1# Copyright 2020 Google LLC 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14"""Runs a specific OSS-Fuzz project's fuzzers for CI tools.""" 15import logging 16import sys 17 18import config_utils 19import docker 20import run_fuzzers 21 22# pylint: disable=c-extension-no-member 23# pylint gets confused because of the relative import of cifuzz. 24 25logging.basicConfig( 26 format='%(asctime)s - %(name)s - %(levelname)s - %(message)s', 27 level=logging.DEBUG) 28 29 30def delete_unneeded_docker_images(config): 31 """Deletes unneeded docker images if running in an environment with low 32 disk space.""" 33 if not config.low_disk_space: 34 return 35 logging.info('Deleting builder docker images to save disk space.') 36 project_image = docker.get_project_image_name(config.oss_fuzz_project_name) 37 images = [ 38 project_image, 39 docker.BASE_BUILDER_TAG, 40 docker.BASE_BUILDER_TAG + ':xenial', 41 docker.BASE_BUILDER_TAG + '-go', 42 docker.BASE_BUILDER_TAG + '-jvm', 43 docker.BASE_BUILDER_TAG + '-python', 44 docker.BASE_BUILDER_TAG + '-rust', 45 docker.BASE_BUILDER_TAG + '-swift', 46 ] 47 docker.delete_images(images) 48 49 50def run_fuzzers_entrypoint(): 51 """This is the entrypoint for the run_fuzzers github action. 52 This action can be added to any OSS-Fuzz project's workflow that uses 53 Github.""" 54 config = config_utils.RunFuzzersConfig() 55 # The default return code when an error occurs. 56 returncode = 1 57 if config.dry_run: 58 # Sets the default return code on error to success. 59 returncode = 0 60 61 delete_unneeded_docker_images(config) 62 # Run the specified project's fuzzers from the build. 63 result = run_fuzzers.run_fuzzers(config) 64 if result == run_fuzzers.RunFuzzersResult.ERROR: 65 logging.error('Error occurred while running in workspace %s.', 66 config.workspace) 67 return returncode 68 if result == run_fuzzers.RunFuzzersResult.BUG_FOUND: 69 logging.info('Bug found.') 70 if not config.dry_run: 71 # Return 2 when a bug was found by a fuzzer causing the CI to fail. 72 return 2 73 return 0 74 75 76def main(): 77 """Runs project's fuzzers for CI tools. 78 This is the entrypoint for the run_fuzzers github action. 79 80 NOTE: libFuzzer binaries must be located in the ${GITHUB_WORKSPACE}/out 81 directory in order for this action to be used. This action will only fuzz the 82 binaries that are located in that directory. It is recommended that you add 83 the build_fuzzers action preceding this one. 84 85 NOTE: Any crash report will be in the filepath: 86 ${GITHUB_WORKSPACE}/out/testcase 87 This can be used in parallel with the upload-artifact action to surface the 88 logs. 89 90 Required environment variables: 91 FUZZ_SECONDS: The length of time in seconds that fuzzers are to be run. 92 GITHUB_WORKSPACE: The shared volume directory where input artifacts are. 93 DRY_RUN: If true, no failures will surface. 94 OSS_FUZZ_PROJECT_NAME: The name of the relevant OSS-Fuzz project. 95 SANITIZER: The sanitizer to use when running fuzzers. 96 97 Returns: 98 0 on success or nonzero on failure. 99 """ 100 return run_fuzzers_entrypoint() 101 102 103if __name__ == '__main__': 104 sys.exit(main()) 105