diff --git a/.github/workflows/cflite_cron.yml b/.github/workflows/cflite_cron.yml new file mode 100644 index 00000000..44ac10c2 --- /dev/null +++ b/.github/workflows/cflite_cron.yml @@ -0,0 +1,41 @@ +name: ClusterFuzzLite cron tasks +on: + workflow_dispatch: + push: + branches: + - main # Use your actual default branch here. + schedule: + - cron: '0 13 * * 6' # At 01:00 PM, only on Saturday +permissions: read-all +jobs: + Fuzzing: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: + - mode: batch + sanitizer: address + - mode: batch + sanitizer: memory + - mode: prune + sanitizer: address + - mode: coverage + sanitizer: coverage + steps: + - name: Build Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }}) + id: build + uses: google/clusterfuzzlite/actions/build_fuzzers@v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + language: c # Change this to the language you are fuzzing. + sanitizer: ${{ matrix.sanitizer }} + - name: Run Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }}) + id: run + uses: google/clusterfuzzlite/actions/run_fuzzers@v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + fuzz-seconds: 300 # 5 minutes + mode: ${{ matrix.mode }} + sanitizer: ${{ matrix.sanitizer }} + \ No newline at end of file diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml new file mode 100644 index 00000000..8810c6d6 --- /dev/null +++ b/.github/workflows/cflite_pr.yml @@ -0,0 +1,43 @@ +name: ClusterFuzzLite PR fuzzing +on: + pull_request: + paths: + - "**" +permissions: read-all +jobs: + PR: + runs-on: ubuntu-latest + concurrency: + group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} + cancel-in-progress: true + strategy: + fail-fast: false + matrix: + sanitizer: [address, undefined, memory] # Override this with the sanitizers you want. + steps: + - name: Build Fuzzers (${{ matrix.sanitizer }}) + id: build + uses: google/clusterfuzzlite/actions/build_fuzzers@v1 + with: + language: c # Change this to the language you are fuzzing. + github-token: ${{ secrets.GITHUB_TOKEN }} + sanitizer: ${{ matrix.sanitizer }} + # Optional but recommended: used to only run fuzzers that are affected + # by the PR. + # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git + # storage-repo-branch: main # Optional. Defaults to "main" + # storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". + - name: Run Fuzzers (${{ matrix.sanitizer }}) + id: run + uses: google/clusterfuzzlite/actions/run_fuzzers@v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + fuzz-seconds: 300 # 5 minutes + mode: "code-change" + sanitizer: ${{ matrix.sanitizer }} + output-sarif: true + # Optional but recommended: used to download the corpus produced by + # batch fuzzing. + # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git + # storage-repo-branch: main # Optional. Defaults to "main" + # storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". diff --git a/fuzzing/CMakeLists.txt b/fuzzing/CMakeLists.txt index cda1168e..eb6dee47 100644 --- a/fuzzing/CMakeLists.txt +++ b/fuzzing/CMakeLists.txt @@ -73,6 +73,7 @@ add_compile_definitions( include_directories( ${BOLOS_SDK}/include + ${BOLOS_SDK}/lib_standard_app ${BOLOS_SDK}/lib_cxng/include ${BOLOS_SDK}/lib_cxng/src ${BOLOS_SDK}/target/nanox/include @@ -91,11 +92,16 @@ add_executable(fuzz ${SRC_DIR}/handle_provide_token.c ${SRC_DIR}/handle_query_contract_ui.c ${SRC_DIR}/handle_query_contract_id.c + ${SRC_DIR}/utils.c # Ethereum SDK ${ETH_DIR}/src/common_utils.c ${ETH_DIR}/src/plugin_utils.c + # sdk utils + ${BOLOS_SDK}/src/ledger_assert.c + ${BOLOS_SDK}/lib_standard_app/format.c + # cxng ${BOLOS_SDK}/lib_cxng/src/cx_hash.c ${BOLOS_SDK}/lib_cxng/src/cx_sha256.c diff --git a/fuzzing/mocks.c b/fuzzing/mocks.c index 5b5358cb..1c0ec847 100644 --- a/fuzzing/mocks.c +++ b/fuzzing/mocks.c @@ -1,4 +1,7 @@ #include "plugin.h" +#include "lcx_common.h" +#include "lcx_hash.h" +#include size_t strlcat(char *dst, const char *src, size_t size) { size_t srclen; /* Length of source string */ @@ -33,3 +36,13 @@ size_t strlcpy(char *dst, const char *src, size_t size) { return (srclen); } + +cx_err_t cx_keccak_256_hash_iovec(const cx_iovec_t *iovec, + size_t iovec_len, + uint8_t digest[static CX_KECCAK_256_SIZE]) { + return CX_OK; +} + +void os_sched_exit(bolos_task_status_t exit_code) { + return; +} \ No newline at end of file diff --git a/src/handle_provide_parameter.c b/src/handle_provide_parameter.c index 92798ca1..6115775c 100644 --- a/src/handle_provide_parameter.c +++ b/src/handle_provide_parameter.c @@ -294,7 +294,7 @@ static void handle_eigenlayer_complete_queued_withdrawal(ethPluginProvideParamet break; case START_BLOCK: - copy_parameter(context->uint32_var, msg->parameter + 28, sizeof(context->uint32_var)); + copy_parameter(context->os_token_shares, msg->parameter + 28, 4); context->next_param = OFFSET_3; break; diff --git a/src/handle_query_contract_ui.c b/src/handle_query_contract_ui.c index 824f0c82..9edb0d9b 100644 --- a/src/handle_query_contract_ui.c +++ b/src/handle_query_contract_ui.c @@ -264,12 +264,7 @@ static bool eigenlayer_complete_queued_withdrawal_ui(ethQueryContractUI_t *msg, case 4: strlcpy(msg->title, "Start Block", msg->titleLength); - amountToString(context->uint32_var, - sizeof(context->uint32_var), - 0, - "", - msg->msg, - msg->msgLength); + amountToString(context->os_token_shares, 4, 0, "", msg->msg, msg->msgLength); return true; case 5: diff --git a/src/plugin.h b/src/plugin.h index 2a93ba71..0cdae3cd 100644 --- a/src/plugin.h +++ b/src/plugin.h @@ -112,7 +112,6 @@ typedef struct context_s { uint8_t timestamp[INT256_LENGTH]; uint8_t exit_queue_index[INT256_LENGTH]; - uint8_t uint32_var[4]; uint8_t bool_var; // For parsing data. diff --git a/src/utils.c b/src/utils.c index 1c7da56e..c3918143 100644 --- a/src/utils.c +++ b/src/utils.c @@ -1,4 +1,5 @@ #include +#include "utils.h" const char HEX_CHARS[] = "0123456789ABCDEF";