From 85303b8c22cfd64fac9d09214a77ddb0d30fc454 Mon Sep 17 00:00:00 2001 From: David Korczynski Date: Sat, 11 May 2024 07:14:18 -0700 Subject: [PATCH] Add ClusterFuzzLite integration Signed-off-by: David Korczynski --- .clusterfuzzlite/Dockerfile | 8 +++++++ .clusterfuzzlite/build.sh | 10 +++++++++ .clusterfuzzlite/fuzzer.c | 39 +++++++++++++++++++++++++++++++++ .clusterfuzzlite/project.yaml | 1 + .github/workflows/cflite_pr.yml | 30 +++++++++++++++++++++++++ 5 files changed, 88 insertions(+) create mode 100644 .clusterfuzzlite/Dockerfile create mode 100644 .clusterfuzzlite/build.sh create mode 100644 .clusterfuzzlite/fuzzer.c create mode 100644 .clusterfuzzlite/project.yaml create mode 100644 .github/workflows/cflite_pr.yml diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile new file mode 100644 index 0000000..96f891f --- /dev/null +++ b/.clusterfuzzlite/Dockerfile @@ -0,0 +1,8 @@ +FROM gcr.io/oss-fuzz-base/base-builder +RUN apt-get update && apt-get install -y make autoconf automake libtool cmake \ + pkg-config curl check +COPY . $SRC/parson +COPY .clusterfuzzlite/build.sh $SRC/build.sh +COPY .clusterfuzzlite/*.cpp $SRC/ +COPY .clusterfuzzlite/*.c $SRC/ +WORKDIR parson diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh new file mode 100644 index 0000000..bd8932a --- /dev/null +++ b/.clusterfuzzlite/build.sh @@ -0,0 +1,10 @@ +#!/bin/bash +for file in "parson.c"; do + $CC $CFLAGS -c ${file} +done + +rm -f ./test*.o +llvm-ar rcs libfuzz.a *.o + + +$CC $CFLAGS $LIB_FUZZING_ENGINE $SRC/fuzzer.c -Wl,--whole-archive $SRC/parson/libfuzz.a -Wl,--allow-multiple-definition -I$SRC/parson/ -o $OUT/fuzzer \ No newline at end of file diff --git a/.clusterfuzzlite/fuzzer.c b/.clusterfuzzlite/fuzzer.c new file mode 100644 index 0000000..71c1592 --- /dev/null +++ b/.clusterfuzzlite/fuzzer.c @@ -0,0 +1,39 @@ +#include +#include +#include +#include + +#include "parson.h" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size < 1) { + return 0; + } + + // Creating a fake JSON string from input data + char *json_str = (char*)malloc(size + 1); + if (json_str == NULL) { + return 0; + } + memcpy(json_str, data, size); + json_str[size] = '\0'; + + // Creating a fake JSON_Value from the JSON string + JSON_Value *json_val = json_parse_string(json_str); + if (json_val == NULL) { + free(json_str); + return 0; + } + + // Fake file name + const char *file_name = "output.json"; + + // Calling the target function with the fake JSON_Value and file name + json_serialize_to_file_pretty(json_val, file_name); + + // Cleanup + json_value_free(json_val); + free(json_str); + + return 0; +} diff --git a/.clusterfuzzlite/project.yaml b/.clusterfuzzlite/project.yaml new file mode 100644 index 0000000..b455aa3 --- /dev/null +++ b/.clusterfuzzlite/project.yaml @@ -0,0 +1 @@ +language: c diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml new file mode 100644 index 0000000..a6ddd01 --- /dev/null +++ b/.github/workflows/cflite_pr.yml @@ -0,0 +1,30 @@ +name: ClusterFuzzLite PR fuzzing +on: + workflow_dispatch: + pull_request: + branches: [ master ] +permissions: read-all +jobs: + PR: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + sanitizer: [address] + steps: + - name: Build Fuzzers (${{ matrix.sanitizer }}) + id: build + uses: google/clusterfuzzlite/actions/build_fuzzers@v1 + with: + sanitizer: ${{ matrix.sanitizer }} + language: c++ + bad-build-check: false + - name: Run Fuzzers (${{ matrix.sanitizer }}) + id: run + uses: google/clusterfuzzlite/actions/run_fuzzers@v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + fuzz-seconds: 100 + mode: 'code-change' + report-unreproducible-crashes: false + sanitizer: ${{ matrix.sanitizer }}