Structured Fuzzing with libmutator #570
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Workflow used by curl/curl | |
| name: CI | |
| 'on': | |
| push: | |
| branches: | |
| - master | |
| - main | |
| - '*/ci' | |
| pull_request: | |
| branches: | |
| - master | |
| - main | |
| # This makes the workflow callable by curl/curl | |
| workflow_call: {} | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} | |
| cancel-in-progress: true | |
| permissions: {} | |
| jobs: | |
| DetermineMatrix: | |
| name: 'Determine matrix' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.set-matrix.outputs.matrix }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| repository: curl/curl-fuzzer | |
| - name: Set matrix | |
| id: set-matrix | |
| run: | | |
| . ./scripts/fuzz_targets | |
| cd src/curl_fuzzer_tools | |
| python3 -m generate_matrix | tee $GITHUB_OUTPUT | |
| BuildFuzzers: | |
| name: 'Build fuzzers' | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Use the CIFuzz job to test the repository. | |
| - name: Build Fuzzers | |
| uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master # zizmor: ignore[unpinned-uses] | |
| with: | |
| oss-fuzz-project-name: 'curl' | |
| dry-run: false | |
| keep-unaffected-fuzz-targets: true | |
| # Archive the fuzzer output (which maintains permissions) | |
| - name: Create fuzz tar | |
| run: tar cvf fuzz.tar build-out/ | |
| # Upload the fuzzer output | |
| - name: Archive fuzz tar | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: fuzz_tar | |
| path: fuzz.tar | |
| RunFuzzers: | |
| name: 'Run fuzzers' | |
| needs: [BuildFuzzers, DetermineMatrix] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: ${{ fromJSON(needs.DetermineMatrix.outputs.matrix) }} | |
| steps: | |
| - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| name: fuzz_tar | |
| - name: Unpack fuzzer ${{ matrix.fuzzer }} | |
| env: | |
| MATRIX_FUZZER: '${{ matrix.fuzzer }}' | |
| run: tar xvf fuzz.tar build-out/"${MATRIX_FUZZER}" build-out/"${MATRIX_FUZZER}"_seed_corpus.zip | |
| - name: Display extracted files | |
| run: ls -laR build-out/ | |
| - name: Run Fuzzer ${{ matrix.fuzzer }} | |
| uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master # zizmor: ignore[unpinned-uses] | |
| with: | |
| oss-fuzz-project-name: 'curl' | |
| fuzz-seconds: 120 | |
| dry-run: false | |
| - name: Upload Crash | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| if: ${{ failure() }} | |
| with: | |
| name: artifacts | |
| path: ./out/artifacts | |
| # Ensure that the repository can be built for i386 | |
| Testi386: | |
| name: 'Test i386' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Build Fuzzers | |
| uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master # zizmor: ignore[unpinned-uses] | |
| with: | |
| oss-fuzz-project-name: 'curl' | |
| dry-run: false | |
| keep-unaffected-fuzz-targets: true | |
| architecture: 'i386' |