From 6c533558a3db4b30a6b7a81d19ac180fe2000ca2 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Mon, 28 Oct 2019 20:45:55 +0300 Subject: [PATCH] fuzz-ci: fix & enhance fuzzing process (#2835) * fuzz-ci: fix the authentication call for fuzzit by using the --api-key flag rather than the `auth` command * Allow fuzzing on schedules as well as non-fork PRs Closes #2710 --- azure-pipelines.yml | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 58ce4f0d1..de81333c6 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -157,9 +157,9 @@ jobs: displayName: Coerce correct build result - job: fuzzing - displayName: 'Scheduled Fuzzing' - # Only run this job on schedules, not PRs. - condition: eq(variables['Build.Reason'], 'Schedule') + displayName: 'Fuzzing' + # Only run this job on schedules or PRs for non-forks. + condition: or(eq(variables['System.PullRequest.IsFork'], 'False'), eq(variables['Build.Reason'], 'Schedule') ) strategy: matrix: linux: @@ -192,10 +192,10 @@ jobs: displayName: Install Go on Linux - bash: | - # Install Clang - sudo add-apt-repository "deb http://apt.llvm.org/xenial/ llvm-toolchain-xenial main" + # Install Clang-7.0 because other versions seem to be missing the file libclang_rt.fuzzer-x86_64.a + sudo add-apt-repository "deb http://apt.llvm.org/xenial/ llvm-toolchain-xenial-7 main" wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add - - sudo apt update && sudo apt install -y clang lldb lld + sudo apt update && sudo apt install -y clang-7 lldb-7 lld-7 go get -v github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-build wget -q -O fuzzit https://github.com/fuzzitdev/fuzzit/releases/download/v2.4.74/fuzzit_Linux_x86_64 @@ -204,12 +204,6 @@ jobs: displayName: Download go-fuzz tools and the Fuzzit CLI, and move Fuzzit CLI to GOBIN condition: and(eq(variables['System.PullRequest.IsFork'], 'False') , eq( variables['Agent.OS'], 'Linux' )) - - script: fuzzit auth ${FUZZIT_API_KEY} - condition: and(eq(variables['System.PullRequest.IsFork'], 'False') , eq( variables['Agent.OS'], 'Linux' )) - displayName: Authenticate with Fuzzit - env: - FUZZIT_API_KEY: $(FUZZIT_API_KEY) - - bash: | declare -A fuzzers_funcs=(\ ["./admin_fuzz.go"]="FuzzAdmin" \ @@ -228,16 +222,22 @@ jobs: ["./listeners_fuzz.go"]="parse-listen-addr" \ ["./replacer_fuzz.go"]="replacer" \ ) - fuzz_type="fuzzing" + + fuzz_type="regression" + if [[ $(Build.Reason) == "Schedule" ]]; then + fuzz_type="fuzzing" + fi for f in $(find . -name \*_fuzz.go); do FUZZER_DIRECTORY=$(dirname $f) echo "go-fuzz-build func ${fuzzers_funcs[$f]} residing in $f" go-fuzz-build -func "${fuzzers_funcs[$f]}" -libfuzzer -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.a" $FUZZER_DIRECTORY echo "Generating fuzzer binary of func ${fuzzers_funcs[$f]} which resides in $f" - clang -fsanitize=fuzzer "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.a" -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.fuzzer" - fuzzit create job --type "${fuzz_type}" --branch "${SYSTEM_PULLREQUEST_SOURCEBRANCH}" --revision "${BUILD_SOURCEVERSION}" caddyserver/${fuzzers_targets[$f]} $FUZZER_DIRECTORY/${fuzzers_targets[$f]}.fuzzer + clang-7 -fsanitize=fuzzer "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.a" -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}" + fuzzit create job caddyserver/${fuzzers_targets[$f]} $FUZZER_DIRECTORY/${fuzzers_targets[$f]} --api-key ${FUZZIT_API_KEY} --type "${fuzz_type}" --branch "${SYSTEM_PULLREQUEST_SOURCEBRANCH}" --revision "${BUILD_SOURCEVERSION}" echo "Completed $f" done + env: + FUZZIT_API_KEY: $(FUZZIT_API_KEY) workingDirectory: '$(modulePath)' displayName: Generate fuzzers & submit them to Fuzzit