux-release.tar.gz" -else - echo "Unknown sanitizer: $SANITIZER" - exit 1 -fi - -wget --quiet $GITHUB_RELEASE/$LLVM_ARCHIVE -mkdir -p llvm && tar -xzf $LLVM_ARCHIVE --strip-components 1 -C llvm -) -export LLVM_INSTALL_PATH=$SRC/llvm - -if [ "$SANITIZER" = "undefined" ] -then - # Disable vptr because it's not allowed with '-fno-rtti' - CFLAGS="$CFLAGS -fno-sanitize=function,vptr" - CXXFLAGS="$CXXFLAGS -fno-sanitize=function,vptr" -fi - -# Undefine NDEBUG to enable asserts. -export BAZEL_EXTRA_BUILD_FLAGS="--copt=-UNDEBUG" - -# Run the build! -bazel_build_fuzz_tests - -# OSS-Fuzz rule doesn't build data dependencies -bazel build //testdata:fuzzer_binary_gen - -# OSS-Fuzz rule doesn't handle dynamic dependencies -# Copy liblldb.so -mkdir -p $OUT/lib -cp $SRC/llvm/lib/liblldb.so* $OUT/lib - -# List of targets to fuzz. -TARGETS=( - lldb_eval_libfuzzer_test - lldb_vs_lldb_eval_libfuzzer_test -) - -# Preparation of each target. -for target in ${TARGETS[@]}; do - # OSS-Fuzz rule doesn't package runfiles yet: - # https://github.com/bazelbuild/rules_fuzzing/issues/100 - mkdir -p $OUT/$target.runfiles - # fuzzer_binary - mkdir -p $OUT/$target.runfiles/lldb_eval/testdata - cp $SRC/lldb-eval/bazel-bin/testdata/fuzzer_binary $OUT/$target.runfiles/lldb_eval/testdata/ - cp $SRC/lldb-eval/testdata/fuzzer_binary.cc $OUT/$target.runfiles/lldb_eval/testdata/ - # lldb-server - mkdir -p $OUT/$target.runfiles/llvm_project/bin - cp $SRC/llvm/bin/lldb-server $OUT/$target.runfiles/llvm_project/bin/lldb-server - # Patch RPATH of the fuzz target - patchelf --set-rpath '$ORIGIN/lib' $OUT/$target -done - -cp $SRC/lldb_vs_lldb_eval_libfuzzer_test.options $OUT/ diff --git a/projects/lldb-eval/lldb_vs_lldb_eval_libfuzzer_test.options b/projects/lldb-eval/lldb_vs_lldb_eval_libfuzzer_test.options deleted file mode 100644 index f9d09656c..000000000 --- a/projects/lldb-eval/lldb_vs_lldb_eval_libfuzzer_test.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -detect_leaks=0 diff --git a/projects/lldb-eval/project.yaml b/projects/lldb-eval/project.yaml deleted file mode 100644 index 8568e7522..000000000 --- a/projects/lldb-eval/project.yaml +++ /dev/null @@ -1,11 +0,0 @@ -homepage: "https://github.com/google/lldb-eval" -main_repo: "https://github.com/google/lldb-eval" -language: c++ -primary_contact: "werat@google.com" -auto_ccs: - - "tsabolcec@google.com" -fuzzing_engines: - - libfuzzer -sanitizers: - - address - - undefined diff --git a/projects/llhttp/Dockerfile b/projects/llhttp/Dockerfile deleted file mode 100644 index c7ab95889..000000000 --- a/projects/llhttp/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake libtool -RUN curl -sL https://deb.nodesource.com/setup_14.x -o nodesource_setup.sh -RUN bash nodesource_setup.sh -RUN apt install -y nodejs -RUN git clone --depth 1 https://github.com/nodejs/llhttp llhttp -WORKDIR llhttp -COPY build.sh $SRC/ diff --git a/projects/llhttp/build.sh b/projects/llhttp/build.sh deleted file mode 100755 index a9a3a48f3..000000000 --- a/projects/llhttp/build.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -npm install -g typescript -npm link typescript -npm install . -make - -$CC $CFLAGS $LIB_FUZZING_ENGINE ./test/fuzzers/fuzz_parser.c -I./build/ ./build/libllhttp.a -o $OUT/fuzz_parser diff --git a/projects/llhttp/project.yaml b/projects/llhttp/project.yaml deleted file mode 100644 index dda736aae..000000000 --- a/projects/llhttp/project.yaml +++ /dev/null @@ -1,6 +0,0 @@ -homepage: "https://llhttp.org/" -main_repo: "https://github.com/nodejs/llhttp" -language: c -primary_contact: "fedor@indutny.com" -auto_ccs: - - "david@adalogics.com" diff --git a/projects/loki/Dockerfile b/projects/loki/Dockerfile index b045f7972..2340618ec 100644 --- a/projects/loki/Dockerfile +++ b/projects/loki/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/grafana/loki/ COPY build.sh $SRC/ WORKDIR $SRC/loki diff --git a/projects/lotus/Dockerfile b/projects/lotus/Dockerfile index bdbee4371..08dccff6a 100644 --- a/projects/lotus/Dockerfile +++ b/projects/lotus/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y mesa-opencl-icd ocl-icd-opencl-dev gcc \ git bzr jq pkg-config curl clang build-essential hwloc libhwloc-dev RUN git clone --depth 1 https://github.com/filecoin-project/lotus diff --git a/projects/matio/Dockerfile b/projects/matio/Dockerfile index 1b8e927ea..d69281cb8 100644 --- a/projects/matio/Dockerfile +++ b/projects/matio/Dockerfile @@ -18,6 +18,6 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool RUN git clone --depth 1 https://github.com/madler/zlib RUN git clone --depth 1 git://git.code.sf.net/p/matio/matio matio -ADD https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.12/hdf5-1.12.1/src/hdf5-1.12.1.tar.gz hdf5-1.12.1.tar.gz +ADD https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.12/hdf5-1.12.0/src/hdf5-1.12.0.tar.gz hdf5-1.12.0.tar.gz WORKDIR matio COPY build.sh $SRC/ diff --git a/projects/mbedtls/Dockerfile b/projects/mbedtls/Dockerfile index f39ea2abb..3a8908f94 100644 --- a/projects/mbedtls/Dockerfile +++ b/projects/mbedtls/Dockerfile @@ -17,7 +17,7 @@ FROM gcr.io/oss-fuzz-base/base-builder #TODO change RUN apt-get update && apt-get install -y make cmake -RUN git clone --recursive --depth 1 -b development_2.x https://github.com/ARMmbed/mbedtls.git mbedtls +RUN git clone --recursive --depth 1 https://github.com/ARMmbed/mbedtls.git mbedtls RUN git clone --depth 1 https://github.com/google/boringssl.git boringssl RUN git clone --depth 1 https://github.com/openssl/openssl.git openssl WORKDIR mbedtls diff --git a/projects/mdbtools/build.sh b/projects/mdbtools/build.sh index 048d4a176..d3269bc62 100644 --- a/projects/mdbtools/build.sh +++ b/projects/mdbtools/build.sh @@ -17,7 +17,7 @@ ################################################################################ autoreconf -f -i -./configure --enable-static --disable-man --disable-glib --disable-silent-rules +./configure --enable-static --disable-man --disable-glib make clean make diff --git a/projects/mercurial/project.yaml b/projects/mercurial/project.yaml index 09674b145..2908b04b4 100644 --- a/projects/mercurial/project.yaml +++ b/projects/mercurial/project.yaml @@ -6,11 +6,8 @@ auto_ccs: - "kbullock@ringworld.org" - "security@mercurial-scm.org" - "martinvonz@google.com" - - "raphael.gomes@octobus.net" sanitizers: - address - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory coverage_extra_args: -ignore-filename-regex=.*/sanpy/.* -main_repo: "https://www.mercurial-scm.org/repo/hg" diff --git a/projects/minify/Dockerfile b/projects/minify/Dockerfile index 20d75ad61..3f3516ae5 100644 --- a/projects/minify/Dockerfile +++ b/projects/minify/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/tdewolff/minify RUN git clone --depth 1 https://github.com/tdewolff/parse COPY build.sh $SRC/ diff --git a/projects/monero/Dockerfile b/projects/monero/Dockerfile index d8f361983..fe2dbbe91 100644 --- a/projects/monero/Dockerfile +++ b/projects/monero/Dockerfile @@ -44,8 +44,7 @@ RUN set -ex && \ libreadline-dev \ libudev-dev \ libprotobuf-dev \ - protobuf-compiler \ - libexpat-dev + protobuf-compiler WORKDIR monero @@ -118,8 +117,5 @@ RUN set -ex \ && make \ && make install -RUN git clone https://github.com/NLnetLabs/unbound && \ - cd unbound && ./configure && make && make install - RUN git clone --depth 1 https://github.com/monero-project/monero.git monero COPY build.sh $SRC/ diff --git a/projects/mp4parse-rust/Dockerfile b/projects/mp4parse-rust/Dockerfile index f974759f4..990fbbafa 100644 --- a/projects/mp4parse-rust/Dockerfile +++ b/projects/mp4parse-rust/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool curl cmake python llvm-dev libclang-dev clang RUN git clone --depth 1 --recursive https://github.com/mozilla/mp4parse-rust mp4parse-rust diff --git a/projects/msgpack-c/Dockerfile b/projects/msgpack-c/Dockerfile index 385767b2f..87efd7640 100644 --- a/projects/msgpack-c/Dockerfile +++ b/projects/msgpack-c/Dockerfile @@ -18,7 +18,7 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y cmake wget bzip2 RUN git clone --depth 1 --single-branch --branch cpp_master https://github.com/msgpack/msgpack-c.git msgpack-c -RUN wget https://boostorg.jfrog.io/artifactory/main/release/1.70.0/source/boost_1_70_0.tar.bz2 && \ +RUN wget https://dl.bintray.com/boostorg/release/1.70.0/source/boost_1_70_0.tar.bz2 && \ tar xf boost_1_70_0.tar.bz2 && \ cd boost_1_70_0 && \ ./bootstrap.sh --with-toolset=clang --prefix=/usr && \ diff --git a/projects/mtail/Dockerfile b/projects/mtail/Dockerfile index b61263a5c..7861cbcd5 100644 --- a/projects/mtail/Dockerfile +++ b/projects/mtail/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/google/mtail $GOPATH/src/github.com/google/mtail WORKDIR $GOPATH/src/github.com/google/mtail COPY build.sh $SRC/ diff --git a/projects/mtail/build.sh b/projects/mtail/build.sh index 9e6eff2e3..2c769ad33 100755 --- a/projects/mtail/build.sh +++ b/projects/mtail/build.sh @@ -15,6 +15,6 @@ # ################################################################################ -compile_go_fuzzer github.com/google/mtail/internal/runtime Fuzz vm-fuzzer +compile_go_fuzzer github.com/google/mtail/internal/vm Fuzz vm-fuzzer # Make the dictionary and seed corpus. make --debug $OUT/vm-fuzzer.dict $OUT/vm-fuzzer_seed_corpus.zip diff --git a/projects/muduo/Dockerfile b/projects/muduo/Dockerfile deleted file mode 100644 index d8ba22346..000000000 --- a/projects/muduo/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make libboost-dev -RUN git clone --depth 1 https://github.com/chenshuo/muduo -WORKDIR muduo -COPY build.sh muduo_http_fuzzer.cpp $SRC/ diff --git a/projects/muduo/build.sh b/projects/muduo/build.sh deleted file mode 100755 index 023146ec7..000000000 --- a/projects/muduo/build.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -sed -i '34 a $ENV{CXXFLAGS}' CMakeLists.txt -mkdir -p build-dir && cd build-dir -cmake -DCMAKE_BUILD_TYPE="release" \ - .. -make -j$(nproc) - -$CXX $CXXFLAGS -I/src/muduo \ - -o muduo_http_fuzzer.o \ - -c $SRC/muduo_http_fuzzer.cpp - -$CXX $CXXFLAGS $LIB_FUZZING_ENGINE \ - muduo_http_fuzzer.o \ - -o $OUT/muduo_http_fuzzer \ - ./lib/libmuduo_http.a \ - ./lib/libmuduo_net.a \ - ./lib/libmuduo_base.a diff --git a/projects/muduo/muduo_http_fuzzer.cpp b/projects/muduo/muduo_http_fuzzer.cpp deleted file mode 100644 index d3eed6a23..000000000 --- a/projects/muduo/muduo_http_fuzzer.cpp +++ /dev/null @@ -1,35 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include <stdint.h> -#include <string.h> -#include <stdlib.h> - -#include "muduo/net/http/HttpContext.h" -#include "muduo/net/Buffer.h" -#include "muduo/base/Timestamp.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size){ - char *new_str = (char *)malloc(size+1); - if (new_str == NULL){ - return 0; - } - memcpy(new_str, data, size); - new_str[size] = '\0'; - - muduo::net::HttpContext context; - muduo::net::Buffer input; - input.append(new_str); - context.parseRequest(&input, muduo::Timestamp::now()); - free(new_str); - return 0; -} diff --git a/projects/muduo/project.yaml b/projects/muduo/project.yaml deleted file mode 100644 index 0a2249949..000000000 --- a/projects/muduo/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://github.com/chenshuo/muduo" -language: c++ -primary_contact: "chenshuo@chenshuo.com" -auto_ccs: - - "Adam@adalogics.com" -sanitizers: - - address - - undefined - - memory -main_repo: "https://github.com/chenshuo/muduo" diff --git a/projects/mupdf/Dockerfile b/projects/mupdf/Dockerfile index 8d1668ed3..160ce0ee9 100644 --- a/projects/mupdf/Dockerfile +++ b/projects/mupdf/Dockerfile @@ -22,5 +22,5 @@ RUN git clone --depth 1 https://github.com/mozilla/pdf.js pdf.js && \ rm -rf pdf.js ADD https://raw.githubusercontent.com/rc0r/afl-fuzz/master/dictionaries/pdf.dict $SRC/pdf_fuzzer.dict WORKDIR mupdf -COPY *.cc $SRC/ +COPY *.cc source/fuzz/ COPY build.sh *.options $SRC/ diff --git a/projects/mupdf/build.sh b/projects/mupdf/build.sh index 6a2613c4f..d06190698 100755 --- a/projects/mupdf/build.sh +++ b/projects/mupdf/build.sh @@ -15,14 +15,11 @@ # ################################################################################ -# supp_size is unused in harfbuzz so we will avoid it being unused. -sed -i 's/supp_size;/supp_size;(void)(supp_size);/g' ./thirdparty/harfbuzz/src/hb-subset-cff1.cc - LDFLAGS="$CXXFLAGS" make -j$(nproc) HAVE_GLUT=no build=debug OUT=$WORK fuzz_target=pdf_fuzzer $CXX $CXXFLAGS -std=c++11 -Iinclude \ - $SRC/pdf_fuzzer.cc -o $OUT/$fuzz_target \ + source/fuzz/pdf_fuzzer.cc -o $OUT/$fuzz_target \ $LIB_FUZZING_ENGINE $WORK/libmupdf.a $WORK/libmupdf-third.a mv $SRC/{*.zip,*.dict,*.options} $OUT diff --git a/projects/myanmar-tools/build.sh b/projects/myanmar-tools/build.sh index e13632297..771601bfc 100644 --- a/projects/myanmar-tools/build.sh +++ b/projects/myanmar-tools/build.sh @@ -1,19 +1,16 @@ -#!/bin/bash -eu # Copyright 2019 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -# -################################################################################ cd $SRC/myanmar-tools/clients/cpp mkdir build @@ -33,7 +30,7 @@ cp libmyanmartools.so $OUT/lib # Copy libunwind since it isn't on the ClusterFuzz bot images. cp /usr/lib/x86_64-linux-gnu/libunwind.so.8 $OUT/lib/ $CXX $CXXFLAGS -std=c++11 -I../public -L$OUT/lib \ - -Wl,-rpath,'$ORIGIN/lib' -lmyanmartools -lunwind \ + -Wl,-rpath,'$ORIGIN/lib' -lmyanmartools \ -o $OUT/zawgyi_detector_fuzz_target \ ../zawgyi_detector_fuzz_target.cpp \ $LIB_FUZZING_ENGINE diff --git a/projects/myanmar-tools/project.yaml b/projects/myanmar-tools/project.yaml index 5d583adff..d2c7f3256 100644 --- a/projects/myanmar-tools/project.yaml +++ b/projects/myanmar-tools/project.yaml @@ -5,7 +5,6 @@ auto_ccs: - "ccornelius@google.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory coverage_extra_args: -ignore-filename-regex=.*/\.hunter/.* main_repo: 'https://github.com/google/myanmar-tools.git' diff --git a/projects/mysql-server/build.sh b/projects/mysql-server/build.sh index ee4dfd0fe..6ea7b2712 100644 --- a/projects/mysql-server/build.sh +++ b/projects/mysql-server/build.sh @@ -25,7 +25,7 @@ if [[ $SANITIZER = *undefined* ]]; then else cmake .. -Dprotobuf_BUILD_SHARED_LIBS=OFF -DDOWNLOAD_BOOST=1 -DWITH_BOOST=. -DWITH_SSL=system -DFUZZING=1 -DCMAKE_INSTALL_PREFIX=$OUT/mysql fi -make -j$(nproc) install +make install mv $OUT/mysql/bin/fuzz* $OUT/ cp ../fuzz/fuzz*.options $OUT/ cp ../fuzz/fuzz*.dict $OUT/ diff --git a/projects/mysql-server/fix.diff b/projects/mysql-server/fix.diff index b8f7825bd..cec23c2d2 100644 --- a/projects/mysql-server/fix.diff +++ b/projects/mysql-server/fix.diff @@ -1,8 +1,8 @@ diff --git a/CMakeLists.txt b/CMakeLists.txt -index 4a4bbfa72fa..0478561e66c 100644 +index 3667900243c..337344e124d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -688,6 +688,7 @@ IF(WITH_JEMALLOC AND (WITH_TCMALLOC OR WITH_TCMALLOC_DEBUG)) +@@ -597,6 +597,7 @@ IF(WITH_JEMALLOC AND (WITH_TCMALLOC OR WITH_TCMALLOC_DEBUG)) MESSAGE(FATAL_ERROR "Specify only *one* of WITH_TCMALLOC and WITH_JEMALLOC") ENDIF() @@ -10,8 +10,8 @@ index 4a4bbfa72fa..0478561e66c 100644 OPTION(ENABLED_PROFILING "Enable profiling" ON) OPTION(WITHOUT_SERVER OFF) -@@ -1804,6 +1805,10 @@ IF(NOT WITHOUT_SERVER AND WITH_UNIT_TESTS) - ENDIF() +@@ -1587,6 +1588,10 @@ IF(NOT WITHOUT_SERVER AND WITH_UNIT_TESTS) + TARGET_LINK_LIBRARIES(server_unittest_library ${ICU_LIBRARIES}) ENDIF() +IF (FUZZING) @@ -21,22 +21,8 @@ index 4a4bbfa72fa..0478561e66c 100644 # scripts/mysql_config depends on client and server targets loaded above. # It is referenced by some of the directories below, so we insert it here. ADD_SUBDIRECTORY(scripts) -diff --git a/cmake/os/Linux.cmake b/cmake/os/Linux.cmake -index 0e25e8eb..3ae74839 100644 ---- a/cmake/os/Linux.cmake -+++ b/cmake/os/Linux.cmake -@@ -103,7 +103,8 @@ IF(NOT WITH_ASAN AND - NOT WITH_LSAN AND - NOT WITH_MSAN AND - NOT WITH_TSAN AND -- NOT WITH_UBSAN) -+ NOT WITH_UBSAN AND -+ NOT FUZZING) - SET(LINK_FLAG_NO_UNDEFINED "-Wl,--no-undefined") - SET(LINK_FLAG_Z_DEFS "-z,defs") - ENDIF() diff --git a/include/mysql.h b/include/mysql.h -index 4700d74b853..bdf9b765ffb 100644 +index b805bffdf88..23d2311299e 100644 --- a/include/mysql.h +++ b/include/mysql.h @@ -262,7 +262,8 @@ enum mysql_protocol_type { @@ -50,10 +36,10 @@ index 4700d74b853..bdf9b765ffb 100644 enum mysql_ssl_mode { diff --git a/include/mysql.h.pp b/include/mysql.h.pp -index 39ebd0fcb93..c041cc4690f 100644 +index ce785802ad9..4f048082335 100644 --- a/include/mysql.h.pp +++ b/include/mysql.h.pp -@@ -486,7 +486,8 @@ enum mysql_protocol_type { +@@ -485,7 +485,8 @@ enum mysql_protocol_type { MYSQL_PROTOCOL_TCP, MYSQL_PROTOCOL_SOCKET, MYSQL_PROTOCOL_PIPE, @@ -64,7 +50,7 @@ index 39ebd0fcb93..c041cc4690f 100644 enum mysql_ssl_mode { SSL_MODE_DISABLED = 1, diff --git a/include/violite.h b/include/violite.h -index a6ccd1a607d..8dc0d46dd7f 100644 +index c04e82505a7..2498ba0053c 100644 --- a/include/violite.h +++ b/include/violite.h @@ -108,12 +108,14 @@ enum enum_vio_type : int { @@ -105,13 +91,13 @@ index a6ccd1a607d..8dc0d46dd7f 100644 + #endif /* vio_violite_h_ */ diff --git a/libmysql/CMakeLists.txt b/libmysql/CMakeLists.txt -index 334d1b7d3ef..c37c5ad930e 100644 +index 4956a0dc2d8..bab0aa3b504 100644 --- a/libmysql/CMakeLists.txt +++ b/libmysql/CMakeLists.txt -@@ -345,11 +345,11 @@ IF(LINUX_STANDALONE AND KERBEROS_CUSTOM_LIBRARY) - ENDIF() +@@ -353,11 +353,11 @@ IF(UNIX) + + ADD_INSTALL_RPATH_FOR_OPENSSL(libmysql) - IF(UNIX) - IF(LINK_FLAG_Z_DEFS) + IF(LINK_FLAG_Z_DEFS AND NOT FUZZING) MY_TARGET_LINK_OPTIONS(libmysql "LINKER:${LINK_FLAG_Z_DEFS}") @@ -119,11 +105,23 @@ index 334d1b7d3ef..c37c5ad930e 100644 - IF(LINUX) + IF(LINUX AND NOT FUZZING) - CONFIGURE_FILE(libmysql.ver.in ${CMAKE_CURRENT_BINARY_DIR}/libmysql.ver) MY_TARGET_LINK_OPTIONS(libmysql "LINKER:--version-script=${CMAKE_CURRENT_BINARY_DIR}/libmysql.ver") + ENDIF() +diff --git a/mysys/mf_tempfile.cc b/mysys/mf_tempfile.cc +index f4f5dffba9a..26ab2ce0917 100644 +--- a/mysys/mf_tempfile.cc ++++ b/mysys/mf_tempfile.cc +@@ -320,6 +320,7 @@ File create_temp_file(char *to, const char *dir, const char *prefix, + set_my_errno(ENAMETOOLONG); + return file; + } ++ sprintf(prefix_buff, "%sXXXXXX", prefix ? prefix : "tmp."); + my_stpcpy(convert_dirname(to, dir, NullS), prefix_buff); + file = mkstemp(to); + file_info::RegisterFilename(file, to, file_info::OpenType::FILE_BY_MKSTEMP); diff --git a/mysys/my_rnd.cc b/mysys/my_rnd.cc -index 2fc7820eaa3..248ea909db8 100644 +index 8253e3967d4..034c71de600 100644 --- a/mysys/my_rnd.cc +++ b/mysys/my_rnd.cc @@ -48,6 +48,9 @@ @@ -160,10 +158,10 @@ index 2fc7820eaa3..248ea909db8 100644 *failed = true; return 0; diff --git a/sql-common/client.cc b/sql-common/client.cc -index b8050f2b1a7..9a65178c5c4 100644 +index 61404be555b..721802cb60c 100644 --- a/sql-common/client.cc +++ b/sql-common/client.cc -@@ -5892,6 +5892,12 @@ static mysql_state_machine_status csm_begin_connect(mysql_async_connect *ctx) { +@@ -5774,6 +5774,12 @@ static mysql_state_machine_status csm_begin_connect(mysql_async_connect *ctx) { } } #endif /* _WIN32 */ @@ -177,12 +175,12 @@ index b8050f2b1a7..9a65178c5c4 100644 if (!net->vio && (!mysql->options.protocol || diff --git a/sql/mysqld.cc b/sql/mysqld.cc -index 50b76e2fa75..871006c2d8f 100644 +index 519926135ed..db75dc7f5e5 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc -@@ -6991,7 +6991,9 @@ int mysqld_main(int argc, char **argv) - - keyring_lockable_init(); +@@ -6862,7 +6862,9 @@ int mysqld_main(int argc, char **argv) + unireg_abort(MYSQLD_ABORT_EXIT); // Will do exit + } +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION my_init_signals(); @@ -190,7 +188,7 @@ index 50b76e2fa75..871006c2d8f 100644 size_t guardize = 0; #ifndef _WIN32 -@@ -7497,8 +7499,10 @@ int mysqld_main(int argc, char **argv) +@@ -7347,8 +7349,10 @@ int mysqld_main(int argc, char **argv) unireg_abort(MYSQLD_ABORT_EXIT); #ifndef _WIN32 @@ -201,7 +199,7 @@ index 50b76e2fa75..871006c2d8f 100644 #endif /* set all persistent options */ -@@ -7543,8 +7547,9 @@ int mysqld_main(int argc, char **argv) +@@ -7393,8 +7397,9 @@ int mysqld_main(int argc, char **argv) } start_handle_manager(); @@ -212,7 +210,7 @@ index 50b76e2fa75..871006c2d8f 100644 LogEvent() .type(LOG_TYPE_ERROR) -@@ -7591,6 +7596,10 @@ int mysqld_main(int argc, char **argv) +@@ -7441,6 +7446,10 @@ int mysqld_main(int argc, char **argv) (void)RUN_HOOK(server_state, before_handle_connection, (nullptr)); @@ -223,7 +221,7 @@ index 50b76e2fa75..871006c2d8f 100644 #if defined(_WIN32) if (mysqld_socket_acceptor != nullptr) mysqld_socket_acceptor->check_and_spawn_admin_connection_handler_thread(); -@@ -10500,6 +10509,9 @@ static int get_options(int *argc_ptr, char ***argv_ptr) { +@@ -10281,6 +10290,9 @@ static int get_options(int *argc_ptr, char ***argv_ptr) { if (opt_short_log_format) opt_specialflag |= SPECIAL_SHORT_LOG_FORMAT; @@ -234,10 +232,10 @@ index 50b76e2fa75..871006c2d8f 100644 LogErr(ERROR_LEVEL, ER_CONNECTION_HANDLING_OOM); return 1; diff --git a/storage/innobase/buf/buf0buf.cc b/storage/innobase/buf/buf0buf.cc -index 7ecc10961ac..5f13f94eb02 100644 +index fba0684f322..8352dacbc03 100644 --- a/storage/innobase/buf/buf0buf.cc +++ b/storage/innobase/buf/buf0buf.cc -@@ -1476,18 +1476,14 @@ dberr_t buf_pool_init(ulint total_size, ulint n_instances) { +@@ -1487,18 +1487,14 @@ dberr_t buf_pool_init(ulint total_size, ulint n_instances) { n = n_instances; } @@ -259,7 +257,7 @@ index 7ecc10961ac..5f13f94eb02 100644 err = errs[id]; } diff --git a/vio/CMakeLists.txt b/vio/CMakeLists.txt -index 35ab5f17f15..9b39bfdbdbf 100644 +index d44eebce63a..975bc878e17 100644 --- a/vio/CMakeLists.txt +++ b/vio/CMakeLists.txt @@ -27,6 +27,7 @@ SET(VIO_SOURCES @@ -271,7 +269,7 @@ index 35ab5f17f15..9b39bfdbdbf 100644 IF(WIN32) diff --git a/vio/vio.cc b/vio/vio.cc -index 368c8d7b581..50c3231a8b0 100644 +index 38e3d90f20e..abbc9a52478 100644 --- a/vio/vio.cc +++ b/vio/vio.cc @@ -284,6 +284,26 @@ static bool vio_init(Vio *vio, enum enum_vio_type type, my_socket sd, @@ -313,7 +311,7 @@ index 368c8d7b581..50c3231a8b0 100644 int *len) { diff --git a/vio/viofuzz.cc b/vio/viofuzz.cc new file mode 100644 -index 00000000000..5b368d685cb +index 00000000000..83f22a5dbb9 --- /dev/null +++ b/vio/viofuzz.cc @@ -0,0 +1,124 @@ @@ -366,7 +364,7 @@ index 00000000000..5b368d685cb + DBUG_ENTER("vio_socket_connect"); + + /* Only for socket-based transport types. */ -+ //DBUG_ASSERT(vio->type == VIO_TYPE_SOCKET || vio->type == VIO_TYPE_TCPIP); ++ DBUG_ASSERT(vio->type == VIO_TYPE_SOCKET || vio->type == VIO_TYPE_TCPIP); + + /* Initiate the connection. */ + return 0; diff --git a/projects/mysql-server/project.yaml b/projects/mysql-server/project.yaml index 893dfb092..68f04d294 100644 --- a/projects/mysql-server/project.yaml +++ b/projects/mysql-server/project.yaml @@ -9,6 +9,7 @@ auto_ccs: fuzzing_engines: - libfuzzer + - honggfuzz sanitizers: - address - undefined diff --git a/projects/nats/Dockerfile b/projects/nats/Dockerfile index e67288afc..a9dbcf4cf 100644 --- a/projects/nats/Dockerfile +++ b/projects/nats/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/nats-io/nats-server COPY build.sh $SRC/ WORKDIR $SRC/nats-server diff --git a/projects/nats/build.sh b/projects/nats/build.sh index b9ce8fdf8..2235a6e4b 100755 --- a/projects/nats/build.sh +++ b/projects/nats/build.sh @@ -15,5 +15,8 @@ # ################################################################################ -compile_go_fuzzer github.com/nats-io/nats-server/v2/conf Fuzz fuzz_conf -compile_go_fuzzer github.com/nats-io/nats-server/v2/server FuzzClient fuzz_client + + +compile_go_fuzzer ./conf Fuzz fuzz_conf +compile_go_fuzzer ./server FuzzClient fuzz_client + diff --git a/projects/ndpi/Dockerfile b/projects/ndpi/Dockerfile index 11d426d6c..fafb08154 100644 --- a/projects/ndpi/Dockerfile +++ b/projects/ndpi/Dockerfile @@ -15,7 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake autogen pkg-config libtool flex bison cmake libnuma-dev libgcrypt20-dev libpcre2-dev +RUN apt-get update && apt-get install -y make autoconf automake autogen pkg-config libtool flex bison cmake RUN git clone --depth 1 https://github.com/json-c/json-c.git json-c RUN git clone --depth 1 https://github.com/ntop/nDPI.git ndpi ADD https://www.tcpdump.org/release/libpcap-1.9.1.tar.gz libpcap-1.9.1.tar.gz diff --git a/projects/nestegg/project.yaml b/projects/nestegg/project.yaml index 2e4b2e558..93165f38a 100644 --- a/projects/nestegg/project.yaml +++ b/projects/nestegg/project.yaml @@ -5,10 +5,12 @@ fuzzing_engines: - afl - libfuzzer - honggfuzz + - dataflow sanitizers: - address - memory - undefined + - dataflow vendor_ccs: - "twsmith@mozilla.com" main_repo: 'https://github.com/kinetiknz/nestegg.git' diff --git a/projects/net-snmp/Dockerfile b/projects/net-snmp/Dockerfile index 324a732bf..c9e6a7925 100644 --- a/projects/net-snmp/Dockerfile +++ b/projects/net-snmp/Dockerfile @@ -15,7 +15,11 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN git clone -q --depth 1 https://github.com/net-snmp/net-snmp net-snmp -RUN net-snmp/ci/install.sh +RUN apt-get update && apt-get install -y make autoconf libtool libssl-dev +RUN git clone --depth 1 git://git.code.sf.net/p/net-snmp/code net-snmp WORKDIR net-snmp COPY build.sh $SRC/ +# +# Until the project moves the fuzzers to the source tree +COPY snmp_pdu_parse_fuzzer.c $SRC/ +COPY agentx_parse_fuzzer.c $SRC/ diff --git a/projects/net-snmp/agentx_parse_fuzzer.c b/projects/net-snmp/agentx_parse_fuzzer.c new file mode 100644 index 000000000..436011208 --- /dev/null +++ b/projects/net-snmp/agentx_parse_fuzzer.c @@ -0,0 +1,47 @@ +/* + * Copyright 2018 Google Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This fuzzer exercises the agentx PDU parsing code. + */ +#include <net-snmp/net-snmp-config.h> +#include <net-snmp/net-snmp-includes.h> +/* We build with the agent/mibgroup/agentx dir in an -I */ +#include <protocol.h> +#include <stddef.h> +#include <stdint.h> +#include <stdlib.h> + +int LLVMFuzzerInitialize(int *argc, char ***argv) { + if (getenv("NETSNMP_DEBUGGING") != NULL) { + /* + * Turn on all debugging, to help understand what + * bits of the parser are running. + */ + snmp_enable_stderrlog(); + snmp_set_do_debugging(1); + debug_register_tokens(""); + } + return 0; +} + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + netsnmp_pdu *pdu = SNMP_MALLOC_TYPEDEF(netsnmp_pdu); + netsnmp_session session; + + session.version = AGENTX_VERSION_1; + agentx_parse(&session, pdu, (unsigned char *)data, size); + snmp_free_pdu(pdu); + return 0; +} diff --git a/projects/net-snmp/build.sh b/projects/net-snmp/build.sh index 3753b7638..b7bceda0b 100755 --- a/projects/net-snmp/build.sh +++ b/projects/net-snmp/build.sh @@ -15,6 +15,21 @@ # ################################################################################ -# Configure and build Net-SNMP and the fuzzers. -export CC CXX CFLAGS CXXFLAGS SRC WORK OUT LIB_FUZZING_ENGINE -ci/build.sh +# build project +./configure --with-openssl=/usr --with-defaults --with-logfile="/dev/null" --with-persistent-directory="/dev/null" +# net-snmp build is not parallel-make safe; do not add -j +make + +# build fuzzers (remember to link statically) +$CC $CFLAGS -c -Iinclude $SRC/snmp_pdu_parse_fuzzer.c -o $WORK/snmp_pdu_parse_fuzzer.o +$CXX $CXXFLAGS $WORK/snmp_pdu_parse_fuzzer.o \ + $LIB_FUZZING_ENGINE snmplib/.libs/libnetsnmp.a \ + -Wl,-Bstatic -lcrypto -Wl,-Bdynamic -lm \ + -o $OUT/snmp_pdu_parse_fuzzer + +$CC $CFLAGS -c -Iinclude -Iagent/mibgroup/agentx $SRC/agentx_parse_fuzzer.c -o $WORK/agentx_parse_fuzzer.o +$CXX $CXXFLAGS $WORK/agentx_parse_fuzzer.o \ + $LIB_FUZZING_ENGINE snmplib/.libs/libnetsnmp.a \ + agent/.libs/libnetsnmpagent.a \ + -Wl,-Bstatic -lcrypto -Wl,-Bdynamic -lm \ + -o $OUT/agentx_parse_fuzzer diff --git a/projects/net-snmp/project.yaml b/projects/net-snmp/project.yaml index 5a27e2e7c..339203860 100644 --- a/projects/net-snmp/project.yaml +++ b/projects/net-snmp/project.yaml @@ -6,5 +6,4 @@ auto_ccs: - "fenner@gmail.com" - "bvanassche@acm.org" - "magfr@lysator.liu.se" - - "david@adalogics.com" main_repo: 'git://git.code.sf.net/p/net-snmp/code' diff --git a/projects/net-snmp/snmp_pdu_parse_fuzzer.c b/projects/net-snmp/snmp_pdu_parse_fuzzer.c new file mode 100644 index 000000000..6d45552db --- /dev/null +++ b/projects/net-snmp/snmp_pdu_parse_fuzzer.c @@ -0,0 +1,44 @@ +/* + * Copyright 2018 Google Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This fuzzer exercises the SNMP PDU parsing code, including ASN.1. + */ +#include <net-snmp/net-snmp-config.h> +#include <net-snmp/net-snmp-includes.h> +#include <stddef.h> +#include <stdint.h> +#include <stdlib.h> + +int LLVMFuzzerInitialize(int *argc, char ***argv) { + if (getenv("NETSNMP_DEBUGGING") != NULL) { + /* + * Turn on all debugging, to help understand what + * bits of the parser are running. + */ + snmp_enable_stderrlog(); + snmp_set_do_debugging(1); + debug_register_tokens(""); + } + return 0; +} + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + size_t bytes_remaining = size; + netsnmp_pdu *pdu = SNMP_MALLOC_TYPEDEF(netsnmp_pdu); + + snmp_pdu_parse(pdu, (unsigned char *)data, &bytes_remaining); + snmp_free_pdu(pdu); + return 0; +} diff --git a/projects/netcdf/Dockerfile b/projects/netcdf/Dockerfile deleted file mode 100644 index 41f0aca6f..000000000 --- a/projects/netcdf/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y cmake m4 zlib1g-dev -RUN git clone --depth 1 https://github.com/Unidata/netcdf-c -COPY build.sh $SRC -WORKDIR $SRC/netcdf-c diff --git a/projects/netcdf/build.sh b/projects/netcdf/build.sh deleted file mode 100755 index eeae9cda7..000000000 --- a/projects/netcdf/build.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# build project -mkdir build -cd build -cmake -DBUILD_SHARED_LIBS=OFF -DENABLE_HDF5=OFF -DENABLE_DAP=OFF .. -make -j$(nproc) -cp fuzz/fuzz* $OUT/ diff --git a/projects/netcdf/project.yaml b/projects/netcdf/project.yaml deleted file mode 100644 index 794e5cbd2..000000000 --- a/projects/netcdf/project.yaml +++ /dev/null @@ -1,11 +0,0 @@ -homepage: "https://www.unidata.ucar.edu/software/netcdf/docs/index.html" -language: c++ -primary_contact: "wfisher@ucar.edu" -auto_ccs: -- "p.antoine@catenacyber.fr" -- "dmh@ucar.edu" - -sanitizers: -- address -- undefined -main_repo: 'https://github.com/Unidata/netcdf-c' diff --git a/projects/nettle/Dockerfile b/projects/nettle/Dockerfile index b7b987cb9..5367c20f2 100644 --- a/projects/nettle/Dockerfile +++ b/projects/nettle/Dockerfile @@ -15,11 +15,11 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get install -y software-properties-common make autoconf build-essential wget lzip libtool python +RUN apt-get install -y software-properties-common python-software-properties make autoconf build-essential wget lzip libtool RUN git clone --depth 1 https://git.lysator.liu.se/nettle/nettle RUN git clone --depth 1 https://github.com/randombit/botan.git RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz-corpora -RUN wget https://boostorg.jfrog.io/artifactory/main/release/1.74.0/source/boost_1_74_0.tar.bz2 +RUN wget https://dl.bintray.com/boostorg/release/1.74.0/source/boost_1_74_0.tar.bz2 RUN wget https://gmplib.org/download/gmp/gmp-6.2.0.tar.lz COPY build.sh $SRC/ diff --git a/projects/nettle/build.sh b/projects/nettle/build.sh index e10c5d7e0..01018312e 100755 --- a/projects/nettle/build.sh +++ b/projects/nettle/build.sh @@ -56,18 +56,24 @@ then cp -R $SRC/nettle $SRC/nettle-with-libgmp/ cd $SRC/nettle-with-libgmp/ bash .bootstrap - export NETTLE_LIBDIR=`realpath ../nettle-with-libgmp-install`/lib if [[ $CFLAGS != *sanitize=memory* ]] then - ./configure --disable-documentation --disable-openssl --prefix=`realpath ../nettle-with-libgmp-install` --libdir="$NETTLE_LIBDIR" + ./configure --disable-documentation --disable-openssl --prefix=`realpath ../nettle-with-libgmp-install` else - ./configure --disable-documentation --disable-openssl --disable-assembler --prefix=`realpath ../nettle-with-libgmp-install` --libdir="$NETTLE_LIBDIR" + ./configure --disable-documentation --disable-openssl --disable-assembler --prefix=`realpath ../nettle-with-libgmp-install` fi make -j$(nproc) make install - export LIBNETTLE_A_PATH=$NETTLE_LIBDIR/libnettle.a - export LIBHOGWEED_A_PATH=$NETTLE_LIBDIR/libhogweed.a + if [[ $CFLAGS != *-m32* ]] + then + export LIBNETTLE_A_PATH=`realpath ../nettle-with-libgmp-install/lib/libnettle.a` + export LIBHOGWEED_A_PATH=`realpath ../nettle-with-libgmp-install/lib/libhogweed.a` + ls -l $LIBHOGWEED_A_PATH + else + export LIBNETTLE_A_PATH=`realpath ../nettle-with-libgmp-install/lib32/libnettle.a` + export LIBHOGWEED_A_PATH=`realpath ../nettle-with-libgmp-install/lib32/libhogweed.a` + fi export NETTLE_INCLUDE_PATH=`realpath ../nettle-with-libgmp-install/include` export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NETTLE" export LINK_FLAGS="$LINK_FLAGS /usr/local/lib/libgmp.a" @@ -115,18 +121,24 @@ fi cp -R $SRC/nettle $SRC/nettle-with-mini-gmp/ cd $SRC/nettle-with-mini-gmp/ bash .bootstrap - export NETTLE_LIBDIR=`realpath ../nettle-with-mini-gmp-install`/lib if [[ $CFLAGS != *sanitize=memory* ]] then - ./configure --enable-mini-gmp --disable-documentation --disable-openssl --prefix=`realpath ../nettle-with-mini-gmp-install` --libdir="$NETTLE_LIBDIR" + ./configure --enable-mini-gmp --disable-documentation --disable-openssl --prefix=`realpath ../nettle-with-mini-gmp-install` else - ./configure --enable-mini-gmp --disable-documentation --disable-openssl --disable-assembler --prefix=`realpath ../nettle-with-mini-gmp-install` --libdir="$NETTLE_LIBDIR" + ./configure --enable-mini-gmp --disable-documentation --disable-openssl --disable-assembler --prefix=`realpath ../nettle-with-mini-gmp-install` fi make -j$(nproc) make install - export LIBNETTLE_A_PATH=$NETTLE_LIBDIR/libnettle.a - export LIBHOGWEED_A_PATH=$NETTLE_LIBDIR/libhogweed.a + if [[ $CFLAGS != *-m32* ]] + then + export LIBNETTLE_A_PATH=`realpath ../nettle-with-mini-gmp-install/lib/libnettle.a` + export LIBHOGWEED_A_PATH=`realpath ../nettle-with-mini-gmp-install/lib/libhogweed.a` + ls -l $LIBHOGWEED_A_PATH + else + export LIBNETTLE_A_PATH=`realpath ../nettle-with-mini-gmp-install/lib32/libnettle.a` + export LIBHOGWEED_A_PATH=`realpath ../nettle-with-mini-gmp-install/lib32/libhogweed.a` + fi export NETTLE_INCLUDE_PATH=`realpath ../nettle-with-mini-gmp-install/include` export LINK_FLAGS="" export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NETTLE" diff --git a/projects/nettle/project.yaml b/projects/nettle/project.yaml index 698d20b8b..77b348cea 100644 --- a/projects/nettle/project.yaml +++ b/projects/nettle/project.yaml @@ -6,8 +6,7 @@ auto_ccs: sanitizers: - address - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory architectures: - x86_64 - i386 diff --git a/projects/nginx/build.sh b/projects/nginx/build.sh index 88bfb59dc..fcfb70bac 100644 --- a/projects/nginx/build.sh +++ b/projects/nginx/build.sh @@ -25,8 +25,7 @@ cd ../.. auto/configure \ --with-ld-opt="-Wl,--wrap=listen -Wl,--wrap=setsockopt -Wl,--wrap=bind -Wl,--wrap=shutdown -Wl,--wrap=connect -Wl,--wrap=getpwnam -Wl,--wrap=getgrnam -Wl,--wrap=chmod -Wl,--wrap=chown" \ - --with-cc-opt='-DNGX_DEBUG_PALLOC=1' \ - --with-http_v2_module + --with-http_v2_module make -f objs/Makefile fuzzers cp objs/*_fuzzer $OUT/ diff --git a/projects/nginx/fuzz/http_request_fuzzer.cc b/projects/nginx/fuzz/http_request_fuzzer.cc index 317826c18..8d69e82c8 100644 --- a/projects/nginx/fuzz/http_request_fuzzer.cc +++ b/projects/nginx/fuzz/http_request_fuzzer.cc @@ -230,9 +230,6 @@ extern "C" int InitializeNginx(void) { ngx_event_actions.init = init_event; ngx_io.send_chain = send_chain; ngx_event_flags = 1; - ngx_queue_init(&ngx_posted_accept_events); - ngx_queue_init(&ngx_posted_next_events); - ngx_queue_init(&ngx_posted_events); ngx_event_timer_init(cycle->log); return 0; } @@ -289,7 +286,6 @@ DEFINE_PROTO_FUZZER(const HttpProto &input) { 255, &ngx_log); // 255 - (hopefully unused) socket descriptor c->shared = 1; - c->destroyed = 0; c->type = SOCK_STREAM; c->pool = ngx_create_pool(256, ngx_cycle->log); c->sockaddr = ls->sockaddr; @@ -305,24 +301,10 @@ DEFINE_PROTO_FUZZER(const HttpProto &input) { c->socklen = ls->socklen; c->local_sockaddr = ls->sockaddr; c->local_socklen = ls->socklen; - c->data = NULL; read_event1.ready = 1; write_event1.ready = write_event1.delayed = 1; // Will redirect to http parser ngx_http_init_connection(c); - - // We do not provide working timers or events, and thus we have to manually - // clean up the requests we created. We do this here. - // Cross-referencing: https://trac.nginx.org/nginx/ticket/2080#no1).I - // This is a fix that should be bettered in the future, by creating proper - // timers and events. - if (c->destroyed != 1) { - if (c->read->data != NULL) { - ngx_connection_t *c2 = (ngx_connection_t*)c->read->data; - ngx_http_free_request((ngx_http_request_t*)c2->data, 0); - } - ngx_http_close_connection(c); - } } diff --git a/projects/nginx/project.yaml b/projects/nginx/project.yaml index 0bbff0a74..0aa90207a 100644 --- a/projects/nginx/project.yaml +++ b/projects/nginx/project.yaml @@ -1,9 +1,8 @@ homepage: "http://nginx.org" -main_repo: "https://github.com/nginx/nginx" language: c primary_contact: "xim.andrew@gmail.com" auto_ccs: - - pluknet@gmail.com - - david@adalogics.com + - ouyangyunshu@google.com + - mmoroz@google.com sanitizers: - address diff --git a/projects/ninja/project.yaml b/projects/ninja/project.yaml index 2f6baf4db..d35fdc4b6 100644 --- a/projects/ninja/project.yaml +++ b/projects/ninja/project.yaml @@ -6,6 +6,5 @@ auto_ccs: sanitizers: - address - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory -main_repo: "https://github.com/ninja-build/ninja"
\ No newline at end of file + - memory +main_repo: "https://github.com/ninja-build/ninja" diff --git a/projects/njs/project.yaml b/projects/njs/project.yaml index 65b2bf8e4..bd92434df 100644 --- a/projects/njs/project.yaml +++ b/projects/njs/project.yaml @@ -1,13 +1,12 @@ homepage: "https://nginx.org/en/docs/njs/" language: c++ -primary_contact: "xeioexception@gmail.com" +primary_contact: "xeioex@nginx.com" auto_ccs: - - "lex.borisov@gmail.com" + - "alexander.borisov@nginx.com" - "devrep@nginx.com" + - "mmoroz@google.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined coverage_extra_args: -ignore-filename-regex=.*/pcre/.* -main_repo: 'https://github.com/nginx/njs.git'
\ No newline at end of file diff --git a/projects/nom/Dockerfile b/projects/nom/Dockerfile index 793d785e1..167550e33 100644 --- a/projects/nom/Dockerfile +++ b/projects/nom/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/Geal/nom/ WORKDIR $SRC diff --git a/projects/nss/Dockerfile b/projects/nss/Dockerfile index 1bc729b23..5ad8b5eb6 100644 --- a/projects/nss/Dockerfile +++ b/projects/nss/Dockerfile @@ -15,7 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make mercurial zlib1g-dev gyp ninja-build libssl-dev python +RUN apt-get update && apt-get install -y make mercurial zlib1g-dev gyp ninja-build libssl-dev RUN hg clone https://hg.mozilla.org/projects/nspr nspr RUN hg clone https://hg.mozilla.org/projects/nss nss diff --git a/projects/oak/Dockerfile b/projects/oak/Dockerfile index 16f774134..e6f44f30a 100644 --- a/projects/oak/Dockerfile +++ b/projects/oak/Dockerfile @@ -14,34 +14,26 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust +# TODO(https://github.com/google/oss-fuzz/issues/3093): Stop specifying the +# image SHA once the bug is fixed. +FROM gcr.io/oss-fuzz-base/base-builder@sha256:276813aef0ce5972db43c0230f96162003994fa742fb1b2f4e66c67498575c65 -RUN apt-get --yes update \ - && apt-get install --no-install-recommends --yes \ - libssl-dev \ - pkg-config \ - python \ - && apt-get clean \ - && rm --recursive --force /var/lib/apt/lists/* +# Use a fixed Bazel version. +# https://github.com/google/asylo/blob/088ea3490dd4579655bd5b65b0e31fe18de7f6dd/asylo/distrib/toolchain/Dockerfile#L48-L71 +ARG bazel_version=1.1.0 +ARG bazel_sha=138b47ffd54924e3c0264c65d31d3927803fb9025db4d5b18107df79ee3bda95 +ARG bazel_url=https://storage.googleapis.com/bazel-apt/pool/jdk1.8/b/bazel/bazel_${bazel_version}_amd64.deb -# Install WebAssembly target for Rust. -RUN rustup target add wasm32-unknown-unknown - -# Install Protobuf compiler. -ARG protobuf_version=3.13.0 -ARG protobuf_sha256=4a3b26d1ebb9c1d23e933694a6669295f6a39ddc64c3db2adf671f0a6026f82e -ARG protobuf_dir=/usr/local/protobuf -ARG protobuf_temp=/tmp/protobuf.zip -ENV PATH "${protobuf_dir}/bin:${PATH}" -RUN curl --location https://github.com/protocolbuffers/protobuf/releases/download/v${protobuf_version}/protoc-${protobuf_version}-linux-x86_64.zip > ${protobuf_temp} \ - && sha256sum --binary ${protobuf_temp} && echo "${protobuf_sha256} *${protobuf_temp}" | sha256sum --check \ - && unzip ${protobuf_temp} -d ${protobuf_dir} \ - && rm ${protobuf_temp} \ - && chmod --recursive a+rwx ${protobuf_dir} \ - && protoc --version +# Install Bazel. +RUN apt-get update && \ + apt-get install -y wget && \ + wget "${bazel_url}" -nv -o- -O bazel.deb && \ + echo "${bazel_sha} bazel.deb" > bazel.sha256 && \ + sha256sum --check bazel.sha256 && \ + apt-get install -y ./bazel.deb && \ + rm bazel.deb bazel.sha256 && \ + apt-get clean RUN git clone --depth 1 https://github.com/project-oak/oak oak - WORKDIR oak COPY build.sh $SRC/ -COPY rustc.py $SRC/ diff --git a/projects/oak/build.sh b/projects/oak/build.sh index 8a2720852..2e46c774f 100755 --- a/projects/oak/build.sh +++ b/projects/oak/build.sh @@ -15,22 +15,62 @@ # ################################################################################ -cd oak_functions/loader/ +# Mostly copied from +# https://github.com/google/oss-fuzz/blob/7f8013db108e62727fba1c3cbcccac07d543682b/projects/grpc/build.sh -if [ "$SANITIZER" = "coverage" ] +# Copy $CFLAGS and $CXXFLAGS into Bazel command-line flags, for both +# compilation and linking. +# +# Some flags, such as `-stdlib=libc++`, generate warnings if used on a C source +# file. Since the build runs with `-Werror` this will cause it to break, so we +# use `--conlyopt` and `--cxxopt` instead of `--copt`. +readonly EXTRA_BAZEL_FLAGS="$( +for f in ${CFLAGS}; do + echo "--conlyopt=${f}" "--linkopt=${f}" +done +for f in ${CXXFLAGS}; do + echo "--cxxopt=${f}" "--linkopt=${f}" +done +if [ "${SANITIZER}" = "undefined" ] then - export RUSTFLAGS="$RUSTFLAGS -C debug-assertions=no" - chmod +x $SRC/rustc.py - export RUSTC="$SRC/rustc.py" + # Bazel uses clang to link binary, which does not link clang_rt ubsan library for C++ automatically. + # See issue: https://github.com/bazelbuild/bazel/issues/8777 + echo "--linkopt=$(find $(llvm-config --libdir) -name libclang_rt.ubsan_standalone_cxx-x86_64.a | head -1)" fi +)" -cargo fuzz build --release +# Temporary hack, see https://github.com/google/oss-fuzz/issues/383 +readonly NO_VPTR='--copt=-fno-sanitize=vptr --linkopt=-fno-sanitize=vptr' -FUZZ_TARGET_OUTPUT_DIR=fuzz/target/x86_64-unknown-linux-gnu/release -for f in fuzz/fuzz_targets/*.rs -do - FUZZ_TARGET_NAME=$(basename ${f%.*}) - cp $FUZZ_TARGET_OUTPUT_DIR/$FUZZ_TARGET_NAME $OUT/ -done +readonly FUZZER_TARGETS=() +readonly ENABLED=false + +if [ "$ENABLED" = true ]; then + bazel build \ + --client_env=CC=${CC} \ + --client_env=CXX=${CXX} \ + --dynamic_mode=off \ + --spawn_strategy=standalone \ + --genrule_strategy=standalone \ + ${NO_VPTR} \ + --strip=never \ + --linkopt=-lc++ \ + --linkopt=-pthread \ + --cxxopt=-std=c++11 \ + --copt=${LIB_FUZZING_ENGINE} \ + --linkopt=${LIB_FUZZING_ENGINE} \ + --remote_cache=https://storage.googleapis.com/oak-bazel-cache \ + --remote_upload_local_results=false \ + ${EXTRA_BAZEL_FLAGS} \ + ${FUZZER_TARGETS[@]} + for target in ${FUZZER_TARGETS}; do + # Replace : with /. + fuzzer_name="${target/:/\/}" + cp "./bazel-bin/${fuzzer_name}" "${OUT}/" + done + # Cleanup bazel- symlinks to avoid oss-fuzz trying to copy out of the build + # cache. + rm -f ./bazel-* +fi diff --git a/projects/oak/project.yaml b/projects/oak/project.yaml index 843689127..3f79c7f9b 100644 --- a/projects/oak/project.yaml +++ b/projects/oak/project.yaml @@ -1,15 +1,15 @@ +disabled: True homepage: "https://github.com/project-oak/oak" -language: rust +language: c++ primary_contact: "tzn@google.com" auto_ccs: - "project-oak-team@google.com" - "benblaxill@google.com" + - "drysdale@google.com" - "grobler@google.com" - "iovi@google.com" - "ivanpetrov@google.com" - - "razieh@google.com" -sanitizers: - - address + - "mks@google.com" fuzzing_engines: - libfuzzer main_repo: 'https://github.com/project-oak/oak' diff --git a/projects/oak/rustc.py b/projects/oak/rustc.py deleted file mode 100644 index 55ce4c40a..000000000 --- a/projects/oak/rustc.py +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/env python - -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import sys -import subprocess - -#Disable coverage for troubling crates. -sys.argv[0] = "rustc" -if "tokio_util" in sys.argv or "hyper" in sys.argv: - try: - sys.argv.remove("-Zinstrument-coverage") - except: - pass - print(sys.argv) -subprocess.call(sys.argv) diff --git a/projects/oatpp/Dockerfile b/projects/oatpp/Dockerfile deleted file mode 100644 index 43ef579ca..000000000 --- a/projects/oatpp/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake libtool -RUN git clone --depth 1 https://github.com/oatpp/oatpp.git oatpp -WORKDIR oatpp -COPY build.sh $SRC/ diff --git a/projects/oatpp/build.sh b/projects/oatpp/build.sh deleted file mode 100755 index 8fc23cd6e..000000000 --- a/projects/oatpp/build.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -mkdir build && cd build -cmake ../ -make - -$CXX $CXXFLAGS $LIB_FUZZING_ENGINE ../fuzzers/oatpp/parser/json/mapping/ObjectMapper.cpp -o $OUT/fuzz_mapper \ - ./src/liboatpp.a -I../src diff --git a/projects/oatpp/project.yaml b/projects/oatpp/project.yaml deleted file mode 100644 index 47203f65f..000000000 --- a/projects/oatpp/project.yaml +++ /dev/null @@ -1,7 +0,0 @@ -homepage: "https://oatpp.io/" -language: c++ -primary_contact: "bugs@oatpp.io" -main_repo: "https://github.com/oatpp/oatpp" -auto_ccs: - - "leonid@oatpp.io" - - "david@adalogics.com" diff --git a/projects/open62541/build.sh b/projects/open62541/build.sh index 74051db21..db59c1212 100755 --- a/projects/open62541/build.sh +++ b/projects/open62541/build.sh @@ -27,7 +27,7 @@ cd $WORK/open62541 # <= 600 FATAL # > 600 No LOG output -cmake -DCMAKE_BUILD_TYPE=Debug -DUA_ENABLE_AMALGAMATION=OFF \ +cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DUA_ENABLE_AMALGAMATION=OFF \ -DPYTHON_EXECUTABLE:FILEPATH=/usr/bin/python2 \ -DBUILD_SHARED_LIBS=OFF -DUA_BUILD_EXAMPLES=OFF -DUA_LOGLEVEL=600 \ -DUA_ENABLE_ENCRYPTION=ON \ diff --git a/projects/open62541/project.yaml b/projects/open62541/project.yaml index f5c0ef994..7f0447c38 100644 --- a/projects/open62541/project.yaml +++ b/projects/open62541/project.yaml @@ -5,11 +5,8 @@ auto_ccs: - "julius.pfrommer@gmail.com" - "chris_paul.iatrou@tu-dresden.de" - "ari.breitkreuz@gmail.com" -fuzzing_engines: - - libfuzzer - - afl sanitizers: - - address - - undefined - - memory +- address +- undefined +- memory main_repo: 'https://github.com/open62541/open62541.git' diff --git a/projects/opencensus-cpp/.bazelrc b/projects/opencensus-cpp/.bazelrc deleted file mode 100644 index 02f1b2408..000000000 --- a/projects/opencensus-cpp/.bazelrc +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Force the use of Clang for C++ builds. -build --action_env=CC=clang -build --action_env=CXX=clang++ - -# Define the --config=asan-libfuzzer configuration. -build:oss-fuzz --@rules_fuzzing//fuzzing:cc_engine=@rules_fuzzing_oss_fuzz//:oss_fuzz_engine -build:oss-fuzz --@rules_fuzzing//fuzzing:cc_engine_instrumentation=oss-fuzz -build:oss-fuzz --@rules_fuzzing//fuzzing:cc_engine_sanitizer=none diff --git a/projects/opencensus-cpp/Dockerfile b/projects/opencensus-cpp/Dockerfile deleted file mode 100644 index 8a3248cd7..000000000 --- a/projects/opencensus-cpp/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder - -RUN git clone --depth 1 https://github.com/census-instrumentation/opencensus-cpp -COPY WORKSPACE .bazelrc $SRC/ -RUN cat WORKSPACE >> $SRC/opencensus-cpp/WORKSPACE -RUN cat .bazelrc >> $SRC/opencensus-cpp/.bazelrc -COPY build.sh $SRC/ -WORKDIR $SRC/opencensus-cpp diff --git a/projects/opencensus-cpp/WORKSPACE b/projects/opencensus-cpp/WORKSPACE deleted file mode 100644 index 6a9ee93d9..000000000 --- a/projects/opencensus-cpp/WORKSPACE +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") - -http_archive( - name = "rules_fuzzing", - sha256 = "71fa2724c9802c597199a86111a0499fc4fb22426d322334d3f191dadeff5132", - strip_prefix = "rules_fuzzing-0.1.0", - urls = ["https://github.com/bazelbuild/rules_fuzzing/archive/v0.1.0.zip"], -) - -load("@rules_fuzzing//fuzzing:repositories.bzl", "rules_fuzzing_dependencies") - -rules_fuzzing_dependencies() - -load("@rules_fuzzing//fuzzing:init.bzl", "rules_fuzzing_init") - -rules_fuzzing_init() diff --git a/projects/opencensus-cpp/build.sh b/projects/opencensus-cpp/build.sh deleted file mode 100755 index 04b790367..000000000 --- a/projects/opencensus-cpp/build.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -git grep cc_fuzz_target.bzl | grep BUILD | cut -d: -f1 | uniq | while read i; do sed -i -e 's=//bazel:cc_fuzz_target.bzl=@rules_fuzzing//fuzzing:cc_defs.bzl=' $i; done - -git grep fuzz_target\( | grep BUILD | cut -d: -f1 | uniq | while read i; do sed -i -e 's/fuzz_target/fuzz_test/' $i; done - -bazel_build_fuzz_tests diff --git a/projects/opencensus-cpp/project.yaml b/projects/opencensus-cpp/project.yaml deleted file mode 100644 index b84d07f31..000000000 --- a/projects/opencensus-cpp/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://opencensus.io/" -language: c++ -primary_contact: "joshuasuereth@google.com" -auto_ccs : -- "p.antoine@catenacyber.fr" - -sanitizers: -- address -- memory -main_repo: 'https://github.com/census-instrumentation/opencensus-cpp' diff --git a/projects/opencv/project.yaml b/projects/opencv/project.yaml index 3062a9357..e6b085c57 100644 --- a/projects/opencv/project.yaml +++ b/projects/opencv/project.yaml @@ -12,12 +12,11 @@ auto_ccs: sanitizers: - address - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory labels: imdecode_fuzzer: - sundew imread_fuzzer: - sundew -main_repo: 'https://github.com/opencv/opencv.git'
\ No newline at end of file +main_repo: 'https://github.com/opencv/opencv.git' diff --git a/projects/opendnp3/project.yaml b/projects/opendnp3/project.yaml index cc6a30028..47c72b613 100644 --- a/projects/opendnp3/project.yaml +++ b/projects/opendnp3/project.yaml @@ -7,7 +7,6 @@ auto_ccs : sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined main_repo: 'https://github.com/dnp3/opendnp3.git' diff --git a/projects/openexr/build.sh b/projects/openexr/build.sh index 2b9e411cd..80a2e49a6 100755 --- a/projects/openexr/build.sh +++ b/projects/openexr/build.sh @@ -19,16 +19,17 @@ cd $WORK/ CMAKE_SETTINGS=( "-D BUILD_SHARED_LIBS=OFF" # Build static libraries only + "-D PYILMBASE_ENABLE=OFF" # Don't build Python support "-D BUILD_TESTING=OFF" # Or tests - "-D OPENEXR_INSTALL_EXAMPLES=OFF" # Or examples + "-D INSTALL_OPENEXR_EXAMPLES=OFF" # Or examples "-D OPENEXR_LIB_SUFFIX=" # Don't append the version number to library files + "-D ILMBASE_LIB_SUFFIX=" ) cmake $SRC/openexr ${CMAKE_SETTINGS[@]} make -j$(nproc) INCLUDES=( "-I $SRC" - "-I $SRC/openexr/src/lib/OpenEXRCore" "-I $SRC/openexr/src/lib/OpenEXR" "-I $SRC/openexr/src/lib/OpenEXRUtil" "-I $WORK/cmake" @@ -37,7 +38,6 @@ INCLUDES=( LIBS=( "$WORK/src/lib/OpenEXRUtil/libOpenEXRUtil.a" "$WORK/src/lib/OpenEXR/libOpenEXR.a" - "$WORK/src/lib/OpenEXRCore/libOpenEXRCore.a" "$WORK/src/lib/IlmThread/libIlmThread.a" "$WORK/src/lib/Iex/libIex.a" "$WORK/_deps/imath-build/src/Imath/libImath*.a" diff --git a/projects/openexr/project.yaml b/projects/openexr/project.yaml index b4af565d4..521e76761 100644 --- a/projects/openexr/project.yaml +++ b/projects/openexr/project.yaml @@ -4,5 +4,4 @@ primary_contact: "twodeecoda@gmail.com" auto_ccs: - "cbpilm@gmail.com" - "security@openexr.org" - - "kdt3rd@gmail.com" main_repo: 'https://github.com/AcademySoftwareFoundation/openexr' diff --git a/projects/openh264/Dockerfile b/projects/openh264/Dockerfile index c32bdc88a..f7cc71279 100644 --- a/projects/openh264/Dockerfile +++ b/projects/openh264/Dockerfile @@ -16,7 +16,7 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && \ - apt-get install -y libstdc++-9-dev libstdc++-9-dev:i386 nasm subversion + apt-get install -y libstdc++-5-dev libstdc++-5-dev:i386 nasm subversion RUN git clone --depth 1 https://github.com/cisco/openh264.git openh264 WORKDIR openh264 COPY build.sh decoder_fuzzer.cpp $SRC/ diff --git a/projects/opensc/project.yaml b/projects/opensc/project.yaml index 03360d84d..79d794ecb 100644 --- a/projects/opensc/project.yaml +++ b/projects/opensc/project.yaml @@ -8,5 +8,4 @@ auto_ccs: - "andreas.schwier@cardcontact.de" - "deengert@gmail.com" - "jakuje@gmail.com" - - "xhanulik@gmail.com" main_repo: 'https://github.com/OpenSC/OpenSC' diff --git a/projects/opensips/Dockerfile b/projects/opensips/Dockerfile deleted file mode 100755 index c7b364a42..000000000 --- a/projects/opensips/Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y bison flex libssl-dev pkg-config -RUN git clone https://github.com/OpenSIPS/opensips - -COPY patch.diff $SRC/ -COPY build.sh $SRC/ -COPY fuzz_*.c $SRC/opensips/parser/ - -WORKDIR opensips diff --git a/projects/opensips/build.sh b/projects/opensips/build.sh deleted file mode 100755 index 6dc94ea07..000000000 --- a/projects/opensips/build.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -git apply --ignore-space-change --ignore-whitespace $SRC/patch.diff - -make static - -rm main.o -mkdir objects && find . -name "*.o" -exec cp {} ./objects/ \; -ar -r libopensips.a ./objects/*.o - -$CC $CFLAGS $LIB_FUZZING_ENGINE ./parser/fuzz_msg_parser.o ./libopensips.a -ldl -lresolv -o $OUT/fuzz_msg_parser -$CC $CFLAGS $LIB_FUZZING_ENGINE ./parser/fuzz_uri_parser.o ./libopensips.a -ldl -lresolv -o $OUT/fuzz_uri_parser -$CC $CFLAGS $LIB_FUZZING_ENGINE ./parser/fuzz_csv_parser.o ./libopensips.a -ldl -lresolv -o $OUT/fuzz_csv_parser diff --git a/projects/opensips/fuzz_csv_parser.c b/projects/opensips/fuzz_csv_parser.c deleted file mode 100644 index 810488193..000000000 --- a/projects/opensips/fuzz_csv_parser.c +++ /dev/null @@ -1,54 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include "../cachedb/test/test_cachedb.h" -#include "../lib/test/test_csv.h" -#include "../mem/test/test_malloc.h" -#include "../str.h" -#include "../ut.h" -#include "../lib/csv.h" - -#include "../context.h" -#include "../dprint.h" -#include "../globals.h" -#include "../lib/list.h" -#include "../sr_module.h" -#include "../sr_module_deps.h" - -int LLVMFuzzerTestOneInput(const char *data, size_t size) { - // Ensure we have one byte for the "decider" variable - if (size == 0) { - return 0; - } - char *decider = *data; - data++; - size--; - - ensure_global_context(); - struct sip_uri u; - - char *new_str = (char *)malloc(size + 1); - if (new_str == NULL) { - return 0; - } - memcpy(new_str, data, size); - new_str[size] = '\0'; - - csv_record *ret = NULL; - if (((int)decider % 2) == 0) { - ret = parse_csv_record(_str(new_str)); - } - else { - ret = _parse_csv_record(_str(new_str), CSV_RFC_4180); - } - free_csv_record(ret); - free(new_str); -} diff --git a/projects/opensips/fuzz_msg_parser.c b/projects/opensips/fuzz_msg_parser.c deleted file mode 100644 index 4daec4266..000000000 --- a/projects/opensips/fuzz_msg_parser.c +++ /dev/null @@ -1,41 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include "../parser/sdp/sdp.h" - -#include "../cachedb/test/test_cachedb.h" -#include "../lib/test/test_csv.h" -#include "../mem/test/test_malloc.h" -#include "../str.h" - -#include "../context.h" -#include "../dprint.h" -#include "../globals.h" -#include "../lib/list.h" -#include "../sr_module.h" -#include "../sr_module_deps.h" - -int LLVMFuzzerTestOneInput(const char *data, size_t size) { - ensure_global_context(); - struct sip_uri u; - - if (size <= 1) { - return 0; - } - - struct sip_msg orig_inv = {}; - orig_inv.buf = (char *)data; - orig_inv.len = size; - - parse_msg(orig_inv.buf, orig_inv.len, &orig_inv); - free_sip_msg(&orig_inv); - return 0; -} diff --git a/projects/opensips/fuzz_uri_parser.c b/projects/opensips/fuzz_uri_parser.c deleted file mode 100644 index 1a1647458..000000000 --- a/projects/opensips/fuzz_uri_parser.c +++ /dev/null @@ -1,40 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include "../cachedb/test/test_cachedb.h" -#include "../lib/test/test_csv.h" -#include "../mem/test/test_malloc.h" -#include "../str.h" - -#include "../context.h" -#include "../dprint.h" -#include "../globals.h" -#include "../lib/list.h" -#include "../sr_module.h" -#include "../sr_module_deps.h" - -#include "parse_uri.h" - -int LLVMFuzzerTestOneInput(const char *data, size_t size) { - ensure_global_context(); - struct sip_uri u; - - char *new_str = (char *)malloc(size + 1); - if (new_str == NULL) { - return 0; - } - memcpy(new_str, data, size); - new_str[size] = '\0'; - - parse_uri(STR_L(new_str), &u); - - free(new_str); -} diff --git a/projects/opensips/patch.diff b/projects/opensips/patch.diff deleted file mode 100644 index a382129ed..000000000 --- a/projects/opensips/patch.diff +++ /dev/null @@ -1,57 +0,0 @@ -diff --git a/Makefile.conf.template b/Makefile.conf.template -index 5a76e0a35..2570db165 100644 ---- a/Makefile.conf.template -+++ b/Makefile.conf.template -@@ -69,17 +69,19 @@ exclude_modules?= aaa_diameter aaa_radius auth_jwt b2b_logic_xml cachedb_cassand - - include_modules?= - --DEFS+= -DPKG_MALLOC #Use a faster malloc --DEFS+= -DSHM_MMAP #Use mmap instead of SYSV shared memory --DEFS+= -DUSE_MCAST #Compile in support for IP Multicast -+#DEFS+= -DPKG_MALLOC #Use a faster malloc -+#DEFS+= -DSHM_MMAP #Use mmap instead of SYSV shared memory -+#DEFS+= -DUSE_MCAST #Compile in support for IP Multicast - DEFS+= -DDISABLE_NAGLE #Disable the TCP NAgle Algorithm ( lower delay ) - DEFS+= -DSTATISTICS #Enable the statistics manager -+DEFS+= -DSYSTEM_MALLOC -+DEFS+= -DSHM_MMAP - DEFS+= -DHAVE_RESOLV_RES #Support for changing some of the resolver parameters - # Specifying exactly 1 allocator will cause it to be inlined (fastest) --DEFS+= -DF_MALLOC #Fast memory allocator with minimal runtime overhead --DEFS+= -DQ_MALLOC #Quality assurance memory allocator with runtime safety checks --DEFS+= -DHP_MALLOC #High performance allocator with fine-grained locking --DEFS+= -DDBG_MALLOC #Include additional, debug-enabled allocator flavors -+#DEFS+= -DF_MALLOC #Fast memory allocator with minimal runtime overhead -+#DEFS+= -DQ_MALLOC #Quality assurance memory allocator with runtime safety checks -+#DEFS+= -DHP_MALLOC #High performance allocator with fine-grained locking -+#DEFS+= -DDBG_MALLOC #Include additional, debug-enabled allocator flavors - #DEFS+= -DNO_DEBUG #Compile out all debug messages - #DEFS+= -DNO_LOG #Compile out all logging - #DEFS_GROUP_START -diff --git a/parser/msg_parser.c b/parser/msg_parser.c -index db09aff7f..99ea58435 100644 ---- a/parser/msg_parser.c -+++ b/parser/msg_parser.c -@@ -263,7 +263,7 @@ error_bad_hdr: - set_err_reply(400, "bad headers"); - error: - LM_DBG("error exit\n"); -- update_stat( bad_msg_hdr, 1); -+ //update_stat( bad_msg_hdr, 1); - hdr->type=HDR_ERROR_T; - hdr->len=tmp-hdr->name.s; - return tmp; -diff --git a/parser/parse_uri.c b/parser/parse_uri.c -index 364d91c1f..2f1ff1130 100644 ---- a/parser/parse_uri.c -+++ b/parser/parse_uri.c -@@ -1628,7 +1628,7 @@ error_bug: - error_exit: - ser_error=E_BAD_URI; - uri->type=ERROR_URI_T; -- update_stat(bad_URIs, 1); -+ //update_stat(bad_URIs, 1); - return E_BAD_URI; - } - diff --git a/projects/opensips/project.yaml b/projects/opensips/project.yaml deleted file mode 100755 index a4e118482..000000000 --- a/projects/opensips/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://opensips.org/" -main_repo: "https://github.com/OpenSIPS/opensips" -primary_contact: "liviu@opensips.org" -language: c -auto_ccs: - - "david@adalogics.com" - - "liviu.chircu@gmail.com" - - "bogdan.andrei.iancu@gmail.com" - - "rvlad.patrascu@gmail.com" - - "razvan.crainea@gmail.com" diff --git a/projects/opensk/Dockerfile b/projects/opensk/Dockerfile deleted file mode 100644 index b9b9810e2..000000000 --- a/projects/opensk/Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust -RUN apt-get update && apt-get install -y make autoconf automake libtool curl \ - cmake python llvm-dev libclang-dev clang uuid-runtime pkg-config libssl-dev - -RUN git clone --depth=1 --branch=develop https://github.com/google/OpenSK && \ - cd OpenSK && \ - ./setup.sh && \ - ./fuzzing_setup.sh - -WORKDIR $SRC - -COPY build.sh $SRC/ diff --git a/projects/opensk/project.yaml b/projects/opensk/project.yaml deleted file mode 100644 index 65f7a76b9..000000000 --- a/projects/opensk/project.yaml +++ /dev/null @@ -1,13 +0,0 @@ -homepage: "https://github.com/google/OpenSK" -main_repo: "https://github.com/google/OpenSK" -primary_contact: "opensk@google.com" -sanitizers: - - address -fuzzing_engines: - - libfuzzer -language: rust -auto_ccs: - - "jmichel@google.com" - - "kaczmarczyck@google.com" - - "cretin@google.com" - - "david@adalogics.com" diff --git a/projects/openssh/Dockerfile b/projects/openssh/Dockerfile index e2cf25774..929d57c2f 100644 --- a/projects/openssh/Dockerfile +++ b/projects/openssh/Dockerfile @@ -16,7 +16,7 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool -RUN apt-get install -y libz-dev libssl1.1 libssl-dev libedit-dev zip +RUN apt-get install -y libz-dev libssl1.0.0 libssl-dev libedit-dev zip RUN git clone --depth 1 https://github.com/openssh/openssh-portable openssh RUN git clone --depth 1 https://github.com/djmdjm/openssh-fuzz-cases WORKDIR openssh diff --git a/projects/openssh/project.yaml b/projects/openssh/project.yaml index 3bf759f60..53ac442f5 100644 --- a/projects/openssh/project.yaml +++ b/projects/openssh/project.yaml @@ -2,6 +2,6 @@ homepage: https://www.openssh.com/ language: c++ primary_contact: "djm@mindrot.org" auto_ccs: - - "dtucker@dtucker.net" + - "dtucker@dtucker.net.au" - "djm@google.com" main_repo: 'https://github.com/openssh/openssh-portable' diff --git a/projects/openthread/project.yaml b/projects/openthread/project.yaml index 5d93c49a9..c772d3b3c 100644 --- a/projects/openthread/project.yaml +++ b/projects/openthread/project.yaml @@ -8,4 +8,5 @@ fuzzing_engines: sanitizers: - address - undefined + - dataflow main_repo: 'https://github.com/openthread/openthread' diff --git a/projects/openvpn/Dockerfile b/projects/openvpn/Dockerfile deleted file mode 100644 index 24397aef6..000000000 --- a/projects/openvpn/Dockerfile +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake libtool libssl-dev liblzo2-dev libpam-dev - -RUN git clone --depth 1 https://github.com/google/boringssl.git boringssl -RUN git clone https://github.com/OpenVPN/openvpn openvpn -WORKDIR openvpn -COPY build.sh $SRC/ -COPY fuzz*.cpp $SRC/ -COPY fuzz*.c $SRC/ -COPY fuzz*.h $SRC/openvpn/src/openvpn/ - -COPY crypto_patch.txt $SRC/crypto_patch.txt diff --git a/projects/openvpn/build.sh b/projects/openvpn/build.sh deleted file mode 100755 index f83f6b95f..000000000 --- a/projects/openvpn/build.sh +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -BASE=${SRC}/openvpn/src/openvpn - -apply_sed_changes() { - sed -i 's/read(/fuzz_read(/g' ${BASE}/console_systemd.c - sed -i 's/fgets(/fuzz_fgets(/g' ${BASE}/console_builtin.c - sed -i 's/fgets(/fuzz_fgets(/g' ${BASE}/misc.c - sed -i 's/#include "forward.h"/#include "fuzz_header.h"\n#include "forward.h"/g' ${BASE}/proxy.c - sed -i 's/select(/fuzz_select(/g' ${BASE}/proxy.c - sed -i 's/send(/fuzz_send(/g' ${BASE}/proxy.c - sed -i 's/recv(/fuzz_recv(/g' ${BASE}/proxy.c - sed -i 's/isatty/fuzz_isatty/g' ${BASE}/console_builtin.c - - sed -i 's/fopen/fuzz_fopen/g' ${BASE}/console_builtin.c - sed -i 's/fclose/fuzz_fclose/g' ${BASE}/console_builtin.c - - sed -i 's/sendto/fuzz_sendto/g' ${BASE}/socket.h - sed -i 's/#include "misc.h"/#include "misc.h"\nextern size_t fuzz_sendto(int sockfd, void *buf, size_t len, int flags, struct sockaddr *dest_addr, socklen_t addrlen);/g' ${BASE}/socket.h - - sed -i 's/fp = (flags/fp = stdout;\n\/\//g' ${BASE}/error.c - - sed -i 's/crypto_msg(M_FATAL/crypto_msg(M_WARN/g' ${BASE}/crypto_openssl.c - sed -i 's/msg(M_FATAL, \"Cipher/return;msg(M_FATAL, \"Cipher/g' ${BASE}/crypto.c - sed -i 's/msg(M_FATAL/msg(M_WARN/g' ${BASE}/crypto.c - - sed -i 's/= write/= fuzz_write/g' ${BASE}/packet_id.c -} - -# Changes in the code so we can fuzz it. -git apply $SRC/crypto_patch.txt - -echo "" >> ${BASE}/openvpn.c -echo "#include \"fake_fuzz_header.h\"" >> ${BASE}/openvpn.c -echo "ssize_t fuzz_get_random_data(void *buf, size_t len) { return 0; }" >> ${BASE}/fake_fuzz_header.h -echo "int fuzz_success;" >> ${BASE}/fake_fuzz_header.h - -# Apply hooking changes -apply_sed_changes - -# Copy corpuses out -zip -r $OUT/fuzz_verify_cert_seed_corpus.zip $SRC/boringssl/fuzz/cert_corpus - -# Build openvpn -autoreconf -ivf -./configure --disable-lz4 --with-crypto-library=openssl OPENSSL_LIBS="-L/usr/local/ssl/ -lssl -lcrypto" OPENSSL_CFLAGS="-I/usr/local/ssl/include/" -make - -# Make openvpn object files into a library we can link fuzzers to -cd src/openvpn -rm openvpn.o -ar r libopenvpn.a *.o - -# Compile our fuzz helper -$CXX $CXXFLAGS -g -c $SRC/fuzz_randomizer.cpp -o $SRC/fuzz_randomizer.o - -# Compile the fuzzers -for fuzzname in dhcp misc base64 proxy buffer route packet_id mroute list verify_cert forward crypto; do - $CC -DHAVE_CONFIG_H -I. -I../.. -I../../include -I../../src/compat \ - -DPLUGIN_LIBDIR=\"/usr/local/lib/openvpn/plugins\" -std=c99 $CFLAGS \ - -c $SRC/fuzz_${fuzzname}.c -o $SRC/fuzz_${fuzzname}.o - - # Link with CXX - $CXX ${CXXFLAGS} ${LIB_FUZZING_ENGINE} $SRC/fuzz_${fuzzname}.o -o $OUT/fuzz_${fuzzname} $SRC/fuzz_randomizer.o \ - libopenvpn.a ../../src/compat/.libs/libcompat.a /usr/lib/x86_64-linux-gnu/libnsl.a \ - /usr/lib/x86_64-linux-gnu/libresolv.a /usr/lib/x86_64-linux-gnu/liblzo2.a \ - -lssl -lcrypto -ldl -done diff --git a/projects/openvpn/crypto_patch.txt b/projects/openvpn/crypto_patch.txt deleted file mode 100644 index 8caedaf26..000000000 --- a/projects/openvpn/crypto_patch.txt +++ /dev/null @@ -1,109 +0,0 @@ -diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c -index b9c95225..7adff4bb 100644 ---- a/src/openvpn/crypto.c -+++ b/src/openvpn/crypto.c -@@ -133,7 +133,10 @@ openvpn_encrypt_aead(struct buffer *buf, struct buffer work, - ASSERT(buf_inc_len(&work, outlen)); - - /* Flush the encryption buffer */ -- ASSERT(cipher_ctx_final(ctx->cipher, BEND(&work), &outlen)); -+ //ASSERT(cipher_ctx_final(ctx->cipher, BEND(&work), &outlen)); -+ if (!(cipher_ctx_final(ctx->cipher, BEND(&work), &outlen))) { -+ goto err; -+ } - ASSERT(buf_inc_len(&work, outlen)); - - /* Write authentication tag */ -@@ -737,6 +740,7 @@ warn_insecure_key_type(const char *ciphername, const cipher_kt_t *cipher) - /* - * Build a struct key_type. - */ -+extern int fuzz_success; - void - init_key_type(struct key_type *kt, const char *ciphername, - const char *authname, bool tls_mode, bool warn) -@@ -752,6 +756,7 @@ init_key_type(struct key_type *kt, const char *ciphername, - kt->cipher = cipher_kt_get(ciphername); - if (!kt->cipher) - { -+ fuzz_success = 0; - msg(M_FATAL, "Cipher %s not supported", ciphername); - } - -@@ -766,11 +771,13 @@ init_key_type(struct key_type *kt, const char *ciphername, - #endif - )) - { -+ fuzz_success = 0; - msg(M_FATAL, "Cipher '%s' mode not supported", ciphername); - } - - if (OPENVPN_MAX_CIPHER_BLOCK_SIZE < cipher_kt_block_size(kt->cipher)) - { -+ fuzz_success = 0; - msg(M_FATAL, "Cipher '%s' not allowed: block size too big.", ciphername); - } - if (warn) -@@ -782,6 +789,7 @@ init_key_type(struct key_type *kt, const char *ciphername, - { - if (warn) - { -+ fuzz_success = 0; - msg(M_WARN, "******* WARNING *******: '--cipher none' was specified. " - "This means NO encryption will be performed and tunnelled " - "data WILL be transmitted in clear text over the network! " -@@ -797,6 +805,7 @@ init_key_type(struct key_type *kt, const char *ciphername, - - if (OPENVPN_MAX_HMAC_SIZE < kt->hmac_length) - { -+ fuzz_success = 0; - msg(M_FATAL, "HMAC '%s' not allowed: digest size too big.", authname); - } - } -@@ -805,6 +814,7 @@ init_key_type(struct key_type *kt, const char *ciphername, - { - if (warn) - { -+ fuzz_success = 0; - msg(M_WARN, "******* WARNING *******: '--auth none' was specified. " - "This means no authentication will be performed on received " - "packets, meaning you CANNOT trust that the data received by " -@@ -812,6 +822,7 @@ init_key_type(struct key_type *kt, const char *ciphername, - "PLEASE DO RECONSIDER THIS SETTING!"); - } - } -+ fuzz_success = 1; - } - - /* given a key and key_type, build a key_ctx */ -@@ -1037,6 +1048,7 @@ generate_key_random(struct key *key, const struct key_type *kt) - if (!rand_bytes(key->cipher, cipher_len) - || !rand_bytes(key->hmac, hmac_len)) - { -+ fuzz_success = 0; - msg(M_FATAL, "ERROR: Random number generator cannot obtain entropy for key generation"); - } - -@@ -1050,6 +1062,7 @@ generate_key_random(struct key *key, const struct key_type *kt) - } while (kt && !check_key(key, kt)); - - gc_free(&gc); -+ fuzz_success = 1; - } - - /* -@@ -1390,10 +1403,14 @@ read_key_file(struct key2 *key2, const char *file, const unsigned int flags) - - if (state != PARSE_FINISHED) - { -+ fuzz_success = 0; - msg(M_FATAL, "Footer text not found in file '%s' (%d/%d/%d bytes found/min/max)", - print_key_filename(file, flags & RKF_INLINE), count, onekeylen, - keylen); - } -+ else { -+ fuzz_success = 1; -+ } - } - - /* zero file read buffer if not an inline file */ diff --git a/projects/openvpn/fuzz.h b/projects/openvpn/fuzz.h deleted file mode 100644 index 10e33c3ee..000000000 --- a/projects/openvpn/fuzz.h +++ /dev/null @@ -1,47 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include <fuzzer/FuzzedDataProvider.h> - -// Returns a NULL-terminated C string that should be freed by the caller. -char *get_modifiable_string(FuzzedDataProvider &provider) { - std::string s1 = provider.ConsumeRandomLengthString(); - char *tmp = (char *)malloc(s1.size() + 1); - memcpy(tmp, s1.c_str(), s1.size()); - tmp[s1.size()] = '\0'; - return tmp; -} - -FuzzedDataProvider *prov = NULL; - - -extern "C" ssize_t fuzz_get_random_data(void *buf, size_t len) { - size_t ret_val; - char *cbuf = (char*)buf; - - if (prov->remaining_bytes() == 0) { - return -1; - } - - double prob = prov->ConsumeProbability<double>(); - if (prob < 0.05) { - return 0; - } - - if (len == 1) { - ret_val = prov->ConsumeData(buf, 1); - return ret_val; - } - ret_val = prov->ConsumeData(buf, len); - return ret_val; -} - diff --git a/projects/openvpn/fuzz_base64.c b/projects/openvpn/fuzz_base64.c deleted file mode 100644 index c9c45b84b..000000000 --- a/projects/openvpn/fuzz_base64.c +++ /dev/null @@ -1,43 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include <stdint.h> -#include <stdlib.h> -#include <string.h> - -#include "base64.h" - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - if (size > 500) { - return 0; - } - - char *new_str = (char *)malloc(size + 1); - if (new_str == NULL) { - return 0; - } - memcpy(new_str, data, size); - new_str[size] = '\0'; - - char *str = NULL; - openvpn_base64_encode(data, size, &str); - if(str != NULL) { - free(str); - } - - uint16_t outsize = 10000; - char *output_buf = (char *)malloc(outsize); - openvpn_base64_decode(new_str, output_buf, outsize); - free(output_buf); - - free(new_str); - return 0; -} diff --git a/projects/openvpn/fuzz_buffer.c b/projects/openvpn/fuzz_buffer.c deleted file mode 100644 index af114ec5a..000000000 --- a/projects/openvpn/fuzz_buffer.c +++ /dev/null @@ -1,266 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - - -#include "config.h" -#include "syshead.h" -#include "misc.h" -#include "buffer.h" - -#include "fuzz_randomizer.h" - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - fuzz_random_init(data,size); - - struct gc_arena gc; - struct buffer *bufp; - struct buffer buf, buf2; - struct buffer_list *buflistp = NULL; - ssize_t generic_ssizet, _size; - char *tmp; - char *tmp2; - char match; - - gc = gc_new(); - bufp = NULL; - - int total_to_fuzz = fuzz_randomizer_get_int(1, 20); - for (int i = 0; i < total_to_fuzz; i++) { - if (bufp == NULL) { - generic_ssizet = fuzz_randomizer_get_int(0, 1); - if (generic_ssizet == 0) { - _size = fuzz_randomizer_get_int(0, 100); - buf = alloc_buf_gc(_size, &gc); - bufp = &buf; - } else { - tmp = get_random_string(); - buf = string_alloc_buf(tmp, &gc); - bufp = &buf; - free(tmp); - tmp = NULL; - } - } else { -#define NUM_TARGETS 32 - generic_ssizet = fuzz_randomizer_get_int(0, NUM_TARGETS); - switch (generic_ssizet) { - case 0: - buf_clear(bufp); - break; - case 1: - buf2 = clone_buf(bufp); - free_buf(&buf2); - break; - case 2: - buf_defined(bufp); - break; - case 3: - buf_valid(bufp); - break; - case 4: - buf_bptr(bufp); - break; - case 5: - buf_len(bufp); - break; - case 6: - buf_bend(bufp); - break; - case 7: - buf_blast(bufp); - break; - case 8: - buf_str(bufp); - break; - case 9: - generic_ssizet = fuzz_randomizer_get_int(0, 255); - buf_rmtail(bufp, (uint8_t)generic_ssizet); - break; - case 10: - buf_chomp(bufp); - break; - case 11: - tmp = get_random_string(); - skip_leading_whitespace(tmp); - free(tmp); - tmp = NULL; - break; - case 12: - tmp = get_random_string(); - chomp(tmp); - free(tmp); - tmp = NULL; - break; - case 13: - tmp = get_random_string(); - tmp2 = get_random_string(); - rm_trailing_chars(tmp, tmp2); - free(tmp); - free(tmp2); - tmp = NULL; - tmp2 = NULL; - break; - case 14: - tmp = get_random_string(); - string_clear(tmp); - free(tmp); - tmp = NULL; - break; - case 15: - tmp = get_random_string(); - buf_string_match_head_str(bufp, tmp); - free(tmp); - tmp = NULL; - break; - case 16: - tmp = get_random_string(); - buf_string_compare_advance(bufp, tmp); - free(tmp); - tmp = NULL; - break; - case 17: - generic_ssizet = fuzz_randomizer_get_int(0, 255); - - tmp = get_random_string(); - if (strlen(tmp) > 0) { - buf_parse(bufp, (int)generic_ssizet, tmp, strlen(tmp)); - } - - free(tmp); - tmp = NULL; - break; - case 18: - tmp = get_random_string(); - string_mod(tmp, fuzz_randomizer_get_int(0, 12312), - fuzz_randomizer_get_int(0, 23141234), - (char)fuzz_randomizer_get_int(0, 255)); - - free(tmp); - tmp = NULL; - break; - case 19: - tmp = get_random_string(); - match = (char)fuzz_randomizer_get_int(0, 255); - if (match != 0) { - string_replace_leading(tmp, match, (char)fuzz_randomizer_get_int(0, 255)); - } - - free(tmp); - tmp = NULL; - break; - case 20: - tmp = get_random_string(); - buf_write(bufp, tmp, strlen(tmp)); - - free(tmp); - tmp = NULL; - break; - case 21: - tmp = get_random_string(); - - buf_write_prepend(bufp, tmp, strlen(tmp)); - - free(tmp); - tmp = NULL; - break; - case 22: - buf_write_u8(bufp, fuzz_randomizer_get_int(0, 255)); - break; - case 23: - buf_write_u16(bufp, fuzz_randomizer_get_int(0, 1024)); - break; - case 24: - buf_write_u32(bufp, fuzz_randomizer_get_int(0, 12312)); - break; - case 25: - tmp = get_random_string(); - buf_catrunc(bufp, tmp); - free(tmp); - tmp = NULL; - break; - case 26: - convert_to_one_line(bufp); - break; - case 27: - buf_advance(bufp, fuzz_randomizer_get_int(0, 25523)); - break; - case 28: - buf_prepend(bufp, fuzz_randomizer_get_int(0, 251235)); - break; - case 29: - buf_reverse_capacity(bufp); - break; - case 30: - buf_forward_capacity_total(bufp); - break; - case 31: - buf_forward_capacity(bufp); - break; - case 32: - tmp = get_random_string(); - buf_puts(bufp, tmp); - free(tmp); - tmp = NULL; - break; - } - } - - if (buflistp == NULL) { - buflistp = buffer_list_new(fuzz_randomizer_get_int(0, 200)); - } else { -#define NUM_LIST_TARGETS 6 - generic_ssizet = fuzz_randomizer_get_int(0, NUM_LIST_TARGETS); - switch (generic_ssizet) { - case 0: - buffer_list_free(buflistp); - buflistp = NULL; - break; - case 1: - buffer_list_defined(buflistp); - break; - case 2: - tmp = get_random_string(); - if (strlen(tmp) < BUF_SIZE_MAX) { - buffer_list_push(buflistp, tmp); - } - free(tmp); - tmp = NULL; - break; - case 3: - buffer_list_peek(buflistp); - break; - case 4: - buffer_list_pop(buflistp); - break; - case 5: - tmp = get_random_string(); - buffer_list_aggregate_separator( - buflistp, fuzz_randomizer_get_int(0, 1024), tmp); - - free(tmp); - tmp = NULL; - break; - case 6: - buffer_list_aggregate(buflistp, - fuzz_randomizer_get_int(0, 1024)); - break; - } - } - } - - // Cleanup - buffer_list_free(buflistp); - gc_free(&gc); - - fuzz_random_destroy(); - - return 0; -} diff --git a/projects/openvpn/fuzz_crypto.c b/projects/openvpn/fuzz_crypto.c deleted file mode 100644 index e9a851be0..000000000 --- a/projects/openvpn/fuzz_crypto.c +++ /dev/null @@ -1,257 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - - -#include "config.h" -#include "syshead.h" - -#include <openssl/x509.h> -#include <openssl/x509v3.h> -#include <openssl/ssl.h> -#include <openssl/err.h> - -#include "fuzz_verify_cert.h" -#include "misc.h" -#include "manage.h" -#include "otime.h" -#include "base64.h" -#include "ssl_verify.h" -#include "ssl_verify_backend.h" - -#include "fuzz_randomizer.h" - -static void key_ctx_update_implicit_iv(struct key_ctx *ctx, uint8_t *key, - size_t key_len) { - const cipher_kt_t *cipher_kt = cipher_ctx_get_cipher_kt(ctx->cipher); - - /* Only use implicit IV in AEAD cipher mode, where HMAC key is not used */ - if (cipher_kt_mode_aead(cipher_kt)) { - size_t impl_iv_len = 0; - ASSERT(cipher_kt_iv_size(cipher_kt) >= OPENVPN_AEAD_MIN_IV_LEN); - impl_iv_len = cipher_kt_iv_size(cipher_kt) - sizeof(packet_id_type); - ASSERT(impl_iv_len <= OPENVPN_MAX_IV_LENGTH); - ASSERT(impl_iv_len <= key_len); - memcpy(ctx->implicit_iv, key, impl_iv_len); - ctx->implicit_iv_len = impl_iv_len; - } -} - -static int init_frame(struct frame *frame) { - frame->link_mtu = fuzz_randomizer_get_int(100, 1000); - frame->extra_buffer = fuzz_randomizer_get_int(100, 1000); - frame->link_mtu_dynamic = fuzz_randomizer_get_int(100, 1000); - frame->extra_frame = fuzz_randomizer_get_int(100, 1000); - frame->extra_tun = fuzz_randomizer_get_int(100, 1000); - frame->extra_link = fuzz_randomizer_get_int(100, 1000); - frame->align_flags = 0; - frame->align_adjust = 0; - if (TUN_MTU_SIZE(frame) <= 0) { - return -1; - } - return 0; -} - -int LLVMFuzzerInitialize(int *argc, char ***argv) { - OPENSSL_malloc_init(); - SSL_library_init(); - ERR_load_crypto_strings(); - - OpenSSL_add_all_algorithms(); - OpenSSL_add_ssl_algorithms(); - - SSL_load_error_strings(); - return 0; -} - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - fuzz_random_init(data, size); - fuzz_success = 1; - bool key_ctx_dec_initialized = false; - bool key_ctx_enc_initialized = false; - struct key_ctx key_ctx_dec; - memset(&key_ctx_dec, 0, sizeof(struct key_ctx)); - struct key_ctx key_ctx_enc; - memset(&key_ctx_enc, 0, sizeof(struct key_ctx)); - - struct gc_arena gc; - struct tls_session *session = NULL; - X509 *x509 = NULL; - gc = gc_new(); - - gb_init(); - - // Read key file - struct key2 key2; - char *keydata = gb_get_random_string(); - read_key_file(&key2, keydata, RKF_INLINE); - - // init key type - struct key_type kt; - memset(&kt, 0, sizeof(struct key_type)); - - char *ciphername = gb_get_random_string(); - char *authname = gb_get_random_string(); - bool key_type_initialized = false; - - if (strcmp(ciphername, "AES-256-GCM") == 0 || - strcmp(ciphername, "AES-128-GCM") == 0 || - strcmp(ciphername, "AES-192-GCM") == 0 || - strcmp(ciphername, "CAMELLIA-128-CFB128") == 0) { - - int v = fuzz_randomizer_get_int(0, 1); - if (v == 0) { - init_key_type(&kt, ciphername, authname, true, 0); - } else { - init_key_type(&kt, ciphername, authname, false, 0); - } - key_type_initialized = true; - } - - if (fuzz_success == 0) { - goto cleanup; - } - - // Generate key. - // Identify which one we should do, read or generate a random key. - int c = fuzz_randomizer_get_int(0, 1); - const uint8_t d[1024]; - int key_read = 0; - struct key key; - if (c == 0) { - if (fuzz_get_random_data(d, 1024) != 1024) { - struct buffer buf = alloc_buf(1024); - buf_write(&buf, d, 1024); - if (read_key(&key, &kt, &buf) == 1) { - key_read = 1; - } - free_buf(&buf); - } - } - else { - if (key_type_initialized == true) { - generate_key_random(&key, &kt); - } - } - - if (fuzz_success == 0) { - goto cleanup; - } - key_read = 1; - - // init decryption context - if (key_type_initialized && key_read) { - init_key_ctx(&key_ctx_dec, &key, &kt, OPENVPN_OP_DECRYPT, "x"); - key_ctx_update_implicit_iv(&key_ctx_dec, &(key.hmac), MAX_HMAC_KEY_LENGTH); - key_ctx_dec_initialized = true; - } - - // init encryption context - if (key_type_initialized && key_read) { - init_key_ctx(&key_ctx_enc, &key, &kt, OPENVPN_OP_DECRYPT, "x"); - key_ctx_update_implicit_iv(&key_ctx_enc, &(key.hmac), MAX_HMAC_KEY_LENGTH); - key_ctx_enc_initialized = true; - } - - // perform encryption - struct frame frame; - memset(&frame, 0, sizeof(struct frame)); - if (key_ctx_enc_initialized == true && key_ctx_dec_initialized == true && - init_frame(&frame) == 0) { - struct crypto_options opt; - memset(&opt, 0, sizeof(opt)); - opt.pid_persist = NULL; - opt.key_ctx_bi.encrypt = key_ctx_enc; - opt.key_ctx_bi.decrypt = key_ctx_dec; - opt.key_ctx_bi.initialized = true; - opt.packet_id.rec.initialized = true; - opt.packet_id.rec.seq_list = NULL; - opt.packet_id.rec.name = NULL; - - void *buf_p; - - struct buffer encrypt_workspace = alloc_buf_gc(BUF_SIZE(&(frame)), &gc); - struct buffer work = alloc_buf_gc(BUF_SIZE(&(frame)), &gc); - struct buffer src = alloc_buf_gc(TUN_MTU_SIZE(&(frame)), &gc); - struct buffer buf = clear_buf(); - - int x = fuzz_randomizer_get_int(1, TUN_MTU_SIZE(&frame)); - - ASSERT(buf_init(&work, FRAME_HEADROOM(&(frame)))); - ASSERT(buf_init(&src, 0)); - src.len = x; - ASSERT(rand_bytes(BPTR(&src), BLEN(&src))); - - buf = work; - buf_p = buf_write_alloc(&buf, BLEN(&src)); - ASSERT(buf_p); - memcpy(buf_p, BPTR(&src), BLEN(&src)); - - ASSERT(buf_init(&encrypt_workspace, FRAME_HEADROOM(&(frame)))); - - openvpn_encrypt(&buf, encrypt_workspace, &opt); - } - - // perform decryption - memset(&frame, 0, sizeof(struct frame)); - if (key_ctx_dec_initialized == true && key_ctx_enc_initialized == true && - init_frame(&frame) == 0) { - struct crypto_options opt; - memset(&opt, 0, sizeof(opt)); - opt.pid_persist = NULL; - opt.key_ctx_bi.encrypt = key_ctx_enc; - opt.key_ctx_bi.decrypt = key_ctx_dec; - opt.key_ctx_bi.initialized = true; - opt.packet_id.rec.initialized = true; - opt.packet_id.rec.seq_list = NULL; - opt.packet_id.rec.name = NULL; - - void *buf_p; - - struct buffer decrypt_workspace = alloc_buf_gc(BUF_SIZE(&(frame)), &gc); - struct buffer work = alloc_buf_gc(BUF_SIZE(&(frame)), &gc); - struct buffer src = alloc_buf_gc(TUN_MTU_SIZE(&(frame)), &gc); - struct buffer buf = clear_buf(); - - int x = fuzz_randomizer_get_int(1, TUN_MTU_SIZE(&frame)); - - ASSERT(buf_init(&work, FRAME_HEADROOM(&(frame)))); - ASSERT(buf_init(&src, 0)); - src.len = x; - ASSERT(rand_bytes(BPTR(&src), BLEN(&src))); - - buf = work; - buf_p = buf_write_alloc(&buf, BLEN(&src)); - ASSERT(buf_p); - memcpy(buf_p, BPTR(&src), BLEN(&src)); - - ASSERT(buf_init(&decrypt_workspace, FRAME_HEADROOM(&(frame)))); - - openvpn_decrypt(&buf, decrypt_workspace, &opt, &frame, BPTR(&buf)); - } - -cleanup: - // cleanup - gc_free(&gc); - - if (key_ctx_dec_initialized == true) { - free_key_ctx(&key_ctx_dec); - } - - if (key_ctx_enc_initialized == true) { - free_key_ctx(&key_ctx_enc); - } - fuzz_random_destroy(); - - gb_cleanup(); - - return 0; -} diff --git a/projects/openvpn/fuzz_dhcp.c b/projects/openvpn/fuzz_dhcp.c deleted file mode 100644 index 1368ac2a1..000000000 --- a/projects/openvpn/fuzz_dhcp.c +++ /dev/null @@ -1,37 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include "config.h" -#include "syshead.h" -#include "dhcp.h" -#include "buffer.h" - -#include "fuzz_randomizer.h" - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - struct buffer ipbuf; - in_addr_t ret; - - fuzz_random_init(data, size); - char *ran_val = get_random_string(); - - ipbuf = alloc_buf(strlen(ran_val)); - if (buf_write(&ipbuf, ran_val, strlen(ran_val)) != false) { - ret = dhcp_extract_router_msg(&ipbuf); - } - free_buf(&ipbuf); - - fuzz_random_destroy(); - free(ran_val); - - return 0; -} diff --git a/projects/openvpn/fuzz_forward.c b/projects/openvpn/fuzz_forward.c deleted file mode 100644 index dff3e93d3..000000000 --- a/projects/openvpn/fuzz_forward.c +++ /dev/null @@ -1,228 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include "config.h" -#include <sys/time.h> -#include "syshead.h" -#include "interval.h" -#include "init.h" -#include "buffer.h" -#include "forward.h" - -#include "fuzz_randomizer.h" - - -static int init_c2_outgoing_link(struct context_2 *c2, struct gc_arena *gc) { - struct link_socket_actual *to_link_addr = NULL; - struct link_socket *link_socket = NULL; - struct socks_proxy_info *socks_proxy = NULL; - struct buffer buf; - - c2->tun_write_bytes = 0; - ALLOC_ARRAY_GC(link_socket, struct link_socket, 1, gc); - memset(link_socket, 0, sizeof(*link_socket)); - - c2->link_socket = link_socket; - - if (fuzz_randomizer_get_int(0, 2) != 0) { - c2->link_socket->info.proto = PROTO_UDP; - } else { - c2->link_socket->info.proto = PROTO_TCP_SERVER; - } - - ALLOC_ARRAY_GC(socks_proxy, struct socks_proxy_info, 1, gc); - memset(socks_proxy, 0, sizeof(*socks_proxy)); - c2->link_socket->socks_proxy = socks_proxy; - - c2->frame.link_mtu_dynamic = fuzz_randomizer_get_int(0, 0xfffffff); - c2->frame.extra_frame = fuzz_randomizer_get_int(0, 0xfffffff); - c2->frame.extra_tun = fuzz_randomizer_get_int(0, 0xfffffff); - c2->frame.link_mtu = fuzz_randomizer_get_int(0, 0xfffffff); - - ALLOC_ARRAY_GC(to_link_addr, struct link_socket_actual, 1, gc); - memset(to_link_addr, 0, sizeof(*to_link_addr)); - c2->to_link_addr = to_link_addr; - - c2->to_link_addr->dest.addr.sa.sa_family = AF_INET; - c2->to_link_addr->dest.addr.in4.sin_addr.s_addr = 1; - - char *tmp = get_random_string(); - buf = alloc_buf_gc(strlen(tmp), gc); - buf_write(&buf, tmp, strlen(tmp)); - int val = fuzz_randomizer_get_int(0, strlen(tmp)); - buf.offset = val; - free(tmp); - - c2->link_socket->stream_buf.maxlen = BLEN(&buf); - c2->to_link = buf; - - if (buf.offset < 10) { - return -1; - } - return 0; -} - -void fuzz_process_outgoing_link(const uint8_t *data, size_t size) { - struct context ctx; - struct gc_arena gc = gc_new(); - memset(&ctx, 0, sizeof(ctx)); - - if (init_c2_outgoing_link(&ctx.c2, &gc) == 0) { - process_outgoing_link(&ctx); - } - - gc_free(&gc); -} - -static int _init_options(struct options *options, struct client_nat_entry **cne, - struct gc_arena *gc) { - options->passtos = false; - options->mode = MODE_POINT_TO_POINT; - options->allow_recursive_routing = true; - options->client_nat = new_client_nat_list(gc); - - struct client_nat_entry *_cne; - ALLOC_ARRAY_GC(cne[0], struct client_nat_entry, 1, gc); - _cne = cne[0]; - memset(_cne, 0, sizeof(struct client_nat_entry)); - - struct client_nat_option_list clist; - clist.n = 1; - clist.entries[0] = *_cne; - copy_client_nat_option_list(options->client_nat, &clist); - options->route_gateway_via_dhcp = false; - - return 0; -} - -static int init_c2_incoming_tun(struct context_2 *c2, struct gc_arena *gc) { - struct buffer buf; - memset(&buf, 0, sizeof(buf)); - - struct link_socket *link_socket = NULL; - ALLOC_ARRAY_GC(link_socket, struct link_socket, 1, gc); - c2->link_socket = link_socket; - - ALLOC_OBJ_GC(c2->link_socket_info, struct link_socket_info, gc); - ALLOC_OBJ_GC(c2->link_socket_info->lsa, struct link_socket_addr, gc); - c2->link_socket_info->lsa->bind_local = NULL; - c2->link_socket_info->lsa->remote_list = NULL; - c2->link_socket_info->lsa->current_remote = NULL; - c2->link_socket_info->lsa->remote_list = NULL; - c2->es = env_set_create(gc); - - c2->frame.link_mtu_dynamic = 0; - c2->frame.extra_frame = 0; - c2->frame.extra_tun = 0; - c2->to_link_addr = NULL; - - char *tmp = get_random_string(); - buf = alloc_buf(strlen(tmp)); - buf_write(&buf, tmp, strlen(tmp)); - - int retval; - if (strlen(tmp) > 5) { - retval = 0; - } else { - retval = 1; - } - - free(tmp); - - c2->buf = buf; - c2->buffers = init_context_buffers(&c2->frame); - c2->log_rw = false; - - return retval; -} - -int run_process_incoming_tun(const uint8_t *data, size_t size) { - struct gc_arena gc; - struct context ctx; - struct client_nat_entry *cne[MAX_CLIENT_NAT]; - struct route_list route_list; - - memset(&ctx, 0, sizeof(ctx)); - memset(cne, 0, sizeof(cne)); - - gc = gc_new(); - - _init_options(&ctx.options, cne, &gc); - - // Init tuntap - struct tuntap tuntap; - tuntap.type = DEV_TYPE_TAP; - - ctx.c1.tuntap = &tuntap; - - int retval = init_c2_incoming_tun(&ctx.c2, &gc); - ctx.c1.route_list = &route_list; - if (retval == 0) { - process_incoming_tun(&ctx); - } - - free(ctx.c2.buf.data); - free_context_buffers(ctx.c2.buffers); - gc_free(&gc); -} - -static int init_c2_outgoing_tun(struct context_2 *c2, struct gc_arena *gc) { - struct buffer buf; - - c2->tun_write_bytes = 0; - c2->frame.link_mtu_dynamic = fuzz_randomizer_get_int(0, 0xfffffff); - c2->frame.extra_frame = fuzz_randomizer_get_int(0, 0xfffffff); - c2->frame.extra_tun = fuzz_randomizer_get_int(0, 0xfffffff); - - char *tmp = get_random_string(); - buf = alloc_buf_gc(strlen(tmp), gc); - buf_write(&buf, tmp, strlen(tmp)); - free(tmp); - - c2->to_tun = buf; - return 0; -} - -void run_process_outgoing_tun(uint8_t *data, size_t size) { - struct gc_arena gc; - struct context ctx; - struct tuntap tuntap; - - memset(&ctx, 0, sizeof(ctx)); - gc = gc_new(); - - tuntap.type = DEV_TYPE_TAP; - ctx.c1.tuntap = &tuntap; - - init_c2_outgoing_tun(&ctx.c2, &gc); - process_outgoing_tun(&ctx); - - gc_free(&gc); -} - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - fuzz_random_init(data, size); - - int dec = fuzz_randomizer_get_int(0, 2); - if (dec == 0) { - run_process_incoming_tun(data, size); - } - else if (dec == 1) { - run_process_outgoing_tun(data, size); - } - else { - fuzz_process_outgoing_link(data, size); - } - - fuzz_random_destroy(); - return 0; -} diff --git a/projects/openvpn/fuzz_header.h b/projects/openvpn/fuzz_header.h deleted file mode 100644 index e86b70c62..000000000 --- a/projects/openvpn/fuzz_header.h +++ /dev/null @@ -1,79 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#ifndef FUZZ_H -#define FUZZ_H - -#include <sys/types.h> -#include <sys/socket.h> - -// Forward declared because we want to use FuzzedDataProvider, -// which requires CPP. -extern ssize_t fuzz_get_random_data(void *buf, size_t len); - -ssize_t fuzz_recv(int sockfd, void *buf, size_t len, int flags){ - return fuzz_get_random_data(buf, len); -} - -ssize_t fuzz_read(int sockfd, void *buf, size_t len){ - return fuzz_get_random_data(buf, len); -} - -ssize_t fuzz_write(int fd, const void *buf, size_t count) { - return count; -} - -int fuzz_isatty(int fd) { - return 1; -} - -char *fuzz_fgets(char *s, int size, FILE *stream) { - ssize_t v = fuzz_get_random_data(s, size-1); - // We use fgets to get trusted input. As such, assume we have - // an ascii printable char at the beginning. - printf("Calling into fgets\n"); - if (s[0] <= 0x21 || s[0] >= 0x7f) { - s[0] = 'A'; - } - s[size-1] = '\0'; - return s; -} - -int fuzz_select(int nfds, fd_set *readfds, fd_set *writefds,fd_set *exceptfds, struct timeval *timeout) { - char val; - ssize_t c = fuzz_get_random_data(&val, 1); - return c; -} - -ssize_t fuzz_send(int sockfd, const void *buf, size_t len, int flags) { - return len; -} - -FILE *fp_p = NULL; -FILE *fuzz_fopen(const char *pathname, const char *mode) { - if (mode == NULL) return fp_p; - return fp_p; -} - -int fuzz_fclose(FILE *stream) { - if (stream == NULL) return 1; - return 2; -} - -size_t fuzz_sendto(int sockfd, void *buf, size_t len, int flags, struct sockaddr *dest_addr, socklen_t addrlen) { - if (buf == NULL) { - return len; - } - return len; -} - -#endif diff --git a/projects/openvpn/fuzz_list.c b/projects/openvpn/fuzz_list.c deleted file mode 100644 index 1e8fe621c..000000000 --- a/projects/openvpn/fuzz_list.c +++ /dev/null @@ -1,135 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include "config.h" -#include "syshead.h" -#include "list.h" - -#include "fuzz_randomizer.h" - -#define KEY_SIZE 23 - -/* Required for hash_init() */ -static uint32_t word_hash_function(const void *key, uint32_t iv) { - return hash_func(key, KEY_SIZE, iv); -} - -/* Required for hash_init() */ -static bool word_compare_function(const void *key1, const void *key2) { - return ((size_t)key1 & 0xFFF) == ((size_t)key1 & 0xFFF); -} - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - struct gc_arena gc; - struct hash *hash = NULL; - ssize_t generic_ssizet, generic_ssizet2, num_loops; - - fuzz_random_init(data, size); - - gc = gc_new(); - - int total_to_fuzz = fuzz_randomizer_get_int(1, 20); - for (int i = 0; i < total_to_fuzz; i++) { - generic_ssizet = fuzz_randomizer_get_int(0, 8); - - switch (generic_ssizet) { - case 0: - if (hash == NULL) { - int n_buckets = fuzz_randomizer_get_int(1, 1000); - uint32_t iv; - - hash = - hash_init(n_buckets, iv, word_hash_function, word_compare_function); - } - break; - case 1: - if (hash) { - hash_free(hash); - hash = NULL; - } - break; - case 2: - if (hash) { - struct hash_iterator hi; - struct hash_element *he; - hash_iterator_init(hash, &hi); - while ((he = hash_iterator_next(&hi))) { - void *w = he->value; - } - hash_iterator_free(&hi); - } - break; - case 3: - if (hash) { - void *key; - void *value; - char arr[KEY_SIZE]; - memset(arr, 0, KEY_SIZE); - fuzz_get_random_data(arr, KEY_SIZE); - key = (void *)arr; - if (!hash_lookup(hash, key)) { - generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff); - value = (void *)generic_ssizet; - hash_add(hash, key, value, false); - } - } - break; - case 4: - if (hash) { - hash_n_elements(hash); - } - break; - case 5: - if (hash) { - hash_n_buckets(hash); - } - break; - case 6: - if (hash) { - uint32_t hv; - generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff); - hv = generic_ssizet; - hash_bucket(hash, hv); - } - break; - case 7: - if (hash) { - void *key; - char arr[KEY_SIZE]; - memset(arr, 0, KEY_SIZE); - fuzz_get_random_data(arr, KEY_SIZE); - key = (void *)arr; - hash_remove(hash, key); - } - break; - case 8: - if (hash) { - void *value; - generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff); - value = (void *)generic_ssizet; - hash_remove_by_value(hash, value); - } - default: - break; - } - } - - if (hash) { - hash_free(hash); - } - - gc_free(&gc); - - fuzz_random_destroy(); - - return 0; -} diff --git a/projects/openvpn/fuzz_misc.c b/projects/openvpn/fuzz_misc.c deleted file mode 100644 index 06d7b3259..000000000 --- a/projects/openvpn/fuzz_misc.c +++ /dev/null @@ -1,70 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - - -#include "config.h" -#include "syshead.h" -#include "misc.h" -#include "buffer.h" - -#include "fuzz_randomizer.h" - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - fuzz_random_init(data, size); - - struct gc_arena gc; - struct env_set *es; - gc = gc_new(); - es = env_set_create(&gc); - - int total_to_fuzz = fuzz_randomizer_get_int(1, 9); - for (int i = 0; i <total_to_fuzz; i++) { - int type = fuzz_randomizer_get_int(0, 5); - char *tmp1 = get_random_string(); - char *tmp2 = get_random_string(); - - switch (type) { - case 0: - env_set_del(es, tmp1); - break; - case 1: - env_set_add(es, tmp1); - break; - case 2: - env_set_get(es, tmp1); - break; - case 3: - if (strlen(tmp1) > 1 && strlen(tmp2) > 1) { - setenv_str(es, tmp2, tmp1); - } - break; - case 4: - hostname_randomize(tmp1, &gc); - break; - case 5: - if (strlen(tmp1) > 0) { - get_auth_challenge(tmp1, &gc); - } - break; - default: - sanitize_control_message(tmp1, &gc); - } - free(tmp1); - free(tmp2); - } - - env_set_destroy(es); - gc_free(&gc); - - fuzz_random_destroy(); - return 0; -} diff --git a/projects/openvpn/fuzz_mroute.c b/projects/openvpn/fuzz_mroute.c deleted file mode 100644 index 63d0ce23d..000000000 --- a/projects/openvpn/fuzz_mroute.c +++ /dev/null @@ -1,70 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include "config.h" -#include "syshead.h" -#include "init.h" -#include "mroute.h" - -#include "fuzz_randomizer.h" - - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - - fuzz_random_init(data, size); - struct buffer buf; - struct gc_arena gc; - - gc = gc_new(); - - char *tmp = get_random_string(); - buf = string_alloc_buf(tmp, &gc); - free(tmp); - - struct mroute_addr src_addr; - struct mroute_addr dst_addr; - mroute_addr_init(&src_addr); - mroute_addr_init(&dst_addr); - unsigned int ret = mroute_extract_addr_ip(&src_addr, &dst_addr, &buf); - - if (ret & MROUTE_EXTRACT_SUCCEEDED) { - mroute_addr_mask_host_bits(&src_addr); - mroute_addr_print(&src_addr, &gc); - mroute_learnable_address(&src_addr, &gc); - } - - uint16_t vid; - struct mroute_addr a1, a2; - mroute_addr_init(&a1); - mroute_addr_init(&a2); - mroute_extract_addr_ether(&a1, &a2, vid, &buf); - - if (size > sizeof(struct openvpn_sockaddr)) { - struct openvpn_sockaddr local_sock; - memcpy(&local_sock, data, sizeof(struct openvpn_sockaddr)); - mroute_extract_openvpn_sockaddr(&a1, &local_sock, true); - mroute_extract_openvpn_sockaddr(&a1, &local_sock, false); - } - - struct mroute_helper *mhelper = NULL; - mhelper = mroute_helper_init(fuzz_randomizer_get_int(0, 0xfffffff)); - if (mhelper != NULL) { - mroute_helper_add_iroute46(mhelper, fuzz_randomizer_get_int(0, MR_HELPER_NET_LEN-1)); - mroute_helper_free(mhelper); - } - - gc_free(&gc); - - fuzz_random_destroy(); - return 0; -} - diff --git a/projects/openvpn/fuzz_packet_id.c b/projects/openvpn/fuzz_packet_id.c deleted file mode 100644 index 9297d0be5..000000000 --- a/projects/openvpn/fuzz_packet_id.c +++ /dev/null @@ -1,104 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include "config.h" -#include "syshead.h" -#include "init.h" -#include "packet_id.h" - -#include "fuzz_randomizer.h" - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - fuzz_random_init(data, size); - - struct packet_id pid; - struct packet_id_net pin; - const int seq_backtrack = 10; - const int time_backtrack = 10; - - packet_id_init(&pid, seq_backtrack, time_backtrack, "name", 0); - - int total_sends = fuzz_randomizer_get_int(0, 10); - for (int i = 0; i < total_sends; i++) { - update_time(); - pin.time = fuzz_randomizer_get_int(0, 0xfffffff); - pin.id = fuzz_randomizer_get_int(0, 0xfffffff); - - packet_id_reap_test(&pid.rec); - bool test = packet_id_test(&pid.rec, &pin); - if (test) { - packet_id_add(&pid.rec, &pin); - } - } - packet_id_free(&pid); - - // packet id send - char *tmp2 = get_random_string(); - if (strlen(tmp2) > sizeof(struct packet_id_send)) { - struct packet_id_send pidsend; - memcmp(&pidsend, tmp2, sizeof(struct packet_id_send)); - - struct timeval tv; - tv.tv_sec = pidsend.time; - tv.tv_usec = 0; - if (localtime(&tv)) { - struct buffer iv_buffer; - buf_set_write(&iv_buffer, tmp2, strlen(tmp2)); - packet_id_write(&pidsend, &iv_buffer, false, false); - packet_id_write(&pidsend, &iv_buffer, false, true); - packet_id_write(&pidsend, &iv_buffer, true, true); - packet_id_write(&pidsend, &iv_buffer, true, false); - } - } - free(tmp2); - - struct gc_arena gc; - gc = gc_new(); - struct buffer buf; - char *tmp = get_random_string(); - buf = string_alloc_buf(tmp, &gc); - free(tmp); - packet_id_read(&pid, &buf, false); - packet_id_read(&pid, &buf, true); - gc_free(&gc); - - char filename[256]; - sprintf(filename, "/tmp/libfuzzer.%d", getpid()); - - FILE *fp = fopen(filename, "wb"); - if (!fp) { - return 0; - } - fwrite(data, size, 1, fp); - fclose(fp); - - struct packet_id_persist p; - memset(&p, 0, sizeof(struct packet_id_persist)); - packet_id_persist_init(&p); - packet_id_persist_load(&p, filename); - //p.time = NULL; - struct timeval tv; - tv.tv_sec = p.time; - tv.tv_usec = 0; - if (localtime(&tv) != NULL) { - gc = gc_new(); - p.id_last_written = fuzz_randomizer_get_int(0, 0xfffffff); - //packet_id_persist_print(&p, &gc); - packet_id_persist_save(&p); - gc_free(&gc); - } - - packet_id_persist_close(&p); - - fuzz_random_destroy(); - return 0; -} diff --git a/projects/openvpn/fuzz_proxy.c b/projects/openvpn/fuzz_proxy.c deleted file mode 100644 index 128a6d077..000000000 --- a/projects/openvpn/fuzz_proxy.c +++ /dev/null @@ -1,144 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include "config.h" -#include <sys/time.h> -#include "syshead.h" -#include "interval.h" -#include "proxy.h" -#include <openssl/err.h> -#include <openssl/ssl.h> - -#include "fuzz_randomizer.h" - -int LLVMFuzzerInitialize(int *argc, char ***argv) -{ - OPENSSL_malloc_init(); - SSL_library_init(); - ERR_load_crypto_strings(); - - OpenSSL_add_all_algorithms(); - OpenSSL_add_ssl_algorithms(); - OpenSSL_add_all_digests(); - - SSL_load_error_strings(); - return 1; -} - - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - - char *tmp = NULL; - char *tmp2 = NULL; - - if (size < 500) { - return 0; - } - fuzz_random_init(data, size); - - struct gc_arena gc = gc_new(); - struct http_proxy_info pi; - ssize_t generic_ssizet; - int signal_received = 0; - struct buffer lookahead = alloc_buf(1024); - struct event_timeout evt; - - memset(&evt, 0, sizeof(struct event_timeout)); - memset(&pi, 0, sizeof(struct http_proxy_info)); - memset(&pi, 0, sizeof(pi)); - - generic_ssizet = 0; - char *fuzz_usrnm = fuzz_random_get_string_max_length(USER_PASS_LEN); - strcpy(pi.up.username, fuzz_usrnm); - if (strlen(pi.up.username) == 0) { - gc_free(&gc); - free_buf(&lookahead); - free(fuzz_usrnm); - fuzz_random_destroy(); - return 0; - } - - char *pswd = fuzz_random_get_string_max_length(USER_PASS_LEN); - strcpy(pi.up.password, pswd); - if (strlen(pi.up.password) == 0) { - gc_free(&gc); - free_buf(&lookahead); - - free(pswd); - free(fuzz_usrnm); - fuzz_random_destroy(); - return 0; - } - - generic_ssizet = fuzz_randomizer_get_int(0, 4); - switch (generic_ssizet) { - case 0: - pi.auth_method = HTTP_AUTH_NONE; - break; - case 1: - pi.auth_method = HTTP_AUTH_BASIC; - break; - case 2: - pi.auth_method = HTTP_AUTH_DIGEST; - break; - case 3: - pi.auth_method = HTTP_AUTH_NTLM; - break; - case 4: - pi.auth_method = HTTP_AUTH_NTLM2; - break; - } - pi.options.http_version = "1.1"; - - generic_ssizet = fuzz_randomizer_get_int(0, 4); - switch (generic_ssizet) { - case 0: - pi.options.auth_retry = PAR_NO; - break; - case 1: - pi.options.auth_retry = PAR_ALL; - break; - case 2: - pi.options.auth_retry = PAR_NCT; - break; - } - - char *tmp_authenticate = get_random_string(); - pi.proxy_authenticate = tmp_authenticate; - - //if (provider.ConsumeProbability<double>() < 0.5) { - //tmp = get_modifiable_string(provider); - tmp = get_random_string(); - pi.options.custom_headers[0].name = tmp; - //if (provider.ConsumeProbability<double>() < 0.5) { - //tmp2 = get_modifiable_string(provider); - tmp2 = get_random_string(); - pi.options.custom_headers[0].content = tmp2; - //} - //} - - establish_http_proxy_passthru(&pi, 0, "1.2.3.4", "777", &evt, &lookahead, - &signal_received); - free(pi.proxy_authenticate); - gc_free(&gc); - free_buf(&lookahead); - - if (tmp != NULL) free(tmp); - if (tmp2 != NULL) free(tmp2); - - free(pswd); - free(fuzz_usrnm); - fuzz_random_destroy(); - - - return 0; -} diff --git a/projects/openvpn/fuzz_randomizer.cpp b/projects/openvpn/fuzz_randomizer.cpp deleted file mode 100644 index 367c55862..000000000 --- a/projects/openvpn/fuzz_randomizer.cpp +++ /dev/null @@ -1,107 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include <fuzzer/FuzzedDataProvider.h> -#include <assert.h> - -FuzzedDataProvider *prov = NULL; - -extern "C" void fuzz_random_init(const uint8_t *data, size_t size) { - assert(prov == NULL); - prov = new FuzzedDataProvider(data, size); -} - -extern "C" void fuzz_random_destroy() { - assert(prov != NULL); - delete prov; - prov = NULL; -} - -extern "C" char *get_random_string() { - assert(prov != NULL); - - std::string s1 = prov->ConsumeRandomLengthString(); - char *tmp = (char *)malloc(s1.size() + 1); - memcpy(tmp, s1.c_str(), s1.size()); - tmp[s1.size()] = '\0'; - return tmp; -} - -extern "C" int fuzz_randomizer_get_int(int min, int max) { - assert(prov != NULL); - return prov->ConsumeIntegralInRange<int>(min, max); -} - -extern "C" char *fuzz_random_get_string_max_length(int max_len) { - assert(prov != NULL); - - std::string s1 = prov->ConsumeBytesAsString( - prov->ConsumeIntegralInRange<uint32_t>(1, max_len)); - char *tmp123 = (char*)malloc(s1.size()+1); - memcpy(tmp123, s1.c_str(), s1.size()); - tmp123[s1.size()] = '\0'; - - return tmp123; -} - -extern "C" size_t fuzz_get_random_data(void *buf, size_t len) { - assert(prov != NULL); - size_t ret_val; - char *cbuf = (char*)buf; - - if (prov->remaining_bytes() == 0) { - return -1; - } - - double prob = prov->ConsumeProbability<double>(); - if (prob < 0.05) { - return 0; - } - - //if (len == 1) { - // ret_val = prov->ConsumeData(buf, 1); - // return ret_val; - //} - ret_val = prov->ConsumeData(buf, len); - return ret_val; -} - - -// Simple garbage collector -#define GB_SIZE 100 -void *pointer_arr[GB_SIZE]; -static int pointer_idx = 0; - -// If the garbage collector is used then this must be called as first thing -// during a fuzz run. -extern "C" void gb_init() { - pointer_idx = 0; - - for (int i = 0; i < GB_SIZE; i++) { - pointer_arr[i] = NULL; - } -} - -extern "C" void gb_cleanup() { - for(int i = 0; i < GB_SIZE; i++) { - if (pointer_arr[i] != NULL) { - free(pointer_arr[i]); - } - } -} - -extern "C" char *gb_get_random_string() { - char *tmp = get_random_string(); - pointer_arr[pointer_idx++] = (void*)tmp; - return tmp; -} - diff --git a/projects/openvpn/fuzz_randomizer.h b/projects/openvpn/fuzz_randomizer.h deleted file mode 100644 index a063ecac6..000000000 --- a/projects/openvpn/fuzz_randomizer.h +++ /dev/null @@ -1,27 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include <stdio.h> -#include <stdint.h> - -void fuzz_random_init(const uint8_t *data, size_t size); -void fuzz_random_destroy(); -char *get_random_string(); -int fuzz_randomizer_get_int(int min, int max); -size_t fuzz_get_random_data(void *buf, size_t len); -char *fuzz_random_get_string_max_length(int max_len); - -void gb_init(); -void gb_cleanup(); -char *gb_get_random_string(); - -int fuzz_success; diff --git a/projects/openvpn/fuzz_route.c b/projects/openvpn/fuzz_route.c deleted file mode 100644 index 2ca27a39a..000000000 --- a/projects/openvpn/fuzz_route.c +++ /dev/null @@ -1,201 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include "config.h" -#include "syshead.h" -#include "init.h" -#include "proxy.h" -#include "interval.h" -#include "route.h" -#include "buffer.h" - -#include "fuzz_randomizer.h" - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - - fuzz_random_init(data, size); - - gb_init(); - - struct route_option_list *opt; - struct route_list rl; - - int route_list_inited = 0; - int route_list_ipv6_inited = 0; - - struct context c; - memset(&c, 0, sizeof(struct context)); - gc_init(&c.gc); - c.es = env_set_create(&c.gc); - init_options(&c.options, true); - net_ctx_init(&c, &c.net_ctx); - init_verb_mute(&c, IVM_LEVEL_1); - - init_options_dev(&c.options); - - // options_postprocess(&c.options); - pre_setup(&c.options); - - setenv_settings(c.es, &c.options); - - ALLOC_OBJ_CLEAR_GC(c.options.connection_list, struct connection_list, - &c.options.gc); - context_init_1(&c); - - in_addr_t remote_host; - ssize_t default_metric; - - struct route_ipv6_list rl6; - struct route_ipv6_option_list *opt6; - - memset(&rl, 0, sizeof(rl)); - memset(&rl6, 0, sizeof(rl6)); - memset(&opt, 0, sizeof(opt)); - memset(&opt6, 0, sizeof(opt6)); - - opt6 = new_route_ipv6_option_list(&c.gc); - opt = new_route_option_list(&c.gc); - - int total_to_fuzz = fuzz_randomizer_get_int(1, 20); - for (int i = 0; i < total_to_fuzz; i++) { - int selector = fuzz_randomizer_get_int(0, 13); - switch (selector) { - case 0: - if (route_list_inited == 0) { - const char *remote_endpoint = gb_get_random_string(); - memset(&rl, 0, sizeof(struct route_list)); - rl.flags = fuzz_randomizer_get_int(0, 0xffffff); - - init_route_list(&rl, opt, remote_endpoint, default_metric, remote_host, - c.es, &c); - route_list_inited = 1; - } - break; - case 1: - if (route_list_inited) { - in_addr_t addr; - route_list_add_vpn_gateway(&rl, c.es, addr); - } - break; - case 2: - if (route_list_inited && route_list_ipv6_inited) { - struct tuntap tt; - memset(&tt, 0, sizeof(tt)); - add_routes(&rl, &rl6, &tt, 0, c.es, &c); - } - break; - case 3: - if (route_list_inited) { - setenv_routes(c.es, &rl); - } - break; - case 4: - if (route_list_inited) { - struct route_ipv4 r; - struct route_option ro; - ro.network = gb_get_random_string(); - ro.netmask = gb_get_random_string(); - ro.gateway = gb_get_random_string(); - ro.metric = gb_get_random_string(); - ro.next = NULL; - - memset(&r, 0, sizeof(struct route_ipv4)); - r.option = &ro; - r.flags = RT_DEFINED; - add_route(&r, NULL, 0, NULL, c.es, &c); - } - break; - case 5: - if (route_list_inited) { - char *s1 = get_random_string(); - is_special_addr(s1); - free(s1); - } - break; - case 6: - if (route_list_ipv6_inited == 0) { - const char *remote_endpoint = gb_get_random_string(); - memset(&rl, 0, sizeof(struct route_list)); - struct in6_addr remote_host; - - rl6.rgi6.flags = fuzz_randomizer_get_int(0, 0xffffff); - fuzz_get_random_data(&rl6.rgi6.hwaddr, 6); - - char *t1 = gb_get_random_string(); - if (strlen(t1) > 16) { - memcpy(rl6.rgi6.iface, t1, 16); - } else { - memcpy(rl6.rgi6.iface, t1, strlen(t1)); - } - - init_route_ipv6_list(&rl6, opt6, remote_endpoint, 0, &remote_host, c.es, - &c); - route_list_ipv6_inited = 1; - } - break; - case 7: { - unsigned int flags; - struct route_ipv6 r6; - struct tuntap tt; - memset(&tt, 0, sizeof(tt)); - tt.actual_name = gb_get_random_string(); - r6.iface = gb_get_random_string(); - r6.flags = fuzz_randomizer_get_int(0, 0xfffff); - r6.netbits = fuzz_randomizer_get_int(0, 0xfffff); - r6.metric = fuzz_randomizer_get_int(0, 0xfffff); - - r6.next = NULL; - - add_route_ipv6(&r6, &tt, 0, c.es, &c); - } break; - case 8: - if (route_list_ipv6_inited && route_list_inited) { - delete_routes(&rl, &rl6, NULL, 0, c.es, &c); - route_list_ipv6_inited = 0; - route_list_inited = 0; - } - break; - case 9: - if (route_list_ipv6_inited) { - setenv_routes_ipv6(c.es, &rl6); - } - break; - case 10: { - add_route_ipv6_to_option_list(opt6, gb_get_random_string(), - gb_get_random_string(), - gb_get_random_string()); - } break; - case 11: { - print_route_options(opt, M_NONFATAL); - } break; - case 12: { - add_route_to_option_list(opt, gb_get_random_string(), - gb_get_random_string(), gb_get_random_string(), - gb_get_random_string()); - } break; - default: - break; - } - } - - if (route_list_inited) { - gc_free(&rl.gc); - } - env_set_destroy(c.es); - context_gc_free(&c); - - fuzz_random_destroy(); - - gb_cleanup(); - - return 0; -} diff --git a/projects/openvpn/fuzz_verify_cert.c b/projects/openvpn/fuzz_verify_cert.c deleted file mode 100644 index c73a6ac82..000000000 --- a/projects/openvpn/fuzz_verify_cert.c +++ /dev/null @@ -1,167 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include "config.h" -#include "syshead.h" - -#include <openssl/x509.h> -#include <openssl/x509v3.h> -#include <openssl/ssl.h> -#include <openssl/err.h> - -#include "fuzz_verify_cert.h" -#include "misc.h" -#include "manage.h" -#include "otime.h" -#include "base64.h" -#include "ssl_verify.h" -#include "ssl_verify_backend.h" - -#include "fuzz_randomizer.h" - - -static int parse_x509(const uint8_t *data, size_t size, X509 **out) { - *out = d2i_X509(NULL, (const unsigned char **)&data, size); - if (*out == NULL) { - return -1; - } - - return 0; -} - - -int LLVMFuzzerInitialize(int *argc, char ***argv) { - OPENSSL_malloc_init(); - SSL_library_init(); - ERR_load_crypto_strings(); - - OpenSSL_add_all_algorithms(); - OpenSSL_add_ssl_algorithms(); - - SSL_load_error_strings(); - return 1; -} - - -static int init_session_opt(struct tls_options **_opt, struct gc_arena *gc) { - ssize_t nid; - ssize_t generic_ssizet; - struct tls_options *opt; - int r; - - ALLOC_OBJ_GC(*_opt, struct tls_options, gc); - if (opt == NULL) { - return -1; - } - - opt = *_opt; - - memset(opt, 0xFE, sizeof(struct tls_options)); - - opt->es = env_set_create(gc); - opt->x509_username_field[0] = NULL; - opt->remote_cert_eku = NULL; - - /* Prevents failure if x509 sha1 hashes do not match */ - opt->verify_hash = NULL; - - /* Prevent attempt to run --tls-verify script */ - opt->verify_command = NULL; - - /* Do not verify against CRL file */ - opt->crl_file = NULL; - - /* Do not run --tls-verify plugins */ - opt->plugins = NULL; - - r = fuzz_randomizer_get_int(0, 1); - if (r == 0) { - opt->x509_username_field[0] = nidstrs[fuzz_randomizer_get_int(0, (sizeof(nidstrs)/sizeof(nidstrs[0])) - 1)]; - } - else { - opt->x509_username_field[0] = "ext:subjectAltName"; - } - opt->x509_username_field[1] = NULL; - - r = fuzz_randomizer_get_int(0, 2); - if (r == 0) - opt->ns_cert_type = NS_CERT_CHECK_CLIENT; - else if (r == 1) - opt->ns_cert_type = NS_CERT_CHECK_SERVER; - else - opt->ns_cert_type = NS_CERT_CHECK_NONE; - - opt->x509_track = NULL; - - r = fuzz_randomizer_get_int(0, 1); - if (r == 0) - opt->remote_cert_eku = NULL; - else - opt->remote_cert_eku = get_random_string(); - - return 0; -} - - -static int init_session(struct tls_session **_session, struct gc_arena *gc) { - struct tls_session *session; - - ALLOC_OBJ_GC(*_session, struct tls_session, gc); - if (*_session == NULL) { - return -1; - } - - session = *_session; - memset(session, 0xFE, sizeof(struct tls_session)); - - /* Accessed in set_common_name() */ - session->common_name = get_random_string();; - - /* Initialize the session->opt structure */ - if (init_session_opt(&(session->opt), gc) == -1) { - free(session->common_name); - return -1; - } - - /* Accessed in server_untrusted() */ - session->untrusted_addr.dest.addr.sa.sa_family = AF_UNSPEC; - - return 0; -} - - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - fuzz_random_init(data, size); - - struct gc_arena gc; - struct tls_session *session = NULL; - X509 *x509 = NULL; - gc = gc_new(); - - if (parse_x509(data, size, &x509) == 0) { - if (init_session(&session, &gc) == 0) { - verify_cert(session, x509, 100); - if (session->opt->remote_cert_eku != NULL) { - free(session->opt->remote_cert_eku); - } - free(session->common_name); - } - - } - - X509_free(x509); - gc_free(&gc); - - fuzz_random_destroy(); - - return 0; -} diff --git a/projects/openvpn/fuzz_verify_cert.h b/projects/openvpn/fuzz_verify_cert.h deleted file mode 100644 index 8a53669b3..000000000 --- a/projects/openvpn/fuzz_verify_cert.h +++ /dev/null @@ -1,1065 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -static char* nidstrs[] = { -"AD_DVCS", -"AES-128-CBC", -"AES-128-CBC-HMAC-SHA1", -"AES-128-CBC-HMAC-SHA256", -"AES-128-CFB", -"AES-128-CFB1", -"AES-128-CFB8", -"AES-128-CTR", -"AES-128-ECB", -"AES-128-OCB", -"AES-128-OFB", -"AES-128-XTS", -"AES-192-CBC", -"AES-192-CBC-HMAC-SHA1", -"AES-192-CBC-HMAC-SHA256", -"AES-192-CFB", -"AES-192-CFB1", -"AES-192-CFB8", -"AES-192-CTR", -"AES-192-ECB", -"AES-192-OCB", -"AES-192-OFB", -"AES-256-CBC", -"AES-256-CBC-HMAC-SHA1", -"AES-256-CBC-HMAC-SHA256", -"AES-256-CFB", -"AES-256-CFB1", -"AES-256-CFB8", -"AES-256-CTR", -"AES-256-ECB", -"AES-256-OCB", -"AES-256-OFB", -"AES-256-XTS", -"AuthDSS", -"AuthECDSA", -"AuthGOST01", -"AuthGOST12", -"AuthNULL", -"AuthPSK", -"AuthRSA", -"AuthSRP", -"BF-CBC", -"BF-CFB", -"BF-ECB", -"BF-OFB", -"BLAKE2b512", -"BLAKE2s256", -"C", -"CAMELLIA-128-CBC", -"CAMELLIA-128-CCM", -"CAMELLIA-128-CFB", -"CAMELLIA-128-CFB1", -"CAMELLIA-128-CFB8", -"CAMELLIA-128-CMAC", -"CAMELLIA-128-CTR", -"CAMELLIA-128-ECB", -"CAMELLIA-128-GCM", -"CAMELLIA-128-OFB", -"CAMELLIA-192-CBC", -"CAMELLIA-192-CCM", -"CAMELLIA-192-CFB", -"CAMELLIA-192-CFB1", -"CAMELLIA-192-CFB8", -"CAMELLIA-192-CMAC", -"CAMELLIA-192-CTR", -"CAMELLIA-192-ECB", -"CAMELLIA-192-GCM", -"CAMELLIA-192-OFB", -"CAMELLIA-256-CBC", -"CAMELLIA-256-CCM", -"CAMELLIA-256-CFB", -"CAMELLIA-256-CFB1", -"CAMELLIA-256-CFB8", -"CAMELLIA-256-CMAC", -"CAMELLIA-256-CTR", -"CAMELLIA-256-ECB", -"CAMELLIA-256-GCM", -"CAMELLIA-256-OFB", -"CAST5-CBC", -"CAST5-CFB", -"CAST5-ECB", -"CAST5-OFB", -"CMAC", -"CN", -"CRLReason", -"CSPName", -"ChaCha20", -"ChaCha20-Poly1305", -"CrlID", -"DC", -"DES-CBC", -"DES-CDMF", -"DES-CFB", -"DES-CFB1", -"DES-CFB8", -"DES-ECB", -"DES-EDE", -"DES-EDE-CBC", -"DES-EDE-CFB", -"DES-EDE-OFB", -"DES-EDE3", -"DES-EDE3-CBC", -"DES-EDE3-CFB", -"DES-EDE3-CFB1", -"DES-EDE3-CFB8", -"DES-EDE3-OFB", -"DES-OFB", -"DESX-CBC", -"DOD", -"DSA", -"DSA-SHA", -"DSA-SHA1", -"DSA-SHA1-old", -"DSA-old", -"DVCS", -"GN", -"HKDF", -"HMAC", -"HMAC-MD5", -"HMAC-SHA1", -"IANA", -"IDEA-CBC", -"IDEA-CFB", -"IDEA-ECB", -"IDEA-OFB", -"INN", -"ISO", -"ISO-US", -"ITU-T", -"JOINT-ISO-ITU-T", -"KISA", -"KxDHE", -"KxDHE-PSK", -"KxECDHE", -"KxECDHE-PSK", -"KxGOST", -"KxPSK", -"KxRSA", -"KxRSA_PSK", -"KxSRP", -"L", -"LocalKeySet", -"MD2", -"MD4", -"MD5", -"MD5-SHA1", -"MDC2", -"MGF1", -"Mail", -"NULL", -"Netscape", -"Nonce", -"O", -"OCSP", -"OCSPSigning", -"OGRN", -"ORG", -"OU", -"Oakley-EC2N-3", -"Oakley-EC2N-4", -"PBE-MD2-DES", -"PBE-MD2-RC2-64", -"PBE-MD5-DES", -"PBE-MD5-RC2-64", -"PBE-SHA1-2DES", -"PBE-SHA1-3DES", -"PBE-SHA1-DES", -"PBE-SHA1-RC2-128", -"PBE-SHA1-RC2-40", -"PBE-SHA1-RC2-64", -"PBE-SHA1-RC4-128", -"PBE-SHA1-RC4-40", -"PBES2", -"PBKDF2", -"PBMAC1", -"PKIX", -"PSPECIFIED", -"RC2-40-CBC", -"RC2-64-CBC", -"RC2-CBC", -"RC2-CFB", -"RC2-ECB", -"RC2-OFB", -"RC4", -"RC4-40", -"RC4-HMAC-MD5", -"RC5-CBC", -"RC5-CFB", -"RC5-ECB", -"RC5-OFB", -"RIPEMD160", -"RSA", -"RSA-MD2", -"RSA-MD4", -"RSA-MD5", -"RSA-MDC2", -"RSA-NP-MD5", -"RSA-RIPEMD160", -"RSA-SHA", -"RSA-SHA1", -"RSA-SHA1-2", -"RSA-SHA224", -"RSA-SHA256", -"RSA-SHA384", -"RSA-SHA512", -"RSAES-OAEP", -"RSASSA-PSS", -"SEED-CBC", -"SEED-CFB", -"SEED-ECB", -"SEED-OFB", -"SHA", -"SHA1", -"SHA224", -"SHA256", -"SHA384", -"SHA512", -"SMIME", -"SMIME-CAPS", -"SN", -"SNILS", -"ST", -"SXNetID", -"TLS1-PRF", -"UID", -"UNDEF", -"X25519", -"X448", -"X500", -"X500algorithms", -"X509", -"X9-57", -"X9cm", -"ZLIB", -"aRecord", -"aaControls", -"ac-auditEntity", -"ac-proxying", -"ac-targeting", -"acceptableResponses", -"account", -"ad_timestamping", -"algorithm", -"ansi-X9-62", -"anyExtendedKeyUsage", -"anyPolicy", -"archiveCutoff", -"associatedDomain", -"associatedName", -"audio", -"authorityInfoAccess", -"authorityKeyIdentifier", -"authorityRevocationList", -"basicConstraints", -"basicOCSPResponse", -"biometricInfo", -"brainpoolP160r1", -"brainpoolP160t1", -"brainpoolP192r1", -"brainpoolP192t1", -"brainpoolP224r1", -"brainpoolP224t1", -"brainpoolP256r1", -"brainpoolP256t1", -"brainpoolP320r1", -"brainpoolP320t1", -"brainpoolP384r1", -"brainpoolP384t1", -"brainpoolP512r1", -"brainpoolP512t1", -"buildingName", -"businessCategory", -"c2onb191v4", -"c2onb191v5", -"c2onb239v4", -"c2onb239v5", -"c2pnb163v1", -"c2pnb163v2", -"c2pnb163v3", -"c2pnb176v1", -"c2pnb208w1", -"c2pnb272w1", -"c2pnb304w1", -"c2pnb368w1", -"c2tnb191v1", -"c2tnb191v2", -"c2tnb191v3", -"c2tnb239v1", -"c2tnb239v2", -"c2tnb239v3", -"c2tnb359v1", -"c2tnb431r1", -"cACertificate", -"cNAMERecord", -"caIssuers", -"caRepository", -"capwapAC", -"capwapWTP", -"caseIgnoreIA5StringSyntax", -"certBag", -"certicom-arc", -"certificateIssuer", -"certificatePolicies", -"certificateRevocationList", -"challengePassword", -"characteristic-two-field", -"clearance", -"clientAuth", -"codeSigning", -"contentType", -"countersignature", -"crlBag", -"crlDistributionPoints", -"crlNumber", -"crossCertificatePair", -"cryptocom", -"cryptopro", -"ct_cert_scts", -"ct_precert_poison", -"ct_precert_scts", -"ct_precert_signer", -"dITRedirect", -"dNSDomain", -"dSAQuality", -"data", -"dcobject", -"deltaCRL", -"deltaRevocationList", -"description", -"destinationIndicator", -"dh-cofactor-kdf", -"dh-std-kdf", -"dhKeyAgreement", -"dhSinglePass-cofactorDH-sha1kdf-scheme", -"dhSinglePass-cofactorDH-sha224kdf-scheme", -"dhSinglePass-cofactorDH-sha256kdf-scheme", -"dhSinglePass-cofactorDH-sha384kdf-scheme", -"dhSinglePass-cofactorDH-sha512kdf-scheme", -"dhSinglePass-stdDH-sha1kdf-scheme", -"dhSinglePass-stdDH-sha224kdf-scheme", -"dhSinglePass-stdDH-sha256kdf-scheme", -"dhSinglePass-stdDH-sha384kdf-scheme", -"dhSinglePass-stdDH-sha512kdf-scheme", -"dhpublicnumber", -"directory", -"distinguishedName", -"dmdName", -"dnQualifier", -"document", -"documentAuthor", -"documentIdentifier", -"documentLocation", -"documentPublisher", -"documentSeries", -"documentTitle", -"documentVersion", -"domain", -"domainRelatedObject", -"dsa_with_SHA224", -"dsa_with_SHA256", -"ecdsa-with-Recommended", -"ecdsa-with-SHA1", -"ecdsa-with-SHA224", -"ecdsa-with-SHA256", -"ecdsa-with-SHA384", -"ecdsa-with-SHA512", -"ecdsa-with-Specified", -"emailAddress", -"emailProtection", -"enhancedSearchGuide", -"enterprises", -"experimental", -"extReq", -"extendedCertificateAttributes", -"extendedKeyUsage", -"extendedStatus", -"facsimileTelephoneNumber", -"favouriteDrink", -"freshestCRL", -"friendlyCountry", -"friendlyCountryName", -"friendlyName", -"generationQualifier", -"gost-mac", -"gost-mac-12", -"gost2001", -"gost2001cc", -"gost2012_256", -"gost2012_512", -"gost89", -"gost89-cbc", -"gost89-cnt", -"gost89-cnt-12", -"gost89-ctr", -"gost89-ecb", -"gost94", -"gost94cc", -"grasshopper-cbc", -"grasshopper-cfb", -"grasshopper-ctr", -"grasshopper-ecb", -"grasshopper-mac", -"grasshopper-ofb", -"hmacWithMD5", -"hmacWithSHA1", -"hmacWithSHA224", -"hmacWithSHA256", -"hmacWithSHA384", -"hmacWithSHA512", -"holdInstructionCallIssuer", -"holdInstructionCode", -"holdInstructionNone", -"holdInstructionReject", -"homePostalAddress", -"homeTelephoneNumber", -"host", -"houseIdentifier", -"iA5StringSyntax", -"id-DHBasedMac", -"id-Gost28147-89-CryptoPro-A-ParamSet", -"id-Gost28147-89-CryptoPro-B-ParamSet", -"id-Gost28147-89-CryptoPro-C-ParamSet", -"id-Gost28147-89-CryptoPro-D-ParamSet", -"id-Gost28147-89-CryptoPro-KeyMeshing", -"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", -"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", -"id-Gost28147-89-CryptoPro-RIC-1-ParamSet", -"id-Gost28147-89-None-KeyMeshing", -"id-Gost28147-89-TestParamSet", -"id-Gost28147-89-cc", -"id-GostR3410-2001-CryptoPro-A-ParamSet", -"id-GostR3410-2001-CryptoPro-B-ParamSet", -"id-GostR3410-2001-CryptoPro-C-ParamSet", -"id-GostR3410-2001-CryptoPro-XchA-ParamSet", -"id-GostR3410-2001-CryptoPro-XchB-ParamSet", -"id-GostR3410-2001-ParamSet-cc", -"id-GostR3410-2001-TestParamSet", -"id-GostR3410-2001DH", -"id-GostR3410-94-CryptoPro-A-ParamSet", -"id-GostR3410-94-CryptoPro-B-ParamSet", -"id-GostR3410-94-CryptoPro-C-ParamSet", -"id-GostR3410-94-CryptoPro-D-ParamSet", -"id-GostR3410-94-CryptoPro-XchA-ParamSet", -"id-GostR3410-94-CryptoPro-XchB-ParamSet", -"id-GostR3410-94-CryptoPro-XchC-ParamSet", -"id-GostR3410-94-TestParamSet", -"id-GostR3410-94-a", -"id-GostR3410-94-aBis", -"id-GostR3410-94-b", -"id-GostR3410-94-bBis", -"id-GostR3410-94DH", -"id-GostR3411-94-CryptoProParamSet", -"id-GostR3411-94-TestParamSet", -"id-GostR3411-94-with-GostR3410-2001", -"id-GostR3411-94-with-GostR3410-2001-cc", -"id-GostR3411-94-with-GostR3410-94", -"id-GostR3411-94-with-GostR3410-94-cc", -"id-HMACGostR3411-94", -"id-PasswordBasedMAC", -"id-aca", -"id-aca-accessIdentity", -"id-aca-authenticationInfo", -"id-aca-chargingIdentity", -"id-aca-encAttrs", -"id-aca-group", -"id-aca-role", -"id-ad", -"id-aes128-CCM", -"id-aes128-GCM", -"id-aes128-wrap", -"id-aes128-wrap-pad", -"id-aes192-CCM", -"id-aes192-GCM", -"id-aes192-wrap", -"id-aes192-wrap-pad", -"id-aes256-CCM", -"id-aes256-GCM", -"id-aes256-wrap", -"id-aes256-wrap-pad", -"id-alg", -"id-alg-PWRI-KEK", -"id-alg-des40", -"id-alg-dh-pop", -"id-alg-dh-sig-hmac-sha1", -"id-alg-noSignature", -"id-camellia128-wrap", -"id-camellia192-wrap", -"id-camellia256-wrap", -"id-cct", -"id-cct-PKIData", -"id-cct-PKIResponse", -"id-cct-crs", -"id-ce", -"id-characteristic-two-basis", -"id-cmc", -"id-cmc-addExtensions", -"id-cmc-confirmCertAcceptance", -"id-cmc-dataReturn", -"id-cmc-decryptedPOP", -"id-cmc-encryptedPOP", -"id-cmc-getCRL", -"id-cmc-getCert", -"id-cmc-identification", -"id-cmc-identityProof", -"id-cmc-lraPOPWitness", -"id-cmc-popLinkRandom", -"id-cmc-popLinkWitness", -"id-cmc-queryPending", -"id-cmc-recipientNonce", -"id-cmc-regInfo", -"id-cmc-responseInfo", -"id-cmc-revokeRequest", -"id-cmc-senderNonce", -"id-cmc-statusInfo", -"id-cmc-transactionId", -"id-ct-asciiTextWithCRLF", -"id-ct-xml", -"id-ecPublicKey", -"id-hex-multipart-message", -"id-hex-partial-message", -"id-it", -"id-it-caKeyUpdateInfo", -"id-it-caProtEncCert", -"id-it-confirmWaitTime", -"id-it-currentCRL", -"id-it-encKeyPairTypes", -"id-it-implicitConfirm", -"id-it-keyPairParamRep", -"id-it-keyPairParamReq", -"id-it-origPKIMessage", -"id-it-preferredSymmAlg", -"id-it-revPassphrase", -"id-it-signKeyPairTypes", -"id-it-subscriptionRequest", -"id-it-subscriptionResponse", -"id-it-suppLangTags", -"id-it-unsupportedOIDs", -"id-kp", -"id-mod-attribute-cert", -"id-mod-cmc", -"id-mod-cmp", -"id-mod-cmp2000", -"id-mod-crmf", -"id-mod-dvcs", -"id-mod-kea-profile-88", -"id-mod-kea-profile-93", -"id-mod-ocsp", -"id-mod-qualified-cert-88", -"id-mod-qualified-cert-93", -"id-mod-timestamp-protocol", -"id-on", -"id-on-permanentIdentifier", -"id-on-personalData", -"id-pda", -"id-pda-countryOfCitizenship", -"id-pda-countryOfResidence", -"id-pda-dateOfBirth", -"id-pda-gender", -"id-pda-placeOfBirth", -"id-pe", -"id-pkinit", -"id-pkip", -"id-pkix-mod", -"id-pkix1-explicit-88", -"id-pkix1-explicit-93", -"id-pkix1-implicit-88", -"id-pkix1-implicit-93", -"id-ppl", -"id-ppl-anyLanguage", -"id-ppl-independent", -"id-ppl-inheritAll", -"id-qcs", -"id-qcs-pkixQCSyntax-v1", -"id-qt", -"id-qt-cps", -"id-qt-unotice", -"id-regCtrl", -"id-regCtrl-authenticator", -"id-regCtrl-oldCertID", -"id-regCtrl-pkiArchiveOptions", -"id-regCtrl-pkiPublicationInfo", -"id-regCtrl-protocolEncrKey", -"id-regCtrl-regToken", -"id-regInfo", -"id-regInfo-certReq", -"id-regInfo-utf8Pairs", -"id-scrypt", -"id-set", -"id-smime-aa", -"id-smime-aa-contentHint", -"id-smime-aa-contentIdentifier", -"id-smime-aa-contentReference", -"id-smime-aa-dvcs-dvc", -"id-smime-aa-encapContentType", -"id-smime-aa-encrypKeyPref", -"id-smime-aa-equivalentLabels", -"id-smime-aa-ets-CertificateRefs", -"id-smime-aa-ets-RevocationRefs", -"id-smime-aa-ets-archiveTimeStamp", -"id-smime-aa-ets-certCRLTimestamp", -"id-smime-aa-ets-certValues", -"id-smime-aa-ets-commitmentType", -"id-smime-aa-ets-contentTimestamp", -"id-smime-aa-ets-escTimeStamp", -"id-smime-aa-ets-otherSigCert", -"id-smime-aa-ets-revocationValues", -"id-smime-aa-ets-sigPolicyId", -"id-smime-aa-ets-signerAttr", -"id-smime-aa-ets-signerLocation", -"id-smime-aa-macValue", -"id-smime-aa-mlExpandHistory", -"id-smime-aa-msgSigDigest", -"id-smime-aa-receiptRequest", -"id-smime-aa-securityLabel", -"id-smime-aa-signatureType", -"id-smime-aa-signingCertificate", -"id-smime-aa-smimeEncryptCerts", -"id-smime-aa-timeStampToken", -"id-smime-alg", -"id-smime-alg-3DESwrap", -"id-smime-alg-CMS3DESwrap", -"id-smime-alg-CMSRC2wrap", -"id-smime-alg-ESDH", -"id-smime-alg-ESDHwith3DES", -"id-smime-alg-ESDHwithRC2", -"id-smime-alg-RC2wrap", -"id-smime-cd", -"id-smime-cd-ldap", -"id-smime-ct", -"id-smime-ct-DVCSRequestData", -"id-smime-ct-DVCSResponseData", -"id-smime-ct-TDTInfo", -"id-smime-ct-TSTInfo", -"id-smime-ct-authData", -"id-smime-ct-authEnvelopedData", -"id-smime-ct-compressedData", -"id-smime-ct-contentCollection", -"id-smime-ct-contentInfo", -"id-smime-ct-publishCert", -"id-smime-ct-receipt", -"id-smime-cti", -"id-smime-cti-ets-proofOfApproval", -"id-smime-cti-ets-proofOfCreation", -"id-smime-cti-ets-proofOfDelivery", -"id-smime-cti-ets-proofOfOrigin", -"id-smime-cti-ets-proofOfReceipt", -"id-smime-cti-ets-proofOfSender", -"id-smime-mod", -"id-smime-mod-cms", -"id-smime-mod-ess", -"id-smime-mod-ets-eSigPolicy-88", -"id-smime-mod-ets-eSigPolicy-97", -"id-smime-mod-ets-eSignature-88", -"id-smime-mod-ets-eSignature-97", -"id-smime-mod-msg-v3", -"id-smime-mod-oid", -"id-smime-spq", -"id-smime-spq-ets-sqt-unotice", -"id-smime-spq-ets-sqt-uri", -"id-tc26", -"id-tc26-agreement", -"id-tc26-agreement-gost-3410-2012-256", -"id-tc26-agreement-gost-3410-2012-512", -"id-tc26-algorithms", -"id-tc26-cipher", -"id-tc26-cipher-constants", -"id-tc26-constants", -"id-tc26-digest", -"id-tc26-digest-constants", -"id-tc26-gost-28147-constants", -"id-tc26-gost-28147-param-Z", -"id-tc26-gost-3410-2012-512-constants", -"id-tc26-gost-3410-2012-512-paramSetA", -"id-tc26-gost-3410-2012-512-paramSetB", -"id-tc26-gost-3410-2012-512-paramSetTest", -"id-tc26-hmac-gost-3411-2012-256", -"id-tc26-hmac-gost-3411-2012-512", -"id-tc26-mac", -"id-tc26-sign", -"id-tc26-sign-constants", -"id-tc26-signwithdigest", -"id-tc26-signwithdigest-gost3410-2012-256", -"id-tc26-signwithdigest-gost3410-2012-512", -"identified-organization", -"info", -"inhibitAnyPolicy", -"initials", -"international-organizations", -"internationaliSDNNumber", -"invalidityDate", -"ipsecEndSystem", -"ipsecIKE", -"ipsecTunnel", -"ipsecUser", -"issuerAltName", -"issuerSignTool", -"issuingDistributionPoint", -"janetMailbox", -"jurisdictionC", -"jurisdictionL", -"jurisdictionST", -"keyBag", -"keyUsage", -"lastModifiedBy", -"lastModifiedTime", -"localKeyID", -"mXRecord", -"mail", -"mailPreferenceOption", -"manager", -"md_gost12_256", -"md_gost12_512", -"md_gost94", -"member", -"member-body", -"messageDigest", -"mgmt", -"mime-mhs", -"mime-mhs-bodies", -"mime-mhs-headings", -"mobileTelephoneNumber", -"msCTLSign", -"msCodeCom", -"msCodeInd", -"msEFS", -"msExtReq", -"msSGC", -"msSmartcardLogin", -"msUPN", -"nSRecord", -"name", -"nameConstraints", -"noCheck", -"noRevAvail", -"nsBaseUrl", -"nsCaPolicyUrl", -"nsCaRevocationUrl", -"nsCertExt", -"nsCertSequence", -"nsCertType", -"nsComment", -"nsDataType", -"nsRenewalUrl", -"nsRevocationUrl", -"nsSGC", -"nsSslServerName", -"onBasis", -"organizationalStatus", -"otherMailbox", -"owner", -"pagerTelephoneNumber", -"path", -"pbeWithMD5AndCast5CBC", -"personalSignature", -"personalTitle", -"photo", -"physicalDeliveryOfficeName", -"pilot", -"pilotAttributeSyntax", -"pilotAttributeType", -"pilotAttributeType27", -"pilotDSA", -"pilotGroups", -"pilotObject", -"pilotObjectClass", -"pilotOrganization", -"pilotPerson", -"pkInitClientAuth", -"pkInitKDC", -"pkcs", -"pkcs1", -"pkcs3", -"pkcs5", -"pkcs7", -"pkcs7-data", -"pkcs7-digestData", -"pkcs7-encryptedData", -"pkcs7-envelopedData", -"pkcs7-signedAndEnvelopedData", -"pkcs7-signedData", -"pkcs8ShroudedKeyBag", -"pkcs9", -"policyConstraints", -"policyMappings", -"postOfficeBox", -"postalAddress", -"postalCode", -"ppBasis", -"preferredDeliveryMethod", -"presentationAddress", -"prf-gostr3411-94", -"prime-field", -"prime192v1", -"prime192v2", -"prime192v3", -"prime239v1", -"prime239v2", -"prime239v3", -"prime256v1", -"private", -"privateKeyUsagePeriod", -"protocolInformation", -"proxyCertInfo", -"pseudonym", -"pss", -"qcStatements", -"qualityLabelledData", -"rFC822localPart", -"registeredAddress", -"role", -"roleOccupant", -"room", -"roomNumber", -"rsaEncryption", -"rsaOAEPEncryptionSET", -"rsaSignature", -"rsadsi", -"sOARecord", -"safeContentsBag", -"sbgp-autonomousSysNum", -"sbgp-ipAddrBlock", -"sbgp-routerIdentifier", -"sdsiCertificate", -"searchGuide", -"secp112r1", -"secp112r2", -"secp128r1", -"secp128r2", -"secp160k1", -"secp160r1", -"secp160r2", -"secp192k1", -"secp224k1", -"secp224r1", -"secp256k1", -"secp384r1", -"secp521r1", -"secretBag", -"secretary", -"sect113r1", -"sect113r2", -"sect131r1", -"sect131r2", -"sect163k1", -"sect163r1", -"sect163r2", -"sect193r1", -"sect193r2", -"sect233k1", -"sect233r1", -"sect239k1", -"sect283k1", -"sect283r1", -"sect409k1", -"sect409r1", -"sect571k1", -"sect571r1", -"secureShellClient", -"secureShellServer", -"security", -"seeAlso", -"selected-attribute-types", -"sendOwner", -"sendProxiedOwner", -"sendProxiedRouter", -"sendRouter", -"serialNumber", -"serverAuth", -"serviceLocator", -"set-addPolicy", -"set-attr", -"set-brand", -"set-brand-AmericanExpress", -"set-brand-Diners", -"set-brand-IATA-ATA", -"set-brand-JCB", -"set-brand-MasterCard", -"set-brand-Novus", -"set-brand-Visa", -"set-certExt", -"set-ctype", -"set-msgExt", -"set-policy", -"set-policy-root", -"set-rootKeyThumb", -"setAttr-Cert", -"setAttr-GenCryptgrm", -"setAttr-IssCap", -"setAttr-IssCap-CVM", -"setAttr-IssCap-Sig", -"setAttr-IssCap-T2", -"setAttr-PGWYcap", -"setAttr-SecDevSig", -"setAttr-T2Enc", -"setAttr-T2cleartxt", -"setAttr-TokICCsig", -"setAttr-Token-B0Prime", -"setAttr-Token-EMV", -"setAttr-TokenType", -"setCext-IssuerCapabilities", -"setCext-PGWYcapabilities", -"setCext-TokenIdentifier", -"setCext-TokenType", -"setCext-Track2Data", -"setCext-cCertRequired", -"setCext-certType", -"setCext-hashedRoot", -"setCext-merchData", -"setCext-setExt", -"setCext-setQualf", -"setCext-tunneling", -"setct-AcqCardCodeMsg", -"setct-AcqCardCodeMsgTBE", -"setct-AuthReqTBE", -"setct-AuthReqTBS", -"setct-AuthResBaggage", -"setct-AuthResTBE", -"setct-AuthResTBEX", -"setct-AuthResTBS", -"setct-AuthResTBSX", -"setct-AuthRevReqBaggage", -"setct-AuthRevReqTBE", -"setct-AuthRevReqTBS", -"setct-AuthRevResBaggage", -"setct-AuthRevResData", -"setct-AuthRevResTBE", -"setct-AuthRevResTBEB", -"setct-AuthRevResTBS", -"setct-AuthTokenTBE", -"setct-AuthTokenTBS", -"setct-BCIDistributionTBS", -"setct-BatchAdminReqData", -"setct-BatchAdminReqTBE", -"setct-BatchAdminResData", -"setct-BatchAdminResTBE", -"setct-CRLNotificationResTBS", -"setct-CRLNotificationTBS", -"setct-CapReqTBE", -"setct-CapReqTBEX", -"setct-CapReqTBS", -"setct-CapReqTBSX", -"setct-CapResData", -"setct-CapResTBE", -"setct-CapRevReqTBE", -"setct-CapRevReqTBEX", -"setct-CapRevReqTBS", -"setct-CapRevReqTBSX", -"setct-CapRevResData", -"setct-CapRevResTBE", -"setct-CapTokenData", -"setct-CapTokenSeq", -"setct-CapTokenTBE", -"setct-CapTokenTBEX", -"setct-CapTokenTBS", -"setct-CardCInitResTBS", -"setct-CertInqReqTBS", -"setct-CertReqData", -"setct-CertReqTBE", -"setct-CertReqTBEX", -"setct-CertReqTBS", -"setct-CertResData", -"setct-CertResTBE", -"setct-CredReqTBE", -"setct-CredReqTBEX", -"setct-CredReqTBS", -"setct-CredReqTBSX", -"setct-CredResData", -"setct-CredResTBE", -"setct-CredRevReqTBE", -"setct-CredRevReqTBEX", -"setct-CredRevReqTBS", -"setct-CredRevReqTBSX", -"setct-CredRevResData", -"setct-CredRevResTBE", -"setct-ErrorTBS", -"setct-HODInput", -"setct-MeAqCInitResTBS", -"setct-OIData", -"setct-PANData", -"setct-PANOnly", -"setct-PANToken", -"setct-PCertReqData", -"setct-PCertResTBS", -"setct-PI", -"setct-PI-TBS", -"setct-PIData", -"setct-PIDataUnsigned", -"setct-PIDualSignedTBE", -"setct-PIUnsignedTBE", -"setct-PInitResData", -"setct-PResData", -"setct-RegFormReqTBE", -"setct-RegFormResTBS", -"setext-cv", -"setext-genCrypt", -"setext-miAuth", -"setext-pinAny", -"setext-pinSecure", -"setext-track2", -"signingTime", -"simpleSecurityObject", -"singleLevelQuality", -"snmpv2", -"street", -"subjectAltName", -"subjectDirectoryAttributes", -"subjectInfoAccess", -"subjectKeyIdentifier", -"subjectSignTool", -"subtreeMaximumQuality", -"subtreeMinimumQuality", -"supportedAlgorithms", -"supportedApplicationContext", -"targetInformation", -"telephoneNumber", -"teletexTerminalIdentifier", -"telexNumber", -"textEncodedORAddress", -"textNotice", -"timeStamping", -"title", -"tlsfeature", -"tpBasis", -"trustRoot", -"ucl", -"uid", -"uniqueMember", -"unstructuredAddress", -"unstructuredName", -"userCertificate", -"userClass", -"userPassword", -"valid", -"wap", -"wap-wsg", -"wap-wsg-idm-ecid-wtls1", -"wap-wsg-idm-ecid-wtls10", -"wap-wsg-idm-ecid-wtls11", -"wap-wsg-idm-ecid-wtls12", -"wap-wsg-idm-ecid-wtls3", -"wap-wsg-idm-ecid-wtls4", -"wap-wsg-idm-ecid-wtls5", -"wap-wsg-idm-ecid-wtls6", -"wap-wsg-idm-ecid-wtls7", -"wap-wsg-idm-ecid-wtls8", -"wap-wsg-idm-ecid-wtls9", -"whirlpool", -"x121Address", -"x500UniqueIdentifier", -"x509Certificate", -"x509Crl", -}; diff --git a/projects/openvpn/project.yaml b/projects/openvpn/project.yaml deleted file mode 100644 index ee352d920..000000000 --- a/projects/openvpn/project.yaml +++ /dev/null @@ -1,6 +0,0 @@ -homepage: "http://community.openvpn.net" -language: c -primary_contact: "arne@rfc2549.org" -main_repo: "https://github.com/OpenVPN/openvpn" -auto_ccs: - - "david@adalogics.com" diff --git a/projects/openvswitch/Dockerfile b/projects/openvswitch/Dockerfile index 65a4ea463..f7c149f86 100644 --- a/projects/openvswitch/Dockerfile +++ b/projects/openvswitch/Dockerfile @@ -17,7 +17,7 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake \ libtool python python3-pip \ - libz-dev libssl-dev libssl1.1 wget + libz-dev libssl-dev libssl1.0.0 wget RUN pip3 install six RUN git clone --depth 1 https://github.com/openvswitch/ovs.git openvswitch RUN git clone --depth 1 https://github.com/openvswitch/ovs-fuzzing-corpus.git \ diff --git a/projects/openvswitch/project.yaml b/projects/openvswitch/project.yaml index 5a25f13b0..4ee3e96a4 100644 --- a/projects/openvswitch/project.yaml +++ b/projects/openvswitch/project.yaml @@ -11,7 +11,6 @@ auto_ccs: - "ilya.maximets@gmail.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined -main_repo: 'https://github.com/openvswitch/ovs.git'
\ No newline at end of file +main_repo: 'https://github.com/openvswitch/ovs.git' diff --git a/projects/openweave/Dockerfile b/projects/openweave/Dockerfile deleted file mode 100644 index 2c940a4e7..000000000 --- a/projects/openweave/Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y python3-pip python-setuptools bridge-utils \ - libglib2.0-dev libdbus-1-dev libudev-dev \ - libical-dev libreadline-dev udev \ - libtool autoconf automake systemd -RUN pip3 install --user google-cloud googleapis-common-protos grpcio protobuf pycryptodomex -RUN cpan -i Text::Template -RUN git clone --depth 1 https://github.com/openweave/openweave-core -WORKDIR $SRC/openweave-core -COPY build.sh $SRC/ -COPY patch.diff $SRC/ diff --git a/projects/openweave/build.sh b/projects/openweave/build.sh deleted file mode 100755 index 9b366d2ba..000000000 --- a/projects/openweave/build.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -git apply --ignore-space-change --ignore-whitespace $SRC/patch.diff - -function copy_lib - { - local fuzzer_path=$1 - local lib=$2 - cp $(ldd ${fuzzer_path} | grep "${lib}" | awk '{ print $3 }') ${OUT}/lib - } - -mkdir -p $OUT/lib - -if [ "$SANITIZER" = "coverage" ] -then - # so that we do not get openssl - export CXXFLAGS="$CXXFLAGS -fsanitize=fuzzer-no-link,address" - export CFLAGS="$CFLAGS -fsanitize=fuzzer-no-link,address" -fi - -# build project -./bootstrap -# java fails with Source option 6 is no longer supported. Use 7 or later. -./configure --disable-java --enable-fuzzing --disable-shared - -# patch bluez -sed -i 's/sys\/socket.h>/sys\/socket.h>\n#include <linux\/sockios.h>/g' ./third_party/bluez/repo/tools/l2test.c -sed -i 's/sys\/stat.h>/sys\/stat.h>\n#include <linux\/sockios.h>/g' ./third_party/bluez/repo/tools/rctest.c - -# OpenSSL now declares RAND_bytes so we must patch -find ./src/test-apps/fuzz/ -name "FuzzP*.cpp" -exec sed -i 's/RAND_bytes/RAND_bytes2/g' {} \; - -make -j$(nproc) - -find src/test-apps/fuzz/ -type f -executable -name "Fuzz*" | while read i; do - patchelf --set-rpath '$ORIGIN/lib' ${i} - copy_lib ${i} libglib - copy_lib ${i} libdbus - cp ${i} $OUT/ -done - -# build corpus -ls $SRC/openweave-core/src/test-apps/fuzz/corpus/ | while read f; do - zip -j $OUT/${f}_seed_corpus.zip $SRC/openweave-core/src/test-apps/fuzz/corpus/${f}/*; -done - -cd $OUT/ -ls *_seed_corpus.zip | grep PASE | while read c; do - cp $c Fuzz$c; -done - diff --git a/projects/openweave/patch.diff b/projects/openweave/patch.diff deleted file mode 100644 index c1ce5201a..000000000 --- a/projects/openweave/patch.diff +++ /dev/null @@ -1,48 +0,0 @@ -diff --git a/src/lib/support/crypto/WeaveRNG-OpenSSL.cpp b/src/lib/support/crypto/WeaveRNG-OpenSSL.cpp -index 7a6cb42..c05caae 100644 ---- a/src/lib/support/crypto/WeaveRNG-OpenSSL.cpp -+++ b/src/lib/support/crypto/WeaveRNG-OpenSSL.cpp -@@ -53,8 +53,9 @@ WEAVE_ERROR InitSecureRandomDataSource(nl::Weave::Crypto::EntropyFunct entropyFu - - WEAVE_ERROR GetSecureRandomData(uint8_t *buf, uint16_t len) - { -- if (RAND_bytes((unsigned char *)buf, (int)len) != 1) -- return WEAVE_ERROR_RANDOM_DATA_UNAVAILABLE; -+ //if (RAND_bytes((unsigned char *)buf, (int)len) != 1) -+ // return WEAVE_ERROR_RANDOM_DATA_UNAVAILABLE; -+ memset((unsigned char *)buf, 'A', (int)len); - - return WEAVE_NO_ERROR; - } -diff --git a/src/tools/weave/CertUtils.cpp b/src/tools/weave/CertUtils.cpp -index 2bd8097..a1dce36 100644 ---- a/src/tools/weave/CertUtils.cpp -+++ b/src/tools/weave/CertUtils.cpp -@@ -695,8 +695,9 @@ bool SetCertSerialNumber(X509 *cert) - ASN1_INTEGER *snInt = X509_get_serialNumber(cert); - - // Generate a random value to be used as the serial number. -- if (!RAND_bytes(reinterpret_cast<uint8_t *>(&rnd), sizeof(rnd))) -- ReportOpenSSLErrorAndExit("RAND_bytes", res = false); -+ //if (!RAND_bytes(reinterpret_cast<uint8_t *>(&rnd), sizeof(rnd))) -+ // ReportOpenSSLErrorAndExit("RAND_bytes", res = false); -+ memset(reinterpret_cast<uint8_t *>(&rnd), 'A', sizeof(rnd)); - - // Avoid negative numbers. - rnd &= 0x7FFFFFFFFFFFFFFF; -diff --git a/src/tools/weave/Cmd_GenProvisioningData.cpp b/src/tools/weave/Cmd_GenProvisioningData.cpp -index 85ca2e2..bd5c18b 100644 ---- a/src/tools/weave/Cmd_GenProvisioningData.cpp -+++ b/src/tools/weave/Cmd_GenProvisioningData.cpp -@@ -543,8 +543,9 @@ char *GeneratePairingCode(uint32_t pairingCodeLen) - } - - // Generate random data for the pairing code, excluding the check digit at the end. -- if (!RAND_bytes((uint8_t *)pairingCode, pairingCodeLen - 1)) -- ReportOpenSSLErrorAndExit("Failed to get random data", pairingCode = NULL); -+ //if (!RAND_bytes((uint8_t *)pairingCode, pairingCodeLen - 1)) -+ // ReportOpenSSLErrorAndExit("Failed to get random data", pairingCode = NULL); -+ memset((uint8_t *)pairingCode, 'A', pairingCodeLen - 1); - - // Convert the random data to characters in the range 0-9, A-H, J-N, P, R-Y (base-32 alphanumeric, excluding I, O, Q and Z). - for (uint32_t i = 0; i < pairingCodeLen - 1; i++) diff --git a/projects/openweave/project.yaml b/projects/openweave/project.yaml deleted file mode 100644 index 93a53b0d7..000000000 --- a/projects/openweave/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://openweave.io" -language: c++ -primary_contact: "szewczyk@google.com" -auto_ccs: - - "p.antoine@catenacyber.fr" -fuzzing_engines: - - libfuzzer -sanitizers: - - address -main_repo: 'https://github.com/openweave/openweave-core' diff --git a/projects/osquery/Dockerfile b/projects/osquery/Dockerfile index dc8a7156d..c1c8ff513 100755 --- a/projects/osquery/Dockerfile +++ b/projects/osquery/Dockerfile @@ -16,7 +16,7 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update -RUN apt-get install -y --no-install-recommends python python3 bison flex make wget xz-utils libunwind-dev lsb-release build-essential libssl-dev +RUN apt-get install -y --no-install-recommends python python3 bison flex make wget xz-utils libunwind-dev RUN git clone --depth 1 https://github.com/osquery/osquery osquery diff --git a/projects/osquery/build.sh b/projects/osquery/build.sh index 936301156..6b4ae9b80 100755 --- a/projects/osquery/build.sh +++ b/projects/osquery/build.sh @@ -17,9 +17,6 @@ PROJECT=osquery -# Ensure xlocale.h is found. -ln -s /usr/include/locale.h /usr/include/xlocale.h - # Move the project content into the current overlay. # CMake builtin 'rename' will attempt a hardlink. ( cd / &&\ @@ -42,10 +39,6 @@ cmake \ "-DCMAKE_EXE_LINKER_FLAGS=${LIB_FUZZING_ENGINE} -Wl,-rpath,'\$ORIGIN/lib'" \ .. -# Fix circular definitions -# See: https://github.com/osquery/osquery/issues/6551 -sed -i 's/AUDIT_FILTER_EXCLUDE/AUDIT_FILTER_EXCLUDE1/g' /src/osquery/libraries/cmake/source/libaudit/src/lib/libaudit.h - # Build harnesses cmake --build . -j$(nproc) --target osqueryfuzz-config cmake --build . -j$(nproc) --target osqueryfuzz-sqlquery diff --git a/projects/ots/project.yaml b/projects/ots/project.yaml index b2d1d7677..559eed3ef 100644 --- a/projects/ots/project.yaml +++ b/projects/ots/project.yaml @@ -12,6 +12,7 @@ fuzzing_engines: - libfuzzer - afl - honggfuzz + - dataflow sanitizers: - address - undefined diff --git a/projects/p11-kit/Dockerfile b/projects/p11-kit/Dockerfile index d3636ecf8..5ae785811 100644 --- a/projects/p11-kit/Dockerfile +++ b/projects/p11-kit/Dockerfile @@ -15,7 +15,9 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake libtool pkg-config libtasn1-6-dev libffi-dev gettext autopoint +RUN apt-get update && apt-get install -y make autoconf automake libtool pkg-config libtasn1-6-dev libffi-dev +RUN echo deb http://archive.ubuntu.com/ubuntu/ bionic main >> /etc/apt/sources.list +RUN apt-get update && apt-get install -y -t bionic gettext autopoint RUN git clone --depth 1 https://github.com/p11-glue/p11-kit.git p11-kit WORKDIR p11-kit COPY build.sh $SRC/ diff --git a/projects/p9/Dockerfile b/projects/p9/Dockerfile index 05163263d..fbbe65a46 100644 --- a/projects/p9/Dockerfile +++ b/projects/p9/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder MAINTAINER s@sevki.org RUN go get -v -u github.com/hugelgupf/p9/... diff --git a/projects/perfetto/project.yaml b/projects/perfetto/project.yaml index 97c517562..898419312 100644 --- a/projects/perfetto/project.yaml +++ b/projects/perfetto/project.yaml @@ -1,26 +1,21 @@ homepage: "https://perfetto.dev" language: c++ -primary_contact: "hjd@google.com" +primary_contact: "fmayer@google.com" auto_ccs: - "hjd@google.com" - "lalitm@google.com" - - "octaviant@google.com" - "perfetto-oss-fuzz@google.com" - "primiano@google.com" - "rsavitski@google.com" - "eseckler@google.com" - - "altimin@google.com" - - "ddiproietto@google.com" vendor_ccs: - bcreasey@google.com - hamzeh@google.com - geuteneier@google.com + - hollyhall@google.com + - mikelogan@google.com - maverickm@google.com - warrenwright@google.com - - ailport@google.com - - kimtony@google.com - - faerber@google.com - - greendonald@google.com fuzzing_engines: - libfuzzer - honggfuzz diff --git a/projects/pffft/Dockerfile b/projects/pffft/Dockerfile index f0faf12f4..944245900 100644 --- a/projects/pffft/Dockerfile +++ b/projects/pffft/Dockerfile @@ -15,7 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y mercurial python-numpy python +RUN apt-get update && apt-get install -y mercurial python-numpy RUN git clone https://bitbucket.org/jpommier/pffft $SRC/pffft WORKDIR pffft COPY build.sh $SRC diff --git a/projects/phmap/Dockerfile b/projects/phmap/Dockerfile deleted file mode 100755 index e32199aa9..000000000 --- a/projects/phmap/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN git clone https://github.com/greg7mdp/parallel-hashmap - -WORKDIR $SRC/parallel-hashmap -COPY build.sh $SRC/ -COPY phashmap_fuzz.cc $SRC/ diff --git a/projects/phmap/build.sh b/projects/phmap/build.sh deleted file mode 100755 index ac7cb32d3..000000000 --- a/projects/phmap/build.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - - -$CXX $CXXFLAGS $LIB_FUZZING_ENGINE $SRC/phashmap_fuzz.cc -I./ -o $OUT/phashmap_fuzz diff --git a/projects/phmap/phashmap_fuzz.cc b/projects/phmap/phashmap_fuzz.cc deleted file mode 100644 index d7530d425..000000000 --- a/projects/phmap/phashmap_fuzz.cc +++ /dev/null @@ -1,66 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include <iostream> -#include <bitset> -#include <cinttypes> -#include <unistd.h> -#include "parallel_hashmap/phmap_dump.h" -#include <fuzzer/FuzzedDataProvider.h> - -using phmap::flat_hash_map; -using namespace std; - -void serialise_test(const uint8_t *data, size_t size) { - phmap::flat_hash_map<unsigned int, int> table; - FuzzedDataProvider fuzzed_data(data, size); - const int num_items = fuzzed_data.ConsumeIntegral<int16_t>(); - - for (int i=0; i < num_items; ++i) { - table.insert(typename phmap::flat_hash_map<unsigned int, int>::value_type( - fuzzed_data.ConsumeIntegral<uint32_t>(), - fuzzed_data.ConsumeIntegral<int32_t>())); - } - - phmap::BinaryOutputArchive ar_out("/dump.data"); - table.dump(ar_out); - - //MapType table_in; - phmap::flat_hash_map<unsigned int, int> table_in; - phmap::BinaryInputArchive ar_in("/dump.data"); - table_in.load(ar_in); - - if(table == table_in) { - unlink("/dump.data"); - return; - } - unlink("/dump.data"); -} - -void -test_assignments(const uint8_t *data, size_t size) { - phmap::flat_hash_map<std::string, std::string> email; - FuzzedDataProvider fuzzed_data(data, size); - const int num_items = fuzzed_data.ConsumeIntegral<int16_t>(); - for (int i=0; i < num_items; ++i) { - phmap::flat_hash_map<std::string, std::string>::value_type( - fuzzed_data.ConsumeRandomLengthString(), - fuzzed_data.ConsumeRandomLengthString()); - } - // Iterate through all of the items. - for (const auto& n: email) {} -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - serialise_test(data, size); - test_assignments(data, size); - return 0; -} diff --git a/projects/phmap/project.yaml b/projects/phmap/project.yaml deleted file mode 100755 index 614a5cf14..000000000 --- a/projects/phmap/project.yaml +++ /dev/null @@ -1,6 +0,0 @@ -homepage: "https://github.com/greg7mdp/parallel-hashmap" -main_repo: 'https://github.com/greg7mdp/parallel-hashmap' -primary_contact: "greg7mdp@gmail.com" -language: c++ -auto_ccs : - - "david@adalogics.com" diff --git a/projects/php/Dockerfile b/projects/php/Dockerfile index eaae4fd4b..a2cb115e1 100644 --- a/projects/php/Dockerfile +++ b/projects/php/Dockerfile @@ -18,5 +18,6 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && \ apt-get install -y autoconf automake libtool bison re2c pkg-config RUN git clone --depth 1 --branch master https://github.com/php/php-src.git php-src +RUN git clone https://github.com/kkos/oniguruma.git php-src/oniguruma WORKDIR php-src COPY build.sh *.options $SRC/ diff --git a/projects/php/build.sh b/projects/php/build.sh index 18a861f91..fbef4895c 100755 --- a/projects/php/build.sh +++ b/projects/php/build.sh @@ -15,28 +15,28 @@ # ################################################################################ +# build oniguruma and link statically +pushd oniguruma +autoreconf -vfi +./configure +make -j$(nproc) +popd +export ONIG_CFLAGS="-I$PWD/oniguruma/src" +export ONIG_LIBS="-L$PWD/oniguruma/src/.libs -l:libonig.a" + # PHP's zend_function union is incompatible with the object-size sanitizer export CFLAGS="$CFLAGS -fno-sanitize=object-size" export CXXFLAGS="$CXXFLAGS -fno-sanitize=object-size" -# Disable JIT profitability checks. -export CFLAGS="$CFLAGS -DPROFITABILITY_CHECKS=0" - -# Make sure the right assembly files are picked -BUILD_FLAG="" -if [ "$ARCHITECTURE" = "i386" ]; then - BUILD_FLAG="--build=i686-pc-linux-gnu" -fi - # build project ./buildconf -./configure $BUILD_FLAG \ +./configure \ --disable-all \ --enable-debug-assertions \ --enable-option-checking=fatal \ --enable-fuzzer \ --enable-exif \ - --enable-opcache \ + --enable-mbstring \ --without-pcre-jit \ --disable-phpdbg \ --disable-cgi \ @@ -53,6 +53,7 @@ cp sapi/fuzzer/json.dict $OUT/php-fuzz-json.dict FUZZERS="php-fuzz-json php-fuzz-exif +php-fuzz-mbstring php-fuzz-unserialize php-fuzz-unserializehash php-fuzz-parser @@ -60,19 +61,6 @@ php-fuzz-execute" for fuzzerName in $FUZZERS; do cp sapi/fuzzer/$fuzzerName $OUT/ done - -# The JIT fuzzer is fundamentally incompatible with memory sanitizer, -# as that would require the JIT to emit msan instrumentation itself. -# In practice it is currently also incompatible with ubsan. -if [ "$SANITIZER" != "memory" ] && [ "$SANITIZER" != "undefined" ]; then - cp sapi/fuzzer/php-fuzz-function-jit $OUT/ - cp sapi/fuzzer/php-fuzz-tracing-jit $OUT/ - - # Copy opcache.so extension, which does not support static linking. - mkdir -p $OUT/modules - cp modules/opcache.so $OUT/modules -fi - # copy corpora from source for fuzzerName in `ls sapi/fuzzer/corpus`; do zip -j $OUT/php-fuzz-${fuzzerName}_seed_corpus.zip sapi/fuzzer/corpus/${fuzzerName}/* diff --git a/projects/pidgin/Dockerfile b/projects/pidgin/Dockerfile deleted file mode 100644 index aa93e960d..000000000 --- a/projects/pidgin/Dockerfile +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && \ - apt-get install -y --no-install-recommends \ - make autoconf automake libtool pkg-config \ - zlib1g-dev zlib1g-dev:i386 liblzma-dev liblzma-dev:i386 \ - wget intltool sasl2-bin python3-pip -RUN pip3 install -U meson ninja - -RUN git clone --depth 1 https://gitlab.gnome.org/GNOME/glib -RUN git clone --depth 1 https://gitlab.gnome.org/GNOME/libxml2.git -RUN wget https://sourceforge.net/projects/pidgin/files/Pidgin/2.14.5/pidgin-2.14.5.tar.bz2 -RUN wget ftp://sourceware.org/pub/libffi/libffi-3.2.1.tar.gz - -RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus -RUN git clone --depth 1 https://github.com/google/fuzzing - -WORKDIR $SRC - -COPY build.sh \ - pidgin_xml_fuzzer.c \ - pidgin_utils_fuzzer.c \ - $SRC/ diff --git a/projects/pidgin/build.sh b/projects/pidgin/build.sh deleted file mode 100644 index 33bcf367e..000000000 --- a/projects/pidgin/build.sh +++ /dev/null @@ -1,127 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Place to keep dependencies for static linking -DEPS=/deps -mkdir ${DEPS} - - -# Build libffi -cd $SRC -tar xvfz libffi-3.2.1.tar.gz -cd libffi-3.2.1 -./configure --disable-shared -make -j$(nproc) -export LIBFFI_LIBS="-L/src/libffi-3.2.1 libraries/ -lffi" -cp ./x86_64-unknown-linux-gnu/.libs/libffi.a ${DEPS}/ - - -# Build libxml2 -cd $SRC/libxml2 -./autogen.sh \ - --disable-shared \ - --without-debug \ - --without-ftp \ - --without-http \ - --without-legacy \ - --without-python -make -j$(nproc) -make install -cp .libs/libxml2.a ${DEPS}/ - - -# Build glib -cd $SRC/glib -GLIB_BUILD=$WORK/meson -rm -rf $GLIB_BUILD -mkdir $GLIB_BUILD -meson $GLIB_BUILD \ - -Db_lundef=false \ - -Ddefault_library=static \ - -Dlibmount=disabled -ninja -C $GLIB_BUILD -ninja -C $GLIB_BUILD install - -cp ${GLIB_BUILD}/gobject/libgobject-2.0.a ${DEPS}/ -cp ${GLIB_BUILD}/gmodule/libgmodule-2.0.a ${DEPS}/ -cp ${GLIB_BUILD}/glib/libglib-2.0.a ${DEPS}/ - - -# Build Pidgin -cd $SRC -tar -xf pidgin-2.14.5.tar.bz2 -mv pidgin-2.14.5 pidgin -cd pidgin -./configure --disable-consoleui \ - --disable-shared \ - --disable-screensaver \ - --disable-sm \ - --disable-gtkspell \ - --disable-gevolution \ - --enable-gnutls=no \ - --disable-gstreamer \ - --disable-vv \ - --disable-idn \ - --disable-meanwhile \ - --disable-avahi \ - --disable-dbus \ - --disable-perl \ - --disable-tcl \ - --disable-cyrus-sasl \ - --disable-gtkui \ - --enable-nss=no -make -j$(nproc) - - -# Build fuzzers -readonly FUZZERS=( \ - pidgin_xml_fuzzer - pidgin_utils_fuzzer -) - -cd libpurple -cp $SRC/*fuzzer.c . - -for fuzzer in "${FUZZERS[@]}"; do - $CC $CFLAGS -DHAVE_CONFIG_H \ - -I. \ - -I.. \ - -I${SRC}/glib \ - -I${SRC}/glib/glib \ - -I${SRC}/glib/gmodule \ - -I${GLIB_BUILD} \ - -I${GLIB_BUILD}/glib \ - -I/usr/lib/x86_64-linux-gnu/glib-2.0/include \ - -I/src/pidgin/libpurple/protocols/jabber \ - -I/usr/local/include/libxml2 \ - -c $fuzzer.c \ - -o $fuzzer.o - - $CC $CXXFLAGS $LIB_FUZZING_ENGINE $fuzzer.o \ - -o $OUT/$fuzzer \ - /src/pidgin/libpurple/protocols/jabber/.libs/libjabber.a \ - ./.libs/libpurple.a \ - ${DEPS}/libxml2.a \ - ${DEPS}/libgobject-2.0.a \ - ${DEPS}/libgmodule-2.0.a \ - ${DEPS}/libglib-2.0.a \ - ${DEPS}/libffi.a \ - -lresolv -lz -llzma -done - -zip $OUT/pidgin_xml_fuzzer_seed_corpus.zip $SRC/go-fuzz-corpus/xml/corpus/* -cp $SRC/fuzzing/dictionaries/xml.dict $OUT/pidgin_xml_fuzzer.dict diff --git a/projects/pidgin/pidgin_utils_fuzzer.c b/projects/pidgin/pidgin_utils_fuzzer.c deleted file mode 100644 index ce386bb77..000000000 --- a/projects/pidgin/pidgin_utils_fuzzer.c +++ /dev/null @@ -1,78 +0,0 @@ -/* -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -*/ - -#include <stdint.h> -#include <stdlib.h> -#include <string.h> - -#include "util.h" - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - char *nstr = (char *)malloc(size + 1); - if (nstr == NULL) { - return 0; - } - memcpy(nstr, data, size); - nstr[size] = '\0'; - - guchar *tmp = NULL; - gsize retlen; - - if (size % 2 == 0 && strlen(nstr) > 0) { - tmp = purple_base16_decode(nstr, &retlen); - if (tmp != NULL) { - g_free(tmp); - } - } - - tmp = NULL; - tmp = purple_quotedp_decode(nstr, &retlen); - if (tmp != NULL) { - g_free(tmp); - } - - char *tmp2 = NULL; - tmp2 = purple_mime_decode_field(nstr); - if (tmp2 != NULL) { - free(tmp2); - } - - purple_str_to_time(nstr, TRUE, NULL, NULL, NULL); - - gchar *xhtml = NULL; - gchar *plaintext = NULL; - purple_markup_html_to_xhtml(nstr, &xhtml, &plaintext); - - if (xhtml != NULL) { - g_free(xhtml); - } - - if (plaintext != NULL) { - g_free(plaintext); - } - - char *tmp3 = purple_markup_strip_html(nstr); - if (tmp3 != NULL) { - free(tmp3); - } - - purple_markup_is_rtl(nstr); - - free(nstr); - return 0; -} diff --git a/projects/pidgin/pidgin_xml_fuzzer.c b/projects/pidgin/pidgin_xml_fuzzer.c deleted file mode 100644 index a91034a5e..000000000 --- a/projects/pidgin/pidgin_xml_fuzzer.c +++ /dev/null @@ -1,55 +0,0 @@ -/* -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -*/ - -#include <stdint.h> -#include <stdlib.h> -#include <string.h> - -#include "xmlnode.h" -#include "caps.h" - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - char *malicious_xml = (char *)malloc(size + 1); - if (malicious_xml == NULL) { - return 0; - } - memcpy(malicious_xml, data, size); - malicious_xml[size] = '\0'; - - xmlnode *isc = xmlnode_from_str(malicious_xml, size+1); - if (isc != NULL) { - xmlnode_set_attrib(isc, "name", "query"); - - // Parse Jabber caps - JabberCapsClientInfo *info = jabber_caps_parse_client_info(isc); - gchar *got_hash = jabber_caps_calculate_hash(info, ("sha1")); - - // Insert a child - xmlnode *child = xmlnode_new_child(isc, "query"); - xmlnode_insert_child(isc, child); - - // Get data - char *retrieved_data = xmlnode_get_data(isc); - char *retrieved_data_unescaped = xmlnode_get_data_unescaped(isc); - - xmlnode_free(isc); - } - - free(malicious_xml); - return 0; -}
\ No newline at end of file diff --git a/projects/pidgin/project.yaml b/projects/pidgin/project.yaml index 6756a8cc7..d94a2688d 100644 --- a/projects/pidgin/project.yaml +++ b/projects/pidgin/project.yaml @@ -1,7 +1,2 @@ homepage: "https://www.pidgin.im/" primary_contact: "gary.kramlich@gmail.com" -language: c -auto_ccs: - - "quantum.analyst@gmail.com" - - "rekkanoryo.guifications@gmail.com" -main_repo: 'https://sourceforge.net/projects/pidgin/files/Pidgin/2.14.4/pidgin-2.14.4.tar.bz2' diff --git a/projects/pillow/Dockerfile b/projects/pillow/Dockerfile index fc4b30653..ab9089553 100644 --- a/projects/pillow/Dockerfile +++ b/projects/pillow/Dockerfile @@ -14,20 +14,32 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-python +FROM gcr.io/oss-fuzz-base/base-builder +RUN git clone --depth 1 https://github.com/google/fuzzing +RUN cat fuzzing/dictionaries/bmp.dict \ + fuzzing/dictionaries/dds.dict \ + fuzzing/dictionaries/gif.dict \ + fuzzing/dictionaries/icns.dict \ + fuzzing/dictionaries/jpeg.dict \ + fuzzing/dictionaries/jpeg2000.dict \ + fuzzing/dictionaries/pbm.dict \ + fuzzing/dictionaries/png.dict \ + fuzzing/dictionaries/psd.dict \ + fuzzing/dictionaries/tiff.dict \ + fuzzing/dictionaries/webp.dict \ + > $OUT/fuzz_pillow.dict # library build dependencies RUN apt-get update && \ apt-get install -y \ libxau-dev \ pkg-config \ - rsync + rsync \ + zlib1g-dev RUN git clone --depth 1 https://github.com/python-pillow/Pillow RUN git clone --depth 1 https://github.com/python-pillow/pillow-wheels -RUN $SRC/Pillow/Tests/oss-fuzz/build_dictionaries.sh - COPY build_depends.sh $SRC RUN ln -s /usr/local/bin/python3 /usr/local/bin/python \ @@ -46,6 +58,6 @@ COPY build.sh $SRC/ RUN apt-get install -y \ python3-tk \ tcl8.6-dev \ - tk8.6-dev + tk8.6-dev WORKDIR $SRC/Pillow diff --git a/projects/pillow/build.sh b/projects/pillow/build.sh index 4656c7cab..e7dac3463 100644 --- a/projects/pillow/build.sh +++ b/projects/pillow/build.sh @@ -15,4 +15,33 @@ # ################################################################################ -./Tests/oss-fuzz/build.sh +python3 setup.py build --build-base=/tmp/build install + +# Build fuzzers in $OUT. +for fuzzer in $(find $SRC -name 'fuzz_*.py'); do + fuzzer_basename=$(basename -s .py $fuzzer) + fuzzer_package=${fuzzer_basename}.pkg + pyinstaller \ + --add-binary /usr/local/lib/libjpeg.so.9:. \ + --add-binary /usr/local/lib/libfreetype.so.6:. \ + --add-binary /usr/local/lib/liblcms2.so.2:. \ + --add-binary /usr/local/lib/libopenjp2.so.7:. \ + --add-binary /usr/local/lib/libpng16.so.16:. \ + --add-binary /usr/local/lib/libtiff.so.5:. \ + --add-binary /usr/local/lib/libwebp.so.7:. \ + --add-binary /usr/local/lib/libwebpdemux.so.2:. \ + --add-binary /usr/local/lib/libwebpmux.so.3:. \ + --add-binary /usr/local/lib/libxcb.so.1:. \ + --distpath $OUT --onefile --name $fuzzer_package $fuzzer + + # Create execution wrapper. + echo "#!/bin/sh +# LLVMFuzzerTestOneInput for fuzzer detection. +this_dir=\$(dirname \"\$0\") +LD_PRELOAD=\$this_dir/sanitizer_with_fuzzer.so \ +ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \ +\$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename + chmod u+x $OUT/$fuzzer_basename +done + +find Tests/images Tests/icc Tests/fonts -print | zip -q $OUT/fuzz_pillow_seed_corpus.zip -@ diff --git a/projects/pistache/Dockerfile b/projects/pistache/Dockerfile deleted file mode 100644 index 7071af9a5..000000000 --- a/projects/pistache/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake libtool -RUN pip3 install meson==0.53.0 ninja -RUN git clone --depth 1 https://github.com/pistacheio/pistache pistache -WORKDIR pistache -COPY build.sh $SRC/ diff --git a/projects/pistache/build.sh b/projects/pistache/build.sh deleted file mode 100755 index ea8fd177e..000000000 --- a/projects/pistache/build.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -mkdir build && cd build -meson --default-library=static ../ -ninja -$CXX $CXXFLAGS $LIB_FUZZING_ENGINE -o $OUT/fuzz_parsers \ - -std=c++17 -I../include/ ../tests/fuzzers/fuzz_parser.cpp ./src/libpistache.a diff --git a/projects/pistache/project.yaml b/projects/pistache/project.yaml deleted file mode 100644 index 8da315c3a..000000000 --- a/projects/pistache/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "http://pistache.io" -language: c++ -primary_contact: "kip@thevertigo.com" -main_repo: "https://github.com/pistacheio/pistache" -auto_ccs: - - "dennis.jenkins.75@gmail.com" - - "andrea@pappacoda.it" - - "hyperxor@protonmail.com" - - "auquetal@gmail.com" - - "david@adalogics.com" diff --git a/projects/poco/Dockerfile b/projects/poco/Dockerfile deleted file mode 100644 index c9f0b2f1a..000000000 --- a/projects/poco/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y openssl libssl-dev git make cmake libssl-dev -RUN git clone --depth 1 -b poco-1.11.0 https://github.com/pocoproject/poco -WORKDIR $SRC/poco -COPY build.sh \ - json_parse_fuzzer.cc \ - $SRC/ diff --git a/projects/poco/build.sh b/projects/poco/build.sh deleted file mode 100755 index 6d0d79268..000000000 --- a/projects/poco/build.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -mkdir cmake-build -cd cmake-build -cmake -DBUILD_SHARED_LIBS=OFF \ - -DENABLE_TESTS=OFF \ - .. -make -j$(nproc) - -$CXX $CXXFLAGS -DPOCO_ENABLE_CPP11 -DPOCO_ENABLE_CPP14 \ - -DPOCO_HAVE_FD_EPOLL -DPOCO_OS_FAMILY_UNIX \ - -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE \ - -D_REENTRANT -D_THREAD_SAFE -D_XOPEN_SOURCE=500 \ - -I/src/poco/JSON/include \ - -I/src/poco/Foundation/include \ - -O2 -g -DNDEBUG -std=gnu++14 \ - -o json_fuzzer.o -c $SRC/json_parse_fuzzer.cc - -$CXX $CXXFLAGS $LIB_FUZZING_ENGINE json_fuzzer.o \ - ./lib/libPocoJSON.a \ - ./lib/libPocoFoundation.a \ - -o $OUT/json_parser_fuzzer -lpthread -ldl -lrt diff --git a/projects/poco/json_parse_fuzzer.cc b/projects/poco/json_parse_fuzzer.cc deleted file mode 100644 index e03ff2fa9..000000000 --- a/projects/poco/json_parse_fuzzer.cc +++ /dev/null @@ -1,30 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include "Poco/JSON/JSON.h" -#include "Poco/JSON/Parser.h" -#include "Poco/JSON/ParserImpl.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - std::string json(reinterpret_cast<const char *>(data), size); - Poco::JSON::Parser parser; - - Poco::Dynamic::Var result; - try { - result = parser.parse(json); - } catch (Poco::Exception &e) { - return 0; - } catch (const std::exception &e) { - return 0; - } - return 0; -} diff --git a/projects/poco/project.yaml b/projects/poco/project.yaml deleted file mode 100644 index 79e07d7d5..000000000 --- a/projects/poco/project.yaml +++ /dev/null @@ -1,11 +0,0 @@ -homepage: "https://github.com/pocoproject/poco" -main_repo: "https://github.com/pocoproject/poco" -language: c++ -primary_contact: "guenter@pocoproject.org" -auto_ccs: - - "Adam@adalogics.com" - - "alex@pocoproject.org" -sanitizers: - - address - - undefined - - memory diff --git a/projects/poppler/Dockerfile b/projects/poppler/Dockerfile index dd7160d65..c1b0355cf 100644 --- a/projects/poppler/Dockerfile +++ b/projects/poppler/Dockerfile @@ -26,10 +26,10 @@ RUN git clone --depth 1 https://github.com/glennrp/libpng.git RUN git clone --depth 1 https://gitlab.freedesktop.org/fontconfig/fontconfig.git RUN git clone --depth 1 https://gitlab.freedesktop.org/cairo/cairo.git RUN git clone --depth 1 --branch=5.15 git://code.qt.io/qt/qtbase.git -RUN git clone --depth 1 https://gitlab.gnome.org/GNOME/pango.git -ADD https://ftp.gnome.org/pub/gnome/sources/glib/2.70/glib-2.70.0.tar.xz $SRC -RUN tar xvJf $SRC/glib-2.70.0.tar.xz -RUN wget https://boostorg.jfrog.io/artifactory/main/release/1.76.0/source/boost_1_76_0.tar.bz2 +ADD http://ftp.gnome.org/pub/gnome/sources/pango/1.48/pango-1.48.0.tar.xz $SRC +RUN tar xvJf $SRC/pango-1.48.0.tar.xz +ADD https://ftp.gnome.org/pub/gnome/sources/glib/2.64/glib-2.64.2.tar.xz $SRC +RUN tar xvJf $SRC/glib-2.64.2.tar.xz RUN git clone --depth 1 --single-branch https://gitlab.freedesktop.org/poppler/poppler.git RUN git clone --depth 1 https://github.com/mozilla/pdf.js pdf.js && \ diff --git a/projects/poppler/build.sh b/projects/poppler/build.sh index 02915b70d..23692dd5b 100755 --- a/projects/poppler/build.sh +++ b/projects/poppler/build.sh @@ -27,14 +27,6 @@ rm -rf $WORK/* rm -rf $BUILD mkdir -p $BUILD -# Install Boost headers -cd $SRC/ -tar jxf boost_1_76_0.tar.bz2 -cd boost_1_76_0/ -CFLAGS="" CXXFLAGS="" ./bootstrap.sh -CFLAGS="" CXXFLAGS="" ./b2 headers -cp -R boost/ /usr/include/ - pushd $SRC/zlib CFLAGS=-fPIC ./configure --static --prefix=$PREFIX make install -j$(nproc) @@ -46,7 +38,7 @@ make -j$(nproc) make install pushd $SRC/Little-CMS -./autogen.sh --prefix="$PREFIX" --disable-shared PKG_CONFIG_PATH="$PKG_CONFIG_PATH" +./configure --prefix="$PREFIX" --disable-shared PKG_CONFIG_PATH="$PKG_CONFIG_PATH" make -j$(nproc) make install @@ -67,7 +59,7 @@ if [ "$SANITIZER" != "memory" ]; then ninja -C _builddir install popd - pushd $SRC/glib-2.70.0 + pushd $SRC/glib-2.64.2 meson \ --prefix=$PREFIX \ --libdir=lib \ @@ -97,7 +89,7 @@ if [ "$SANITIZER" != "memory" ]; then ninja -C _builddir install popd - pushd $SRC/pango + pushd $SRC/pango-1.48.0 meson \ -Ddefault_library=static \ --prefix=$PREFIX \ diff --git a/projects/poppler/project.yaml b/projects/poppler/project.yaml index bb1ae170c..c12379633 100644 --- a/projects/poppler/project.yaml +++ b/projects/poppler/project.yaml @@ -3,10 +3,9 @@ language: c++ primary_contact: tsdgeos@gmail.com sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined auto_ccs: - jonathan@titanous.com - adam.reichold@t-online.de -main_repo: 'https://anongit.freedesktop.org/git/poppler/poppler.git'
\ No newline at end of file +main_repo: 'https://anongit.freedesktop.org/git/poppler/poppler.git' diff --git a/projects/postgis/Dockerfile b/projects/postgis/Dockerfile index 2c55c5497..67b7a6969 100644 --- a/projects/postgis/Dockerfile +++ b/projects/postgis/Dockerfile @@ -15,7 +15,8 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake libtool g++ postgresql-server-dev-12 libgeos-dev libproj-dev libxml2-dev pkg-config libjson-c-dev +RUN echo deb http://archive.ubuntu.com/ubuntu/ bionic main restricted universe multiverse >> /etc/apt/sources.list +RUN apt-get update && apt-get install -y make autoconf automake libtool g++ postgresql-server-dev-10 libgeos-dev libproj-dev libxml2-dev pkg-config libjson-c-dev RUN git clone --depth 1 https://git.osgeo.org/gitea/postgis/postgis.git postgis WORKDIR postgis COPY build.sh $SRC/ diff --git a/projects/postgresql/add_fuzzers.diff b/projects/postgresql/add_fuzzers.diff index 5674bc34d..86b106c22 100644 --- a/projects/postgresql/add_fuzzers.diff +++ b/projects/postgresql/add_fuzzers.diff @@ -1,27 +1,25 @@ diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c -index 0775abe35d..f53b3580b3 100644 +index cb5a96117f..c9b4880085 100644 --- a/src/backend/tcop/postgres.c +++ b/src/backend/tcop/postgres.c -@@ -105,6 +105,11 @@ int PostAuthDelay = 0; - /* Time between checks that the client is still connected. */ - int client_connection_check_interval = 0; +@@ -102,6 +102,9 @@ int max_stack_depth = 100; + /* wait N seconds to allow attach from a debugger */ + int PostAuthDelay = 0; +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION +bool fuzzer_first_run = true; +#endif -+ -+ + + /* ---------------- - * private typedefs etc - * ---------------- -@@ -471,11 +476,14 @@ static int - ReadCommand(StringInfo inBuf) +@@ -507,10 +510,15 @@ ReadCommand(StringInfo inBuf) { int result; -- + +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -+ result = SocketBackend(inBuf); ++ result = SocketBackend(inBuf); +#else ++ if (whereToSendOutput == DestRemote) result = SocketBackend(inBuf); else @@ -30,19 +28,19 @@ index 0775abe35d..f53b3580b3 100644 return result; } -@@ -4021,6 +4029,11 @@ PostgresMain(const char *dbname, const char *username) +@@ -3846,6 +3854,11 @@ PostgresMain(int argc, char *argv[], bool idle_in_transaction_timeout_enabled = false; bool idle_session_timeout_enabled = false; +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -+ if(fuzzer_first_run) -+ { ++ if(fuzzer_first_run) ++ { +#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */ + - AssertArg(dbname != NULL); - AssertArg(username != NULL); - -@@ -4312,6 +4325,11 @@ PostgresMain(const char *dbname, const char *username) + /* Initialize startup process environment if necessary. */ + if (!IsUnderPostmaster) + InitStandaloneProcess(argv[0]); +@@ -4207,6 +4220,11 @@ PostgresMain(int argc, char *argv[], if (!ignore_till_sync) send_ready_for_query = true; /* initially, or after error */ @@ -55,11 +53,11 @@ index 0775abe35d..f53b3580b3 100644 * Non-error queries loop here. */ diff --git a/src/backend/utils/error/elog.c b/src/backend/utils/error/elog.c -index 2af87ee3bd..825bb70532 100644 +index 80c2672461..c16e0423c5 100644 --- a/src/backend/utils/error/elog.c +++ b/src/backend/utils/error/elog.c -@@ -594,7 +594,9 @@ errfinish(const char *filename, int lineno, const char *funcname) - } +@@ -600,7 +600,9 @@ errfinish(const char *filename, int lineno, const char *funcname) + pq_endcopyout(true); /* Emit the message to the right places */ +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION diff --git a/projects/postgresql/build.sh b/projects/postgresql/build.sh index ee56ecdef..12fb754a4 100644 --- a/projects/postgresql/build.sh +++ b/projects/postgresql/build.sh @@ -15,7 +15,7 @@ # ################################################################################ cp -r $SRC/fuzzer src/backend/ -git apply --ignore-space-change --ignore-whitespace ../add_fuzzers.diff +git apply ../add_fuzzers.diff useradd fuzzuser chown -R fuzzuser . @@ -35,12 +35,5 @@ make clean make cd src/backend/fuzzer make fuzzer -#if [ "$FUZZING_ENGINE" = "afl" ] -#then -rm protocol_fuzzer -#fi cp *_fuzzer $OUT/ cp $SRC/postgresql_fuzzer_seed_corpus.zip $OUT/ - -# Temporary fix. Todo: David fix this. -#rm $OUT/protocol_fuzzer diff --git a/projects/postgresql/fuzzer/fuzzer_initialize.c b/projects/postgresql/fuzzer/fuzzer_initialize.c index 33f8278b9..0ab9d7dcd 100644 --- a/projects/postgresql/fuzzer/fuzzer_initialize.c +++ b/projects/postgresql/fuzzer/fuzzer_initialize.c @@ -82,9 +82,8 @@ int FuzzerInitialize(char *dbname, char ***argv){ LocalProcessControlFile(false); InitializeMaxBackends(); - CreateSharedMemoryAndSemaphores(); - InitProcess(); BaseInit(); + InitProcess(); PG_SETMASK(&UnBlockSig); InitPostgres("dbfuzz", InvalidOid, username, InvalidOid, NULL, false); diff --git a/projects/postgresql/fuzzer/protocol_fuzzer.c b/projects/postgresql/fuzzer/protocol_fuzzer.c index 3efe8e4b2..7621644f7 100644 --- a/projects/postgresql/fuzzer/protocol_fuzzer.c +++ b/projects/postgresql/fuzzer/protocol_fuzzer.c @@ -74,7 +74,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv) { MemoryContextInit(); if(!sigsetjmp(postgre_exit, 0)){ postgre_started = true; - PostgresSingleUserMain(5, av, "fuzzuser"); + PostgresMain(5, av, "dbfuzz", "fuzzuser"); } pq_endmsgread(); return 0; @@ -106,7 +106,7 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { if(!sigsetjmp(postgre_exit, 0)){ postgre_started = true; - PostgresSingleUserMain(5, av, "fuzzuser"); + PostgresMain(5, av, "dbfuzz", "fuzzuser"); } pq_endmsgread(); postgre_started = false; diff --git a/projects/powerdns/Dockerfile b/projects/powerdns/Dockerfile index 6d02406ec..db7614c37 100644 --- a/projects/powerdns/Dockerfile +++ b/projects/powerdns/Dockerfile @@ -20,7 +20,7 @@ FROM gcr.io/oss-fuzz-base/base-builder # maintainer for this file # install required packages to build your project -RUN apt-get update && apt-get install -y autoconf automake bison dh-autoreconf flex boost1.71-all-dev libluajit-5.1-dev libedit-dev libprotobuf-dev libssl-dev libtool make pkg-config protobuf-compiler ragel +RUN add-apt-repository -y ppa:savoury1/boost-defaults-1.71 && apt-get update && apt-get install -y autoconf automake bison dh-autoreconf flex boost1.71-dev libluajit-5.1-dev libedit-dev libprotobuf-dev libssl-dev libtool make pkg-config protobuf-compiler ragel # checkout all sources needed to build your project RUN git clone https://github.com/PowerDNS/pdns.git pdns diff --git a/projects/powerdns/build.sh b/projects/powerdns/build.sh index 7da909ae2..b8922c58a 100644 --- a/projects/powerdns/build.sh +++ b/projects/powerdns/build.sh @@ -44,21 +44,7 @@ cp fuzz_target_* "${OUT}/" cp ../regression-tests/zones/* ../fuzzing/corpus/zones/ # generate the corpus files -if [ -d ../fuzzing/corpus/raw-dns-packets/ ]; then - zip -j "${OUT}/fuzz_target_dnsdistcache_seed_corpus.zip" ../fuzzing/corpus/raw-dns-packets/* -fi -if [ -d ../fuzzing/corpus/txt-records/ ]; then - zip -j "${OUT}/fuzz_target_dnslabeltext_parseRFC1035CharString_seed_corpus.zip" ../fuzzing/corpus/txt-records/* -fi -if [ -d ../fuzzing/corpus/raw-dns-packets/ ]; then - zip -j "${OUT}/fuzz_target_moadnsparser_seed_corpus.zip" ../fuzzing/corpus/raw-dns-packets/* -fi -if [ -d ../fuzzing/corpus/raw-dns-packets/ ]; then - zip -j "${OUT}/fuzz_target_packetcache_seed_corpus.zip" ../fuzzing/corpus/raw-dns-packets/* -fi -if [ -d ../fuzzing/corpus/proxy-protocol-raw-packets/ ]; then - zip -j "${OUT}/fuzz_target_proxyprotocol_seed_corpus.zip" ../fuzzing/corpus/proxy-protocol-raw-packets/* -fi -if [ -d ../fuzzing/corpus/zones/ ]; then - zip -j "${OUT}/fuzz_target_zoneparsertng_seed_corpus.zip" ../fuzzing/corpus/zones/* -fi +zip -j "${OUT}/fuzz_target_dnsdistcache_seed_corpus.zip" ../fuzzing/corpus/raw-dns-packets/* +zip -j "${OUT}/fuzz_target_moadnsparser_seed_corpus.zip" ../fuzzing/corpus/raw-dns-packets/* +zip -j "${OUT}/fuzz_target_packetcache_seed_corpus.zip" ../fuzzing/corpus/raw-dns-packets/* +zip -j "${OUT}/fuzz_target_zoneparsertng_seed_corpus.zip" ../fuzzing/corpus/zones/* diff --git a/projects/proftpd/build.sh b/projects/proftpd/build.sh deleted file mode 100755 index 2ec6ddca6..000000000 --- a/projects/proftpd/build.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -export LDFLAGS="${CFLAGS}" -./configure --enable-ctrls -make -j$(nproc) - -# We need a few declarations from main.c -# so we rename main() to main2() -sed 's/int main(/int main2(/g' -i $SRC/proftpd/src/main.c - -# Compile main.c again -export NEW_CC_FLAG="${CC} ${CFLAGS} -DHAVE_CONFIG_H -DLINUX -I. -I./include" -$NEW_CC_FLAG -c src/main.c -o src/main.o -rm src/ftpdctl.o - -find . -name "*.o" -exec ar rcs fuzz_lib.a {} \; - -# Build fuzzer(s) -$NEW_CC_FLAG -c $SRC/fuzzer.c -o fuzzer.o -$CC $CXXFLAGS $LIB_FUZZING_ENGINE fuzzer.o -o $OUT/fuzzer \ - src/scoreboard.o \ - lib/prbase.a \ - fuzz_lib.a \ - -L/src/proftpd/lib \ - -lcrypt -pthread - -# Build seed corpus -cd $SRC -git clone https://github.com/dvyukov/go-fuzz-corpus -zip $OUT/fuzzer_seed_corpus.zip go-fuzz-corpus/json/corpus/* - diff --git a/projects/proftpd/fuzzer.c b/projects/proftpd/fuzzer.c deleted file mode 100644 index ef8606825..000000000 --- a/projects/proftpd/fuzzer.c +++ /dev/null @@ -1,43 +0,0 @@ -/* -# Copyright 2021 Google LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -*/ - -#include <stdint.h> -#include <string.h> -#include <stdlib.h> -#include "json.h" - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size){ - char *new_str = (char *)malloc(size+1); - if (new_str == NULL) { - return 0; - } - memcpy(new_str, data, size); - new_str[size] = '\0'; - - pool *p = make_sub_pool(NULL); - if (p != NULL) { - init_json(); - pr_json_object_t *json = pr_json_object_from_text(p, new_str); - pr_json_object_free(json); - finish_json(); - destroy_pool(p); - } - - free(new_str); - return 0; -} diff --git a/projects/proftpd/project.yaml b/projects/proftpd/project.yaml deleted file mode 100644 index f3b5317f4..000000000 --- a/projects/proftpd/project.yaml +++ /dev/null @@ -1,9 +0,0 @@ -homepage: "http://www.proftpd.org/" -main_repo: "https://github.com/proftpd/proftpd" -language: c -primary_contact: "castaglian@gmail.com" -auto_ccs: - - "Adam@adalogics.com" -sanitizers: - - address - - undefined diff --git a/projects/prometheus/Dockerfile b/projects/prometheus/Dockerfile index eb9d3bcc7..7e22750f9 100644 --- a/projects/prometheus/Dockerfile +++ b/projects/prometheus/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder ENV GO111MODULE=on RUN git clone https://github.com/prometheus/prometheus $GOPATH/src/github.com/prometheus/prometheus COPY build.sh $SRC/ diff --git a/projects/prost/Dockerfile b/projects/prost/Dockerfile deleted file mode 100644 index d340fe5fc..000000000 --- a/projects/prost/Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright 2021 Google LL -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust -RUN apt-get update && apt-get install -y pkg-config libssl-dev curl libcurl4-openssl-dev ninja-build -RUN git clone --depth 1 https://github.com/danburkert/prost -WORKDIR $SRC - -COPY build.sh $SRC/ diff --git a/projects/prost/build.sh b/projects/prost/build.sh deleted file mode 100755 index 4b9c38285..000000000 --- a/projects/prost/build.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -cd $SRC/prost -cargo fuzz build -O -cp fuzz/target/x86_64-unknown-linux-gnu/release/proto2 $OUT/ -cp fuzz/target/x86_64-unknown-linux-gnu/release/proto3 $OUT/ diff --git a/projects/prost/project.yaml b/projects/prost/project.yaml deleted file mode 100644 index 49f69f2a7..000000000 --- a/projects/prost/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://crates.io/crates/prost" -main_repo: "https://github.com/danburkert/prost" -primary_contact: "dan@danburkert.com" -sanitizers: - - address -fuzzing_engines: - - libfuzzer -language: rust -auto_ccs: - - "david@adalogics.com" diff --git a/projects/protobuf-c/build.sh b/projects/protobuf-c/build.sh index c84006502..8eda36a39 100755 --- a/projects/protobuf-c/build.sh +++ b/projects/protobuf-c/build.sh @@ -46,7 +46,6 @@ cd $SRC/protobuf-c/ ./configure --enable-static=yes --enable-shared=false PKG_CONFIG_PATH=$SRC/protobuf-install/lib/pkgconfig make -j$(nproc) -make install cd $SRC/fuzzing-headers/ ./install.sh @@ -54,6 +53,6 @@ cd $SRC/fuzzing-headers/ cd $SRC/protobuf-c-fuzzers/ cp $SRC/protobuf-c/t/test-full.proto $SRC/protobuf-c-fuzzers/ export PATH=$PATH:$SRC/protobuf-c/protoc-c -$PROTOC --c_out=. -I. -I/usr/local/include test-full.proto +$PROTOC --c_out=. test-full.proto $CC $CFLAGS test-full.pb-c.c -I $SRC/protobuf-install -I $SRC/protobuf-c -c -o test-full.pb-c.o $CXX $CXXFLAGS fuzzer.cpp -I $SRC/protobuf-install -I $SRC/protobuf-c test-full.pb-c.o $SRC/protobuf-c/protobuf-c/.libs/libprotobuf-c.a $LIB_FUZZING_ENGINE -o $OUT/fuzzer diff --git a/projects/protobuf-c/project.yaml b/projects/protobuf-c/project.yaml index 54245ffe6..9103f1bce 100644 --- a/projects/protobuf-c/project.yaml +++ b/projects/protobuf-c/project.yaml @@ -5,10 +5,9 @@ auto_ccs: - "ilya.lipnitskiy@gmail.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory architectures: - x86_64 - i386 main_repo: 'https://github.com/protobuf-c/protobuf-c.git' -coverage_extra_args: -ignore-filename-regex=.*/protobuf-install/.*
\ No newline at end of file +coverage_extra_args: -ignore-filename-regex=.*/protobuf-install/.* diff --git a/projects/protobuf-java/Dockerfile b/projects/protobuf-java/Dockerfile deleted file mode 100644 index b14084f45..000000000 --- a/projects/protobuf-java/Dockerfile +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-jvm - -RUN apt-get update && apt-get install -y make autoconf automake libtool pkg-config - -RUN curl -L https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.zip -o maven.zip && \ - unzip maven.zip -d $SRC/maven && \ - rm -rf maven.zip - -ENV MVN $SRC/maven/apache-maven-3.6.3/bin/mvn - -RUN curl -L -O https://raw.githubusercontent.com/protobuf-c/protobuf-c/39cd58f5ff06048574ed5ce17ee602dc84006162/t/test-full.proto - -RUN git clone --depth 1 --recursive https://github.com/protocolbuffers/protobuf.git - -COPY build.sh $SRC -COPY ProtobufFuzzer.java $SRC - -WORKDIR $SRC diff --git a/projects/protobuf-java/ProtobufFuzzer.java b/projects/protobuf-java/ProtobufFuzzer.java deleted file mode 100644 index 3e5e09a45..000000000 --- a/projects/protobuf-java/ProtobufFuzzer.java +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -import com.google.protobuf.InvalidProtocolBufferException; - -import foo.TestFull; - -public class ProtobufFuzzer { - public static void fuzzerTestOneInput(byte[] input) { - try { - TestFull.TestMessSubMess.parseFrom(input); - } catch (InvalidProtocolBufferException ignored) { } - try { - TestFull.TestFieldFlags.parseFrom(input); - } catch (InvalidProtocolBufferException ignored) { } - try { - TestFull.TestMessageCheck.parseFrom(input); - } catch (InvalidProtocolBufferException ignored) { } - } -} diff --git a/projects/protobuf-java/build.sh b/projects/protobuf-java/build.sh deleted file mode 100755 index e5f7363d9..000000000 --- a/projects/protobuf-java/build.sh +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Build protoc with default options. -unset CFLAGS CXXFLAGS -mkdir $SRC/protobuf-install/ -cd $SRC/protobuf/ -./autogen.sh -./configure --prefix=$SRC/protobuf-install -make -j$(nproc) -make install - -export PROTOC="$SRC/protobuf-install/bin/protoc" - -# Build protobuf-java (requires protoc in source tree). -cd $SRC/protobuf/java/ -cp $PROTOC $SRC/protobuf/src/ -MAVEN_ARGS="-Dmaven.test.skip=true -Djavac.src.version=15 -Djavac.target.version=15" -$MVN package $MAVEN_ARGS -CURRENT_VERSION=$($MVN org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate \ - -Dexpression=project.version -q -DforceStdout) -cp "core/target/protobuf-java-$CURRENT_VERSION.jar" $OUT/protobuf-java.jar - -# Compile test protos with protoc. -cd $SRC/ -$PROTOC --java_out=. --proto_path=. test-full.proto -jar --create --file $OUT/test-full.jar foo/* - -ALL_JARS="protobuf-java.jar test-full.jar" - -# The classpath at build-time includes the project jars in $OUT as well as the -# Jazzer API. -BUILD_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "$OUT/%s:"):$JAZZER_API_PATH - -# All .jar and .class files lie in the same directory as the fuzzer at runtime. -RUNTIME_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "\$this_dir/%s:"):\$this_dir - -for fuzzer in $(find $SRC -name '*Fuzzer.java'); do - fuzzer_basename=$(basename -s .java $fuzzer) - javac -cp $BUILD_CLASSPATH $fuzzer - cp $SRC/$fuzzer_basename.class $OUT/ - - # Create an execution wrapper that executes Jazzer with the correct arguments. - echo "#!/bin/sh -# LLVMFuzzerTestOneInput for fuzzer detection. -this_dir=\$(dirname \"\$0\") -LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\" \ -\$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \ ---cp=$RUNTIME_CLASSPATH \ ---target_class=$fuzzer_basename \ ---jvm_args=\"-Xmx2048m\" \ -\$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename -done - diff --git a/projects/protobuf-java/project.yaml b/projects/protobuf-java/project.yaml deleted file mode 100644 index afb45a26f..000000000 --- a/projects/protobuf-java/project.yaml +++ /dev/null @@ -1,14 +0,0 @@ -homepage: "https://developers.google.com/protocol-buffers/" -language: jvm -primary_contact: "kfm@google.com" -auto_ccs: - - "meumertzheim@code-intelligence.com" - - "acozzette@google.com" - - "elharo@google.com" - - "pzd@google.com" - - "sandyzhang@google.com" -fuzzing_engines: - - libfuzzer -main_repo: "https://github.com/protocolbuffers/protobuf" -sanitizers: - - address diff --git a/projects/protoreflect/Dockerfile b/projects/protoreflect/Dockerfile deleted file mode 100644 index 948b3a577..000000000 --- a/projects/protoreflect/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-go -RUN git clone --depth 1 https://github.com/jhump/protoreflect - -COPY fuzz_protoparse.go $SRC/protoreflect/desc/protoparse/ -COPY fuzz_dynamic.go $SRC/protoreflect/proto_decoder/ - -COPY build.sh $SRC/ -WORKDIR $SRC/protoreflect diff --git a/projects/protoreflect/build.sh b/projects/protoreflect/build.sh deleted file mode 100755 index 3511f83c0..000000000 --- a/projects/protoreflect/build.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -compile_go_fuzzer github.com/jhump/protoreflect/desc/protoparse FuzzProtoParse fuzz_protoparse -# compile_go_fuzzer github.com/jhump/protoreflect/proto_decoder Fuzz fuzz_dynamic - diff --git a/projects/protoreflect/fuzz_dynamic.go b/projects/protoreflect/fuzz_dynamic.go deleted file mode 100644 index ba26fe298..000000000 --- a/projects/protoreflect/fuzz_dynamic.go +++ /dev/null @@ -1,33 +0,0 @@ -package proto_decoder - -import ( - "github.com/golang/protobuf/proto" - "github.com/golang/protobuf/ptypes/empty" - "github.com/jhump/protoreflect/desc" - "github.com/jhump/protoreflect/desc/builder" - "github.com/jhump/protoreflect/dynamic" -) - -func Fuzz(data []byte) int { - d, err := desc.LoadMessageDescriptorForMessage(&empty.Empty{}) - if err != nil { - panic(err) - } - mb, err := builder.FromMessage(d) - if err != nil { - panic(err) - } - - msg, err := mb.Build() - if err != nil { - panic(err) - } - - decoded := dynamic.NewMessage(msg) - err = proto.Unmarshal(data, decoded) - if err != nil { - return 0 - } - - return 1 -} diff --git a/projects/protoreflect/fuzz_protoparse.go b/projects/protoreflect/fuzz_protoparse.go deleted file mode 100644 index 5e5b9a97e..000000000 --- a/projects/protoreflect/fuzz_protoparse.go +++ /dev/null @@ -1,21 +0,0 @@ -package protoparse - -import ( - "bytes" - "io" - "io/ioutil" -) - -func FuzzProtoParse(data []byte) int { - parser := &Parser{ - Accessor: func(_ string) (closer io.ReadCloser, e error) { - return ioutil.NopCloser(bytes.NewReader(data)), nil - }, - } - - _, err := parser.ParseFiles("dummy") - if err != nil { - return 0 - } - return 1 -} diff --git a/projects/protoreflect/project.yaml b/projects/protoreflect/project.yaml deleted file mode 100644 index 278f98aa5..000000000 --- a/projects/protoreflect/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://github.com/jhump/protoreflect" -primary_contact: "jhumphries131@gmail.com" -auto_ccs: - - "p.antoine@catenacyber.fr" -language: go -fuzzing_engines: - - libfuzzer -sanitizers: - - address -main_repo: 'https://github.com/jhump/protoreflect' diff --git a/projects/proxygen/Dockerfile b/projects/proxygen/Dockerfile index 859b60caf..7899ed2a6 100644 --- a/projects/proxygen/Dockerfile +++ b/projects/proxygen/Dockerfile @@ -28,9 +28,7 @@ RUN apt-get update && \ gcc \ g++ \ python \ - python-dev \ - cmake \ - ninja-build + python-dev # Install and build boost from source so we can have it use libc++ RUN wget https://sourceforge.net/projects/boost/files/boost/1.70.0/boost_1_70_0.tar.gz && \ @@ -98,13 +96,6 @@ RUN wget https://github.com/facebook/zstd/releases/download/v1.4.2/zstd-1.4.2.ta cd .. && \ rm -rf zstd-1.4.2 -# Get double conversion -RUN git clone --single-branch https://github.com/google/double-conversion.git double-conversion && \ - cd double-conversion/double-conversion && \ - cmake -GNinja ../ && \ - ninja && \ - ninja install - # Build and install `fmt` needed by folly RUN wget https://github.com/fmtlib/fmt/archive/6.0.0.tar.gz && \ tar xzf 6.0.0.tar.gz && \ @@ -158,6 +149,7 @@ RUN apt-get install -y \ zlib1g-dev \ binutils-dev \ libsodium-dev \ + libdouble-conversion-dev \ libunwind8-dev # Install patchelf so we can fix path to libunwind diff --git a/projects/proxygen/build.sh b/projects/proxygen/build.sh index dfa5ef921..dd3729f7d 100755 --- a/projects/proxygen/build.sh +++ b/projects/proxygen/build.sh @@ -15,15 +15,6 @@ # ################################################################################ -# Dont build tests we do not care about -echo "" > ./proxygen/httpclient/samples/CMakeLists.txt -echo "" > ./proxygen/httpserver/tests/CMakeLists.txt -echo "" > ./proxygen/lib/http/structuredheaders/test/CMakeLists.txt -echo "" > ./proxygen/httpserver/filters/tests/CMakeLists.txt -echo "" > ./proxygen/lib/http/session/test/CMakeLists.txt -echo "" > ./proxygen/lib/http/codec/compress/test/CMakeLists.txt -echo "" > ./proxygen/lib/services/test/CMakeLists.txt - cd proxygen # Link to, and copy over, libunwind diff --git a/projects/pulumi/Dockerfile b/projects/pulumi/Dockerfile deleted file mode 100644 index 3b12b3c7f..000000000 --- a/projects/pulumi/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-go -RUN git clone --depth 1 https://github.com/pulumi/pulumi -COPY build.sh \ - config_fuzzer.go \ - schema_fuzzer.go \ - $SRC/ -WORKDIR $SRC/pulumi diff --git a/projects/pulumi/build.sh b/projects/pulumi/build.sh deleted file mode 100644 index 9671dcae8..000000000 --- a/projects/pulumi/build.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -cd pkg -#go mod download - -cp $SRC/schema_fuzzer.go $SRC/pulumi/pkg/codegen/schema/ -compile_go_fuzzer github.com/pulumi/pulumi/pkg/v3/codegen/schema SchemaFuzzer schema_fuzzer - -cp $SRC/config_fuzzer.go $SRC/pulumi/sdk/go/common/resource/config/ -compile_go_fuzzer github.com/pulumi/pulumi/sdk/v3/go/common/resource/config FuzzConfig fuzz -compile_go_fuzzer github.com/pulumi/pulumi/sdk/v3/go/common/resource/config FuzzParseKey fuzz_parse_key diff --git a/projects/pulumi/config_fuzzer.go b/projects/pulumi/config_fuzzer.go deleted file mode 100644 index 18c3bc07a..000000000 --- a/projects/pulumi/config_fuzzer.go +++ /dev/null @@ -1,51 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -package config - -import ( - "encoding/json" -) - -func FuzzConfig(data []byte) int { - if len(data) != 32 { - return -1 - } - crypter := NewSymmetricCrypter(make([]byte, 32)) - _, _ = crypter.EncryptValue(string(data)) - _, _ = crypter.DecryptValue(string(data)) - return 1 -} - -func fuuzRoundtripKey(m Key, marshal func(v interface{}) ([]byte, error), - unmarshal func([]byte, interface{}) error) (Key, error) { - b, err := marshal(m) - if err != nil { - return Key{}, err - } - - var newM Key - err = unmarshal(b, &newM) - return newM, err -} - -func FuzzParseKey(data []byte) int { - k, err := ParseKey(string(data)) - if err != nil { - return 0 - } - fuuzRoundtripKey(k, json.Marshal, json.Unmarshal) - return 1 -} diff --git a/projects/pulumi/project.yaml b/projects/pulumi/project.yaml deleted file mode 100644 index 60803647c..000000000 --- a/projects/pulumi/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://www.pulumi.com/" -main_repo: "https://github.com/pulumi/pulumi" -primary_contact: "anton@pulumi.com" -auto_ccs : - - "adam@adalogics.com" -language: go -fuzzing_engines: - - libfuzzer -sanitizers: - - address diff --git a/projects/pulumi/schema_fuzzer.go b/projects/pulumi/schema_fuzzer.go deleted file mode 100644 index 38ac5c9ec..000000000 --- a/projects/pulumi/schema_fuzzer.go +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -package schema - -import ( - fuzz "github.com/AdaLogics/go-fuzz-headers" -) - -func SchemaFuzzer(data []byte) int { - pkgSpec := PackageSpec{} - f := fuzz.NewConsumer(data) - err := f.GenerateStruct(&pkgSpec) - if err != nil { - return 0 - } - _, _ = ImportSpec(pkgSpec, nil) - return 1 -} diff --git a/projects/pygments/Dockerfile b/projects/pygments/Dockerfile index 9b544249d..b23fc1b6d 100644 --- a/projects/pygments/Dockerfile +++ b/projects/pygments/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-python +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone \ --depth 1 \ @@ -58,4 +58,4 @@ RUN cat fuzzing/dictionaries/aff.dict \ fuzzing/dictionaries/yara.dict \ > $OUT/pygments_fuzzer.dict -COPY build.sh fuzz_guesser.py fuzz_lexers.py $SRC/ +COPY build.sh pygments_fuzzer.py $SRC/ diff --git a/projects/pygments/build.sh b/projects/pygments/build.sh index b76e29aa9..01924b50d 100644 --- a/projects/pygments/build.sh +++ b/projects/pygments/build.sh @@ -19,7 +19,7 @@ pip3 install . # Build fuzzers in $OUT. -for fuzzer in $(find $SRC -name 'fuzz_*.py'); do +for fuzzer in $(find $SRC -name '*_fuzzer.py'); do fuzzer_basename=$(basename -s .py $fuzzer) fuzzer_package=${fuzzer_basename}.pkg pyinstaller --distpath $OUT --onefile --name $fuzzer_package $fuzzer @@ -30,7 +30,7 @@ for fuzzer in $(find $SRC -name 'fuzz_*.py'); do this_dir=\$(dirname \"\$0\") ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \ \$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename + chmod u+x $OUT/$fuzzer_basename done zip -j $OUT/files_fuzzer_seed_corpus.zip tests/examplefiles/* diff --git a/projects/pygments/fuzz_lexers.py b/projects/pygments/fuzz_lexers.py deleted file mode 100644 index 0d610c103..000000000 --- a/projects/pygments/fuzz_lexers.py +++ /dev/null @@ -1,40 +0,0 @@ -#!/usr/bin/python3 - -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import atheris -with atheris.instrument_imports(): - import sys - import pygments - import pygments.formatters.html - import pygments.lexers - -formatter = pygments.formatters.html.HtmlFormatter() -# pygments.LEXERS.values() is a list of tuples like this, with some of then empty: -# (textual class name, longname, tuple of aliases, tuple of filename patterns, tuple of mimetypes) -LEXERS = [l[2][0] for l in pygments.lexers.LEXERS.values() if l[2]] - - -def TestOneInput(data: bytes) -> int: - fdp = atheris.FuzzedDataProvider(data) - random_lexer = pygments.lexers.get_lexer_by_name(fdp.PickValueInList(LEXERS)) - str_data = fdp.ConsumeUnicode(atheris.ALL_REMAINING) - - pygments.highlight(str_data, random_lexer, formatter) - return 0 - - -atheris.Setup(sys.argv, TestOneInput) -atheris.Fuzz() diff --git a/projects/pygments/fuzz_guesser.py b/projects/pygments/pygments_fuzzer.py index ecc2411cf..9d21ba320 100644 --- a/projects/pygments/fuzz_guesser.py +++ b/projects/pygments/pygments_fuzzer.py @@ -14,19 +14,22 @@ # See the License for the specific language governing permissions and # limitations under the License. +import sys import atheris -with atheris.instrument_imports(): - import sys - import pygments - import pygments.lexers +import pygments +import pygments.formatters +import pygments.lexers + + +def TestOneInput(input_bytes): + fdp = atheris.FuzzedDataProvider(input_bytes) + data = fdp.ConsumeUnicode(atheris.ALL_REMAINING) -@atheris.instrument_func -def TestOneInput(data: bytes) -> int: try: - lexer = pygments.lexers.guess_lexer(str(data)) + lexer = pygments.lexers.guess_lexer(data) except ValueError: - return 0 - return 0 + return + pygments.highlight(data, lexer, pygments.formatters.HtmlFormatter()) def main(): diff --git a/projects/python-lz4/Dockerfile b/projects/python-lz4/Dockerfile index 2ce705b4c..8598ed33d 100644 --- a/projects/python-lz4/Dockerfile +++ b/projects/python-lz4/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-python +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/python-lz4/python-lz4 COPY build.sh $SRC/ diff --git a/projects/python-lz4/build.sh b/projects/python-lz4/build.sh index 6eaf4d518..66f6419ac 100644 --- a/projects/python-lz4/build.sh +++ b/projects/python-lz4/build.sh @@ -30,5 +30,5 @@ this_dir=\$(dirname \"\$0\") LD_PRELOAD=\$this_dir/sanitizer_with_fuzzer.so \ ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \ \$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename + chmod u+x $OUT/$fuzzer_basename done diff --git a/projects/python-lz4/fuzz_lz4.py b/projects/python-lz4/fuzz_lz4.py index 6a7e21d22..ff6787d1b 100644 --- a/projects/python-lz4/fuzz_lz4.py +++ b/projects/python-lz4/fuzz_lz4.py @@ -15,8 +15,7 @@ import sys import atheris -with atheris.instrument_imports(): - import lz4.frame +import lz4.frame def TestOneInput(data): c =lz4.frame.compress(data) diff --git a/projects/python3-libraries/Dockerfile b/projects/python3-libraries/Dockerfile index 37f6706ec..3da576e95 100644 --- a/projects/python3-libraries/Dockerfile +++ b/projects/python3-libraries/Dockerfile @@ -15,8 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && \ - apt-get install -y build-essential libncursesw5-dev libreadline-dev libssl-dev libgdbm-dev libc6-dev libsqlite3-dev tk-dev libbz2-dev zlib1g-dev libffi-dev +RUN apt-get install -y build-essential libncursesw5-dev libreadline-dev libssl-dev libgdbm-dev libc6-dev libsqlite3-dev tk-dev libbz2-dev zlib1g-dev libffi-dev RUN git clone https://github.com/python/cpython.git cpython RUN git clone --depth 1 https://github.com/guidovranken/python-library-fuzzers.git COPY build.sh $SRC/ diff --git a/projects/pyyaml/Dockerfile b/projects/pyyaml/Dockerfile index d555b402a..3d5bc541c 100644 --- a/projects/pyyaml/Dockerfile +++ b/projects/pyyaml/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-python +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone https://github.com/yaml/pyyaml WORKDIR $SRC COPY build.sh $SRC/ diff --git a/projects/pyyaml/build.sh b/projects/pyyaml/build.sh index 504adcbaa..de7d84c2c 100644 --- a/projects/pyyaml/build.sh +++ b/projects/pyyaml/build.sh @@ -30,5 +30,5 @@ this_dir=\$(dirname \"\$0\") LD_PRELOAD=\$this_dir/sanitizer_with_fuzzer.so \ ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \ \$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename + chmod u+x $OUT/$fuzzer_basename done diff --git a/projects/pyyaml/fuzz_loader.py b/projects/pyyaml/fuzz_loader.py index 40c9fcc56..6600d842b 100644 --- a/projects/pyyaml/fuzz_loader.py +++ b/projects/pyyaml/fuzz_loader.py @@ -14,15 +14,11 @@ # See the License for the specific language governing permissions and # limitations under the License. -import sys - import atheris -with atheris.instrument_imports(): - import yaml +import yaml -@atheris.instrument_func def TestOneInput(input_bytes): try: context = yaml.load(input_bytes, Loader=yaml.FullLoader) diff --git a/projects/pyyaml/fuzz_reader.py b/projects/pyyaml/fuzz_reader.py index 5cd0d1e86..d7a0e2cb2 100644 --- a/projects/pyyaml/fuzz_reader.py +++ b/projects/pyyaml/fuzz_reader.py @@ -15,10 +15,8 @@ # limitations under the License. import sys import atheris -with atheris.instrument_imports(): - import yaml.reader +import yaml.reader -@atheris.instrument_func def TestOneInput(data): if len(data) < 1: return @@ -32,7 +30,7 @@ def TestOneInput(data): return def main(): - atheris.Setup(sys.argv, TestOneInput) + atheris.Setup(sys.argv, TestOneInput, enable_python_coverage=True) atheris.Fuzz() if __name__ == "__main__": diff --git a/projects/qcms/Dockerfile b/projects/qcms/Dockerfile index 922eac69a..c124a14a2 100644 --- a/projects/qcms/Dockerfile +++ b/projects/qcms/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y mercurial RUN hg clone --uncompressed https://hg.mozilla.org/mozilla-central/ COPY build.sh $SRC/ diff --git a/projects/qemu/Dockerfile b/projects/qemu/Dockerfile index bf780b8b4..779fc39a4 100644 --- a/projects/qemu/Dockerfile +++ b/projects/qemu/Dockerfile @@ -15,9 +15,14 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake libtool ninja-build libglib2.0-dev \ - libfdt-dev libpixman-1-dev zlib1g-dev patchelf wget \ - libattr1 libattr1-dev libcap-ng-dev pkg-config +RUN apt-get update && apt-get install -y make autoconf automake libtool \ + libglib2.0-dev libfdt-dev libpixman-1-dev zlib1g-dev patchelf wget \ + libattr1 libattr1-dev libcap-ng-dev +# Ninja in the apt repos is too old. Get it directly from github +RUN wget https://github.com/ninja-build/ninja/releases/latest/download/ninja-linux.zip \ + && unzip ninja-linux.zip \ + && rm ninja-linux.zip \ + && mv ninja /usr/bin/ninja RUN git clone --depth 1 https://git.qemu.org/git/qemu.git qemu WORKDIR qemu -COPY build.sh $SRC/ +RUN cp scripts/oss-fuzz/build.sh $SRC diff --git a/projects/qemu/build.sh b/projects/qemu/build.sh deleted file mode 100755 index 94c71431a..000000000 --- a/projects/qemu/build.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -e -# Copyright 2020 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -pip3 install meson - -./scripts/oss-fuzz/build.sh diff --git a/projects/qemu/default.options b/projects/qemu/default.options deleted file mode 100644 index 08e7afb7e..000000000 --- a/projects/qemu/default.options +++ /dev/null @@ -1,3 +0,0 @@ -[libfuzzer] -close_fd_mask=3 -detect_leaks=0 diff --git a/projects/qemu/project.yaml b/projects/qemu/project.yaml index db9d1dfc0..09748302c 100644 --- a/projects/qemu/project.yaml +++ b/projects/qemu/project.yaml @@ -3,7 +3,6 @@ language: c primary_contact: "alxndr@bu.edu" auto_ccs: - "bsd@redhat.com" - - "mcascell@redhat.com" - "pbonzini@redhat.com" - "stefanha@redhat.com" - "darren.kenny@oracle.com" diff --git a/projects/qpdf/project.yaml b/projects/qpdf/project.yaml index 41a4be8d4..441505203 100644 --- a/projects/qpdf/project.yaml +++ b/projects/qpdf/project.yaml @@ -4,6 +4,5 @@ primary_contact: "qberkenbilt@gmail.com" sanitizers: - address - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory main_repo: 'https://github.com/qpdf/qpdf.git' diff --git a/projects/qt/project.yaml b/projects/qt/project.yaml index 6e6a84494..941006709 100644 --- a/projects/qt/project.yaml +++ b/projects/qt/project.yaml @@ -2,10 +2,8 @@ homepage: "http://qt-project.org" language: c++ primary_contact: "rlohningqt@gmail.com" auto_ccs: - - "sgaist.qt@gmail.com" - "shawn.t.rutledge@gmail.com" -main_repo: 'git://code.qt.io/qt/qt5.git' architectures: - x86_64 - i386 -help_url: "https://code.qt.io/cgit/qt/qtbase.git/plain/tests/libfuzzer/README" +main_repo: 'git://code.qt.io/qt/qt5.git' diff --git a/projects/quic-go/Dockerfile b/projects/quic-go/Dockerfile index 5719c0d0f..9ee792c23 100644 --- a/projects/quic-go/Dockerfile +++ b/projects/quic-go/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/marten-seemann/qpack/ && \ cd qpack && \ diff --git a/projects/quick-xml/Dockerfile b/projects/quick-xml/Dockerfile deleted file mode 100644 index 43995b86c..000000000 --- a/projects/quick-xml/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust - -RUN git clone --depth 1 https://github.com/tafia/quick-xml -COPY fuzz_target_1.rs $SRC/quick-xml/fuzz/fuzz_targets/fuzz_target_1.rs -WORKDIR $SRC - -COPY build.sh $SRC/ diff --git a/projects/quick-xml/build.sh b/projects/quick-xml/build.sh deleted file mode 100755 index 704c8605d..000000000 --- a/projects/quick-xml/build.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -cd $SRC/quick-xml -cargo fuzz build -O -cp fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1 $OUT/ diff --git a/projects/quick-xml/fuzz_target_1.rs b/projects/quick-xml/fuzz_target_1.rs deleted file mode 100644 index 4ce369d09..000000000 --- a/projects/quick-xml/fuzz_target_1.rs +++ /dev/null @@ -1,58 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -//limitations under the License. -// -//################### -#![no_main] -#[macro_use] extern crate libfuzzer_sys; -extern crate quick_xml; - -use quick_xml::Reader; -use quick_xml::events::Event; -use std::io::Cursor; - -fuzz_target!(|data: &[u8]| { - // fuzzed code goes here - let cursor = Cursor::new(data); - let mut reader = Reader::from_reader(cursor); - let mut buf = vec![]; - loop { - match reader.read_event(&mut buf) { - Ok(Event::Start(ref e)) | Ok(Event::Empty(ref e))=> { - if e.unescaped().is_err() { - break; - } - for a in e.attributes() { - if a.ok().map_or(false, |a| a.unescaped_value().is_err()) { - break; - } - } - } - Ok(Event::Text(ref e)) | Ok(Event::Comment(ref e)) - | Ok(Event::CData(ref e)) | Ok(Event::PI(ref e)) - | Ok(Event::DocType(ref e)) => { - if e.unescaped().is_err() { - break; - } - } - Ok(Event::Decl(ref e)) => { - let _ = e.version(); - let _ = e.encoding(); - let _ = e.standalone(); - } - Ok(Event::End(_)) => (), - Ok(Event::Eof) | Err(..) => break, - } - buf.clear(); - } -}); diff --git a/projects/quick-xml/project.yaml b/projects/quick-xml/project.yaml deleted file mode 100644 index 98af2f967..000000000 --- a/projects/quick-xml/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://github.com/tafia/quick-xml" -main_repo: "https://github.com/tafia/quick-xml" -primary_contact: "tafia973@gmail.com" -sanitizers: - - address -fuzzing_engines: - - libfuzzer -language: rust -auto_ccs: - - "david@adalogics.com" diff --git a/projects/quickjs/project.yaml b/projects/quickjs/project.yaml index a2e3ce733..7bc6d0988 100644 --- a/projects/quickjs/project.yaml +++ b/projects/quickjs/project.yaml @@ -10,4 +10,4 @@ sanitizers: - address blackbox: true # also use a blackbox fuzzer for this project. -main_repo: 'https://github.com/bellard/quickjs' +main_repo: 'https://github.com/horhof/quickjs' diff --git a/projects/radare2/Dockerfile b/projects/radare2/Dockerfile index 5b2f403b1..b0140e064 100644 --- a/projects/radare2/Dockerfile +++ b/projects/radare2/Dockerfile @@ -1,7 +1,7 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update -RUN git clone https://github.com/radareorg/radare2 radare2 -RUN git clone https://github.com/radareorg/radare2-fuzz radare2-fuzz +RUN git clone https://github.com/radare/radare2 radare2 +RUN git clone https://github.com/radare/radare2-regressions radare2-regressions WORKDIR radare2 COPY build.sh $SRC/ COPY *.options $SRC/ diff --git a/projects/radare2/build.sh b/projects/radare2/build.sh index 94f72f106..c04240a67 100755 --- a/projects/radare2/build.sh +++ b/projects/radare2/build.sh @@ -6,7 +6,7 @@ export HOST_CC=$CC sys/static.sh cp -r r2-static $OUT/ -cp -r ../radare2-fuzz/targets . +cp -r ../radare2-regressions/fuzz/targets . export RADARE2_STATIC_BUILD=$OUT/r2-static cd targets diff --git a/projects/radare2/project.yaml b/projects/radare2/project.yaml index f1b5ee965..9434e1817 100644 --- a/projects/radare2/project.yaml +++ b/projects/radare2/project.yaml @@ -1,4 +1,4 @@ -homepage: "https://github.com/radareorg/radare2" +homepage: "https://github.com/radare/radare2" language: c++ primary_contact: "pancake@nopcode.org" auto_ccs: @@ -6,4 +6,4 @@ auto_ccs: sanitizers: - address run_tests: False -main_repo: 'https://github.com/radareorg/radare2' +main_repo: 'https://github.com/radare/radare2' diff --git a/projects/radon/Dockerfile b/projects/radon/Dockerfile index 0c6ac1b89..fe4c6ca5d 100644 --- a/projects/radon/Dockerfile +++ b/projects/radon/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/radondb/radon COPY build.sh $SRC/ WORKDIR $SRC/radon diff --git a/projects/rdkit/Dockerfile b/projects/rdkit/Dockerfile index e072c2d23..1dad793c5 100644 --- a/projects/rdkit/Dockerfile +++ b/projects/rdkit/Dockerfile @@ -15,13 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y wget - -RUN git clone https://gitlab.com/libeigen/eigen && \ - mkdir eigen_build && \ - cd eigen_build && \ - cmake ../eigen && \ - make install +RUN apt-get update && apt-get install -y wget libeigen3-dev RUN git clone --depth 1 https://github.com/rdkit/rdkit.git $SRC/rdkit WORKDIR $SRC/rdkit diff --git a/projects/re2/project.yaml b/projects/re2/project.yaml index 28f9c4bd2..0fc1f837b 100644 --- a/projects/re2/project.yaml +++ b/projects/re2/project.yaml @@ -3,10 +3,9 @@ language: c++ primary_contact: "junyer@google.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined architectures: - x86_64 - i386 -main_repo: 'https://code.googlesource.com/re2'
\ No newline at end of file +main_repo: 'https://code.googlesource.com/re2' diff --git a/projects/relic/Dockerfile b/projects/relic/Dockerfile index 20213173d..23b426b6f 100644 --- a/projects/relic/Dockerfile +++ b/projects/relic/Dockerfile @@ -19,5 +19,5 @@ RUN apt-get update && apt-get install -y make autoconf automake libtool wget pyt RUN git clone --depth 1 https://github.com/relic-toolkit/relic.git RUN git clone --depth 1 https://github.com/randombit/botan.git RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz -RUN wget https://boostorg.jfrog.io/artifactory/main/release/1.74.0/source/boost_1_74_0.tar.bz2 +RUN wget https://dl.bintray.com/boostorg/release/1.74.0/source/boost_1_74_0.tar.bz2 COPY build.sh $SRC/ diff --git a/projects/relic/build.sh b/projects/relic/build.sh index d2c31dd26..552b14fc6 100755 --- a/projects/relic/build.sh +++ b/projects/relic/build.sh @@ -26,6 +26,9 @@ CFLAGS="" CXXFLAGS="" ./bootstrap.sh CFLAGS="" CXXFLAGS="" ./b2 headers cp -R boost/ /usr/include/ +# Prevent Boost compilation error with -std=c++17 +export CXXFLAGS="$CXXFLAGS -D_LIBCPP_ENABLE_CXX17_REMOVED_AUTO_PTR" + # Build Relic cd $SRC/relic/ mkdir build/ @@ -62,10 +65,9 @@ python gen_repository.py rm extra_options.h echo -n '"' >>extra_options.h echo -n '--force-module=relic ' >>extra_options.h -echo -n '--operations=BignumCalc,ECC_PrivateToPublic,ECC_ValidatePubkey,ECDSA_Sign,ECDSA_Verify,Digest,HMAC,KDF_X963,SymmetricEncrypt,SymmetricDecrypt,ECC_Point_Add,ECC_Point_Mul ' >>extra_options.h +echo -n '--operations=BignumCalc,ECC_PrivateToPublic,ECC_ValidatePubkey,ECDSA_Sign,ECDSA_Verify,Digest,HMAC,KDF_X963 ' >>extra_options.h echo -n '--curves=secp256k1,secp256r1 ' >>extra_options.h echo -n '--digests=NULL,SHA224,SHA256,SHA384,SHA512,BLAKE2S160,BLAKE2S256 ' >>extra_options.h -echo -n '--ciphers=AES_128_CBC,AES_192_CBC,AES_256_CBC ' >>extra_options.h echo -n '--calcops=Abs,Add,Bit,ClearBit,Cmp,CmpAbs,Div,ExpMod,GCD,InvMod,IsEven,IsOdd,IsZero,Jacobi,LCM,LShift1,Mod,Mul,Neg,NumBits,RShift,SetBit,Sqr,Sqrt,Sub ' >>extra_options.h echo -n '"' >>extra_options.h cd modules/relic/ diff --git a/projects/relic/project.yaml b/projects/relic/project.yaml index c3d3016a8..98fb04fce 100644 --- a/projects/relic/project.yaml +++ b/projects/relic/project.yaml @@ -7,8 +7,7 @@ auto_ccs: sanitizers: - address - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory architectures: - x86_64 - i386 diff --git a/projects/resiprocate/Dockerfile b/projects/resiprocate/Dockerfile index c1abd02bc..58f7a92c0 100644 --- a/projects/resiprocate/Dockerfile +++ b/projects/resiprocate/Dockerfile @@ -16,13 +16,6 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool pkg-config -RUN git clone https://github.com/fmtlib/fmt && \ - cd fmt && \ - mkdir build && \ - cd build && \ - cmake .. && \ - make && \ - make install RUN git clone --depth 1 https://github.com/resiprocate/resiprocate.git resiprocate WORKDIR resiprocate COPY build.sh $SRC/ diff --git a/projects/rnp/Dockerfile b/projects/rnp/Dockerfile index 008286078..c82713bef 100755 --- a/projects/rnp/Dockerfile +++ b/projects/rnp/Dockerfile @@ -27,7 +27,7 @@ RUN apt-get install -y \ zlib1g-dev \ libjson-c-dev \ build-essential \ - python \ + python-minimal \ wget RUN git clone --depth 1 https://github.com/rnpgp/rnp.git rnp diff --git a/projects/rnp/build.sh b/projects/rnp/build.sh index 95439b6dc..1bfd8aa5f 100755 --- a/projects/rnp/build.sh +++ b/projects/rnp/build.sh @@ -62,4 +62,4 @@ done mkdir -p "${OUT}/lib" cp src/lib/librnp.so.0 "${OUT}/lib/" cp /usr/lib/libbotan-2.so.16 "${OUT}/lib/" -cp /lib/x86_64-linux-gnu/libjson-c.so.* "${OUT}/lib/" +cp /lib/x86_64-linux-gnu/libjson-c.so.2 "${OUT}/lib/" diff --git a/projects/rocksdb/build.sh b/projects/rocksdb/build.sh index e336559bd..af784a2b1 100755 --- a/projects/rocksdb/build.sh +++ b/projects/rocksdb/build.sh @@ -21,7 +21,6 @@ export PATH=$PWD/external.protobuf/bin:$PATH cd $SRC/rocksdb export FUZZ_ENV=ossfuzz export CC=$CXX -export DISABLE_WARNING_AS_ERROR=1 make static_lib cd fuzz diff --git a/projects/runc/Dockerfile b/projects/runc/Dockerfile index ccef86642..78616e91e 100644 --- a/projects/runc/Dockerfile +++ b/projects/runc/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/opencontainers/runc COPY build.sh $SRC/ WORKDIR $SRC/runc diff --git a/projects/rust-regex/Dockerfile b/projects/rust-regex/Dockerfile index e1b5b40da..c64a6a1e6 100644 --- a/projects/rust-regex/Dockerfile +++ b/projects/rust-regex/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/rust-lang/regex regex WORKDIR $SRC diff --git a/projects/rustls/Dockerfile b/projects/rustls/Dockerfile index 361e30a3d..7406a474b 100644 --- a/projects/rustls/Dockerfile +++ b/projects/rustls/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool curl cmake python llvm-dev libclang-dev clang RUN git clone https://github.com/ctz/rustls @@ -22,3 +22,4 @@ RUN git clone https://github.com/ctz/rustls WORKDIR $SRC COPY build.sh $SRC/ +COPY persist.rs $SRC/rustls/fuzz/fuzzers/persist.rs diff --git a/projects/rustls/build.sh b/projects/rustls/build.sh index 1f16177d2..d00359e98 100755 --- a/projects/rustls/build.sh +++ b/projects/rustls/build.sh @@ -22,8 +22,4 @@ cp fuzz/target/x86_64-unknown-linux-gnu/release/deframer $OUT/ cp fuzz/target/x86_64-unknown-linux-gnu/release/fragment $OUT/ cp fuzz/target/x86_64-unknown-linux-gnu/release/hsjoiner $OUT/ cp fuzz/target/x86_64-unknown-linux-gnu/release/message $OUT/ -if [ "$SANITIZER" != "coverage" ] -then - cp fuzz/target/x86_64-unknown-linux-gnu/release/server $OUT/ - cp fuzz/target/x86_64-unknown-linux-gnu/release/persist $OUT/ -fi +cp fuzz/target/x86_64-unknown-linux-gnu/release/server $OUT/ diff --git a/projects/jsoup/HtmlFuzzer.java b/projects/rustls/persist.rs index 5f2090e7f..186cd9af6 100644 --- a/projects/jsoup/HtmlFuzzer.java +++ b/projects/rustls/persist.rs @@ -10,16 +10,21 @@ // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and -// limitations under the License. +//limitations under the License. // -//////////////////////////////////////////////////////////////////////////////// +//################################################################################ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate rustls; -import com.code_intelligence.jazzer.api.FuzzedDataProvider; +use rustls::internal::msgs::persist; +use rustls::internal::msgs::codec::{Reader, Codec}; -import org.jsoup.Jsoup; - -public class HtmlFuzzer { - public static void fuzzerTestOneInput(FuzzedDataProvider data) { - Jsoup.parse(data.consumeRemainingAsString()); - } +fn try_type<T>(data: &[u8]) where T: Codec { + let mut rdr = Reader::init(data); + T::read(&mut rdr); } + +fuzz_target!(|data: &[u8]| { + try_type::<persist::ServerSessionValue>(data); +}); diff --git a/projects/rustls/project.yaml b/projects/rustls/project.yaml index d483a379a..73e4f27d6 100644 --- a/projects/rustls/project.yaml +++ b/projects/rustls/project.yaml @@ -8,5 +8,3 @@ fuzzing_engines: language: rust auto_ccs: - "david@adalogics.com" - - "dirkjan@ochtman.nl" - - "brian@briansmith.org" diff --git a/projects/s2geometry/Dockerfile b/projects/s2geometry/Dockerfile deleted file mode 100644 index 8f58a555a..000000000 --- a/projects/s2geometry/Dockerfile +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && \ - apt-get -y install \ - libgflags-dev \ - libgoogle-glog-dev \ - libgtest-dev libssl-dev \ - make \ - curl - -# OpenSSL -ARG OPENSSL_VERSION=1.1.1g -ARG OPENSSL_HASH=ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46 -RUN set -ex \ - && curl -s -O https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz \ - && echo "${OPENSSL_HASH} openssl-${OPENSSL_VERSION}.tar.gz" | sha256sum -c \ - && tar -xzf openssl-${OPENSSL_VERSION}.tar.gz \ - && cd openssl-${OPENSSL_VERSION} \ - && ./Configure linux-x86_64 no-shared --static "$CFLAGS" \ - && make build_generated \ - && make libcrypto.a \ - && make install - -RUN git clone https://github.com/google/s2geometry -WORKDIR $SRC/s2geometry -COPY build.sh \ - s2_fuzzer.cc \ - $SRC/ diff --git a/projects/s2geometry/build.sh b/projects/s2geometry/build.sh deleted file mode 100755 index 1b7cd97e7..000000000 --- a/projects/s2geometry/build.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -mkdir build && cd build -cmake -DBUILD_SHARED_LIBS=OFF \ - -DABSL_MIN_LOG_LEVEL=4 \ - -DGTEST_ROOT=/usr/src/gtest .. -make -j$(nproc) - -$CXX $CXXFLAGS -DABSL_MIN_LOG_LEVEL=4 \ - -I/src/s2geometry/src \ - -I/usr/src/gtest/include -std=c++11 \ - -c $SRC/s2_fuzzer.cc \ - -o s2_fuzzer.o - -$CXX $CXXFLAGS $LIB_FUZZING_ENGINE \ - s2_fuzzer.o -o $OUT/s2_fuzzer \ - /src/s2geometry/build/libs2.a \ - /src/openssl-1.1.1g/libssl.a \ - /src/openssl-1.1.1g/libcrypto.a diff --git a/projects/s2geometry/project.yaml b/projects/s2geometry/project.yaml deleted file mode 100644 index 8f53bde78..000000000 --- a/projects/s2geometry/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://github.com/google/s2geometry" -language: c++ -primary_contact: "jmr@google.com" -auto_ccs: - - "Adam@adalogics.com" -sanitizers: - - address - - undefined - - memory -main_repo: "https://github.com/google/s2geometry" diff --git a/projects/s2geometry/s2_fuzzer.cc b/projects/s2geometry/s2_fuzzer.cc deleted file mode 100644 index 62050a0dc..000000000 --- a/projects/s2geometry/s2_fuzzer.cc +++ /dev/null @@ -1,99 +0,0 @@ -/* -# Copyright 2020 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -*/ - -#include <stdint.h> -#include <stdlib.h> -#include <string.h> - -#include "s2/s2shapeutil_range_iterator.h" -#include "s2/third_party/absl/strings/str_split.h" -#include "s2/third_party/absl/strings/string_view.h" - -#include "s2/mutable_s2shape_index.h" -#include "s2/s2text_format.h" - -// A string-splitter used to help validate the string -// passed to s2 -static std::vector<absl::string_view> SplitString(absl::string_view str, - char separator) { - std::vector<absl::string_view> result = - absl::StrSplit(str, separator, absl::SkipWhitespace()); - for (auto &e : result) { - e = absl::StripAsciiWhitespace(e); - } - return result; -} - -// Null-terminates the fuzzers input test case -char *null_terminated(const uint8_t *data, size_t size) { - char *new_str = (char *)malloc(size + 1); - if (new_str == NULL) { - return 0; - } - memcpy(new_str, data, size); - new_str[size] = '\0'; - return new_str; -} - -// Do a bit of validation that is also done by s2 -// We do them here since s2 would terminate if they -// would return false inside s2. -bool isValidFormat(char *nt_string, size_t size) { - int hash_count = 0; - for (int i = 0; i < size; i++) { - if (nt_string[i] == 35) { - hash_count++; - } - } - if (hash_count != 2) { - return false; - } - - std::vector<absl::string_view> strs = SplitString(nt_string, '#'); - size_t strs_size = strs.size(); - if (strs.size() != 3) { - return false; - } - - auto index1 = absl::make_unique<MutableS2ShapeIndex>(); - if (s2textformat::MakeIndex(nt_string, &index1) == false) { - return false; - } - return true; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - - if (size < 5) { - return 0; - } - - char *nt_string = null_terminated(data, size); - if (nt_string == NULL) { - return 0; - } - if (isValidFormat(nt_string, size)) { - auto index = s2textformat::MakeIndex(nt_string); - s2shapeutil::RangeIterator it(*index); - if (!it.done()) { - it.Next(); - } - } - free(nt_string); - return 0; -} diff --git a/projects/samba/project.yaml b/projects/samba/project.yaml index 7e7cdc57d..6f7ea359e 100644 --- a/projects/samba/project.yaml +++ b/projects/samba/project.yaml @@ -1,5 +1,4 @@ homepage: "https://samba.org" -main_repo: "https://git.samba.org/samba.git" language: c primary_contact: "douglas.bagnall@catalyst.net.nz" auto_ccs: @@ -10,7 +9,6 @@ auto_ccs: - "sloowfranklin@gmail.com" - "gdeschner@gmail.com" - "volker.lendecke@gmail.com" - - "davidmmulder@gmail.com" fuzzing_engines: - libfuzzer - honggfuzz diff --git a/projects/scapy/Dockerfile b/projects/scapy/Dockerfile index 08806d9fc..6631b327e 100644 --- a/projects/scapy/Dockerfile +++ b/projects/scapy/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-python +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone \ --depth 1 \ diff --git a/projects/scapy/build.sh b/projects/scapy/build.sh index 223ffa36d..b3270da76 100644 --- a/projects/scapy/build.sh +++ b/projects/scapy/build.sh @@ -30,7 +30,7 @@ for fuzzer in $(find $SRC -name '*_fuzzer.py'); do this_dir=\$(dirname \"\$0\") ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \ \$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename + chmod u+x $OUT/$fuzzer_basename done zip -j $OUT/pcap_fuzzer_seed_corpus.zip test/pcaps/* diff --git a/projects/scapy/pcap_fuzzer.py b/projects/scapy/pcap_fuzzer.py index 0b72f0abb..aaf1f5ffb 100644 --- a/projects/scapy/pcap_fuzzer.py +++ b/projects/scapy/pcap_fuzzer.py @@ -14,14 +14,13 @@ # See the License for the specific language governing permissions and # limitations under the License. +import io import sys import atheris -with atheris.instrument_imports(): - import io - import scapy - import scapy.error - import scapy.utils +import scapy +import scapy.error +import scapy.utils def TestOneInput(input_bytes): @@ -32,7 +31,7 @@ def TestOneInput(input_bytes): def main(): - atheris.Setup(sys.argv, TestOneInput) + atheris.Setup(sys.argv, TestOneInput, enable_python_coverage=True) atheris.Fuzz() diff --git a/projects/selinux/Dockerfile b/projects/selinux/Dockerfile index 1c278d7c6..b62b4aeb9 100644 --- a/projects/selinux/Dockerfile +++ b/projects/selinux/Dockerfile @@ -30,4 +30,4 @@ RUN apt-get update && \ xmlto RUN git clone --depth 1 https://github.com/SELinuxProject/selinux WORKDIR selinux -COPY build.sh $SRC/ +COPY build.sh *.c $SRC/ diff --git a/projects/selinux/build.sh b/projects/selinux/build.sh index 0661536fc..e2979ad79 100755 --- a/projects/selinux/build.sh +++ b/projects/selinux/build.sh @@ -14,4 +14,13 @@ # limitations under the License. # ################################################################################ -./scripts/oss-fuzz.sh + +export DESTDIR=$(pwd)/DESTDIR +export LDFLAGS="${LDFLAGS:-} $CFLAGS" + +find -name Makefile | xargs sed -i 's/,-z,defs//' +make V=1 -j$(nproc) install + +$CC $CFLAGS -I$DESTDIR/usr/include -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -c -o secilc-fuzzer.o $SRC/secilc-fuzzer.c +$CXX $CXXFLAGS $LIB_FUZZING_ENGINE secilc-fuzzer.o $DESTDIR/usr/lib/libsepol.a -o $OUT/secilc-fuzzer +zip -r $OUT/secilc-fuzzer_seed_corpus.zip secilc/test diff --git a/projects/selinux/secilc-fuzzer.c b/projects/selinux/secilc-fuzzer.c new file mode 100644 index 000000000..c99df95a1 --- /dev/null +++ b/projects/selinux/secilc-fuzzer.c @@ -0,0 +1,87 @@ +/* +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +*/ + +#include <stdlib.h> +#include <stdio.h> +#include <stdint.h> +#include <string.h> +#include <getopt.h> +#include <sys/stat.h> + +#include <sepol/cil/cil.h> +#include <sepol/policydb.h> + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + enum cil_log_level log_level = CIL_ERR; + struct sepol_policy_file *pf = NULL; + FILE *dev_null = NULL; + int target = SEPOL_TARGET_SELINUX; + int disable_dontaudit = 0; + int multiple_decls = 0; + int disable_neverallow = 0; + int preserve_tunables = 0; + int policyvers = POLICYDB_VERSION_MAX; + int mls = -1; + int attrs_expand_generated = 0; + struct cil_db *db = NULL; + sepol_policydb_t *pdb = NULL; + + cil_set_log_level(log_level); + + cil_db_init(&db); + cil_set_disable_dontaudit(db, disable_dontaudit); + cil_set_multiple_decls(db, multiple_decls); + cil_set_disable_neverallow(db, disable_neverallow); + cil_set_preserve_tunables(db, preserve_tunables); + cil_set_mls(db, mls); + cil_set_target_platform(db, target); + cil_set_policy_version(db, policyvers); + cil_set_attrs_expand_generated(db, attrs_expand_generated); + + if (cil_add_file(db, "fuzz", data, size) != SEPOL_OK) + goto exit; + + if (cil_compile(db) != SEPOL_OK) + goto exit; + + if (cil_build_policydb(db, &pdb) != SEPOL_OK) + goto exit; + + if (sepol_policydb_optimize(pdb) != SEPOL_OK) + goto exit; + + dev_null = fopen("/dev/null", "w"); + if (dev_null == NULL) + goto exit; + + if (sepol_policy_file_create(&pf) != 0) + goto exit; + + sepol_policy_file_set_fp(pf, dev_null); + + if (sepol_policydb_write(pdb, pf) != 0) + goto exit; +exit: + if (dev_null != NULL) + fclose(dev_null); + + cil_db_destroy(&db); + sepol_policydb_free(pdb); + sepol_policy_file_free(pf); + return 0; +} diff --git a/projects/sentencepiece/project.yaml b/projects/sentencepiece/project.yaml index 2668dd021..579c70320 100644 --- a/projects/sentencepiece/project.yaml +++ b/projects/sentencepiece/project.yaml @@ -3,9 +3,8 @@ language: c++ primary_contact: "taku@google.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined architectures: - x86_64 -main_repo: 'https://github.com/google/sentencepiece.git'
\ No newline at end of file +main_repo: 'https://github.com/google/sentencepiece.git' diff --git a/projects/serde-yaml/Dockerfile b/projects/serde-yaml/Dockerfile index 216394c77..42b1ce384 100644 --- a/projects/serde-yaml/Dockerfile +++ b/projects/serde-yaml/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/dtolnay/serde-yaml serde-yaml WORKDIR $SRC diff --git a/projects/serde_json/Dockerfile b/projects/serde_json/Dockerfile index 395b89715..d27ebda2d 100644 --- a/projects/serde_json/Dockerfile +++ b/projects/serde_json/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool curl cmake python llvm-dev libclang-dev clang RUN git clone --depth 1 https://github.com/serde-rs/json json diff --git a/projects/servo/Dockerfile b/projects/servo/Dockerfile index 6fbeef8a2..a0e081d0c 100644 --- a/projects/servo/Dockerfile +++ b/projects/servo/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/servo/html5ever RUN git clone --depth 1 https://github.com/servo/rust-url diff --git a/projects/simd/Dockerfile b/projects/simd/Dockerfile deleted file mode 100644 index 5c030e0df..000000000 --- a/projects/simd/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make -RUN git clone --depth 1 https://github.com/ermig1979/Simd -WORKDIR Simd -COPY build.sh simd_load_fuzzer.cpp $SRC/ diff --git a/projects/simd/build.sh b/projects/simd/build.sh deleted file mode 100755 index 8f0c3e76e..000000000 --- a/projects/simd/build.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - - -mkdir build && cd build -cmake ../prj/cmake \ - -DCMAKE_BUILD_TYPE="Release" -make -j$(nproc) - -$CXX $CXXFLAGS -I/src/Simd/src -O3 -DNDEBUG -fPIC \ - -c $SRC/simd_load_fuzzer.cpp -o simd_load_fuzzer.o \ - -std=c++11 -ferror-limit=5 -m64 -mtune=native - -$CXX $CXXFLAGS $LIB_FUZZING_ENGINE simd_load_fuzzer.o \ - -o $OUT/simd_load_fuzzer \ - $(find $SRC -name "libSimd.a") diff --git a/projects/simd/project.yaml b/projects/simd/project.yaml deleted file mode 100644 index 07eaebd3c..000000000 --- a/projects/simd/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "http://ermig1979.github.io/Simd" -language: c++ -primary_contact: "ermig@tut.by" -auto_ccs: - - "Adam@adalogics.com" -sanitizers: - - address - - undefined - - memory -main_repo: 'https://github.com/ermig1979/Simd' diff --git a/projects/simd/simd_load_fuzzer.cpp b/projects/simd/simd_load_fuzzer.cpp deleted file mode 100644 index e93d1b874..000000000 --- a/projects/simd/simd_load_fuzzer.cpp +++ /dev/null @@ -1,32 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include <stdint.h> -#include <string.h> -#include <stdlib.h> -#include "Test/TestUtils.h" - -extern "C" -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size){ - if (size<5) { - return 0; - } - Test::View::Format formats[4] = {Test::View::Gray8, - Test::View::Bgr24, - Test::View::Bgra32, - Test::View::Rgb24}; - for(int i=0; i<4; i++) { - Test::View dst1; - dst1.Load(data, size, formats[i]); - } - return 0; -} diff --git a/projects/simdjson/project.yaml b/projects/simdjson/project.yaml index 538892ddd..33b298a61 100644 --- a/projects/simdjson/project.yaml +++ b/projects/simdjson/project.yaml @@ -1,10 +1,7 @@ -homepage: "https://simdjson.org/" +homepage: "https://github.com/simdjson/simdjson" language: c++ primary_contact: "pauldreikossfuzz@gmail.com" auto_ccs: - "lemire@gmail.com" -sanitizers: -- address -- undefined -- memory + main_repo: 'https://github.com/simdjson/simdjson.git' diff --git a/projects/skia/Dockerfile b/projects/skia/Dockerfile index 4af5722aa..e42908840 100644 --- a/projects/skia/Dockerfile +++ b/projects/skia/Dockerfile @@ -17,7 +17,7 @@ FROM gcr.io/oss-fuzz-base/base-builder # Mesa and libz/zlib needed to build swiftshader -RUN apt-get update && apt-get install -y python wget libglu1-mesa-dev cmake lib32z1-dev zlib1g-dev libxext-dev +RUN apt-get update && apt-get install -y python wget libglu1-mesa-dev cmake lib32z1-dev zlib1g-dev RUN git clone 'https://chromium.googlesource.com/chromium/tools/depot_tools.git' --depth 1 ENV PATH="${SRC}/depot_tools:${PATH}" diff --git a/projects/skia/build.sh b/projects/skia/build.sh index d4a2b6a18..0f6d73fb4 100644 --- a/projects/skia/build.sh +++ b/projects/skia/build.sh @@ -43,17 +43,10 @@ elif [ $SANITIZER == "thread" ]; then else exit 1 fi -# These deprecated warnings get quite noisy and mask other issues. -CFLAGS= CXXFLAGS="-stdlib=libc++ -Wno-deprecated-declarations" cmake .. -GNinja \ - -DCMAKE_MAKE_PROGRAM="$SRC/depot_tools/ninja" -D$CMAKE_SANITIZER=1 - -$SRC/depot_tools/ninja libGLESv2_deprecated libEGL_deprecated -# Skia is looking for the names w/o the _deprecated tag. The libraries themselves -# are looking for the _deprecated suffix, so we copy them both ways into the out -# directory. -cp libEGL_deprecated.so $OUT/libEGL.so -cp libGLESv2_deprecated.so $OUT/libGLESv2.so -mv libGLESv2_deprecated.so libEGL_deprecated.so $OUT +CFLAGS= CXXFLAGS="-stdlib=libc++" cmake .. -GNinja -DCMAKE_MAKE_PROGRAM="$SRC/depot_tools/ninja" -D$CMAKE_SANITIZER=1 + +$SRC/depot_tools/ninja libGLESv2 libEGL +mv libGLESv2.so libEGL.so $OUT export SWIFTSHADER_LIB_PATH=$OUT popd @@ -61,10 +54,8 @@ popd DISABLE="-Wno-zero-as-null-pointer-constant -Wno-unused-template -Wno-cast-qual" # Disable UBSan vptr since target built with -fno-rtti. -export CFLAGS="$CFLAGS $DISABLE -I$SWIFTSHADER_INCLUDE_PATH -DGR_EGL_TRY_GLES3_THEN_GLES2\ - -fno-sanitize=vptr -DSK_BUILD_FOR_LIBFUZZER" -export CXXFLAGS="$CXXFLAGS $DISABLE -I$SWIFTSHADER_INCLUDE_PATH -DGR_EGL_TRY_GLES3_THEN_GLES2\ - -fno-sanitize=vptr -DSK_BUILD_FOR_LIBFUZZER" +export CFLAGS="$CFLAGS $DISABLE -I$SWIFTSHADER_INCLUDE_PATH -DGR_EGL_TRY_GLES3_THEN_GLES2 -fno-sanitize=vptr" +export CXXFLAGS="$CXXFLAGS $DISABLE -I$SWIFTSHADER_INCLUDE_PATH -DGR_EGL_TRY_GLES3_THEN_GLES2 -fno-sanitize=vptr" export LDFLAGS="$LIB_FUZZING_ENGINE $CXXFLAGS -L$SWIFTSHADER_LIB_PATH" # This splits a space separated list into a quoted, comma separated list for gn. @@ -82,43 +73,28 @@ if [ "$CIFUZZ" = "true" ]; then fi set -u -SKIA_ARGS="skia_build_fuzzers=true - skia_enable_fontmgr_custom_directory=false - skia_enable_fontmgr_custom_embedded=false - skia_enable_fontmgr_custom_empty=true - skia_enable_gpu=true - skia_enable_skottie=true - skia_use_egl=true - skia_use_fontconfig=false - skia_use_freetype=true - skia_use_system_freetype2=false - skia_use_wuffs=true - skia_use_libfuzzer_defaults=false" - # Even though GPU is "enabled" for all these builds, none really -# uses the gpu except for api_mock_gpu_canvas. +# uses the gpu except for api_mock_gpu_canvas $SRC/skia/bin/gn gen out/Fuzz\ --args='cc="'$CC'" cxx="'$CXX'" - '"$LIMITED_LINK_POOL"' - '"${SKIA_ARGS[*]}"' + '$LIMITED_LINK_POOL' is_debug=false extra_cflags_c=["'"$CFLAGS_ARR"'"] extra_cflags_cc=["'"$CXXFLAGS_ARR"'"] - extra_ldflags=["'"$LDFLAGS_ARR"'"]' - -# Some fuzz targets benefit from assertions so we enable SK_DEBUG to allow SkASSERT -# and SkDEBUGCODE to run. We still enable optimization (via is_debug=false) because -# faster code means more fuzz tests and deeper coverage. -$SRC/skia/bin/gn gen out/FuzzDebug\ - --args='cc="'$CC'" - cxx="'$CXX'" - '"$LIMITED_LINK_POOL"' - '"${SKIA_ARGS[*]}"' - is_debug=false - extra_cflags_c=["-DSK_DEBUG","'"$CFLAGS_ARR"'"] - extra_cflags_cc=["-DSK_DEBUG","'"$CXXFLAGS_ARR"'"] - extra_ldflags=["'"$LDFLAGS_ARR"'"]' + extra_ldflags=["'"$LDFLAGS_ARR"'"] + skia_build_fuzzers=true + skia_enable_fontmgr_custom_directory=false + skia_enable_fontmgr_custom_embedded=false + skia_enable_fontmgr_custom_empty=true + skia_enable_gpu=true + skia_enable_skottie=true + skia_use_egl=true + skia_use_fontconfig=false + skia_use_freetype=true + skia_use_system_freetype2=false + skia_use_wuffs=true + skia_use_libfuzzer_defaults=false' $SRC/depot_tools/ninja -C out/Fuzz \ android_codec \ @@ -137,7 +113,6 @@ $SRC/depot_tools/ninja -C out/Fuzz \ api_regionop \ api_skparagraph \ api_svg_canvas \ - api_triangulation \ image_decode \ image_decode_incremental \ image_filter_deserialize \ @@ -150,16 +125,14 @@ $SRC/depot_tools/ninja -C out/Fuzz \ skjson \ skottie_json \ skp \ - svg_dom \ - textblob_deserialize \ - webp_encoder - -$SRC/depot_tools/ninja -C out/FuzzDebug \ skruntimeeffect \ sksl2glsl \ sksl2metal \ sksl2pipeline \ sksl2spirv \ + svg_dom \ + textblob_deserialize \ + webp_encoder rm -rf $OUT/data mkdir $OUT/data @@ -251,16 +224,16 @@ mv out/Fuzz/image_decode_incremental $OUT/image_decode_incremental mv ../skia_data/image_decode_seed_corpus.zip $OUT/image_decode_incremental_seed_corpus.zip # These 4 use the same sksl_seed_corpus. -mv out/FuzzDebug/sksl2glsl $OUT/sksl2glsl +mv out/Fuzz/sksl2glsl $OUT/sksl2glsl cp ../skia_data/sksl_seed_corpus.zip $OUT/sksl2glsl_seed_corpus.zip -mv out/FuzzDebug/sksl2spirv $OUT/sksl2spirv +mv out/Fuzz/sksl2spirv $OUT/sksl2spirv cp ../skia_data/sksl_seed_corpus.zip $OUT/sksl2spirv_seed_corpus.zip -mv out/FuzzDebug/sksl2metal $OUT/sksl2metal +mv out/Fuzz/sksl2metal $OUT/sksl2metal cp ../skia_data/sksl_seed_corpus.zip $OUT/sksl2metal_seed_corpus.zip -mv out/FuzzDebug/sksl2pipeline $OUT/sksl2pipeline +mv out/Fuzz/sksl2pipeline $OUT/sksl2pipeline mv ../skia_data/sksl_seed_corpus.zip $OUT/sksl2pipeline_seed_corpus.zip mv out/Fuzz/skdescriptor_deserialize $OUT/skdescriptor_deserialize @@ -269,7 +242,7 @@ mv out/Fuzz/svg_dom $OUT/svg_dom mv ../skia_data/svg_dom_seed_corpus.zip $OUT/svg_dom_seed_corpus.zip -mv out/FuzzDebug/skruntimeeffect $OUT/skruntimeeffect +mv out/Fuzz/skruntimeeffect $OUT/skruntimeeffect mv ../skia_data/sksl_with_256_padding_seed_corpus.zip $OUT/skruntimeeffect_seed_corpus.zip mv out/Fuzz/api_create_ddl $OUT/api_create_ddl @@ -282,5 +255,3 @@ mv ../skia_data/skp_seed_corpus.zip $OUT/skp_seed_corpus.zip mv out/Fuzz/api_skparagraph $OUT/api_skparagraph mv out/Fuzz/api_regionop $OUT/api_regionop - -mv out/Fuzz/api_triangulation $OUT/api_triangulation diff --git a/projects/skia/project.yaml b/projects/skia/project.yaml index 4cbfa2c36..824ac2117 100644 --- a/projects/skia/project.yaml +++ b/projects/skia/project.yaml @@ -3,19 +3,20 @@ language: c++ primary_contact: "kjlubick@chromium.org" auto_ccs: - "hcm@google.com" + - "mtklein@google.com" - "reed@google.com" - "bsalomon@google.com" - "brianosman@google.com" - "johnstiles@google.com" - "ethannicholas@google.com" + - "westont@google.com" vendor_ccs: - "lsalzman@mozilla.com" - "twsmith@mozilla.com" sanitizers: - address - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory help_url: "https://skia.org/dev/testing/fuzz" builds_per_day: 4 main_repo: 'https://skia.googlesource.com/skia.git' diff --git a/projects/sleuthkit/Dockerfile b/projects/sleuthkit/Dockerfile index a13087ffe..cf04b56ab 100644 --- a/projects/sleuthkit/Dockerfile +++ b/projects/sleuthkit/Dockerfile @@ -18,4 +18,4 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool RUN git clone --depth 1 https://github.com/sleuthkit/sleuthkit sleuthkit WORKDIR sleuthkit -COPY build.sh buildcorpus.sh sleuthkit_mem_img.h *_fuzzer.cc $SRC/ +COPY build.sh sleuthkit_mem_img.h *_fuzzer.cc $SRC/ diff --git a/projects/sleuthkit/build.sh b/projects/sleuthkit/build.sh index 2443ffaab..7ed222a73 100755 --- a/projects/sleuthkit/build.sh +++ b/projects/sleuthkit/build.sh @@ -18,10 +18,8 @@ export CFLAGS="$CFLAGS -Wno-error=non-c-typedef-for-linkage" export CXXFLAGS="$CXXFLAGS -Wno-error=non-c-typedef-for-linkage" -${SRC}/buildcorpus.sh - ./bootstrap -./configure --enable-static --disable-shared --disable-java --without-afflib --without-libewf --without-libvhdi --without-libvmdk +./configure --enable-static --disable-shared --disable-java make -j$(nproc) declare -A TSK_FS_TYPES=( @@ -39,20 +37,14 @@ declare -A TSK_VS_TYPES=( ["sun"]="TSK_VS_TYPE_SUN" ) -# The fls APFS fuzz target has a seperate source file since it uses the libtsk -# pool layer. -$CXX $CXXFLAGS -std=c++14 -I.. -I. -Itsk \ - $SRC/sleuthkit_fls_apfs_fuzzer.cc -o $OUT/sleuthkit_fls_apfs_fuzzer \ - $LIB_FUZZING_ENGINE $SRC/sleuthkit/tsk/.libs/libtsk.a - for type in ${!TSK_FS_TYPES[@]}; do - $CXX $CXXFLAGS -std=c++14 -I.. -I. -Itsk -DFSTYPE=${TSK_FS_TYPES[$type]} \ + $CXX $CXXFLAGS -std=c++11 -I.. -I. -Itsk -DFSTYPE=${TSK_FS_TYPES[$type]} \ $SRC/sleuthkit_fls_fuzzer.cc -o $OUT/sleuthkit_fls_${type}_fuzzer \ $LIB_FUZZING_ENGINE $SRC/sleuthkit/tsk/.libs/libtsk.a done for type in ${!TSK_VS_TYPES[@]}; do - $CXX $CXXFLAGS -std=c++14 -I.. -I. -Itsk -DVSTYPE=${TSK_VS_TYPES[$type]} \ + $CXX $CXXFLAGS -std=c++11 -I.. -I. -Itsk -DVSTYPE=${TSK_VS_TYPES[$type]} \ $SRC/sleuthkit_mmls_fuzzer.cc -o $OUT/sleuthkit_mmls_${type}_fuzzer \ $LIB_FUZZING_ENGINE $SRC/sleuthkit/tsk/.libs/libtsk.a done diff --git a/projects/sleuthkit/buildcorpus.sh b/projects/sleuthkit/buildcorpus.sh deleted file mode 100755 index 435f475f1..000000000 --- a/projects/sleuthkit/buildcorpus.sh +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/bash -eu -# -# Script to downloads test data and build the corpus -# -# Copyright 2021 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Test data provided by: -# -# The Fuzzing Project: https://fuzzing-project.org/resources.html -# As CC0 1.0 Universal (CC0 1.0) Public Domain Dedication -# https://creativecommons.org/publicdomain/zero/1.0/ -# -# The dfVFS project: https://github.com/log2timeline/dfvfs -# As Apache 2 https://github.com/log2timeline/dfvfs/blob/main/LICENSE - -# Files to use for fls fuzz targets -declare -A FLS_TEST_FILES=( - ["apfs"]="https://github.com/log2timeline/dfvfs/blob/main/test_data/apfs.raw?raw=true" - ["ext"]="https://files.fuzzing-project.org/filesystems/ext2.img" - ["fat"]="https://files.fuzzing-project.org/filesystems/exfat.img https://files.fuzzing-project.org/filesystems/fat12.img https://files.fuzzing-project.org/filesystems/fat16.img https://files.fuzzing-project.org/filesystems/fat32.img" - ["hfs"]="https://files.fuzzing-project.org/filesystems/hfsplus.img" - ["iso9660"]="https://files.fuzzing-project.org/discimages/iso9660.iso" - ["ntfs"]="https://files.fuzzing-project.org/filesystems/ntfs.img" -) - -# Files to use for mmls fuzz targets -declare -A MMLS_TEST_FILES=( - ["dos"]="https://files.fuzzing-project.org/discimages/partition-dos" - ["gpt"]="https://files.fuzzing-project.org/discimages/partition-gpt" - ["mac"]="https://files.fuzzing-project.org/discimages/partition-mac" -) - - -for type in ${!FLS_TEST_FILES[@]}; do - fuzz_target="sleuthkit_fls_${type}_fuzzer" - - mkdir -p "test_data/${fuzz_target}" - - IFS=" "; for url in ${FLS_TEST_FILES[$type]}; do - filename=$( echo ${url} | sed 's/?[^?]*$//' ) - filename=$( basename ${filename} ) - - curl -L -o "test_data/${fuzz_target}/${filename}" "${url}" - done - - (cd "test_data/${fuzz_target}" && zip ${OUT}/${fuzz_target}_seed_corpus.zip *) -done - - -for type in ${!MMLS_TEST_FILES[@]}; do - fuzz_target="sleuthkit_mmls_${type}_fuzzer" - - mkdir -p "test_data/${fuzz_target}" - - IFS=" "; for url in ${MMLS_TEST_FILES[$type]}; do - filename=$( echo ${url} | sed 's/?[^?]*$//' ) - filename=$( basename ${filename} ) - - curl -L -o "test_data/${fuzz_target}/${filename}" "${url}" - done - - (cd "test_data/${fuzz_target}" && zip ${OUT}/${fuzz_target}_seed_corpus.zip *) -done diff --git a/projects/sleuthkit/sleuthkit_fls_apfs_fuzzer.cc b/projects/sleuthkit/sleuthkit_fls_apfs_fuzzer.cc deleted file mode 100644 index 5c0f40272..000000000 --- a/projects/sleuthkit/sleuthkit_fls_apfs_fuzzer.cc +++ /dev/null @@ -1,60 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include <stddef.h> -#include <stdint.h> - -#include "sleuthkit/tsk/tsk_tools_i.h" -#include "sleuthkit/tsk/fs/tsk_fs.h" -#include "sleuthkit/tsk/pool/tsk_pool.h" -#include "sleuthkit_mem_img.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - TSK_IMG_INFO* img; - TSK_IMG_INFO* pool_img; - TSK_FS_INFO* fs; - const TSK_POOL_INFO* pool; - - img = mem_open(data, size); - if (img == nullptr) { - return 0; - } - pool = tsk_pool_open_img_sing(img, 0, TSK_POOL_TYPE_APFS); - - if (pool == nullptr) { - goto out_img; - } - // Pool start block is APFS container specific and is hard coded for now - pool_img = pool->get_img_info(pool, (TSK_DADDR_T) 106); - - if (pool_img == nullptr) { - goto out_pool; - } - fs = tsk_fs_open_img_decrypt(pool_img, 0, TSK_FS_TYPE_APFS_DETECT, ""); - - if (fs != nullptr) { - tsk_fs_fls(fs, TSK_FS_FLS_FULL, fs->root_inum, TSK_FS_DIR_WALK_FLAG_RECURSE, nullptr, 0); - - fs->close(fs); - } - tsk_img_close(pool_img); - -out_pool: - tsk_pool_close(pool); - -out_img: - tsk_img_close(img); - - return 0; -} diff --git a/projects/smt/Dockerfile b/projects/smt/Dockerfile deleted file mode 100644 index 536986d23..000000000 --- a/projects/smt/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-go -RUN git clone https://github.com/celestiaorg/smt - -COPY build.sh $SRC -WORKDIR $SRC/smt diff --git a/projects/smt/build.sh b/projects/smt/build.sh deleted file mode 100755 index 48547497b..000000000 --- a/projects/smt/build.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -bash -x ./oss-fuzz-build.sh diff --git a/projects/smt/project.yaml b/projects/smt/project.yaml deleted file mode 100644 index 471479e5e..000000000 --- a/projects/smt/project.yaml +++ /dev/null @@ -1,12 +0,0 @@ -homepage: "https://github.com/celestiaorg/smt" -primary_contact: "ismail@celestia.org" -auto_ccs: - - fuzzing@orijtech.com - - emmanuel@orijtech.com - - cuong@orijtech.com -language: go -fuzzing_engines: - - libfuzzer -sanitizers: - - address -main_repo: "https://github.com/celestiaorg/smt" diff --git a/projects/solidity/Dockerfile b/projects/solidity/Dockerfile index 4272be5ca..c59136c8f 100644 --- a/projects/solidity/Dockerfile +++ b/projects/solidity/Dockerfile @@ -19,17 +19,16 @@ RUN apt-get update && apt-get install -y make autoconf automake libtool \ build-essential libbz2-dev ninja-build zlib1g-dev wget python python-dev \ liblzma-dev uuid-dev pkg-config openjdk-8-jdk unzip mlton -RUN git clone --recursive -b develop https://github.com/ethereum/solidity.git solidity +RUN git clone --recursive -b breaking https://github.com/ethereum/solidity.git solidity RUN git clone --depth 1 https://github.com/ethereum/solidity-fuzzing-corpus.git RUN git clone --depth 1 https://github.com/google/libprotobuf-mutator.git -# evmone v0.8.2 fixes: https://github.com/ethereum/evmone/issues/373 -RUN git clone --branch="v0.8.2" --recurse-submodules \ +RUN git clone --branch="v0.4.0" --recurse-submodules \ https://github.com/ethereum/evmone.git # Install statically built dependencies in "/usr" directory # Install boost RUN cd $SRC; \ - wget -q 'https://boostorg.jfrog.io/artifactory/main/release/1.73.0/source/boost_1_73_0.tar.bz2' -O boost.tar.bz2; \ + wget -q 'https://dl.bintray.com/boostorg/release/1.73.0/source/boost_1_73_0.tar.bz2' -O boost.tar.bz2; \ test "$(sha256sum boost.tar.bz2)" = "4eb3b8d442b426dc35346235c8733b5ae35ba431690e38c6a8263dce9fcbb402 boost.tar.bz2"; \ tar -xf boost.tar.bz2; \ rm boost.tar.bz2; \ diff --git a/projects/solidity/build.sh b/projects/solidity/build.sh index 9f9668b97..ae5844c74 100755 --- a/projects/solidity/build.sh +++ b/projects/solidity/build.sh @@ -20,7 +20,18 @@ set -ex ROOTDIR="${SRC}/solidity" BUILDDIR="${ROOTDIR}/build" -mkdir -p "${BUILDDIR}" +mkdir -p "${BUILDDIR}" && mkdir -p "$BUILDDIR/deps" + +ANTLRJAR="${BUILDDIR}/deps/antlr4.8.jar" +ANTLRJAR_URI="https://www.antlr.org/download/antlr-4.8-complete.jar" + +download_antlr4() +{ + if [[ ! -e "${ANTLRJAR}" ]] + then + wget -O "${ANTLRJAR}" "${ANTLRJAR_URI}" + fi +} generate_protobuf_bindings() { @@ -32,6 +43,21 @@ generate_protobuf_bindings() done } +generate_antlr4_bindings() +{ + cd "${ROOTDIR}" + # Replace boolean with bool to suit c++ syntax + sed -i 's/boolean /bool /g' docs/grammar/Solidity.g4 + # Generate antlr4 visitor/parser/lexer c++ bindings + java -jar "${ANTLRJAR}" -Dlanguage=Cpp \ + -Xexact-output-dir -package solidity::test::fuzzer -o test/tools/ossfuzz \ + -no-listener -visitor docs/grammar/SolidityLexer.g4 docs/grammar/Solidity.g4 + # Delete unnecessary autogen files + rm -f "${ROOTDIR}"/test/tools/ossfuzz/Solidity*Visitor.cpp \ + "${ROOTDIR}"/test/tools/ossfuzz/Solidity*.interp \ + "${ROOTDIR}"/test/tools/ossfuzz/Solidity*.tokens +} + build_fuzzers() { cd "${BUILDDIR}" @@ -61,7 +87,9 @@ update_corpus() done } +download_antlr4 generate_protobuf_bindings +generate_antlr4_bindings build_fuzzers copy_fuzzers_and_config -update_corpus +update_corpus
\ No newline at end of file diff --git a/projects/sound-open-firmware/project.yaml b/projects/sound-open-firmware/project.yaml index 5f8f889f0..4065def34 100644 --- a/projects/sound-open-firmware/project.yaml +++ b/projects/sound-open-firmware/project.yaml @@ -3,9 +3,4 @@ primary_contact: "cujomalainey@chromium.org" language: c auto_ccs: - "ranjani.sridharan@intel.corp-partner.google.com" - - "lgirdwood@gmail.com" - - "harsha.p.n@intel.corp-partner.google.com" - - "sathyanarayana.nujella@intel.corp-partner.google.com" - - "adrian.bonislawski@intel.com" - - "michal.wasko@intel.com" main_repo: "https://github.com/thesofproject/sof" diff --git a/projects/spdk/Dockerfile b/projects/spdk/Dockerfile deleted file mode 100644 index 9ac85748e..000000000 --- a/projects/spdk/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make curl yasm autoconf libtool meson nasm -RUN git clone --depth 1 https://github.com/spdk/spdk && \ - cd spdk && \ - git submodule update --init -WORKDIR $SRC/spdk -COPY build.sh parse_json_fuzzer.cc $SRC/ diff --git a/projects/spdk/build.sh b/projects/spdk/build.sh deleted file mode 100755 index 8cf7d6f0e..000000000 --- a/projects/spdk/build.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Build spdk -export LDFLAGS="${CFLAGS}" -./scripts/pkgdep.sh -./configure --without-shared --without-isal -make -j$(nproc) - -# Build fuzzers -$CXX $CXXFLAGS -I/src/spdk -I/src/spdk/include \ - -fPIC -c $SRC/parse_json_fuzzer.cc \ - -o parse_json_fuzzer.o - -$CXX $CXXFLAGS $LIB_FUZZING_ENGINE \ - parse_json_fuzzer.o -o $OUT/parse_json_fuzzer \ - /src/spdk/build/lib/libspdk_env_dpdk.a \ - /src/spdk/build/lib/libspdk_json.a diff --git a/projects/spdk/project.yaml b/projects/spdk/project.yaml deleted file mode 100644 index d326726eb..000000000 --- a/projects/spdk/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://github.com/spdk/spdk" -main_repo: "https://github.com/spdk/spdk" -language: c -primary_contact: "james.r.harris@intel.com" -auto_ccs: - - "Adam@adalogics.com" -sanitizers: - - address - - undefined - - memory diff --git a/projects/spdlog/project.yaml b/projects/spdlog/project.yaml index afea591d9..b2a7b59b3 100644 --- a/projects/spdlog/project.yaml +++ b/projects/spdlog/project.yaml @@ -1,9 +1,10 @@ homepage: "https://github.com/gabime/spdlog" language: c++ primary_contact: "gmelman1@gmail.com" +auto_ccs: + - "ouyangyunshu@google.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined main_repo: 'https://github.com/gabime/spdlog.git' diff --git a/projects/spice-usbredir/Dockerfile b/projects/spice-usbredir/Dockerfile deleted file mode 100644 index 6a1059f88..000000000 --- a/projects/spice-usbredir/Dockerfile +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN \ - apt-get update && \ - apt-get install -y libtool libusb-1.0-0-dev pkg-config libglib2.0-dev && \ - apt-get clean - -# Ubuntu 16.04 ships Meson 0.29 which doesn't support the "feature" option type. -# -# https://mesonbuild.com/Build-options.html#features -RUN python3 -m pip install --no-user --no-cache meson ninja - -RUN git clone --depth 1 https://gitlab.freedesktop.org/spice/usbredir.git $SRC/spice-usbredir - -WORKDIR $SRC/spice-usbredir -COPY build.sh $SRC/ diff --git a/projects/spice-usbredir/build.sh b/projects/spice-usbredir/build.sh deleted file mode 100755 index ffe02a7c1..000000000 --- a/projects/spice-usbredir/build.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -exec ./build-aux/oss-fuzz.sh diff --git a/projects/spice-usbredir/project.yaml b/projects/spice-usbredir/project.yaml deleted file mode 100644 index 391eea346..000000000 --- a/projects/spice-usbredir/project.yaml +++ /dev/null @@ -1,11 +0,0 @@ -homepage: "https://www.spice-space.org/usbredir.html" -language: c++ -primary_contact: "freddy77@gmail.com" -auto_ccs: - - "imsnah@gmail.com" -sanitizers: - - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory - - undefined -main_repo: "https://gitlab.freedesktop.org/spice/usbredir.git"
\ No newline at end of file diff --git a/projects/spidermonkey/Dockerfile b/projects/spidermonkey/Dockerfile index 226091bcc..9c74dce54 100644 --- a/projects/spidermonkey/Dockerfile +++ b/projects/spidermonkey/Dockerfile @@ -21,8 +21,7 @@ RUN apt-get update && apt-get upgrade -y && apt-get install -y \ libc++abi1 \ m4 \ yasm \ - python \ - patchelf + python # This wrapper of cargo seems to interfere with our build system. RUN rm -f /usr/local/bin/cargo diff --git a/projects/spidermonkey/build.sh b/projects/spidermonkey/build.sh index ddee98df1..bf2e03bfc 100755 --- a/projects/spidermonkey/build.sh +++ b/projects/spidermonkey/build.sh @@ -41,6 +41,3 @@ cp dist/bin/js $OUT mkdir -p $OUT/lib cp -L /usr/lib/x86_64-linux-gnu/libc++.so.1 $OUT/lib cp -L /usr/lib/x86_64-linux-gnu/libc++abi.so.1 $OUT/lib - -# Make sure libs are resolved properly -patchelf --set-rpath '$ORIGIN/lib' $OUT/js diff --git a/projects/spirv-tools/Dockerfile b/projects/spirv-tools/Dockerfile deleted file mode 100644 index 9ef1e805e..000000000 --- a/projects/spirv-tools/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake libtool ninja-build -RUN git clone --depth 1 https://github.com/KhronosGroup/SPIRV-Tools.git spirv-tools -WORKDIR spirv-tools -COPY build.sh $SRC/ diff --git a/projects/spirv-tools/build.sh b/projects/spirv-tools/build.sh deleted file mode 100755 index 707c9d6ab..000000000 --- a/projects/spirv-tools/build.sh +++ /dev/null @@ -1,107 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -git clone https://github.com/KhronosGroup/SPIRV-Headers external/spirv-headers --depth=1 -git clone https://github.com/protocolbuffers/protobuf external/protobuf --branch v3.13.0.1 -git clone https://dawn.googlesource.com/tint --depth=1 - -mkdir build -pushd build - -CMAKE_ARGS="-DSPIRV_BUILD_LIBFUZZER_TARGETS=ON -DSPIRV_LIB_FUZZING_ENGINE_LINK_OPTIONS=$LIB_FUZZING_ENGINE" - -# With ubsan, RTTI must be enabled due to certain checks (vptr) requiring it. -if [ $SANITIZER == "undefined" ]; -then - CMAKE_ARGS="${CMAKE_ARGS} -DENABLE_RTTI=ON" -fi -cmake -G Ninja .. ${CMAKE_ARGS} -ninja - -SPIRV_BINARY_FUZZERS="spvtools_binary_parser_fuzzer\ - spvtools_dis_fuzzer\ - spvtools_opt_legalization_fuzzer\ - spvtools_opt_performance_fuzzer\ - spvtools_opt_size_fuzzer\ - spvtools_val_fuzzer" - -SPIRV_ASSEMBLY_FUZZERS="spvtools_as_fuzzer" - -for fuzzer in $SPIRV_BINARY_FUZZERS $SPIRV_ASSEMBLY_FUZZERS -do - cp test/fuzzers/$fuzzer $OUT -done - -popd - -# An un-instrumented build of spirv-as is used to generate a corpus of SPIR-V binaries. -mkdir standard-build -pushd standard-build - -# Back-up instrumentation options -CFLAGS_SAVE="$CFLAGS" -CXXFLAGS_SAVE="$CXXFLAGS" -unset CFLAGS -unset CXXFLAGS -export AFL_NOOPT=1 - -cmake -G Ninja .. ${CMAKE_ARGS} -ninja spirv-as - -# Restore instrumentation options -export CFLAGS="${CFLAGS_SAVE}" -export CXXFLAGS="${CXXFLAGS_SAVE}" -unset AFL_NOOPT - -popd - - -# Generate a corpus of SPIR-V binaries from the SPIR-V assembly files in the -# SPIRV-Tools and tint repositories. -mkdir $WORK/tint-binary-corpus -python3 tint/fuzzers/generate_spirv_corpus.py tint/test $WORK/tint-binary-corpus standard-build/tools/spirv-as -mkdir $WORK/spirv-binary-corpus-hashed-names -tint_test_cases=`ls $WORK/tint-binary-corpus/*.spv` -spirv_tools_test_cases=`find test/fuzzers/corpora -name "*.spv"` -for f in $tint_test_cases $spirv_tools_test_cases -do - hashed_name=$(sha1sum "$f" | awk '{print $1}') - cp $f $WORK/spirv-binary-corpus-hashed-names/$hashed_name -done -zip -j "$WORK/spirv_binary_seed_corpus.zip" "$WORK/spirv-binary-corpus-hashed-names"/* - -# Supply each of the binary fuzzers with this seed corpus. -for fuzzer in $SPIRV_BINARY_FUZZERS -do - cp "$WORK/spirv_binary_seed_corpus.zip" "$OUT/${fuzzer}_seed_corpus.zip" -done - -# Generate a corpus of SPIR-V assembly files from the tint repository. -mkdir $WORK/spirv-assembly-corpus-hashed-names -for f in `find tint/test -name "*.spvasm"` -do - hashed_name=$(sha1sum "$f" | awk '{print $1}') - cp $f $WORK/spirv-assembly-corpus-hashed-names/$hashed_name -done - -zip -j "$WORK/spirv_assembly_seed_corpus.zip" "$WORK/spirv-assembly-corpus-hashed-names"/* - -# Supply each of the assembly fuzzers with this seed corpus. -for fuzzer in $SPIRV_ASSEMBLY_FUZZERS -do - cp "$WORK/spirv_assembly_seed_corpus.zip" "$OUT/${fuzzer}_seed_corpus.zip" -done diff --git a/projects/spirv-tools/project.yaml b/projects/spirv-tools/project.yaml deleted file mode 100644 index 2f02d02bc..000000000 --- a/projects/spirv-tools/project.yaml +++ /dev/null @@ -1,15 +0,0 @@ -homepage: https://github.com/KhronosGroup/SPIRV-Tools -language: c++ -primary_contact: rharrison@google.com -auto_ccs: - - "afdx@google.com" - - "alanbaker@google.com" - - "stevenperron@google.com" -sanitizers: - - address - - memory - - undefined -main_repo: 'https://github.com/KhronosGroup/SPIRV-Tools.git' -architectures: - - x86_64 - - i386 diff --git a/projects/sql-parser/Dockerfile b/projects/sql-parser/Dockerfile deleted file mode 100755 index b68268bfb..000000000 --- a/projects/sql-parser/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make cmake -RUN git clone https://github.com/hyrise/sql-parser - -WORKDIR $SRC -COPY build.sh $SRC/ -COPY fuzz_sql_parse.cpp $SRC/sql-parser/fuzz_sql_parse.cpp diff --git a/projects/sql-parser/build.sh b/projects/sql-parser/build.sh deleted file mode 100755 index c795dd517..000000000 --- a/projects/sql-parser/build.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -cd sql-parser -sed 's/static ?= no/LIB_CFLAGS += ${CXXFLAGS}\nstatic ?= no/g' -i Makefile -make static=yes -$CXX $CXXFLAGS $LIB_FUZZING_ENGINE \ - fuzz_sql_parse.cpp libsqlparser.a -I./src -o $OUT/fuzz_sql_parse diff --git a/projects/sql-parser/fuzz_sql_parse.cpp b/projects/sql-parser/fuzz_sql_parse.cpp deleted file mode 100644 index 1fb59c92a..000000000 --- a/projects/sql-parser/fuzz_sql_parse.cpp +++ /dev/null @@ -1,26 +0,0 @@ -/* Copyright 2021 Google LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include <string> -#include "SQLParser.h" - -using namespace hsql; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - std::string input(reinterpret_cast<const char*>(data), size); - SQLParserResult res; - SQLParser::parse(input, &res); - return 0; -} diff --git a/projects/sql-parser/project.yaml b/projects/sql-parser/project.yaml deleted file mode 100755 index 40a73dbd2..000000000 --- a/projects/sql-parser/project.yaml +++ /dev/null @@ -1,7 +0,0 @@ -homepage: "https://github.com/hyrise/sql-parser" -main_repo: "https://github.com/hyrise/sql-parser" -primary_contact: "marcel.weisgut@hpi.de" -language: c++ -auto_ccs: - - "klauck2@gmail.com" - - "david@adalogics.com" diff --git a/projects/sqlalchemy/Dockerfile b/projects/sqlalchemy/Dockerfile deleted file mode 100644 index 80c314a54..000000000 --- a/projects/sqlalchemy/Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-python -RUN git clone --depth 1 --branch rel_1_3 https://github.com/sqlalchemy/sqlalchemy -WORKDIR $SRC/sqlalchemy -COPY build.sh sqlalchemy_fuzzer.py $SRC/ diff --git a/projects/sqlalchemy/build.sh b/projects/sqlalchemy/build.sh deleted file mode 100644 index 8f4bee46e..000000000 --- a/projects/sqlalchemy/build.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -python3 setup.py install -for fuzzer in $(find $SRC -name '*_fuzzer.py'); do - fuzzer_basename=$(basename -s .py $fuzzer) - fuzzer_package=${fuzzer_basename}.pkg - pyinstaller --distpath $OUT --onefile --name $fuzzer_package $fuzzer - - # Create execution wrapper. - echo "#!/bin/sh -# LLVMFuzzerTestOneInput for fuzzer detection. -this_dir=\$(dirname \"\$0\") -ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \ -\$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename - chmod u+x $OUT/$fuzzer_basename -done diff --git a/projects/sqlalchemy/project.yaml b/projects/sqlalchemy/project.yaml deleted file mode 100644 index 2fe9bf515..000000000 --- a/projects/sqlalchemy/project.yaml +++ /dev/null @@ -1,11 +0,0 @@ -homepage: "https://www.sqlalchemy.org" -language: python -primary_contact: "mike_mp@zzzcomputing.com" -auto_ccs: - - "Adam@adalogics.com" -fuzzing_engines: - - libfuzzer -sanitizers: - - address - - undefined -main_repo: "ihttps://github.com/sqlalchemy/sqlalchemy" diff --git a/projects/sqlalchemy/sqlalchemy_fuzzer.py b/projects/sqlalchemy/sqlalchemy_fuzzer.py deleted file mode 100644 index d3ae577ba..000000000 --- a/projects/sqlalchemy/sqlalchemy_fuzzer.py +++ /dev/null @@ -1,52 +0,0 @@ -#!/usr/bin/python3 - -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import sys -import atheris - -with atheris.instrument_imports(): - import sqlalchemy - from sqlalchemy import create_engine - from sqlalchemy import Table, Column, Integer, String, MetaData - from sqlalchemy.sql import text - -@atheris.instrument_func -def TestOneInput(input_bytes): - try: - sql_string = input_bytes.decode("utf-8") - metadata = MetaData() - fuzz_table = Table('fuzz_table', metadata, - Column('id', Integer, primary_key=True), - Column('column1', String), - Column('column2', String), - ) - - engine = create_engine('sqlite:///fuzz.db') - metadata.create_all(engine) - statement = text(sql_string) - with engine.connect() as conn: - conn.execute(statement) - except Exception as e: - pass - - -def main(): - atheris.Setup(sys.argv, TestOneInput, enable_python_coverage=True) - atheris.Fuzz() - - -if __name__ == "__main__": - main() diff --git a/projects/stb/Dockerfile b/projects/stb/Dockerfile index 6b89306c2..d9449ea9a 100644 --- a/projects/stb/Dockerfile +++ b/projects/stb/Dockerfile @@ -22,17 +22,12 @@ RUN apt-get update && \ RUN git clone --depth 1 https://github.com/nothings/stb.git -RUN mkdir $SRC/stbi # CIFuzz workaround +RUN wget -O $SRC/stb/gif.tar.gz https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/imagetestsuite/imagetestsuite-gif-1.00.tar.gz +RUN wget -O $SRC/stb/jpg.tar.gz https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/imagetestsuite/imagetestsuite-jpg-1.00.tar.gz +RUN wget -O $SRC/stb/bmp.zip http://entropymine.com/jason/bmpsuite/releases/bmpsuite-2.6.zip +RUN wget -O $SRC/stb/tga.zip https://github.com/richgel999/tga_test_files/archive/master.zip -RUN wget -O $SRC/stbi/gif.tar.gz https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/imagetestsuite/imagetestsuite-gif-1.00.tar.gz -RUN wget -O $SRC/stbi/jpg.tar.gz https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/imagetestsuite/imagetestsuite-jpg-1.00.tar.gz -RUN wget -O $SRC/stbi/bmp.zip http://entropymine.com/jason/bmpsuite/releases/bmpsuite-2.6.zip -RUN wget -O $SRC/stbi/tga.zip https://github.com/richgel999/tga_test_files/archive/master.zip - -RUN wget -O $SRC/stbi/gif.dict https://raw.githubusercontent.com/mirrorer/afl/master/dictionaries/gif.dict - -# Maintain compatibility with master branch until a new release -RUN cp $SRC/stbi/gif.tar.gz $SRC/stbi/jpg.tar.gz $SRC/stbi/bmp.zip $SRC/stbi/gif.dict $SRC/stb +RUN wget -O $SRC/stb/tests/gif.dict https://raw.githubusercontent.com/mirrorer/afl/master/dictionaries/gif.dict &> /dev/null WORKDIR stb COPY build.sh $SRC/ diff --git a/projects/sudoers/build.sh b/projects/sudoers/build.sh index d157c9a63..905450cb4 100755 --- a/projects/sudoers/build.sh +++ b/projects/sudoers/build.sh @@ -28,11 +28,7 @@ else sanitizer_opts="$SANITIZER_FLAGS" fi # This is already added by --enable-fuzzer -CFLAGS="`echo \"$CFLAGS\" | sed 's/ -fsanitize=fuzzer-no-link//'`" - -# Copy optimization flag to LDFLAGS for UBSan object-size check. -OPTFLAG="`echo \"$CFLAGS\" | sed 's/^.*\(-O[^ ]\).*$/\1/'`" -export LDFLAGS="${LDFLAGS:-}${LDFLAGS:+ }$OPTFLAG" +CFLAGS="`echo \"$CFLAGS\" | sed \"s/ -fsanitize=fuzzer-no-link//\"`" # Build sudo with static libs and enable fuzzing targets. # All fuzz targets are integrated into the build process. diff --git a/projects/sudoers/project.yaml b/projects/sudoers/project.yaml index 3b3a660f1..309a3eb3a 100755 --- a/projects/sudoers/project.yaml +++ b/projects/sudoers/project.yaml @@ -4,6 +4,7 @@ language: c fuzzing_engines: - libfuzzer - honggfuzz -auto_ccs: + - dataflow +auto_ccs : - "david@adalogics.com" main_repo: 'https://github.com/sudo-project/sudo' diff --git a/projects/suricata/Dockerfile b/projects/suricata/Dockerfile index 964c39498..257e7fb04 100644 --- a/projects/suricata/Dockerfile +++ b/projects/suricata/Dockerfile @@ -14,11 +14,10 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust -RUN apt-get update && apt-get install -y build-essential autoconf automake libtool make pkg-config python flex bison zlib1g-dev libpcre3-dev cmake tshark +FROM gcr.io/oss-fuzz-base/base-builder +RUN apt-get update && apt-get install -y build-essential autoconf automake libtool make pkg-config python flex bison zlib1g-dev libpcre3-dev libpcre2-dev cmake tshark -# TODO libmagic, liblzma and other optional libraries -ADD https://ftp.pcre.org/pub/pcre/pcre2-10.36.tar.gz pcre2-10.36.tar.gz +#TODO libmagic, liblzma, pcre and other optional libraries ADD https://www.tcpdump.org/release/libpcap-1.9.1.tar.gz libpcap-1.9.1.tar.gz ADD http://www.digip.org/jansson/releases/jansson-2.12.tar.gz jansson-2.12.tar.gz RUN git clone --depth=1 https://github.com/yaml/libyaml diff --git a/projects/suricata/build.sh b/projects/suricata/build.sh index d825b9eb6..18f228047 100755 --- a/projects/suricata/build.sh +++ b/projects/suricata/build.sh @@ -16,15 +16,6 @@ ################################################################################ # build dependencies statically -( -tar -xvzf pcre2-10.36.tar.gz -cd pcre2-10.36 -./configure --disable-shared -make -j$(nproc) clean -make -j$(nproc) all -make -j$(nproc) install -) - tar -xvzf lz4-1.9.2.tar.gz cd lz4-1.9.2 make liblz4.a @@ -61,8 +52,6 @@ make install cd .. export CARGO_BUILD_TARGET="x86_64-unknown-linux-gnu" -# cf https://github.com/google/sanitizers/issues/1389 -export MSAN_OPTIONS=strict_memcmp=false #we did not put libhtp there before so that cifuzz does not remove it mv libhtp suricata/ @@ -72,27 +61,22 @@ sh autogen.sh #run configure with right options if [ "$SANITIZER" = "address" ] then - export RUSTFLAGS="$RUSTFLAGS -Cpasses=sancov-module -Cllvm-args=-sanitizer-coverage-level=4 -Cllvm-args=-sanitizer-coverage-trace-compares -Cllvm-args=-sanitizer-coverage-inline-8bit-counters -Cllvm-args=-sanitizer-coverage-pc-table -Clink-dead-code -Cllvm-args=-sanitizer-coverage-stack-depth -Ccodegen-units=1" + export RUSTFLAGS="$RUSTFLAGS -Cpasses=sancov -Cllvm-args=-sanitizer-coverage-level=4 -Cllvm-args=-sanitizer-coverage-trace-compares -Cllvm-args=-sanitizer-coverage-inline-8bit-counters -Cllvm-args=-sanitizer-coverage-trace-geps -Cllvm-args=-sanitizer-coverage-prune-blocks=0 -Cllvm-args=-sanitizer-coverage-pc-table -Clink-dead-code -Cllvm-args=-sanitizer-coverage-stack-depth" fi ./src/tests/fuzz/oss-fuzz-configure.sh make -j$(nproc) -./src/suricata --list-app-layer-protos | tail -n +2 | while read i; do cp src/fuzz_applayerparserparse $OUT/fuzz_applayerparserparse_$i; done - cp src/fuzz_* $OUT/ # dictionaries ./src/suricata --list-keywords | grep "\- " | sed 's/- //' | awk '{print "\""$0"\""}' > $OUT/fuzz_siginit.dict -echo \"SMB\" > $OUT/fuzz_applayerparserparse_smb.dict - # build corpuses # default configuration file zip -r $OUT/fuzz_confyamlloadstring_seed_corpus.zip suricata.yaml # rebuilds rules corpus with only one rule by file unzip ../emerging.rules.zip cd rules -cat *.rules > $OUT/fuzz.rules i=0 mkdir corpus # quiet output for commands @@ -121,19 +105,9 @@ rm -Rf corpus mkdir corpus set +x ls | grep -v corpus | while read t; do -grep -v "#" $t/*.rules | head -1 | cut -d "(" -f2 | cut -d ")" -f1 > corpus/$i || true; echo -ne '\0' >> corpus/$i; fpc_bin $t/*.pcap >> corpus/$i || rm corpus/$i; i=$((i+1)); +cat $t/*.rules > corpus/$i || true; echo -ne '\0' >> corpus/$i; fpc_bin $t/*.pcap >> corpus/$i || rm corpus/$i; i=$((i+1)); echo -ne '\0' >> corpus/$i; python3 $SRC/fuzzpcap/tcptofpc.py $t/*.pcap >> corpus/$i || rm corpus/$i; i=$((i+1)); done set -x zip -q -r $OUT/fuzz_sigpcap_aware_seed_corpus.zip corpus echo "\"FPC0\"" > $OUT/fuzz_sigpcap_aware.dict -rm -Rf corpus -mkdir corpus -set +x -ls | grep -v corpus | while read t; do -fpc_bin $t/*.pcap >> corpus/$i || rm corpus/$i; i=$((i+1)); -python3 $SRC/fuzzpcap/tcptofpc.py $t/*.pcap >> corpus/$i || rm corpus/$i; i=$((i+1)); -done -set -x -zip -q -r $OUT/fuzz_predefpcap_aware_seed_corpus.zip corpus -echo "\"FPC0\"" > $OUT/fuzz_predefpcap_aware.dict diff --git a/projects/suricata/project.yaml b/projects/suricata/project.yaml index 1db82dff3..3babd8f61 100644 --- a/projects/suricata/project.yaml +++ b/projects/suricata/project.yaml @@ -1,12 +1,11 @@ homepage: "https://suricata-ids.org" -language: rust +language: c++ primary_contact: "vjulien@openinfosecfoundation.org" auto_ccs: - "jish@openinfosecfoundation.org" - "p.antoine@catenacyber.fr" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined main_repo: 'https://github.com/OISF/suricata.git' diff --git a/projects/swift-nio/Dockerfile b/projects/swift-nio/Dockerfile deleted file mode 100644 index 1e47174c0..000000000 --- a/projects/swift-nio/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-swift - -# specific swift-nio -RUN git clone --depth 1 https://github.com/google/fuzzing -RUN git clone --depth 1 https://github.com/apple/swift-nio.git -COPY build.sh $SRC -COPY *.swift $SRC/ -WORKDIR $SRC/swift-nio diff --git a/projects/swift-nio/Package.swift b/projects/swift-nio/Package.swift deleted file mode 100644 index 98ab5dc43..000000000 --- a/projects/swift-nio/Package.swift +++ /dev/null @@ -1,19 +0,0 @@ -// swift-tools-version:5.3 -// The swift-tools-version declares the minimum version of Swift required to build this package. - -import PackageDescription - -let package = Package( - name: "swift-nio-fuzz", - dependencies: [ - // Dependencies declare other packages that this package depends on. - .package(name: "swift-nio", path: ".."), - ], - targets: [ - // Targets are the basic building blocks of a package. A target can define a module or a test suite. - // Targets can depend on other targets in this package, and on products in packages this package depends on. - .target( - name: "swift-nio-http1-fuzz", - dependencies: [.product(name: "NIOHTTP1", package: "swift-nio")]), - ] -) diff --git a/projects/swift-nio/build.sh b/projects/swift-nio/build.sh deleted file mode 100755 index 1544e2b66..000000000 --- a/projects/swift-nio/build.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# build project -mkdir swift-nio-fuzz -cd swift-nio-fuzz -swift package init --type=executable -rm -Rf Sources/swift-nio-fuzz -mkdir Sources/swift-nio-http1-fuzz -cp $SRC/fuzz_http1.swift Sources/swift-nio-http1-fuzz/main.swift -cp $SRC/Package.swift Package.swift - -. precompile_swift -swift build -c debug $SWIFTFLAGS -( -cd .build/debug/ -find . -maxdepth 1 -type f -name "*fuzz" -executable | while read i; do cp $i $OUT/"$i"-debug; done -) -swift build -c release $SWIFTFLAGS -( -cd .build/release/ -find . -maxdepth 1 -type f -name "*fuzz" -executable | while read i; do cp $i $OUT/"$i"-release; done -) - -cp $SRC/fuzzing/dictionaries/http.dict $OUT/swift-nio-http1-fuzz-debug.dict -cp $SRC/fuzzing/dictionaries/http.dict $OUT/swift-nio-http1-fuzz-release.dict diff --git a/projects/swift-nio/fuzz_http1.swift b/projects/swift-nio/fuzz_http1.swift deleted file mode 100644 index 065471a9a..000000000 --- a/projects/swift-nio/fuzz_http1.swift +++ /dev/null @@ -1,21 +0,0 @@ -import NIOHTTP1 -import NIO - -@_cdecl("LLVMFuzzerTestOneInput") -public func test(_ start: UnsafeRawPointer, _ count: Int) -> CInt { - let bytes = UnsafeRawBufferPointer(start: start, count: count) - let channel = EmbeddedChannel() - var buffer = channel.allocator.buffer(capacity: count) - buffer.writeBytes(bytes) - do { - try channel.pipeline.addHandler(ByteToMessageHandler(HTTPRequestDecoder())).wait() - try channel.writeInbound(buffer) - channel.embeddedEventLoop.run() - } catch { - } - do { - try channel.finish(acceptAlreadyClosed: true) - } catch { - } - return 0 -} diff --git a/projects/swift-nio/project.yaml b/projects/swift-nio/project.yaml deleted file mode 100644 index 6c9a01ddc..000000000 --- a/projects/swift-nio/project.yaml +++ /dev/null @@ -1,14 +0,0 @@ -homepage: "https://github.com/apple/swift-nio" -language: swift -primary_contact: "lukasa@apple.com" -auto_ccs : -- "johannesweiss@apple.com" -- "pp_adams@apple.com" -- "p.antoine@catenacyber.fr" - -fuzzing_engines: -- libfuzzer -sanitizers: -- address -- thread -main_repo: 'https://github.com/apple/swift-nio.git' diff --git a/projects/swift-protobuf/Dockerfile b/projects/swift-protobuf/Dockerfile deleted file mode 100644 index d8be91344..000000000 --- a/projects/swift-protobuf/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-swift - -RUN git clone --depth 1 https://github.com/apple/swift-protobuf.git -COPY build.sh $SRC -WORKDIR $SRC/swift-protobuf diff --git a/projects/swift-protobuf/build.sh b/projects/swift-protobuf/build.sh deleted file mode 100755 index 4c30102bb..000000000 --- a/projects/swift-protobuf/build.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - - -. precompile_swift -cd FuzzTesting - -# debug build -swift build -c debug $SWIFTFLAGS -( -cd .build/debug/ -find . -maxdepth 1 -type f -name "Fuzz*" -executable | while read i; do cp $i $OUT/"$i"_debug; done -) - -# release build -swift build -c release $SWIFTFLAGS -( -cd .build/release/ -find . -maxdepth 1 -type f -name "Fuzz*" -executable | while read i; do cp $i $OUT/"$i"_release; done -) - -# Copy any dictionaries over. -for fuzz_dict in Fuzz*.dict ; do - fuzzer_name=$(basename $fuzz_dict .dict) - cp $fuzz_dict $OUT/${fuzzer_name}_debug.dict - cp $fuzz_dict $OUT/${fuzzer_name}_release.dict -done diff --git a/projects/swift-protobuf/project.yaml b/projects/swift-protobuf/project.yaml deleted file mode 100644 index 002ee8726..000000000 --- a/projects/swift-protobuf/project.yaml +++ /dev/null @@ -1,13 +0,0 @@ -homepage: "https://github.com/apple/swift-protobuf" -language: swift -primary_contact: "tkientzle@apple.com" -auto_ccs : -- "p.antoine@catenacyber.fr" -- "thomasvl@google.com" - -fuzzing_engines: -- libfuzzer -sanitizers: -- address -- thread -main_repo: 'https://github.com/apple/swift-protobuf.git' diff --git a/projects/systemd/Dockerfile b/projects/systemd/Dockerfile index 09369d2ba..0705c568a 100644 --- a/projects/systemd/Dockerfile +++ b/projects/systemd/Dockerfile @@ -19,7 +19,7 @@ RUN apt-get update &&\ apt-get install -y gperf m4 gettext python3-pip \ libcap-dev libmount-dev libkmod-dev \ pkg-config wget &&\ - pip3 install meson ninja jinja2 + pip3 install meson==0.56.2 ninja RUN git clone --depth 1 https://github.com/systemd/systemd systemd WORKDIR systemd COPY build.sh $SRC/ diff --git a/projects/syzkaller/Dockerfile b/projects/syzkaller/Dockerfile index a5803a803..fdef5b4be 100644 --- a/projects/syzkaller/Dockerfile +++ b/projects/syzkaller/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/google/syzkaller/ diff --git a/projects/syzkaller/project.yaml b/projects/syzkaller/project.yaml index ed2b5b67d..1442c047f 100644 --- a/projects/syzkaller/project.yaml +++ b/projects/syzkaller/project.yaml @@ -2,6 +2,7 @@ homepage: "https://github.com/google/syzkaller.git" primary_contact: "dvyukov@google.com" auto_ccs: - "andreyknvl@google.com" + - "mmoroz@chromium.org" - "syzkaller@googlegroups.com" language: go fuzzing_engines: diff --git a/projects/tailscale/Dockerfile b/projects/tailscale/Dockerfile deleted file mode 100644 index 9aaaba541..000000000 --- a/projects/tailscale/Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-go -RUN git clone --depth 1 https://github.com/tailscale/tailscale -COPY build.sh $SRC/ -WORKDIR $SRC/tailscale diff --git a/projects/tailscale/build.sh b/projects/tailscale/build.sh deleted file mode 100644 index 47f281ad7..000000000 --- a/projects/tailscale/build.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -compile_go_fuzzer tailscale.com/net/stun FuzzStunParser stun_parser_fuzzer diff --git a/projects/tailscale/project.yaml b/projects/tailscale/project.yaml deleted file mode 100644 index 06698fd79..000000000 --- a/projects/tailscale/project.yaml +++ /dev/null @@ -1,12 +0,0 @@ -homepage: "https://tailscale.com/" -main_repo: "https://github.com/tailscale/tailscale" -primary_contact: "Adam@adalogics.com" -auto_ccs : - - "josh@tailscale.com" - - "danderson@tailscale.com" - - "bradfitz@tailscale.com" -language: go -fuzzing_engines: - - libfuzzer -sanitizers: - - address diff --git a/projects/tcmalloc/Dockerfile b/projects/tcmalloc/Dockerfile deleted file mode 100644 index 18b8abdc5..000000000 --- a/projects/tcmalloc/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake libtool python -RUN git clone --depth 1 https://github.com/google/tcmalloc tcmalloc -WORKDIR tcmalloc -COPY build.sh $SRC/ diff --git a/projects/tcmalloc/build.sh b/projects/tcmalloc/build.sh deleted file mode 100755 index b204d1cb6..000000000 --- a/projects/tcmalloc/build.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -bazel_build_fuzz_tests diff --git a/projects/tcmalloc/project.yaml b/projects/tcmalloc/project.yaml deleted file mode 100644 index 19ce8c051..000000000 --- a/projects/tcmalloc/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "tcmalloc" -language: c++ -primary_contact: "ckennelly@google.com" -main_repo: "https://github.com/google/tcmalloc" -auto_ccs: - - "david@adalogics.com" -sanitizers: - - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory diff --git a/projects/tdengine/Dockerfile b/projects/tdengine/Dockerfile deleted file mode 100644 index aa78f11f5..000000000 --- a/projects/tdengine/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y libtool build-essential -RUN git clone --depth 1 https://github.com/taosdata/TDengine tdengine -WORKDIR tdengine -COPY build.sh $SRC/ -COPY *.options $SRC/ diff --git a/projects/tdengine/build.sh b/projects/tdengine/build.sh deleted file mode 100755 index 539915c5d..000000000 --- a/projects/tdengine/build.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -sed -i 's/git@/https:\/\//g' .gitmodules -sed -i 's/:taos/\/taos/g' .gitmodules -sed -i 's/\.git//g' .gitmodules - -git submodule update --init --recursive -sed -i 's/-Werror//g' ./cmake/define.inc -mkdir debug && cd debug -cmake .. && cmake --build . - -cd build/bin - -# Now let's build the fuzzer. -$CC $CFLAGS -DLINUX -DUSE_LIBICONV -D_LINUX -D_M_X64 \ - -D_TD_LINUX -D_TD_LINUX_64 \ - -I/src/tdengine/src/inc -I/src/tdengine/src/os/inc \ - -I/src/tdengine/src/util/inc -I/src/tdengine/src/common/inc \ - -I/src/tdengine/src/tsdb/inc -I/src/tdengine/src/query/inc \ - -o sql-fuzzer.o -c $SRC/tdengine/tests/fuzz//sql-fuzzer.c - -$CC $CFLAGS $LIB_FUZZING_ENGINE sql-fuzzer.o -o $OUT/sql-fuzzer \ - ../../../debug/src/common/CMakeFiles/common.dir/src/tglobal.c.o \ - -Wl,--start-group \ - ../lib/libtaos_static.a ../lib/libtrpc.a ../lib/libtutil.a \ - ../lib/libquery.a ../lib/libtsdb.a ../lib/libcommon.a \ - ../lib/libtfs.a ../lib/liblz4.a ../lib/libos.a \ - ../lib/liboslinux.a ../lib/libz.a ../lib/librmonotonic.a \ - ../lib/liblua.a \ - -Wl,--end-group -lpthread -ldl - -cp $SRC/*.options $OUT/ diff --git a/projects/tdengine/project.yaml b/projects/tdengine/project.yaml deleted file mode 100644 index 63236eed9..000000000 --- a/projects/tdengine/project.yaml +++ /dev/null @@ -1,6 +0,0 @@ -homepage: "https://www.taosdata.com/en/documentation/" -language: c -primary_contact: "sangshuduo@gmail.com" -main_repo: "https://github.com/taosdata/TDengine" -auto_ccs: - - "david@adalogics.com" diff --git a/projects/tdengine/sql-fuzzer.options b/projects/tdengine/sql-fuzzer.options deleted file mode 100644 index f9d09656c..000000000 --- a/projects/tdengine/sql-fuzzer.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -detect_leaks=0 diff --git a/projects/teleport/Dockerfile b/projects/teleport/Dockerfile index c3e3beb55..8ffafb3a0 100644 --- a/projects/teleport/Dockerfile +++ b/projects/teleport/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/gravitational/teleport.git COPY build.sh $SRC/ WORKDIR $SRC/teleport diff --git a/projects/tendermint/Dockerfile b/projects/tendermint/Dockerfile deleted file mode 100644 index 58899ef16..000000000 --- a/projects/tendermint/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-go -RUN git clone https://github.com/tendermint/tendermint - -COPY build.sh $SRC -WORKDIR $SRC/tendermint diff --git a/projects/tendermint/build.sh b/projects/tendermint/build.sh deleted file mode 100755 index 8981352c7..000000000 --- a/projects/tendermint/build.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -bash -x ./test/fuzz/oss-fuzz-build.sh diff --git a/projects/tendermint/project.yaml b/projects/tendermint/project.yaml deleted file mode 100644 index 67d02d5f0..000000000 --- a/projects/tendermint/project.yaml +++ /dev/null @@ -1,15 +0,0 @@ -homepage: "https://github.com/tendermint/tendermint" -primary_contact: "security@interchain.io" -auto_ccs: - - fuzzing@orijtech.com - - emmanuel@orijtech.com - - cuong@orijtech.com - - callum@interchain.io - - tychoish@interchain.io - - william@interchain.io -language: go -fuzzing_engines: - - libfuzzer -sanitizers: - - address -main_repo: "https://github.com/tendermint/tendermint" diff --git a/projects/tensorflow-py/Dockerfile b/projects/tensorflow-py/Dockerfile index e5e2a66ae..dea03cb2f 100644 --- a/projects/tensorflow-py/Dockerfile +++ b/projects/tensorflow-py/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-python +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y --no-install-recommends \ curl \ diff --git a/projects/tensorflow-py/build.sh b/projects/tensorflow-py/build.sh index 8e12b3d9b..afd501b62 100644 --- a/projects/tensorflow-py/build.sh +++ b/projects/tensorflow-py/build.sh @@ -39,7 +39,7 @@ this_dir=\$(dirname \"\$0\") LD_PRELOAD=\"\$this_dir/sanitizer_with_fuzzer.so \$this_dir/libz-eb09ad1d.so.1.2.3 \$this_dir/libquadmath-2d0c479f.so.0.0.0 \$this_dir/libgfortran-2e0d59d6.so.5.0.0 \$this_dir/libopenblasp-r0-09e95953.3.13.so\" \ ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \ \$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename + chmod u+x $OUT/$fuzzer_basename done mv $SRC/tensorflow/tensorflow_src $SRC/tensorflow/tensorflow diff --git a/projects/tensorflow-py/project.yaml b/projects/tensorflow-py/project.yaml index cac4a1a17..64c5eba43 100644 --- a/projects/tensorflow-py/project.yaml +++ b/projects/tensorflow-py/project.yaml @@ -3,7 +3,6 @@ language: python primary_contact: "amitpatankar@google.com" auto_ccs: - "mihaimaruseac@google.com" - - "lpak@google.com" fuzzing_engines: - libfuzzer sanitizers: diff --git a/projects/tesseract-ocr/Dockerfile b/projects/tesseract-ocr/Dockerfile index 3e02c5ea1..20094e7bb 100644 --- a/projects/tesseract-ocr/Dockerfile +++ b/projects/tesseract-ocr/Dockerfile @@ -15,24 +15,8 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y autoconf automake libtool pkg-config libpng-dev libjpeg8-dev liblzma-dev - -RUN git clone https://www.cl.cam.ac.uk/~mgk25/git/jbigkit jbigkit && \ - cd jbigkit && \ - make clean && \ - make -j$(nproc) lib && \ - cp libjbig/libjbig.a /usr/lib/x86_64-linux-gnu/libjbig.a - -RUN git clone --depth 1 https://gitlab.com/libtiff/libtiff libtiff && \ - cd libtiff && \ - cmake . -DBUILD_SHARED_LIBS=off && \ - make clean && \ - make -j$(nproc) && \ - make install && \ - cp libtiff/libtiff.a /usr/lib/x86_64-linux-gnu/libtiff.a - +RUN apt-get update && apt-get install -y autoconf automake libtool pkg-config libpng-dev libjpeg8-dev libtiff5-dev zlib1g-dev RUN git clone --depth 1 https://github.com/danbloomberg/leptonica RUN git clone --depth 1 https://github.com/tesseract-ocr/tesseract RUN git clone --depth 1 https://github.com/tesseract-ocr/tessdata - COPY build.sh $SRC/ diff --git a/projects/thrift/Dockerfile b/projects/thrift/Dockerfile index f66941700..040188316 100644 --- a/projects/thrift/Dockerfile +++ b/projects/thrift/Dockerfile @@ -15,30 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder - -# We use compile_go_fuzzer in this set up and also go itself -FROM gcr.io/oss-fuzz-base/base-builder-go - -RUN apt-get update && apt-get install -y libssl-dev pkg-config autoconf automake libtool bison flex wget make \ - autoconf \ - automake \ - sudo \ - gcc \ - g++ \ - python-dev \ - cmake \ - ninja-build - -RUN wget https://sourceforge.net/projects/boost/files/boost/1.70.0/boost_1_70_0.tar.gz && \ - tar xzf boost_1_70_0.tar.gz && \ - cd boost_1_70_0 && \ - ./bootstrap.sh --with-toolset=clang && \ - ./b2 clean && \ - ./b2 toolset=clang cxxflags="-stdlib=libc++" linkflags="-stdlib=libc++" -j$(nproc) install && \ - cd .. && \ - rm -rf boost_1_70_0 - -#libboost-all-dev +RUN apt-get update && apt-get install -y libssl-dev pkg-config autoconf automake libtool bison flex libboost-all-dev RUN git clone --depth 1 https://github.com/apache/thrift WORKDIR $SRC/thrift COPY build.sh $SRC/ diff --git a/projects/thrift/build.sh b/projects/thrift/build.sh index ffbd115d9..8194063b6 100755 --- a/projects/thrift/build.sh +++ b/projects/thrift/build.sh @@ -18,10 +18,6 @@ # build project export ASAN_OPTIONS=detect_leaks=0 -if [ "$SANITIZER" = "coverage" ] -then - cp /usr/bin/ld.gold /usr/bin/ld -fi ./bootstrap.sh # rust fails compilation with clippy warnings ./configure --with-rs=no diff --git a/projects/tidb/Dockerfile b/projects/tidb/Dockerfile index 17091a6bd..5c7d0fd3b 100644 --- a/projects/tidb/Dockerfile +++ b/projects/tidb/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/pingcap/tidb COPY build.sh $SRC/ WORKDIR $SRC/tidb diff --git a/projects/tidb/build.sh b/projects/tidb/build.sh index da5fd1c43..c11028f24 100755 --- a/projects/tidb/build.sh +++ b/projects/tidb/build.sh @@ -15,6 +15,10 @@ # ################################################################################ +# Insert empty main function +sed -i '23 i\func main(){}'\\n $SRC/tidb/plugin/conn_ip_example/conn_ip_example.go + +go get ./... compile_go_fuzzer github.com/pingcap/tidb/types FuzzMarshalJSON fuzzMarshalJSON compile_go_fuzzer github.com/pingcap/tidb/types FuzzNewBitLiteral fuzzNewBitLiteral diff --git a/projects/tidy-html5/build.sh b/projects/tidy-html5/build.sh index 7b75ab68e..d10c505a8 100644 --- a/projects/tidy-html5/build.sh +++ b/projects/tidy-html5/build.sh @@ -22,12 +22,12 @@ cd ${WORK}/tidy-html5 cmake -GNinja ${SRC}/tidy-html5/ ninja -for fuzzer in tidy_config_fuzzer tidy_fuzzer tidy_xml_fuzzer tidy_parse_string_fuzzer tidy_parse_file_fuzzer tidy_general_fuzzer; do +for fuzzer in tidy_config_fuzzer tidy_fuzzer; do ${CC} ${CFLAGS} -c -I${SRC}/tidy-html5/include \ $SRC/${fuzzer}.c -o ${fuzzer}.o ${CXX} ${CXXFLAGS} -std=c++11 ${fuzzer}.o \ -o $OUT/${fuzzer} \ - $LIB_FUZZING_ENGINE libtidy.a + $LIB_FUZZING_ENGINE libtidys.a done cp ${SRC}/*.options ${OUT}/ diff --git a/projects/tidy-html5/project.yaml b/projects/tidy-html5/project.yaml index 086f83ba4..d62facb4d 100644 --- a/projects/tidy-html5/project.yaml +++ b/projects/tidy-html5/project.yaml @@ -1,6 +1,6 @@ homepage: "http://www.html-tidy.org/" language: c++ -primary_contact: "balthisar@gmail.com" +primary_contact: "sbucur@google.com" auto_ccs: - "nmarrow@google.com" - "pmokati@google.com" diff --git a/projects/tidy-html5/tidy_general_fuzzer.c b/projects/tidy-html5/tidy_general_fuzzer.c deleted file mode 100644 index 67a064c7f..000000000 --- a/projects/tidy-html5/tidy_general_fuzzer.c +++ /dev/null @@ -1,160 +0,0 @@ -/* - * Copyright 2021 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include <sys/types.h> -#include <stdlib.h> -#include <stdio.h> -#include <stdint.h> -#include <unistd.h> -#include "tidybuffio.h" -#include "tidy.h" - -// All boolean options. These will be set randomly -// based on the fuzzer data. -TidyOptionId bool_options[] = { - TidyJoinClasses, - TidyJoinStyles, - TidyKeepFileTimes, - TidyKeepTabs, - TidyLiteralAttribs, - TidyLogicalEmphasis, - TidyLowerLiterals, - TidyMakeBare, - TidyFixUri, - TidyForceOutput, - TidyGDocClean, - TidyHideComments, - TidyMark, - TidyXmlTags, - TidyMakeClean, - TidyAnchorAsName, - TidyMergeEmphasis, - TidyMakeBare, - TidyMetaCharset, - TidyMuteShow, - TidyNCR, - TidyNumEntities, - TidyOmitOptionalTags, - TidyPunctWrap, - TidyQuiet, - TidyQuoteAmpersand, - TidyQuoteMarks, - TidyQuoteNbsp, - TidyReplaceColor, - TidyShowFilename, - TidyShowInfo, - TidyShowMarkup, - TidyShowMetaChange, - TidyShowWarnings, - TidySkipNested, - TidyUpperCaseTags, - TidyWarnPropAttrs, - TidyWord2000, - TidyWrapAsp, - TidyWrapAttVals, - TidyWrapJste, - TidyWrapPhp, - TidyWrapScriptlets, - TidyWrapSection, - TidyWriteBack, -}; - -void set_option(const uint8_t** data, size_t *size, TidyDoc *tdoc, TidyOptionId tboolID) { - uint8_t decider; - decider = **data; - *data += 1; - *size -= 1; - if (decider % 2 == 0) tidyOptSetBool( *tdoc, tboolID, yes ); - else { tidyOptSetBool( *tdoc, tboolID, no ); } -} - -int TidyXhtml(const uint8_t* data, size_t size, TidyBuffer* output, TidyBuffer* errbuf) { - uint8_t decider; - - // We need enough data for picking all of the options. One byte per option. - if (size < 5+(sizeof(bool_options)/sizeof(bool_options[0]))) { - return 0; - } - - TidyDoc tdoc = tidyCreate(); - - // Decide output format - decider = *data; - data++; size--; - if (decider % 3 == 0) tidyOptSetBool( tdoc, TidyXhtmlOut, yes ); - else { tidyOptSetBool( tdoc, TidyXhtmlOut, no ); } - - if (decider % 3 == 1) tidyOptSetBool( tdoc, TidyHtmlOut, yes ); - else { tidyOptSetBool( tdoc, TidyHtmlOut, no ); } - - if (decider % 3 == 2) tidyOptSetBool( tdoc, TidyXmlOut, yes ); - else { tidyOptSetBool( tdoc, TidyXmlOut, no ); } - - // Set options - for (int i=0; i < sizeof(bool_options)/sizeof(TidyOptionId); i++) { - set_option(&data, &size, &tdoc, bool_options[i]); - } - - // Set an error buffer. - tidySetErrorBuffer(tdoc, errbuf); - - // Parse the data - decider = *data; - data++; size--; - switch (decider % 2) { - case 0: { - char filename[256]; - sprintf(filename, "/tmp/libfuzzer.%d", getpid()); - - FILE *fp = fopen(filename, "wb"); - if (!fp) { - return 0; - } - fwrite(data, size, 1, fp); - fclose(fp); - - tidyParseFile(tdoc, filename); - unlink(filename); - } - break; - case 1: { - char *inp = malloc(size+1); - inp[size] = '\0'; - memcpy(inp, data, size); - tidyParseString(tdoc, inp); - free(inp); - } - } - - // Cleanup - tidyRelease( tdoc ); - - return 0; -} - -int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - TidyBuffer fuzz_toutput; - TidyBuffer fuzz_terror; - - tidyBufInit(&fuzz_toutput); - tidyBufInit(&fuzz_terror); - - TidyXhtml(data, size, &fuzz_toutput, &fuzz_terror); - - tidyBufFree(&fuzz_toutput); - tidyBufFree(&fuzz_terror); - - return 0; -} diff --git a/projects/tidy-html5/tidy_parse_file_fuzzer.c b/projects/tidy-html5/tidy_parse_file_fuzzer.c deleted file mode 100644 index febeaa6ca..000000000 --- a/projects/tidy-html5/tidy_parse_file_fuzzer.c +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright 2021 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include <sys/types.h> -#include <stdlib.h> -#include <stdio.h> -#include <stdint.h> -#include <unistd.h> -#include "tidybuffio.h" -#include "tidy.h" - - -int TidyXhtml(const uint8_t* data, size_t size, TidyBuffer* output, TidyBuffer* errbuf) { - Bool ok; - - TidyDoc tdoc = tidyCreate(); - - ok = tidyOptSetBool( tdoc, TidyXhtmlOut, yes ); - if (ok) tidySetErrorBuffer(tdoc, errbuf); - - char filename[256]; - sprintf(filename, "/tmp/libfuzzer.%d", getpid()); - - FILE *fp = fopen(filename, "wb"); - if (!fp) { - return 0; - } - fwrite(data, size, 1, fp); - fclose(fp); - - tidyParseFile(tdoc, filename); - - tidyRelease( tdoc ); - unlink(filename); - - return 0; -} - -int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - TidyBuffer fuzz_toutput; - TidyBuffer fuzz_terror; - - tidyBufInit(&fuzz_toutput); - tidyBufInit(&fuzz_terror); - - TidyXhtml(data, size, &fuzz_toutput, &fuzz_terror); - - tidyBufFree(&fuzz_toutput); - tidyBufFree(&fuzz_terror); - return 0; -} - diff --git a/projects/tidy-html5/tidy_parse_string_fuzzer.c b/projects/tidy-html5/tidy_parse_string_fuzzer.c deleted file mode 100644 index 3d1f7e27d..000000000 --- a/projects/tidy-html5/tidy_parse_string_fuzzer.c +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright 2021 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include <sys/types.h> -#include <stdlib.h> -#include <stdio.h> -#include <stdint.h> -#include "tidybuffio.h" -#include "tidy.h" - - -int TidyXhtml(const char* input, TidyBuffer* output, TidyBuffer* errbuf) { - TidyDoc tdoc = tidyCreate(); - tidyOptSetBool( tdoc, TidyXhtmlOut, yes ); - tidySetErrorBuffer(tdoc, errbuf); - - tidyParseString(tdoc, input); - - tidyCleanAndRepair(tdoc); - tidyRunDiagnostics(tdoc); - tidyOptSetBool(tdoc, TidyForceOutput, yes); - tidySaveBuffer(tdoc, output); - tidyRelease( tdoc ); - return 0; -} - -int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - char *fuzz_inp = malloc(size+1); - memcpy(fuzz_inp, data, size); - fuzz_inp[size] = '\0'; - - TidyBuffer fuzz_toutput; - TidyBuffer fuzz_terror; - - tidyBufInit(&fuzz_toutput); - tidyBufInit(&fuzz_terror); - - TidyXhtml(fuzz_inp, &fuzz_toutput, &fuzz_terror); - - tidyBufFree(&fuzz_toutput); - tidyBufFree(&fuzz_terror); - free(fuzz_inp); - return 0; -} - diff --git a/projects/tidy-html5/tidy_xml_fuzzer.c b/projects/tidy-html5/tidy_xml_fuzzer.c deleted file mode 100644 index c40551193..000000000 --- a/projects/tidy-html5/tidy_xml_fuzzer.c +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright 2021 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include <sys/types.h> -#include <stdlib.h> -#include <stdio.h> -#include <stdint.h> -#include "tidy.h" -#include "tidybuffio.h" -#include "tidyenum.h" -#include "tidyplatform.h" - -void TidyXml(char *fuzz_inp, TidyBuffer *toutput, - TidyBuffer *terror) { - TidyDoc tdoc = tidyCreate(); - tidyBufClear(toutput); - tidyBufClear(terror); - if (tidyOptSetBool(tdoc, TidyXmlOut, yes)) { - tidySetCharEncoding(tdoc, "utf8"); - tidySetErrorBuffer(tdoc, terror); - tidyOptSetInt(tdoc, TidyWrapLen, 0); - tidyOptSetBool(tdoc, TidyXmlTags, yes); - tidyOptSetBool(tdoc, TidyQuoteNbsp, no); - tidyOptSetBool(tdoc, TidyNumEntities, yes); - tidyOptSetBool(tdoc, TidyQuiet, yes); - tidyOptSetBool(tdoc, TidyMark, no); - tidyOptSetBool(tdoc, TidyShowWarnings, no); - tidyParseString(tdoc, fuzz_inp); - tidyCleanAndRepair(tdoc); - tidyRunDiagnostics(tdoc); - tidySaveBuffer(tdoc, toutput); - } - - tidyRelease(tdoc); -} - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - char *fuzz_inp = malloc(size+1); - memcpy(fuzz_inp, data, size); - fuzz_inp[size] = '\0'; - - TidyBuffer fuzz_toutput; - TidyBuffer fuzz_terror; - - tidyBufInit(&fuzz_toutput); - tidyBufInit(&fuzz_terror); - - TidyXml(fuzz_inp, &fuzz_toutput, &fuzz_terror); - - free(fuzz_inp); - tidyBufFree(&fuzz_toutput); - tidyBufFree(&fuzz_terror); - return 0; -} diff --git a/projects/tint/Dockerfile b/projects/tint/Dockerfile deleted file mode 100644 index dc293e905..000000000 --- a/projects/tint/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake libtool ninja-build -RUN git clone 'https://chromium.googlesource.com/chromium/tools/depot_tools.git' --depth 1 -ENV PATH="${SRC}/depot_tools:${PATH}" -RUN git clone --depth 1 https://dawn.googlesource.com/tint tint -WORKDIR tint -COPY build.sh $SRC/ diff --git a/projects/tint/build.sh b/projects/tint/build.sh deleted file mode 100755 index 68b682b91..000000000 --- a/projects/tint/build.sh +++ /dev/null @@ -1,106 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -cp standalone.gclient .gclient -gclient sync - -mkdir -p out/Debug -pushd out/Debug - -# ubsan's vptr sanitization is desabled as it requires RTTI, which is disabled -# when building tint. -CFLAGS="$CFLAGS -fno-sanitize=vptr" \ -CXXFLAGS="$CXXFLAGS -fno-sanitize=vptr" \ -cmake -GNinja ../.. -DCMAKE_BUILD_TYPE=Release -DTINT_BUILD_FUZZERS=ON -DTINT_BUILD_SPIRV_TOOLS_FUZZER=ON -DTINT_BUILD_TESTS=OFF -DTINT_LIB_FUZZING_ENGINE_LINK_OPTIONS=$LIB_FUZZING_ENGINE - -if [ -n "${OSS_FUZZ_CI-}" ] -then - # When running in the CI, restrict to a small number of fuzz targets to save - # time and disk space. A SPIR-V Tools-based fuzzer that uses the HLSL - # back-end, and a regular fuzzer that uses the MSL back-end, are selected. - SPIRV_TOOLS_FUZZERS="tint_spirv_tools_hlsl_writer_fuzzer" - SPIRV_FUZZERS="tint_spv_reader_msl_writer_fuzzer\ - ${SPIRV_TOOLS_FUZZERS}" -else - SPIRV_TOOLS_FUZZERS="tint_spirv_tools_hlsl_writer_fuzzer\ - tint_spirv_tools_msl_writer_fuzzer\ - tint_spirv_tools_spv_writer_fuzzer\ - tint_spirv_tools_wgsl_writer_fuzzer" - SPIRV_FUZZERS="tint_spv_reader_hlsl_writer_fuzzer\ - tint_spv_reader_msl_writer_fuzzer\ - tint_spv_reader_spv_writer_fuzzer\ - tint_spv_reader_wgsl_writer_fuzzer\ - ${SPIRV_TOOLS_FUZZERS}" -fi - -# The spirv-as tool is used to build seed corpora -ninja ${SPIRV_FUZZERS} - -cp ${SPIRV_FUZZERS} $OUT - -popd - -# An un-instrumented build of spirv-as is used to generate a corpus of SPIR-V binaries. -mkdir -p out/Standard -pushd out/Standard - -# Back-up instrumentation options -CFLAGS_SAVE="$CFLAGS" -CXXFLAGS_SAVE="$CXXFLAGS" -unset CFLAGS -unset CXXFLAGS -export AFL_NOOPT=1 - -cmake -GNinja ../.. -DCMAKE_BUILD_TYPE=Release -ninja spirv-as - -# Restore instrumentation options -export CFLAGS="${CFLAGS_SAVE}" -export CXXFLAGS="${CXXFLAGS_SAVE}" -unset AFL_NOOPT - -popd - -# Generate a corpus of SPIR-V binaries from the SPIR-V assembly files in the -# tint repository. -mkdir $WORK/spirv-corpus -python3 fuzzers/generate_spirv_corpus.py test $WORK/spirv-corpus out/Standard/spirv-as - -mkdir $WORK/spirv-corpus-hashed-names -for f in `ls $WORK/spirv-corpus/*.spv` -do - hashed_name=$(sha1sum "$f" | awk '{print $1}') - cp $f $WORK/spirv-corpus-hashed-names/$hashed_name -done - -zip -j "$WORK/seed_corpus.zip" "$WORK"/spirv-corpus-hashed-names/* - -for fuzzer in $SPIRV_FUZZERS -do - cp "$WORK/seed_corpus.zip" "$OUT/${fuzzer}_seed_corpus.zip" -done - -for fuzzer in $SPIRV_TOOLS_FUZZERS -do - echo "[libfuzzer] -max_len = 10000 -cross_over = 0 -mutate_depth = 1 -tint_enable_all_mutations = false -tint_mutation_batch_size = 5 -" > "$OUT/${fuzzer}.options" -done diff --git a/projects/tint/project.yaml b/projects/tint/project.yaml deleted file mode 100644 index 46fec183e..000000000 --- a/projects/tint/project.yaml +++ /dev/null @@ -1,13 +0,0 @@ -homepage: https://dawn.googlesource.com/tint -language: c++ -primary_contact: bclayton@google.com -auto_ccs: - - "afdx@google.com" -sanitizers: - - address - - memory - - undefined -main_repo: 'https://dawn.googlesource.com/tint.git' -architectures: - - x86_64 - - i386 diff --git a/projects/tinyobjloader/Dockerfile b/projects/tinyobjloader/Dockerfile deleted file mode 100644 index 72ad9eaba..000000000 --- a/projects/tinyobjloader/Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN git clone --depth 1 https://github.com/tinyobjloader/tinyobjloader -COPY build.sh $SRC -WORKDIR $SRC/tinyobjloader diff --git a/projects/tinyobjloader/build.sh b/projects/tinyobjloader/build.sh deleted file mode 100755 index e80301bfe..000000000 --- a/projects/tinyobjloader/build.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - - -# build project -mkdir build && cd build -cmake .. -DBUILD_SHARED_LIBS=OFF -make -j $(nproc) -cp fuzz* $OUT/ diff --git a/projects/tinyobjloader/project.yaml b/projects/tinyobjloader/project.yaml deleted file mode 100644 index 467e88905..000000000 --- a/projects/tinyobjloader/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://github.com/tinyobjloader/tinyobjloader" -language: c++ -primary_contact: "syoyo@lighttransport.com" -auto_ccs : -- "p.antoine@catenacyber.fr" - -sanitizers: -- address -- undefined -main_repo: 'https://github.com/tinyobjloader/tinyobjloader' diff --git a/projects/tmux/build.sh b/projects/tmux/build.sh index f4fe555e5..53de126ac 100644 --- a/projects/tmux/build.sh +++ b/projects/tmux/build.sh @@ -44,8 +44,3 @@ cat "${SRC}/tmux-fuzzing-corpus/iterm2"/* | \ split -a5 -db$MAXLEN - iterm2. zip -q -j -r "${OUT}/input-fuzzer_seed_corpus.zip" \ "${WORK}/fuzzing_corpus/" - -# Handle libevent not existing on runner. -mkdir $OUT/lib -cp /lib/x86_64-linux-gnu/libevent_core* $OUT/lib -patchelf --set-rpath '$ORIGIN/lib' $OUT/input-fuzzer diff --git a/projects/tor/Dockerfile b/projects/tor/Dockerfile index 3211c40be..37d9753e0 100644 --- a/projects/tor/Dockerfile +++ b/projects/tor/Dockerfile @@ -15,7 +15,7 @@ ############################################################################## FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y autoconf automake make libtool pkg-config +RUN apt-get update && apt-get install -y autoconf automake make libtool RUN git clone --depth 1 https://git.torproject.org/tor.git RUN git clone --depth 1 https://git.torproject.org/fuzzing-corpora.git tor-fuzz-corpora RUN git clone --depth 1 https://github.com/madler/zlib.git diff --git a/projects/tor/build.sh b/projects/tor/build.sh index 8f4d029bc..1c5154a91 100644 --- a/projects/tor/build.sh +++ b/projects/tor/build.sh @@ -63,15 +63,13 @@ export ASAN_OPTIONS=detect_leaks=0 --with-libevent-dir=${SRC}/deps \ --with-openssl-dir=${SRC}/deps \ --with-zlib-dir=${SRC}/deps \ - --disable-gcc-hardening \ - LDFLAGS="-L${TOR_DEPS}/lib64" + --disable-gcc-hardening make clean -make micro-revision.i # Workaround from https://gitlab.torproject.org/tpo/core/tor/-/issues/29520#note_2749427 make -j$(nproc) oss-fuzz-fuzzers TORLIBS="`make show-testing-libs`" -TORLIBS="$TORLIBS -lm -Wl,-Bstatic -lssl -lcrypto -levent -lz -L${TOR_DEPS}/lib -L${TOR_DEPS}/lib64" +TORLIBS="$TORLIBS -lm -Wl,-Bstatic -lssl -lcrypto -levent -lz -L${TOR_DEPS}/lib" TORLIBS="$TORLIBS -Wl,-Bdynamic" for fuzzer in src/test/fuzz/*.a; do diff --git a/projects/tpm2-tss/Dockerfile b/projects/tpm2-tss/Dockerfile index f2dbae6f2..9f74c7a14 100644 --- a/projects/tpm2-tss/Dockerfile +++ b/projects/tpm2-tss/Dockerfile @@ -68,10 +68,10 @@ RUN wget --quiet --show-progress --progress=dot:giga "http://mirror.kumi.systems && make -j $(nproc) && make install RUN rm -fr $autoconf_archive.tar.xz -ARG ibmtpm_name=ibmtpm1661 +ARG ibmtpm_name=ibmtpm1119 WORKDIR /tmp RUN wget --quiet --show-progress --progress=dot:giga "https://downloads.sourceforge.net/project/ibmswtpm2/$ibmtpm_name.tar.gz" \ - && sha256sum $ibmtpm_name.tar.gz | grep ^55145928ad2b24f34be6a0eacf9fb492e10e0ea919b8428c721fa970e85d6147 \ + && sha256sum $ibmtpm_name.tar.gz | grep ^b9eef79904e276aeaed2a6b9e4021442ef4d7dfae4adde2473bef1a6a4cd10fb \ && mkdir -p $ibmtpm_name \ && tar xvf $ibmtpm_name.tar.gz -C $ibmtpm_name \ && rm $ibmtpm_name.tar.gz diff --git a/projects/tpm2-tss/project.yaml b/projects/tpm2-tss/project.yaml index 7ac01a967..04af6fe9d 100644 --- a/projects/tpm2-tss/project.yaml +++ b/projects/tpm2-tss/project.yaml @@ -1,12 +1,12 @@ homepage: "https://github.com/tpm2-software/tpm2-tss" language: c++ -primary_contact: "william.c.roberts@intel.com" +primary_contact: "tadeusz.struk@intel.com" auto_ccs: - "andreas.fuchs@sit.fraunhofer.de" + - "john.s.andersen@intel.com" + - "william.c.roberts@intel.com" - "tstruk@gmail.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined -main_repo: 'https://github.com/tstruk/tpm2-tss.git'
\ No newline at end of file diff --git a/projects/tpm2/Dockerfile b/projects/tpm2/Dockerfile index f008ce398..3cd80b8ed 100644 --- a/projects/tpm2/Dockerfile +++ b/projects/tpm2/Dockerfile @@ -5,7 +5,7 @@ # Defines a docker image that can build fuzzers. # FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make libssl-dev binutils libgcc-9-dev +RUN apt-get update && apt-get install -y make libssl-dev binutils libgcc-5-dev RUN git clone --depth 1 https://chromium.googlesource.com/chromiumos/third_party/tpm2 WORKDIR tpm2 RUN cp /src/tpm2/fuzz/build.sh /src/ diff --git a/projects/ujson/Dockerfile b/projects/ujson/Dockerfile index 9b43468da..81550c687 100644 --- a/projects/ujson/Dockerfile +++ b/projects/ujson/Dockerfile @@ -14,13 +14,13 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-python +FROM gcr.io/oss-fuzz-base/base-builder RUN pip3 install hypothesis RUN git clone \ --depth 1 \ - --branch main \ + --branch master \ https://github.com/ultrajson/ultrajson.git WORKDIR ultrajson diff --git a/projects/ujson/build.sh b/projects/ujson/build.sh index 094d851a2..fd339d57e 100755 --- a/projects/ujson/build.sh +++ b/projects/ujson/build.sh @@ -31,5 +31,5 @@ this_dir=\$(dirname \"\$0\") LD_PRELOAD=\$this_dir/sanitizer_with_fuzzer.so \ ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \ \$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename + chmod u+x $OUT/$fuzzer_basename done diff --git a/projects/ujson/hypothesis_structured_fuzzer.py b/projects/ujson/hypothesis_structured_fuzzer.py index ef43c263d..c07a2cf5f 100644 --- a/projects/ujson/hypothesis_structured_fuzzer.py +++ b/projects/ujson/hypothesis_structured_fuzzer.py @@ -58,7 +58,6 @@ UJSON_ENCODE_KWARGS = { @given(obj=JSON_OBJECTS, kwargs=st.fixed_dictionaries(UJSON_ENCODE_KWARGS)) -@atheris.instrument_func def test_ujson_roundtrip(obj, kwargs): """Check that all JSON objects round-trip regardless of other options.""" assert obj == ujson.decode(ujson.encode(obj, **kwargs)) @@ -69,5 +68,5 @@ if __name__ == "__main__": # and minimize any failures discovered by earlier runs or by OSS-Fuzz, or # briefly search for new failures if none are known. # Or, when running via OSS-Fuzz, we'll execute it via the fuzzing hook: - atheris.Setup(sys.argv, atheris.instrument_func(test_ujson_roundtrip.hypothesis.fuzz_one_input)) + atheris.Setup(sys.argv, test_ujson_roundtrip.hypothesis.fuzz_one_input) atheris.Fuzz() diff --git a/projects/ujson/json_differential_fuzzer.py b/projects/ujson/json_differential_fuzzer.py index 4ab012c54..fd26de18f 100755 --- a/projects/ujson/json_differential_fuzzer.py +++ b/projects/ujson/json_differential_fuzzer.py @@ -37,15 +37,12 @@ values that are too big or too small is techincally fine; however, misinterpreting them is not. """ -import atheris +import atheris_no_libfuzzer as atheris +import json +import ujson import sys -with atheris.instrument_imports(): - import json - import ujson - -@atheris.instrument_func def ClearAllIntegers(data): """Used to prevent known bug; sets all integers in data recursively to 0.""" if type(data) == int: @@ -59,7 +56,6 @@ def ClearAllIntegers(data): return data -@atheris.instrument_func def TestOneInput(input_bytes): fdp = atheris.FuzzedDataProvider(input_bytes) original = fdp.ConsumeUnicode(sys.maxsize) diff --git a/projects/ujson/ujson_fuzzer.py b/projects/ujson/ujson_fuzzer.py index 51b33a9ff..c785ec6ce 100755 --- a/projects/ujson/ujson_fuzzer.py +++ b/projects/ujson/ujson_fuzzer.py @@ -29,7 +29,7 @@ coverage. """ import sys -import atheris +import atheris_no_libfuzzer as atheris import ujson diff --git a/projects/unicode-rs/Dockerfile b/projects/unicode-rs/Dockerfile deleted file mode 100644 index 9d9cc4767..000000000 --- a/projects/unicode-rs/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust - -RUN git clone --depth 1 https://github.com/unicode-rs/unicode-normalization -RUN git clone --depth 1 https://github.com/unicode-rs/unicode-segmentation - -WORKDIR $SRC - -COPY build.sh $SRC/ diff --git a/projects/unicode-rs/build.sh b/projects/unicode-rs/build.sh deleted file mode 100755 index 9db130ebe..000000000 --- a/projects/unicode-rs/build.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -if [ $SANITIZER != "coverage" ] -then - cd $SRC/unicode-normalization - cargo fuzz build -O - cp fuzz/target/x86_64-unknown-linux-gnu/release/unicode-normalization $OUT/unicode-normalization-normalization - cp fuzz/target/x86_64-unknown-linux-gnu/release/streaming $OUT/unicode-normalization-streaming -fi - -cd $SRC/unicode-segmentation/ -cargo fuzz build -O -cp ./fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1 $OUT/unicode-segmentation-fuzzer - diff --git a/projects/unicode-rs/project.yaml b/projects/unicode-rs/project.yaml deleted file mode 100644 index 914c14551..000000000 --- a/projects/unicode-rs/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "http://unicode-rs.github.io/" -main_repo: "https://github.com/unicode-rs" -primary_contact: "manishsmail@gmail.com" -sanitizers: - - address -fuzzing_engines: - - libfuzzer -language: rust -auto_ccs: - - "david@adalogics.com" diff --git a/projects/unrar/project.yaml b/projects/unrar/project.yaml index 2fa4c872b..242c91f1e 100644 --- a/projects/unrar/project.yaml +++ b/projects/unrar/project.yaml @@ -5,7 +5,6 @@ auto_ccs: - "vakh@chromium.org" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined -main_repo: 'https://github.com/aawc/unrar.git'
\ No newline at end of file +main_repo: 'https://github.com/aawc/unrar.git' diff --git a/projects/upb/Dockerfile b/projects/upb/Dockerfile index c97eaf05d..7e157a15f 100644 --- a/projects/upb/Dockerfile +++ b/projects/upb/Dockerfile @@ -15,7 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install python -y +RUN apt-get update && apt-get install -y cmake RUN git clone --depth 1 https://github.com/protocolbuffers/upb.git upb -WORKDIR upb +WORKDIR $SRC COPY build.sh $SRC/ diff --git a/projects/upb/build.sh b/projects/upb/build.sh index f93779561..3f5bebf75 100755 --- a/projects/upb/build.sh +++ b/projects/upb/build.sh @@ -15,4 +15,16 @@ # ################################################################################ -bazel_build_fuzz_tests +# build project +cd upb/cmake +cmake . +make -j$(nproc) + +# use bazel to build instead ? +$CC $CFLAGS -I. -I.. -o descriptor.upb.o -c google/protobuf/descriptor.upb.c +$CXX $CXXFLAGS -DHAVE_FUZZER=1 -std=c++11 -I. -I.. -o fuzz_parsenew.o -c ../tests/file_descriptor_parsenew_fuzzer.cc +$CXX $CXXFLAGS fuzz_parsenew.o descriptor.upb.o -o $OUT/fuzz_parsenew *.a $LIB_FUZZING_ENGINE + +# builds corpus +cd .. +find . -name "*.proto" | xargs zip -r $OUT/fuzz_parsenew_seed_corpus.zip diff --git a/projects/upb/project.yaml b/projects/upb/project.yaml index eb3c62e78..b67152df3 100644 --- a/projects/upb/project.yaml +++ b/projects/upb/project.yaml @@ -1,6 +1,8 @@ homepage: "https://github.com/protocolbuffers/upb" language: c++ primary_contact: "haberman@google.com" +auto_ccs : +- "p.antoine@catenacyber.fr" sanitizers: - address diff --git a/projects/uriparser/project.yaml b/projects/uriparser/project.yaml index ec64c6468..9ca257378 100644 --- a/projects/uriparser/project.yaml +++ b/projects/uriparser/project.yaml @@ -3,10 +3,9 @@ language: c++ primary_contact: "webmaster@hartwork.org" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined architectures: - x86_64 - i386 -main_repo: 'https://github.com/uriparser/uriparser'
\ No newline at end of file +main_repo: 'https://github.com/uriparser/uriparser' diff --git a/projects/urllib3/Dockerfile b/projects/urllib3/Dockerfile index a6cf8d6a5..799b8b957 100644 --- a/projects/urllib3/Dockerfile +++ b/projects/urllib3/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-python +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/urllib3/urllib3 COPY build.sh $SRC/ diff --git a/projects/urllib3/build.sh b/projects/urllib3/build.sh index 6eaf4d518..66f6419ac 100644 --- a/projects/urllib3/build.sh +++ b/projects/urllib3/build.sh @@ -30,5 +30,5 @@ this_dir=\$(dirname \"\$0\") LD_PRELOAD=\$this_dir/sanitizer_with_fuzzer.so \ ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \ \$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename - chmod +x $OUT/$fuzzer_basename + chmod u+x $OUT/$fuzzer_basename done diff --git a/projects/urllib3/fuzz_urlparse.py b/projects/urllib3/fuzz_urlparse.py index 81c016453..f2fcd9bbd 100644 --- a/projects/urllib3/fuzz_urlparse.py +++ b/projects/urllib3/fuzz_urlparse.py @@ -33,6 +33,5 @@ def main(): atheris.Fuzz() if __name__ == "__main__": - atheris.instrument_all() main() diff --git a/projects/usbguard/build.sh b/projects/usbguard/build.sh index 1504da82f..5c7daf68e 100644 --- a/projects/usbguard/build.sh +++ b/projects/usbguard/build.sh @@ -81,10 +81,3 @@ if [[ ! -d "$SRC/usbguard/src/Tests/Fuzzers/$corpus_dir" ]] ; then cp -R "$SRC/usbguard/src/Tests/USB/data" "${corpus_dir}" zip -r "${zip_name}" "${corpus_dir}" fi - -# Ubuntu 20.04 doesn't have a static libqb. -mkdir -p $OUT/lib -cp /lib/x86_64-linux-gnu/libqb* $OUT/lib -patchelf --set-rpath '$ORIGIN/lib' $OUT/fuzzer-uevent -patchelf --set-rpath '$ORIGIN/lib' $OUT/fuzzer-usb-descriptor -patchelf --set-rpath '$ORIGIN/lib' $OUT/fuzzer-rules diff --git a/projects/usbguard/project.yaml b/projects/usbguard/project.yaml index a220a6532..a372cd3a6 100644 --- a/projects/usbguard/project.yaml +++ b/projects/usbguard/project.yaml @@ -4,8 +4,7 @@ primary_contact: "rsroka@redhat.com" sanitizers: - address - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory auto_ccs: - "alakatos@redhat.com" - "allenwebb@google.com" diff --git a/projects/usrsctp/project.yaml b/projects/usrsctp/project.yaml index b2c310cf0..54fb49449 100644 --- a/projects/usrsctp/project.yaml +++ b/projects/usrsctp/project.yaml @@ -5,12 +5,12 @@ auto_ccs: - "t00fcxen@googlemail.com" - "markwo@google.com" - "natashenka@google.com" - - "orphis@google.com" - - "mbonadei@google.com" + - "yuquanw@google.com" fuzzing_engines: - libfuzzer - afl - honggfuzz + - dataflow sanitizers: - address - undefined diff --git a/projects/uwebsockets/project.yaml b/projects/uwebsockets/project.yaml index 47536fa4e..e46ea9a2a 100644 --- a/projects/uwebsockets/project.yaml +++ b/projects/uwebsockets/project.yaml @@ -4,7 +4,6 @@ primary_contact: "alexhultman@gmail.com" builds_per_day: 4 sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined -main_repo: 'https://github.com/uNetworking/uWebSockets.git'
\ No newline at end of file +main_repo: 'https://github.com/uNetworking/uWebSockets.git' diff --git a/projects/varnish/Dockerfile b/projects/varnish/Dockerfile deleted file mode 100644 index 5fd0fb49c..000000000 --- a/projects/varnish/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt install -y automake autoconf libtool pkg-config python3-docutils python3-sphinx libedit-dev libpcre2-dev libncurses-dev -RUN git clone --depth 1 https://github.com/varnishcache/varnish-cache -COPY build.sh $SRC -WORKDIR $SRC/varnish-cache diff --git a/projects/varnish/build.sh b/projects/varnish/build.sh deleted file mode 100755 index 3a7f24836..000000000 --- a/projects/varnish/build.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - - -# build project -./autogen.sh -./configure --enable-oss-fuzz PCRE2_LIBS=-l:libpcre2-8.a -make -j2 -C include/ -make -j2 -C lib/libvarnish/ -make -j2 -C lib/libvgz/ -make -j2 -C lib/libvsc/ -make -j2 -C bin/varnishd/ esi_parse_fuzzer -cp bin/varnishd/*_fuzzer $OUT/ diff --git a/projects/varnish/project.yaml b/projects/varnish/project.yaml index d25135569..836179045 100644 --- a/projects/varnish/project.yaml +++ b/projects/varnish/project.yaml @@ -1,8 +1,7 @@ homepage: "https://varnish-cache.org/" -language: c -primary_contact: "phk@varnish.org" +primary_contact: "federico.schwindt@gmail.com" auto_ccs: - - "bsdphk@gmail.com" - - "nils.goroll@uplex.de" - - "martin@varnish-software.com" -main_repo: 'https://github.com/varnishcache/varnish-cache' + - "phk@varnish.org" +sanitizers: + - address + - undefined diff --git a/projects/vitess/Dockerfile b/projects/vitess/Dockerfile index 9eda3560d..8f066c8ba 100644 --- a/projects/vitess/Dockerfile +++ b/projects/vitess/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/vitessio/vitess COPY build.sh $SRC/ WORKDIR $SRC/vitess diff --git a/projects/vlc/Dockerfile b/projects/vlc/Dockerfile deleted file mode 100644 index 6d24f0254..000000000 --- a/projects/vlc/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake libtool \ - pkg-config cmake flex bison gettext libglu1-mesa-dev -RUN git clone --depth 1 https://github.com/videolan/vlc vlc -WORKDIR vlc -COPY build.sh $SRC/ diff --git a/projects/vlc/build.sh b/projects/vlc/build.sh deleted file mode 100755 index 8eb7053a1..000000000 --- a/projects/vlc/build.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Use OSS-Fuzz environment rather than hardcoded setup. -sed -i 's/-fsanitize-coverage=trace-pc-guard//g' ./configure.ac -sed -i 's/-fsanitize-coverage=trace-cmp//g' ./configure.ac -sed -i 's/-fsanitize-coverage=trace-pc//g' ./configure.ac -sed -i 's/-lFuzzer//g' ./configure.ac - -# In order to build statically we avoid libxml and ogg plugins. -sed -i 's/..\/..\/lib\/libvlc_internal.h/lib\/libvlc_internal.h/g' ./test/src/input/decoder.c -sed -i 's/..\/modules\/libxml_plugin.la//g' ./test/Makefile.am -sed -i 's/..\/modules\/libogg_plugin.la//g' ./test/Makefile.am -sed -i 's/f(misc_xml_xml)//g' ./test/src/input/demux-run.c -sed -i 's/f(demux_ogg)//g' ./test/src/input/demux-run.c - -# Ensure that we compile with the correct link flags. -RULE="vlc_demux_libfuzzer_LDADD" -FUZZ_LDFLAGS="vlc_demux_libfuzzer_LDFLAGS=\${LIB_FUZZING_ENGINE}" -sed -i "s/${RULE}/${FUZZ_LDFLAGS}\n${RULE}/g" ./test/Makefile.am - -RULE="vlc_demux_dec_libfuzzer_LDADD" -FUZZ_LDFLAGS="vlc_demux_dec_libfuzzer_LDFLAGS=\${LIB_FUZZING_ENGINE}" -sed -i "s/${RULE}/${FUZZ_LDFLAGS}\n${RULE}/g" ./test/Makefile.am - -./bootstrap -./configure --disable-ogg --disable-oggspots --disable-libxml2 --disable-lua \ - --disable-shared \ - --enable-static \ - --enable-vlc=no \ - --disable-avcodec \ - --disable-swscale \ - --disable-a52 \ - --disable-xcb \ - --disable-alsa \ - --with-libfuzzer -make V=1 -j$(nproc) -cp ./test/vlc-demux-dec-libfuzzer $OUT/ -cp ./test/vlc-demux-libfuzzer $OUT/ diff --git a/projects/vlc/project.yaml b/projects/vlc/project.yaml deleted file mode 100644 index 1006c84e7..000000000 --- a/projects/vlc/project.yaml +++ /dev/null @@ -1,10 +0,0 @@ -homepage: "https://github.com/videolan/vlc" -language: c -primary_contact: "ossfuzz@videolan.org" -auto_ccs: - - "adam@adalogics.com" - - "david@adalogics.com" -sanitizers: - - address - - undefined -main_repo: 'https://github.com/videolan/vlc' diff --git a/projects/wasm3/Dockerfile b/projects/wasm3/Dockerfile deleted file mode 100644 index 1d123adb2..000000000 --- a/projects/wasm3/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make -RUN git clone --depth 1 https://github.com/wasm3/wasm3 -WORKDIR wasm3 -COPY build.sh $SRC/ diff --git a/projects/wasm3/build.sh b/projects/wasm3/build.sh deleted file mode 100755 index 1ef87c03a..000000000 --- a/projects/wasm3/build.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -mkdir build && cd build -cmake -DBUILD_WASI=none .. -make -j$(nproc) -$CC $CFLAGS -c $SRC/wasm3/platforms/app_fuzz/fuzzer.c -o fuzzer.o -I/src/wasm3/source -$CXX $CXXFLAGS $LIB_FUZZING_ENGINE -o $OUT/fuzzer fuzzer.o /src/wasm3/build/source/libm3.a diff --git a/projects/wasm3/project.yaml b/projects/wasm3/project.yaml deleted file mode 100644 index 41c18cae7..000000000 --- a/projects/wasm3/project.yaml +++ /dev/null @@ -1,14 +0,0 @@ -homepage: "https://github.com/wasm3/wasm3" -main_repo: "https://github.com/wasm3/wasm3" -language: c -primary_contact: "vshymanskyi@gmail.com" -auto_ccs: - - "Adam@adalogics.com" -sanitizers: - - address - - undefined - - memory -fuzzing_engines: - - libfuzzer - - afl - - honggfuzz diff --git a/projects/wasmtime/Dockerfile b/projects/wasmtime/Dockerfile index fe6c8dd3e..e310b360a 100644 --- a/projects/wasmtime/Dockerfile +++ b/projects/wasmtime/Dockerfile @@ -14,15 +14,9 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool curl cmake python llvm-dev libclang-dev clang -# Install a newer version of OCaml than provided by Ubuntu 16.04 (base version for this image) -RUN curl -sL https://raw.githubusercontent.com/ocaml/opam/master/shell/install.sh -o install.sh && \ - echo | sh install.sh && \ - opam init --disable-sandboxing --yes && \ - opam install ocamlbuild --yes - RUN git clone --depth 1 https://github.com/bytecodealliance/wasm-tools wasm-tools RUN git clone --depth 1 https://github.com/bytecodealliance/regalloc.rs regalloc.rs diff --git a/projects/wasmtime/build.sh b/projects/wasmtime/build.sh index b22a11be4..80423e376 100755 --- a/projects/wasmtime/build.sh +++ b/projects/wasmtime/build.sh @@ -56,9 +56,6 @@ build() { done } -# Ensure OCaml environment is set up prior to Wasmtime build. -eval $(opam env) - # Build with peepmatic in order to enable the related fuzz targets. build wasmtime "" "" --features "peepmatic-fuzzing experimental_x64" diff --git a/projects/wavpack/Dockerfile b/projects/wavpack/Dockerfile index 8c5a96a64..2cee9fd97 100644 --- a/projects/wavpack/Dockerfile +++ b/projects/wavpack/Dockerfile @@ -15,7 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake libtool gettext +RUN apt-get update && apt-get install -y make autoconf automake libtool RUN git clone --depth 1 https://github.com/dbry/WavPack.git wavpack RUN cp wavpack/fuzzing/build.sh $SRC WORKDIR wavpack diff --git a/projects/wazuh/Dockerfile b/projects/wazuh/Dockerfile deleted file mode 100755 index cf231652e..000000000 --- a/projects/wazuh/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y libpcre2-dev libssl-dev libsystemd-dev autoconf libtool -RUN git clone https://github.com/wazuh/wazuh - -WORKDIR $SRC/wazuh -COPY build.sh $SRC/ -COPY fuzz_xml.c $SRC/fuzz_xml.c diff --git a/projects/wazuh/build.sh b/projects/wazuh/build.sh deleted file mode 100755 index 984da47f6..000000000 --- a/projects/wazuh/build.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -cd src -export LDFLAGS="$CFLAGS" - -make deps -make TARGET=local -$CC $CFLAGS $LIB_FUZZING_ENGINE $SRC/fuzz_xml.c -o $OUT/fuzz_xml -I./ -I./os_xml \ - ./libwazuh.a ./external/sqlite/libsqlite3.a ./external/cJSON/libcjson.a \ - ./external/zlib/libz.a ./external/bzip2/libbz2.a diff --git a/projects/wazuh/fuzz_xml.c b/projects/wazuh/fuzz_xml.c deleted file mode 100644 index c889bccd1..000000000 --- a/projects/wazuh/fuzz_xml.c +++ /dev/null @@ -1,72 +0,0 @@ -/* Copyright 2021 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include <stdio.h> -#include <stdlib.h> -#include <stdint.h> - -#include "./os_xml/os_xml.h" -#include "./os_xml/os_xml_internal.h" - -int -LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) -{ - char filename[256]; - sprintf(filename, "/tmp/libfuzzer.%d", getpid()); - - FILE *fp = fopen(filename, "wb"); - if (!fp) - return 0; - fwrite(data, size, 1, fp); - fclose(fp); - - OS_XML xml; - if (OS_ReadXML(filename, &xml) < 0) { - unlink(filename); - return 0; - } - XML_NODE node = NULL; - node = OS_GetElementsbyNode(&xml, NULL); - if (node == NULL) { - OS_ClearXML(&xml); - return 0; - } - int i = 0; - - while (node[i]) { - int j = 0; - XML_NODE cnode; - cnode = OS_GetElementsbyNode(&xml, node[i]); - if (cnode == NULL) { - i++; - continue; - } - - while (cnode[j]) { - if (cnode[j]->attributes && cnode[j]->values) { - int k = 0; - while (cnode[j]->attributes[k]) { - k++; - } - } - j++; - } - - OS_ClearNode(cnode); - i++; - } - - OS_ClearNode(node); - OS_ClearXML(&xml); - unlink(filename); - return 0; -} - diff --git a/projects/wazuh/fuzz_xml.options b/projects/wazuh/fuzz_xml.options deleted file mode 100644 index f9d09656c..000000000 --- a/projects/wazuh/fuzz_xml.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -detect_leaks=0 diff --git a/projects/wazuh/project.yaml b/projects/wazuh/project.yaml deleted file mode 100755 index 04d791d2a..000000000 --- a/projects/wazuh/project.yaml +++ /dev/null @@ -1,6 +0,0 @@ -homepage: "https://wazuh.com/" -main_repo: 'https://github.com/wazuh/wazuh' -primary_contact: "devel@wazuh.com" -language: c -auto_ccs: - - "david@adalogics.com" diff --git a/projects/wget/Dockerfile b/projects/wget/Dockerfile index 2382da6ec..ec20c7ca9 100644 --- a/projects/wget/Dockerfile +++ b/projects/wget/Dockerfile @@ -22,7 +22,6 @@ RUN apt-get update && apt-get install -y \ autogen \ autopoint \ autoconf \ - autoconf-archive \ automake \ libtool \ texinfo \ diff --git a/projects/wget/build.sh b/projects/wget/build.sh index b52580137..840977d73 100755 --- a/projects/wget/build.sh +++ b/projects/wget/build.sh @@ -16,7 +16,7 @@ ################################################################################ export WGET_DEPS_PATH=$SRC/wget_deps -export PKG_CONFIG_PATH=$WGET_DEPS_PATH/lib64/pkgconfig:$WGET_DEPS_PATH/lib/pkgconfig +export PKG_CONFIG_PATH=$WGET_DEPS_PATH/lib/pkgconfig export CPPFLAGS="-I$WGET_DEPS_PATH/include" export LDFLAGS="-L$WGET_DEPS_PATH/lib" export GNULIB_SRCDIR=$SRC/gnulib @@ -76,31 +76,19 @@ make install # avoid iconv() memleak on Ubuntu 16.04 image (breaks test suite) export ASAN_OPTIONS=detect_leaks=0 -# Ensure our libraries can be found -ln -s $WGET_DEPS_PATH/lib64/libhogweed.a $WGET_DEPS_PATH/lib/libhogweed.a -ln -s $WGET_DEPS_PATH/lib64/libnettle.a $WGET_DEPS_PATH/lib/libnettle.a - cd $SRC/wget ./bootstrap -autoreconf -fi - -export CFLAGS="$CFLAGS -I$WGET_DEPS_PATH/include" -export CXXFLAGS="$CXXFLAGS -I$WGET_DEPS_PATH/include" # build and run non-networking tests -GNUTLS_CFLAGS="-lgnutls" \ -GNUTLS_LIBS="-lgnutls" \ -LIBS="-lgnutls -lhogweed -lnettle -lidn2 -lunistring -lpsl" \ -./configure -C +LIBS="-lgnutls -lhogweed -lnettle -lidn2 -lunistring" \ + ./configure -C make clean make -j$(nproc) make -j$(nproc) -C fuzz check # build for fuzzing -GNUTLS_CFLAGS="-lgnutls" \ -GNUTLS_LIBS="-lgnutls" \ -LIBS="-lgnutls -lhogweed -lnettle -lidn2 -lunistring -lpsl" \ -./configure --enable-fuzzing -C +LIBS="-lgnutls -lhogweed -lnettle -lidn2 -lunistring" \ + ./configure --enable-fuzzing -C make clean make -j$(nproc) -C lib make -j$(nproc) -C src diff --git a/projects/wget2/Dockerfile b/projects/wget2/Dockerfile index 8513d586d..bc2451ea5 100644 --- a/projects/wget2/Dockerfile +++ b/projects/wget2/Dockerfile @@ -34,8 +34,7 @@ RUN apt-get update && apt-get install -y \ wget \ python \ lzip \ - rsync \ - libmicrohttpd-dev + rsync ENV GNULIB_TOOL $SRC/gnulib/gnulib-tool RUN git clone git://git.savannah.gnu.org/gnulib.git diff --git a/projects/wget2/build.sh b/projects/wget2/build.sh index 866a4259f..3ad4e04bd 100755 --- a/projects/wget2/build.sh +++ b/projects/wget2/build.sh @@ -16,7 +16,7 @@ ################################################################################ export WGET2_DEPS_PATH=$SRC/wget2_deps -export PKG_CONFIG_PATH=$WGET2_DEPS_PATH/lib64/pkgconfig:$WGET2_DEPS_PATH/lib/pkgconfig +export PKG_CONFIG_PATH=$WGET2_DEPS_PATH/lib/pkgconfig export CPPFLAGS="-I$WGET2_DEPS_PATH/include" export LDFLAGS="-L$WGET2_DEPS_PATH/lib" export GNULIB_SRCDIR=$SRC/gnulib @@ -72,20 +72,29 @@ CFLAGS="$GNUTLS_CFLAGS" \ make -j$(nproc) make install +cd $SRC/libmicrohttpd-* +LIBS="-lgnutls -lhogweed -lnettle -lidn2 -lunistring" \ +./configure --prefix=$WGET2_DEPS_PATH --disable-doc --disable-examples --disable-shared --enable-static +make -j$(nproc) +make install + + # avoid iconv() memleak on Ubuntu 16.04 image (breaks test suite) export ASAN_OPTIONS=detect_leaks=0 cd $SRC/wget2 ./bootstrap -LIBS="-lgnutls -lhogweed -lnettle -lidn2 -lunistring -lpsl" \ +# build and run non-networking tests +LIBS="-lgnutls -lhogweed -lnettle -lidn2 -lunistring" \ ./configure -C --enable-static --disable-shared --disable-doc --without-plugin-support make clean make -j$(nproc) make -j$(nproc) -C unit-tests check make -j$(nproc) -C fuzz check -LIBS="-lgnutls -lhogweed -lnettle -lidn2 -lunistring -lpsl" \ +# build for fuzzing +LIBS="-lgnutls -lhogweed -lnettle -lidn2 -lunistring" \ ./configure -C --enable-fuzzing --enable-static --disable-shared --disable-doc --without-plugin-support make clean make -j$(nproc) -C lib @@ -93,13 +102,8 @@ make -j$(nproc) -C include make -j$(nproc) -C libwget make -j$(nproc) -C src -# Ensure our libraries can be found -ln -s $WGET2_DEPS_PATH/lib64/libhogweed.a $WGET2_DEPS_PATH/lib/libhogweed.a -ln -s $WGET2_DEPS_PATH/lib64/libnettle.a $WGET2_DEPS_PATH/lib/libnettle.a - # build fuzzers cd fuzz - CXXFLAGS="$CXXFLAGS -L$WGET2_DEPS_PATH/lib/" make oss-fuzz find . -name '*_fuzzer' -exec cp -v '{}' $OUT ';' diff --git a/projects/wolfssl/Dockerfile b/projects/wolfssl/Dockerfile index 83cbdf460..963f5e0e3 100644 --- a/projects/wolfssl/Dockerfile +++ b/projects/wolfssl/Dockerfile @@ -24,29 +24,9 @@ RUN git clone --depth 1 https://github.com/guidovranken/wolf-ssl-ssh-fuzzers RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz RUN git clone --depth 1 https://github.com/randombit/botan.git RUN git clone --depth 1 https://github.com/google/wycheproof.git -RUN wget https://boostorg.jfrog.io/artifactory/main/release/1.74.0/source/boost_1_74_0.tar.bz2 +RUN wget https://dl.bintray.com/boostorg/release/1.74.0/source/boost_1_74_0.tar.bz2 RUN git clone https://github.com/wolfssl/oss-fuzz-targets --depth 1 $SRC/fuzz-targets -# Retrieve corpora from other projects -RUN wget https://storage.googleapis.com/pub/gsutil.tar.gz -O $SRC/gsutil.tar.gz -RUN tar zxf $SRC/gsutil.tar.gz -ENV PATH="${PATH}:$SRC/gsutil" -RUN gsutil cp gs://bearssl-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/bearssl_cryptofuzz-bearssl/public.zip $SRC/corpus_bearssl.zip -RUN gsutil cp gs://nettle-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/nettle_cryptofuzz-nettle-with-mini-gmp/public.zip $SRC/corpus_nettle.zip -RUN gsutil cp gs://libecc-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/libecc_cryptofuzz-libecc/public.zip $SRC/corpus_libecc.zip -RUN gsutil cp gs://relic-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/relic_cryptofuzz-relic/public.zip $SRC/corpus_relic.zip -RUN gsutil cp gs://cryptofuzz-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/cryptofuzz_cryptofuzz-openssl/public.zip $SRC/corpus_cryptofuzz.zip -RUN gsutil cp gs://wolfssl-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/wolfssl_cryptofuzz-sp-math-all/public.zip $SRC/corpus_wolfssl_sp-math-all.zip -RUN gsutil cp gs://wolfssl-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/wolfssl_cryptofuzz-sp-math-all-8bit/public.zip $SRC/corpus_wolfssl_sp-math-all-8bit.zip -RUN gsutil cp gs://wolfssl-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/wolfssl_cryptofuzz-sp-math/public.zip $SRC/corpus_wolfssl_sp-math.zip -RUN gsutil cp gs://wolfssl-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/wolfssl_cryptofuzz-disable-fastmath/public.zip $SRC/corpus_wolfssl_disable-fastmath.zip - -# Botan corpora, which require a special import procedure -RUN gsutil cp gs://botan-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/botan_ecc_p256/public.zip $SRC/corpus_botan_ecc_p256.zip -RUN gsutil cp gs://botan-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/botan_ecc_p384/public.zip $SRC/corpus_botan_ecc_p384.zip -RUN gsutil cp gs://botan-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/botan_ecc_p521/public.zip $SRC/corpus_botan_ecc_p521.zip -RUN gsutil cp gs://botan-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/botan_ecc_bp256/public.zip $SRC/corpus_botan_ecc_bp256.zip - WORKDIR wolfssl COPY build.sh $SRC/ diff --git a/projects/wolfssl/build.sh b/projects/wolfssl/build.sh index 2e6e5c673..70db45387 100755 --- a/projects/wolfssl/build.sh +++ b/projects/wolfssl/build.sh @@ -17,7 +17,7 @@ if [[ $CFLAGS != *sanitize=dataflow* ]] then - WOLFCRYPT_CONFIGURE_PARAMS="--enable-static --enable-md2 --enable-md4 --enable-ripemd --enable-blake2 --enable-blake2s --enable-pwdbased --enable-scrypt --enable-hkdf --enable-cmac --enable-arc4 --enable-camellia --enable-rabbit --enable-aesccm --enable-aesctr --enable-hc128 --enable-xts --enable-des3 --enable-idea --enable-x963kdf --enable-harden --enable-aescfb --enable-aesofb --enable-aeskeywrap --enable-keygen --enable-curve25519 --enable-curve448 --enable-shake256 --disable-crypttests --disable-examples --enable-compkey --enable-ed448 --enable-ed25519 --enable-ecccustcurves --enable-xchacha --enable-cryptocb --enable-eccencrypt --enable-aesgcm-stream --enable-smallstack --enable-ed25519-stream --enable-ed448-stream" + WOLFCRYPT_CONFIGURE_PARAMS="--enable-static --enable-md2 --enable-md4 --enable-ripemd --enable-blake2 --enable-blake2s --enable-pwdbased --enable-scrypt --enable-hkdf --enable-cmac --enable-arc4 --enable-camellia --enable-rabbit --enable-aesccm --enable-aesctr --enable-hc128 --enable-xts --enable-des3 --enable-idea --enable-x963kdf --enable-harden --enable-aescfb --enable-aesofb --enable-aeskeywrap --enable-keygen --enable-curve25519 --enable-curve448 --enable-shake256 --disable-crypttests --disable-examples --enable-compkey --enable-ed448 --enable-ed25519 --enable-ecccustcurves --enable-xchacha --enable-cryptocb --enable-eccencrypt --enable-smallstack" if [[ $CFLAGS = *sanitize=memory* ]] then WOLFCRYPT_CONFIGURE_PARAMS="$WOLFCRYPT_CONFIGURE_PARAMS --disable-asm" @@ -31,14 +31,10 @@ then CFLAGS="" CXXFLAGS="" ./b2 headers cp -R boost/ /usr/include/ - export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_BOTAN_IS_ORACLE" - OLD_CFLAGS="$CFLAGS" OLD_CXXFLAGS="$CXXFLAGS" # Configure Cryptofuzz - cd $SRC/cryptofuzz - sed -i 's/kNegativeIntegers = false/kNegativeIntegers = true/g' config.h cp -R $SRC/cryptofuzz/ $SRC/cryptofuzz-openssl-api/ cd $SRC/cryptofuzz-openssl-api/ python gen_repository.py @@ -79,23 +75,11 @@ then echo -n '"' >>extra_options.h echo -n '--force-module=wolfCrypt ' >>extra_options.h echo -n '--digests=NULL ' >>extra_options.h - echo -n '--operations=' >>extra_options.h - echo -n 'BignumCalc,' >>extra_options.h - echo -n 'DH_GenerateKeyPair,' >>extra_options.h - echo -n 'DH_Derive,' >>extra_options.h - echo -n 'ECC_GenerateKeyPair,' >>extra_options.h - echo -n 'ECC_PrivateToPublic,' >>extra_options.h - echo -n 'ECC_ValidatePubkey,' >>extra_options.h - echo -n 'ECDSA_Verify,' >>extra_options.h - echo -n 'ECDSA_Sign,' >>extra_options.h - echo -n 'ECIES_Encrypt,' >>extra_options.h - echo -n 'ECIES_Decrypt,' >>extra_options.h - echo -n 'ECC_Point_Add,' >>extra_options.h - echo -n 'ECC_Point_Mul,' >>extra_options.h - echo -n 'ECDH_Derive ' >>extra_options.h + echo -n '--operations=BignumCalc,DH_GenerateKeyPair,DH_Derive,ECC_GenerateKeyPair,ECC_PrivateToPublic,ECC_ValidatePubkey,ECDSA_Verify,ECDSA_Sign' >>extra_options.h echo -n '"' >>extra_options.h # Build Botan + export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_BOTAN_IS_ORACLE" cd $SRC/botan if [[ $CFLAGS != *-m32* ]] then @@ -107,44 +91,12 @@ then export LIBBOTAN_A_PATH="$SRC/botan/libbotan-3.a" export BOTAN_INCLUDE_PATH="$SRC/botan/build/include" - # Build normal math fuzzer - cp -R $SRC/cryptofuzz/ $SRC/cryptofuzz-normal-math/ - cp -R $SRC/wolfssl/ $SRC/wolfssl-normal-math/ - cd $SRC/wolfssl-normal-math/ - autoreconf -ivf - CFLAGS="$CFLAGS -DHAVE_AES_ECB -DWOLFSSL_DES_ECB -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ -DWOLFSSL_ECDSA_SET_K -DWOLFSSL_ECDSA_SET_K_ONE_LOOP" - if [[ $CFLAGS != *-m32* ]] - then - ./configure $WOLFCRYPT_CONFIGURE_PARAMS - else - # Compiling instrumented 32 bit normal math with asm is currently - # not possible because it results in Clang error messages such as: - # - # wolfcrypt/src/tfm.c:3154:11: error: inline assembly requires more registers than available - ./configure $WOLFCRYPT_CONFIGURE_PARAMS --disable-asm - fi - make -j$(nproc) - export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL -DCRYPTOFUZZ_WOLFCRYPT -DCRYPTOFUZZ_BOTAN" - export WOLFCRYPT_LIBWOLFSSL_A_PATH="$SRC/wolfssl-normal-math/src/.libs/libwolfssl.a" - export WOLFCRYPT_INCLUDE_PATH="$SRC/wolfssl-normal-math/" - cd $SRC/cryptofuzz-normal-math/modules/wolfcrypt - make -j$(nproc) - cd $SRC/cryptofuzz-normal-math/modules/botan - make -j$(nproc) - cd $SRC/cryptofuzz-normal-math/ - LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" make -B -j$(nproc) - cp cryptofuzz $OUT/cryptofuzz-normal-math - CFLAGS="$OLD_CFLAGS" - CXXFLAGS="$OLD_CXXFLAGS" - unset WOLFCRYPT_LIBWOLFSSL_A_PATH - unset WOLFCRYPT_INCLUDE_PATH - # Build sp-math-all fuzzer cp -R $SRC/cryptofuzz/ $SRC/cryptofuzz-sp-math-all/ cp -R $SRC/wolfssl/ $SRC/wolfssl-sp-math-all/ cd $SRC/wolfssl-sp-math-all/ autoreconf -ivf - CFLAGS="$CFLAGS -DHAVE_AES_ECB -DWOLFSSL_DES_ECB -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ -DWOLFSSL_ECDSA_SET_K -DWOLFSSL_ECDSA_SET_K_ONE_LOOP -DWOLFSSL_SP_INT_NEGATIVE" + CFLAGS="$CFLAGS -DHAVE_AES_ECB -DWOLFSSL_DES_ECB -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ -DWOLFSSL_ECDSA_SET_K -DWOLFSSL_ECDSA_SET_K_ONE_LOOP" ./configure $WOLFCRYPT_CONFIGURE_PARAMS --enable-sp-math-all make -j$(nproc) export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL -DCRYPTOFUZZ_WOLFCRYPT -DCRYPTOFUZZ_BOTAN" @@ -167,7 +119,7 @@ then cp -R $SRC/wolfssl/ $SRC/wolfssl-sp-math-all-8bit/ cd $SRC/wolfssl-sp-math-all-8bit/ autoreconf -ivf - CFLAGS="$CFLAGS -DHAVE_AES_ECB -DWOLFSSL_DES_ECB -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ -DWOLFSSL_ECDSA_SET_K -DWOLFSSL_ECDSA_SET_K_ONE_LOOP -DSP_WORD_SIZE=8 -DWOLFSSL_SP_INT_NEGATIVE" + CFLAGS="$CFLAGS -DHAVE_AES_ECB -DWOLFSSL_DES_ECB -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ -DWOLFSSL_ECDSA_SET_K -DWOLFSSL_ECDSA_SET_K_ONE_LOOP -DSP_WORD_SIZE=8" ./configure $WOLFCRYPT_CONFIGURE_PARAMS --enable-sp-math-all make -j$(nproc) export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL -DCRYPTOFUZZ_WOLFCRYPT -DCRYPTOFUZZ_BOTAN" @@ -191,7 +143,7 @@ then cd $SRC/wolfssl-sp-math/ autoreconf -ivf # -DHAVE_ECC_BRAINPOOL and -DHAVE_ECC_KOBLITZ are lacking from the CFLAGS; these are not supported by SP math - CFLAGS="$CFLAGS -DHAVE_AES_ECB -DWOLFSSL_DES_ECB -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DWOLFSSL_ECDSA_SET_K -DWOLFSSL_ECDSA_SET_K_ONE_LOOP -DWOLFSSL_PUBLIC_ECC_ADD_DBL" + CFLAGS="$CFLAGS -DHAVE_AES_ECB -DWOLFSSL_DES_ECB -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DWOLFSSL_ECDSA_SET_K -DWOLFSSL_ECDSA_SET_K_ONE_LOOP" # SP math does not support custom curves, so remove that flag export WOLFCRYPT_CONFIGURE_PARAMS_SP_MATH=${WOLFCRYPT_CONFIGURE_PARAMS//"--enable-ecccustcurves"/} ./configure $WOLFCRYPT_CONFIGURE_PARAMS_SP_MATH --enable-sp --enable-sp-math @@ -234,57 +186,16 @@ then unset WOLFCRYPT_LIBWOLFSSL_A_PATH unset WOLFCRYPT_INCLUDE_PATH - mkdir $SRC/cryptofuzz-seed-corpus/ - # Convert Wycheproof test vectors to Cryptofuzz corpus format - find $SRC/wycheproof/testvectors/ -type f -name 'ecdsa_*' -exec $SRC/cryptofuzz-disable-fastmath/cryptofuzz --from-wycheproof={},$SRC/cryptofuzz-seed-corpus/ \; - - # Unpack corpora from other projects - unzip -n $SRC/corpus_bearssl.zip -d $SRC/cryptofuzz_seed_corpus/ - unzip -n $SRC/corpus_nettle.zip -d $SRC/cryptofuzz_seed_corpus/ - unzip -n $SRC/corpus_libecc.zip -d $SRC/cryptofuzz_seed_corpus/ - unzip -n $SRC/corpus_relic.zip -d $SRC/cryptofuzz_seed_corpus/ - unzip -n $SRC/corpus_cryptofuzz.zip -d $SRC/cryptofuzz_seed_corpus/ - unzip -n $SRC/corpus_wolfssl_sp-math-all.zip -d $SRC/cryptofuzz_seed_corpus/ - unzip -n $SRC/corpus_wolfssl_sp-math-all-8bit.zip -d $SRC/cryptofuzz_seed_corpus/ - unzip -n $SRC/corpus_wolfssl_sp-math.zip -d $SRC/cryptofuzz_seed_corpus/ - unzip -n $SRC/corpus_wolfssl_disable-fastmath.zip -d $SRC/cryptofuzz_seed_corpus/ - - # Import Botan corpora - mkdir $SRC/botan-p256-corpus/ - unzip $SRC/corpus_botan_ecc_p256.zip -d $SRC/botan-p256-corpus/ - find $SRC/botan-p256-corpus/ -type f -exec $SRC/cryptofuzz-disable-fastmath/cryptofuzz --from-botan={},$SRC/cryptofuzz-seed-corpus/,secp256r1 \; - - mkdir $SRC/botan-p384-corpus/ - unzip $SRC/corpus_botan_ecc_p384.zip -d $SRC/botan-p384-corpus/ - find $SRC/botan-p384-corpus/ -type f -exec $SRC/cryptofuzz-disable-fastmath/cryptofuzz --from-botan={},$SRC/cryptofuzz-seed-corpus/,secp384r1 \; - - mkdir $SRC/botan-p521-corpus/ - unzip $SRC/corpus_botan_ecc_p521.zip -d $SRC/botan-p521-corpus/ - find $SRC/botan-p521-corpus/ -type f -exec $SRC/cryptofuzz-disable-fastmath/cryptofuzz --from-botan={},$SRC/cryptofuzz-seed-corpus/,secp521r1 \; - - mkdir $SRC/botan-bp256-corpus/ - unzip $SRC/corpus_botan_ecc_bp256.zip -d $SRC/botan-bp256-corpus/ - find $SRC/botan-bp256-corpus/ -type f -exec $SRC/cryptofuzz-disable-fastmath/cryptofuzz --from-botan={},$SRC/cryptofuzz-seed-corpus/,brainpool256r1 \; - + mkdir $SRC/corpus-cryptofuzz-wycheproof/ + find $SRC/wycheproof/testvectors/ -type f -name 'ecdsa_*' -exec $SRC/cryptofuzz-disable-fastmath/cryptofuzz --from-wycheproof={},$SRC/corpus-cryptofuzz-wycheproof/ \; # Pack it - cd $SRC/cryptofuzz_seed_corpus - zip -r $SRC/cryptofuzz_seed_corpus.zip . - + zip -j $SRC/cryptofuzz_wycheproof_seed_corpus.zip $SRC/corpus-cryptofuzz-wycheproof/* # Use it as the seed corpus for each Cryptofuzz-based fuzzer - cp $SRC/cryptofuzz_seed_corpus.zip $OUT/cryptofuzz-normal-math_seed_corpus.zip - cp $SRC/cryptofuzz_seed_corpus.zip $OUT/cryptofuzz-sp-math-all_seed_corpus.zip - cp $SRC/cryptofuzz_seed_corpus.zip $OUT/cryptofuzz-sp-math-all-8bit_seed_corpus.zip - cp $SRC/cryptofuzz_seed_corpus.zip $OUT/cryptofuzz-sp-math_seed_corpus.zip - cp $SRC/cryptofuzz_seed_corpus.zip $OUT/cryptofuzz-disable-fastmath_seed_corpus.zip - - # Remove files that are no longer needed to prevent running out of disk space - rm -rf $SRC/botan-p256-corpus/ - rm -rf $SRC/botan-p384-corpus/ - rm -rf $SRC/botan-p521-corpus/ - rm -rf $SRC/botan-bp256-corpus/ - rm -rf $SRC/cryptofuzz_seed_corpus/ - rm -rf $SRC/cryptofuzz_seed_corpus.zip + cp $SRC/cryptofuzz_wycheproof_seed_corpus.zip $OUT/cryptofuzz-sp-math-all_seed_corpus.zip + cp $SRC/cryptofuzz_wycheproof_seed_corpus.zip $OUT/cryptofuzz-sp-math-all-8bit_seed_corpus.zip + cp $SRC/cryptofuzz_wycheproof_seed_corpus.zip $OUT/cryptofuzz-sp-math_seed_corpus.zip + cp $SRC/cryptofuzz_wycheproof_seed_corpus.zip $OUT/cryptofuzz-disable-fastmath_seed_corpus.zip # Build SSL/SSH fuzzers NEW_SRC=$SRC/wolf-ssl-ssh-fuzzers/oss-fuzz/projects/wolf-ssl-ssh/ diff --git a/projects/wolfssl/project.yaml b/projects/wolfssl/project.yaml index fdd186bb6..a6a31a18d 100644 --- a/projects/wolfssl/project.yaml +++ b/projects/wolfssl/project.yaml @@ -10,11 +10,10 @@ auto_ccs: - "levi@wolfssl.com" - "testing@wolfssl.com" - "dgarske80@gmail.com" - - "jeffelms.wolfssl@gmail.com" - - "douzzer@mega.nu" - "guidovranken@gmail.com" fuzzing_engines: - libfuzzer + - afl - honggfuzz - dataflow sanitizers: diff --git a/projects/wuffs/build.sh b/projects/wuffs/build.sh index 17c4fc888..b8d4f5366 100755 --- a/projects/wuffs/build.sh +++ b/projects/wuffs/build.sh @@ -19,34 +19,14 @@ # Wuffs' generated C files are "drop-in libraries" a la # http://gpfault.net/posts/drop-in-libraries.txt.html -for f in fuzz/c/std/*_fuzzer.c*; do - # Extract the format name (such as "gzip", from the C or C++ file name, - # "fuzz/c/std/gzip_fuzzer.c") and make the "gzip_fuzzer" binary. First - # compile the (C or C++) Wuffs code... - extension="${f##*.}" - if [ "$extension" = "c" ]; then - echo "Building (C) $f" - b=$(basename $f _fuzzer.c) - $CC $CFLAGS -c $f -o $WORK/${b}_fuzzer.o - elif [ "$extension" = "cc" ]; then - if [[ $LIB_FUZZING_ENGINE == *"DataFlow"* ]]; then - # Linking (below) with "--engine dataflow" works with the C fuzzers but - # not the C++ ones. With C++, we get errors like `undefined reference to - # `dfs$_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEED2Ev'` - # - # This is possibly "DFsan instrumented dependencies" - # https://github.com/google/oss-fuzz/issues/3388 - echo "Skipping (C++) $f" - continue - fi - echo "Building (C++) $f" - b=$(basename $f _fuzzer.cc) - $CXX $CXXFLAGS -c $f -o $WORK/${b}_fuzzer.o - else - continue - fi +for f in fuzz/c/std/*_fuzzer.c; do + # Extract the format name, such as "gzip", from the C file name, + # "fuzz/c/std/gzip_fuzzer.c". + b=$(basename $f _fuzzer.c) - # ...then link the (C++) fuzzing library. + # Make the "gzip_fuzzer" binary. First compile the (C) Wuffs code, then link + # the (C++) fuzzing library. + $CC $CFLAGS -c $f -o $WORK/${b}_fuzzer.o $CXX $CXXFLAGS $WORK/${b}_fuzzer.o -o $OUT/${b}_fuzzer $LIB_FUZZING_ENGINE # Make the optional "gzip_fuzzer_seed_corpus.zip" archive. This means diff --git a/projects/xmlsec/Dockerfile b/projects/xmlsec/Dockerfile index 013c53078..75814fcc1 100644 --- a/projects/xmlsec/Dockerfile +++ b/projects/xmlsec/Dockerfile @@ -16,7 +16,7 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool pkg-config \ - libssl-dev wget liblzma-dev python-dev python3-dev + libssl-dev libxslt-dev wget liblzma-dev RUN git clone --depth 1 https://github.com/lsh123/xmlsec RUN git clone --depth 1 https://gitlab.gnome.org/GNOME/libxml2.git diff --git a/projects/xmlsec/build.sh b/projects/xmlsec/build.sh index bb601a79c..b2976c3d9 100755 --- a/projects/xmlsec/build.sh +++ b/projects/xmlsec/build.sh @@ -28,7 +28,7 @@ make -j$(nproc) all make install cd $SRC/libxslt -./autogen.sh --prefix="$XMLSEC_DEPS_PATH" --with-libxml-src=${SRC}/libxml2 +./autogen.sh --prefix="$XMLSEC_DEPS_PATH" make -j$(nproc) make install @@ -40,8 +40,7 @@ make -j$(nproc) all for file in $SRC/xmlsec/tests/oss-fuzz/*_target.c; do b=$(basename $file _target.c) - echo -e "#include <stdint.h>\n$(cat $file)" > $file - $CC $CFLAGS -c $file -I${XMLSEC_DEPS_PATH=}/include/libxml2 -I${XMLSEC_DEPS_PATH=}/include/ -I ./include/ \ + $CC $CFLAGS -c $file -I /usr/include/libxml2 -I ./include/ \ -o $OUT/${b}_target.o $CXX $CXXFLAGS $OUT/${b}_target.o ./src/.libs/libxmlsec1.a \ ./src/openssl/.libs/libxmlsec1-openssl.a $LIB_FUZZING_ENGINE \ diff --git a/projects/xnu/Dockerfile b/projects/xnu/Dockerfile deleted file mode 100644 index ab69648a6..000000000 --- a/projects/xnu/Dockerfile +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder - -RUN apt-get update && apt-get install -y \ - autoconf \ - automake \ - libtool \ - ninja-build - -# Install Protobuf for C++ as the version in the base-builder repos may -# be outdated. -RUN curl -LO https://github.com/protocolbuffers/protobuf/releases/download/v3.18.1/protobuf-cpp-3.18.1.tar.gz -RUN tar xf protobuf-cpp-3.18.1.tar.gz -WORKDIR $SRC/protobuf-3.18.1 -# Build statically -RUN ./configure --disable-shared -RUN make -j $(nproc) -RUN make install - -WORKDIR $SRC -RUN git clone --depth 1 https://github.com/googleprojectzero/SockFuzzer.git -COPY build.sh $SRC diff --git a/projects/xnu/build.sh b/projects/xnu/build.sh deleted file mode 100755 index 715e32bd2..000000000 --- a/projects/xnu/build.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -mkdir build -cd build - -cmake -GNinja $SRC/SockFuzzer -ninja - -cp $SRC/build/net_fuzzer $OUT diff --git a/projects/xnu/project.yaml b/projects/xnu/project.yaml deleted file mode 100644 index e0d883189..000000000 --- a/projects/xnu/project.yaml +++ /dev/null @@ -1,9 +0,0 @@ -homepage: "https://opensource.apple.com/" -language: "c" -primary_contact: "nedwill@google.com" -main_repo: "https://github.com/googleprojectzero/SockFuzzer" -fuzzing_engines: - - libfuzzer - - honggfuzz -sanitizers: - - address diff --git a/projects/xpdf/Dockerfile b/projects/xpdf/Dockerfile index 5c43ae74a..a3090f06b 100755 --- a/projects/xpdf/Dockerfile +++ b/projects/xpdf/Dockerfile @@ -15,7 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install software-properties-common -y && apt-get update && apt-add-repository ppa:rock-core/qt4 && apt-get install -y make wget cmake libqt4-dev +RUN apt-get update && apt-get install -y make wget cmake libqt4-dev RUN wget --no-check-certificate https://dl.xpdfreader.com/xpdf-latest.tar.gz WORKDIR $SRC diff --git a/projects/yajl-ruby/project.yaml b/projects/yajl-ruby/project.yaml index 11edfb944..d1da04dac 100644 --- a/projects/yajl-ruby/project.yaml +++ b/projects/yajl-ruby/project.yaml @@ -5,10 +5,12 @@ fuzzing_engines: - libfuzzer - afl - honggfuzz + - dataflow sanitizers: - address - undefined - memory + - dataflow auto_ccs: - aaron.patterson@gmail.com - jonathan@titanous.com diff --git a/projects/ygot/Dockerfile b/projects/ygot/Dockerfile index c8f0a419f..b592c307b 100644 --- a/projects/ygot/Dockerfile +++ b/projects/ygot/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-go +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/openconfig/ygot COPY build.sh $SRC/ diff --git a/projects/zeek/build.sh b/projects/zeek/build.sh index bd6c57031..996fe9c12 100644 --- a/projects/zeek/build.sh +++ b/projects/zeek/build.sh @@ -20,12 +20,12 @@ CFLAGS="${CFLAGS} -pthread" CXXFLAGS="${CXXFLAGS} -pthread" \ --build-type=debug \ --generator=Ninja \ --enable-fuzzers \ - --enable-mobile-ipv6 \ --disable-python \ --disable-zeekctl \ --disable-auxtools \ --disable-broker-tests + cd build ninja install diff --git a/projects/zeek/project.yaml b/projects/zeek/project.yaml index 5d1b068ad..b0239dab7 100644 --- a/projects/zeek/project.yaml +++ b/projects/zeek/project.yaml @@ -11,9 +11,6 @@ auto_ccs: - "vern@corelight.com" - "vlad@es.net" - "dominik.charousset@corelight.com" -fuzzing_engines: - - libfuzzer - - honggfuzz sanitizers: - address main_repo: 'https://github.com/zeek/zeek' diff --git a/projects/znc/Dockerfile b/projects/znc/Dockerfile deleted file mode 100644 index 923e01556..000000000 --- a/projects/znc/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make -RUN git clone --depth 1 https://github.com/znc/znc -WORKDIR $SRC/znc -COPY build.sh msg_parse_fuzzer.cpp $SRC/ diff --git a/projects/znc/build.sh b/projects/znc/build.sh deleted file mode 100755 index 7472ad8b5..000000000 --- a/projects/znc/build.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -git submodule update --init --recursive -mkdir build && cd build -cmake -DBUILD_SHARED_LIBS=OFF \ - -DWANT_ICU=OFF \ - -DWANT_OPENSSL=OFF \ - -DWANT_ZLIB=OFF \ - -DWANT_IPV6=OFF .. -make -j$(nproc) - -$CXX $CXXFLAGS -DGTEST_HAS_POSIX_RE=0 \ - -I/src/znc/include -I/src/znc/build/include \ - -fPIE -include znc/zncconfig.h -std=c++11 \ - -c $SRC/msg_parse_fuzzer.cpp -o msg_parse_fuzzer.o -$CXX $CXXFLAGS $LIB_FUZZING_ENGINE \ - msg_parse_fuzzer.o -o $OUT/msg_parse_fuzzer \ - /src/znc/build/src/libznc.a diff --git a/projects/znc/msg_parse_fuzzer.cpp b/projects/znc/msg_parse_fuzzer.cpp deleted file mode 100644 index 73389459e..000000000 --- a/projects/znc/msg_parse_fuzzer.cpp +++ /dev/null @@ -1,30 +0,0 @@ -/* -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -*/ - -#include <stdint.h> -#include <znc/Message.h> - -extern "C" -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size){ - std::string input(reinterpret_cast<const char*>(data), size); - CMessage msg; - msg.Parse(input); - msg.SetParam(1, input); - msg.GetParams(); - return 0; -} diff --git a/projects/znc/project.yaml b/projects/znc/project.yaml deleted file mode 100644 index 984e04087..000000000 --- a/projects/znc/project.yaml +++ /dev/null @@ -1,12 +0,0 @@ -homepage: "https://znc.in" -language: c++ -primary_contact: "alexey+znc@asokolov.org" -auto_ccs: - - "Adam@adalogics.com" - - "ktonibud@gmail.com" -sanitizers: - - address - - undefined -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory -main_repo: "https://github.com/znc/znc"
\ No newline at end of file diff --git a/projects/zopfli/project.yaml b/projects/zopfli/project.yaml index ba175ad8d..33c9f3104 100644 --- a/projects/zopfli/project.yaml +++ b/projects/zopfli/project.yaml @@ -3,7 +3,6 @@ language: c++ primary_contact: "lode@google.com" sanitizers: - address -# Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory + - memory - undefined -main_repo: 'https://github.com/google/zopfli'
\ No newline at end of file +main_repo: 'https://github.com/google/zopfli' diff --git a/projects/zxing/Dockerfile b/projects/zxing/Dockerfile deleted file mode 100644 index 389b7c0ee..000000000 --- a/projects/zxing/Dockerfile +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM gcr.io/oss-fuzz-base/base-builder-jvm - -RUN curl -L https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.zip -o maven.zip && \ - unzip maven.zip -d $SRC/maven && \ - rm -rf maven.zip - -ENV MVN $SRC/maven/apache-maven-3.6.3/bin/mvn - -RUN git clone --depth 1 https://github.com/zxing/zxing - -COPY build.sh $SRC/ -COPY MultiFormatDecodeFuzzer.java MultiFormatEncodeFuzzer.java $SRC/ -WORKDIR $SRC/zxing diff --git a/projects/zxing/MultiFormatDecodeFuzzer.java b/projects/zxing/MultiFormatDecodeFuzzer.java deleted file mode 100644 index 991428dfb..000000000 --- a/projects/zxing/MultiFormatDecodeFuzzer.java +++ /dev/null @@ -1,56 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -import com.google.zxing.BinaryBitmap; -import com.google.zxing.BufferedImageLuminanceSource; -import com.google.zxing.MultiFormatReader; -import com.google.zxing.ReaderException; -import com.google.zxing.Result; -import com.google.zxing.common.HybridBinarizer; - -import javax.imageio.ImageIO; -import java.io.IOException; -import java.awt.image.BufferedImage; -import java.io.ByteArrayInputStream; - -public final class MultiFormatDecodeFuzzer { - private static MultiFormatReader barcodeReader = new MultiFormatReader(); - - public static void fuzzerInitialize() { - } - - public static void fuzzerTestOneInput(byte[] input) { - BufferedImage image; - try { - image = ImageIO.read(new ByteArrayInputStream(input)); - } catch (IOException e) { - return; - } - if (image == null) - return; - if ((long) image.getHeight() * (long) image.getWidth() > 10000000) - return; - - BufferedImageLuminanceSource source = new BufferedImageLuminanceSource(image); - BinaryBitmap bitmap = new BinaryBitmap(new HybridBinarizer(source)); - try { - Result result = barcodeReader.decode(bitmap); - result.getText(); - result.getResultMetadata(); - } catch (ReaderException ignored) { - } - } -} diff --git a/projects/zxing/MultiFormatEncodeFuzzer.java b/projects/zxing/MultiFormatEncodeFuzzer.java deleted file mode 100644 index 46a9e80e1..000000000 --- a/projects/zxing/MultiFormatEncodeFuzzer.java +++ /dev/null @@ -1,187 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -import com.google.zxing.BarcodeFormat; -import com.google.zxing.MultiFormatWriter; -import com.google.zxing.MultiFormatReader; -import com.google.zxing.aztec.encoder.AztecCode; -import com.google.zxing.aztec.AztecReader; -import com.google.zxing.datamatrix.DataMatrixReader; -import com.google.zxing.maxicode.MaxiCodeReader; -import com.google.zxing.oned.MultiFormatOneDReader; -import com.google.zxing.pdf417.PDF417Reader; -import com.google.zxing.qrcode.QRCodeReader; -import com.google.zxing.oned.CodaBarReader; -import com.google.zxing.oned.Code128Reader; -import com.google.zxing.oned.Code39Reader; -import com.google.zxing.oned.Code93Reader; -import com.google.zxing.oned.EAN13Reader; -import com.google.zxing.oned.EAN8Reader; -import com.google.zxing.oned.ITFReader; -import com.google.zxing.oned.UPCAReader; -import com.google.zxing.oned.UPCEReader; -import com.google.zxing.pdf417.PDF417Reader; -import com.google.zxing.qrcode.QRCodeReader; - -import java.util.EnumMap; -import java.util.Map; - -import javax.naming.NameNotFoundException; - -import com.google.zxing.Reader; -import com.google.zxing.Binarizer; -import com.google.zxing.BinaryBitmap; -import com.google.zxing.WriterException; -import com.google.zxing.BarcodeFormat; -import com.google.zxing.EncodeHintType; -import com.google.zxing.common.BitMatrix; -import com.google.zxing.common.BitArray; -import com.google.zxing.NotFoundException; -import com.google.zxing.FormatException; -import com.google.zxing.ChecksumException; -import com.google.zxing.LuminanceSource; -import com.google.zxing.Result; -import com.google.zxing.pdf417.PDF417Writer; - -import com.google.zxing.qrcode.decoder.ErrorCorrectionLevel; -import com.google.zxing.qrcode.decoder.Mode; -import com.google.zxing.qrcode.encoder.QRCode; - -import com.google.zxing.datamatrix.encoder.HighLevelEncoder; - -import com.code_intelligence.jazzer.api.FuzzedDataProvider; - -public final class MultiFormatEncodeFuzzer { - - public static void fuzzerTestOneInput(FuzzedDataProvider data) { - int width = data.consumeInt(100, 200); - int height = data.consumeInt(100, 200); - BarcodeFormat format = data.pickValue(BarcodeFormat.values()); - String originalData = data.consumeRemainingAsAsciiString(); - - BitMatrix matrix; - try { - matrix = new MultiFormatWriter().encode(originalData, format, width, height); - } catch (WriterException | IllegalArgumentException e) { - return; - } - - BinaryBitmap bitmap = null; - Result result; - try { - bitmap = new BinaryBitmap(new TrivialBinarizer(matrix)); - result = getReader(format).decode(bitmap); - } catch (NotFoundException | ChecksumException | FormatException e) { - throw new IllegalStateException("Failed to recover\n" + originalData + "\nencoded with " + format + " in " - + width + "x" + height + "\n\n" + matrix.toString() + "\n\n" + bitmap.toString(), e); - } - String decodedData = result.getText(); - if (!decodedData.equals(originalData)) { - throw new IllegalStateException( - "Failed to recover\n" + originalData + "\nencoded with " + format + " in " + width + "x" + height - + ", got:\n" + decodedData + "\n\n" + matrix.toString() + "\n\n" + bitmap.toString()); - } - } - - private static Reader getReader(BarcodeFormat format) { - switch (format) { - case EAN_8: - return new EAN8Reader(); - case UPC_E: - return new UPCEReader(); - case EAN_13: - return new EAN13Reader(); - case UPC_A: - return new UPCAReader(); - case QR_CODE: - return new QRCodeReader(); - case CODE_39: - return new Code39Reader(); - case CODE_93: - return new Code93Reader(); - case CODE_128: - return new Code128Reader(); - case ITF: - return new ITFReader(); - case PDF_417: - return new PDF417Reader(); - case CODABAR: - return new CodaBarReader(); - case DATA_MATRIX: - return new DataMatrixReader(); - case AZTEC: - return new AztecReader(); - default: - throw new IllegalArgumentException("No encoder available for format " + format); - } - } - - private static final class TrivialBinarizer extends Binarizer { - private final BitMatrix matrix; - - public TrivialBinarizer(BitMatrix matrix) { - super(new TrivialLuminanceSource(matrix)); - this.matrix = matrix; - } - - public BitArray getBlackRow(int y, BitArray row) throws NotFoundException { - return matrix.getRow(y, row); - } - - public BitMatrix getBlackMatrix() throws NotFoundException { - return matrix; - } - - public Binarizer createBinarizer(LuminanceSource source) { - return new TrivialBinarizer(matrix); - } - } - - private static final class TrivialLuminanceSource extends LuminanceSource { - private final BitMatrix matrix; - - public TrivialLuminanceSource(BitMatrix matrix) { - super(matrix.getWidth(), matrix.getHeight()); - this.matrix = matrix; - } - - public byte[] getRow(int y, byte[] row) { - if (row.length != matrix.getWidth()) { - row = new byte[matrix.getWidth()]; - } - BitArray bitRow = matrix.getRow(y, null); - for (int i = 0; i < matrix.getWidth(); i++) { - if (bitRow.get(i)) { - row[i] = 0; - } else { - row[i] = (byte) 255; - } - } - return row; - } - - public byte[] getMatrix() { - byte[] bytes = new byte[matrix.getWidth() * matrix.getHeight()]; - for (int x = 0; x < matrix.getWidth(); x++) { - for (int y = 0; y < matrix.getHeight(); y++) { - if (!matrix.get(x, y)) - bytes[x + y * matrix.getWidth()] = (byte) 255; - } - } - return bytes; - } - } -} diff --git a/projects/zxing/build.sh b/projects/zxing/build.sh deleted file mode 100644 index 70f15c0a6..000000000 --- a/projects/zxing/build.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash -eu -# Copyright 2021 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -MAVEN_ARGS="-DskipTests -Djavac.src.version=15 -Djavac.target.version=15" -$MVN package org.apache.maven.plugins:maven-shade-plugin:3.2.4:shade $MAVEN_ARGS -CURRENT_VERSION=$($MVN org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate \ - -Dexpression=project.version -q -DforceStdout) -cp "core/target/core-$CURRENT_VERSION.jar" $OUT/zxing.jar - -mkdir -p $OUT/com/google/zxing -cp core/target/test-classes/com/google/zxing/BufferedImageLuminanceSource.class $OUT/com/google/zxing - -ALL_JARS="zxing.jar" - -# The classpath at build-time includes the project jars in $OUT as well as the -# Jazzer API. Additionally, include $OUT itself to pick up -# BufferedImageLuminanceSource. -BUILD_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "$OUT/%s:"):$JAZZER_API_PATH:$OUT - -# All .jar and .class files lie in the same directory as the fuzzer at runtime. -RUNTIME_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "\$this_dir/%s:"):\$this_dir - -for fuzzer in $(find $SRC -name '*Fuzzer.java'); do - fuzzer_basename=$(basename -s .java $fuzzer) - javac -cp $BUILD_CLASSPATH $fuzzer - cp $SRC/$fuzzer_basename*.class $OUT/ - - # Create an execution wrapper that executes Jazzer with the correct arguments. - echo "#!/bin/sh -# LLVMFuzzerTestOneInput for fuzzer detection. -this_dir=\$(dirname \"\$0\") -LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \ -\$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \ ---cp=$RUNTIME_CLASSPATH \ ---target_class=$fuzzer_basename \ ---jvm_args=\"-Xmx2048m;-Djava.awt.headless=true\" \ -\$@" > $OUT/$fuzzer_basename - chmod u+x $OUT/$fuzzer_basename -done diff --git a/projects/zxing/project.yaml b/projects/zxing/project.yaml deleted file mode 100644 index ceab3c387..000000000 --- a/projects/zxing/project.yaml +++ /dev/null @@ -1,11 +0,0 @@ -homepage: "https://github.com/zxing/zxing" -language: jvm -primary_contact: "srowen@gmail.com" -auto_ccs: - - "wagner@code-intelligence.com" - - "meumertzheim@code-intelligence.com" -fuzzing_engines: - - libfuzzer -main_repo: "https://github.com/zxing/zxing.git" -sanitizers: - - address diff --git a/projects/zydis/build.sh b/projects/zydis/build.sh index 98103a4f4..b38ce5b2c 100755 --- a/projects/zydis/build.sh +++ b/projects/zydis/build.sh @@ -20,7 +20,6 @@ mv $SRC/ZydisFuzz_seed_corpus.zip $OUT/ZydisFuzz_seed_corpus.zip mkdir build && cd build cmake \ - -DZYAN_FORCE_ASSERTS=ON \ -DZYDIS_BUILD_EXAMPLES=OFF \ -DZYDIS_BUILD_TOOLS=OFF \ -DCMAKE_BUILD_TYPE=RelWithDebInfo \ @@ -30,7 +29,7 @@ cmake \ -DCMAKE_CXX_FLAGS="$CXXFLAGS" \ .. -make -j$(nproc) VERBOSE=1 +make -j8 $CXX \ $CXXFLAGS \ |