| # Copyright 2020 Google LLC |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| """Runs a specific OSS-Fuzz project's fuzzers for CI tools.""" |
| import logging |
| import sys |
| |
| import config_utils |
| import docker |
| import run_fuzzers |
| |
| # pylint: disable=c-extension-no-member |
| # pylint gets confused because of the relative import of cifuzz. |
| |
| logging.basicConfig( |
| format='%(asctime)s - %(name)s - %(levelname)s - %(message)s', |
| level=logging.DEBUG) |
| |
| |
| def delete_unneeded_docker_images(config): |
| """Deletes unneeded docker images if running in an environment with low |
| disk space.""" |
| if not config.low_disk_space: |
| return |
| logging.info('Deleting builder docker images to save disk space.') |
| project_image = docker.get_project_image_name(config.project_name) |
| images = [ |
| project_image, |
| docker.BASE_RUNNER_TAG, |
| docker.MSAN_LIBS_BUILDER_TAG, |
| ] |
| docker.delete_images(images) |
| |
| |
| def main(): |
| """Runs OSS-Fuzz project's fuzzers for CI tools. |
| This is the entrypoint for the run_fuzzers github action. |
| This action can be added to any OSS-Fuzz project's workflow that uses Github. |
| |
| NOTE: libFuzzer binaries must be located in the ${GITHUB_WORKSPACE}/out |
| directory in order for this action to be used. This action will only fuzz the |
| binaries that are located in that directory. It is recommended that you add |
| the build_fuzzers action preceding this one. |
| |
| NOTE: Any crash report will be in the filepath: |
| ${GITHUB_WORKSPACE}/out/testcase |
| This can be used in parallel with the upload-artifact action to surface the |
| logs. |
| |
| Required environment variables: |
| FUZZ_SECONDS: The length of time in seconds that fuzzers are to be run. |
| GITHUB_WORKSPACE: The shared volume directory where input artifacts are. |
| DRY_RUN: If true, no failures will surface. |
| OSS_FUZZ_PROJECT_NAME: The name of the relevant OSS-Fuzz project. |
| SANITIZER: The sanitizer to use when running fuzzers. |
| |
| Returns: |
| 0 on success or 1 on failure. |
| """ |
| config = config_utils.RunFuzzersConfig() |
| # The default return code when an error occurs. |
| returncode = 1 |
| if config.dry_run: |
| # Sets the default return code on error to success. |
| returncode = 0 |
| |
| if not config.workspace: |
| logging.error('This script needs to be run within Github actions.') |
| return returncode |
| |
| delete_unneeded_docker_images(config) |
| # Run the specified project's fuzzers from the build. |
| result = run_fuzzers.run_fuzzers(config) |
| if result == run_fuzzers.RunFuzzersResult.ERROR: |
| logging.error('Error occurred while running in workspace %s.', |
| config.workspace) |
| return returncode |
| if result == run_fuzzers.RunFuzzersResult.BUG_FOUND: |
| logging.info('Bug found.') |
| if not config.dry_run: |
| # Return 2 when a bug was found by a fuzzer causing the CI to fail. |
| return 2 |
| return 0 |
| |
| |
| if __name__ == '__main__': |
| sys.exit(main()) |
