mirror of
				https://github.com/caddyserver/caddy.git
				synced 2025-10-25 07:49:19 -04:00 
			
		
		
		
	fuzz-ci: fix & enhance fuzzing process (#2835)
* fuzz-ci: fix the authentication call for fuzzit by using the --api-key flag rather than the `auth` command * Allow fuzzing on schedules as well as non-fork PRs Closes #2710
This commit is contained in:
		
							parent
							
								
									2fbe2ff40b
								
							
						
					
					
						commit
						6c533558a3
					
				| @ -157,9 +157,9 @@ jobs: | ||||
|     displayName: Coerce correct build result | ||||
| 
 | ||||
| - job: fuzzing | ||||
|   displayName: 'Scheduled Fuzzing' | ||||
|   # Only run this job on schedules, not PRs. | ||||
|   condition: eq(variables['Build.Reason'], 'Schedule') | ||||
|   displayName: 'Fuzzing' | ||||
|   # Only run this job on schedules or PRs for non-forks. | ||||
|   condition: or(eq(variables['System.PullRequest.IsFork'], 'False'), eq(variables['Build.Reason'], 'Schedule') ) | ||||
|   strategy: | ||||
|     matrix: | ||||
|       linux: | ||||
| @ -192,10 +192,10 @@ jobs: | ||||
|     displayName: Install Go on Linux | ||||
| 
 | ||||
|   - bash: | | ||||
|       # Install Clang | ||||
|       sudo add-apt-repository "deb http://apt.llvm.org/xenial/ llvm-toolchain-xenial main" | ||||
|       # Install Clang-7.0 because other versions seem to be missing the file libclang_rt.fuzzer-x86_64.a | ||||
|       sudo add-apt-repository "deb http://apt.llvm.org/xenial/ llvm-toolchain-xenial-7 main" | ||||
|       wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add - | ||||
|       sudo apt update && sudo apt install -y clang lldb lld | ||||
|       sudo apt update && sudo apt install -y clang-7 lldb-7 lld-7 | ||||
| 
 | ||||
|       go get -v github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-build | ||||
|       wget -q -O fuzzit https://github.com/fuzzitdev/fuzzit/releases/download/v2.4.74/fuzzit_Linux_x86_64 | ||||
| @ -204,12 +204,6 @@ jobs: | ||||
|     displayName: Download go-fuzz tools and the Fuzzit CLI, and move Fuzzit CLI to GOBIN | ||||
|     condition: and(eq(variables['System.PullRequest.IsFork'], 'False') , eq( variables['Agent.OS'], 'Linux' )) | ||||
| 
 | ||||
|   - script: fuzzit auth ${FUZZIT_API_KEY} | ||||
|     condition: and(eq(variables['System.PullRequest.IsFork'], 'False') , eq( variables['Agent.OS'], 'Linux' )) | ||||
|     displayName: Authenticate with Fuzzit | ||||
|     env: | ||||
|       FUZZIT_API_KEY: $(FUZZIT_API_KEY) | ||||
| 
 | ||||
|   - bash: | | ||||
|       declare -A fuzzers_funcs=(\ | ||||
|         ["./admin_fuzz.go"]="FuzzAdmin" \ | ||||
| @ -228,16 +222,22 @@ jobs: | ||||
|         ["./listeners_fuzz.go"]="parse-listen-addr" \ | ||||
|         ["./replacer_fuzz.go"]="replacer" \ | ||||
|       ) | ||||
|       fuzz_type="fuzzing" | ||||
| 
 | ||||
|       fuzz_type="regression" | ||||
|       if [[ $(Build.Reason) == "Schedule" ]]; then | ||||
|         fuzz_type="fuzzing" | ||||
|       fi | ||||
| 
 | ||||
|       for f in $(find . -name \*_fuzz.go); do | ||||
|         FUZZER_DIRECTORY=$(dirname $f) | ||||
|         echo "go-fuzz-build func ${fuzzers_funcs[$f]} residing in $f" | ||||
|         go-fuzz-build -func "${fuzzers_funcs[$f]}" -libfuzzer -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.a" $FUZZER_DIRECTORY | ||||
|         echo "Generating fuzzer binary of func ${fuzzers_funcs[$f]} which resides in $f" | ||||
|         clang -fsanitize=fuzzer "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.a" -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.fuzzer" | ||||
|         fuzzit create job --type "${fuzz_type}" --branch "${SYSTEM_PULLREQUEST_SOURCEBRANCH}" --revision "${BUILD_SOURCEVERSION}" caddyserver/${fuzzers_targets[$f]} $FUZZER_DIRECTORY/${fuzzers_targets[$f]}.fuzzer | ||||
|         clang-7 -fsanitize=fuzzer "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.a" -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}" | ||||
|         fuzzit create job caddyserver/${fuzzers_targets[$f]} $FUZZER_DIRECTORY/${fuzzers_targets[$f]} --api-key ${FUZZIT_API_KEY} --type "${fuzz_type}" --branch "${SYSTEM_PULLREQUEST_SOURCEBRANCH}" --revision "${BUILD_SOURCEVERSION}" | ||||
|         echo "Completed $f" | ||||
|       done | ||||
|     env: | ||||
|       FUZZIT_API_KEY: $(FUZZIT_API_KEY) | ||||
|     workingDirectory: '$(modulePath)' | ||||
|     displayName: Generate fuzzers & submit them to Fuzzit | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user