diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile new file mode 100644 index 0000000..5412bda --- /dev/null +++ b/.clusterfuzzlite/Dockerfile @@ -0,0 +1,6 @@ +# ClusterFuzzLite build container: compiles the repo's native Go fuzz targets +# with the OSS-Fuzz toolchain. See https://google.github.io/clusterfuzzlite/ +FROM gcr.io/oss-fuzz-base/base-builder-go:v1 +COPY . $SRC/structalign +COPY .clusterfuzzlite/build.sh $SRC/build.sh +WORKDIR $SRC/structalign diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh new file mode 100755 index 0000000..65c8280 --- /dev/null +++ b/.clusterfuzzlite/build.sh @@ -0,0 +1,12 @@ +#!/bin/bash -eu +# Build the repo's native Go fuzz targets (go test -fuzz style) as libFuzzer +# binaries via the OSS-Fuzz toolchain's compile_native_go_fuzzer helper. +# Usage: compile_native_go_fuzzer + +# The rewrite shim used by compile_native_go_fuzzer; added to go.mod only +# inside the build container, never in the repo. +go get github.com/AdamKorcz/go-118-fuzz-build/testing + +compile_native_go_fuzzer github.com/peczenyj/structalign/internal/match FuzzMatchAny fuzz_match_any +compile_native_go_fuzzer github.com/peczenyj/structalign/internal/match FuzzSplitCSV fuzz_split_csv +compile_native_go_fuzzer github.com/peczenyj/structalign/internal/ui FuzzTruncPad fuzz_trunc_pad diff --git a/.clusterfuzzlite/project.yaml b/.clusterfuzzlite/project.yaml new file mode 100644 index 0000000..4f2ee4d --- /dev/null +++ b/.clusterfuzzlite/project.yaml @@ -0,0 +1 @@ +language: go diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml new file mode 100644 index 0000000..ad46f3c --- /dev/null +++ b/.github/workflows/cflite_pr.yml @@ -0,0 +1,42 @@ +name: ClusterFuzzLite PR fuzzing + +on: + pull_request: + paths: + - "**.go" + - "go.mod" + - "go.sum" + - ".clusterfuzzlite/**" + - ".github/workflows/cflite_pr.yml" + +permissions: + contents: read + +jobs: + fuzz: + name: fuzz (${{ matrix.sanitizer }}) + runs-on: ubuntu-latest + concurrency: + group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} + cancel-in-progress: true + strategy: + fail-fast: false + matrix: + sanitizer: [address] + steps: + - name: Build fuzzers (${{ matrix.sanitizer }}) + id: build + uses: google/clusterfuzzlite/actions/build_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1 + with: + language: go + github-token: ${{ secrets.GITHUB_TOKEN }} + sanitizer: ${{ matrix.sanitizer }} + + - name: Run fuzzers (${{ matrix.sanitizer }}) + id: run + uses: google/clusterfuzzlite/actions/run_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + fuzz-seconds: 300 + mode: code-change + sanitizer: ${{ matrix.sanitizer }} diff --git a/internal/match/fuzz_test.go b/internal/match/fuzz_test.go index cdc8c8c..3fe5f5b 100644 --- a/internal/match/fuzz_test.go +++ b/internal/match/fuzz_test.go @@ -1,10 +1,9 @@ -package match_test +// Package-internal (not match_test) so ClusterFuzzLite's +// compile_native_go_fuzzer can rewrite this file: an external test package +// would clash with the non-test package during the go-118-fuzz-build rewrite. +package match -import ( - "testing" - - "github.com/peczenyj/structalign/internal/match" -) +import "testing" func FuzzMatchAny(f *testing.F) { f.Add("Mixed", "Mixed") @@ -12,7 +11,7 @@ func FuzzMatchAny(f *testing.F) { f.Add("", "Mixed") f.Fuzz(func(t *testing.T, pattern string, name string) { - _ = match.MatchAny([]string{pattern}, name) + _ = MatchAny([]string{pattern}, name) }) } @@ -22,6 +21,6 @@ func FuzzSplitCSV(f *testing.F) { f.Add("") f.Fuzz(func(t *testing.T, s string) { - _ = match.SplitCSV(s) + _ = SplitCSV(s) }) }