def test_allow_broken_fuzz_targets_percentage(self, mocked_docker_run):
"""Tests that ALLOWED_BROKEN_TARGETS_PERCENTAGE is set when running
docker if it is set in the environment."""
test_fuzzer_dir = os.path.join(TEST_FILES_PATH, 'out')
mocked_docker_run.return_value = 0
cifuzz.check_fuzzer_build(test_fuzzer_dir)
self.assertIn('-e ALLOWED_BROKEN_TARGETS_PERCENTAGE=0',
' '.join(mocked_docker_run.call_args[0][0]))
def main():
"""Build OSS-Fuzz project's fuzzers for CI tools.
This script is used to kick off the Github Actions CI tool. It is the
entrypoint of the Dockerfile in this directory. This action can be added to
any OSS-Fuzz project's workflow that uses Github.
Note: The resulting clusterfuzz binaries of this build are placed in
the directory: ${GITHUB_WORKSPACE}/out
Required environment variables:
OSS_FUZZ_PROJECT_NAME: The name of OSS-Fuzz project.
GITHUB_REPOSITORY: The name of the Github repo that called this script.
GITHUB_SHA: The commit SHA that triggered this script.
GITHUB_REF: The pull request reference that triggered this script.
GITHUB_EVENT_NAME: The name of the hook event that triggered this script.
GITHUB_WORKSPACE: The shared volume directory where input artifacts are.
Returns:
0 on success or 1 on Failure.
"""
oss_fuzz_project_name = os.environ.get('OSS_FUZZ_PROJECT_NAME')
github_repo_name = os.path.basename(os.environ.get('GITHUB_REPOSITORY'))
pr_ref = os.environ.get('GITHUB_REF')
commit_sha = os.environ.get('GITHUB_SHA')
event = os.environ.get('GITHUB_EVENT_NAME')
workspace = os.environ.get('GITHUB_WORKSPACE')
# Check if failures should not be reported.
dry_run = (os.environ.get('DRY_RUN').lower() == 'true')
# The default return code when an error occurs.
returncode = 1
if dry_run:
# Sets the default return code on error to success.
returncode = 0
if not workspace:
logging.error(
'This script needs to be run in the Github action context.')
return returncode
if event == 'push' and not cifuzz.build_fuzzers(oss_fuzz_project_name,
github_repo_name,
workspace,
commit_sha=commit_sha):
logging.error('Error building fuzzers for project %s with commit %s.',
oss_fuzz_project_name, commit_sha)
return returncode
if event == 'pull_request' and not cifuzz.build_fuzzers(
oss_fuzz_project_name, github_repo_name, workspace, pr_ref=pr_ref):
logging.error(
'Error building fuzzers for project %s with pull request %s.',
oss_fuzz_project_name, pr_ref)
return returncode
out_dir = os.path.join(workspace, 'out')
if cifuzz.check_fuzzer_build(out_dir):
return 0
return returncode
def main():
"""Build OSS-Fuzz project's fuzzers for CI tools.
This script is used to kick off the Github Actions CI tool. It is the
entrypoint of the Dockerfile in this directory. This action can be added to
any OSS-Fuzz project's workflow that uses Github.
Note: The resulting clusterfuzz binaries of this build are placed in
the directory: ${GITHUB_WORKSPACE}/out
Required environment variables:
OSS_FUZZ_PROJECT_NAME: The name of OSS-Fuzz project.
GITHUB_REPOSITORY: The name of the Github repo that called this script.
GITHUB_SHA: The commit SHA that triggered this script.
GITHUB_EVENT_NAME: The name of the hook event that triggered this script.
GITHUB_EVENT_PATH:
The path to the file containing the POST payload of the webhook:
https://help.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners#filesystems-on-github-hosted-runners
GITHUB_WORKSPACE: The shared volume directory where input artifacts are.
DRY_RUN: If true, no failures will surface.
SANITIZER: The sanitizer to use when running fuzzers.
Returns:
0 on success or 1 on failure.
"""
config = config_utils.BuildFuzzersConfig()
if config.dry_run:
# Sets the default return code on error to success.
returncode = 0
else:
# The default return code when an error occurs.
returncode = 1
if not config.workspace:
logging.error('This script needs to be run within Github actions.')
return returncode
if not cifuzz.build_fuzzers(config):
logging.error(
'Error building fuzzers for project %s (commit: %s, pr_ref: %s).',
config.project_name, config.commit_sha, config.pr_ref)
return returncode
out_dir = os.path.join(config.workspace, 'out')
if cifuzz.check_fuzzer_build(out_dir,
sanitizer=config.sanitizer,
allowed_broken_targets_percentage=config.
allowed_broken_targets_percentage):
returncode = 0
return returncode
def test_not_a_valid_fuzzer(self):
"""Checks a directory that exists but does not have fuzzers is False."""
self.assertFalse(cifuzz.check_fuzzer_build(TEST_FILES_PATH))
def test_not_a_valid_fuzz_path(self):
"""Tests that False is returned when a bad path is given."""
self.assertFalse(cifuzz.check_fuzzer_build('not/a/valid/path'))
def test_correct_fuzzer_build(self):
"""Checks check_fuzzer_build function returns True for valid fuzzers."""
test_fuzzer_dir = os.path.join(TEST_FILES_PATH, 'out')
self.assertTrue(cifuzz.check_fuzzer_build(test_fuzzer_dir))
def main():
"""Build OSS-Fuzz project's fuzzers for CI tools.
This script is used to kick off the Github Actions CI tool. It is the
entrypoint of the Dockerfile in this directory. This action can be added to
any OSS-Fuzz project's workflow that uses Github.
Note: The resulting clusterfuzz binaries of this build are placed in
the directory: ${GITHUB_WORKSPACE}/out
Required environment variables:
OSS_FUZZ_PROJECT_NAME: The name of OSS-Fuzz project.
GITHUB_REPOSITORY: The name of the Github repo that called this script.
GITHUB_SHA: The commit SHA that triggered this script.
GITHUB_EVENT_NAME: The name of the hook event that triggered this script.
GITHUB_EVENT_PATH:
The path to the file containing the POST payload of the webhook:
https://help.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners#filesystems-on-github-hosted-runners
GITHUB_WORKSPACE: The shared volume directory where input artifacts are.
DRY_RUN: If true, no failures will surface.
SANITIZER: The sanitizer to use when running fuzzers.
Returns:
0 on success or 1 on failure.
"""
oss_fuzz_project_name = os.getenv('OSS_FUZZ_PROJECT_NAME')
github_repo_name = os.path.basename(os.getenv('GITHUB_REPOSITORY'))
commit_sha = os.getenv('GITHUB_SHA')
event = os.getenv('GITHUB_EVENT_NAME')
workspace = os.getenv('GITHUB_WORKSPACE')
sanitizer = os.getenv('SANITIZER').lower()
project_src_path = get_project_src_path(workspace)
build_integration_path = os.getenv('BUILD_INTEGRATION_PATH')
allowed_broken_targets_percentage = os.getenv(
'ALLOWED_BROKEN_TARGETS_PERCENTAGE')
# Check if failures should not be reported.
dry_run = os.getenv('DRY_RUN').lower() == 'true'
if dry_run:
# Sets the default return code on error to success.
returncode = 0
else:
# The default return code when an error occurs.
returncode = 1
if not workspace:
logging.error('This script needs to be run within Github actions.')
return returncode
if event == 'pull_request':
event_path = os.getenv('GITHUB_EVENT_PATH')
pr_ref = get_pr_ref(event_path)
else:
pr_ref = None
if not cifuzz.build_fuzzers(oss_fuzz_project_name,
github_repo_name,
workspace,
commit_sha=commit_sha,
pr_ref=pr_ref,
sanitizer=sanitizer,
project_src_path=project_src_path,
build_integration_path=build_integration_path):
logging.error(
'Error building fuzzers for project %s (commit: %s, pr_ref: %s).',
oss_fuzz_project_name, commit_sha, pr_ref)
return returncode
out_dir = os.path.join(workspace, 'out')
if cifuzz.check_fuzzer_build(
out_dir,
sanitizer=sanitizer,
allowed_broken_targets_percentage=allowed_broken_targets_percentage
):
returncode = 0
return returncode
def main():
"""Build OSS-Fuzz project's fuzzers for CI tools.
This script is used to kick off the Github Actions CI tool. It is the
entrypoint of the Dockerfile in this directory. This action can be added to
any OSS-Fuzz project's workflow that uses Github.
Note: The resulting clusterfuzz binaries of this build are placed in
the directory: ${GITHUB_WORKSPACE}/out
Required environment variables:
OSS_FUZZ_PROJECT_NAME: The name of OSS-Fuzz project.
GITHUB_REPOSITORY: The name of the Github repo that called this script.
GITHUB_SHA: The commit SHA that triggered this script.
GITHUB_EVENT_NAME: The name of the hook event that triggered this script.
GITHUB_EVENT_PATH:
The path to the file containing the POST payload of the webhook:
https://help.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners#filesystems-on-github-hosted-runners
GITHUB_WORKSPACE: The shared volume directory where input artifacts are.
DRY_RUN: If true, no failures will surface.
SANITIZER: The sanitizer to use when running fuzzers.
Returns:
0 on success or 1 on Failure.
"""
oss_fuzz_project_name = os.environ.get('OSS_FUZZ_PROJECT_NAME')
github_repo_name = os.path.basename(os.environ.get('GITHUB_REPOSITORY'))
commit_sha = os.environ.get('GITHUB_SHA')
event = os.environ.get('GITHUB_EVENT_NAME')
workspace = os.environ.get('GITHUB_WORKSPACE')
sanitizer = os.environ.get('SANITIZER').lower()
# Check if failures should not be reported.
dry_run = (os.environ.get('DRY_RUN').lower() == 'true')
# The default return code when an error occurs.
returncode = 1
if dry_run:
# Sets the default return code on error to success.
returncode = 0
if not workspace:
logging.error(
'This script needs to be run in the Github action context.')
return returncode
if event == 'push' and not cifuzz.build_fuzzers(oss_fuzz_project_name,
github_repo_name,
workspace,
commit_sha=commit_sha,
sanitizer=sanitizer):
logging.error('Error building fuzzers for project %s with commit %s.',
oss_fuzz_project_name, commit_sha)
return returncode
if event == 'pull_request':
with open(os.environ.get('GITHUB_EVENT_PATH'),
encoding='utf-8') as file:
event = json.load(file)
pr_ref = 'refs/pull/{0}/merge'.format(
event['pull_request']['number'])
if not cifuzz.build_fuzzers(oss_fuzz_project_name,
github_repo_name,
workspace,
pr_ref=pr_ref,
sanitizer=sanitizer):
logging.error(
'Error building fuzzers for project %s with pull request %s.',
oss_fuzz_project_name, pr_ref)
return returncode
out_dir = os.path.join(workspace, 'out')
if cifuzz.check_fuzzer_build(out_dir, sanitizer=sanitizer):
return 0
return returncode