mirror of https://github.com/google/oss-fuzz.git
373 lines
14 KiB
Python
373 lines
14 KiB
Python
# Copyright 2021 Google LLC
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
"""Module for interacting with the ClusterFuzz deployment."""
|
|
import logging
|
|
import os
|
|
import sys
|
|
import urllib.error
|
|
import urllib.request
|
|
|
|
import config_utils
|
|
import continuous_integration
|
|
import filestore
|
|
import filestore_utils
|
|
import http_utils
|
|
import get_coverage
|
|
import repo_manager
|
|
|
|
# pylint: disable=wrong-import-position,import-error
|
|
sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
|
|
import utils
|
|
|
|
|
|
class BaseClusterFuzzDeployment:
|
|
"""Base class for ClusterFuzz deployments."""
|
|
|
|
def __init__(self, config, workspace):
|
|
self.config = config
|
|
self.workspace = workspace
|
|
self.ci_system = continuous_integration.get_ci(config)
|
|
|
|
def download_latest_build(self):
|
|
"""Downloads the latest build from ClusterFuzz.
|
|
|
|
Returns:
|
|
A path to where the OSS-Fuzz build was stored, or None if it wasn't.
|
|
"""
|
|
raise NotImplementedError('Child class must implement method.')
|
|
|
|
def upload_build(self, commit):
|
|
"""Uploads the build with the given commit sha to the filestore."""
|
|
raise NotImplementedError('Child class must implement method.')
|
|
|
|
def download_corpus(self, target_name, corpus_dir):
|
|
"""Downloads the corpus for |target_name| from ClusterFuzz to |corpus_dir|.
|
|
|
|
Returns:
|
|
A path to where the OSS-Fuzz build was stored, or None if it wasn't.
|
|
"""
|
|
raise NotImplementedError('Child class must implement method.')
|
|
|
|
def upload_crashes(self):
|
|
"""Uploads crashes in |crashes_dir| to filestore."""
|
|
raise NotImplementedError('Child class must implement method.')
|
|
|
|
def upload_corpus(self, target_name, corpus_dir): # pylint: disable=no-self-use,unused-argument
|
|
"""Uploads the corpus for |target_name| to filestore."""
|
|
raise NotImplementedError('Child class must implement method.')
|
|
|
|
def upload_coverage(self):
|
|
"""Uploads the coverage report to the filestore."""
|
|
raise NotImplementedError('Child class must implement method.')
|
|
|
|
def get_coverage(self, repo_path):
|
|
"""Returns the project coverage object for the project."""
|
|
raise NotImplementedError('Child class must implement method.')
|
|
|
|
|
|
def _make_empty_dir_if_nonexistent(path):
|
|
"""Makes an empty directory at |path| if it does not exist."""
|
|
os.makedirs(path, exist_ok=True)
|
|
|
|
|
|
class ClusterFuzzLite(BaseClusterFuzzDeployment):
|
|
"""Class representing a deployment of ClusterFuzzLite."""
|
|
|
|
COVERAGE_NAME = 'latest'
|
|
LATEST_BUILD_WINDOW = 3
|
|
|
|
def __init__(self, config, workspace):
|
|
super().__init__(config, workspace)
|
|
self.filestore = filestore_utils.get_filestore(self.config)
|
|
|
|
def download_latest_build(self):
|
|
if os.path.exists(self.workspace.clusterfuzz_build):
|
|
# This path is necessary because download_latest_build can be called
|
|
# multiple times.That is the case because it is called only when we need
|
|
# to see if a bug is novel, i.e. until we want to check a bug is novel we
|
|
# don't want to waste time calling this, but therefore this method can be
|
|
# called if multiple bugs are found.
|
|
return self.workspace.clusterfuzz_build
|
|
|
|
repo_dir = self.ci_system.repo_dir()
|
|
if not repo_dir:
|
|
raise RuntimeError('Repo checkout does not exist.')
|
|
|
|
_make_empty_dir_if_nonexistent(self.workspace.clusterfuzz_build)
|
|
repo = repo_manager.RepoManager(repo_dir)
|
|
|
|
# Builds are stored by commit, so try the latest |LATEST_BUILD_WINDOW|
|
|
# commits before the current.
|
|
# TODO(ochang): If API usage becomes an issue, this can be optimized by the
|
|
# filestore accepting a list of filenames to try.
|
|
for old_commit in repo.get_commit_list('HEAD^',
|
|
limit=self.LATEST_BUILD_WINDOW):
|
|
logging.info('Trying to downloading previous build %s.', old_commit)
|
|
build_name = self._get_build_name(old_commit)
|
|
try:
|
|
if self.filestore.download_build(build_name,
|
|
self.workspace.clusterfuzz_build):
|
|
logging.info('Done downloading previus build.')
|
|
return self.workspace.clusterfuzz_build
|
|
|
|
logging.info('Build for %s does not exist.', old_commit)
|
|
except Exception as err: # pylint: disable=broad-except
|
|
logging.error('Could not download build for %s because of: %s',
|
|
old_commit, err)
|
|
|
|
return None
|
|
|
|
def download_corpus(self, target_name, corpus_dir):
|
|
_make_empty_dir_if_nonexistent(corpus_dir)
|
|
logging.info('Downloading corpus for %s to %s.', target_name, corpus_dir)
|
|
corpus_name = self._get_corpus_name(target_name)
|
|
try:
|
|
self.filestore.download_corpus(corpus_name, corpus_dir)
|
|
logging.info('Done downloading corpus. Contains %d elements.',
|
|
len(os.listdir(corpus_dir)))
|
|
except Exception as err: # pylint: disable=broad-except
|
|
logging.error('Failed to download corpus for target: %s. Error: %s',
|
|
target_name, str(err))
|
|
return corpus_dir
|
|
|
|
def _get_build_name(self, name):
|
|
return f'{self.config.sanitizer}-{name}'
|
|
|
|
def _get_corpus_name(self, target_name): # pylint: disable=no-self-use
|
|
"""Returns the name of the corpus artifact."""
|
|
return target_name
|
|
|
|
def _get_crashes_artifact_name(self): # pylint: disable=no-self-use
|
|
"""Returns the name of the crashes artifact."""
|
|
return 'current'
|
|
|
|
def upload_corpus(self, target_name, corpus_dir):
|
|
"""Upload the corpus produced by |target_name|."""
|
|
logging.info('Uploading corpus in %s for %s.', corpus_dir, target_name)
|
|
name = self._get_corpus_name(target_name)
|
|
try:
|
|
self.filestore.upload_corpus(name, corpus_dir)
|
|
logging.info('Done uploading corpus.')
|
|
except Exception as error: # pylint: disable=broad-except
|
|
logging.error('Failed to upload corpus for target: %s. Error: %s.',
|
|
target_name, error)
|
|
|
|
def upload_build(self, commit):
|
|
"""Upload the build produced by CIFuzz as the latest build."""
|
|
logging.info('Uploading latest build in %s.', self.workspace.out)
|
|
build_name = self._get_build_name(commit)
|
|
try:
|
|
result = self.filestore.upload_build(build_name, self.workspace.out)
|
|
logging.info('Done uploading latest build.')
|
|
return result
|
|
except Exception as error: # pylint: disable=broad-except
|
|
logging.error('Failed to upload latest build: %s. Error: %s',
|
|
self.workspace.out, error)
|
|
|
|
def upload_crashes(self):
|
|
"""Uploads crashes."""
|
|
if not os.listdir(self.workspace.artifacts):
|
|
logging.info('No crashes in %s. Not uploading.', self.workspace.artifacts)
|
|
return
|
|
|
|
crashes_artifact_name = self._get_crashes_artifact_name()
|
|
|
|
logging.info('Uploading crashes in %s.', self.workspace.artifacts)
|
|
try:
|
|
self.filestore.upload_crashes(crashes_artifact_name,
|
|
self.workspace.artifacts)
|
|
logging.info('Done uploading crashes.')
|
|
except Exception as error: # pylint: disable=broad-except
|
|
logging.error('Failed to upload crashes. Error: %s', error)
|
|
|
|
def upload_coverage(self):
|
|
"""Uploads the coverage report to the filestore."""
|
|
self.filestore.upload_coverage(self.COVERAGE_NAME,
|
|
self.workspace.coverage_report)
|
|
|
|
def get_coverage(self, repo_path):
|
|
"""Returns the project coverage object for the project."""
|
|
try:
|
|
if not self.filestore.download_coverage(
|
|
self.COVERAGE_NAME, self.workspace.clusterfuzz_coverage):
|
|
logging.error('Could not download coverage.')
|
|
return None
|
|
return get_coverage.FilesystemCoverage(
|
|
repo_path, self.workspace.clusterfuzz_coverage)
|
|
except (get_coverage.CoverageError, filestore.FilestoreError):
|
|
logging.error('Could not get coverage.')
|
|
return None
|
|
|
|
|
|
class OSSFuzz(BaseClusterFuzzDeployment):
|
|
"""The OSS-Fuzz ClusterFuzz deployment."""
|
|
|
|
# Location of clusterfuzz builds on GCS.
|
|
CLUSTERFUZZ_BUILDS = 'clusterfuzz-builds'
|
|
|
|
# Zip file name containing the corpus.
|
|
CORPUS_ZIP_NAME = 'public.zip'
|
|
|
|
def get_latest_build_name(self):
|
|
"""Gets the name of the latest OSS-Fuzz build of a project.
|
|
|
|
Returns:
|
|
A string with the latest build version or None.
|
|
"""
|
|
version_file = (
|
|
f'{self.config.oss_fuzz_project_name}-{self.config.sanitizer}'
|
|
'-latest.version')
|
|
version_url = utils.url_join(utils.GCS_BASE_URL, self.CLUSTERFUZZ_BUILDS,
|
|
self.config.oss_fuzz_project_name,
|
|
version_file)
|
|
try:
|
|
response = urllib.request.urlopen(version_url)
|
|
except urllib.error.HTTPError:
|
|
logging.error('Error getting latest build version for %s from: %s.',
|
|
self.config.oss_fuzz_project_name, version_url)
|
|
return None
|
|
return response.read().decode()
|
|
|
|
def download_latest_build(self):
|
|
"""Downloads the latest OSS-Fuzz build from GCS.
|
|
|
|
Returns:
|
|
A path to where the OSS-Fuzz build was stored, or None if it wasn't.
|
|
"""
|
|
if os.path.exists(self.workspace.clusterfuzz_build):
|
|
# This function can be called multiple times, don't download the build
|
|
# again.
|
|
return self.workspace.clusterfuzz_build
|
|
|
|
_make_empty_dir_if_nonexistent(self.workspace.clusterfuzz_build)
|
|
|
|
latest_build_name = self.get_latest_build_name()
|
|
if not latest_build_name:
|
|
return None
|
|
|
|
logging.info('Downloading latest build.')
|
|
oss_fuzz_build_url = utils.url_join(utils.GCS_BASE_URL,
|
|
self.CLUSTERFUZZ_BUILDS,
|
|
self.config.oss_fuzz_project_name,
|
|
latest_build_name)
|
|
if http_utils.download_and_unpack_zip(oss_fuzz_build_url,
|
|
self.workspace.clusterfuzz_build):
|
|
logging.info('Done downloading latest build.')
|
|
return self.workspace.clusterfuzz_build
|
|
|
|
return None
|
|
|
|
def upload_build(self, commit): # pylint: disable=no-self-use
|
|
"""Noop Implementation of upload_build."""
|
|
logging.info('Not uploading latest build because on OSS-Fuzz.')
|
|
|
|
def upload_corpus(self, target_name, corpus_dir): # pylint: disable=no-self-use,unused-argument
|
|
"""Noop Implementation of upload_corpus."""
|
|
logging.info('Not uploading corpus because on OSS-Fuzz.')
|
|
|
|
def upload_crashes(self): # pylint: disable=no-self-use
|
|
"""Noop Implementation of upload_crashes."""
|
|
logging.info('Not uploading crashes because on OSS-Fuzz.')
|
|
|
|
def download_corpus(self, target_name, corpus_dir):
|
|
"""Downloads the latest OSS-Fuzz corpus for the target.
|
|
|
|
Returns:
|
|
The local path to to corpus or None if download failed.
|
|
"""
|
|
_make_empty_dir_if_nonexistent(corpus_dir)
|
|
project_qualified_fuzz_target_name = target_name
|
|
qualified_name_prefix = self.config.oss_fuzz_project_name + '_'
|
|
if not target_name.startswith(qualified_name_prefix):
|
|
project_qualified_fuzz_target_name = qualified_name_prefix + target_name
|
|
|
|
corpus_url = (f'{utils.GCS_BASE_URL}{self.config.oss_fuzz_project_name}'
|
|
'-backup.clusterfuzz-external.appspot.com/corpus/'
|
|
f'libFuzzer/{project_qualified_fuzz_target_name}/'
|
|
f'{self.CORPUS_ZIP_NAME}')
|
|
|
|
if not http_utils.download_and_unpack_zip(corpus_url, corpus_dir):
|
|
logging.warning('Failed to download corpus for %s.', target_name)
|
|
return corpus_dir
|
|
|
|
def upload_coverage(self):
|
|
"""Noop Implementation of upload_coverage_report."""
|
|
logging.info('Not uploading coverage report because on OSS-Fuzz.')
|
|
|
|
def get_coverage(self, repo_path):
|
|
"""Returns the project coverage object for the project."""
|
|
try:
|
|
return get_coverage.OSSFuzzCoverage(repo_path,
|
|
self.config.oss_fuzz_project_name)
|
|
except get_coverage.CoverageError:
|
|
return None
|
|
|
|
|
|
class NoClusterFuzzDeployment(BaseClusterFuzzDeployment):
|
|
"""ClusterFuzzDeployment implementation used when there is no deployment of
|
|
ClusterFuzz to use."""
|
|
|
|
def upload_build(self, commit): # pylint: disable=no-self-use
|
|
"""Noop Implementation of upload_build."""
|
|
logging.info('Not uploading latest build because no ClusterFuzz '
|
|
'deployment.')
|
|
|
|
def upload_corpus(self, target_name, corpus_dir): # pylint: disable=no-self-use,unused-argument
|
|
"""Noop Implementation of upload_corpus."""
|
|
logging.info('Not uploading corpus because no ClusterFuzz deployment.')
|
|
|
|
def upload_crashes(self): # pylint: disable=no-self-use
|
|
"""Noop Implementation of upload_crashes."""
|
|
logging.info('Not uploading crashes because no ClusterFuzz deployment.')
|
|
|
|
def download_corpus(self, target_name, corpus_dir):
|
|
"""Noop Implementation of download_corpus."""
|
|
logging.info('Not downloading corpus because no ClusterFuzz deployment.')
|
|
return _make_empty_dir_if_nonexistent(corpus_dir)
|
|
|
|
def download_latest_build(self): # pylint: disable=no-self-use
|
|
"""Noop Implementation of download_latest_build."""
|
|
logging.info(
|
|
'Not downloading latest build because no ClusterFuzz deployment.')
|
|
|
|
def upload_coverage(self):
|
|
"""Noop Implementation of upload_coverage."""
|
|
logging.info(
|
|
'Not uploading coverage report because no ClusterFuzz deployment.')
|
|
|
|
def get_coverage(self, repo_path):
|
|
"""Noop Implementation of get_coverage."""
|
|
logging.info(
|
|
'Not getting project coverage because no ClusterFuzz deployment.')
|
|
|
|
|
|
_PLATFORM_CLUSTERFUZZ_DEPLOYMENT_MAPPING = {
|
|
config_utils.BaseConfig.Platform.INTERNAL_GENERIC_CI:
|
|
OSSFuzz,
|
|
config_utils.BaseConfig.Platform.INTERNAL_GITHUB:
|
|
OSSFuzz,
|
|
config_utils.BaseConfig.Platform.EXTERNAL_GENERIC_CI:
|
|
NoClusterFuzzDeployment,
|
|
config_utils.BaseConfig.Platform.EXTERNAL_GITHUB:
|
|
ClusterFuzzLite,
|
|
}
|
|
|
|
|
|
def get_clusterfuzz_deployment(config, workspace):
|
|
"""Returns object reprsenting deployment of ClusterFuzz used by |config|."""
|
|
deployment_cls = _PLATFORM_CLUSTERFUZZ_DEPLOYMENT_MAPPING[config.platform]
|
|
result = deployment_cls(config, workspace)
|
|
logging.info('ClusterFuzzDeployment: %s.', result)
|
|
return result
|