oss-fuzz/docs/getting-started/new-project-guide/go_lang.md

---
layout: default
title: Integrating a Go project
parent: Setting up a new project
grand_parent: Getting started
nav_order: 1
permalink: /getting-started/new-project-guide/go-lang/
---

# Integrating a Go project
{: .no_toc}

- TOC
{:toc}
---

The process of integrating a project written in Go with OSS-Fuzz is very similar
to the general
[Setting up a new project]({{ site.baseurl }}/getting-started/new-project-guide/)
process. The key specifics of integrating a Go project are outlined below.

## Go-fuzz support

OSS-Fuzz supports **go-fuzz** in the
[libFuzzer compatible mode](https://github.com/mdempsky/go114-fuzz-build)
only. In that mode, fuzz targets for Go use the libFuzzer engine with native Go
coverage instrumentation. Binaries compiled in this mode provide the same
libFuzzer command line interface as non-Go fuzz targets.

## Project files

First, you need to write a Go fuzz target that accepts a stream of bytes and
calls the program API with that. This fuzz target should reside in your project
repository
([example](https://github.com/golang/go/blob/4ad13555184eb0697c2e92c64c1b0bdb287ccc10/src/html/fuzz.go#L13)).

The structure of the project directory in OSS-Fuzz repository doesn't differ for
projects written in Go. The project files have the following Go specific
aspects.

### project.yaml

The `language` attribute must be specified.

```yaml
language: go
```

The only supported fuzzing engine and sanitizer are `libfuzzer` and `address`,
respectively.
[Example](https://github.com/google/oss-fuzz/blob/356f2b947670b7eb33a1f535c71bc5c87a60b0d1/projects/syzkaller/project.yaml#L7):

```yaml
fuzzing_engines:
  - libfuzzer
sanitizers:
  - address
```

### Dockerfile

The Dockerfile should start by `FROM gcr.io/oss-fuzz-base/base-builder-go`

The OSS-Fuzz builder image has the latest stable release of Golang installed. In
order to install dependencies of your project, add `RUN git clone ...` command to
your Dockerfile.
[Example](https://github.com/google/oss-fuzz/blob/356f2b947670b7eb33a1f535c71bc5c87a60b0d1/projects/syzkaller/Dockerfile#L23):

```dockerfile
# Dependency for one of the fuzz targets.
RUN git clone --depth 1 https://github.com/ianlancetaylor/demangle
```

go-fuzz will then automatically download the dependencies based on the go.mod file

### build.sh

In order to build a Go fuzz target, you need to call `go-fuzz`
command first, and then link the resulting `.a` file against
`$LIB_FUZZING_ENGINE` using the `$CXX $CXXFLAGS ...` command.

The best way to do this is by using a `compile_go_fuzzer` script,
as it also supports coverage builds.

A usage example from go-dns project is

```sh
compile_go_fuzzer github.com/miekg/dns FuzzNewRR fuzz_newrr fuzz
```

Arguments are :
* path of the package with the fuzz target
* name of the fuzz function
* name of the fuzzer to be built
* optional tag to be used by `go build` and such
[docs] Add "Integrating a Go project" documentation page (#2714). (#2837) * [docs] Add "Integrating a Go project" documentation page (#2714). * rephrase go-fuzz mode description 2019-09-17 14:15:22 +00:00			`---`
			`layout: default`
			`title: Integrating a Go project`
			`parent: Setting up a new project`
			`grand_parent: Getting started`
			`nav_order: 1`
			`permalink: /getting-started/new-project-guide/go-lang/`
			`---`

			`# Integrating a Go project`
			`{: .no_toc}`

			`- TOC`
			`{:toc}`
			`---`

			`The process of integrating a project written in Go with OSS-Fuzz is very similar`
			`to the general`
			`[Setting up a new project]({{ site.baseurl }}/getting-started/new-project-guide/)`
			`process. The key specifics of integrating a Go project are outlined below.`

			`## Go-fuzz support`

			`OSS-Fuzz supports go-fuzz in the`
Switch OSS projects to use native go-fuzz. (#3638) * Switch OSS projects to use native go-fuzz. * Fix go-json-iterator breakage, put source in package search dir. * Revert syzkaller change, track bug in #3639 2020-04-14 04:57:30 +00:00			`[libFuzzer compatible mode](https://github.com/mdempsky/go114-fuzz-build)`
[docs] Add "Integrating a Go project" documentation page (#2714). (#2837) * [docs] Add "Integrating a Go project" documentation page (#2714). * rephrase go-fuzz mode description 2019-09-17 14:15:22 +00:00			`only. In that mode, fuzz targets for Go use the libFuzzer engine with native Go`
			`coverage instrumentation. Binaries compiled in this mode provide the same`
			`libFuzzer command line interface as non-Go fuzz targets.`

			`## Project files`

Switch OSS projects to use native go-fuzz. (#3638) * Switch OSS projects to use native go-fuzz. * Fix go-json-iterator breakage, put source in package search dir. * Revert syzkaller change, track bug in #3639 2020-04-14 04:57:30 +00:00			`First, you need to write a Go fuzz target that accepts a stream of bytes and`
			`calls the program API with that. This fuzz target should reside in your project`
			`repository`
			`([example](https://github.com/golang/go/blob/4ad13555184eb0697c2e92c64c1b0bdb287ccc10/src/html/fuzz.go#L13)).`

[docs] Add "Integrating a Go project" documentation page (#2714). (#2837) * [docs] Add "Integrating a Go project" documentation page (#2714). * rephrase go-fuzz mode description 2019-09-17 14:15:22 +00:00			`The structure of the project directory in OSS-Fuzz repository doesn't differ for`
[infra] Introduce "language" attribute in the project.yaml (#3297). (#3299) * [infra] Introduce "language" attribute in the project.yaml (#3297). * follow up * enable the attribute for more projects * trailing newline 2020-01-30 23:36:44 +00:00			`projects written in Go. The project files have the following Go specific`
			`aspects.`
[docs] Add "Integrating a Go project" documentation page (#2714). (#2837) * [docs] Add "Integrating a Go project" documentation page (#2714). * rephrase go-fuzz mode description 2019-09-17 14:15:22 +00:00
			`### project.yaml`

[infra] Introduce "language" attribute in the project.yaml (#3297). (#3299) * [infra] Introduce "language" attribute in the project.yaml (#3297). * follow up * enable the attribute for more projects * trailing newline 2020-01-30 23:36:44 +00:00			The `language` attribute must be specified.

			```yaml
			`language: go`
			```

			The only supported fuzzing engine and sanitizer are `libfuzzer` and `address`,
			`respectively.`
[docs] Add "Integrating a Go project" documentation page (#2714). (#2837) * [docs] Add "Integrating a Go project" documentation page (#2714). * rephrase go-fuzz mode description 2019-09-17 14:15:22 +00:00			`[Example](https://github.com/google/oss-fuzz/blob/356f2b947670b7eb33a1f535c71bc5c87a60b0d1/projects/syzkaller/project.yaml#L7):`

			```yaml
			`fuzzing_engines:`
			`- libfuzzer`
			`sanitizers:`
			`- address`
			```

			`### Dockerfile`

doc: use lang-specific base-builder images (#6415) 2021-09-08 16:13:52 +00:00			The Dockerfile should start by `FROM gcr.io/oss-fuzz-base/base-builder-go`

[docs] Add "Integrating a Go project" documentation page (#2714). (#2837) * [docs] Add "Integrating a Go project" documentation page (#2714). * rephrase go-fuzz mode description 2019-09-17 14:15:22 +00:00			`The OSS-Fuzz builder image has the latest stable release of Golang installed. In`
Go 1.16 more fixes (#5239) * Fixes cilium build * Fixes dragonfly build * Fixes fasthttp build * Fixes fastjson build * golang build: change directory only temporary * Fixes gitea build * Fixes grpc-gateway build * Fixes hugo project build * Fixes ipfs build * Fixes jsonparser build * Fixes kubernetes build * Fixes loki build * Fixes minify build * Fixes nats build * Removes go get from the docs * Fixes quic-go build * Fixes radon build * Fixes syzkaller build * Fixes tidb build * Fixes vitess build 2021-02-22 23:25:47 +00:00			order to install dependencies of your project, add `RUN git clone ...` command to
[docs] Add "Integrating a Go project" documentation page (#2714). (#2837) * [docs] Add "Integrating a Go project" documentation page (#2714). * rephrase go-fuzz mode description 2019-09-17 14:15:22 +00:00			`your Dockerfile.`
			`[Example](https://github.com/google/oss-fuzz/blob/356f2b947670b7eb33a1f535c71bc5c87a60b0d1/projects/syzkaller/Dockerfile#L23):`

			```dockerfile
			`# Dependency for one of the fuzz targets.`
Go 1.16 more fixes (#5239) * Fixes cilium build * Fixes dragonfly build * Fixes fasthttp build * Fixes fastjson build * golang build: change directory only temporary * Fixes gitea build * Fixes grpc-gateway build * Fixes hugo project build * Fixes ipfs build * Fixes jsonparser build * Fixes kubernetes build * Fixes loki build * Fixes minify build * Fixes nats build * Removes go get from the docs * Fixes quic-go build * Fixes radon build * Fixes syzkaller build * Fixes tidb build * Fixes vitess build 2021-02-22 23:25:47 +00:00			`RUN git clone --depth 1 https://github.com/ianlancetaylor/demangle`
[docs] Add "Integrating a Go project" documentation page (#2714). (#2837) * [docs] Add "Integrating a Go project" documentation page (#2714). * rephrase go-fuzz mode description 2019-09-17 14:15:22 +00:00			```

Go 1.16 more fixes (#5239) * Fixes cilium build * Fixes dragonfly build * Fixes fasthttp build * Fixes fastjson build * golang build: change directory only temporary * Fixes gitea build * Fixes grpc-gateway build * Fixes hugo project build * Fixes ipfs build * Fixes jsonparser build * Fixes kubernetes build * Fixes loki build * Fixes minify build * Fixes nats build * Removes go get from the docs * Fixes quic-go build * Fixes radon build * Fixes syzkaller build * Fixes tidb build * Fixes vitess build 2021-02-22 23:25:47 +00:00			`go-fuzz will then automatically download the dependencies based on the go.mod file`
Golang modules documentation (#4711) * Clones golang-protobuf into the expected directory * Improves the documentation for golang projects with modules 2020-11-25 15:40:15 +00:00
[docs] Add "Integrating a Go project" documentation page (#2714). (#2837) * [docs] Add "Integrating a Go project" documentation page (#2714). * rephrase go-fuzz mode description 2019-09-17 14:15:22 +00:00			`### build.sh`

Switch OSS projects to use native go-fuzz. (#3638) * Switch OSS projects to use native go-fuzz. * Fix go-json-iterator breakage, put source in package search dir. * Revert syzkaller change, track bug in #3639 2020-04-14 04:57:30 +00:00			In order to build a Go fuzz target, you need to call `go-fuzz`
[docs] Add "Integrating a Go project" documentation page (#2714). (#2837) * [docs] Add "Integrating a Go project" documentation page (#2714). * rephrase go-fuzz mode description 2019-09-17 14:15:22 +00:00			command first, and then link the resulting `.a` file against
			`$LIB_FUZZING_ENGINE` using the `$CXX $CXXFLAGS ...` command.

[infra] Golang coverage summary for each fuzz target (#2817, #2714). (#4671) * Golang coverage summary for each fuzz target * Document usage of compile_go_fuzzer * update the documentation change Co-authored-by: Max Moroz <mmoroz@chromium.org> 2020-11-20 18:55:33 +00:00			The best way to do this is by using a `compile_go_fuzzer` script,
			`as it also supports coverage builds.`
[docs] Add "Integrating a Go project" documentation page (#2714). (#2837) * [docs] Add "Integrating a Go project" documentation page (#2714). * rephrase go-fuzz mode description 2019-09-17 14:15:22 +00:00
[infra] Golang coverage summary for each fuzz target (#2817, #2714). (#4671) * Golang coverage summary for each fuzz target * Document usage of compile_go_fuzzer * update the documentation change Co-authored-by: Max Moroz <mmoroz@chromium.org> 2020-11-20 18:55:33 +00:00			`A usage example from go-dns project is`
[docs] Add "Integrating a Go project" documentation page (#2714). (#2837) * [docs] Add "Integrating a Go project" documentation page (#2714). * rephrase go-fuzz mode description 2019-09-17 14:15:22 +00:00
[infra] Golang coverage summary for each fuzz target (#2817, #2714). (#4671) * Golang coverage summary for each fuzz target * Document usage of compile_go_fuzzer * update the documentation change Co-authored-by: Max Moroz <mmoroz@chromium.org> 2020-11-20 18:55:33 +00:00			```sh
			`compile_go_fuzzer github.com/miekg/dns FuzzNewRR fuzz_newrr fuzz`
[docs] Add "Integrating a Go project" documentation page (#2714). (#2837) * [docs] Add "Integrating a Go project" documentation page (#2714). * rephrase go-fuzz mode description 2019-09-17 14:15:22 +00:00			```
[infra] Golang coverage summary for each fuzz target (#2817, #2714). (#4671) * Golang coverage summary for each fuzz target * Document usage of compile_go_fuzzer * update the documentation change Co-authored-by: Max Moroz <mmoroz@chromium.org> 2020-11-20 18:55:33 +00:00
			`Arguments are :`
			`* path of the package with the fuzz target`
			`* name of the fuzz function`
			`* name of the fuzzer to be built`
			* optional tag to be used by `go build` and such