coveragepy icon indicating copy to clipboard operation
coveragepy copied to clipboard

Published 20 hours ago verified publisher icon nedbat

build: enable CIFuzz

Open DavidKorczynski opened this issue 3 years ago • 4 comments

Add CIFuzz workflow action to have fuzzers build and run on each PR. This is a service offered by OSS-Fuzz, on which coveragepy already runs.

CIFuzz can help detect catch regressions and fuzzing build issues early, and has a variety of features (see the URL above). In the current PR the fuzzer is built on a pull request and will run for 300 seconds.

Signed-off-by: David Korczynski [email protected]

DavidKorczynski avatar Nov 17 '22 21:11 DavidKorczynski

Thanks! There was also some mention some place of moving the fuzzing code itself into this repo so that we could extend it. How do we make that happen?

nedbat avatar Nov 18 '22 00:11 nedbat

There was also some mention some place of moving the fuzzing code itself into this repo so that we could extend it. How do we make that happen?

Move this code https://github.com/google/oss-fuzz/blob/master/projects/coveragepy/fuzz_parse.py into this library. We can move this anytime now -- feel free to make a PR on OSS-Fuzz that remove it and moves it up here. We should adjust https://github.com/google/oss-fuzz/blob/master/projects/coveragepy/build.sh and https://github.com/google/oss-fuzz/blob/master/projects/coveragepy/Dockerfile accordingly, but this is likely just switching a link.

In order to build fuzz_parse.py in the OSS-Fuzz environment, we use https://github.com/google/oss-fuzz/blob/master/projects/coveragepy/build.sh It would be great to continue using compile_python_fuzzer for the OSS-Fuzz environment since it makes it possible to get the coverage reports (thanks to this repo :) !) as well as introspector reports (still early stage for Python: https://github.com/ossf/fuzz-introspector).

If we place the fuzzer in test/fuzzers/ of this repo, then we can adjust the build script on OSS-Fuzz to use:

for fuzzer in $(find ./test/fuzzers/ -name 'fuzz_*.py'); do
  compile_python_fuzzer $fuzzer
done

The source folder in the find command is the only thing changed. That will make it possible to simply put new fuzzers in test/fuzzers/* and OSS-Fuzz will start running them continuously automatically.

I can also make a PR that does the above -- let me know if you'd like me to and I'll do this tomorrow Friday.

DavidKorczynski avatar Nov 18 '22 00:11 DavidKorczynski

Are this and #1497 still valid @nedbat ?

ProsperousHeart avatar Mar 20 '23 19:03 ProsperousHeart