def test_get_base_docker_run_args_container(self, _):
"""Tests that get_base_docker_run_args works as intended when inside a
container."""
docker_args, docker_container = docker.get_base_docker_run_args(
WORKSPACE, SANITIZER, LANGUAGE)
self.assertEqual(docker_container, CONTAINER_NAME)
expected_docker_args = []
expected_docker_args = [
'--cap-add',
'SYS_PTRACE',
'-e',
'FUZZING_ENGINE=libfuzzer',
'-e',
'ARCHITECTURE=x86_64',
'-e',
'CIFUZZ=True',
'-e',
f'SANITIZER={SANITIZER}',
'-e',
f'FUZZING_LANGUAGE={LANGUAGE}',
'-e',
f'OUT={WORKSPACE.out}',
'--volumes-from',
CONTAINER_NAME,
]
self.assertEqual(docker_args, expected_docker_args)
def build_fuzzers(self):
"""Moves the source code we want to fuzz into the project builder and builds
the fuzzers from that source code. Returns True on success."""
docker_args, docker_container = docker.get_base_docker_run_args(
self.workspace, self.config.sanitizer, self.config.language,
self.config.architecture, self.config.docker_in_docker)
if not docker_container:
docker_args.extend(
_get_docker_build_fuzzers_args_not_container(
self.host_repo_path))
build_command = self.ci_system.get_build_command(
self.host_repo_path, self.image_repo_path)
docker_args.extend([
docker.get_project_image_name(self.config.oss_fuzz_project_name),
'/bin/bash',
'-c',
build_command,
])
logging.info('Building with %s sanitizer.', self.config.sanitizer)
# TODO(metzman): Stop using helper.docker_run so we can get rid of
# docker.get_base_docker_run_args and merge its contents into
# docker.get_base_docker_run_command.
if not helper.docker_run(docker_args):
logging.error('Building fuzzers failed.')
return False
return True
def check_fuzzer_build(workspace,
sanitizer,
language,
allowed_broken_targets_percentage=None):
"""Checks the integrity of the built fuzzers.
Args:
out_dir: The directory containing the fuzzer binaries.
sanitizer: The sanitizer the fuzzers are built with.
Returns:
True if fuzzers are correct.
"""
if not os.path.exists(workspace.out):
logging.error('Invalid out directory: %s.', workspace.out)
return False
if not os.listdir(workspace.out):
logging.error('No fuzzers found in out directory: %s.', workspace.out)
return False
docker_args, _ = docker.get_base_docker_run_args(workspace, sanitizer,
language)
if allowed_broken_targets_percentage is not None:
docker_args += [
'-e',
('ALLOWED_BROKEN_TARGETS_PERCENTAGE=' +
allowed_broken_targets_percentage)
]
docker_args.extend(['-t', docker.BASE_RUNNER_TAG, 'test_all.py'])
result = helper.docker_run(docker_args)
if not result:
logging.error('Check fuzzer build failed.')
return False
return True
def run_coverage_command(workspace, config):
"""Runs the coverage command in base-runner to generate a coverage report."""
docker_args, _ = docker.get_base_docker_run_args(workspace,
config.sanitizer,
config.language)
docker_args += [
'-e', 'COVERAGE_EXTRA_ARGS=', '-e', 'HTTP_PORT=', '-t',
docker.BASE_RUNNER_TAG, 'coverage'
]
return helper.docker_run(docker_args)
def test_get_base_docker_run_args_no_container(self, _):
"""Tests that get_base_docker_run_args works as intended when not inside a
container."""
docker_args, docker_container = docker.get_base_docker_run_args(
WORKSPACE, SANITIZER, LANGUAGE)
self.assertEqual(docker_container, None)
expected_docker_args = [
'-e', 'FUZZING_ENGINE=libfuzzer', '-e', 'ARCHITECTURE=x86_64',
'-e', 'CIFUZZ=True', '-e', f'SANITIZER={SANITIZER}', '-e',
f'FUZZING_LANGUAGE={LANGUAGE}', '-e', f'OUT={WORKSPACE.out}', '-v',
f'{WORKSPACE.workspace}:{WORKSPACE.workspace}'
]
self.assertEqual(docker_args, expected_docker_args)
def _copy_repo_from_image(self, image_repo_path):
self._make_repo_storage_dir()
repo_name = os.path.basename(image_repo_path)
host_repo_path = os.path.join(self._repo_dir, repo_name)
bash_command = f'cp -r {image_repo_path} {host_repo_path}'
docker_args, _ = docker.get_base_docker_run_args(
self.workspace, self.config.sanitizer, self.config.language,
self.config.docker_in_docker)
docker_args.extend([
docker.get_project_image_name(self.config.oss_fuzz_project_name),
'/bin/bash', '-c', bash_command
])
if not helper.docker_run(docker_args):
raise RuntimeError('Failed to copy repo.')
return repo_manager.RepoManager(host_repo_path)
def check_fuzzer_build(workspace,
sanitizer,
language,
allowed_broken_targets_percentage=None):
"""Checks the integrity of the built fuzzers.
Args:
workspace: The workspace used by CIFuzz.
sanitizer: The sanitizer the fuzzers are built with.
language: The programming language the fuzzers are written in.
allowed_broken_targets_percentage (optional): A custom percentage of broken
targets to allow.
Returns:
True if fuzzers pass OSS-Fuzz's build check.
"""
if not os.path.exists(workspace.out):
logging.error('Invalid out directory: %s.', workspace.out)
return False
if not os.listdir(workspace.out):
logging.error('No fuzzers found in out directory: %s.', workspace.out)
return False
docker_args, _ = docker.get_base_docker_run_args(workspace, sanitizer,
language)
if allowed_broken_targets_percentage is not None:
docker_args += [
'-e',
('ALLOWED_BROKEN_TARGETS_PERCENTAGE=' +
allowed_broken_targets_percentage)
]
docker_args.extend(['-t', docker.BASE_RUNNER_TAG, 'test_all.py'])
result = helper.docker_run(docker_args)
if not result:
logging.error('Check fuzzer build failed.')
return False
return True
def build_fuzzers(self):
"""Moves the source code we want to fuzz into the project builder and builds
the fuzzers from that source code. Returns True on success."""
docker_args, docker_container = docker.get_base_docker_run_args(
self.workspace, self.config.sanitizer, self.config.language)
if not docker_container:
docker_args.extend(
_get_docker_build_fuzzers_args_not_container(
self.host_repo_path))
if self.config.sanitizer == 'memory':
docker_args.extend(
_get_docker_build_fuzzers_args_msan(self.workspace.work))
self.handle_msan_prebuild(docker_container)
docker_args.extend([
docker.get_project_image_name(self.config.project_name),
'/bin/bash',
'-c',
])
rm_path = os.path.join(self.image_repo_path, '*')
image_src_path = os.path.dirname(self.image_repo_path)
bash_command = (f'rm -rf {rm_path} && cp -r {self.host_repo_path} '
f'{image_src_path} && compile')
docker_args.append(bash_command)
logging.info('Building with %s sanitizer.', self.config.sanitizer)
# TODO(metzman): Stop using helper.docker_run so we can get rid of
# docker.get_base_docker_run_args and merge its contents into
# docker.get_base_docker_run_command.
if not helper.docker_run(docker_args):
logging.error('Building fuzzers failed.')
return False
if self.config.sanitizer == 'memory':
self.handle_msan_postbuild(docker_container)
return True
