def test_get_base_docker_run_args_container(self, _): """Tests that get_base_docker_run_args works as intended when inside a container.""" docker_args, docker_container = docker.get_base_docker_run_args( WORKSPACE, SANITIZER, LANGUAGE) self.assertEqual(docker_container, CONTAINER_NAME) expected_docker_args = [] expected_docker_args = [ '--cap-add', 'SYS_PTRACE', '-e', 'FUZZING_ENGINE=libfuzzer', '-e', 'ARCHITECTURE=x86_64', '-e', 'CIFUZZ=True', '-e', f'SANITIZER={SANITIZER}', '-e', f'FUZZING_LANGUAGE={LANGUAGE}', '-e', f'OUT={WORKSPACE.out}', '--volumes-from', CONTAINER_NAME, ] self.assertEqual(docker_args, expected_docker_args)
def build_fuzzers(self): """Moves the source code we want to fuzz into the project builder and builds the fuzzers from that source code. Returns True on success.""" docker_args, docker_container = docker.get_base_docker_run_args( self.workspace, self.config.sanitizer, self.config.language, self.config.architecture, self.config.docker_in_docker) if not docker_container: docker_args.extend( _get_docker_build_fuzzers_args_not_container( self.host_repo_path)) build_command = self.ci_system.get_build_command( self.host_repo_path, self.image_repo_path) docker_args.extend([ docker.get_project_image_name(self.config.oss_fuzz_project_name), '/bin/bash', '-c', build_command, ]) logging.info('Building with %s sanitizer.', self.config.sanitizer) # TODO(metzman): Stop using helper.docker_run so we can get rid of # docker.get_base_docker_run_args and merge its contents into # docker.get_base_docker_run_command. if not helper.docker_run(docker_args): logging.error('Building fuzzers failed.') return False return True
def check_fuzzer_build(workspace, sanitizer, language, allowed_broken_targets_percentage=None): """Checks the integrity of the built fuzzers. Args: out_dir: The directory containing the fuzzer binaries. sanitizer: The sanitizer the fuzzers are built with. Returns: True if fuzzers are correct. """ if not os.path.exists(workspace.out): logging.error('Invalid out directory: %s.', workspace.out) return False if not os.listdir(workspace.out): logging.error('No fuzzers found in out directory: %s.', workspace.out) return False docker_args, _ = docker.get_base_docker_run_args(workspace, sanitizer, language) if allowed_broken_targets_percentage is not None: docker_args += [ '-e', ('ALLOWED_BROKEN_TARGETS_PERCENTAGE=' + allowed_broken_targets_percentage) ] docker_args.extend(['-t', docker.BASE_RUNNER_TAG, 'test_all.py']) result = helper.docker_run(docker_args) if not result: logging.error('Check fuzzer build failed.') return False return True
def run_coverage_command(workspace, config): """Runs the coverage command in base-runner to generate a coverage report.""" docker_args, _ = docker.get_base_docker_run_args(workspace, config.sanitizer, config.language) docker_args += [ '-e', 'COVERAGE_EXTRA_ARGS=', '-e', 'HTTP_PORT=', '-t', docker.BASE_RUNNER_TAG, 'coverage' ] return helper.docker_run(docker_args)
def test_get_base_docker_run_args_no_container(self, _): """Tests that get_base_docker_run_args works as intended when not inside a container.""" docker_args, docker_container = docker.get_base_docker_run_args( WORKSPACE, SANITIZER, LANGUAGE) self.assertEqual(docker_container, None) expected_docker_args = [ '-e', 'FUZZING_ENGINE=libfuzzer', '-e', 'ARCHITECTURE=x86_64', '-e', 'CIFUZZ=True', '-e', f'SANITIZER={SANITIZER}', '-e', f'FUZZING_LANGUAGE={LANGUAGE}', '-e', f'OUT={WORKSPACE.out}', '-v', f'{WORKSPACE.workspace}:{WORKSPACE.workspace}' ] self.assertEqual(docker_args, expected_docker_args)
def _copy_repo_from_image(self, image_repo_path): self._make_repo_storage_dir() repo_name = os.path.basename(image_repo_path) host_repo_path = os.path.join(self._repo_dir, repo_name) bash_command = f'cp -r {image_repo_path} {host_repo_path}' docker_args, _ = docker.get_base_docker_run_args( self.workspace, self.config.sanitizer, self.config.language, self.config.docker_in_docker) docker_args.extend([ docker.get_project_image_name(self.config.oss_fuzz_project_name), '/bin/bash', '-c', bash_command ]) if not helper.docker_run(docker_args): raise RuntimeError('Failed to copy repo.') return repo_manager.RepoManager(host_repo_path)
def check_fuzzer_build(workspace, sanitizer, language, allowed_broken_targets_percentage=None): """Checks the integrity of the built fuzzers. Args: workspace: The workspace used by CIFuzz. sanitizer: The sanitizer the fuzzers are built with. language: The programming language the fuzzers are written in. allowed_broken_targets_percentage (optional): A custom percentage of broken targets to allow. Returns: True if fuzzers pass OSS-Fuzz's build check. """ if not os.path.exists(workspace.out): logging.error('Invalid out directory: %s.', workspace.out) return False if not os.listdir(workspace.out): logging.error('No fuzzers found in out directory: %s.', workspace.out) return False docker_args, _ = docker.get_base_docker_run_args(workspace, sanitizer, language) if allowed_broken_targets_percentage is not None: docker_args += [ '-e', ('ALLOWED_BROKEN_TARGETS_PERCENTAGE=' + allowed_broken_targets_percentage) ] docker_args.extend(['-t', docker.BASE_RUNNER_TAG, 'test_all.py']) result = helper.docker_run(docker_args) if not result: logging.error('Check fuzzer build failed.') return False return True
def build_fuzzers(self): """Moves the source code we want to fuzz into the project builder and builds the fuzzers from that source code. Returns True on success.""" docker_args, docker_container = docker.get_base_docker_run_args( self.workspace, self.config.sanitizer, self.config.language) if not docker_container: docker_args.extend( _get_docker_build_fuzzers_args_not_container( self.host_repo_path)) if self.config.sanitizer == 'memory': docker_args.extend( _get_docker_build_fuzzers_args_msan(self.workspace.work)) self.handle_msan_prebuild(docker_container) docker_args.extend([ docker.get_project_image_name(self.config.project_name), '/bin/bash', '-c', ]) rm_path = os.path.join(self.image_repo_path, '*') image_src_path = os.path.dirname(self.image_repo_path) bash_command = (f'rm -rf {rm_path} && cp -r {self.host_repo_path} ' f'{image_src_path} && compile') docker_args.append(bash_command) logging.info('Building with %s sanitizer.', self.config.sanitizer) # TODO(metzman): Stop using helper.docker_run so we can get rid of # docker.get_base_docker_run_args and merge its contents into # docker.get_base_docker_run_command. if not helper.docker_run(docker_args): logging.error('Building fuzzers failed.') return False if self.config.sanitizer == 'memory': self.handle_msan_postbuild(docker_container) return True