From: Victor Julien Date: Thu, 21 Jan 2021 12:28:04 +0000 (+0100) Subject: fuzz: run OSS-Fuzz corpus and track coverage X-Git-Tag: suricata-7.0.0-beta1~1811 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3ce05a35839eaf7dc8eb46833c7afd85356c5ff8;p=thirdparty%2Fsuricata.git fuzz: run OSS-Fuzz corpus and track coverage --- diff --git a/.github/codecov.yml b/.github/codecov.yml index d32a46f1a7..e7b195e24b 100644 --- a/.github/codecov.yml +++ b/.github/codecov.yml @@ -1,7 +1,7 @@ codecov: require_ci_to_pass: yes notify: - after_n_builds: 2 + after_n_builds: 3 coverage: precision: 2 diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml index f8afe83da9..a861f75b6c 100644 --- a/.github/workflows/builds.yml +++ b/.github/workflows/builds.yml @@ -666,6 +666,82 @@ jobs: with: flags: unittests + ubuntu-20-04-cov-fuzz: + name: Ubuntu 20.04 (fuzz corpus coverage) + runs-on: ubuntu-latest + container: ubuntu:20.04 + needs: [prepare-deps, prepare-cbindgen] + steps: + - name: Install dependencies + run: | + apt update + apt -y install \ + libpcre3 \ + libpcre3-dev \ + build-essential \ + autoconf \ + automake \ + llvm-10 \ + clang-10 \ + git \ + jq \ + libc++-dev \ + libc++abi-dev \ + libtool \ + libpcap-dev \ + libnet1-dev \ + libyaml-0-2 \ + libyaml-dev \ + libcap-ng-dev \ + libcap-ng0 \ + libmagic-dev \ + libnetfilter-queue-dev \ + libnetfilter-queue1 \ + libnfnetlink-dev \ + libnfnetlink0 \ + libhiredis-dev \ + liblua5.1-dev \ + libjansson-dev \ + libevent-dev \ + libevent-pthreads-2.1-7 \ + libjansson-dev \ + libpython2.7 \ + make \ + parallel \ + python3-yaml \ + rustc \ + software-properties-common \ + zlib1g \ + zlib1g-dev \ + exuberant-ctags \ + unzip \ + curl \ + wget + - uses: actions/checkout@v2 + - uses: actions/download-artifact@v2 + with: + name: prep + path: prep + - run: tar xf prep/libhtp.tar.gz + - name: Setup cbindgen + run: | + mkdir -p $HOME/.cargo/bin + cp prep/cbindgen $HOME/.cargo/bin + chmod 755 $HOME/.cargo/bin/cbindgen + echo "$HOME/.cargo/bin" >> $GITHUB_PATH + - run: ./autogen.sh + - run: LIB_FUZZING_ENGINE="fail_to_onefile_driver" CC=clang-10 CXX=clang++-10 CFLAGS="-fprofile-arcs -ftest-coverage -g -fno-strict-aliasing -fsanitize=address -fno-omit-frame-pointer -fPIC -Wno-unused-parameter -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1" CXXFLAGS="-fprofile-arcs -ftest-coverage -g -fno-strict-aliasing -fsanitize=address -fno-omit-frame-pointer -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -stdlib=libc++" ac_cv_func_malloc_0_nonnull=yes ac_cv_func_realloc_0_nonnull=yes ./configure --with-gnu-ld --enable-fuzztargets --disable-shared --enable-gccprotect + - run: make -j2 + - run: ./qa/run-ossfuzz-corpus.sh + - name: Gcov + run: | + cd src + llvm-cov-10 gcov -p *.c + - name: Upload coverage to Codecov + uses: codecov/codecov-action@v1 + with: + flags: fuzzcorpus + ubuntu-20-04-ndebug: name: Ubuntu 20.04 (-DNDEBUG) runs-on: ubuntu-latest diff --git a/qa/run-ossfuzz-corpus.sh b/qa/run-ossfuzz-corpus.sh new file mode 100755 index 0000000000..c2ac05b3b6 --- /dev/null +++ b/qa/run-ossfuzz-corpus.sh @@ -0,0 +1,13 @@ +#/bin/sh +ls src/fuzz_* | while read ftarget +do + target=$(basename $ftarget) + echo "target $target" + #download public corpus + rm -f public.zip + wget --quiet "https://storage.googleapis.com/suricata-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/suricata_$target/public.zip" + rm -rf corpus_$target + unzip -q public.zip -d corpus_$target + #run target on corpus. + ./src/$target corpus_$target +done diff --git a/src/tests/fuzz/onefile.c b/src/tests/fuzz/onefile.c index f59a12c326..f2dd471b8e 100644 --- a/src/tests/fuzz/onefile.c +++ b/src/tests/fuzz/onefile.c @@ -1,10 +1,4 @@ -#define _DEFAULT_SOURCE 1 // for DT_REG -#include -#include -#include -#include -#include -#include "autoconf.h" +#include "suricata-common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);