Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ClusterFuzzLite Github Actions files #61

Draft
wants to merge 25 commits into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .clusterfuzzlite/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
FROM gcr.io/oss-fuzz-base/base-builder-go
RUN git clone --depth 1 https://github.com/bytemare/opaque.git
COPY . $SRC/opaque
WORKDIR $SRC/opaque
COPY ./.clusterfuzzlite/build.sh $SRC/
12 changes: 12 additions & 0 deletions .clusterfuzzlite/build.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/bin/bash -eu

set -ex

# compile_go_fuzzer github.com/bytemare/opaque FuzzConfiguration Fuzz_Configuration fuzz
# compile_go_fuzzer github.com/bytemare/opaque FuzzDeserializeRegistrationRequest Fuzz_DeserializeRegistrationRequest fuzz
# compile_go_fuzzer github.com/bytemare/opaque FuzzDeserializeRegistrationResponse Fuzz_DeserializeRegistrationResponse fuzz
# compile_go_fuzzer github.com/bytemare/opaque FuzzDeserializeRegistrationRecord Fuzz_DeserializeRegistrationRecord fuzz
# compile_go_fuzzer github.com/bytemare/opaque FuzzDeserializeKE1 Fuzz_DeserializeKE1 fuzz
# compile_go_fuzzer github.com/bytemare/opaque FuzzDeserializeKE2 Fuzz_DeserializeKE2 fuzz
# compile_go_fuzzer github.com/bytemare/opaque FuzzDeserializeKE3 Fuzz_DeserializeKE3 fuzz
compile_go_fuzzer github.com/bytemare/opaque/opaque_test FuzzKE3 Fuzz_DeserializeKE3 fuzz
10 changes: 10 additions & 0 deletions .clusterfuzzlite/project.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
homepage: "https://github.com/bytemare/opaque"
language: go
sanitizers:
- address
- undefined
- memory
architectures:
- x86_64
- i386
main_repo: 'https://github.com/bytemare/opaque.git'
2 changes: 1 addition & 1 deletion .github/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ lint: fmt license
.PHONY: test
test:
@echo "Running all tests ..."
@go test -v -vet=all ../tests
@go test -v -vet=all ../...

.PHONY: vectors
vectors:
Expand Down
34 changes: 34 additions & 0 deletions .github/workflows/cflite_batch.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
name: ClusterFuzzLite batch fuzzing
on:
schedule:
- cron: '0 0/6 * * *' # Every 6th hour. Change this to whatever is suitable.
permissions: read-all
jobs:
BatchFuzzing:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
sanitizer: [address, undefined, memory] # Override this with the sanitizers you want.
steps:
- name: Build Fuzzers (${{ matrix.sanitizer }})
id: build
uses: google/clusterfuzzlite/actions/build_fuzzers@v1
bytemare marked this conversation as resolved.
Show resolved Hide resolved
with:
language: go # Change this to the language you are fuzzing.
sanitizer: ${{ matrix.sanitizer }}
- name: Run Fuzzers (${{ matrix.sanitizer }})
id: run
uses: google/clusterfuzzlite/actions/run_fuzzers@v1
bytemare marked this conversation as resolved.
Show resolved Hide resolved
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
fuzz-seconds: 3600
mode: 'batch'
sanitizer: ${{ matrix.sanitizer }}
output-sarif: true
# Optional but recommended: For storing certain artifacts from fuzzing.
# See later section on "Git repo for storage".
storage-repo: https://${{ secrets.FUZZ_STORAGE_REPO_TOKEN }}@github.com/bytemare/fuzzing.git
storage-repo-branch: main # Optional. Defaults to "main"
storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages".
parallel-fuzzing: true
24 changes: 24 additions & 0 deletions .github/workflows/cflite_build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: ClusterFuzzLite continuous builds
on:
push:
branches:
- main # Use your actual default branch here.
permissions: read-all
jobs:
Build:
runs-on: ubuntu-latest
concurrency:
group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}
cancel-in-progress: true
strategy:
fail-fast: false
matrix:
sanitizer: [address, undefined, memory] # Override this with the sanitizers you want.
steps:
- name: Build Fuzzers (${{ matrix.sanitizer }})
id: build
uses: google/clusterfuzzlite/actions/build_fuzzers@v1
bytemare marked this conversation as resolved.
Show resolved Hide resolved
with:
language: go # Change this to the language you are fuzzing.
sanitizer: ${{ matrix.sanitizer }}
upload-build: true
49 changes: 49 additions & 0 deletions .github/workflows/cflite_cron.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: ClusterFuzzLite cron tasks
on:
schedule:
- cron: '0 0 * * *' # Once a day at midnight.
permissions: read-all
jobs:
Pruning:
runs-on: ubuntu-latest
steps:
- name: Build Fuzzers
id: build
uses: google/clusterfuzzlite/actions/build_fuzzers@v1
bytemare marked this conversation as resolved.
Show resolved Hide resolved
with:
language: go # Change this to the language you are fuzzing
- name: Run Fuzzers
id: run
uses: google/clusterfuzzlite/actions/run_fuzzers@v1
bytemare marked this conversation as resolved.
Show resolved Hide resolved
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
fuzz-seconds: 600
mode: 'prune'
output-sarif: true
# Optional but recommended.
# See later section on "Git repo for storage".
storage-repo: https://${{ secrets.FUZZ_STORAGE_REPO_TOKEN }}@github.com/bytemare/fuzzing.git
storage-repo-branch: main # Optional. Defaults to "main"
storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages".
Coverage:
runs-on: ubuntu-latest
steps:
- name: Build Fuzzers
id: build
uses: google/clusterfuzzlite/actions/build_fuzzers@v1
bytemare marked this conversation as resolved.
Show resolved Hide resolved
with:
language: go # Change this to the language you are fuzzing.
sanitizer: coverage
- name: Run Fuzzers
id: run
uses: google/clusterfuzzlite/actions/run_fuzzers@v1
bytemare marked this conversation as resolved.
Show resolved Hide resolved
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
fuzz-seconds: 600
mode: 'coverage'
sanitizer: 'coverage'
# Optional but recommended.
# See later section on "Git repo for storage".
storage-repo: https://${{ secrets.FUZZ_STORAGE_REPO_TOKEN }}@github.com/bytemare/fuzzing.git
storage-repo-branch: main # Optional. Defaults to "main"
storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages".
46 changes: 46 additions & 0 deletions .github/workflows/cflite_pr.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
name: ClusterFuzzLite PR fuzzing
on:
pull_request:
paths:
- '**'
permissions: read-all
jobs:
PR:
runs-on: ubuntu-latest
concurrency:
group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}
cancel-in-progress: true
strategy:
fail-fast: false
matrix:
sanitizer: [address, undefined, memory] # Override this with the sanitizers you want.
steps:
- name: Build Fuzzers (${{ matrix.sanitizer }})
id: build
uses: google/clusterfuzzlite/actions/build_fuzzers@v1
bytemare marked this conversation as resolved.
Show resolved Hide resolved
with:
language: go # Change this to the language you are fuzzing.
github-token: ${{ secrets.GITHUB_TOKEN }}
sanitizer: ${{ matrix.sanitizer }}
# Optional but recommended: used to only run fuzzers that are affected
# by the PR.
# See later section on "Git repo for storage".
# storage-repo: https://${{ secrets.FUZZ_STORAGE_REPO_TOKEN }}@github.com/bytemare/fuzzing.git
# storage-repo-branch: main # Optional. Defaults to "main"
# storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages".
- name: Run Fuzzers (${{ matrix.sanitizer }})
id: run
uses: google/clusterfuzzlite/actions/run_fuzzers@v1
bytemare marked this conversation as resolved.
Show resolved Hide resolved
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
fuzz-seconds: 600
mode: 'code-change'
sanitizer: ${{ matrix.sanitizer }}
output-sarif: true
# Optional but recommended: used to download the corpus produced by
# batch fuzzing.
# See later section on "Git repo for storage".
storage-repo: https://${{ secrets.FUZZ_STORAGE_REPO_TOKEN }}@github.com/bytemare/fuzzing.git
storage-repo-branch: main # Optional. Defaults to "main"
storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages".
parallel-fuzzing: true
6 changes: 3 additions & 3 deletions examples_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -276,7 +276,7 @@ func Example_registration() {
fmt.Println("OPAQUE registration is easy!")
}

// Output: OPAQUE server values initialized.
// Output: OPAQUE server initialized.
// OPAQUE registration is easy!
}

Expand Down Expand Up @@ -384,7 +384,7 @@ func Example_loginKeyExchange() {
}

fmt.Println("OPAQUE is much awesome!")
// Output: OPAQUE server values initialized.
// Output: OPAQUE server initialized.
// OPAQUE registration is easy!
// OPAQUE is much awesome!
}
Expand Down Expand Up @@ -450,6 +450,6 @@ func Example_fakeResponse() {
fmt.Println("Thwarting OPAQUE client enumeration is easy!")
}

// Output: OPAQUE server values initialized.
// Output: OPAQUE server initialized.
// Thwarting OPAQUE client enumeration is easy!
}
Loading