diff options
Diffstat (limited to '.github/workflows/fuzzing.yml')
-rw-r--r-- | .github/workflows/fuzzing.yml | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml new file mode 100644 index 0000000..a0487c1 --- /dev/null +++ b/.github/workflows/fuzzing.yml @@ -0,0 +1,84 @@ +name: Fuzzing + +on: + # Regression testing + push: + branches: + - v2 + pull_request: + branches: + - v2 + + # Daily midnight fuzzing + schedule: + - cron: '0 0 * * *' + +jobs: + fuzzing: + name: Fuzzing + + strategy: + matrix: + os: [ ubuntu-latest ] + go-version: [ 1.14.x ] + runs-on: ${{ matrix.os }} + + steps: + - name: Install Go + uses: actions/setup-go@v1 + with: + go-version: ${{ matrix.go-version }} + + - name: Checkout code + uses: actions/checkout@v2 + + - name: Download go-fuzz tools and the Fuzzit CLI, move Fuzzit CLI to GOBIN + # If we decide we need to prevent this from running on forks, we can use this line: + # if: github.repository == 'caddyserver/caddy' + run: | + # Install Clang-7.0 because other versions seem to be missing the file libclang_rt.fuzzer-x86_64.a + sudo add-apt-repository "deb http://apt.llvm.org/xenial/ llvm-toolchain-xenial-7 main" + wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add - + sudo apt update && sudo apt install -y clang-7 lldb-7 lld-7 + + go get -v github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-build + wget -q -O fuzzit https://github.com/fuzzitdev/fuzzit/releases/download/v2.4.77/fuzzit_Linux_x86_64 + chmod a+x fuzzit + mv fuzzit $(go env GOPATH)/bin + echo "::add-path::$(go env GOPATH)/bin" + + - name: Generate fuzzers & submit them to Fuzzit + continue-on-error: true + env: + FUZZIT_API_KEY: ${{ secrets.FUZZIT_API_KEY }} + run: | + declare -A fuzzers_funcs=(\ + ["./caddyconfig/httpcaddyfile/addresses_fuzz.go"]="FuzzParseAddress" \ + ["./caddyconfig/caddyfile/parse_fuzz.go"]="FuzzParseCaddyfile" \ + ["./listeners_fuzz.go"]="FuzzParseNetworkAddress" \ + ["./replacer_fuzz.go"]="FuzzReplacer" \ + ) + + declare -A fuzzers_targets=(\ + ["./caddyconfig/httpcaddyfile/addresses_fuzz.go"]="parse-address" \ + ["./caddyconfig/caddyfile/parse_fuzz.go"]="parse-caddyfile" \ + ["./listeners_fuzz.go"]="parse-network-address" \ + ["./replacer_fuzz.go"]="replacer" \ + ) + + fuzz_type="local-regression" + if [[ ${{ github.event_name }} == "schedule" ]]; then + fuzz_type="fuzzing" + fi + echo "Github event: ${{ github.event_name }}" + echo "Fuzzing type: $fuzz_type" + + for f in $(find . -name \*_fuzz.go); do + FUZZER_DIRECTORY=$(dirname $f) + echo "go-fuzz-build func ${fuzzers_funcs[$f]} residing in $f" + go-fuzz-build -func "${fuzzers_funcs[$f]}" -libfuzzer -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.a" $FUZZER_DIRECTORY + echo "Generating fuzzer binary of func ${fuzzers_funcs[$f]} which resides in $f" + clang-7 -fsanitize=fuzzer "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.a" -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}" + fuzzit create job caddyserver/${fuzzers_targets[$f]} $FUZZER_DIRECTORY/${fuzzers_targets[$f]} --api-key ${FUZZIT_API_KEY} --type "${fuzz_type}" --branch "${SYSTEM_PULLREQUEST_SOURCEBRANCH}" --revision "${BUILD_SOURCEVERSION}" + echo "Completed $f" + done |