Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🌱 Combine fuzzing probes #3877

Merged
merged 17 commits into from
Mar 11, 2024
Merged

🌱 Combine fuzzing probes #3877

merged 17 commits into from
Mar 11, 2024

Conversation

spencerschrock
Copy link
Member

@spencerschrock spencerschrock commented Feb 16, 2024
edited
Loading

What kind of change does this PR introduce?

refactor

What is the current behavior?

Each fuzzing tool has its own probe

What is the new behavior (if this is a feature change)?**

There's only one fuzzing probe, and a "tool" value specifies which tool is used.

  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

Related to #3824

Special notes for your reviewer

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to
the release-note

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

The Fuzzing probes have been combined into a single probe. The various tools are specified by the "tool" value.

@spencerschrock
single fuzz probe boilerplate
9d43934 
Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock
initial implementation
f24137f 
Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock
connect fuzzing probe to eval code
89eadb0 
Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock
include fuzzer name as tool
9e8fea6 
Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock
connect to probes flag
64e465e 
Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock
remove old probes from list
81d2b76 
Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock
remove old probes
6de2ef9 
Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock
fix failing test
8d06ab1 
Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock
add tool value to test
8fcf7dd 
Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock
Copy link
Member Author

Still have a couple TODOs, especially around remediation and supported tools so still a draft.

I know there has been discussion about continuous fuzzing in the past being different than the fuzzing libraries. While this PR combines everything into one probe, I don't think this limits the introduction of a continuous fuzzing probe in the future.

For example:
fuzzed is just a simple "is this fuzzed"
and maybe we add fuzzedContinuously later, and OSS-Fuzz would be reported by both.

@codecov Codecov
Copy link

codecov bot commented Feb 16, 2024
edited
Loading

Codecov Report

Merging #3877 (b5b3547) into main (e1f5483) will decrease coverage by 6.61%.
The diff coverage is 80.95%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3877      +/-   ##
==========================================
- Coverage   75.07%   68.46%   -6.61%     
==========================================
  Files         234      222      -12     
  Lines       15881    15807      -74     
==========================================
- Hits        11922    10823    -1099     
- Misses       3196     4289    +1093     
+ Partials      763      695      -68

@spencerschrock
add fuzz tool helper
e1eceeb 
Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock
specify supported tools
1c91132 
Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock
update e2e test
d2b04a7 
Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock
check for no raw data
d20a90c 
Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock
add basic tests
1a1fd8a 
Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock
add test to ensure fuzzer location is propagated
2eaf3b0 
Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock spencerschrock marked this pull request as ready for review February 26, 2024 21:29
@spencerschrock spencerschrock requested a review from a team as a code owner February 26, 2024 21:29
@spencerschrock spencerschrock requested review from justaugustus and raghavkaul and removed request for a team February 26, 2024 21:29
@spencerschrock
Copy link
Member Author

/scdiff generate Fuzzing

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 6, 2024

Here's a link to the scdiff run

@spencerschrock spencerschrock enabled auto-merge (squash) March 11, 2024 02:42
@spencerschrock spencerschrock merged commit f1e703f into ossf:main Mar 11, 2024
38 checks passed
@spencerschrock spencerschrock deleted the fuzzing-combine-probes branch March 11, 2024 02:50
fhoeborn pushed a commit to fhoeborn/scorecard that referenced this pull request Apr 1, 2024
@spencerschrock @fhoeborn
🌱 Combine fuzzing probes (ossf#3877)
0bd47a8 
* single fuzz probe boilerplate

Signed-off-by: Spencer Schrock <[email protected]>

* initial implementation

Signed-off-by: Spencer Schrock <[email protected]>

* connect fuzzing probe to eval code

Signed-off-by: Spencer Schrock <[email protected]>

* include fuzzer name as tool

Signed-off-by: Spencer Schrock <[email protected]>

* connect to probes flag

Signed-off-by: Spencer Schrock <[email protected]>

* remove old probes from list

Signed-off-by: Spencer Schrock <[email protected]>

* remove old probes

Signed-off-by: Spencer Schrock <[email protected]>

* fix failing test

Signed-off-by: Spencer Schrock <[email protected]>

* add tool value to test

Signed-off-by: Spencer Schrock <[email protected]>

* add fuzz tool helper

Signed-off-by: Spencer Schrock <[email protected]>

* specify supported tools

Signed-off-by: Spencer Schrock <[email protected]>

* update e2e test

Signed-off-by: Spencer Schrock <[email protected]>

* check for no raw data

Signed-off-by: Spencer Schrock <[email protected]>

* add basic tests

Signed-off-by: Spencer Schrock <[email protected]>

* add test to ensure fuzzer location is propagated

Signed-off-by: Spencer Schrock <[email protected]>

* expand detailed tests to include other info like tool value

Signed-off-by: Spencer Schrock <[email protected]>

---------

Signed-off-by: Spencer Schrock <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@laurentsimon laurentsimon laurentsimon approved these changes

@justaugustus justaugustus Awaiting requested review from justaugustus justaugustus is a code owner automatically assigned from ossf/scorecard-maintainers

@raghavkaul raghavkaul Awaiting requested review from raghavkaul raghavkaul is a code owner automatically assigned from ossf/scorecard-maintainers

Assignees
No one assigned
Labels
None yet
Projects
Scorecard - NEW
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@spencerschrock @laurentsimon