mirror of
				https://github.com/caddyserver/caddy.git
				synced 2025-10-25 15:52:45 -04:00 
			
		
		
		
	fuzz-ci: fix & enhance fuzzing process (#2835)
* fuzz-ci: fix the authentication call for fuzzit by using the --api-key flag rather than the `auth` command * Allow fuzzing on schedules as well as non-fork PRs Closes #2710
This commit is contained in:
		
							parent
							
								
									2fbe2ff40b
								
							
						
					
					
						commit
						6c533558a3
					
				| @ -157,9 +157,9 @@ jobs: | |||||||
|     displayName: Coerce correct build result |     displayName: Coerce correct build result | ||||||
| 
 | 
 | ||||||
| - job: fuzzing | - job: fuzzing | ||||||
|   displayName: 'Scheduled Fuzzing' |   displayName: 'Fuzzing' | ||||||
|   # Only run this job on schedules, not PRs. |   # Only run this job on schedules or PRs for non-forks. | ||||||
|   condition: eq(variables['Build.Reason'], 'Schedule') |   condition: or(eq(variables['System.PullRequest.IsFork'], 'False'), eq(variables['Build.Reason'], 'Schedule') ) | ||||||
|   strategy: |   strategy: | ||||||
|     matrix: |     matrix: | ||||||
|       linux: |       linux: | ||||||
| @ -192,10 +192,10 @@ jobs: | |||||||
|     displayName: Install Go on Linux |     displayName: Install Go on Linux | ||||||
| 
 | 
 | ||||||
|   - bash: | |   - bash: | | ||||||
|       # Install Clang |       # Install Clang-7.0 because other versions seem to be missing the file libclang_rt.fuzzer-x86_64.a | ||||||
|       sudo add-apt-repository "deb http://apt.llvm.org/xenial/ llvm-toolchain-xenial main" |       sudo add-apt-repository "deb http://apt.llvm.org/xenial/ llvm-toolchain-xenial-7 main" | ||||||
|       wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add - |       wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add - | ||||||
|       sudo apt update && sudo apt install -y clang lldb lld |       sudo apt update && sudo apt install -y clang-7 lldb-7 lld-7 | ||||||
| 
 | 
 | ||||||
|       go get -v github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-build |       go get -v github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-build | ||||||
|       wget -q -O fuzzit https://github.com/fuzzitdev/fuzzit/releases/download/v2.4.74/fuzzit_Linux_x86_64 |       wget -q -O fuzzit https://github.com/fuzzitdev/fuzzit/releases/download/v2.4.74/fuzzit_Linux_x86_64 | ||||||
| @ -204,12 +204,6 @@ jobs: | |||||||
|     displayName: Download go-fuzz tools and the Fuzzit CLI, and move Fuzzit CLI to GOBIN |     displayName: Download go-fuzz tools and the Fuzzit CLI, and move Fuzzit CLI to GOBIN | ||||||
|     condition: and(eq(variables['System.PullRequest.IsFork'], 'False') , eq( variables['Agent.OS'], 'Linux' )) |     condition: and(eq(variables['System.PullRequest.IsFork'], 'False') , eq( variables['Agent.OS'], 'Linux' )) | ||||||
| 
 | 
 | ||||||
|   - script: fuzzit auth ${FUZZIT_API_KEY} |  | ||||||
|     condition: and(eq(variables['System.PullRequest.IsFork'], 'False') , eq( variables['Agent.OS'], 'Linux' )) |  | ||||||
|     displayName: Authenticate with Fuzzit |  | ||||||
|     env: |  | ||||||
|       FUZZIT_API_KEY: $(FUZZIT_API_KEY) |  | ||||||
| 
 |  | ||||||
|   - bash: | |   - bash: | | ||||||
|       declare -A fuzzers_funcs=(\ |       declare -A fuzzers_funcs=(\ | ||||||
|         ["./admin_fuzz.go"]="FuzzAdmin" \ |         ["./admin_fuzz.go"]="FuzzAdmin" \ | ||||||
| @ -228,16 +222,22 @@ jobs: | |||||||
|         ["./listeners_fuzz.go"]="parse-listen-addr" \ |         ["./listeners_fuzz.go"]="parse-listen-addr" \ | ||||||
|         ["./replacer_fuzz.go"]="replacer" \ |         ["./replacer_fuzz.go"]="replacer" \ | ||||||
|       ) |       ) | ||||||
|  | 
 | ||||||
|  |       fuzz_type="regression" | ||||||
|  |       if [[ $(Build.Reason) == "Schedule" ]]; then | ||||||
|         fuzz_type="fuzzing" |         fuzz_type="fuzzing" | ||||||
|  |       fi | ||||||
| 
 | 
 | ||||||
|       for f in $(find . -name \*_fuzz.go); do |       for f in $(find . -name \*_fuzz.go); do | ||||||
|         FUZZER_DIRECTORY=$(dirname $f) |         FUZZER_DIRECTORY=$(dirname $f) | ||||||
|         echo "go-fuzz-build func ${fuzzers_funcs[$f]} residing in $f" |         echo "go-fuzz-build func ${fuzzers_funcs[$f]} residing in $f" | ||||||
|         go-fuzz-build -func "${fuzzers_funcs[$f]}" -libfuzzer -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.a" $FUZZER_DIRECTORY |         go-fuzz-build -func "${fuzzers_funcs[$f]}" -libfuzzer -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.a" $FUZZER_DIRECTORY | ||||||
|         echo "Generating fuzzer binary of func ${fuzzers_funcs[$f]} which resides in $f" |         echo "Generating fuzzer binary of func ${fuzzers_funcs[$f]} which resides in $f" | ||||||
|         clang -fsanitize=fuzzer "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.a" -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.fuzzer" |         clang-7 -fsanitize=fuzzer "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.a" -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}" | ||||||
|         fuzzit create job --type "${fuzz_type}" --branch "${SYSTEM_PULLREQUEST_SOURCEBRANCH}" --revision "${BUILD_SOURCEVERSION}" caddyserver/${fuzzers_targets[$f]} $FUZZER_DIRECTORY/${fuzzers_targets[$f]}.fuzzer |         fuzzit create job caddyserver/${fuzzers_targets[$f]} $FUZZER_DIRECTORY/${fuzzers_targets[$f]} --api-key ${FUZZIT_API_KEY} --type "${fuzz_type}" --branch "${SYSTEM_PULLREQUEST_SOURCEBRANCH}" --revision "${BUILD_SOURCEVERSION}" | ||||||
|         echo "Completed $f" |         echo "Completed $f" | ||||||
|       done |       done | ||||||
|  |     env: | ||||||
|  |       FUZZIT_API_KEY: $(FUZZIT_API_KEY) | ||||||
|     workingDirectory: '$(modulePath)' |     workingDirectory: '$(modulePath)' | ||||||
|     displayName: Generate fuzzers & submit them to Fuzzit |     displayName: Generate fuzzers & submit them to Fuzzit | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user