Browse Source

ci: fuzz: switch engine from libfuzzer to native go-fuzz (#3194)

master2
Mohammed Al Sahaf 1 year ago
committed by GitHub
parent
commit
8da9eaee34
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 15 additions and 15 deletions
  1. +15
    -11
      .github/workflows/fuzzing.yml
  2. +0
    -1
      caddyconfig/caddyfile/parse_fuzz.go
  3. +0
    -1
      caddyconfig/httpcaddyfile/addresses_fuzz.go
  4. +0
    -1
      listeners_fuzz.go
  5. +0
    -1
      replacer_fuzz.go

+ 15
- 11
.github/workflows/fuzzing.yml View File

@ -36,10 +36,6 @@ jobs:
# If we decide we need to prevent this from running on forks, we can use this line:
# if: github.repository == 'caddyserver/caddy'
run: |
# Install Clang-7.0 because other versions seem to be missing the file libclang_rt.fuzzer-x86_64.a
sudo add-apt-repository "deb http://apt.llvm.org/xenial/ llvm-toolchain-xenial-7 main"
wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
sudo apt update && sudo apt install -y clang-7 lldb-7 lld-7
go get -v github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-build
wget -q -O fuzzit https://github.com/fuzzitdev/fuzzit/releases/download/v2.4.77/fuzzit_Linux_x86_64
@ -51,7 +47,13 @@ jobs:
continue-on-error: true
env:
FUZZIT_API_KEY: ${{ secrets.FUZZIT_API_KEY }}
SYSTEM_PULLREQUEST_SOURCEBRANCH: ${{ github.ref }}
BUILD_SOURCEVERSION: ${{ github.sha }}
run: |
# debug
echo "PR Source Branch: $SYSTEM_PULLREQUEST_SOURCEBRANCH"
echo "Source version: $BUILD_SOURCEVERSION"
declare -A fuzzers_funcs=(\
["./caddyconfig/httpcaddyfile/addresses_fuzz.go"]="FuzzParseAddress" \
["./caddyconfig/caddyfile/parse_fuzz.go"]="FuzzParseCaddyfile" \
@ -67,18 +69,20 @@ jobs:
)
fuzz_type="local-regression"
if [[ ${{ github.event_name }} == "schedule" ]]; then
if [[ "${{ github.event_name }}" == "schedule" ]]; then
fuzz_type="fuzzing"
fi
echo "Github event: ${{ github.event_name }}"
echo "Fuzzing type: $fuzz_type"
for f in $(find . -name \*_fuzz.go); do
FUZZER_DIRECTORY=$(dirname $f)
FUZZER_DIRECTORY=$(dirname "$f")
echo "go-fuzz-build func ${fuzzers_funcs[$f]} residing in $f"
go-fuzz-build -func "${fuzzers_funcs[$f]}" -libfuzzer -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.a" $FUZZER_DIRECTORY
echo "Generating fuzzer binary of func ${fuzzers_funcs[$f]} which resides in $f"
clang-7 -fsanitize=fuzzer "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.a" -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}"
fuzzit create job caddyserver/${fuzzers_targets[$f]} $FUZZER_DIRECTORY/${fuzzers_targets[$f]} --api-key ${FUZZIT_API_KEY} --type "${fuzz_type}" --branch "${SYSTEM_PULLREQUEST_SOURCEBRANCH}" --revision "${BUILD_SOURCEVERSION}"
go-fuzz-build -func "${fuzzers_funcs[$f]}" -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.zip" "$FUZZER_DIRECTORY"
fuzzit create job --engine go-fuzz caddyserver/"${fuzzers_targets[$f]}" "$FUZZER_DIRECTORY"/"${fuzzers_targets[$f]}.zip" --api-key "${FUZZIT_API_KEY}" --type "${fuzz_type}" --branch "${SYSTEM_PULLREQUEST_SOURCEBRANCH}" --revision "${BUILD_SOURCEVERSION}"
echo "Completed $f"
done

+ 0
- 1
caddyconfig/caddyfile/parse_fuzz.go View File

@ -13,7 +13,6 @@
// limitations under the License.
// +build gofuzz
// +build gofuzz_libfuzzer
package caddyfile


+ 0
- 1
caddyconfig/httpcaddyfile/addresses_fuzz.go View File

@ -13,7 +13,6 @@
// limitations under the License.
// +build gofuzz
// +build gofuzz_libfuzzer
package httpcaddyfile


+ 0
- 1
listeners_fuzz.go View File

@ -13,7 +13,6 @@
// limitations under the License.
// +build gofuzz
// +build gofuzz_libfuzzer
package caddy


+ 0
- 1
replacer_fuzz.go View File

@ -13,7 +13,6 @@
// limitations under the License.
// +build gofuzz
// +build gofuzz_libfuzzer
package caddy


Loading…
Cancel
Save