GetINCHIfromINCHI calls strlen on szOptions, which leads to undefined behavior as it's not a valid null-terminated byte string.
Explicitly NULL out the char* to avoid this.
We have some fuzzers that are security-critical (json, exif), but
these haven't found anything genuinely new in a long time. It seems
unlikely that they will find something that is not a regression in
a pre-release version (and as such okay to be public).
The other fuzzers are not classified as security-critical by the
the PHP project (unserialize, unserializehash, parser, execute,
function-jit, tracing-jit). The latter three produce the vast
majority of new reports.
I think it would be more valuable to make fuzzing reports public
and have a larger set of people who can work on them.
1. Move most of the generic stuff into BasePlatformConfig.
2. Make a GCB platform config that sets WORKSPACE and PROJECT_SRC_PATH so users don't have to.
3. Make a skeleton prow platform_config for Mitchel to fill out.
4. Make users explicitly specify the CFL_PLATFORM so we can pick CI environments
Share more code between the 4 implementations of `prepare_for_fuzzer_build`.
This simplifies the code of these implementations, reduces repetition and makes them easier to
understand.
Create helper functions/methods for:
1. Creating a failed `BuildPreparationResult`: `get_build_preparation_failure`
2. Building an external project docker image: `_build_external_project_docker_image`
3. Cloning a repo and checking out the specified commit/pr: `_clone_repo_and_checkout`
4. Detecting the main repo `_detect_main_repo`
5. Creating a repo manager from an existing checkout: `_create_repo_manager_for_project_src_path`
Change `ExternalGeneric` implementation of `prepare_for_fuzzer_build` to:
1. Call `_create_repo_manager_for_project_src_path`
2. Call `_build_external_project_docker_image`
Change `InternalGeneric` implementation of `prepare_for_fuzzer_build` to:
1. Call `_detect_main_repo`
2. Call `_create_repo_manager_for_project_src_path`
Change `ExternalGithub` implementation of `prepare_for_fuzzer_build` to:
1. Call `_clone_repo_and_checkout`
2. Call `_build_external_project_docker_image`
Change `InternalGithub` implementation of `prepare_for_fuzzer_build` to:
1. Call `_detect_main_repo`
2. Call `_clone_repo_and_checkout`
Fix diffing on non-GitHub and improve config
1. Remove obsolete comments.
2. Remove unused function get_pr_ref
3. Correct comment on git_sha
4. Rename commit_sha to git_sha
5. Make base_commit, pr_ref, and base_ref non-github specific and move to
CiEnvironment.
6. Hoist get_diff_base to base class to allow diffing
7. Fix downloading coverage on non-Github.
8. Add TODO so that we don't assume github actions is run on github.com
(enterprise users)
9. Rename repo_url to git_url.
10. Add missing git_url method base class.
11. Clarify what git_url, git_sha and pr_ref are for and leave TODOs about how
we can eliminate them.
12. Fix typos.
Catena cyber