Skip to content

🌱 Combine fuzzing probes #3877

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
spencerschrock merged 17 commits into from
Mar 11, 2024
Merged

🌱 Combine fuzzing probes #3877

spencerschrock merged 17 commits into from
Mar 11, 2024

Conversation

@spencerschrock
Copy link
Member

@spencerschrock spencerschrock commented Feb 16, 2024
edited
Loading

What kind of change does this PR introduce?

refactor

What is the current behavior?

Each fuzzing tool has its own probe

What is the new behavior (if this is a feature change)?**

There's only one fuzzing probe, and a "tool" value specifies which tool is used.

  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

Related to #3824

Special notes for your reviewer

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to
the release-note

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

The Fuzzing probes have been combined into a single probe. The various tools are specified by the "tool" value.

@spencerschrock
single fuzz probe boilerplate
9d43934 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock
initial implementation
f24137f 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock
connect fuzzing probe to eval code
89eadb0 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock
include fuzzer name as tool
9e8fea6 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock
connect to probes flag
64e465e 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock
remove old probes from list
81d2b76 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock
remove old probes
6de2ef9 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock
fix failing test
8d06ab1 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock
add tool value to test
8fcf7dd 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock
Copy link
Member Author

spencerschrock commented Feb 16, 2024

Still have a couple TODOs, especially around remediation and supported tools so still a draft.

I know there has been discussion about continuous fuzzing in the past being different than the fuzzing libraries. While this PR combines everything into one probe, I don't think this limits the introduction of a continuous fuzzing probe in the future.

For example:
fuzzed is just a simple "is this fuzzed"
and maybe we add fuzzedContinuously later, and OSS-Fuzz would be reported by both.

@codecov
Copy link

codecov bot commented Feb 16, 2024
edited
Loading

Codecov Report

Merging #3877 (b5b3547) into main (e1f5483) will decrease coverage by 6.61%.
The diff coverage is 80.95%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3877      +/-   ##
==========================================
- Coverage   75.07%   68.46%   -6.61%     
==========================================
  Files         234      222      -12     
  Lines       15881    15807      -74     
==========================================
- Hits        11922    10823    -1099     
- Misses       3196     4289    +1093     
+ Partials      763      695      -68

@spencerschrock
add fuzz tool helper
e1eceeb 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock
specify supported tools
1c91132 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock
update e2e test
d2b04a7 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock
check for no raw data
d20a90c 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock
add basic tests
1a1fd8a 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock
add test to ensure fuzzer location is propagated
2eaf3b0 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock spencerschrock marked this pull request as ready for review February 26, 2024 21:29
@spencerschrock spencerschrock requested a review from a team as a code owner February 26, 2024 21:29
@spencerschrock spencerschrock requested review from justaugustus and raghavkaul and removed request for a team February 26, 2024 21:29
@spencerschrock
expand detailed tests to include other info like tool value
0fa5874 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock
Copy link
Member Author

spencerschrock commented Mar 6, 2024

/scdiff generate Fuzzing

@github-actions
Copy link

github-actions bot commented Mar 6, 2024

Here's a link to the scdiff run

@spencerschrock spencerschrock enabled auto-merge (squash) March 11, 2024 02:42
@spencerschrock spencerschrock merged commit f1e703f into ossf:main Mar 11, 2024
@spencerschrock spencerschrock deleted the fuzzing-combine-probes branch March 11, 2024 02:50
fhoeborn pushed a commit to fhoeborn/scorecard that referenced this pull request Apr 1, 2024
@spencerschrock @fhoeborn
🌱 Combine fuzzing probes (ossf#3877)
0bd47a8 
* single fuzz probe boilerplate

Signed-off-by: Spencer Schrock <sschrock@google.com>

* initial implementation

Signed-off-by: Spencer Schrock <sschrock@google.com>

* connect fuzzing probe to eval code

Signed-off-by: Spencer Schrock <sschrock@google.com>

* include fuzzer name as tool

Signed-off-by: Spencer Schrock <sschrock@google.com>

* connect to probes flag

Signed-off-by: Spencer Schrock <sschrock@google.com>

* remove old probes from list

Signed-off-by: Spencer Schrock <sschrock@google.com>

* remove old probes

Signed-off-by: Spencer Schrock <sschrock@google.com>

* fix failing test

Signed-off-by: Spencer Schrock <sschrock@google.com>

* add tool value to test

Signed-off-by: Spencer Schrock <sschrock@google.com>

* add fuzz tool helper

Signed-off-by: Spencer Schrock <sschrock@google.com>

* specify supported tools

Signed-off-by: Spencer Schrock <sschrock@google.com>

* update e2e test

Signed-off-by: Spencer Schrock <sschrock@google.com>

* check for no raw data

Signed-off-by: Spencer Schrock <sschrock@google.com>

* add basic tests

Signed-off-by: Spencer Schrock <sschrock@google.com>

* add test to ensure fuzzer location is propagated

Signed-off-by: Spencer Schrock <sschrock@google.com>

* expand detailed tests to include other info like tool value

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock spencerschrock mentioned this pull request Jan 8, 2026
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@justaugustus justaugustus Awaiting requested review from justaugustus justaugustus is a code owner automatically assigned from ossf/scorecard-maintainers

@raghavkaul raghavkaul Awaiting requested review from raghavkaul raghavkaul is a code owner automatically assigned from ossf/scorecard-maintainers

1 more reviewer

@laurentsimon laurentsimon laurentsimon approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

OpenSSF Scorecard
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@spencerschrock @laurentsimon