mirror of https://github.com/caddyserver/caddy.git
74 lines
2.4 KiB
YAML
74 lines
2.4 KiB
YAML
name: Fuzzing
|
|
|
|
on:
|
|
# Daily midnight fuzzing
|
|
schedule:
|
|
- cron: '0 0 * * *'
|
|
|
|
jobs:
|
|
fuzzing:
|
|
name: Fuzzing
|
|
|
|
strategy:
|
|
matrix:
|
|
os: [ ubuntu-latest ]
|
|
go: [ '1.14' ]
|
|
runs-on: ${{ matrix.os }}
|
|
|
|
steps:
|
|
- name: Install Go
|
|
uses: actions/setup-go@v2
|
|
with:
|
|
go-version: ${{ matrix.go }}
|
|
|
|
- name: Checkout code
|
|
uses: actions/checkout@v2
|
|
|
|
- name: Download go-fuzz tools and the Fuzzit CLI, move Fuzzit CLI to GOBIN
|
|
# If we decide we need to prevent this from running on forks, we can use this line:
|
|
# if: github.repository == 'caddyserver/caddy'
|
|
run: |
|
|
|
|
go get -v github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-build
|
|
wget -q -O fuzzit https://github.com/fuzzitdev/fuzzit/releases/download/v2.4.77/fuzzit_Linux_x86_64
|
|
chmod a+x fuzzit
|
|
mv fuzzit $(go env GOPATH)/bin
|
|
echo "::add-path::$(go env GOPATH)/bin"
|
|
|
|
- name: Generate fuzzers & submit them to Fuzzit
|
|
continue-on-error: true
|
|
env:
|
|
FUZZIT_API_KEY: ${{ secrets.FUZZIT_API_KEY }}
|
|
SYSTEM_PULLREQUEST_SOURCEBRANCH: ${{ github.ref }}
|
|
BUILD_SOURCEVERSION: ${{ github.sha }}
|
|
run: |
|
|
# debug
|
|
echo "PR Source Branch: $SYSTEM_PULLREQUEST_SOURCEBRANCH"
|
|
echo "Source version: $BUILD_SOURCEVERSION"
|
|
|
|
declare -A fuzzers_funcs=(\
|
|
["./caddyconfig/httpcaddyfile/addresses_fuzz.go"]="FuzzParseAddress" \
|
|
["./listeners_fuzz.go"]="FuzzParseNetworkAddress" \
|
|
["./replacer_fuzz.go"]="FuzzReplacer" \
|
|
)
|
|
|
|
declare -A fuzzers_targets=(\
|
|
["./caddyconfig/httpcaddyfile/addresses_fuzz.go"]="parse-address" \
|
|
["./listeners_fuzz.go"]="parse-network-address" \
|
|
["./replacer_fuzz.go"]="replacer" \
|
|
)
|
|
|
|
fuzz_type="fuzzing"
|
|
|
|
for f in $(find . -name \*_fuzz.go); do
|
|
FUZZER_DIRECTORY=$(dirname "$f")
|
|
|
|
echo "go-fuzz-build func ${fuzzers_funcs[$f]} residing in $f"
|
|
|
|
go-fuzz-build -func "${fuzzers_funcs[$f]}" -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.zip" "$FUZZER_DIRECTORY"
|
|
|
|
fuzzit create job --engine go-fuzz caddyserver/"${fuzzers_targets[$f]}" "$FUZZER_DIRECTORY"/"${fuzzers_targets[$f]}.zip" --api-key "${FUZZIT_API_KEY}" --type "${fuzz_type}" --branch "${SYSTEM_PULLREQUEST_SOURCEBRANCH}" --revision "${BUILD_SOURCEVERSION}"
|
|
|
|
echo "Completed $f"
|
|
done
|