1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
|
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Module for interacting with the ClusterFuzz deployment."""
import logging
import os
import sys
import urllib.error
import urllib.request
import config_utils
import continuous_integration
import filestore
import filestore_utils
import http_utils
import get_coverage
import repo_manager
# pylint: disable=wrong-import-position,import-error
sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
import utils
class BaseClusterFuzzDeployment:
"""Base class for ClusterFuzz deployments."""
def __init__(self, config, workspace):
self.config = config
self.workspace = workspace
self.ci_system = continuous_integration.get_ci(config)
def download_latest_build(self):
"""Downloads the latest build from ClusterFuzz.
Returns:
A path to where the OSS-Fuzz build was stored, or None if it wasn't.
"""
raise NotImplementedError('Child class must implement method.')
def upload_build(self, commit):
"""Uploads the build with the given commit sha to the filestore."""
raise NotImplementedError('Child class must implement method.')
def download_corpus(self, target_name, corpus_dir):
"""Downloads the corpus for |target_name| from ClusterFuzz to |corpus_dir|.
Returns:
A path to where the OSS-Fuzz build was stored, or None if it wasn't.
"""
raise NotImplementedError('Child class must implement method.')
def upload_crashes(self):
"""Uploads crashes in |crashes_dir| to filestore."""
raise NotImplementedError('Child class must implement method.')
def upload_corpus(self, target_name, corpus_dir, replace=False): # pylint: disable=no-self-use,unused-argument
"""Uploads the corpus for |target_name| to filestore."""
raise NotImplementedError('Child class must implement method.')
def upload_coverage(self):
"""Uploads the coverage report to the filestore."""
raise NotImplementedError('Child class must implement method.')
def get_coverage(self, repo_path):
"""Returns the project coverage object for the project."""
raise NotImplementedError('Child class must implement method.')
def _make_empty_dir_if_nonexistent(path):
"""Makes an empty directory at |path| if it does not exist."""
os.makedirs(path, exist_ok=True)
class ClusterFuzzLite(BaseClusterFuzzDeployment):
"""Class representing a deployment of ClusterFuzzLite."""
COVERAGE_NAME = 'latest'
LATEST_BUILD_WINDOW = 3
def __init__(self, config, workspace):
super().__init__(config, workspace)
self.filestore = filestore_utils.get_filestore(self.config)
def download_latest_build(self):
if os.path.exists(self.workspace.clusterfuzz_build):
# This path is necessary because download_latest_build can be called
# multiple times.That is the case because it is called only when we need
# to see if a bug is novel, i.e. until we want to check a bug is novel we
# don't want to waste time calling this, but therefore this method can be
# called if multiple bugs are found.
return self.workspace.clusterfuzz_build
repo_dir = self.ci_system.repo_dir()
if not repo_dir:
raise RuntimeError('Repo checkout does not exist.')
_make_empty_dir_if_nonexistent(self.workspace.clusterfuzz_build)
repo = repo_manager.RepoManager(repo_dir)
# Builds are stored by commit, so try the latest |LATEST_BUILD_WINDOW|
# commits before the current.
# TODO(ochang): If API usage becomes an issue, this can be optimized by the
# filestore accepting a list of filenames to try.
for old_commit in repo.get_commit_list('HEAD^',
limit=self.LATEST_BUILD_WINDOW):
logging.info('Trying to downloading previous build %s.', old_commit)
build_name = self._get_build_name(old_commit)
try:
if self.filestore.download_build(build_name,
self.workspace.clusterfuzz_build):
logging.info('Done downloading previus build.')
return self.workspace.clusterfuzz_build
logging.info('Build for %s does not exist.', old_commit)
except Exception as err: # pylint: disable=broad-except
logging.error('Could not download build for %s because of: %s',
old_commit, err)
return None
def download_corpus(self, target_name, corpus_dir):
_make_empty_dir_if_nonexistent(corpus_dir)
logging.info('Downloading corpus for %s to %s.', target_name, corpus_dir)
corpus_name = self._get_corpus_name(target_name)
try:
self.filestore.download_corpus(corpus_name, corpus_dir)
logging.info('Done downloading corpus. Contains %d elements.',
len(os.listdir(corpus_dir)))
except Exception as err: # pylint: disable=broad-except
logging.error('Failed to download corpus for target: %s. Error: %s',
target_name, str(err))
return corpus_dir
def _get_build_name(self, name):
return f'{self.config.sanitizer}-{name}'
def _get_corpus_name(self, target_name): # pylint: disable=no-self-use
"""Returns the name of the corpus artifact."""
return target_name
def _get_crashes_artifact_name(self): # pylint: disable=no-self-use
"""Returns the name of the crashes artifact."""
return 'current'
def upload_corpus(self, target_name, corpus_dir, replace=False):
"""Upload the corpus produced by |target_name|."""
logging.info('Uploading corpus in %s for %s.', corpus_dir, target_name)
name = self._get_corpus_name(target_name)
try:
self.filestore.upload_corpus(name, corpus_dir, replace=replace)
logging.info('Done uploading corpus.')
except Exception as error: # pylint: disable=broad-except
logging.error('Failed to upload corpus for target: %s. Error: %s.',
target_name, error)
def upload_build(self, commit):
"""Upload the build produced by CIFuzz as the latest build."""
logging.info('Uploading latest build in %s.', self.workspace.out)
build_name = self._get_build_name(commit)
try:
result = self.filestore.upload_build(build_name, self.workspace.out)
logging.info('Done uploading latest build.')
return result
except Exception as error: # pylint: disable=broad-except
logging.error('Failed to upload latest build: %s. Error: %s',
self.workspace.out, error)
def upload_crashes(self):
"""Uploads crashes."""
if not os.listdir(self.workspace.artifacts):
logging.info('No crashes in %s. Not uploading.', self.workspace.artifacts)
return
crashes_artifact_name = self._get_crashes_artifact_name()
logging.info('Uploading crashes in %s.', self.workspace.artifacts)
try:
self.filestore.upload_crashes(crashes_artifact_name,
self.workspace.artifacts)
logging.info('Done uploading crashes.')
except Exception as error: # pylint: disable=broad-except
logging.error('Failed to upload crashes. Error: %s', error)
def upload_coverage(self):
"""Uploads the coverage report to the filestore."""
self.filestore.upload_coverage(self.COVERAGE_NAME,
self.workspace.coverage_report)
def get_coverage(self, repo_path):
"""Returns the project coverage object for the project."""
try:
if not self.filestore.download_coverage(
self.COVERAGE_NAME, self.workspace.clusterfuzz_coverage):
logging.error('Could not download coverage.')
return None
return get_coverage.FilesystemCoverage(
repo_path, self.workspace.clusterfuzz_coverage)
except (get_coverage.CoverageError, filestore.FilestoreError):
logging.error('Could not get coverage.')
return None
class OSSFuzz(BaseClusterFuzzDeployment):
"""The OSS-Fuzz ClusterFuzz deployment."""
# Location of clusterfuzz builds on GCS.
CLUSTERFUZZ_BUILDS = 'clusterfuzz-builds'
# Zip file name containing the corpus.
CORPUS_ZIP_NAME = 'public.zip'
def get_latest_build_name(self):
"""Gets the name of the latest OSS-Fuzz build of a project.
Returns:
A string with the latest build version or None.
"""
version_file = (
f'{self.config.oss_fuzz_project_name}-{self.config.sanitizer}'
'-latest.version')
version_url = utils.url_join(utils.GCS_BASE_URL, self.CLUSTERFUZZ_BUILDS,
self.config.oss_fuzz_project_name,
version_file)
try:
response = urllib.request.urlopen(version_url)
except urllib.error.HTTPError:
logging.error('Error getting latest build version for %s from: %s.',
self.config.oss_fuzz_project_name, version_url)
return None
return response.read().decode()
def download_latest_build(self):
"""Downloads the latest OSS-Fuzz build from GCS.
Returns:
A path to where the OSS-Fuzz build was stored, or None if it wasn't.
"""
if os.path.exists(self.workspace.clusterfuzz_build):
# This function can be called multiple times, don't download the build
# again.
return self.workspace.clusterfuzz_build
_make_empty_dir_if_nonexistent(self.workspace.clusterfuzz_build)
latest_build_name = self.get_latest_build_name()
if not latest_build_name:
return None
logging.info('Downloading latest build.')
oss_fuzz_build_url = utils.url_join(utils.GCS_BASE_URL,
self.CLUSTERFUZZ_BUILDS,
self.config.oss_fuzz_project_name,
latest_build_name)
if http_utils.download_and_unpack_zip(oss_fuzz_build_url,
self.workspace.clusterfuzz_build):
logging.info('Done downloading latest build.')
return self.workspace.clusterfuzz_build
return None
def upload_build(self, commit): # pylint: disable=no-self-use
"""Noop Implementation of upload_build."""
logging.info('Not uploading latest build because on OSS-Fuzz.')
def upload_corpus(self, target_name, corpus_dir, replace=False): # pylint: disable=no-self-use,unused-argument
"""Noop Implementation of upload_corpus."""
logging.info('Not uploading corpus because on OSS-Fuzz.')
def upload_crashes(self): # pylint: disable=no-self-use
"""Noop Implementation of upload_crashes."""
logging.info('Not uploading crashes because on OSS-Fuzz.')
def download_corpus(self, target_name, corpus_dir):
"""Downloads the latest OSS-Fuzz corpus for the target.
Returns:
The local path to to corpus or None if download failed.
"""
_make_empty_dir_if_nonexistent(corpus_dir)
project_qualified_fuzz_target_name = target_name
qualified_name_prefix = self.config.oss_fuzz_project_name + '_'
if not target_name.startswith(qualified_name_prefix):
project_qualified_fuzz_target_name = qualified_name_prefix + target_name
corpus_url = (f'{utils.GCS_BASE_URL}{self.config.oss_fuzz_project_name}'
'-backup.clusterfuzz-external.appspot.com/corpus/'
f'libFuzzer/{project_qualified_fuzz_target_name}/'
f'{self.CORPUS_ZIP_NAME}')
if not http_utils.download_and_unpack_zip(corpus_url, corpus_dir):
logging.warning('Failed to download corpus for %s.', target_name)
return corpus_dir
def upload_coverage(self):
"""Noop Implementation of upload_coverage_report."""
logging.info('Not uploading coverage report because on OSS-Fuzz.')
def get_coverage(self, repo_path):
"""Returns the project coverage object for the project."""
try:
return get_coverage.OSSFuzzCoverage(repo_path,
self.config.oss_fuzz_project_name)
except get_coverage.CoverageError:
return None
class NoClusterFuzzDeployment(BaseClusterFuzzDeployment):
"""ClusterFuzzDeployment implementation used when there is no deployment of
ClusterFuzz to use."""
def upload_build(self, commit): # pylint: disable=no-self-use
"""Noop Implementation of upload_build."""
logging.info('Not uploading latest build because no ClusterFuzz '
'deployment.')
def upload_corpus(self, target_name, corpus_dir, replace=False): # pylint: disable=no-self-use,unused-argument
"""Noop Implementation of upload_corpus."""
logging.info('Not uploading corpus because no ClusterFuzz deployment.')
def upload_crashes(self): # pylint: disable=no-self-use
"""Noop Implementation of upload_crashes."""
logging.info('Not uploading crashes because no ClusterFuzz deployment.')
def download_corpus(self, target_name, corpus_dir):
"""Noop Implementation of download_corpus."""
logging.info('Not downloading corpus because no ClusterFuzz deployment.')
return _make_empty_dir_if_nonexistent(corpus_dir)
def download_latest_build(self): # pylint: disable=no-self-use
"""Noop Implementation of download_latest_build."""
logging.info(
'Not downloading latest build because no ClusterFuzz deployment.')
def upload_coverage(self):
"""Noop Implementation of upload_coverage."""
logging.info(
'Not uploading coverage report because no ClusterFuzz deployment.')
def get_coverage(self, repo_path):
"""Noop Implementation of get_coverage."""
logging.info(
'Not getting project coverage because no ClusterFuzz deployment.')
_PLATFORM_CLUSTERFUZZ_DEPLOYMENT_MAPPING = {
config_utils.BaseConfig.Platform.INTERNAL_GENERIC_CI:
OSSFuzz,
config_utils.BaseConfig.Platform.INTERNAL_GITHUB:
OSSFuzz,
config_utils.BaseConfig.Platform.EXTERNAL_GENERIC_CI:
NoClusterFuzzDeployment,
config_utils.BaseConfig.Platform.EXTERNAL_GITHUB:
ClusterFuzzLite,
}
def get_clusterfuzz_deployment(config, workspace):
"""Returns object reprsenting deployment of ClusterFuzz used by |config|."""
deployment_cls = _PLATFORM_CLUSTERFUZZ_DEPLOYMENT_MAPPING[config.platform]
result = deployment_cls(config, workspace)
logging.info('ClusterFuzzDeployment: %s.', result)
return result
|
