Adds cel-cpp project (#5326)

* Adds cel-cpp project

* Fixup copy targets

* Disable not working sanitizers

* Fixup target try catch

* Adds ccs people to cel-cpp

* Remove unnneeded bazel download

* Use bazel magic

* Disable UBSAN for cel-cpp

* removing unneeded nit

projects/cel-cpp/.bazelrc

@@ -0,0 +1,23 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# Force the use of Clang for C++ builds.
+build --action_env=CC=clang
+build --action_env=CXX=clang++
+
+build:oss-fuzz --@rules_fuzzing//fuzzing:cc_engine=@rules_fuzzing_oss_fuzz//:oss_fuzz_engine
+build:oss-fuzz --@rules_fuzzing//fuzzing:cc_engine_instrumentation=oss-fuzz
+build:oss-fuzz --@rules_fuzzing//fuzzing:cc_engine_sanitizer=none

projects/cel-cpp/BUILD

@@ -0,0 +1,23 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+load("@rules_fuzzing//fuzzing:cc_defs.bzl", "cc_fuzz_test")
+
+cc_fuzz_test(
+	name = "fuzz_parse",
+	deps = ["//parser"],
+	srcs = ["fuzz_parse.cc"],
+)

projects/cel-cpp/Dockerfile

@@ -0,0 +1,27 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+
+RUN git clone --depth 1 https://github.com/google/cel-cpp/
+COPY build.sh $SRC/
+RUN mkdir $SRC/cel-cpp/fuzz/
+COPY BUILD fuzz*.cc $SRC/cel-cpp/fuzz/
+COPY WORKSPACE .bazelrc $SRC/
+RUN cat WORKSPACE >> $SRC/cel-cpp/WORKSPACE
+RUN cat .bazelrc >> $SRC/cel-cpp/.bazelrc
+RUN echo "4.0.0" > $SRC/cel-cpp/.bazelversion
+WORKDIR $SRC/cel-cpp

projects/cel-cpp/WORKSPACE

@@ -0,0 +1,41 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
+
+http_archive(
+    name = "fuzzing_rules_python",
+    url = "https://github.com/bazelbuild/rules_python/releases/download/0.1.0/rules_python-0.1.0.tar.gz",
+    sha256 = "b6d46438523a3ec0f3cead544190ee13223a52f6a6765a29eae7b7cc24cc83a0",
+)
+
+http_archive(
+    name = "rules_fuzzing",
+    sha256 = "a5734cb42b1b69395c57e0bbd32ade394d5c3d6afbfe782b24816a96da24660d",
+    strip_prefix = "rules_fuzzing-0.1.1",
+    urls = ["https://github.com/bazelbuild/rules_fuzzing/archive/v0.1.1.zip"],
+    repo_mapping = {
+        "@rules_python": "@fuzzing_rules_python",
+    },
+)
+
+load("@rules_fuzzing//fuzzing:repositories.bzl", "rules_fuzzing_dependencies")
+
+rules_fuzzing_dependencies()
+
+load("@rules_fuzzing//fuzzing:init.bzl", "rules_fuzzing_init")
+
+rules_fuzzing_init()

projects/cel-cpp/build.sh

@@ -0,0 +1,32 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+declare -r QUERY='
+    let all_fuzz_tests = attr(tags, "fuzz-test", "//...") in
+    $all_fuzz_tests - attr(tags, "no-oss-fuzz", $all_fuzz_tests)
+'
+
+declare -r PACKAGE_SUFFIX="_oss_fuzz"
+declare -r OSS_FUZZ_TESTS="$(bazel query "${QUERY}" | sed "s/$/${PACKAGE_SUFFIX}/")"
+
+bazel build -c opt --config=oss-fuzz --linkopt=-lc++ \
+    --action_env=CC="${CC}" --action_env=CXX="${CXX}" \
+    ${OSS_FUZZ_TESTS[*]}
+
+for oss_fuzz_archive in $(find bazel-bin/ -name "*${PACKAGE_SUFFIX}.tar"); do
+    tar -xvf "${oss_fuzz_archive}" -C "${OUT}"
+done

projects/cel-cpp/fuzz_parse.cc

@@ -0,0 +1,34 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+#include <string>
+
+#include "parser/parser.h"
+
+#define MAX_RECURSION 0x100
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+    std::string str (reinterpret_cast<const char*>(data), size);
+    try {
+        auto parse_status = google::api::expr::parser::Parse(str, "fuzzinput", MAX_RECURSION);
+        if (!parse_status.ok()) {
+            parse_status.status().message();
+        }
+    } catch (const std::exception& e) {
+        return 0;
+    }
+    return 0;
+}

projects/cel-cpp/project.yaml

@@ -0,0 +1,11 @@
+homepage: "https://opensource.google/projects/cel"
+language: c++
+primary_contact: "kyessenov@gmail.com"
+auto_ccs :
+- "tswadell@google.com"
+- "p.antoine@catenacyber.fr"
+
+sanitizers:
+- address
+- memory
+main_repo: 'https://github.com/google/cel-cpp'