def test_generate_blackbox_fuzzers(self):
"""Test generate_blackbox_fuzzers (success)."""
output = "metadata::fuzzer_binary_name: fuzzer_binary_name\n"
self.mock.run.side_effect = functools.partial(_mock_fuzzer_run, output,
4, "corpus_dir")
self.assertTrue(setup.update_fuzzer_and_data_bundles("libFuzzer"))
session = fuzz_task.FuzzingSession("libFuzzer", "job", 1)
session.testcase_directory = "/output"
session.data_directory = "/input"
(
error_occurred,
testcase_file_paths,
sync_corpus_directory,
fuzzer_metadata,
) = session.generate_blackbox_testcases(self.fuzzer,
self.fuzzer_directory, 4)
self.assertEqual(1, len(self.mock.run.call_args_list))
self.assertEqual(("/input", "/output", 4),
self.mock.run.call_args[0][1:])
self.assertFalse(error_occurred)
self.assertItemsEqual(
[
"/output/fuzz-0", "/output/fuzz-1", "/output/fuzz-2",
"/output/fuzz-3"
],
testcase_file_paths,
)
self.assertEqual("corpus_dir", sync_corpus_directory)
self.assertDictEqual({"fuzzer_binary_name": "fuzzer_binary_name"},
fuzzer_metadata)
def test_generate_blackbox_fuzzers(self):
"""Test generate_blackbox_fuzzers (success)."""
output = ('metadata::fuzzer_binary_name: fuzzer_binary_name\n')
self.mock.run.side_effect = functools.partial(_mock_fuzzer_run, output,
4, 'corpus_dir')
self.assertTrue(setup.update_fuzzer_and_data_bundles('libFuzzer'))
session = fuzz_task.FuzzingSession('libFuzzer', 'job', 1)
session.testcase_directory = '/output'
session.data_directory = '/input'
(error_occurred, testcase_file_paths, sync_corpus_directory,
fuzzer_metadata) = session.generate_blackbox_testcases(
self.fuzzer, self.fuzzer_directory, 4)
self.assertEqual(1, len(self.mock.run.call_args_list))
self.assertEqual(('/input', '/output', 4),
self.mock.run.call_args[0][1:])
self.assertFalse(error_occurred)
self.assertItemsEqual([
'/output/fuzz-0',
'/output/fuzz-1',
'/output/fuzz-2',
'/output/fuzz-3',
], testcase_file_paths)
self.assertEqual('corpus_dir', sync_corpus_directory)
self.assertDictEqual({'fuzzer_binary_name': 'fuzzer_binary_name'},
fuzzer_metadata)
def test_run_fuzzer_fail(self):
"""Test run_fuzzer (failure)."""
self.mock.run.side_effect = builtin.BuiltinFuzzerException()
self.assertTrue(setup.update_fuzzer_and_data_bundles('libFuzzer'))
with self.assertRaises(builtin.BuiltinFuzzerException):
fuzz_task.run_fuzzer(self.fuzzer, self.fuzzer_directory, '/output',
'/input', 4)
def execute_task(fuzzer_name_and_revision, job_type):
"""Execute corpus pruning task."""
# TODO(ochang): Remove this once remaining jobs in queue are all processed.
if '@' in fuzzer_name_and_revision:
full_fuzzer_name, revision = fuzzer_name_and_revision.split('@')
revision = revisions.convert_revision_to_integer(revision)
else:
full_fuzzer_name = fuzzer_name_and_revision
revision = 0
fuzz_target = data_handler.get_fuzz_target(full_fuzzer_name)
task_name = 'corpus_pruning_%s_%s' % (full_fuzzer_name, job_type)
# Get status of last execution.
last_execution_metadata = data_handler.get_task_status(task_name)
last_execution_failed = (last_execution_metadata
and last_execution_metadata.status
== data_types.TaskState.ERROR)
# Make sure we're the only instance running for the given fuzzer and
# job_type.
if not data_handler.update_task_status(task_name,
data_types.TaskState.STARTED):
logs.log('A previous corpus pruning task is still running, exiting.')
return
# Setup fuzzer and data bundle.
if not setup.update_fuzzer_and_data_bundles(fuzz_target.engine):
raise CorpusPruningException('Failed to set up fuzzer %s.' %
fuzz_target.engine)
use_minijail = environment.get_value('USE_MINIJAIL')
# TODO(unassigned): Use coverage information for better selection here.
cross_pollinate_fuzzers = _get_cross_pollinate_fuzzers(
fuzz_target.engine, full_fuzzer_name)
context = Context(fuzz_target, cross_pollinate_fuzzers, use_minijail)
# Copy global blacklist into local suppressions file if LSan is enabled.
is_lsan_enabled = environment.get_value('LSAN')
if is_lsan_enabled:
# TODO(ochang): Copy this to untrusted worker.
leak_blacklist.copy_global_to_local_blacklist()
try:
result = do_corpus_pruning(context, last_execution_failed, revision)
_save_coverage_information(context, result)
_process_corpus_crashes(context, result)
except CorpusPruningException as e:
logs.log_error('Corpus pruning failed: %s.' % str(e))
data_handler.update_task_status(task_name, data_types.TaskState.ERROR)
return
finally:
context.cleanup()
data_handler.update_task_status(task_name, data_types.TaskState.FINISHED)
def test_generate_blackbox_fuzzers_fail(self):
"""Test generate_blackbox_fuzzers (failure)."""
self.mock.run.side_effect = builtin.BuiltinFuzzerException()
self.assertTrue(setup.update_fuzzer_and_data_bundles('libFuzzer'))
session = fuzz_task.FuzzingSession('libFuzzer', 'job', 1)
session.testcase_directory = '/output'
session.data_directory = '/input'
with self.assertRaises(builtin.BuiltinFuzzerException):
session.generate_blackbox_testcases(self.fuzzer, self.fuzzer_directory, 4)
def execute_task(full_fuzzer_name, job_type):
"""Execute corpus pruning task."""
fuzz_target = data_handler.get_fuzz_target(full_fuzzer_name)
task_name = 'corpus_pruning_%s_%s' % (full_fuzzer_name, job_type)
revision = 0 # Trunk revision
# Get status of last execution.
last_execution_metadata = data_handler.get_task_status(task_name)
last_execution_failed = (last_execution_metadata
and last_execution_metadata.status
== data_types.TaskState.ERROR)
# Make sure we're the only instance running for the given fuzzer and
# job_type.
if not data_handler.update_task_status(task_name,
data_types.TaskState.STARTED):
logs.log('A previous corpus pruning task is still running, exiting.')
return
# Setup fuzzer and data bundle.
if not setup.update_fuzzer_and_data_bundles(fuzz_target.engine):
raise CorpusPruningException('Failed to set up fuzzer %s.' %
fuzz_target.engine)
cross_pollination_method, tag = choose_cross_pollination_strategy(
full_fuzzer_name)
# TODO(unassigned): Use coverage information for better selection here.
cross_pollinate_fuzzers = _get_cross_pollinate_fuzzers(
fuzz_target.engine, full_fuzzer_name, cross_pollination_method, tag)
context = Context(fuzz_target, cross_pollinate_fuzzers,
cross_pollination_method, tag)
# Copy global blacklist into local suppressions file if LSan is enabled.
is_lsan_enabled = environment.get_value('LSAN')
if is_lsan_enabled:
# TODO(ochang): Copy this to untrusted worker.
leak_blacklist.copy_global_to_local_blacklist()
try:
result = do_corpus_pruning(context, last_execution_failed, revision)
_record_cross_pollination_stats(result.cross_pollination_stats)
_save_coverage_information(context, result)
_process_corpus_crashes(context, result)
except Exception:
logs.log_error('Corpus pruning failed.')
data_handler.update_task_status(task_name, data_types.TaskState.ERROR)
return
finally:
context.cleanup()
data_handler.update_task_status(task_name, data_types.TaskState.FINISHED)
def test_update_fuzzer(self):
"""Test fuzzer setup."""
self.assertTrue(setup.update_fuzzer_and_data_bundles('libFuzzer'))
self.assertEqual(self.fuzzer_directory,
environment.get_value('FUZZER_DIR'))
