.github/workflows/fuzzing.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

name: Fuzzing

on:
  # Daily midnight fuzzing
  schedule:
    - cron: '0 0 * * *'

jobs:
  fuzzing:
    name: Fuzzing

    strategy:
      matrix:
        os: [ ubuntu-latest ]
        go-version: [ 1.14.x ]
    runs-on: ${{ matrix.os }}

    steps:
    - name: Install Go
      uses: actions/setup-go@v1
      with:
        go-version: ${{ matrix.go-version }}

    - name: Checkout code
      uses: actions/checkout@v2

    - name: Download go-fuzz tools and the Fuzzit CLI, move Fuzzit CLI to GOBIN
      # If we decide we need to prevent this from running on forks, we can use this line:
      # if: github.repository == 'caddyserver/caddy'
      run: |

        go get -v github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-build
        wget -q -O fuzzit https://github.com/fuzzitdev/fuzzit/releases/download/v2.4.77/fuzzit_Linux_x86_64
        chmod a+x fuzzit
        mv fuzzit $(go env GOPATH)/bin
        echo "::add-path::$(go env GOPATH)/bin"

    - name: Generate fuzzers & submit them to Fuzzit
      continue-on-error: true
      env:
        FUZZIT_API_KEY: ${{ secrets.FUZZIT_API_KEY }}
        SYSTEM_PULLREQUEST_SOURCEBRANCH: ${{ github.ref }}
        BUILD_SOURCEVERSION: ${{ github.sha }}
      run: |
        # debug
        echo "PR Source Branch: $SYSTEM_PULLREQUEST_SOURCEBRANCH"
        echo "Source version: $BUILD_SOURCEVERSION"

        declare -A fuzzers_funcs=(\
          ["./caddyconfig/httpcaddyfile/addresses_fuzz.go"]="FuzzParseAddress" \
          ["./caddyconfig/caddyfile/parse_fuzz.go"]="FuzzParseCaddyfile" \
          ["./listeners_fuzz.go"]="FuzzParseNetworkAddress" \
          ["./replacer_fuzz.go"]="FuzzReplacer" \
        )

        declare -A fuzzers_targets=(\
          ["./caddyconfig/httpcaddyfile/addresses_fuzz.go"]="parse-address" \
          ["./caddyconfig/caddyfile/parse_fuzz.go"]="parse-caddyfile" \
          ["./listeners_fuzz.go"]="parse-network-address" \
          ["./replacer_fuzz.go"]="replacer" \
        )

        fuzz_type="fuzzing"

        for f in $(find . -name \*_fuzz.go); do
          FUZZER_DIRECTORY=$(dirname "$f")
          
          echo "go-fuzz-build func ${fuzzers_funcs[$f]} residing in $f"
          
          go-fuzz-build -func "${fuzzers_funcs[$f]}" -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.zip" "$FUZZER_DIRECTORY"
          
          fuzzit create job --engine go-fuzz caddyserver/"${fuzzers_targets[$f]}" "$FUZZER_DIRECTORY"/"${fuzzers_targets[$f]}.zip" --api-key "${FUZZIT_API_KEY}" --type "${fuzz_type}" --branch "${SYSTEM_PULLREQUEST_SOURCEBRANCH}" --revision "${BUILD_SOURCEVERSION}"
          
          echo "Completed $f"
        done