diff options
author | jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com> | 2021-01-20 13:23:55 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-20 13:23:55 -0800 |
commit | b998058ef3c6a27fe179b0ab3db8cb08ad766d85 (patch) | |
tree | e2fde0dd5a9847ee34935d9c18fff77763e2b9ed /infra/cifuzz/run_fuzzers_entrypoint.py | |
parent | 9d7f4f3100caf7aa731cf53c943a4e3ef62b0607 (diff) | |
download | oss-fuzz-b998058ef3c6a27fe179b0ab3db8cb08ad766d85.tar.gz |
Move entrypoints for CIFuzz to cifuzz folder. (#5020)
Move entrypoints for CIFuzz to cifuzz.
This allows us to reduce some complexity by getting rid of
an unnecessary copy in docker and a hack to making importing work.
Diffstat (limited to 'infra/cifuzz/run_fuzzers_entrypoint.py')
-rw-r--r-- | infra/cifuzz/run_fuzzers_entrypoint.py | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/infra/cifuzz/run_fuzzers_entrypoint.py b/infra/cifuzz/run_fuzzers_entrypoint.py new file mode 100644 index 000000000..75312c3d7 --- /dev/null +++ b/infra/cifuzz/run_fuzzers_entrypoint.py @@ -0,0 +1,93 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Runs specific OSS-Fuzz project's fuzzers for CI tools.""" +import logging +import os +import sys + +import cifuzz + +# TODO: Turn default logging to INFO when CIFuzz is stable. +logging.basicConfig( + format='%(asctime)s - %(name)s - %(levelname)s - %(message)s', + level=logging.DEBUG) + + +def main(): + """Runs OSS-Fuzz project's fuzzers for CI tools. + This is the entrypoint for the run_fuzzers github action. + This action can be added to any OSS-Fuzz project's workflow that uses Github. + + NOTE: libFuzzer binaries must be located in the ${GITHUB_WORKSPACE}/out + directory in order for this action to be used. This action will only fuzz the + binaries that are located in that directory. It is recommended that you add + the build_fuzzers action preceding this one. + + NOTE: Any crash report will be in the filepath: + ${GITHUB_WORKSPACE}/out/testcase + This can be used in parallel with the upload-artifact action to surface the + logs. + + Required environment variables: + FUZZ_SECONDS: The length of time in seconds that fuzzers are to be run. + GITHUB_WORKSPACE: The shared volume directory where input artifacts are. + DRY_RUN: If true, no failures will surface. + OSS_FUZZ_PROJECT_NAME: The name of the relevant OSS-Fuzz project. + SANITIZER: The sanitizer to use when running fuzzers. + + Returns: + 0 on success or 1 on failure. + """ + fuzz_seconds = int(os.environ.get('FUZZ_SECONDS', 600)) + workspace = os.environ.get('GITHUB_WORKSPACE') + oss_fuzz_project_name = os.environ.get('OSS_FUZZ_PROJECT_NAME') + sanitizer = os.environ.get('SANITIZER').lower() + + # Check if failures should not be reported. + dry_run = (os.environ.get('DRY_RUN').lower() == 'true') + + # The default return code when an error occurs. + returncode = 1 + if dry_run: + # A testcase file is required in order for CIFuzz to surface bugs. + # If the file does not exist, the action will crash attempting to upload it. + # The dry run needs this file because it is set to upload a testcase both + # on successful runs and on failures. + out_dir = os.path.join(workspace, 'out', 'artifacts') + os.makedirs(out_dir, exist_ok=True) + + # Sets the default return code on error to success. + returncode = 0 + + if not workspace: + logging.error('This script needs to be run in the Github action context.') + return returncode + # Run the specified project's fuzzers from the build. + run_status, bug_found = cifuzz.run_fuzzers(fuzz_seconds, + workspace, + oss_fuzz_project_name, + sanitizer=sanitizer) + if not run_status: + logging.error('Error occurred while running in workspace %s.', workspace) + return returncode + if bug_found: + logging.info('Bug found.') + if not dry_run: + # Return 2 when a bug was found by a fuzzer causing the CI to fail. + return 2 + return 0 + + +if __name__ == '__main__': + sys.exit(main()) |