def test_generate_blackbox_fuzzers(self): """Test generate_blackbox_fuzzers (success).""" output = "metadata::fuzzer_binary_name: fuzzer_binary_name\n" self.mock.run.side_effect = functools.partial(_mock_fuzzer_run, output, 4, "corpus_dir") self.assertTrue(setup.update_fuzzer_and_data_bundles("libFuzzer")) session = fuzz_task.FuzzingSession("libFuzzer", "job", 1) session.testcase_directory = "/output" session.data_directory = "/input" ( error_occurred, testcase_file_paths, sync_corpus_directory, fuzzer_metadata, ) = session.generate_blackbox_testcases(self.fuzzer, self.fuzzer_directory, 4) self.assertEqual(1, len(self.mock.run.call_args_list)) self.assertEqual(("/input", "/output", 4), self.mock.run.call_args[0][1:]) self.assertFalse(error_occurred) self.assertItemsEqual( [ "/output/fuzz-0", "/output/fuzz-1", "/output/fuzz-2", "/output/fuzz-3" ], testcase_file_paths, ) self.assertEqual("corpus_dir", sync_corpus_directory) self.assertDictEqual({"fuzzer_binary_name": "fuzzer_binary_name"}, fuzzer_metadata)
def test_generate_blackbox_fuzzers(self): """Test generate_blackbox_fuzzers (success).""" output = ('metadata::fuzzer_binary_name: fuzzer_binary_name\n') self.mock.run.side_effect = functools.partial(_mock_fuzzer_run, output, 4, 'corpus_dir') self.assertTrue(setup.update_fuzzer_and_data_bundles('libFuzzer')) session = fuzz_task.FuzzingSession('libFuzzer', 'job', 1) session.testcase_directory = '/output' session.data_directory = '/input' (error_occurred, testcase_file_paths, sync_corpus_directory, fuzzer_metadata) = session.generate_blackbox_testcases( self.fuzzer, self.fuzzer_directory, 4) self.assertEqual(1, len(self.mock.run.call_args_list)) self.assertEqual(('/input', '/output', 4), self.mock.run.call_args[0][1:]) self.assertFalse(error_occurred) self.assertItemsEqual([ '/output/fuzz-0', '/output/fuzz-1', '/output/fuzz-2', '/output/fuzz-3', ], testcase_file_paths) self.assertEqual('corpus_dir', sync_corpus_directory) self.assertDictEqual({'fuzzer_binary_name': 'fuzzer_binary_name'}, fuzzer_metadata)
def test_run_fuzzer_fail(self): """Test run_fuzzer (failure).""" self.mock.run.side_effect = builtin.BuiltinFuzzerException() self.assertTrue(setup.update_fuzzer_and_data_bundles('libFuzzer')) with self.assertRaises(builtin.BuiltinFuzzerException): fuzz_task.run_fuzzer(self.fuzzer, self.fuzzer_directory, '/output', '/input', 4)
def execute_task(fuzzer_name_and_revision, job_type): """Execute corpus pruning task.""" # TODO(ochang): Remove this once remaining jobs in queue are all processed. if '@' in fuzzer_name_and_revision: full_fuzzer_name, revision = fuzzer_name_and_revision.split('@') revision = revisions.convert_revision_to_integer(revision) else: full_fuzzer_name = fuzzer_name_and_revision revision = 0 fuzz_target = data_handler.get_fuzz_target(full_fuzzer_name) task_name = 'corpus_pruning_%s_%s' % (full_fuzzer_name, job_type) # Get status of last execution. last_execution_metadata = data_handler.get_task_status(task_name) last_execution_failed = (last_execution_metadata and last_execution_metadata.status == data_types.TaskState.ERROR) # Make sure we're the only instance running for the given fuzzer and # job_type. if not data_handler.update_task_status(task_name, data_types.TaskState.STARTED): logs.log('A previous corpus pruning task is still running, exiting.') return # Setup fuzzer and data bundle. if not setup.update_fuzzer_and_data_bundles(fuzz_target.engine): raise CorpusPruningException('Failed to set up fuzzer %s.' % fuzz_target.engine) use_minijail = environment.get_value('USE_MINIJAIL') # TODO(unassigned): Use coverage information for better selection here. cross_pollinate_fuzzers = _get_cross_pollinate_fuzzers( fuzz_target.engine, full_fuzzer_name) context = Context(fuzz_target, cross_pollinate_fuzzers, use_minijail) # Copy global blacklist into local suppressions file if LSan is enabled. is_lsan_enabled = environment.get_value('LSAN') if is_lsan_enabled: # TODO(ochang): Copy this to untrusted worker. leak_blacklist.copy_global_to_local_blacklist() try: result = do_corpus_pruning(context, last_execution_failed, revision) _save_coverage_information(context, result) _process_corpus_crashes(context, result) except CorpusPruningException as e: logs.log_error('Corpus pruning failed: %s.' % str(e)) data_handler.update_task_status(task_name, data_types.TaskState.ERROR) return finally: context.cleanup() data_handler.update_task_status(task_name, data_types.TaskState.FINISHED)
def test_generate_blackbox_fuzzers_fail(self): """Test generate_blackbox_fuzzers (failure).""" self.mock.run.side_effect = builtin.BuiltinFuzzerException() self.assertTrue(setup.update_fuzzer_and_data_bundles('libFuzzer')) session = fuzz_task.FuzzingSession('libFuzzer', 'job', 1) session.testcase_directory = '/output' session.data_directory = '/input' with self.assertRaises(builtin.BuiltinFuzzerException): session.generate_blackbox_testcases(self.fuzzer, self.fuzzer_directory, 4)
def execute_task(full_fuzzer_name, job_type): """Execute corpus pruning task.""" fuzz_target = data_handler.get_fuzz_target(full_fuzzer_name) task_name = 'corpus_pruning_%s_%s' % (full_fuzzer_name, job_type) revision = 0 # Trunk revision # Get status of last execution. last_execution_metadata = data_handler.get_task_status(task_name) last_execution_failed = (last_execution_metadata and last_execution_metadata.status == data_types.TaskState.ERROR) # Make sure we're the only instance running for the given fuzzer and # job_type. if not data_handler.update_task_status(task_name, data_types.TaskState.STARTED): logs.log('A previous corpus pruning task is still running, exiting.') return # Setup fuzzer and data bundle. if not setup.update_fuzzer_and_data_bundles(fuzz_target.engine): raise CorpusPruningException('Failed to set up fuzzer %s.' % fuzz_target.engine) cross_pollination_method, tag = choose_cross_pollination_strategy( full_fuzzer_name) # TODO(unassigned): Use coverage information for better selection here. cross_pollinate_fuzzers = _get_cross_pollinate_fuzzers( fuzz_target.engine, full_fuzzer_name, cross_pollination_method, tag) context = Context(fuzz_target, cross_pollinate_fuzzers, cross_pollination_method, tag) # Copy global blacklist into local suppressions file if LSan is enabled. is_lsan_enabled = environment.get_value('LSAN') if is_lsan_enabled: # TODO(ochang): Copy this to untrusted worker. leak_blacklist.copy_global_to_local_blacklist() try: result = do_corpus_pruning(context, last_execution_failed, revision) _record_cross_pollination_stats(result.cross_pollination_stats) _save_coverage_information(context, result) _process_corpus_crashes(context, result) except Exception: logs.log_error('Corpus pruning failed.') data_handler.update_task_status(task_name, data_types.TaskState.ERROR) return finally: context.cleanup() data_handler.update_task_status(task_name, data_types.TaskState.FINISHED)
def test_update_fuzzer(self): """Test fuzzer setup.""" self.assertTrue(setup.update_fuzzer_and_data_bundles('libFuzzer')) self.assertEqual(self.fuzzer_directory, environment.get_value('FUZZER_DIR'))