diff options
author | Mohammed Al Sahaf <[email protected]> | 2019-10-28 20:45:55 +0300 |
---|---|---|
committer | GitHub <[email protected]> | 2019-10-28 20:45:55 +0300 |
commit | 6c533558a3db4b30a6b7a81d19ac180fe2000ca2 (patch) | |
tree | a74814c0725e4657e167f9df7817389ca24ac42d | |
parent | 2fbe2ff40be616712cf4edaac286629add268e0a (diff) | |
download | caddy-6c533558a3db4b30a6b7a81d19ac180fe2000ca2.tar.gz caddy-6c533558a3db4b30a6b7a81d19ac180fe2000ca2.zip |
fuzz-ci: fix & enhance fuzzing process (#2835)
* fuzz-ci: fix the authentication call for fuzzit by using the --api-key flag rather than the `auth` command
* Allow fuzzing on schedules as well as non-fork PRs
Closes #2710
-rw-r--r-- | azure-pipelines.yml | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 58ce4f0d1..de81333c6 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -157,9 +157,9 @@ jobs: displayName: Coerce correct build result - job: fuzzing - displayName: 'Scheduled Fuzzing' - # Only run this job on schedules, not PRs. - condition: eq(variables['Build.Reason'], 'Schedule') + displayName: 'Fuzzing' + # Only run this job on schedules or PRs for non-forks. + condition: or(eq(variables['System.PullRequest.IsFork'], 'False'), eq(variables['Build.Reason'], 'Schedule') ) strategy: matrix: linux: @@ -192,10 +192,10 @@ jobs: displayName: Install Go on Linux - bash: | - # Install Clang - sudo add-apt-repository "deb http://apt.llvm.org/xenial/ llvm-toolchain-xenial main" + # Install Clang-7.0 because other versions seem to be missing the file libclang_rt.fuzzer-x86_64.a + sudo add-apt-repository "deb http://apt.llvm.org/xenial/ llvm-toolchain-xenial-7 main" wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add - - sudo apt update && sudo apt install -y clang lldb lld + sudo apt update && sudo apt install -y clang-7 lldb-7 lld-7 go get -v github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-build wget -q -O fuzzit https://github.com/fuzzitdev/fuzzit/releases/download/v2.4.74/fuzzit_Linux_x86_64 @@ -204,12 +204,6 @@ jobs: displayName: Download go-fuzz tools and the Fuzzit CLI, and move Fuzzit CLI to GOBIN condition: and(eq(variables['System.PullRequest.IsFork'], 'False') , eq( variables['Agent.OS'], 'Linux' )) - - script: fuzzit auth ${FUZZIT_API_KEY} - condition: and(eq(variables['System.PullRequest.IsFork'], 'False') , eq( variables['Agent.OS'], 'Linux' )) - displayName: Authenticate with Fuzzit - env: - FUZZIT_API_KEY: $(FUZZIT_API_KEY) - - bash: | declare -A fuzzers_funcs=(\ ["./admin_fuzz.go"]="FuzzAdmin" \ @@ -228,16 +222,22 @@ jobs: ["./listeners_fuzz.go"]="parse-listen-addr" \ ["./replacer_fuzz.go"]="replacer" \ ) - fuzz_type="fuzzing" + + fuzz_type="regression" + if [[ $(Build.Reason) == "Schedule" ]]; then + fuzz_type="fuzzing" + fi for f in $(find . -name \*_fuzz.go); do FUZZER_DIRECTORY=$(dirname $f) echo "go-fuzz-build func ${fuzzers_funcs[$f]} residing in $f" go-fuzz-build -func "${fuzzers_funcs[$f]}" -libfuzzer -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.a" $FUZZER_DIRECTORY echo "Generating fuzzer binary of func ${fuzzers_funcs[$f]} which resides in $f" - clang -fsanitize=fuzzer "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.a" -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.fuzzer" - fuzzit create job --type "${fuzz_type}" --branch "${SYSTEM_PULLREQUEST_SOURCEBRANCH}" --revision "${BUILD_SOURCEVERSION}" caddyserver/${fuzzers_targets[$f]} $FUZZER_DIRECTORY/${fuzzers_targets[$f]}.fuzzer + clang-7 -fsanitize=fuzzer "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.a" -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}" + fuzzit create job caddyserver/${fuzzers_targets[$f]} $FUZZER_DIRECTORY/${fuzzers_targets[$f]} --api-key ${FUZZIT_API_KEY} --type "${fuzz_type}" --branch "${SYSTEM_PULLREQUEST_SOURCEBRANCH}" --revision "${BUILD_SOURCEVERSION}" echo "Completed $f" done + env: + FUZZIT_API_KEY: $(FUZZIT_API_KEY) workingDirectory: '$(modulePath)' displayName: Generate fuzzers & submit them to Fuzzit |