diff options
| author | Jay Berkenbilt <jberkenbilt@users.noreply.github.com> | 2019-06-13 16:57:22 -0400 |
|---|---|---|
| committer | Abhishek Arya <inferno@chromium.org> | 2019-06-13 13:57:22 -0700 |
| commit | bfc567dc3d51060228d64ea861e6a6779cce69fc (patch) | |
| tree | be1d85d4984893dc2906489437bb9c038c1c9d16 /docs | |
| parent | 5d3b2f969df6b0da39e8e0bd2a28305c7f55a7b0 (diff) | |
| download | oss-fuzz-bfc567dc3d51060228d64ea861e6a6779cce69fc.tar.gz | |
Clarifications to the documentation (#2512)
This adds to the documentation information that I would have found
helpful when I was doing my integration.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/corpora.md | 4 | ||||
| -rw-r--r-- | docs/new_project_guide.md | 9 |
2 files changed, 11 insertions, 2 deletions
diff --git a/docs/corpora.md b/docs/corpora.md index 5ce6e95cc..09abb28fa 100644 --- a/docs/corpora.md +++ b/docs/corpora.md @@ -2,6 +2,10 @@ If you would like to access the corpora that we are using for your fuzz targets (synthesized by the fuzzing engines), please follow these steps. +## Obtain access + +In order to get access to a project's corpora, you must first be listed as the primary contact or an auto cc in the project's `project.yaml` file as described in the [New Project Guide](new_project_guide.md#projectyaml). If you don't do this, most of the links below won't work. + ## Install Google Cloud SDK The corpora for fuzz targets are stored on [Google Cloud Storage](https://cloud.google.com/storage/). To access them, you will need to [install](https://cloud.google.com/storage/docs/gsutil_install) the gsutil tool, which is part of the Google Cloud SDK. diff --git a/docs/new_project_guide.md b/docs/new_project_guide.md index a440d5bfa..8c7e3ff87 100644 --- a/docs/new_project_guide.md +++ b/docs/new_project_guide.md @@ -54,7 +54,8 @@ Project's homepage. ### primary_contact, auto_ccs Primary contact and CCs list. These people get access to ClusterFuzz which includes crash reports, fuzzer statistics, etc and are auto-cced on newly filed bugs in OSS-Fuzz -tracker. +tracker. To get full access to these artifacts, you should use a [Google account](https://support.google.com/accounts/answer/176347?hl=en) +here ([why?](faq.md#why-do-you-require-a-google-account-for-authentication)). ### sanitizers (optional) List of sanitizers to use. By default, it will use the default list of supported @@ -292,7 +293,7 @@ of good sample inputs is one of the best ways to improve [fuzz target](glossary. To provide a corpus for `my_fuzzer`, put `my_fuzzer_seed_corpus.zip` file next to the [fuzz target](glossary.md#fuzz-target)'s binary in `$OUT` during the build. Individual files in this -archive will be used as starting inputs for mutations. You can store the corpus +archive will be used as starting inputs for mutations. The name of each file in the corpus is the sha1 checksum (which you can get using the `sha1sum` or `shasum` comand) of its contents. You can store the corpus next to source files, generate during build or fetch it using curl or any other tool of your choice. (example: [boringssl](https://github.com/google/oss-fuzz/blob/master/projects/boringssl/build.sh#L41)). @@ -301,6 +302,8 @@ Seed corpus files will be used for cross-mutations and portions of them might ap in bug reports or be used for further security research. It is important that corpus has an appropriate and consistent license. +See also [Accessing Corpora](corpora.md) for information about getting access to the corpus we are currently using for your fuzz targets. + ### Dictionaries @@ -362,3 +365,5 @@ Use [ClusterFuzz](clusterfuzz.md) web interface [here](https://oss-fuzz.com/) to * Code coverage statistics * Fuzzer statistics * Fuzzer performance analyzer (linked from fuzzer statistics) + +Note that your Google Account must be listed in [project.yaml](#projectyaml) for you to have access to the ClusterFuzz web interface. |