1# Copyright 2020 Google LLC 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14"""Runs a specific OSS-Fuzz project's fuzzers for CI tools.""" 15import logging 16import sys 17 18import config_utils 19import docker 20import run_fuzzers 21 22# pylint: disable=c-extension-no-member 23# pylint gets confused because of the relative import of cifuzz. 24 25logging.basicConfig( 26 format='%(asctime)s - %(name)s - %(levelname)s - %(message)s', 27 level=logging.DEBUG) 28 29 30def delete_unneeded_docker_images(config): 31 """Deletes unneeded docker images if running in an environment with low 32 disk space.""" 33 if not config.low_disk_space: 34 return 35 logging.info('Deleting builder docker images to save disk space.') 36 project_image = docker.get_project_image_name(config.project_name) 37 images = [ 38 project_image, 39 docker.BASE_RUNNER_TAG, 40 docker.MSAN_LIBS_BUILDER_TAG, 41 ] 42 docker.delete_images(images) 43 44 45def main(): 46 """Runs OSS-Fuzz project's fuzzers for CI tools. 47 This is the entrypoint for the run_fuzzers github action. 48 This action can be added to any OSS-Fuzz project's workflow that uses Github. 49 50 NOTE: libFuzzer binaries must be located in the ${GITHUB_WORKSPACE}/out 51 directory in order for this action to be used. This action will only fuzz the 52 binaries that are located in that directory. It is recommended that you add 53 the build_fuzzers action preceding this one. 54 55 NOTE: Any crash report will be in the filepath: 56 ${GITHUB_WORKSPACE}/out/testcase 57 This can be used in parallel with the upload-artifact action to surface the 58 logs. 59 60 Required environment variables: 61 FUZZ_SECONDS: The length of time in seconds that fuzzers are to be run. 62 GITHUB_WORKSPACE: The shared volume directory where input artifacts are. 63 DRY_RUN: If true, no failures will surface. 64 OSS_FUZZ_PROJECT_NAME: The name of the relevant OSS-Fuzz project. 65 SANITIZER: The sanitizer to use when running fuzzers. 66 67 Returns: 68 0 on success or 1 on failure. 69 """ 70 config = config_utils.RunFuzzersConfig() 71 # The default return code when an error occurs. 72 returncode = 1 73 if config.dry_run: 74 # Sets the default return code on error to success. 75 returncode = 0 76 77 if not config.workspace: 78 logging.error('This script needs to be run within Github actions.') 79 return returncode 80 81 delete_unneeded_docker_images(config) 82 # Run the specified project's fuzzers from the build. 83 result = run_fuzzers.run_fuzzers(config) 84 if result == run_fuzzers.RunFuzzersResult.ERROR: 85 logging.error('Error occurred while running in workspace %s.', 86 config.workspace) 87 return returncode 88 if result == run_fuzzers.RunFuzzersResult.BUG_FOUND: 89 logging.info('Bug found.') 90 if not config.dry_run: 91 # Return 2 when a bug was found by a fuzzer causing the CI to fail. 92 return 2 93 return 0 94 95 96if __name__ == '__main__': 97 sys.exit(main()) 98