Add documentation for Python fuzzing. (#4709)

* Add documentation for Python fuzzing. * Minor formatting/wording changes
author: mbarbella-chromium <41697236+mbarbella-chromium@users.noreply.github.com> 2020-11-24 16:19:45 -0800
committer: GitHub <noreply@github.com> 2020-11-24 16:19:45 -0800
commit: ea136f510608a68bec36869c471f13543f76bb62 (patch)
tree: d80798f7373911c3d7380b0f13e57f0ca24ecc06 /docs
parent: dd8ad0aa04f3ebbc9e877587665f479cc96ca819 (diff)
download: oss-fuzz-ea136f510608a68bec36869c471f13543f76bb62.tar.gz
2 files changed, 94 insertions, 0 deletions
diff --git a/docs/getting-started/new-project-guide/python_lang.md b/docs/getting-started/new-project-guide/python_lang.md
new file mode 100644
index 000000000..bd0fd55ee
--- /dev/null
+++ b/docs/getting-started/new-project-guide/python_lang.md
@@ -0,0 +1,93 @@
+---
+layout: default
+title: Integrating a Python project
+parent: Setting up a new project
+grand_parent: Getting started
+nav_order: 3
+permalink: /getting-started/new-project-guide/python-lang/
+---
+
+# Integrating a Rust project
+{: .no_toc}
+
+- TOC
+{:toc}
+---
+
+
+The process of integrating a project written in Python with OSS-Fuzz is very
+similar to the general
+[Setting up a new project]({{ site.baseurl }}/getting-started/new-project-guide/)
+process. The key specifics of integrating a Python project are outlined below.
+
+## Atheris
+
+Python fuzzing in OSS-Fuzz depends on
+[Atheris](https://github.com/google/atheris). Fuzzers will depend on the
+`atheris` package, and dependencies are pre-installed on the OSS-Fuzz base
+docker images.
+
+## Project files
+
+### Example project
+
+We recommending viewing [ujson](https://github.com/google/oss-fuzz/tree/master/projects/ujson) as an
+example of a simple Python fuzzing project.
+
+### project.yaml
+
+The `language` attribute must be specified.
+
+```yaml
+language: python
+```
+
+The only supported fuzzing engine and sanitizer are `libfuzzer` and `address`,
+respectively.
+
+```yaml
+sanitizers:
+  - address
+fuzzing_engines:
+  - libfuzzer
+```
+
+### Dockerfile
+
+Because most dependencies are already pre-installed on the images, no
+significant changes are needed in the Dockerfile for Python fuzzing projects.
+You should simply clone the project, set a `WORKDIR`, and copy any necessary
+files, or install any project-specific dependencies here as you normally would.
+
+### build.sh
+
+For Python projects, `build.sh` does need some more significant modifications
+over normal projects. The following is an annotated example build script,
+explaining why each step is necessary and when they can be omitted.
+
+```sh
+# Build and install project (using current CFLAGS, CXXFLAGS). This is required
+# for projects with C extensions so that they're built with the proper flags.
+pip3 install .
+
+# Build fuzzers into $OUT. These could be detected in other ways.
+for fuzzer in $(find $SRC -name '*_fuzzer.py'); do
+  fuzzer_basename=$(basename -s .py $fuzzer)
+  fuzzer_package=${fuzzer_basename}.pkg
+
+  # To avoid issues with Python version conflicts, or changes in environment
+  # over time on the OSS-Fuzz bots, we use pyinstaller to create a standalone
+  # package. Though not necessarily required for reproducing issues, this is
+  # required to keep fuzzers working properly in OSS-Fuzz.
+  pyinstaller --distpath $OUT --onefile --name $fuzzer_package $fuzzer
+
+  # Create execution wrapper. Atheris requires that certain libraries are
+  # preloaded, so this is also done here to ensure compatibility and simplify
+  # test case reproduction. Since this helper script is what OSS-Fuzz will
+  # actually execute, it is also always required.
+  echo "#/bin/sh
+# LLVMFuzzerTestOneInput for fuzzer detection.
+LD_PRELOAD=\$(dirname "\$0")/libclang_rt.asan-x86_64.so \$(dirname "\$0")/$fuzzer_package \$@" > $OUT/$fuzzer_basename
+  chmod u+x $OUT/$fuzzer_basename
+done
+```
diff --git a/docs/getting-started/new_project_guide.md b/docs/getting-started/new_project_guide.md
index 1b9a9847b..df1576807 100644
--- a/docs/getting-started/new_project_guide.md
+++ b/docs/getting-started/new_project_guide.md
@@ -95,6 +95,7 @@ Programming language the project is written in. Values you can specify include:
 * `c++`
 * [`go`]({{ site.baseurl }}//getting-started/new-project-guide/go-lang/)
 * [`rust`]({{ site.baseurl }}//getting-started/new-project-guide/rust-lang/)
+* [`python`]({{ site.baseurl }}//getting-started/new-project-guide/python-lang/)
 
 ### primary_contact, auto_ccs {#primary}
 The primary contact and list of other contacts to be CCed. Each person listed gets access to ClusterFuzz, including crash reports and fuzzer statistics, and are auto-cced on new bugs filed in the OSS-Fuzz
author	mbarbella-chromium <41697236+mbarbella-chromium@users.noreply.github.com>	2020-11-24 16:19:45 -0800
committer	GitHub <noreply@github.com>	2020-11-24 16:19:45 -0800
commit	ea136f510608a68bec36869c471f13543f76bb62 (patch)
tree	d80798f7373911c3d7380b0f13e57f0ca24ecc06 /docs
parent	dd8ad0aa04f3ebbc9e877587665f479cc96ca819 (diff)
download	oss-fuzz-ea136f510608a68bec36869c471f13543f76bb62.tar.gz