From 90cf6732323ba0ea8a09e10d527825608aad1782 Mon Sep 17 00:00:00 2001 From: David Korczynski Date: Thu, 21 Dec 2023 07:29:00 -0800 Subject: [PATCH 1/3] Add fuzzing by way of ClusterFuzzLite Signed-off-by: David Korczynski --- .clusterfuzzlite/Dockerfile | 6 ++++++ .clusterfuzzlite/README.md | 3 +++ .clusterfuzzlite/build.sh | 6 ++++++ .clusterfuzzlite/fuzz_argparse.cpp | 34 ++++++++++++++++++++++++++++++ .clusterfuzzlite/project.yaml | 1 + .github/workflows/cflite_pr.yml | 30 ++++++++++++++++++++++++++ 6 files changed, 80 insertions(+) create mode 100644 .clusterfuzzlite/Dockerfile create mode 100644 .clusterfuzzlite/README.md create mode 100644 .clusterfuzzlite/build.sh create mode 100644 .clusterfuzzlite/fuzz_argparse.cpp create mode 100644 .clusterfuzzlite/project.yaml create mode 100644 .github/workflows/cflite_pr.yml diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile new file mode 100644 index 00000000..64f11f41 --- /dev/null +++ b/.clusterfuzzlite/Dockerfile @@ -0,0 +1,6 @@ +FROM gcr.io/oss-fuzz-base/base-builder +RUN apt-get update && apt-get install -y make autoconf automake libtool + +COPY . $SRC/argparse +COPY .clusterfuzzlite/build.sh $SRC/build.sh +WORKDIR $SRC/argparse \ No newline at end of file diff --git a/.clusterfuzzlite/README.md b/.clusterfuzzlite/README.md new file mode 100644 index 00000000..01b79f52 --- /dev/null +++ b/.clusterfuzzlite/README.md @@ -0,0 +1,3 @@ +# ClusterFuzzLite set up + +This folder contains a fuzzing set for [ClusterFuzzLite](https://google.github.io/clusterfuzzlite). \ No newline at end of file diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh new file mode 100644 index 00000000..5325a2d8 --- /dev/null +++ b/.clusterfuzzlite/build.sh @@ -0,0 +1,6 @@ +# Copy all fuzzer executables to $OUT/ +$CXX $CFLAGS $LIB_FUZZING_ENGINE \ + $SRC/argparse/.clusterfuzzlite/fuzz_argparse.cpp \ + -o $OUT/fuzz_argparse \ + -std=gnu++17 \ + -I$SRC/argparse/include \ No newline at end of file diff --git a/.clusterfuzzlite/fuzz_argparse.cpp b/.clusterfuzzlite/fuzz_argparse.cpp new file mode 100644 index 00000000..70e313fa --- /dev/null +++ b/.clusterfuzzlite/fuzz_argparse.cpp @@ -0,0 +1,34 @@ +#include +#include +#include + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + FuzzedDataProvider fdp(data, size); + + int args_to_generate = fdp.ConsumeIntegralInRange(1, 10); + std::vector fuzz_args; + for (int i = 0; i < args_to_generate; i++) { + fuzz_args.push_back(fdp.ConsumeRandomLengthString()); + } + + // Ensure none of the strings have sequences that cause exit: + // "-h", "--help", "-v", "--version" + for (int i = 0; i < args_to_generate; i++) { + if (fuzz_args[i].find("-h") != std::string::npos || + fuzz_args[i].find("-v") != std::string::npos) { + return 0; + } + } + + argparse::ArgumentParser program("test"); + program.add_argument("--config"); + program.add_argument("--test"); + program.add_argument("--fuzzval"); + program.add_argument("--param"); + try { + program.parse_args(fuzz_args); + } catch (...) { + } + + return 0; +} \ No newline at end of file diff --git a/.clusterfuzzlite/project.yaml b/.clusterfuzzlite/project.yaml new file mode 100644 index 00000000..7f563eb7 --- /dev/null +++ b/.clusterfuzzlite/project.yaml @@ -0,0 +1 @@ +language: c++ \ No newline at end of file diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml new file mode 100644 index 00000000..7b22508a --- /dev/null +++ b/.github/workflows/cflite_pr.yml @@ -0,0 +1,30 @@ +name: ClusterFuzzLite PR fuzzing +on: + workflow_dispatch: + pull_request: + branches: [ main ] +permissions: read-all +jobs: + PR: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + sanitizer: [address] + steps: + - name: Build Fuzzers (${{ matrix.sanitizer }}) + id: build + uses: google/clusterfuzzlite/actions/build_fuzzers@v1 + with: + sanitizer: ${{ matrix.sanitizer }} + language: c++ + bad-build-check: false + - name: Run Fuzzers (${{ matrix.sanitizer }}) + id: run + uses: google/clusterfuzzlite/actions/run_fuzzers@v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + fuzz-seconds: 120 + mode: 'code-change' + report-unreproducible-crashes: false + sanitizer: ${{ matrix.sanitizer }} From fc2e36d410f8dd758d62ef65358d818cedd8cff5 Mon Sep 17 00:00:00 2001 From: David Korczynski Date: Sat, 23 Dec 2023 03:21:38 -0800 Subject: [PATCH 2/3] cflite: fix branch name Signed-off-by: David Korczynski --- .github/workflows/cflite_pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml index 7b22508a..538b44fc 100644 --- a/.github/workflows/cflite_pr.yml +++ b/.github/workflows/cflite_pr.yml @@ -2,7 +2,7 @@ name: ClusterFuzzLite PR fuzzing on: workflow_dispatch: pull_request: - branches: [ main ] + branches: [ master ] permissions: read-all jobs: PR: From 09344bf21067d4271e86f85965c360802e9203e6 Mon Sep 17 00:00:00 2001 From: David Korczynski Date: Wed, 27 Dec 2023 02:33:30 -0800 Subject: [PATCH 3/3] cflite: remove ids Signed-off-by: David Korczynski --- .github/workflows/cflite_pr.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml index 538b44fc..917c553c 100644 --- a/.github/workflows/cflite_pr.yml +++ b/.github/workflows/cflite_pr.yml @@ -13,14 +13,12 @@ jobs: sanitizer: [address] steps: - name: Build Fuzzers (${{ matrix.sanitizer }}) - id: build uses: google/clusterfuzzlite/actions/build_fuzzers@v1 with: sanitizer: ${{ matrix.sanitizer }} language: c++ bad-build-check: false - name: Run Fuzzers (${{ matrix.sanitizer }}) - id: run uses: google/clusterfuzzlite/actions/run_fuzzers@v1 with: github-token: ${{ secrets.GITHUB_TOKEN }}