- prefixes CFLite generate command
- Removes licenses from Dockerfile/Build in CFLite mode -- the rational
is that users will likely not want to use those license in their own
code base, and they are not needed as the code won't be put in
OSS-Fuzz's repo.
- Removes unused fields from `project.yaml` -- these are not relevant in
CFLite
---------
Signed-off-by: David Korczynski <david@adalogics.com>
Adds helpers to:
- Generate files needed for a CFLite set up (the content of
`.clusterfuzzlite`, not the GH workflow)
- Test fuzzers in a CFLite set up
Only CPP support for now.
Follow-up PRs will:
- Add support for the rest of the languages
- Add support for code coverage generation
- Add support for yaml generation.
Signed-off-by: David Korczynski <david@adalogics.com>
Extends the command that runs a full build-fuzzers; run-fuzzers; collect
code coverage; to also now do a comparison of the local code coverage to
the code coverage by Clusterfuzz. Any gains are highlighted.
---------
Signed-off-by: David Korczynski <david@adalogics.com>
Add initial layout or a vscode extension.
Several commands included in the extension, including commands for
- oss-fuzz initialization
- creating new project integrations
- generating coverage reports
- building projects from arbitrary locations in the filesystem
- reproducing crashes easily
- instant CIFuzz integration
- creating fuzzing templates for rapid prototyping
- ...
Many ideas can be put into the vscode extension, for example:
- support some form of e.g. sync with introspector.oss-fuzz.com -- for
example where the plugin will check "has progress been made relative to
what is currently at oss-fuzz". We could extend `helper.py` with some
form of command called "check_progress` which will run a small build
pipeline + coverage and check if the coverage performs better than what
is currently achieved. I think there's more to explore in this space.
- connect to auto-fuzz:
https://github.com/ossf/fuzz-introspector/tree/main/tools/auto-fuzz
- in general improve the extension UI, as currently it's only based on
commands.
---------
Signed-off-by: David Korczynski <david@adalogics.com>