Add ClusterFuzzLite in CI featuring PR fuzzing, batch fuzzing and fuz…

…z coverage reports (#820) * Add initial clusterfuzzlite setup * Disable broken fuzzer * Enable batch and cron * Change fuzz duration * Reduce again * Fix coverage * Trigger CI * Update fuzz times * Add documentation and fix corpus repo * chore: Changelog entry * feat: use github app for token * fix: run on all PRs * fix: allow workflows to be manually run * fix: test other token format * fix: add username and token to url * feat: temp debug * feat: more debug logging * feat: working app token * feat: use latest nightly in CI * feat: pin nightly compiler version * chore: Remove flag needed for older compiler * fix: Remove confusing comments --------- Co-authored-by: Max Ammann <[email protected]> Co-authored-by: Mike Christopher <[email protected]> Co-authored-by: Green Baneling <[email protected]>
FuelLabs · Oct 3, 2024 · 9693d43 · 9693d43
1 parent dd1756f
commit 9693d43
Show file tree

Hide file tree

Showing 8 changed files with 154 additions and 0 deletions.
diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile
@@ -0,0 +1,7 @@
+FROM gcr.io/oss-fuzz-base/base-builder-rust:v1
+RUN rustup install nightly-2024-09-24 && rustup default nightly-2024-09-24
+RUN rustup component add rust-src --toolchain nightly-2024-09-24
+ENV RUSTUP_TOOLCHAIN=nightly-2024-09-24
+COPY . $SRC/fuel-vm
+WORKDIR fuel-vm
+COPY .clusterfuzzlite/build.sh $SRC/
diff --git a/.clusterfuzzlite/README.md b/.clusterfuzzlite/README.md
@@ -0,0 +1,5 @@
+# ClusterFuzzLite
+
+This directory contains the configuration for [ClusterFuzzLite](https://google.github.io/clusterfuzzlite/). CFL is used in the GitHub Actions CI in several workflows.
+
+The corpus and more documentation can be found in [FuelLabs/fuel-fuzzing-corpus](https://github.com/FuelLabs/fuel-fuzzing-corpus).
diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh
@@ -0,0 +1,9 @@
+#!/bin/bash -eu
+
+cd $SRC/fuel-vm
+
+cd fuel-vm
+
+cargo fuzz build -O --sanitizer none
+
+cp fuzz/target/x86_64-unknown-linux-gnu/release/grammar_aware_advanced $OUT/
diff --git a/.clusterfuzzlite/project.yaml b/.clusterfuzzlite/project.yaml
@@ -0,0 +1 @@
+language: rust
diff --git a/.github/workflows/cflite_batch.yml b/.github/workflows/cflite_batch.yml
@@ -0,0 +1,33 @@
+name: ClusterFuzzLite batch fuzzing
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0/24 * * *'  # Every 24th hour
+permissions: read-all
+jobs:
+  BatchFuzzing:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get fuzzer auth token
+        uses: actions/create-github-app-token@v1
+        id: fuzzer-token
+        with:
+          owner: ${{ github.repository_owner }}
+          app-id: ${{ vars.FUEL_FUZZING_CORPUS_APP_ID }}
+          private-key: ${{ secrets.FUEL_FUZZING_CORPUS_APP_KEY }}
+      - name: Build Fuzzers (${{ matrix.sanitizer }})
+        id: build
+        uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+        with:
+          language: rust
+      - name: Run Fuzzers (${{ matrix.sanitizer }})
+        id: run
+        uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          fuzz-seconds: 3600
+          mode: 'batch'
+          output-sarif: true
+          storage-repo: https://oauth2:${{ steps.fuzzer-token.outputs.token }}@github.com/FuelLabs/fuel-fuzzing-corpus.git
+          storage-repo-branch: main
+          storage-repo-branch-coverage: gh-pages
diff --git a/.github/workflows/cflite_cron.yml b/.github/workflows/cflite_cron.yml
@@ -0,0 +1,60 @@
+name: ClusterFuzzLite cron tasks
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0/72 * * *'
+permissions: read-all
+jobs:
+  Pruning:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get fuzzer auth token
+        uses: actions/create-github-app-token@v1
+        id: fuzzer-token
+        with:
+          owner: ${{ github.repository_owner }}
+          app-id: ${{ vars.FUEL_FUZZING_CORPUS_APP_ID }}
+          private-key: ${{ secrets.FUEL_FUZZING_CORPUS_APP_KEY }}
+      - name: Build Fuzzers
+        id: build
+        uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+        with:
+          language: rust
+      - name: Run Fuzzers
+        id: run
+        uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          fuzz-seconds: 600
+          mode: 'prune'
+          output-sarif: true
+          storage-repo: https://oauth2:${{ steps.fuzzer-token.outputs.token }}@github.com/FuelLabs/fuel-fuzzing-corpus.git
+          storage-repo-branch: main
+          storage-repo-branch-coverage: gh-pages
+  Coverage:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get fuzzer auth token
+        uses: actions/create-github-app-token@v1
+        id: fuzzer-token
+        with:
+          owner: ${{ github.repository_owner }}
+          app-id: ${{ vars.FUEL_FUZZING_CORPUS_APP_ID }}
+          private-key: ${{ secrets.FUEL_FUZZING_CORPUS_APP_KEY }}
+      - name: Build Fuzzers
+        id: build
+        uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+        with:
+          language: rust
+          sanitizer: coverage
+      - name: Run Fuzzers
+        id: run
+        uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          fuzz-seconds: 600
+          mode: 'coverage'
+          sanitizer: 'coverage'
+          storage-repo: https://oauth2:${{ steps.fuzzer-token.outputs.token }}@github.com/FuelLabs/fuel-fuzzing-corpus.git
+          storage-repo-branch: main
+          storage-repo-branch-coverage: gh-pages
diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml
@@ -0,0 +1,38 @@
+name: ClusterFuzzLite PR fuzzing
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+permissions: read-all
+jobs:
+  PR:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get fuzzer auth token
+        uses: actions/create-github-app-token@v1
+        id: fuzzer-token
+        with:
+          owner: ${{ github.repository_owner }}
+          app-id: ${{ vars.FUEL_FUZZING_CORPUS_APP_ID }}
+          private-key: ${{ secrets.FUEL_FUZZING_CORPUS_APP_KEY }}
+      - name: Build Fuzzers
+        id: build
+        uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+        with:
+          language: rust
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          storage-repo: https://oauth2:${{ steps.fuzzer-token.outputs.token }}@github.com/FuelLabs/fuel-fuzzing-corpus.git
+          storage-repo-branch: main
+          storage-repo-branch-coverage: gh-pages
+      - name: Run Fuzzers
+        id: run
+        uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          fuzz-seconds: 600
+          mode: 'code-change'
+          output-sarif: true
+          storage-repo: https://oauth2:${{ steps.fuzzer-token.outputs.token }}@github.com/FuelLabs/fuel-fuzzing-corpus.git
+          storage-repo-branch: main
+          storage-repo-branch-coverage: gh-pages
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 
 ### Added
 - [#838](https://github.com/FuelLabs/fuel-vm/pull/838): Implemented `AsRef<[u8]>` and `TryFrom<&[u8]>` for DA compression types: ScriptCode, PredicateCode, RegistryKey.
+- [#820](https://github.com/FuelLabs/fuel-vm/pull/820): Add fuzzing in CI with ClusterFuzzLite.
 
 ### Removed