.github/workflows/fuzz.yml

name: Fuzz

on:
  pull_request:
    branches:
      - "**"
  push:
    branches: [ master ]
    tags:
      - "*"
  schedule:
    - cron:  30 0 * * *
  workflow_dispatch:
    inputs:
      duration:
        description: 'Duration of the fuzzing run in seconds'
        required: true
        default: "60"
        type: string
concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true
jobs:
  # TODO: build all fuzzers first, then run independently
  global-fuzzer:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          submodules: recursive

      - name: Install deps
        run: |
          DEBIAN_FRONTEND="noninteractive" sudo apt-get -y remove python3-lldb-14
          sudo .github/workflows/scripts/llvm.sh 17
          DEBIAN_FRONTEND="noninteractive" sudo apt-get -y install libfuzzer-17-dev

      - name: Build
        run: ./fuzzer/global/build.sh

      - name: Run fuzzer
        run: ./fuzzer/global/run.sh ${{ github.event.inputs.duration }}

      - name: Log
        if: ${{ always() }}
        run: grep -v -f fuzzer/global/scripts/report-negative-patterns.txt fuzzer/global/fuzz-*.log

      - name: Show coverage
        run: ./fuzzer/global/scripts/show_coverage.sh 40 || true

      - name: Compress artifact
        if: ${{ always() }}
        run: tar -czvf fuzzing.tar.gz fuzzer/global/

      - name: Artifact
        uses: actions/upload-artifact@v4
        if: ${{ always() }}
        with:
          name: fuzzing-data
          path: fuzzing.tar.gz
  local-fuzzer:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        variant:
          - fuzzer: uri_parse
            params: ""
          - fuzzer: ssrf_detector
            params: ""
          - fuzzer: lfi_detector
            params: ""
          - fuzzer: sql_tokenizer
            params: "--dialect=mysql"
          - fuzzer: sql_tokenizer
            params: "--dialect=postgresql"
          - fuzzer: sql_tokenizer
            params: "--dialect=sqlite"
          - fuzzer: sql_tokenizer
            params: "--dialect=standard"
          - fuzzer: sqli_detector
            params: "--dialect=mysql"
          - fuzzer: sqli_detector
            params: "--dialect=postgresql"
          - fuzzer: sqli_detector
            params: "--dialect=sqlite"
          - fuzzer: sqli_detector
            params: "--dialect=standard"
          - fuzzer: shell_tokenizer
            params: ""
          - fuzzer: shi_detector_string
            params: ""
          - fuzzer: shi_detector_array
            params: ""
          - fuzzer: cmdi_detector
            params: ""
          - fuzzer: sha256
            params: ""
          - fuzzer: http_endpoint_fingerprint
            params: ""
          - fuzzer: http_header_fingerprint
            params: ""
          - fuzzer: http_network_fingerprint
            params: ""
          - fuzzer: session_fingerprint
            params: ""
    steps:
      - uses: actions/checkout@v4
        with:
          submodules: recursive

      - name: Install deps
        run: |
          DEBIAN_FRONTEND="noninteractive" sudo apt-get -y remove python3-lldb-14
          sudo .github/workflows/scripts/llvm.sh 17
          DEBIAN_FRONTEND="noninteractive" sudo apt-get -y install libfuzzer-17-dev

      - name: Build
        env:
          CC: clang-17
          CXX: clang++-17
        run: |
          mkdir build ; cd build
          cmake -DCMAKE_VERBOSE_MAKEFILE=1 -DCMAKE_BUILD_TYPE=RelWithDebInfo ..
          make -j $(nproc) ${{ matrix.variant.fuzzer }}_fuzzer
          cp fuzzer/${{ matrix.variant.fuzzer }}_fuzzer ../fuzzer/${{ matrix.variant.fuzzer }}

      - name: Run fuzzer
        run: |
          cd fuzzer/${{ matrix.variant.fuzzer }}
          ./${{ matrix.variant.fuzzer }}_fuzzer ${{ matrix.variant.params }} -max_total_time=${{ github.event.inputs.duration || 300 }} corpus/