diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile new file mode 100644 index 0000000000..424fd8e419 --- /dev/null +++ b/.clusterfuzzlite/Dockerfile @@ -0,0 +1,4 @@ +FROM gcr.io/oss-fuzz-base/base-builder-go +COPY . $SRC/spicedb +WORKDIR $SRC/spicedb +COPY ./.clusterfuzzlite/build.sh $SRC/ diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh new file mode 100644 index 0000000000..d33c155267 --- /dev/null +++ b/.clusterfuzzlite/build.sh @@ -0,0 +1,10 @@ +#!/bin/bash -eu + +go install github.com/AdamKorcz/go-118-fuzz-build@latest +go get github.com/AdamKorcz/go-118-fuzz-build/utils + +# Workaround https://github.com/AdamKorcz/go-118-fuzz-build/issues/2 +mv $SRC/spicedb/pkg/schemadsl/parser/parser_test.go $SRC/spicedb/pkg/schemadsl/parser/parser_test_fuzz.go + +compile_native_go_fuzzer github.com/authzed/spicedb/pkg/schemadsl/parser FuzzParser FuzzParser + diff --git a/.clusterfuzzlite/project.yaml b/.clusterfuzzlite/project.yaml new file mode 100644 index 0000000000..54c8bbd214 --- /dev/null +++ b/.clusterfuzzlite/project.yaml @@ -0,0 +1 @@ +language: "go" diff --git a/.github/workflows/fuzzing.yaml b/.github/workflows/fuzzing.yaml index 0423d2e936..e4bb2bf5c4 100644 --- a/.github/workflows/fuzzing.yaml +++ b/.github/workflows/fuzzing.yaml @@ -1,40 +1,34 @@ -name: "Fuzzing Testing" -on: # yamllint disable-line rule:truthy - push: - branches: - - "!dependabot/*" - - "main" +--- +name: "ClusterFuzzLite PR fuzzing" +on: pull_request: - branches: ["*"] + paths: + - '**' +permissions: "read-all" jobs: fuzz: runs-on: "ubuntu-latest" + concurrency: + group: "${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}" + cancel-in-progress: true + strategy: + fail-fast: false + matrix: + sanitizer: + - "address" steps: - - name: "Build Fuzzers" + - name: "Build Fuzzers (${{ matrix.sanitizer }})" id: "build" - uses: "google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master" + uses: "google/clusterfuzzlite/actions/build_fuzzers@v1" with: - oss-fuzz-project-name: "spicedb" language: "go" - dry-run: "true" - - name: "Run Fuzzers" - uses: "google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master" + github-token: "${{ secrets.GITHUB_TOKEN }}" + sanitizer: "${{ matrix.sanitizer }}" + - name: "Run Fuzzers (${{ matrix.sanitizer }})" + id: "run" + uses: "google/clusterfuzzlite/actions/run_fuzzers@v1" with: - oss-fuzz-project-name: "spicedb" - language: "go" + github-token: "${{ secrets.GITHUB_TOKEN }}" fuzz-seconds: 300 - dry-run: "true" - - name: "Upload Crash" - uses: "actions/upload-artifact@v3" - if: failure() && steps.build.outcome == 'success' - with: - name: "artifacts" - path: "./out/artifacts" - - go-test-fuzz: - name : "go test -fuzz" - runs-on: "ubuntu-latest" - steps: - - uses: "jidicula/go-fuzz-action@v1.2.0" - with: - fuzz-time: 30s \ No newline at end of file + mode: "code-change" + sanitizer: "${{ matrix.sanitizer }}" diff --git a/pkg/schemadsl/parser/fuzz_test.go b/pkg/schemadsl/parser/fuzz_test.go deleted file mode 100644 index 685f75a465..0000000000 --- a/pkg/schemadsl/parser/fuzz_test.go +++ /dev/null @@ -1,13 +0,0 @@ -package parser - -import ( - "testing" - - "github.com/authzed/spicedb/pkg/schemadsl/input" -) - -func FuzzParser(f *testing.F) { - f.Fuzz(func(t *testing.T, path, in string) { - _ = Parse(createAstNode, input.Source(path), in) - }) -} diff --git a/pkg/schemadsl/parser/parser_test.go b/pkg/schemadsl/parser/parser_test.go index f6dbb6ba43..aa5fcf689d 100644 --- a/pkg/schemadsl/parser/parser_test.go +++ b/pkg/schemadsl/parser/parser_test.go @@ -170,3 +170,9 @@ func getParseTree(currentNode *testNode, indentation int) string { return parseTree } + +func FuzzParser(f *testing.F) { + f.Fuzz(func(t *testing.T, path, in string) { + _ = Parse(createAstNode, input.Source(path), in) + }) +}