oss-fuzz/projects/django/build.sh

#!/bin/bash -eu
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################

# Build and install project (using current CFLAGS, CXXFLAGS). This is required
# for projects with C extensions so that they're built with the proper flags.
pip3 install .

export DJANGO_SETTINGS_MODULE=fuzzer_project.settings

# Build fuzzers into $OUT. These could be detected in other ways.
for fuzzer in $(find $SRC -name '*_fuzzer.py'); do
  fuzzer_basename=$(basename -s .py $fuzzer)
  fuzzer_package=${fuzzer_basename}.pkg

  # To avoid issues with Python version conflicts, or changes in environment
  # over time on the OSS-Fuzz bots, we use pyinstaller to create a standalone
  # package. Though not necessarily required for reproducing issues, this is
  # required to keep fuzzers working properly in OSS-Fuzz.
  pyinstaller --distpath $OUT --onefile --name $fuzzer_package $fuzzer

  # Create execution wrapper. Atheris requires that certain libraries are
  # preloaded, so this is also done here to ensure compatibility and simplify
  # test case reproduction. Since this helper script is what OSS-Fuzz will
  # actually execute, it is also always required.
  # NOTE: If you are fuzzing python-only code and do not have native C/C++
  # extensions, then remove the LD_PRELOAD line below as preloading sanitizer
  # library is not required and can lead to unexpected startup crashes.
  echo "#!/bin/sh
# LLVMFuzzerTestOneInput for fuzzer detection.
this_dir=\$(dirname \"\$0\")
ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \
\$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename
  chmod +x $OUT/$fuzzer_basename
done
[django-fuzzers] Initial integration. (#2579) * [django-fuzzers] * [django] Update auto_ccs * [django] Pack seed corpus. util -> utils. 2019-08-02 17:31:34 +00:00			`#!/bin/bash -eu`
Updated Django to use a python based fuzzer. (#6940) 2021-11-30 19:22:36 +00:00			`# Copyright 2021 Google LLC`
[django-fuzzers] Initial integration. (#2579) * [django-fuzzers] * [django] Update auto_ccs * [django] Pack seed corpus. util -> utils. 2019-08-02 17:31:34 +00:00			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`
			`#`
			`################################################################################`

Updated Django to use a python based fuzzer. (#6940) 2021-11-30 19:22:36 +00:00			`# Build and install project (using current CFLAGS, CXXFLAGS). This is required`
			`# for projects with C extensions so that they're built with the proper flags.`
			`pip3 install .`

			`export DJANGO_SETTINGS_MODULE=fuzzer_project.settings`

			`# Build fuzzers into $OUT. These could be detected in other ways.`
			`for fuzzer in $(find $SRC -name '*_fuzzer.py'); do`
			`fuzzer_basename=$(basename -s .py $fuzzer)`
			`fuzzer_package=${fuzzer_basename}.pkg`

			`# To avoid issues with Python version conflicts, or changes in environment`
			`# over time on the OSS-Fuzz bots, we use pyinstaller to create a standalone`
			`# package. Though not necessarily required for reproducing issues, this is`
			`# required to keep fuzzers working properly in OSS-Fuzz.`
			`pyinstaller --distpath $OUT --onefile --name $fuzzer_package $fuzzer`

			`# Create execution wrapper. Atheris requires that certain libraries are`
			`# preloaded, so this is also done here to ensure compatibility and simplify`
			`# test case reproduction. Since this helper script is what OSS-Fuzz will`
			`# actually execute, it is also always required.`
			`# NOTE: If you are fuzzing python-only code and do not have native C/C++`
			`# extensions, then remove the LD_PRELOAD line below as preloading sanitizer`
			`# library is not required and can lead to unexpected startup crashes.`
			`echo "#!/bin/sh`
			`# LLVMFuzzerTestOneInput for fuzzer detection.`
			`this_dir=\$(dirname \"\$0\")`
			`ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \`
			`\$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename`
			`chmod +x $OUT/$fuzzer_basename`
			`done`