Skip to content

Fuzz

Fuzz #2392

Workflow file for this run

name: Fuzz
on:
pull_request:
branches:
- "**"
push:
branches: [ master ]
tags:
- "*"
schedule:
- cron: 30 0 * * *
workflow_dispatch:
inputs:
duration:
description: 'Duration of the fuzzing run in seconds'
required: true
default: "60"
type: string
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
# TODO: build all fuzzers first, then run independently
global-fuzzer:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Install deps
run: |
DEBIAN_FRONTEND="noninteractive" sudo apt-get -y remove python3-lldb-14
sudo .github/workflows/scripts/llvm.sh 17
DEBIAN_FRONTEND="noninteractive" sudo apt-get -y install libfuzzer-17-dev
- name: Build
run: ./fuzzer/global/build.sh
- name: Run fuzzer
run: ./fuzzer/global/run.sh ${{ github.event.inputs.duration }}
- name: Log
if: ${{ always() }}
run: grep -v -f fuzzer/global/scripts/report-negative-patterns.txt fuzzer/global/fuzz-*.log
- name: Show coverage
run: ./fuzzer/global/scripts/show_coverage.sh 40 || true
- name: Compress artifact
if: ${{ always() }}
run: tar -czvf fuzzing.tar.gz fuzzer/global/
- name: Artifact
uses: actions/upload-artifact@v4
if: ${{ always() }}
with:
name: fuzzing-data
path: fuzzing.tar.gz
local-fuzzer:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
variant:
- fuzzer: uri_parse
params: ""
- fuzzer: ssrf_detector
params: ""
- fuzzer: lfi_detector
params: ""
- fuzzer: sql_tokenizer
params: "--dialect=mysql"
- fuzzer: sql_tokenizer
params: "--dialect=postgresql"
- fuzzer: sql_tokenizer
params: "--dialect=sqlite"
- fuzzer: sql_tokenizer
params: "--dialect=standard"
- fuzzer: sqli_detector
params: "--dialect=mysql"
- fuzzer: sqli_detector
params: "--dialect=postgresql"
- fuzzer: sqli_detector
params: "--dialect=sqlite"
- fuzzer: sqli_detector
params: "--dialect=standard"
- fuzzer: shell_tokenizer
params: ""
- fuzzer: shi_detector_string
params: ""
- fuzzer: shi_detector_array
params: ""
- fuzzer: cmdi_detector
params: ""
- fuzzer: sha256
params: ""
- fuzzer: http_endpoint_fingerprint
params: ""
- fuzzer: http_header_fingerprint
params: ""
- fuzzer: http_network_fingerprint
params: ""
- fuzzer: session_fingerprint
params: ""
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Install deps
run: |
DEBIAN_FRONTEND="noninteractive" sudo apt-get -y remove python3-lldb-14
sudo .github/workflows/scripts/llvm.sh 17
DEBIAN_FRONTEND="noninteractive" sudo apt-get -y install libfuzzer-17-dev
- name: Build
env:
CC: clang-17
CXX: clang++-17
run: |
mkdir build ; cd build
cmake -DCMAKE_VERBOSE_MAKEFILE=1 -DCMAKE_BUILD_TYPE=RelWithDebInfo ..
make -j $(nproc) ${{ matrix.variant.fuzzer }}_fuzzer
cp fuzzer/${{ matrix.variant.fuzzer }}_fuzzer ../fuzzer/${{ matrix.variant.fuzzer }}
- name: Run fuzzer
run: |
cd fuzzer/${{ matrix.variant.fuzzer }}
./${{ matrix.variant.fuzzer }}_fuzzer ${{ matrix.variant.params }} -max_total_time=${{ github.event.inputs.duration || 300 }} corpus/