diff options
| author | Arjun Singh <ajsinghyadav00@gmail.com> | 2023-10-04 11:04:06 +0530 |
|---|---|---|
| committer | Arjun Singh <ajsinghyadav00@gmail.com> | 2023-10-06 12:58:22 +0530 |
| commit | d32d6cdd1e5e144f7d3bb1f90f2076b3f3378674 (patch) | |
| tree | 7d71536117d0a893186809042509f62116bf16cc | |
| parent | ced662e9db6667069a5255446425ec40d388f7e1 (diff) | |
| download | go-git-d32d6cdd1e5e144f7d3bb1f90f2076b3f3378674.tar.gz | |
[fuzzing] cifuzz, update fuzzers, bug fix
Signed-off-by: Arjun Singh <ajsinghyadav00@gmail.com>
| -rw-r--r-- | .github/workflows/cifuzz.yml | 35 | ||||
| -rw-r--r-- | Makefile | 9 | ||||
| -rw-r--r-- | oss-fuzz.sh | 35 | ||||
| -rw-r--r-- | utils/merkletrie/internal/fsnoder/new_test.go | 9 |
4 files changed, 74 insertions, 14 deletions
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml new file mode 100644 index 0000000..2b17ac1 --- /dev/null +++ b/.github/workflows/cifuzz.yml @@ -0,0 +1,35 @@ +name: CIFuzz +on: [pull_request] +permissions: {} +jobs: + Fuzzing: + runs-on: ubuntu-latest + permissions: + security-events: write + steps: + - name: Build Fuzzers + id: build + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'go-git' + language: go + - name: Run Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'go-git' + language: go + fuzz-seconds: 300 + output-sarif: true + - name: Upload Crash + uses: actions/upload-artifact@v3 + if: failure() && steps.build.outcome == 'success' + with: + name: artifacts + path: ./out/artifacts + - name: Upload Sarif + if: always() && steps.build.outcome == 'success' + uses: github/codeql-action/upload-sarif@v2 + with: + # Path to SARIF file relative to the root of the repository + sarif_file: cifuzz-sarif/results.sarif + checkout_path: cifuzz-sarif @@ -45,10 +45,9 @@ clean: fuzz: @go test -fuzz=FuzzParser $(PWD)/internal/revision - @go test -fuzz=FuzzParseSignedByte $(PWD)/plumbing/object - @go test -fuzz=FuzzDecode $(PWD)/plumbing/object - @go test -fuzz=FuzzNewEndpoint $(PWD)/plumbing/transport - @go test -fuzz=FuzzDecoder $(PWD)/plumbing/protocol/packp @go test -fuzz=FuzzDecoder $(PWD)/plumbing/format/config @go test -fuzz=FuzzPatchDelta $(PWD)/plumbing/format/packfile - @go test -fuzz=FuzzDecodeFile $(PWD)/utils/merkletrie/internal/fsnoder + @go test -fuzz=FuzzParseSignedBytes $(PWD)/plumbing/object + @go test -fuzz=FuzzDecode $(PWD)/plumbing/object + @go test -fuzz=FuzzDecoder $(PWD)/plumbing/protocol/packp + @go test -fuzz=FuzzNewEndpoint $(PWD)/plumbing/transport diff --git a/oss-fuzz.sh b/oss-fuzz.sh new file mode 100644 index 0000000..885548f --- /dev/null +++ b/oss-fuzz.sh @@ -0,0 +1,35 @@ +#!/bin/bash -eu +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + + +go mod download +go get github.com/AdamKorcz/go-118-fuzz-build/testing + +if [ "$SANITIZER" != "coverage" ]; then + sed -i '/func (s \*DecoderSuite) TestDecode(/,/^}/ s/^/\/\//' plumbing/format/config/decoder_test.go + sed -n '35,$p' plumbing/format/packfile/common_test.go >> plumbing/format/packfile/delta_test.go + sed -n '20,53p' plumbing/object/object_test.go >> plumbing/object/tree_test.go + sed -i 's|func Test|// func Test|' plumbing/transport/common_test.go +fi + +compile_native_go_fuzzer $(pwd)/internal/revision FuzzParser fuzz_parser +compile_native_go_fuzzer $(pwd)/plumbing/format/config FuzzDecoder fuzz_decoder_config +compile_native_go_fuzzer $(pwd)/plumbing/format/packfile FuzzPatchDelta fuzz_patch_delta +compile_native_go_fuzzer $(pwd)/plumbing/object FuzzParseSignedBytes fuzz_parse_signed_bytes +compile_native_go_fuzzer $(pwd)/plumbing/object FuzzDecode fuzz_decode +compile_native_go_fuzzer $(pwd)/plumbing/protocol/packp FuzzDecoder fuzz_decoder_packp +compile_native_go_fuzzer $(pwd)/plumbing/transport FuzzNewEndpoint fuzz_new_endpoint diff --git a/utils/merkletrie/internal/fsnoder/new_test.go b/utils/merkletrie/internal/fsnoder/new_test.go index 52b3dc4..ad069c7 100644 --- a/utils/merkletrie/internal/fsnoder/new_test.go +++ b/utils/merkletrie/internal/fsnoder/new_test.go @@ -1,8 +1,6 @@ package fsnoder import ( - "testing" - "github.com/go-git/go-git/v5/utils/merkletrie/noder" . "gopkg.in/check.v1" @@ -354,10 +352,3 @@ func (s *FSNoderSuite) TestHashEqual(c *C) { c.Assert(HashEqual(t3, t1), Equals, false) c.Assert(HashEqual(t1, t3), Equals, false) } - -func FuzzDecodeFile(f *testing.F) { - - f.Fuzz(func(t *testing.T, input []byte) { - decodeFile(input) - }) -} |