Running cargo-bolero jobs on ClusterFuzz

[Ekleog-NEAR]

Hey! I’m currently looking into both cargo-bolero and ClusterFuzz (the software under oss-fuzz).

I’m curious, has anyone run a cargo-bolero-built fuzzer on top of ClusterFuzz yet? It seems to me like ClusterFuzz needs a libfuzzer binary with the CLI of a regular libfuzzer binary to properly run.

My first thoughts were that I could try patching ClusterFuzz to also support bolero’s CLI (patching around here and other run_and_wait calls), but seeing how ClusterFuzz is google-owned I’m not sure this would be the best way forward, especially as cargo-bolero is not yet that widespread.

My current thoughts are, that we could add a command to cargo-bolero to generate a clusterfuzz tgz for a given cargo-bolero target. This clusterfuzz tgz would contain the regular cargo-bolero binary, but the actual binary for clusterfuzz (so, the fuzzer binary) would be a mini-binary that just takes its arguments, puts them into BOLERO_LIBFUZZER_ARGS, and calls the bolero binary with as argument the test to run and this environment variable.

Does that make sense as a plan to you?

[camshaft]

Seems reasonable to me (but I've never used ClusterFuzz, either). I think supporting it out of the box sounds great.

One thing we'll also need to do is pass the harness name to the binary, since it's using the libtest CLI interface.

[Ekleog-NEAR]

Got it thanks! I’ll try to come back to you with a PR within a few months then :)