Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
oss-fuzz/infra/cifuzz/docker.py

128 lines
4.6 KiB
Python
Raw Normal View History

[CIFuzz] Add functionality to save diskspace (#5342) * [CIFuzz] Add functionality to save diskspace. Add a LOW_DISK_SPACE env/config var. When this is specified (always true for Github actions) run_fuzzers will delete base-builder and the project builder image before fuzzing. After it finishes fuzzing with a target, it will also delete the targets, its seed corpus and its corpus. Related: #4879
2021-03-12 15:27:07 +00:00
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Module for dealing with docker."""
[CIFuzz] Add script to run cifuzz (#6118) This can be used by non-github users. Related: #6100
2021-07-27 19:11:27 +00:00
import logging
[CIFuzz] Add functionality to save diskspace (#5342) * [CIFuzz] Add functionality to save diskspace. Add a LOW_DISK_SPACE env/config var. When this is specified (always true for Github actions) run_fuzzers will delete base-builder and the project builder image before fuzzing. After it finishes fuzzing with a target, it will also delete the targets, its seed corpus and its corpus. Related: #4879
2021-03-12 15:27:07 +00:00
import os
import sys
[CFL] Give docker images unique names to support parallel fuzzing (#7911) * Add a unique suffix so that parallel fuzzing is supported * Fix * fix tests * Fix * fix * Fix * Update docker.py
2022-07-12 13:50:10 +00:00
import uuid
[CIFuzz] Add functionality to save diskspace (#5342) * [CIFuzz] Add functionality to save diskspace. Add a LOW_DISK_SPACE env/config var. When this is specified (always true for Github actions) run_fuzzers will delete base-builder and the project builder image before fuzzing. After it finishes fuzzing with a target, it will also delete the targets, its seed corpus and its corpus. Related: #4879
2021-03-12 15:27:07 +00:00
# pylint: disable=wrong-import-position,import-error
sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
[infra][NFC] Use one source of truth for engines, languages etc. (#6163) Do this only where it makes sense. For example, since CIFuzz doesn't support dataflow, maintain a separate source of truth.
2021-08-05 00:04:55 +00:00
import constants
[CIFuzz] Add functionality to save diskspace (#5342) * [CIFuzz] Add functionality to save diskspace. Add a LOW_DISK_SPACE env/config var. When this is specified (always true for Github actions) run_fuzzers will delete base-builder and the project builder image before fuzzing. After it finishes fuzzing with a target, it will also delete the targets, its seed corpus and its corpus. Related: #4879
2021-03-12 15:27:07 +00:00
import utils
[clusterfuzzlite] Support gitlab (#7073) Related: https://github.com/google/clusterfuzzlite/issues/55
2022-01-13 19:27:53 +00:00
import environment
[CIFuzz] Add functionality to save diskspace (#5342) * [CIFuzz] Add functionality to save diskspace. Add a LOW_DISK_SPACE env/config var. When this is specified (always true for Github actions) run_fuzzers will delete base-builder and the project builder image before fuzzing. After it finishes fuzzing with a target, it will also delete the targets, its seed corpus and its corpus. Related: #4879
2021-03-12 15:27:07 +00:00
BASE_BUILDER_TAG = 'gcr.io/oss-fuzz-base/base-builder'
PROJECT_TAG_PREFIX = 'gcr.io/oss-fuzz/'
[cifuzz] Fuzz in cifuzz-base (#6142) Fixes: #5926
2021-08-05 20:27:24 +00:00
# Default fuzz configuration.
[CIFuzz] Add coverage report generation. (#5937) Also: 1. Support coverage builds. 2. Add an integration test for coverage builds and reports. 3. Refactor docker code so that there is less duplication in getting arguments for docker run, in particular when handling container (production) vs no container (testing). 4. Rename coverage.py to get_coverage_report. 5. Add tests for untested functions in docker.py 6. Add a test for get_fuzz_target_runner.
2021-06-23 14:30:11 +00:00
_DEFAULT_DOCKER_RUN_ARGS = [
infra: allow passing architecture=i386 to CIFuzz (#7779) to mostly make sure that fuzz targets are buildable with architecture=i386. Ideally CIFuzz should also download the latest corpora using the "clusterfuzz-builds-i386" links but it kind of works even without that. It was tested in https://github.com/evverx/oss-fuzz/pull/13 by pointing https://github.com/evverx/systemd/pull/110 to that fork of the oss-fuzz repository. To judge from https://github.com/evverx/systemd/actions/runs/2406321298 it seems to be working more or less. The "i386" job failed there because https://github.com/systemd/systemd/commit/89b6a3f13e5f3b8a375dc82cb2a1c2c204a5067e to test "i386" as much as possible.
2022-06-08 19:15:27 +00:00
'-e', 'FUZZING_ENGINE=' + constants.DEFAULT_ENGINE, '-e', 'CIFUZZ=True'
[CIFuzz] Add coverage report generation. (#5937) Also: 1. Support coverage builds. 2. Add an integration test for coverage builds and reports. 3. Refactor docker code so that there is less duplication in getting arguments for docker run, in particular when handling container (production) vs no container (testing). 4. Rename coverage.py to get_coverage_report. 5. Add tests for untested functions in docker.py 6. Add a test for get_fuzz_target_runner.
2021-06-23 14:30:11 +00:00
]
[CFL] Give docker images unique names to support parallel fuzzing (#7911) * Add a unique suffix so that parallel fuzzing is supported * Fix * fix tests * Fix * fix * Fix * Update docker.py
2022-07-12 13:50:10 +00:00
UNIQUE_ID_SUFFIX = '-' + uuid.uuid4().hex
# TODO(metzman): Make run_fuzzers able to delete this image.
EXTERNAL_PROJECT_IMAGE = 'external-cfl-project' + UNIQUE_ID_SUFFIX
Make oss-fuzz-project-name optional. (#6071) Also rename code uses from `project_name` to `oss_fuzz_project_name`, to be more explicit, and use it to determine whether or not we're running an OSS-Fuzz project or not. For external fuzzing #6051.
2021-07-21 05:32:32 +00:00
[CIFuzz] Add coverage report generation. (#5937) Also: 1. Support coverage builds. 2. Add an integration test for coverage builds and reports. 3. Refactor docker code so that there is less duplication in getting arguments for docker run, in particular when handling container (production) vs no container (testing). 4. Rename coverage.py to get_coverage_report. 5. Add tests for untested functions in docker.py 6. Add a test for get_fuzz_target_runner.
2021-06-23 14:30:11 +00:00
_DEFAULT_DOCKER_RUN_COMMAND = [
'docker',
'run',
'--rm',
'--privileged',
]
[CIFuzz] Add functionality to save diskspace (#5342) * [CIFuzz] Add functionality to save diskspace. Add a LOW_DISK_SPACE env/config var. When this is specified (always true for Github actions) run_fuzzers will delete base-builder and the project builder image before fuzzing. After it finishes fuzzing with a target, it will also delete the targets, its seed corpus and its corpus. Related: #4879
2021-03-12 15:27:07 +00:00
[CIFuzz][NFC] Add function for setting env vars in docker command. (#6162)
2021-08-04 21:19:22 +00:00
def get_docker_env_vars(env_mapping):
"""Returns a list of docker arguments that sets each key in |env_mapping| as
an env var and the value of that key in |env_mapping| as the value."""
env_var_args = []
for env_var, env_var_val in env_mapping.items():
env_var_args.extend(['-e', f'{env_var}={env_var_val}'])
return env_var_args
[CIFuzz] Add functionality to save diskspace (#5342) * [CIFuzz] Add functionality to save diskspace. Add a LOW_DISK_SPACE env/config var. When this is specified (always true for Github actions) run_fuzzers will delete base-builder and the project builder image before fuzzing. After it finishes fuzzing with a target, it will also delete the targets, its seed corpus and its corpus. Related: #4879
2021-03-12 15:27:07 +00:00
def get_project_image_name(project):
"""Returns the name of the project builder image for |project_name|."""
[CFL] Give docker images unique names to support parallel fuzzing (#7911) * Add a unique suffix so that parallel fuzzing is supported * Fix * fix tests * Fix * fix * Fix * Update docker.py
2022-07-12 13:50:10 +00:00
# TODO(jonathanmetzman): We may need unique names to support parallel fuzzing
# for CIFuzz (like CFL supports). Don't do this for now because no one has
# asked for it and build_specified_commit would need to be modified to support
# this.
Make oss-fuzz-project-name optional. (#6071) Also rename code uses from `project_name` to `oss_fuzz_project_name`, to be more explicit, and use it to determine whether or not we're running an OSS-Fuzz project or not. For external fuzzing #6051.
2021-07-21 05:32:32 +00:00
if project:
return PROJECT_TAG_PREFIX + project
return EXTERNAL_PROJECT_IMAGE
[CIFuzz] Add functionality to save diskspace (#5342) * [CIFuzz] Add functionality to save diskspace. Add a LOW_DISK_SPACE env/config var. When this is specified (always true for Github actions) run_fuzzers will delete base-builder and the project builder image before fuzzing. After it finishes fuzzing with a target, it will also delete the targets, its seed corpus and its corpus. Related: #4879
2021-03-12 15:27:07 +00:00
def delete_images(images):
"""Deletes |images|."""
command = ['docker', 'rmi', '-f'] + images
utils.execute(command)
utils.execute(['docker', 'builder', 'prune', '-f'])
[CIFuzz] Improve fuzz_target.py (#5929) * [CIFuzz] Clean up fuzz_target.py 1. Use CORPUS_DIR env var to set corpus so that corpus can be saved. 2. Clean up is_crash_novel. * fix * consistency * improve logging messages, remove over-cautious check * fix tests * fix tests * Make sure corpus path is mapped
2021-06-18 17:26:36 +00:00
[cifuzz][NFC] Move default configs to config_utils.py (#6157)
2021-08-04 00:59:17 +00:00
def get_base_docker_run_args(workspace,
[infra][NFC] Use one source of truth for engines, languages etc. (#6163) Do this only where it makes sense. For example, since CIFuzz doesn't support dataflow, maintain a separate source of truth.
2021-08-05 00:04:55 +00:00
sanitizer=constants.DEFAULT_SANITIZER,
[cifuzz][prow] Support docker in docker to support prow. (#6556)
2021-10-05 13:01:38 +00:00
language=constants.DEFAULT_LANGUAGE,
infra: allow passing architecture=i386 to CIFuzz (#7779) to mostly make sure that fuzz targets are buildable with architecture=i386. Ideally CIFuzz should also download the latest corpora using the "clusterfuzz-builds-i386" links but it kind of works even without that. It was tested in https://github.com/evverx/oss-fuzz/pull/13 by pointing https://github.com/evverx/systemd/pull/110 to that fork of the oss-fuzz repository. To judge from https://github.com/evverx/systemd/actions/runs/2406321298 it seems to be working more or less. The "i386" job failed there because https://github.com/systemd/systemd/commit/89b6a3f13e5f3b8a375dc82cb2a1c2c204a5067e to test "i386" as much as possible.
2022-06-08 19:15:27 +00:00
architecture=constants.DEFAULT_ARCHITECTURE,
[cifuzz][prow] Support docker in docker to support prow. (#6556)
2021-10-05 13:01:38 +00:00
docker_in_docker=False):
[CIFuzz] Add coverage report generation. (#5937) Also: 1. Support coverage builds. 2. Add an integration test for coverage builds and reports. 3. Refactor docker code so that there is less duplication in getting arguments for docker run, in particular when handling container (production) vs no container (testing). 4. Rename coverage.py to get_coverage_report. 5. Add tests for untested functions in docker.py 6. Add a test for get_fuzz_target_runner.
2021-06-23 14:30:11 +00:00
"""Returns arguments that should be passed to every invocation of 'docker
run'."""
docker_args = _DEFAULT_DOCKER_RUN_ARGS.copy()
[CIFuzz][NFC] Add function for setting env vars in docker command. (#6162)
2021-08-04 21:19:22 +00:00
env_mapping = {
'SANITIZER': sanitizer,
infra: allow passing architecture=i386 to CIFuzz (#7779) to mostly make sure that fuzz targets are buildable with architecture=i386. Ideally CIFuzz should also download the latest corpora using the "clusterfuzz-builds-i386" links but it kind of works even without that. It was tested in https://github.com/evverx/oss-fuzz/pull/13 by pointing https://github.com/evverx/systemd/pull/110 to that fork of the oss-fuzz repository. To judge from https://github.com/evverx/systemd/actions/runs/2406321298 it seems to be working more or less. The "i386" job failed there because https://github.com/systemd/systemd/commit/89b6a3f13e5f3b8a375dc82cb2a1c2c204a5067e to test "i386" as much as possible.
2022-06-08 19:15:27 +00:00
'ARCHITECTURE': architecture,
[CIFuzz][NFC] Add function for setting env vars in docker command. (#6162)
2021-08-04 21:19:22 +00:00
'FUZZING_LANGUAGE': language,
'OUT': workspace.out
}
docker_args += get_docker_env_vars(env_mapping)
[clusterfuzzlite] Support gitlab (#7073) Related: https://github.com/google/clusterfuzzlite/issues/55
2022-01-13 19:27:53 +00:00
docker_container = environment.get('CFL_CONTAINER_ID',
utils.get_container_name())
[CIFuzz] Add script to run cifuzz (#6118) This can be used by non-github users. Related: #6100
2021-07-27 19:11:27 +00:00
logging.info('Docker container: %s.', docker_container)
[cifuzz][prow] Support docker in docker to support prow. (#6556)
2021-10-05 13:01:38 +00:00
if docker_container and not docker_in_docker:
[CIFuzz] Don't make everything a subdirectory of /out (#5970) Use different subdirectories of workspace for builds, old builds, coverage reports, corpora and artifacts/testscases.
2021-06-30 14:34:42 +00:00
# Don't map specific volumes if in a docker container, it breaks when
# running a sibling container.
docker_args += ['--volumes-from', docker_container]
[CIFuzz] Add coverage report generation. (#5937) Also: 1. Support coverage builds. 2. Add an integration test for coverage builds and reports. 3. Refactor docker code so that there is less duplication in getting arguments for docker run, in particular when handling container (production) vs no container (testing). 4. Rename coverage.py to get_coverage_report. 5. Add tests for untested functions in docker.py 6. Add a test for get_fuzz_target_runner.
2021-06-23 14:30:11 +00:00
else:
[CIFuzz] Don't make everything a subdirectory of /out (#5970) Use different subdirectories of workspace for builds, old builds, coverage reports, corpora and artifacts/testscases.
2021-06-30 14:34:42 +00:00
docker_args += _get_args_mapping_host_path_to_container(workspace.workspace)
[CIFuzz] Add coverage report generation. (#5937) Also: 1. Support coverage builds. 2. Add an integration test for coverage builds and reports. 3. Refactor docker code so that there is less duplication in getting arguments for docker run, in particular when handling container (production) vs no container (testing). 4. Rename coverage.py to get_coverage_report. 5. Add tests for untested functions in docker.py 6. Add a test for get_fuzz_target_runner.
2021-06-23 14:30:11 +00:00
return docker_args, docker_container
[cifuzz][NFC] Move default configs to config_utils.py (#6157)
2021-08-04 00:59:17 +00:00
def get_base_docker_run_command(workspace,
[infra][NFC] Use one source of truth for engines, languages etc. (#6163) Do this only where it makes sense. For example, since CIFuzz doesn't support dataflow, maintain a separate source of truth.
2021-08-05 00:04:55 +00:00
sanitizer=constants.DEFAULT_SANITIZER,
[cifuzz][prow] Support docker in docker to support prow. (#6556)
2021-10-05 13:01:38 +00:00
language=constants.DEFAULT_LANGUAGE,
infra: allow passing architecture=i386 to CIFuzz (#7779) to mostly make sure that fuzz targets are buildable with architecture=i386. Ideally CIFuzz should also download the latest corpora using the "clusterfuzz-builds-i386" links but it kind of works even without that. It was tested in https://github.com/evverx/oss-fuzz/pull/13 by pointing https://github.com/evverx/systemd/pull/110 to that fork of the oss-fuzz repository. To judge from https://github.com/evverx/systemd/actions/runs/2406321298 it seems to be working more or less. The "i386" job failed there because https://github.com/systemd/systemd/commit/89b6a3f13e5f3b8a375dc82cb2a1c2c204a5067e to test "i386" as much as possible.
2022-06-08 19:15:27 +00:00
architecture=constants.DEFAULT_ARCHITECTURE,
[cifuzz][prow] Support docker in docker to support prow. (#6556)
2021-10-05 13:01:38 +00:00
docker_in_docker=False):
[CIFuzz] Add coverage report generation. (#5937) Also: 1. Support coverage builds. 2. Add an integration test for coverage builds and reports. 3. Refactor docker code so that there is less duplication in getting arguments for docker run, in particular when handling container (production) vs no container (testing). 4. Rename coverage.py to get_coverage_report. 5. Add tests for untested functions in docker.py 6. Add a test for get_fuzz_target_runner.
2021-06-23 14:30:11 +00:00
"""Returns part of the command that should be used everytime 'docker run' is
invoked."""
docker_args, docker_container = get_base_docker_run_args(
infra: allow passing architecture=i386 to CIFuzz (#7779) to mostly make sure that fuzz targets are buildable with architecture=i386. Ideally CIFuzz should also download the latest corpora using the "clusterfuzz-builds-i386" links but it kind of works even without that. It was tested in https://github.com/evverx/oss-fuzz/pull/13 by pointing https://github.com/evverx/systemd/pull/110 to that fork of the oss-fuzz repository. To judge from https://github.com/evverx/systemd/actions/runs/2406321298 it seems to be working more or less. The "i386" job failed there because https://github.com/systemd/systemd/commit/89b6a3f13e5f3b8a375dc82cb2a1c2c204a5067e to test "i386" as much as possible.
2022-06-08 19:15:27 +00:00
workspace,
sanitizer,
language,
architecture,
docker_in_docker=docker_in_docker)
[CIFuzz] Add coverage report generation. (#5937) Also: 1. Support coverage builds. 2. Add an integration test for coverage builds and reports. 3. Refactor docker code so that there is less duplication in getting arguments for docker run, in particular when handling container (production) vs no container (testing). 4. Rename coverage.py to get_coverage_report. 5. Add tests for untested functions in docker.py 6. Add a test for get_fuzz_target_runner.
2021-06-23 14:30:11 +00:00
command = _DEFAULT_DOCKER_RUN_COMMAND.copy() + docker_args
return command, docker_container
[CIFuzz] Don't make everything a subdirectory of /out (#5970) Use different subdirectories of workspace for builds, old builds, coverage reports, corpora and artifacts/testscases.
2021-06-30 14:34:42 +00:00
def _get_args_mapping_host_path_to_container(host_path, container_path=None):
[CIFuzz] Add coverage report generation. (#5937) Also: 1. Support coverage builds. 2. Add an integration test for coverage builds and reports. 3. Refactor docker code so that there is less duplication in getting arguments for docker run, in particular when handling container (production) vs no container (testing). 4. Rename coverage.py to get_coverage_report. 5. Add tests for untested functions in docker.py 6. Add a test for get_fuzz_target_runner.
2021-06-23 14:30:11 +00:00
"""Get arguments to docker run that will map |host_path| a path on the host to
a path in the container. If |container_path| is specified, that path is mapped
to. If not, then |host_path| is mapped to itself in the container."""
[CIFuzz] Don't make everything a subdirectory of /out (#5970) Use different subdirectories of workspace for builds, old builds, coverage reports, corpora and artifacts/testscases.
2021-06-30 14:34:42 +00:00
# WARNING: Do not use this function when running in production (and
# --volumes-from) is used for mapping volumes. It will break production.
[CIFuzz] Add coverage report generation. (#5937) Also: 1. Support coverage builds. 2. Add an integration test for coverage builds and reports. 3. Refactor docker code so that there is less duplication in getting arguments for docker run, in particular when handling container (production) vs no container (testing). 4. Rename coverage.py to get_coverage_report. 5. Add tests for untested functions in docker.py 6. Add a test for get_fuzz_target_runner.
2021-06-23 14:30:11 +00:00
container_path = host_path if container_path is None else container_path
return ['-v', f'{host_path}:{container_path}']