From d4b4106476951162a27f09a0ed7d91470bbdefa8 Mon Sep 17 00:00:00 2001 From: hickford Date: Fri, 22 Jul 2022 10:50:33 +0100 Subject: [PATCH 1/2] ClusterFuzzLite integration Following https://google.github.io/clusterfuzzlite/build-integration/ with bits of https://google.github.io/oss-fuzz/getting-started/new-project-guide/go-lang/#native-go-fuzzing-support --- .clusterfuzzlite/Dockerfile | 4 ++++ .clusterfuzzlite/build.sh | 2 ++ .clusterfuzzlite/project.yaml | 5 +++++ 3 files changed, 11 insertions(+) create mode 100644 .clusterfuzzlite/Dockerfile create mode 100644 .clusterfuzzlite/build.sh create mode 100644 .clusterfuzzlite/project.yaml diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile new file mode 100644 index 0000000..fa42448 --- /dev/null +++ b/.clusterfuzzlite/Dockerfile @@ -0,0 +1,4 @@ +FROM gcr.io/oss-fuzz-base/base-builder-go +COPY . $SRC/merkle +WORKDIR merkle +COPY .clusterfuzzlite/build.sh $SRC/ diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh new file mode 100644 index 0000000..315e7a7 --- /dev/null +++ b/.clusterfuzzlite/build.sh @@ -0,0 +1,2 @@ +go get github.com/AdamKorcz/go-118-fuzz-build/utils +compile_native_go_fuzzer github.com/transparency-dev/merkle/compact FuzzRangeNodes FuzzRangeNodes diff --git a/.clusterfuzzlite/project.yaml b/.clusterfuzzlite/project.yaml new file mode 100644 index 0000000..7c7f1d5 --- /dev/null +++ b/.clusterfuzzlite/project.yaml @@ -0,0 +1,5 @@ +language: go +fuzzing_engines: + - libfuzzer +sanitizers: + - address From 3485627243db280c252ebbbffe8f6ce7eae3062b Mon Sep 17 00:00:00 2001 From: hickford Date: Fri, 22 Jul 2022 11:25:59 +0100 Subject: [PATCH 2/2] Add GitHub actions for PR fuzzing and continuous builds https://google.github.io/clusterfuzzlite/running-clusterfuzzlite/github-actions/ --- .clusterfuzzlite/Dockerfile | 3 +- .clusterfuzzlite/build.sh | 4 +++ .clusterfuzzlite/project.yaml | 1 + .github/workflows/cflite_build.yml | 28 +++++++++++++++++ .github/workflows/cflite_pr.yml | 48 ++++++++++++++++++++++++++++++ 5 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/cflite_build.yml create mode 100644 .github/workflows/cflite_pr.yml diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile index fa42448..ba75c57 100644 --- a/.clusterfuzzlite/Dockerfile +++ b/.clusterfuzzlite/Dockerfile @@ -1,4 +1,5 @@ +# https://google.github.io/clusterfuzzlite/build-integration/#dockerfile FROM gcr.io/oss-fuzz-base/base-builder-go COPY . $SRC/merkle -WORKDIR merkle +WORKDIR $SRC/merkle COPY .clusterfuzzlite/build.sh $SRC/ diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh index 315e7a7..7db9375 100644 --- a/.clusterfuzzlite/build.sh +++ b/.clusterfuzzlite/build.sh @@ -1,2 +1,6 @@ +# https://google.github.io/oss-fuzz/getting-started/new-project-guide/go-lang/#buildsh +# undocumented dependency +go install github.com/AdamKorcz/go-118-fuzz-build@latest go get github.com/AdamKorcz/go-118-fuzz-build/utils +# necessary to list each fuzz test explicitly compile_native_go_fuzzer github.com/transparency-dev/merkle/compact FuzzRangeNodes FuzzRangeNodes diff --git a/.clusterfuzzlite/project.yaml b/.clusterfuzzlite/project.yaml index 7c7f1d5..2218ae3 100644 --- a/.clusterfuzzlite/project.yaml +++ b/.clusterfuzzlite/project.yaml @@ -1,3 +1,4 @@ +# https://google.github.io/clusterfuzzlite//build-integration/go-lang/ language: go fuzzing_engines: - libfuzzer diff --git a/.github/workflows/cflite_build.yml b/.github/workflows/cflite_build.yml new file mode 100644 index 0000000..a5ee747 --- /dev/null +++ b/.github/workflows/cflite_build.yml @@ -0,0 +1,28 @@ +name: ClusterFuzzLite continuous builds +on: + push: + branches: + - main # Use your actual default branch here. +permissions: read-all +jobs: + Build: + runs-on: ubuntu-latest + concurrency: + group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} + cancel-in-progress: true + strategy: + fail-fast: false + matrix: + sanitizer: + - address + # Override this with the sanitizers you want. + # - undefined + # - memory + steps: + - name: Build Fuzzers (${{ matrix.sanitizer }}) + id: build + uses: google/clusterfuzzlite/actions/build_fuzzers@v1 + with: + language: go + sanitizer: ${{ matrix.sanitizer }} + upload-build: true diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml new file mode 100644 index 0000000..9cad6d9 --- /dev/null +++ b/.github/workflows/cflite_pr.yml @@ -0,0 +1,48 @@ +name: ClusterFuzzLite PR fuzzing +on: + pull_request: + paths: + - '**' +permissions: read-all +jobs: + PR: + runs-on: ubuntu-latest + concurrency: + group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} + cancel-in-progress: true + strategy: + fail-fast: false + matrix: + sanitizer: + - address + # Override this with the sanitizers you want. + # - undefined + # - memory + steps: + - name: Build Fuzzers (${{ matrix.sanitizer }}) + id: build + uses: google/clusterfuzzlite/actions/build_fuzzers@v1 + with: + language: go + github-token: ${{ secrets.GITHUB_TOKEN }} + sanitizer: ${{ matrix.sanitizer }} + # Optional but recommended: used to only run fuzzers that are affected + # by the PR. + # See later section on "Git repo for storage". + # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git + # storage-repo-branch: main # Optional. Defaults to "main" + # storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". + - name: Run Fuzzers (${{ matrix.sanitizer }}) + id: run + uses: google/clusterfuzzlite/actions/run_fuzzers@v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + fuzz-seconds: 600 + mode: 'code-change' + sanitizer: ${{ matrix.sanitizer }} + # Optional but recommended: used to download the corpus produced by + # batch fuzzing. + # See later section on "Git repo for storage". + # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git + # storage-repo-branch: main # Optional. Defaults to "main" + # storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages".