ossf · AdamKorcz · Feb 3, 2025 · Feb 3, 2025
diff --git a/oss_fuzz_integration/oss-fuzz-patches.diff b/oss_fuzz_integration/oss-fuzz-patches.diff
@@ -20,185 +20,20 @@ index 64d11095b..34bee0c13 100644
  # /ccache/bin will contain the compiler wrappers, and /ccache/cache will
  # contain the actual cache, which can be saved.
 diff --git a/infra/base-images/base-builder/compile b/infra/base-images/base-builder/compile
-index 1c10d9e23..f48a3e2d8 100755
+index e05d0e6ea..eccd5c3b3 100755
 --- a/infra/base-images/base-builder/compile
 +++ b/infra/base-images/base-builder/compile
-@@ -223,13 +223,13 @@ if [ "$SANITIZER" = "introspector" ] || [ "$RUST_SANITIZER" = "introspector" ];
-   ln -sf /usr/local/bin/llvm-ranlib /usr/bin/ranlib
-
-   apt-get install -y libjpeg-dev zlib1g-dev libyaml-dev
--  python3 -m pip install --upgrade pip setuptools
--  python3 -m pip install cxxfilt pyyaml beautifulsoup4 lxml soupsieve rust-demangler
--  python3 -m pip install --prefer-binary matplotlib
-+  #python3 -m pip install --upgrade pip setuptools
-+  #python3 -m pip install cxxfilt pyyaml beautifulsoup4 lxml soupsieve rust-demangler
-+  #python3 -m pip install --prefer-binary matplotlib
-
-   # Install Fuzz-Introspector
-   pushd /fuzz-introspector/src
--  python3 -m pip install .
-+  python3 -m pip install -e .
-   popd
-
+@@ -235,6 +235,8 @@ if [ "$SANITIZER" = "introspector" ] || [ "$RUST_SANITIZER" = "introspector" ];
    if [ "$FUZZING_LANGUAGE" = "python" ]; then
-@@ -238,10 +238,38 @@ if [ "$SANITIZER" = "introspector" ] || [ "$RUST_SANITIZER" = "introspector" ];
-     python3 /fuzz-introspector/src/main.py light --language=jvm
-   elif [ "$FUZZING_LANGUAGE" = "rust" ]; then
-     python3 /fuzz-introspector/src/main.py light --language=rust
+     python3 /fuzz-introspector/src/main.py light --language=python
+     cp -rf $SRC/inspector/ /tmp/inspector-saved
 +  elif [ "$FUZZING_LANGUAGE" = "go" ]; then
 +    python3 /fuzz-introspector/src/main.py light --language=go
-   else
-     python3 /fuzz-introspector/src/main.py light
-   fi
-
-+  # Make a copy of the light. This is needed because we run two versions of
-+  # introspector: one based on pure statis analysis and one based on
-+  # regular LTO.
-+  cp -rf $SRC/inspector/ /tmp/inspector-saved
-+
-+
-+  # Move coverage report.
-+  if [ -d "$OUT/textcov_reports" ]
-+  then
-+    find $OUT/textcov_reports/ -name "*.covreport" -exec cp {} $SRC/inspector/ \;
-+    find $OUT/textcov_reports/ -name "*.json" -exec cp {} $SRC/inspector/ \;
-+  fi
-+
-+  # Make fuzz-introspector HTML report using light approach.
-+  REPORT_ARGS="--name=$PROJECT_NAME"
-+
-+  # Only pass coverage_url when COVERAGE_URL is set (in cloud builds)
-+  if [[ ! -z "${COVERAGE_URL+x}" ]]; then
-+    REPORT_ARGS="$REPORT_ARGS --coverage-url=${COVERAGE_URL}"
-+  fi
-+
-+  # Run pure static analysis fuzz introspector
-+  fuzz-introspector full --target-dir=$SRC \
-+      --language=${FUZZING_LANGUAGE} \
-+      --out-dir=$SRC/inspector \
-+      ${REPORT_ARGS}
-   rsync -avu --delete "$SRC/inspector/" "$OUT/inspector"
- fi
-
-@@ -313,31 +341,52 @@ if [ "$SANITIZER" = "introspector" ] || [ "$RUST_SANITIZER" = "introspector" ];
-   unset CFLAGS
-   export G_ANALYTICS_TAG="G-8WTFM1Y62J"
-
-+
-+  # If we get to here, it means the e.g. LTO had no problems and succeeded.
-+  # TO this end, we wlil restore the original light analysis and used the
-+  # LTO processing itself.
-+  rm -rf $SRC/inspector
-+  cp -rf /tmp/inspector-saved $SRC/inspector
-+
-+  cd /fuzz-introspector/src
-+  python3 -m pip install -e .
-+  cd /src/
-+
-   if [ "$FUZZING_LANGUAGE" = "jvm" ]; then
-     echo "GOING jvm route"
-
-     set -x
-     # Output will be put in /out/
--    python3 /fuzz-introspector/frontends/java/oss-fuzz-main.py
-+    # Using new approach
-+    python3 -m fuzz_introspector.frontends.oss_fuzz --language jvm --target-dir $SRC --entrypoint fuzzerTestOneInput
-+    # python3 /fuzz-introspector/frontends/java/oss-fuzz-main.py
-     # Move files temporarily to fit workflow of other languages.
-     mkdir -p $SRC/my-fi-data
--    find $OUT/ -name *.data -exec mv {} $SRC/my-fi-data/ \;
--    find $OUT/ -name *.data.yaml -exec mv {} $SRC/my-fi-data/ \;
-+    find ./ -name *.data -exec mv {} $SRC/my-fi-data/ \;
-+    find ./ -name *.data.yaml -exec mv {} $SRC/my-fi-data/ \;
-   elif [ "$FUZZING_LANGUAGE" = "rust" ]; then
-     echo "GOING rust route"
-
-     # Run the rust frontend
--    pushd /fuzz-introspector/frontends/rust/rust_function_analyser
--    cargo run -- $SRC
-+    python3 -m fuzz_introspector.frontends.oss_fuzz --language rust --target-dir $SRC
-
-     # Move files temporarily to fix workflow of other languages.
-     mkdir -p $SRC/my-fi-data
-     find ./ -name "*.data" -exec mv {} $SRC/my-fi-data/ \;
-     find ./ -name "*.data.yaml" -exec mv {} $SRC/my-fi-data/ \;
--    popd
-
-     # Restore the sanitizer flag for rust
-     export SANITIZER="introspector"
-+  elif [ "$FUZZING_LANGUAGE" = "go" ]; then
-+    echo "GOING go route"
-+
-+    # Run the go frontend
-+    python3 -m fuzz_introspector.frontends.oss_fuzz --language go --target-dir $SRC
-+
-+    # Move files temporarily to fix workflow of other languages.
-+    mkdir -p $SRC/my-fi-data
-+    find ./ -name "*.data" -exec mv {} $SRC/my-fi-data/ \;
-+    find ./ -name "*.data.yaml" -exec mv {} $SRC/my-fi-data/ \;
-   fi
-
-   mkdir -p $SRC/inspector
-@@ -359,43 +408,46 @@ if [ "$SANITIZER" = "introspector" ] || [ "$RUST_SANITIZER" = "introspector" ];
-   REPORT_ARGS="--name=$PROJECT_NAME"
-   # Only pass coverage_url when COVERAGE_URL is set (in cloud builds)
-   if [[ ! -z "${COVERAGE_URL+x}" ]]; then
--    REPORT_ARGS="$REPORT_ARGS --coverage_url=${COVERAGE_URL}"
-+    REPORT_ARGS="$REPORT_ARGS --coverage-url=${COVERAGE_URL}"
-   fi
-
-   # Do different things depending on languages
-   if [ "$FUZZING_LANGUAGE" = "python" ]; then
-     echo "GOING python route"
-     set -x
--    REPORT_ARGS="$REPORT_ARGS --target_dir=$SRC/inspector"
-+    REPORT_ARGS="$REPORT_ARGS --target-dir=$SRC/inspector"
-     REPORT_ARGS="$REPORT_ARGS --language=python"
--    python3 /fuzz-introspector/src/main.py report $REPORT_ARGS
-+    fuzz-introspector report $REPORT_ARGS
-     rsync -avu --delete "$SRC/inspector/" "$OUT/inspector"
    elif [ "$FUZZING_LANGUAGE" = "jvm" ]; then
-     echo "GOING jvm route"
-     set -x
-     find $OUT/ -name "jacoco.xml" -exec cp {} $SRC/inspector/ \;
--    REPORT_ARGS="$REPORT_ARGS --target_dir=$SRC/inspector"
-+    REPORT_ARGS="$REPORT_ARGS --target-dir=$SRC/inspector"
-     REPORT_ARGS="$REPORT_ARGS --language=jvm"
--    python3 /fuzz-introspector/src/main.py report $REPORT_ARGS
-+    fuzz-introspector report $REPORT_ARGS
-     rsync -avu --delete "$SRC/inspector/" "$OUT/inspector"
-   elif [ "$FUZZING_LANGUAGE" = "rust" ]; then
-     echo "GOING rust route"
--    REPORT_ARGS="$REPORT_ARGS --target_dir=$SRC/inspector"
-+    REPORT_ARGS="$REPORT_ARGS --target-dir=$SRC/inspector"
-     REPORT_ARGS="$REPORT_ARGS --language=rust"
--    python3 /fuzz-introspector/src/main.py report $REPORT_ARGS
-+    fuzz-introspector report $REPORT_ARGS
-     rsync -avu --delete "$SRC/inspector/" "$OUT/inspector"
-   else
-     # C/C++
-+    mkdir -p $SRC/inspector
-+    #fuzz-introspector full --target-dir=$SRC --language=${FUZZING_LANGUAGE} --out-dir=$SRC/inspector ${REPORT_ARGS}
-+    #fuzz-introspector full --target_dir $SRC --language=${FUZZING_LANGUAGE}
-
-     # Correlate fuzzer binaries to fuzz-introspector's raw data
--    python3 /fuzz-introspector/src/main.py correlate --binaries_dir=$OUT/
-+    fuzz-introspector correlate --binaries-dir=$OUT/
-
-     # Generate fuzz-introspector HTML report, this generates
-     # the file exe_to_fuzz_introspector_logs.yaml
--    REPORT_ARGS="$REPORT_ARGS --target_dir=$SRC/inspector"
-+    REPORT_ARGS="$REPORT_ARGS --target-dir=$SRC/inspector"
-     # Use the just-generated correlation file
--    REPORT_ARGS="$REPORT_ARGS --correlation_file=exe_to_fuzz_introspector_logs.yaml"
--    python3 /fuzz-introspector/src/main.py report $REPORT_ARGS
-+    REPORT_ARGS="$REPORT_ARGS --correlation-file=exe_to_fuzz_introspector_logs.yaml"
-+    fuzz-introspector report $REPORT_ARGS
-
-     rsync -avu --delete "$SRC/inspector/" "$OUT/inspector"
-   fi
+     python3 /fuzz-introspector/src/main.py light --language=jvm
+     cp -rf $SRC/inspector/ /tmp/inspector-saved
 diff --git a/infra/base-images/base-clang/Dockerfile b/infra/base-images/base-clang/Dockerfile
-index d403bb07d..43c114de5 100644
+index 296b1f7fb..9c6b1ff55 100644
 --- a/infra/base-images/base-clang/Dockerfile
 +++ b/infra/base-images/base-clang/Dockerfile
 @@ -45,6 +45,9 @@ RUN apt-get update && apt-get install -y git && \