Create intents and flags based on fuzzer-derived data and ensure size of
input/output buffers matches the upper bound of the transformation
functions in lcms.
* Add Centipede as a fuzzer
* Specify dictionary param of Centipede
* Update docs
* Mark Centipede as experimental
* More accurate description
* Remove garbage
* Simplify code
* Move mkdir to dockerfile
* Add the weak.c trick
* Install deps with Centipede's script & uninstall new deps
* Fix doc
* Reuse libweak_sancov_stubs.so
* Reorganise flags
* format
* Consistent file type
* Reuse the weak references defined in Centipede
* Replace the shared library of weak symbols with a static one
* Correct the place to call mkdir
* Allow 2G of SHM for Centipede
* Create dirs in run_fuzzer
* Keep Centipede up-to-date
* Avoid duplicating Centipede's binary
* The params of Centipede and their explanations
* The engine info of centipede
* Save the target binary (with san) in a subdir of the project
* Set the target (with san) dir in check_build
* Create the target (with san) first to avoid side-effects
* Fic clone
* Fix format
* Add periods
* Fix comments
* Fix dirs
* Fix parameters
* Adding Centipede as a fuzzing engine for Scarecrow
* Add CI support
* Represent sanitizer with a variable
* Remove the unnecessary definition of FUZZER_OUT
* Reorganise binary directories
* format
* A minor note
* Present issues with dirs that alread exist
* Use os.path.join to join path
* Make a function to get the out/ in check build
* Reusing existing flags in .bazel
* Avoid hardcoding sanitizer, set rss_limit_mb=4096, leave address_space_limit_mb disabled
* Better ways to add bazel build options
* A better way to add bazel flags
* Remove redundant --bazelrc
* Better Cohesion
* Avoid code duplication
* Simplify code
* Exit on crash
fluxcd: Revert to base-builder-go
The project recently started moving into Go fuzz native, and using
the codeintelligencetesting variant is causing the error below:
ERROR: no interesting inputs were found
This PR reverts https://github.com/google/oss-fuzz/pull/7683 for fluxcd
which fixes the issue.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
turn off toolchain hardening flags in configure
these seem to clash with the oss-fuzz environment leading to weird
crashes like monorail #50678
Co-authored-by: Damien Miller <djm@google.com>
* New : OSSF Scorecard webapp
- Fuzzing scorecard webapp
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed the path in the Dockerfile
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* New : OSSF Scorecard webapp
- Fuzzing scorecard webapp
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed the path in the Dockerfile
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed the year in the header.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* [spring-framework] Apply patches in the Dockerfile
Applying patches is part of the sourcecode retrieval, which
we do in the Dockerfile, so apply the patches as part of the
Docker image creation, too.
While here, compile and install _all_ java files rather then
only those ending on "Fuzzer.java", and use a "real" git
checkout, which is required for more "advanced" git features,
most notoriously "log".
* [spring-framework] Use cp over mv in build.sh
Copying the files rather then moving them brings us one step
closer to being re-runable w/o restarting the docker container
* [spring-framework] shadow all our jar files
Also refactor the build.sh and Dockerfile to allow us adding
shadowJars more straightforwardly
* [spring-framework] Also build orm and jdbc, remove commented code
* [spring-framework] Copy all .class files to $OUT/
* [spring-framework] Use install over cp
* [spring-framework] Initial Integration for jdbc
* [spring-framework-jdbc] add copyright headers
Navidem