From 3a3b9e5a57151384696a66ca2cfacbb0475f721d Mon Sep 17 00:00:00 2001 From: Evan Richter Date: Thu, 7 Jul 2022 19:12:23 -0500 Subject: [PATCH] mayhem integration --- .github/workflows/mayhem.yml | 61 +++++++++++++++++++++++++ mayhem/.dockerignore | 3 ++ mayhem/Dockerfile | 25 ++++++++++ mayhem/streaming.mayhemfile | 7 +++ mayhem/unicode-normalization.mayhemfile | 7 +++ 5 files changed, 103 insertions(+) create mode 100644 .github/workflows/mayhem.yml create mode 100644 mayhem/.dockerignore create mode 100644 mayhem/Dockerfile create mode 100644 mayhem/streaming.mayhemfile create mode 100644 mayhem/unicode-normalization.mayhemfile diff --git a/.github/workflows/mayhem.yml b/.github/workflows/mayhem.yml new file mode 100644 index 0000000..ef869c7 --- /dev/null +++ b/.github/workflows/mayhem.yml @@ -0,0 +1,61 @@ +name: Mayhem +on: + push: + pull_request: + workflow_dispatch: + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build: + name: 'build mayhem fuzzing container' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Log in to the Container registry + uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Build and push Docker image + uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc + with: + context: . + file: mayhem/Dockerfile + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + outputs: + image: ${{ steps.meta.outputs.tags }} + + mayhem: + needs: build + name: 'fuzz ${{ matrix.mayhemfile }}' + runs-on: ubuntu-latest + strategy: + matrix: + mayhemfile: + - mayhem/unicode-normalization.mayhemfile + - mayhem/streaming.mayhemfile + + steps: + - uses: actions/checkout@v2 + + - name: Start analysis for ${{ matrix.mayhemfile }} + uses: ForAllSecure/mcode-action@v1 + with: + mayhem-token: ${{ secrets.MAYHEM_TOKEN }} + args: --image ${{ needs.build.outputs.image }} --file ${{ matrix.mayhemfile }} --duration 300 + sarif-output: sarif diff --git a/mayhem/.dockerignore b/mayhem/.dockerignore new file mode 100644 index 0000000..078639e --- /dev/null +++ b/mayhem/.dockerignore @@ -0,0 +1,3 @@ +/target +.git +mayhem/Dockerfile diff --git a/mayhem/Dockerfile b/mayhem/Dockerfile new file mode 100644 index 0000000..0078d7b --- /dev/null +++ b/mayhem/Dockerfile @@ -0,0 +1,25 @@ +# Build Stage +FROM ghcr.io/evanrichter/cargo-fuzz:latest as builder + +## Add source code to the build stage. +ADD . /src +WORKDIR /src + +RUN echo building instrumented harnesses && \ + bash -c "pushd fuzz && cargo +nightly -Z sparse-registry fuzz build && popd" && \ + mv fuzz/target/x86_64-unknown-linux-gnu/release/unicode-normalization /unicode-normalization && \ + mv fuzz/target/x86_64-unknown-linux-gnu/release/streaming /streaming && \ + echo done + +RUN echo building non-instrumented harnesses && \ + export RUSTFLAGS="--cfg fuzzing -Clink-dead-code -Cdebug-assertions -C codegen-units=1" && \ + bash -c "pushd fuzz && cargo +nightly -Z sparse-registry build --release && popd" && \ + mv fuzz/target/release/unicode-normalization /unicode-normalization_no_inst && \ + mv fuzz/target/release/streaming /streaming_no_inst && \ + echo done + +# Package Stage +FROM rustlang/rust:nightly + +COPY --from=builder /unicode-normalization /unicode-normalization_no_inst / +COPY --from=builder /streaming /streaming_no_inst / diff --git a/mayhem/streaming.mayhemfile b/mayhem/streaming.mayhemfile new file mode 100644 index 0000000..42f0f77 --- /dev/null +++ b/mayhem/streaming.mayhemfile @@ -0,0 +1,7 @@ +project: unicode-normalization +target: streaming + +cmds: + - cmd: /streaming + - cmd: /streaming_no_inst @@ + libfuzzer: false diff --git a/mayhem/unicode-normalization.mayhemfile b/mayhem/unicode-normalization.mayhemfile new file mode 100644 index 0000000..2c7ac86 --- /dev/null +++ b/mayhem/unicode-normalization.mayhemfile @@ -0,0 +1,7 @@ +project: unicode-normalization +target: unicode-normalization + +cmds: + - cmd: /unicode-normalization + - cmd: /unicode-normalization_no_inst @@ + libfuzzer: false