Age | Commit message (Collapse) | Author |
|
* spotify json: initial integration.
* Updated the spotify-json library to reflect upstream fuzzer merge.
|
|
* json5format initial integration
* Updated the dockerfile for json5format.
|
|
|
|
* More generic target directory for rust coverage
* Rust coverage cargo does not change PATH
|
|
|
|
* [CIFuzz] Add functionality to save diskspace.
Add a LOW_DISK_SPACE env/config var. When this is specified
(always true for Github actions) run_fuzzers will delete
base-builder and the project builder image before fuzzing.
After it finishes fuzzing with a target, it will also
delete the targets, its seed corpus and its corpus.
Related: #4879
|
|
|
|
(#5369)
|
|
support. (#5360)
|
|
* protobuf-c: fix coverage builds, ignore protobuf results
No need to include Google Protobuf library coverage results, since we
are testing protobuf-c.
* protobuf-c: use pkg-config for dependency resolution
* protobuf-c: use next branch to check latest code
master is not the latest branch in the protobuf-c repo. Run fuzzer on
the next branch, which is the development branch for the next release.
* protobuf-c: add myself to CC list
|
|
Related: https://github.com/AOMediaCodec/libavif/pull/537
Co-authored-by: Joe Drago <jdrago@netflix.com>
|
|
|
|
👋 hello there! I'm a fellow Googler who works on projects that leverage GitHub Actions for CI/CD. Recently I noticed a large increase in our queue time, and I've tracked it down to the [limit of 180 concurrent jobs](https://docs.github.com/en/actions/reference/usage-limits-billing-and-administration) for an organization. To help be better citizens, I'm proposing changes across a few repositories that will reduce GitHub Actions hours and consumption. I hope these changes are reasonable and I'm happy to talk through them in more detail.
- Only run GitHub Actions for pushes and PRs against the main branch of the repository. If your team uses a forking model, this change will not affect you. If your team pushes branches to the repository directly, this changes actions to only run against the primary branches or if you open a Pull Request against a primary branch.
- For long-running jobs (especially tests), I added the "Cancel previous" workflow. This is very helpful to prevent a large queue backlog when you are doing rapid development and pushing multiple commits. Without this, GitHub Actions' default behavior is to run all actions on all commits.
There are other changes you could make, depending on your project (but I'm not an expert):
- If you have tests that should only run when a subset of code changes, consider gating your workflow to particular file paths. For example, we have some jobs that do Terraform linting, but [they only run when Terraform files are changed](https://github.com/google/exposure-notifications-verification-server/blob/c4f59fee71042cf668747e599e7c769fca736554/.github/workflows/terraform.yml#L3-L11).
Hopefully these changes are not too controversial and also hopefully you can see how this would reduce actions consumption to be good citizens to fellow Googlers. If you have any questions, feel free to respond here or ping me on chat. Thank you!
|
|
* Use more RUSTFLAGS for Suricata
Taken from libra and cargo fuzz
* rustflags only for asan
|
|
Annotates the findings of the various json-sanitizer fuzzers with
severities as follows:
* XSS: High
* Comment injection: Medium
* Invalid JSON: Low
* Failure to be idempotent: Not a security issue
* Undeclared exceptions: Not a security issue
This commit takes advantage of the support for severity markers in stack
traces introduced in https://github.com/google/clusterfuzz/pull/2270.
|
|
Should fix https://github.com/google/oss-fuzz/issues/5349
|
|
* Fix unzip regression on base-runner.
* Dont rpath patch llvm-symbolizer.
Should fix https://github.com/google/oss-fuzz/issues/5349
* Revert "Dont rpath patch llvm-symbolizer."
This reverts commit fdd881dea252fa2da655eb8c88dd4057db6f0215.
|
|
|
|
|
|
Related: #5170
|
|
|
|
|
|
And once the security team members changed, we have to send new PR to change this.
|
|
|
|
We don't need minijail tooling anymore since we aren't using it
on OSS-Fuzz.
|
|
Don't install recommended packages if it means installing an
entire gcc toolchain. We don't need it in the runner.
|
|
Reduce cifuzz-base size from 846MB to 444MB.
1. Don't install parts of docker that aren't necessary.
2. Use .dockerignore properly.
|
|
* libfido2: update libcbor to v0.8.0
* libfido2: add new zlib dependency
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The honggfuzz fuzz targets are failing the build checks for reasons
unknown. Disabling for now because I don't know how to debug it.
|
|
* Fixes go coverage with modules
* Golang coverage html report turning off modules
Otherwise, we get the error
working directory is not part of a module
|
|
|
|
Go needs the toolchain for now, so add it back to base-runner.
We don't actually need the rust toolchain so get rid of it
(saving about 1GB).
|
|
* Rust coverage test
* Workaround to get rust coverage for Suricata
|
|
* [cryptofuzz] Fix build
* [cryptofuzz] Trigger CI
|
|
Builds are currently broken since running libtiff ./autogen.sh requires
wget
```
autoconf
echo ./autogen.sh: getting config.guess...
./autogen.sh: getting config.guess...
wget -q --timeout=5 -O config/config.guess.tmp https://git.savannah.gnu.org/cgit/config.git/plain/config.guess
```
|
|
|
|
This should fix cifuzz which replaces the checkout
|
|
|
|
* output afl++ setup
* update commit id
* update afl++ commit id
* asan + cmplog fix
* update commit id
* update and enhance afl++
* update afl++ commit id, better run asan options
* fix linter
* add debug_afl script
* Update debug_afl
* Update compile_afl
* fix for karchive
* put debug_afl in the docker container
* asan poison fix
Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
|
|
* [freeimage] Use the SVN repo instead of the latest source archive.
Requested in https://github.com/google/oss-fuzz/pull/2606#issuecomment-588533038
* fix the path
* fix path again
* more fixes
* should work now!
* test locally
|
|
For the CMake build, build all dependencies as static libraries first.
To automate this, the Dockerfile uses the Mussels tool.
The HAVE_MMAP variable is explicitly disabled so that malloc is used in
place of mmap, which will yield better fuzzing results.
|
|
It seems that due to some recent change in `BUILD` rules, `bazel`
creates a copy of the code tree under
`bazel-tensorflow/external/org_tensorflow` symlink. However, the tree
contains a `bazel-tensorflow` symlink so we get to an infinite symlink
expansion issue. This breaks coverage build.
The fix is simple: before copying `bazel-tensorflow/external` to
`${OUT}` in coverage builds, remove `org_tensorflow` symlink. This is
not an issue for the coverage build since we copy the entire source tree
to the coverage directory in a previous step.
|
|
* [teleport] Initial integration
* Minor update to run tests again
* Remove debugging things
* Removed an unfinished file
* Small nit
* Added maintainers
* Update Dockerfile
* Update build.sh
* Update project.yaml
* Updated licenses
Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
|