From 5bc43a6f65180cb003605349c9e2fdadc702d2c8 Mon Sep 17 00:00:00 2001 From: Norbert Schneider Date: Mon, 29 Jan 2024 11:18:16 +0100 Subject: [PATCH] Remove cifuzz references --- .github/workflows/fuzzing-featured.yaml | 105 ------------------ .github/workflows/fuzzing.yaml | 97 ---------------- README.md | 8 -- docs/common.md | 2 +- docs/junit-integration.md | 2 +- .../jazzer/junit/FuzzTestExecutor.java | 3 +- 6 files changed, 3 insertions(+), 214 deletions(-) delete mode 100644 .github/workflows/fuzzing-featured.yaml delete mode 100644 .github/workflows/fuzzing.yaml diff --git a/.github/workflows/fuzzing-featured.yaml b/.github/workflows/fuzzing-featured.yaml deleted file mode 100644 index 77d2cf691..000000000 --- a/.github/workflows/fuzzing-featured.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# This file exists over using one workflow and a matrix because matrices don't give you an easy way to use different -# secrets. The way that exists, having the secret's key name be a value, only works within `with` and not in `env` -# blocks (see https://github.com/orgs/community/discussions/26302#discussioncomment-3905492). This is a problem because -# we need to load the secret in `env` in order to check that it's there, so we can know if we want to run the fuzzing -# job. And we need _that_ because any PRs that come in from forks may not have these secrets defined and thus would -# cause our CI to fail if we let the steps run. - -name: CI Fuzz Featured Project -# Set an action secret called "FEATURED_CI_FUZZ_API_TOKEN" with an API token -# generated in CI Fuzz web interface. - - -on: - workflow_dispatch: - push: - branches: [ main ] - pull_request: - branches: [ main ] - -env: - PROJECT_NAME: projects/Jazzer-2bd02dc5 - # The fuzzing server gRPC URL. - FUZZING_SERVER_ADDRESS: grpc.code-intelligence.com:443 - # The fuzzing server HTTP URL. - WEB_APP_ADDRESS: https://app.code-intelligence.com - # Directory in which the repository will be cloned. - CHECKOUT_DIR: checkout-dir/ - CIFUZZ_DOWNLOAD_URL: "https://github.com/CodeIntelligenceTesting/cifuzz/releases/latest/download/cifuzz_installer_linux_amd64" - CIFUZZ_INSTALL_DIR: ./cifuzz - FUZZING_ARTIFACT: fuzzing-artifact.tar.gz -jobs: - setup: - runs-on: ubuntu-latest - # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets - env: - ci_fuzz_token: ${{ secrets.FEATURED_CI_FUZZ_API_TOKEN }} - steps: - - id: checkout - name: Checkout Repository - uses: actions/checkout@v3 - with: - path: ${{ env.CHECKOUT_DIR }} - - id: install-cifuzz - name: Install cifuzz - run: | - curl --fail --silent --show-error --location -o cifuzz_installer "$CIFUZZ_DOWNLOAD_URL" - chmod u+x cifuzz_installer - ./cifuzz_installer --install-dir $CIFUZZ_INSTALL_DIR - - - name: Set Build Buddy config - run: $CHECKOUT_DIR/.github/scripts/echoBuildBuddyConfig.sh ${{ secrets.BUILDBUDDY_API_KEY }} >> $GITHUB_ENV - shell: bash - - id: build-jazzer - name: Build Jazzer deps - run: cd $CHECKOUT_DIR && bazel build //deploy:jazzer-junit-project //deploy:jazzer-project //deploy:jazzer-api-project //selffuzz:jazzer_selffuzz //selffuzz:jazzer_api_selffuzz - - - id: build-fuzzers - name: Build Fuzzers - run: | - export cifuzz_DIR="$GITHUB_WORKSPACE/$CIFUZZ_INSTALL_DIR/share/cmake" - cd $CHECKOUT_DIR/selffuzz/ - $GITHUB_WORKSPACE/$CIFUZZ_INSTALL_DIR/bin/cifuzz bundle \ - --commit $GITHUB_SHA \ - --branch $GITHUB_REF_NAME \ - --output $GITHUB_WORKSPACE/$CHECKOUT_DIR/$FUZZING_ARTIFACT - shell: "bash" - - id: start-fuzzing - name: Start Fuzzing - uses: CodeIntelligenceTesting/github-actions/start-fuzzing@v5 - if: ${{ env.ci_fuzz_token != '' }} - with: - ci_fuzz_api_token: ${{ secrets.FEATURED_CI_FUZZ_API_TOKEN }} - fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }} - fuzzing_artifact: ${{ env.CHECKOUT_DIR }}/${{ env.FUZZING_ARTIFACT }} - checkout_directory: ${{ env.CHECKOUT_DIR }}/selffuzz - project: ${{ env.PROJECT_NAME }} - - id: monitor-fuzzing - name: Fuzzing - uses: CodeIntelligenceTesting/github-actions/monitor-fuzzing@v5 - if: ${{ env.ci_fuzz_token != '' }} - with: - ci_fuzz_api_token: ${{ secrets.FEATURED_CI_FUZZ_API_TOKEN }} - test_collection_run: ${{ steps.start-fuzzing.outputs.test_collection_run }} - fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }} - dashboard_address: ${{ env.WEB_APP_ADDRESS }} - project: ${{ env.PROJECT_NAME }} - - id: save-results - name: Save Fuzz Test Results - uses: CodeIntelligenceTesting/github-actions/save-results@v5 - if: ${{ env.ci_fuzz_token != '' && (success() || failure()) }} - with: - ci_fuzz_api_token: ${{ secrets.FEATURED_CI_FUZZ_API_TOKEN }} - test_collection_run: ${{ steps.start-fuzzing.outputs.test_collection_run }} - fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }} - dashboard_address: ${{ env.WEB_APP_ADDRESS }} - project: ${{ env.PROJECT_NAME }} - - id: upload-artifact - uses: actions/upload-artifact@v3 - if: ${{ env.ci_fuzz_token != '' && (success() || failure()) }} - with: - name: ci_fuzz_results-featured - path: | - findings.json - coverage.json - web_app_address.txt diff --git a/.github/workflows/fuzzing.yaml b/.github/workflows/fuzzing.yaml deleted file mode 100644 index 239dd597b..000000000 --- a/.github/workflows/fuzzing.yaml +++ /dev/null @@ -1,97 +0,0 @@ -name: CI Fuzz -# Set an action secret called "CI_FUZZ_API_TOKEN" with an API token -# generated in CI Fuzz web interface. - -on: - workflow_dispatch: - push: - branches: [ main ] - pull_request: - branches: [ main ] - -env: - PROJECT_NAME: projects/Jazzer-39e8ed3a - # The fuzzing server gRPC URL. - FUZZING_SERVER_ADDRESS: grpc.code-intelligence.com:443 - # The fuzzing server HTTP URL. - WEB_APP_ADDRESS: https://app.code-intelligence.com - # Directory in which the repository will be cloned. - CHECKOUT_DIR: checkout-dir/ - CIFUZZ_DOWNLOAD_URL: "https://github.com/CodeIntelligenceTesting/cifuzz/releases/latest/download/cifuzz_installer_linux_amd64" - CIFUZZ_INSTALL_DIR: ./cifuzz - FUZZING_ARTIFACT: fuzzing-artifact.tar.gz -jobs: - setup: - runs-on: ubuntu-latest - # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets - env: - ci_fuzz_token: ${{ secrets.CI_FUZZ_API_TOKEN }} - steps: - - id: checkout - name: Checkout Repository - uses: actions/checkout@v3 - with: - path: ${{ env.CHECKOUT_DIR }} - - id: install-cifuzz - name: Install cifuzz - run: | - curl --fail --silent --show-error --location -o cifuzz_installer "$CIFUZZ_DOWNLOAD_URL" - chmod u+x cifuzz_installer - ./cifuzz_installer --install-dir $CIFUZZ_INSTALL_DIR - - - name: Set Build Buddy config - run: $CHECKOUT_DIR/.github/scripts/echoBuildBuddyConfig.sh ${{ secrets.BUILDBUDDY_API_KEY }} >> $GITHUB_ENV - shell: bash - - id: build-jazzer - name: Build Jazzer deps - run: cd $CHECKOUT_DIR && bazel build //deploy:jazzer-junit-project //deploy:jazzer-project //deploy:jazzer-api-project //selffuzz:jazzer_selffuzz //selffuzz:jazzer_api_selffuzz - - - id: build-fuzzers - name: Build Fuzzers - run: | - export cifuzz_DIR="$GITHUB_WORKSPACE/$CIFUZZ_INSTALL_DIR/share/cmake" - cd $CHECKOUT_DIR/selffuzz/ - $GITHUB_WORKSPACE/$CIFUZZ_INSTALL_DIR/bin/cifuzz bundle \ - --commit $GITHUB_SHA \ - --branch $GITHUB_REF_NAME \ - --output $GITHUB_WORKSPACE/$CHECKOUT_DIR/$FUZZING_ARTIFACT - shell: "bash" - - id: start-fuzzing - name: Start Fuzzing - uses: CodeIntelligenceTesting/github-actions/start-fuzzing@v5 - if: ${{ env.ci_fuzz_token != '' }} - with: - ci_fuzz_api_token: ${{ secrets.CI_FUZZ_API_TOKEN }} - fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }} - fuzzing_artifact: ${{ env.CHECKOUT_DIR }}/${{ env.FUZZING_ARTIFACT }} - checkout_directory: ${{ env.CHECKOUT_DIR }}/selffuzz - project: ${{ env.PROJECT_NAME }} - - id: monitor-fuzzing - name: Fuzzing - uses: CodeIntelligenceTesting/github-actions/monitor-fuzzing@v5 - if: ${{ env.ci_fuzz_token != '' }} - with: - ci_fuzz_api_token: ${{ secrets.CI_FUZZ_API_TOKEN }} - test_collection_run: ${{ steps.start-fuzzing.outputs.test_collection_run }} - fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }} - dashboard_address: ${{ env.WEB_APP_ADDRESS }} - project: ${{ env.PROJECT_NAME }} - - id: save-results - name: Save Fuzz Test Results - uses: CodeIntelligenceTesting/github-actions/save-results@v5 - if: ${{ env.ci_fuzz_token != '' && (success() || failure()) }} - with: - ci_fuzz_api_token: ${{ secrets.CI_FUZZ_API_TOKEN }} - test_collection_run: ${{ steps.start-fuzzing.outputs.test_collection_run }} - fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }} - dashboard_address: ${{ env.WEB_APP_ADDRESS }} - project_name: ${{ env.PROJECT_NAME }} - - id: upload-artifact - uses: actions/upload-artifact@v3 - if: ${{ env.ci_fuzz_token != '' && (success() || failure()) }} - with: - name: ci_fuzz_results - path: | - findings.json - coverage.json - web_app_address.txt diff --git a/README.md b/README.md index 412da6dc2..307f1a8fa 100644 --- a/README.md +++ b/README.md @@ -88,14 +88,6 @@ class ParserTests { A complete Maven example project can be found in [`examples/junit`](examples/junit). -### CI Fuzz - -The open-source CLI tool [cifuzz](https://github.com/CodeIntelligenceTesting/cifuzz) makes -it easy to set up Maven and Gradle projects for fuzzing with Jazzer. -It provides a command-line UI for fuzzing runs, deduplicates and manages findings, and -provides coverage reports for fuzz tests. Moreover, you can use CI Fuzz to run your fuzz -tests at scale in the [CI App](https://app.code-intelligence.com). - ### GitHub releases You can also use GitHub release archives to run a standalone Jazzer binary that starts its own JVM configured for fuzzing: diff --git a/docs/common.md b/docs/common.md index f497db685..d8ba861db 100644 --- a/docs/common.md +++ b/docs/common.md @@ -12,7 +12,7 @@ ### Recommended JVM options The following JVM settings are recommended for running Jazzer within JUnit. -Both `cifuzz` and the `jazzer` launcher binary set them automatically. +The `jazzer` launcher binary sets them automatically. * `-XX:-OmitStackTraceInFastThrow` ensures that stack traces are emitted even on hot code paths. This may hurt performance if your fuzz test frequently throws and catches exceptions, but also helps find flaky bugs. diff --git a/docs/junit-integration.md b/docs/junit-integration.md index 517f7ab6c..1b6c5b6a3 100644 --- a/docs/junit-integration.md +++ b/docs/junit-integration.md @@ -78,7 +78,7 @@ The tests from the resources directory are gathered by `walkInputs`. This will l JUnit will use the file's name as the name of the test case for its reporting. It also accepts .jar files where it will search with the given directory in the jar. -### CIFuzz Corpus +### Corpus The corpus kept in `.cifuzz-corpus//` holds any inputs that libfuzzer found worth saving and not necessarily just inputs that caused a crash. Jazzer is able to set the directory but the contents of diff --git a/src/main/java/com/code_intelligence/jazzer/junit/FuzzTestExecutor.java b/src/main/java/com/code_intelligence/jazzer/junit/FuzzTestExecutor.java index 2b3f69858..13abf8197 100644 --- a/src/main/java/com/code_intelligence/jazzer/junit/FuzzTestExecutor.java +++ b/src/main/java/com/code_intelligence/jazzer/junit/FuzzTestExecutor.java @@ -190,8 +190,7 @@ private static Path addInputAndSeedDirs( .toAbsolutePath(); // Use the specified corpus dir, if given, otherwise store the generated corpus in a per-class - // directory under the project root, just like cifuzz: - // https://github.com/CodeIntelligenceTesting/cifuzz/blob/bf410dcfbafbae2a73cf6c5fbed031cdfe234f2f/internal/cmd/run/run.go#L381 + // directory under the project root. // The path is specified relative to the current working directory, which with JUnit is the // project directory. Path generatedCorpusDir = baseDir.resolve(generatedCorpusPath(fuzzTestClass, fuzzTestMethod));