forked from quic-go/quic-go
-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
basic ClusterFuzzLite integration (quic-go#4034)
- Loading branch information
1 parent
22eac50
commit ab1c1be
Showing
4 changed files
with
79 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
FROM gcr.io/oss-fuzz-base/base-builder-go:v1 | ||
|
||
ARG TARGETPLATFORM | ||
RUN echo "TARGETPLATFORM: ${TARGETPLATFORM}" | ||
|
||
ENV GOVERSION=1.20.7 | ||
|
||
RUN platform=$(echo ${TARGETPLATFORM} | tr '/' '-') && \ | ||
filename="go${GOVERSION}.${platform}.tar.gz" && \ | ||
wget https://dl.google.com/go/${filename} && \ | ||
mkdir temp-go && \ | ||
rm -rf /root/.go/* && \ | ||
tar -C temp-go/ -xzf ${filename} && \ | ||
mv temp-go/go/* /root/.go/ && \ | ||
rm -r ${filename} temp-go | ||
|
||
RUN apt-get update && apt-get install -y make autoconf automake libtool | ||
|
||
COPY . $SRC/quic-go | ||
WORKDIR quic-go | ||
COPY .clusterfuzzlite/build.sh $SRC/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
#!/bin/bash -eu | ||
|
||
export CXX="${CXX} -lresolv" # required by Go 1.20 | ||
|
||
compile_go_fuzzer github.com/quic-go/quic-go/fuzzing/frames Fuzz frame_fuzzer | ||
compile_go_fuzzer github.com/quic-go/quic-go/fuzzing/header Fuzz header_fuzzer | ||
compile_go_fuzzer github.com/quic-go/quic-go/fuzzing/transportparameters Fuzz transportparameter_fuzzer | ||
compile_go_fuzzer github.com/quic-go/quic-go/fuzzing/tokens Fuzz token_fuzzer | ||
compile_go_fuzzer github.com/quic-go/quic-go/fuzzing/handshake Fuzz handshake_fuzzer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
language: go |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
name: ClusterFuzzLite PR fuzzing | ||
on: | ||
pull_request: | ||
paths: | ||
- '**' | ||
|
||
permissions: read-all | ||
jobs: | ||
PR: | ||
runs-on: ${{ fromJSON(vars['CLUSTERFUZZ_LITE_RUNNER_UBUNTU'] || '"ubuntu-latest"') }} | ||
concurrency: | ||
group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} | ||
cancel-in-progress: true | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
sanitizer: | ||
- address | ||
steps: | ||
- name: Build Fuzzers (${{ matrix.sanitizer }}) | ||
id: build | ||
uses: google/clusterfuzzlite/actions/build_fuzzers@v1 | ||
with: | ||
language: go | ||
github-token: ${{ secrets.GITHUB_TOKEN }} | ||
sanitizer: ${{ matrix.sanitizer }} | ||
# Optional but recommended: used to only run fuzzers that are affected | ||
# by the PR. | ||
# See later section on "Git repo for storage". | ||
# storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git | ||
# storage-repo-branch: main # Optional. Defaults to "main" | ||
# storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". | ||
- name: Run Fuzzers (${{ matrix.sanitizer }}) | ||
id: run | ||
uses: google/clusterfuzzlite/actions/run_fuzzers@v1 | ||
with: | ||
github-token: ${{ secrets.GITHUB_TOKEN }} | ||
fuzz-seconds: 480 | ||
mode: 'code-change' | ||
sanitizer: ${{ matrix.sanitizer }} | ||
output-sarif: true | ||
parallel-fuzzing: true | ||
# Optional but recommended: used to download the corpus produced by | ||
# batch fuzzing. | ||
# See later section on "Git repo for storage". | ||
# storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git | ||
# storage-repo-branch: main # Optional. Defaults to "main" | ||
# storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". |