clusterfuzz icon indicating copy to clipboard operation
clusterfuzz copied to clipboard
verified publisher icon google

Instructions for using untrusted workers

Open sfc-gh-mmizera opened this issue 4 months ago • 3 comments

Hey,

Is it possible to get some kind of guidance how should I configure my workers to support untrusted workloads?

I've seen in the code a concept of such a worker that potentially could fuzz untrusted code and don't put any GCP account at risk in case of a malicious code owner that's being fuzzed.

I've tried various attempts with TRUSTED_HOST / UNTRUSTED_WORKER env combos, but non of them have worked for me.

Is there any place where I could see how it should be configured?

sfc-gh-mmizera avatar Aug 07 '25 11:08 sfc-gh-mmizera

don't close please

sfc-gh-mmizera avatar Sep 02 '25 19:09 sfc-gh-mmizera

This issue has not had any activity for 60 days and will be automatically closed in two weeks

github-actions[bot] avatar Nov 01 '25 20:11 github-actions[bot]

don't close please

sfc-gh-mmizera avatar Nov 04 '25 10:11 sfc-gh-mmizera

We have two APIs for doing this. One was only really appropriate for oss-fuzz (where project trusts itself). The other is still kind of unstable, and I wouldn't recommend it excpet for some small workloads. Look around for uworker/tworker. No documentation :-(

jonathanmetzman avatar Dec 16 '25 01:12 jonathanmetzman