From d0fc0203d2c9c30f5de23ef503e7f69ed74b334b Mon Sep 17 00:00:00 2001 From: htuch Date: Fri, 2 Feb 2018 12:17:53 -0500 Subject: [PATCH] [Envoy] Add project. (#1130) * [Envoy] Add project. Following the steps at https://github.com/google/oss-fuzz/blob/master/docs/new_project_guide.md. Signed-off-by: Harvey Tuch * Dockerfile review feedback. Signed-off-by: Harvey Tuch --- projects/envoy/Dockerfile | 38 +++++++++++++++++++++++++ projects/envoy/build.sh | 56 +++++++++++++++++++++++++++++++++++++ projects/envoy/project.yaml | 6 ++++ 3 files changed, 100 insertions(+) create mode 100644 projects/envoy/Dockerfile create mode 100755 projects/envoy/build.sh create mode 100644 projects/envoy/project.yaml diff --git a/projects/envoy/Dockerfile b/projects/envoy/Dockerfile new file mode 100644 index 000000000..5fedd071f --- /dev/null +++ b/projects/envoy/Dockerfile @@ -0,0 +1,38 @@ +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +MAINTAINER htuch@google.com + +RUN apt-get update && apt-get -y install \ + build-essential \ + openjdk-8-jdk \ + make \ + curl \ + autoconf \ + libtool \ + cmake \ + wget \ + golang + +# Install Bazel +RUN echo "deb [arch=amd64] http://storage.googleapis.com/bazel-apt stable jdk1.8" | tee /etc/apt/sources.list.d/bazel.list +RUN curl https://bazel.build/bazel-release.pub.gpg | apt-key add - +RUN apt-get update && apt-get install -y bazel + +RUN git clone https://github.com/envoyproxy/envoy.git +WORKDIR /src/envoy/ +COPY build.sh $SRC/ diff --git a/projects/envoy/build.sh b/projects/envoy/build.sh new file mode 100755 index 000000000..3d5fe5718 --- /dev/null +++ b/projects/envoy/build.sh @@ -0,0 +1,56 @@ +#!/bin/bash -eu +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FUZZER_TARGETS="\ +test/common/common:base64_fuzz_test \ +" + +FUZZER_DICTIONARIES="\ +" + +# Skip gperftools, ASAN runs don't use tcmalloc. +export DISABLE_GPERFTOOLS_BUILD=1 +sed -i 's#envoy_dependencies()#envoy_dependencies(skip_targets=["tcmalloc_and_profiler"])#' WORKSPACE + +# Build Envoy +declare -r EXTRA_BAZEL_FLAGS="$(for f in ${CXXFLAGS}; do echo --copt=$f --linkopt=$f; done)" +declare -r BAZEL_BUILD_TARGETS="$(for t in ${FUZZER_TARGETS}; do echo //"$t"_driverless; done)" +bazel build --verbose_failures --dynamic_mode=off --spawn_strategy=standalone \ + --genrule_strategy=standalone --strip=never \ + --copt=-fno-sanitize=vptr --linkopt=-fno-sanitize=vptr \ + --define tcmalloc=disabled --define signal_trace=disabled \ + --define ENVOY_CONFIG_ASAN=1 --copt -D__SANITIZE_ADDRESS__ \ + --define force_libcpp=enabled \ + --build_tag_filters=-no_asan --test_tag_filters=-no_asan \ + ${EXTRA_BAZEL_FLAGS} \ + --linkopt="-lFuzzingEngine" \ + ${BAZEL_BUILD_TARGETS} + +# Copy out test binaries from bazel-bin/ and zip up related test corpuses. +for t in ${FUZZER_TARGETS} +do + TARGET_PATH="${t/:/\/}" + TARGET_BASE="$(expr "$t" : '.*:\(.*\)_fuzz_test')" + cp bazel-bin/"${TARGET_PATH}"_driverless "${OUT}"/"${TARGET_BASE}"_fuzz_test + zip "${OUT}/${TARGET_BASE}"_fuzz_test_seed_corpus.zip \ + "$(dirname "${TARGET_PATH}")"/"${TARGET_BASE}"_corpus/* +done + +# Copy dictionaries and options files to $OUT/ +for d in $FUZZER_DICTIONARIES; do + cp "$d" "${OUT}"/ +done diff --git a/projects/envoy/project.yaml b/projects/envoy/project.yaml new file mode 100644 index 000000000..0808c2db5 --- /dev/null +++ b/projects/envoy/project.yaml @@ -0,0 +1,6 @@ +homepage: "https://www.envoyproxy.io/" +primary_contact: "htuch@google.com" +auto_ccs: + - "mklein@lyft.com" + - "alyssar@google.com" + - "envoy-security@googlegroups.com"