From aebba43c02fd5f1e0aad3f8c42fcb886bf4ff979 Mon Sep 17 00:00:00 2001 From: Guido Vranken Date: Fri, 16 Aug 2019 19:55:55 +0200 Subject: [PATCH] [golang] Golang internal library fuzzers (#2188) * Add golang fuzzer * Use dvyukov's fuzzers * Add more fuzzers * Move data retrieval to Dockerfile + cosmetic changes * Use upstream Golang, go-fuzz - Install Golang 1.9 binaries to bootstrap latest development Golang - Deprecate go-fuzz fork in favor of upstream go-fuzz * Disable Go fuzzers whose build is broken * Trigger Travis * project.yaml stub * auto_ccs --- projects/golang/Dockerfile | 34 +++++++++++++++++++ projects/golang/build.sh | 65 ++++++++++++++++++++++++++++++++++++ projects/golang/project.yaml | 7 ++++ 3 files changed, 106 insertions(+) create mode 100644 projects/golang/Dockerfile create mode 100755 projects/golang/build.sh create mode 100644 projects/golang/project.yaml diff --git a/projects/golang/Dockerfile b/projects/golang/Dockerfile new file mode 100644 index 000000000..35eb242c0 --- /dev/null +++ b/projects/golang/Dockerfile @@ -0,0 +1,34 @@ +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +MAINTAINER guidovranken@gmail.com + +RUN apt-get update && apt-get install -y software-properties-common python-software-properties build-essential wget + +# Golang 1.9 binaries are downloaded only to bootstrap the latest Golang from the development repository +RUN add-apt-repository -y ppa:gophers/archive && apt-get update && apt-get install -y golang-1.9-go +RUN ln -s /usr/lib/go-1.9/bin/go /usr/bin/go + +# Get latest Golang +RUN git clone --depth 1 https://github.com/golang/go + +RUN mkdir -p go/packages/src/github.com/dvyukov +RUN cd go/packages/src/github.com/dvyukov && git clone https://github.com/dvyukov/go-fuzz +RUN cd go/packages/src/github.com/dvyukov && git clone https://github.com/dvyukov/go-fuzz-corpus + +COPY build.sh $SRC/ + diff --git a/projects/golang/build.sh b/projects/golang/build.sh new file mode 100755 index 000000000..79f85a43f --- /dev/null +++ b/projects/golang/build.sh @@ -0,0 +1,65 @@ +# Compile latest Go +cd go/src +./make.bash +cd $SRC + +# Remove previous Go install (used for bootstrapping) +apt-get remove golang-1.9-go -y +rm /usr/bin/go + +export GOROOT=`realpath go` +export GOPATH=$GOROOT/packages +export PATH=$GOROOT/bin:$PATH + +# Dependency of go-fuzz +go get golang.org/x/tools/go/packages + +# go-fuzz-build is the tool that instruments Go files +go build github.com/dvyukov/go-fuzz/go-fuzz-build + +function compile_fuzzer { + fuzzer=$(basename $1) + + # Instrument all Go files relevant to this fuzzer, compile and store in $fuzzer.a + ./go-fuzz-build -libfuzzer -o $fuzzer.a github.com/dvyukov/go-fuzz-corpus/$fuzzer + + # Instrumented, compiled Go ($fuzzer.a) + libFuzzer = fuzzer binary + $CXX $CXXFLAGS -lFuzzingEngine $fuzzer.a -lpthread -o fuzzer-$fuzzer + + # Copy the fuzzer binary + cp fuzzer-$fuzzer $OUT + + # Pack the seed corpus + zip -r fuzzer-${fuzzer}_seed_corpus.zip $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/$fuzzer/corpus + + # Copy the seed corpus + cp fuzzer-${fuzzer}_seed_corpus.zip $OUT +} + +export -f compile_fuzzer + +# Use this to attempt to compile all +#find $GOPATH/src/github.com/dvyukov/go-fuzz-corpus -mindepth 1 -maxdepth 1 -type d -exec bash -c 'compile_fuzzer "$@"' bash {} \; + +compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/asn1 +#compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/bzip2 +compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/csv +compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/elliptic +compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/flate +compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/fmt +#compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/gif +compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/gzip +compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/httpreq +compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/httpresp +compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/jpeg +compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/json +compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/lzw +compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/mime +compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/multipart +compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/png +compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/tar +compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/time +#compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/url +compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/xml +compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/zip +compile_fuzzer $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/zlib diff --git a/projects/golang/project.yaml b/projects/golang/project.yaml new file mode 100644 index 000000000..5bc499758 --- /dev/null +++ b/projects/golang/project.yaml @@ -0,0 +1,7 @@ +homepage: "https://golang.org/" +primary_contact: "guidovranken@gmail.com" +auto_ccs: + - "golang-fuzz@googlegroups.com" +sanitizers: + - undefined +view_restrictions: none