9cd03a3a6d
croaring: do not build tests ( #9556 )
...
This is an effort to stabilise the fuzz introspector build which seems
to segfault for some of the tests on-and-off
2023-02-02 13:38:11 +00:00
cd4e17f23a
abseil-cpp: fix build ( #9555 )
...
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55494
including both fuzz, coverage and introspector builds
2023-02-02 12:08:49 +00:00
15737babd3
feat(gitoxide): Adds autodetection of new fuzzers ( #9553 )
...
The previous configuration had a hardecoded list of fuzz harnesses. This
was neccesary as some of the existing fuzz harnesses where broken and
wouldn't compile. As these are now fixed, we can switch over to
searching for new fuzz tests.
2023-02-01 15:48:29 -05:00
a73d21a088
[skia] Fix build by downloading and using ninja ( #9551 )
...
This moves the fetching to the Dockerfile creation step, for better
caching.
Note that gn is downloaded to skia/bin/gn, but ninja is downloaded to
skia/third_party/ninja/ninja (for compatibility with depot_tools).
2023-02-01 19:12:52 +00:00
bba21deb22
[NFC][infra] Don't import classes ( #9539 )
...
This is a violation of google's coding styleguide.
2023-02-01 16:24:48 +00:00
3f7a7c2065
Add `git-date` crate to fuzz-set of `gitoxide` ( #9548 )
2023-02-01 15:21:26 +00:00
86604b7f49
docs: add JavaScript to the top-level README ( #9541 )
2023-02-01 10:18:26 -05:00
65ee165d6b
[Hermes] Add v8 PoCs to seed corpus ( #9546 )
...
Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
2023-02-01 10:16:00 -05:00
0ad4a86f21
[jstl-api] Initial Integration for jstl-api ( #9550 )
2023-02-01 10:11:37 -05:00
b048be69a8
introspector_page: only display if numbers are accurate ( #9545 )
...
Some old reports e.g.
https://storage.googleapis.com/oss-fuzz-introspector/upb/inspector-report/20221025/summary.json
have deprecated data. We should not display this information. Only show
if the percentage numbers make sense.
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
2023-02-01 20:40:48 +11:00
47bdea931b
Update integration rewards documentation. ( #9543 )
2023-02-01 15:42:40 +11:00
36e0de348c
[libavc, libhevc, libmpeg2]: Update repository paths ( #9530 )
...
libavc, libhevc and libmpeg2 now have an upstream project and the
fuzzers will be built from these paths from now on.
2023-01-31 15:35:57 -08:00
6c7a6e342e
python-email-validator: fix no corpus issue ( #9537 )
...
Fixes run_fuzzer not picking up corpus :|
2023-01-31 15:33:32 -08:00
f42447385d
[libecc] Fix build ( #9542 )
...
libecc repo was moved
2023-01-31 15:33:06 -08:00
0efce485d5
infra: build_status: improve fuzz introspector overview page ( #9538 )
...
Extend the page displaying Fuzz Introspector projects with more
information. Primarily, reachability and coverage information and then
wrapped it in a table where searching and sorting is possible.
Example page:
https://davidkorczynski.github.io/staticpages/fuzz_index.html
Signed-off-by: David Korczynski <david@adalogics.com>
---------
Signed-off-by: David Korczynski <david@adalogics.com>
Co-authored-by: Oliver Chang <oliverchang@users.noreply.github.com>
2023-02-01 10:06:09 +11:00
dc2f5f4be8
Integrate Jazzer.js ( #9466 )
...
This PR enables using Jazzer.js for fuzzing Node.js projects in
OSS-Fuzz.
Part of #8324
---------
Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
2023-01-31 11:31:54 -05:00
e7c0e59a32
gitoxide: initial integration ( #9529 )
...
Signed-off-by: Nathaniel Brough <nathaniel.brough@gmail.com>
---------
Signed-off-by: Nathaniel Brough <nathaniel.brough@gmail.com>
Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
2023-01-30 20:49:17 -05:00
4ebd017e8e
docs: add extended Fuzz Introspector doc ( #9487 )
...
Fixes: https://github.com/google/oss-fuzz/issues/9444
Signed-off-by: David Korczynski <david@adalogics.com>
---------
Signed-off-by: David Korczynski <david@adalogics.com>
2023-01-31 09:58:23 +11:00
58ad90a61a
Use setup-python action to cache dependencies ( #9159 )
...
Signed-off-by: jongwooo <jongwooo.han@gmail.com>
## Details
Updated workflows to cache dependencies using
[actions/setup-python](https://github.com/actions/setup-python#caching-packages-dependencies ).
`setup-python@v3` or newer has caching **built-in**.
### AS-IS
```yaml
- name: Setup python environment
uses: actions/setup-python@v3
with:
python-version: 3.8
```
### TO-BE
```yaml
- name: Setup python environment
uses: actions/setup-python@v3
with:
python-version: 3.8
cache: pip
cache-dependency-path: |
infra/ci/requirements.txt
infra/build/functions/requirements.txt
infra/cifuzz/requirements.txt
```
## References
-
[https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows ](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows )
-
[https://thearchivelog.dev/article/caching-dependencies-to-speed-up-workflows/ ](https://thearchivelog.dev/article/caching-dependencies-to-speed-up-workflows/ )
Signed-off-by: jongwooo <jongwooo.han@gmail.com>
2023-01-30 12:09:06 -05:00
b452496404
HtmlUnit: fix the patch to reflect last pom change ( #9527 )
2023-01-30 11:47:22 -05:00
17b41a687a
cras: Build fuzzers with bazel ( #9338 )
...
This change corresponds to https://crrev.com/c/4127648 .
Which will allow us to migrate away from autotools.
2023-01-30 10:09:18 -05:00
461d60ccc2
[cgif] Initial integration ( #7321 )
...
Add initial [cgif](https://github.com/dloebl/cgif ) integration.
[cgif](https://github.com/dloebl/cgif ) is a GIF encoding library written
in C. It is used as the GIF encoding layer of
[libvips](https://github.com/libvips/libvips ).
Right now, it is only fuzzed indirectly via
[libvips](https://github.com/libvips/libvips ):
https://github.com/google/oss-fuzz/pull/6241
Fuzzing [cgif](https://github.com/dloebl/cgif ) directly would allow
covering the complete API.
I would be happy to update this PR with the `Dockerfile` and `build.sh`
once I have the OK from your side.
2023-01-30 00:48:05 +00:00
7139d56a6b
feat(tinyusb): Adds support for seed corpus integration ( #9525 )
2023-01-30 11:29:46 +11:00
d5a7d1c0ba
tomlkit: catch recursion errors ( #9524 )
2023-01-29 13:40:05 +00:00
dfb6df7911
pendulum: initial integration ( #9521 )
...
Signed-off-by: David Korczynski <david@adalogics.com>
---------
Signed-off-by: David Korczynski <david@adalogics.com>
2023-01-29 11:27:12 +00:00
345116ec2b
pyjson5: ignore recursion errors ( #9522 )
...
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55458
2023-01-29 11:26:58 +00:00
135b000926
rich: initial integration ( #9520 )
...
Signed-off-by: David Korczynski <david@adalogics.com>
---------
Signed-off-by: David Korczynski <david@adalogics.com>
2023-01-28 13:06:29 +00:00
ceeea88ac4
[wolfssl, wolfmqtt] Fix builds ( #9519 )
2023-01-28 11:37:30 +01:00
d7f3086ee3
jedi: initial integration ( #9518 )
...
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
2023-01-27 21:40:41 +00:00
f06342d681
pyjson5: initial integration ( #9511 )
...
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
2023-01-27 13:36:23 -05:00
20932f0740
httpx: initial integration ( #9516 )
...
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
2023-01-27 13:36:04 -05:00
33ca577a5d
nDPI: use dictionaries and remove libjson ( #9517 )
...
We don't need libjson anymore since 3baf95b6
2023-01-27 13:35:43 -05:00
abdc730160
mdurl: initial integration ( #9512 )
...
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
2023-01-27 13:35:15 -05:00
f0c6a236cf
tomlkit: initial integration ( #9513 )
...
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
2023-01-27 12:58:02 -05:00
3ee097f1ba
python-fastjsonschema: initial integration ( #9514 )
...
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
2023-01-27 12:51:06 -05:00
0f8873783c
spring-oxm: initial integration ( #9472 )
2023-01-27 11:40:46 -05:00
bdbb8f3a4e
Add jvanverth to CC list ( #9510 )
...
Please add me to the CC list. Thanks!
2023-01-27 13:03:02 +00:00
eff569022b
Change email to google account ( #9509 )
...
Implements https://github.com/google/oss-fuzz/pull/9508
2023-01-26 16:03:24 -05:00
52d21c8acd
Add additional maintainer to GLib project configuration ( #9506 )
...
He’s an upstream maintainer:
ded3099afc/glib.doap (L89-95)pwithnall@endlessos.org
Signed-off-by: Philip Withnall pwithnall@endlessos.org
2023-01-26 08:53:03 -05:00
b3a4c94456
nDPI: add support for centipede ( #9503 )
...
See #9415
2023-01-26 10:20:20 +01:00
7213797543
[skia] Add cubic_quad_roots fuzzer ( #9504 )
...
This was added in https://skia-review.googlesource.com/c/skia/+/633476
2023-01-26 10:19:26 +01:00
c8a0565c3b
[wolfssl] Include Cryptofuzz built-in tests in seed corpus ( #9505 )
...
Cryptofuzz has a built-in corpus of inputs that can detect historic
and/or hard to find bugs.
https://github.com/guidovranken/cryptofuzz/blob/master/builtin_tests_importer.cpp
This change includes those inputs in the seed corpus.
2023-01-26 10:19:04 +01:00
918f2f4458
Add fuzzing on i386 for zstd ( #9498 )
...
We would like to extend zstd fuzzing to 32-bit in order to further
ensure that zstd is portable and to find bugs (such as
https://github.com/facebook/zstd/pull/3361 ) that only occur on 32-bit
platforms.
2023-01-25 16:53:16 +01:00
fded1948e1
paramiko: fix fuzzer ( #9502 )
...
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55341
2023-01-25 13:33:22 +00:00
f9bb0806b9
parso: catch recursion errors ( #9501 )
...
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55379
2023-01-25 11:58:23 +00:00
2750527519
Delete all.sh bash script ( #9500 )
...
1. OSS-Fuzz has grown to the point that running this script is
impractical.
2. The script is unsafe because it builds every project.
3. I don't know that anyone used this.
2023-01-24 20:53:33 -05:00
c9914cb385
build(deps): bump commonmarker from 0.23.6 to 0.23.7 in /docs ( #9496 )
...
Bumps [commonmarker](https://github.com/gjtorikian/commonmarker ) from
0.23.6 to 0.23.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gjtorikian/commonmarker/releases ">commonmarker's
releases</a>.</em></p>
<blockquote>
<h2>v0.23.7</h2>
<h2>What's Changed</h2>
<ul>
<li>C API stable test by <a
href="https://github.com/gjtorikian "><code>@gjtorikian</code></a> in <a
href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/201 ">gjtorikian/commonmarker#201</a></li>
<li>Update to 29.0.gfm.7 by <a
href="https://github.com/anticomputer "><code>@anticomputer</code></a>
in <a
href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/224 ">gjtorikian/commonmarker#224</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gjtorikian/commonmarker/compare/v0.23.6...v0.23.7 ">https://github.com/gjtorikian/commonmarker/compare/v0.23.6...v0.23.7 </a></p>
<h2>v0.23.7.pre1</h2>
<h2>What's Changed</h2>
<ul>
<li>C API stable test by <a
href="https://github.com/gjtorikian "><code>@gjtorikian</code></a> in <a
href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/201 ">gjtorikian/commonmarker#201</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gjtorikian/commonmarker/compare/v0.23.6...v0.23.7.pre1 ">https://github.com/gjtorikian/commonmarker/compare/v0.23.6...v0.23.7.pre1 </a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/gjtorikian/commonmarker/blob/main/CHANGELOG.md ">commonmarker's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2><a
href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre6 ">v1.0.0.pre6</a>
(2023-01-09)</h2>
<p><a
href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre5...v1.0.0.pre6 ">Full
Changelog</a></p>
<p><strong>Closed issues:</strong></p>
<ul>
<li>Cargo.lock prevents Ruby 3.2.0 from installing commonmarker
v1.0.0.pre4 <a
href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/issues/211 ">#211</a></li>
</ul>
<p><strong>Merged pull requests:</strong></p>
<ul>
<li>always use rb_sys (don't use Ruby's emerging cargo tooling where
available) <a
href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/213 ">#213</a>
(<a href="https://github.com/kivikakk ">kivikakk</a>)</li>
</ul>
<h2><a
href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre5 ">v1.0.0.pre5</a>
(2023-01-08)</h2>
<p><a
href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre4...v1.0.0.pre5 ">Full
Changelog</a></p>
<p><strong>Merged pull requests:</strong></p>
<ul>
<li>Provide 3.2 build support <a
href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/212 ">#212</a>
(<a href="https://github.com/gjtorikian ">gjtorikian</a>)</li>
</ul>
<h2><a
href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre4 ">v1.0.0.pre4</a>
(2022-12-28)</h2>
<p><a
href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre3...v1.0.0.pre4 ">Full
Changelog</a></p>
<p><strong>Closed issues:</strong></p>
<ul>
<li>Will the cmark-gfm branch continue to be maintained for awhile? <a
href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/issues/207 ">#207</a></li>
</ul>
<p><strong>Merged pull requests:</strong></p>
<ul>
<li>Implement native syntax highlighting <a
href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/209 ">#209</a>
(<a href="https://github.com/gjtorikian ">gjtorikian</a>)</li>
<li>Bump magnus from 0.4.3 to 0.4.4 <a
href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/208 ">#208</a>
(<a href="https://github.com/apps/dependabot ">dependabot[bot]</a>)</li>
<li>Bump magnus from 0.4.2 to 0.4.3 <a
href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/206 ">#206</a>
(<a href="https://github.com/apps/dependabot ">dependabot[bot]</a>)</li>
<li>Bump comrak from 0.14.0 to 0.15.0 <a
href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/205 ">#205</a>
(<a href="https://github.com/apps/dependabot ">dependabot[bot]</a>)</li>
<li>Bump magnus from 0.4.1 to 0.4.2 <a
href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/204 ">#204</a>
(<a href="https://github.com/apps/dependabot ">dependabot[bot]</a>)</li>
</ul>
<h2><a
href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre3 ">v1.0.0.pre3</a>
(2022-11-30)</h2>
<p><a
href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre.2...v1.0.0.pre3 ">Full
Changelog</a></p>
<p><strong>Closed issues:</strong></p>
<ul>
<li>Code block incorrectly parsed in commonmarker 1.0.0.pre <a
href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/issues/202 ">#202</a></li>
</ul>
<p><strong>Merged pull requests:</strong></p>
<ul>
<li>Windows build <a
href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/197 ">#197</a>
(<a href="https://github.com/gjtorikian ">gjtorikian</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="734fd86c97https://github-redirect.dependabot.com/gjtorikian/commonmarker/issues/224 ">#224</a>
from gjtorikian/update-to-29.0.gfm.7</li>
<li><a
href="2e724ec52a9c923b0bfd💎 release 0.23.7</li>
<li><a
href="30419c25e89007c3798fhttps://github.com/github/cmark-gfm/commit/57d5e093e ">https://github.com/github/cmark-gfm/commit/57d5e093e </a>...</li>
<li><a
href="1cfec13373https://github-redirect.dependabot.com/gjtorikian/commonmarker/issues/201 ">#201</a>
from gjtorikian/c-api-stable-test</li>
<li><a
href="bbf631b4135b807a115d9a24e6d2fed8a43bc73ahttps://github.com/gjtorikian/commonmarker/compare/v0.23.6...v0.23.7 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the
default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as
the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as
the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the
default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/google/oss-fuzz/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-24 19:43:27 -05:00
2c347b059b
Upgrade activesupport ( #9499 )
2023-01-24 19:40:39 -05:00
700fd90d10
bottleneck: fix build ( #9497 )
...
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
2023-01-24 21:18:08 +00:00
8df1de8725
Update activesupport ( #9495 )
2023-01-24 15:06:51 -05:00
DavidKorczynski