| Commit message (Collapse) | Author | Age |
|---|
| |
|
| |
Related: #7964
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* infra: have timeout per fuzz target for coverage
As is done for other languages
* ngolo-fuzzing: remove temporary workaround
now that https://github.com/golang/go/issues/53190 is closed
* ngolo-fuzzing: use built go toolchain in its directory
without copying it to /root/.go/
in order to get coverage for std lib in the end
* infra: ability to get coverage for additional golang package
And uses it with ngolo-fuzzing :
ngolo-fuzzing fuzz targets live in a different repository than
the code being fuzzed, and we we want to get the coverage, for
both the fuzz target and the package being fuzzed
* fixup bash unbound
* fixup ngolo-fuzzing only match at beginning for std package
* stricter check for every additional go package
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* infra: add proj name to env for fuzz introspector
Depends on https://github.com/ossf/fuzz-introspector/pull/327
Ref: https://github.com/ossf/fuzz-introspector/issues/317
* lint fix
* update introspector commit
Co-authored-by: Navidem <navid.emamdoost@gmail.com>
|
| |
|
| |
Ref: https://github.com/google/oss-fuzz/pull/7828#discussion_r893332700
|
| |
|
|
|
|
|
|
|
|
|
| |
* Set flags to use old pass manger
* nit
* Add comment to Dockerfile
* More informative comment
* nit
|
| |
|
|
|
|
|
|
|
|
|
| |
* Replace go get with go install in the scritp
* Remove go get from projects
* Replace gotip with go
* Fix CI
* Add missing dependency for cryptofuzz
|
| |
|
| |
Remove unncessary step in fuzz introspector
|
| |
|
|
| |
-O0 will skip fuzz-introspector when -flegacy-pass-manager is used, but
not when the new pass manager is used.
|
| |
|
|
|
|
|
|
|
|
| |
* infra: use only valid targets for python coverage
Some python coverage reports gets clobbered because non-fuzz targets are
included in FUZZ_TARGETS. The consequence of this is that some reports
will have erroneous data. This commit ensures only valid targets are
used when running coverage, which consequently fixes the reports.
* Move executable logic into python fuzzer builder instead
|
| |
|
|
|
|
|
|
|
|
|
| |
* Add commands to collect branch coverage
* Add -g flag
* Switch branch coverage option placement
* Set guarding env variable
Co-authored-by: Oliver Chang <oliverchang@users.noreply.github.com>
|
| |
|
|
|
|
|
|
| |
The current implementation will append rather than overwrite
coverage_wrapper.py which holds the coverage stub. The effect of the
appending is that the coverage_wrapper.py will include X amount of
coverage stubs when a project has X amount of fuzzers. We just need a
single coverage stub at the top of each fuzzer. This ensure we only add
a single coverage stub.
|
| |
|
|
|
| |
This is needed to pack projects e.g. numpy.
Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
| |
* infra: enable argument passing to compile_python_fuzzer
Enable passing arguments to pyinstaller. This is used by, e.g. Django.
Ref:
https://github.com/google/oss-fuzz/commit/0cb820e5af64f279f66d0c0d3c93b7437ecabe91#commitcomment-72063587
* only unzip real files
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Roll AFL++
* Adapt to us-central1
* fix
* test faster
* All projects
* all
* All
* fix
* start small
* bigger
* print dbg
* handle sanitizers
* handle sanitizers
* all means all
* handle flake
* Fix
* fix
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Moves -fuse-ld=gold to compile flags and removes -flto from linker
flags.
Should fix a number of the projects
https://github.com/google/oss-fuzz/issues/7540#issuecomment-1101823684
Ref:
https://github.com/google/oss-fuzz/issues/7540#issuecomment-1101868436
Ref:
https://github.com/google/oss-fuzz/issues/7540#issuecomment-1101882757
|
| |
|
|
|
|
|
|
|
| |
* fuzz-introspector: remove use of LDFLAGS
The use of LDFLAGS does not really follow the policy of OSS-Fuzz. This
moves the linker flags into the sanitizer flags.
Ref:
https://github.com/google/oss-fuzz/issues/7540#issuecomment-1094500094
|
| |
|
|
| |
This fixes various current build failures across projects that use nm as
part of their build process.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* infra: add Python coverage support
* update python coverage helper script
* nits
* switch from commands to python
* pin coverage package
* switch to single quote strings throughout
* nit
* fix style
* fix style
* fix ci
* fix ci
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* infra: fuzz-introspector: ensure COVERAGE_URL exists
This is to make sure fuzz-introspector can run in local builds.
Ref:
https://github.com/ossf/fuzz-introspector/issues/48#issuecomment-1087513497
Ref:
https://github.com/ossf/fuzz-introspector/issues/67#issuecomment-1087518856
* refactor fuzz-introspector command generation
This is to shorten the long line that runs fuzz-introspector and also in
anticipation that down the line we will have more oss-fuzz specific
commands in fuzz-introspector
|
| |
|
|
|
|
|
|
|
| |
* infra: remove use of git_repo_url to fuzz-introspector
* libarchive,fluent-bit: add fuzz-introspector exclusion config
* fuzz-introspector: bump
Co-authored-by: Oliver Chang <oliverchang@users.noreply.github.com>
|
| |
|
|
|
| |
This reverts commit 86a4d9d11f4bd7d9de9b2b82e9257ab130ebf20c.
The build issue has been fixed on Jazzer's main branch.
|
| | |
|
| |
|
|
|
|
|
| |
* Revert "infra: fuzz-introspector: force no inline (#7413)"
This reverts commit ba7f8eb9bfd49eba410cef8ae73b2cc4a1ac8cc5.
* put back no function inlining
|
| |
|
| |
Ref: https://github.com/ossf/fuzz-introspector/pull/136
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This adds ci.py a script that can be used to test changes to the base-images.
The script does the following:
1. Builds and pushes a test image for each base image. This will be used in step 3.
2. Finds which projects are buildable based on user specifications of: projects, build type (e.g. sanitizer/fuzzing engine) and which of these succeeded in production.
3. Submits builds for those projects.
4. Polls GCB to check which builds succeeded and which failed.
5. Returns 0 if all builds succeeded.
Currently this script is only useful to run locally.
Related: https://github.com/google/oss-fuzz/issues/7145
|
| |
|
| |
A bit more work is required to upgrade to Go 1.18
|
| |
|
|
|
| |
1. Reduce image size by 1.6GB by deleting unneeded directory containing
swift tools that were already copied to /usr.
2. Use apt-get instead of apt to avoid warnings.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* Using bazelrc to pass env vars
* place bazelrc in /root/.bazelrc
* Setting spawn strategy to standalone
* undo changes in Dockerfile
|
| |
|
| |
Signed-off-by: Asra Ali <asraa@google.com>
|
| |
|
|
| |
bump FI (#7356)
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
The patched Go versions adds a new runtime function to register
8bit counters when initializing the fuzz target. This is needed to
register those counters with libfuzzer and get real edge coverage.
This change is meant to be a temporary change until the Go patches are
accepted upstream. Then, we will create a pull request for
go114-fuzz-build
|
| |
|
|
|
|
|
|
|
| |
* Remove trailing lines
* Correct copyright year
* Avoid cding & using relative directory.
* To include go-codeintelligencetesting to auto-checks.
|
| |
|
| |
- Include ossfuzz_coverage_runner.go again.
|
| |
|
|
|
|
|
|
| |
- Point `compile` to the right `fuzz-introspector` location (since it's no longer checked out in $SRC).
- Rename build tag to "introspector" to be more consistent with other
tags.
- Fix bad merge in deploy.sh script.
- Add introspector setup to project sync.
- Enable more logging for project sync cron.
|
| |
|
|
|
|
|
|
|
|
|
| |
* Clean up build infra issues.
0. Don't clone fuzz-introspector to /src since it breaks builds.
1. Install packages in python install script properly. Previously
pip install atheris>=2.0.6 was interpreted as "redirect the output
from pip install atheris" to the file "=2.0.6".
3. Clean up some miscellanious issues.
* Include removal
|
| |
|
|
|
|
|
|
|
| |
Integrating *CodeIntelligenceTesting* `Go` to support more informative instrumentation (for [this issue](https://github.com/google/oss-fuzz/issues/7164)):
1. A script to install the new `Go`
* Bootstrap from the existing `Go`
* Install `Go` from [CodeIntelligenceTesting](https://github.com/CodeIntelligenceTesting/go/tree/dev.libfuzzer.18)
* Skip the built-in test case in CodeIntelligenceTesting because they take too long and one of them erroneously fails.
2. Create a new directory & `Dockerfile` dedicated to the new Go
3. Add the new base directory name to [base_images.py](https://github.com/google/oss-fuzz/blob/master/infra/build/functions/base_images.py)
|
| | |
|
| |
|
|
|
|
|
| |
This reverts commit d3d1e1f838e2d996671db14ef650250aba06f094.
Also fixes a typo in the Java runtime version specifier for Bazel 5:
localjdk_15 should have been local_jdk_15, see also
https://github.com/bazelbuild/bazel/issues/7849#issuecomment-1022932563
|
| |
|
|
|
| |
* Update install_java.sh
* Update install_java.sh
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* update afl++ commit id
* update afl++ commit id
* fix for afl++
* attempt fix for curl
* allow easy reproducable afl++ builds
* new commit id
* fixes
* another afl++ commit increase
* not a relevant update, but why not
* two afl++ fixes
* add debug script
* update commit id (not relevant though)
* add wget
* update afl++ commit id
* just afl++ doc updates, but maybe this results in some attention
* ignore afl++ fuzz setup problems during building
* update afl++ commit id
* fix laf-intel implementation
* ensure fuzz tests are running without issues for afl++
* update afl++ commit id
* update afl++ commit id
* temporarily disable afl++ option randomization and make it safe
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* update afl++ commit id
* update afl++ commit id
* fix for afl++
* attempt fix for curl
* allow easy reproducable afl++ builds
* new commit id
* fixes
* another afl++ commit increase
* not a relevant update, but why not
* two afl++ fixes
* add debug script
* update commit id (not relevant though)
* add wget
* update afl++ commit id
* just afl++ doc updates, but maybe this results in some attention
* ignore afl++ fuzz setup problems during building
* update afl++ commit id
* fix laf-intel implementation
* ensure fuzz tests are running without issues for afl++
* update afl++ commit id
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* update afl++ commit id
* update afl++ commit id
* fix for afl++
* attempt fix for curl
* allow easy reproducable afl++ builds
* new commit id
* fixes
* another afl++ commit increase
* not a relevant update, but why not
* two afl++ fixes
* add debug script
* update commit id (not relevant though)
* add wget
* update afl++ commit id
* just afl++ doc updates, but maybe this results in some attention
|
| |
|
| |
This reverts commit 95e437c59982cf242d01c53af44181e81a03e4ce.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* update afl++ commit id
* update afl++ commit id
* fix for afl++
* attempt fix for curl
* allow easy reproducable afl++ builds
* new commit id
* fixes
* another afl++ commit increase
* not a relevant update, but why not
|
jonathanmetzman
Catena cyber
DavidKorczynski
Navidem
Fabian Meumertzheim
Oliver Chang
asraa
AdamKorcz
Khaled Yakdan
Dongge Liu
van Hauser