[WIP] WAF Builder #2454
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Fuzz | |
on: | |
pull_request: | |
branches: | |
- "**" | |
push: | |
branches: [ master ] | |
tags: | |
- "*" | |
schedule: | |
- cron: 30 0 * * * | |
workflow_dispatch: | |
inputs: | |
duration: | |
description: 'Duration of the fuzzing run in seconds' | |
required: true | |
default: "60" | |
type: string | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
# TODO: build all fuzzers first, then run independently | |
global-fuzzer: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Install deps | |
run: | | |
DEBIAN_FRONTEND="noninteractive" sudo apt-get -y remove python3-lldb-14 | |
sudo .github/workflows/scripts/llvm.sh 17 | |
DEBIAN_FRONTEND="noninteractive" sudo apt-get -y install libfuzzer-17-dev | |
- name: Build | |
run: ./fuzzer/global/build.sh | |
- name: Run fuzzer | |
run: ./fuzzer/global/run.sh ${{ github.event.inputs.duration }} | |
- name: Log | |
if: ${{ always() }} | |
run: grep -v -f fuzzer/global/scripts/report-negative-patterns.txt fuzzer/global/fuzz-*.log | |
- name: Show coverage | |
run: ./fuzzer/global/scripts/show_coverage.sh 40 || true | |
- name: Compress artifact | |
if: ${{ always() }} | |
run: tar -czvf fuzzing.tar.gz fuzzer/global/ | |
- name: Artifact | |
uses: actions/upload-artifact@v4 | |
if: ${{ always() }} | |
with: | |
name: fuzzing-data | |
path: fuzzing.tar.gz | |
local-fuzzer: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
variant: | |
- fuzzer: uri_parse | |
params: "" | |
- fuzzer: ssrf_detector | |
params: "" | |
- fuzzer: lfi_detector | |
params: "" | |
- fuzzer: sql_tokenizer | |
params: "--dialect=mysql" | |
- fuzzer: sql_tokenizer | |
params: "--dialect=postgresql" | |
- fuzzer: sql_tokenizer | |
params: "--dialect=sqlite" | |
- fuzzer: sql_tokenizer | |
params: "--dialect=standard" | |
- fuzzer: sqli_detector | |
params: "--dialect=mysql" | |
- fuzzer: sqli_detector | |
params: "--dialect=postgresql" | |
- fuzzer: sqli_detector | |
params: "--dialect=sqlite" | |
- fuzzer: sqli_detector | |
params: "--dialect=standard" | |
- fuzzer: shell_tokenizer | |
params: "" | |
- fuzzer: shi_detector_string | |
params: "" | |
- fuzzer: shi_detector_array | |
params: "" | |
- fuzzer: cmdi_detector | |
params: "" | |
- fuzzer: sha256 | |
params: "" | |
- fuzzer: http_endpoint_fingerprint | |
params: "" | |
- fuzzer: http_header_fingerprint | |
params: "" | |
- fuzzer: http_network_fingerprint | |
params: "" | |
- fuzzer: session_fingerprint | |
params: "" | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Install deps | |
run: | | |
DEBIAN_FRONTEND="noninteractive" sudo apt-get -y remove python3-lldb-14 | |
sudo .github/workflows/scripts/llvm.sh 17 | |
DEBIAN_FRONTEND="noninteractive" sudo apt-get -y install libfuzzer-17-dev | |
- name: Build | |
env: | |
CC: clang-17 | |
CXX: clang++-17 | |
run: | | |
mkdir build ; cd build | |
cmake -DCMAKE_VERBOSE_MAKEFILE=1 -DCMAKE_BUILD_TYPE=RelWithDebInfo .. | |
make -j $(nproc) ${{ matrix.variant.fuzzer }}_fuzzer | |
cp fuzzer/${{ matrix.variant.fuzzer }}_fuzzer ../fuzzer/${{ matrix.variant.fuzzer }} | |
- name: Run fuzzer | |
run: | | |
cd fuzzer/${{ matrix.variant.fuzzer }} | |
./${{ matrix.variant.fuzzer }}_fuzzer ${{ matrix.variant.params }} -max_total_time=${{ github.event.inputs.duration || 300 }} corpus/ |