These harnesses seem to run a lot better and don't need the adjusted
`--timeout` option any more from what I was able to observe. Also, the
tested API increased a bit.
With OpenSSL 1.1's imminent EOL, switch libfido2 to OpenSSL 3.0. While
here, update libcbor to 0.10.2. Tested locally with asan/msan and
libFuzzer, Honggfuzz, and AFL.
Contains bug fixes for failed Python and Java projects
---------
Signed-off-by: David Korczynski <david@adalogics.com>
Co-authored-by: Oliver Chang <oliverchang@users.noreply.github.com>
Observed 2 crashes overnight that were non-security issues. This PR
ensures that the harness properly runs without reaching these non-issue
states early on.
Two changes:
- Simplify Dockerfile, do not install packages which are no longer used
as dependencies
- Remove `fuzzing_engines` from `project.yaml` to ensure that all
fuzzing engines are used, including centipede
Apple engineers reached out to inform us that the JSC build is broken
because WebKit has migrated from their own Git instance to GitHub.
---------
Co-authored-by: Holly Gong <39108850+hogo6002@users.noreply.github.com>
Co-authored-by: Abhishek Arya <inferno@chromium.org>
This seems to have been left out when `javascript_lang.md` was created
and support for `language: javascript` was added.
Signed-off-by: Clarence "Sparr" Risher <clrnc@amazon.com>
Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
All other language-specific guide files are named `foo_lang.md`, as
distinct from `bazel.md` which is not for an implementation language
(and should probably get its own suffix, maybe bazel_build.md, but
that's another matter).
Signed-off-by: Clarence "Sparr" Risher <clrnc@amazon.com>
We're migrating all Flux controllers to Go 1.20 and we're blocked by
`cr.io/oss-fuzz-base/base-builder-go` which comes with Go 1.19. This PR
installs Go 1.20 over 1.19 and adds `export CXX="${CXX} -lresolv"` to
the build script to avoid:
```
Building ./internal/controller/gitrepository_controller_fuzz_test.go.FuzzRandomGitFiles into FuzzRandomGitFiles
+ echo 'Building ./internal/controller/gitrepository_controller_fuzz_test.go.FuzzRandomGitFiles into FuzzRandomGitFiles'
+ compile_native_go_fuzzer ./internal/controller FuzzRandomGitFiles FuzzRandomGitFiles
/usr/bin/ld: /usr/bin/ld: DWARF error: invalid or unhandled FORM value: 0x25
FuzzRandomGitFiles.a(000020.o): in function `_cgo_cbcce81e6342_C2func_res_search':
cgo_unix_cgo_res.cgo2.c:(.text+0x32): undefined reference to `__res_search'
/usr/bin/ld: FuzzRandomGitFiles.a(000020.o): in function `_cgo_cbcce81e6342_Cfunc_res_search':
cgo_unix_cgo_res.cgo2.c:(.text+0x81): undefined reference to `__res_search'
clang-15: error: linker command failed with exit code 1 (use -v to see invocation)
```
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
The PR Helper workflow complains if a new project doesn't include a
main_repo, so I've added that to the accepting new projects page.
I also added links from there to the specific fields in the new project
guide.
I also changed a reference in the workflow output to refer to the yaml
field name visible to submitters, rather than to the internal python
name for the same field which doesn't match.
---------
Signed-off-by: Clarence "Sparr" Risher <clrnc@amazon.com>
Co-authored-by: Holly Gong <39108850+hogo6002@users.noreply.github.com>
Update repo_url as criticality score does not support url ends with
'.git'.
Example:
~/go/bin$ `./criticality_score --format json
-gcp-project-id=clusterfuzz-external
https://github.com/kubernetes/kubernetes.git`
2023-06-21 14:27:39.583 INFO Preparing default scorer
2023-06-21 14:27:41.007 INFO deps.dev signal source enabled
`2023-06-21 14:27:41.869 WARN Repo cannot be collected {"worker": 0,
"url": "https://github.com/kubernetes/kubernetes.git", "error": "repo
failed: not found: https://github.com/kubernetes/kubernetes.git"}`
---------
Co-authored-by: Dongge Liu <alan32.liu@gmail.com>
Oliver Chang