Skip to content

Fuzz

Fuzz #260

Workflow file for this run

name: Fuzz
on:
workflow_dispatch:
schedule:
- cron: '12 3 * * 0' # At 03:12 AM UTC on Sunday.
env:
CARGO_INCREMENTAL: 0
CARGO_NET_RETRY: 10
RUSTUP_MAX_RETRIES: 10
RUST_BACKTRACE: short
CARGO_REGISTRIES_CRATES_IO_PROTOCOL: sparse
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 1
jobs:
corpus-download:
name: Download corpus
runs-on: ubuntu-20.04
env:
AZURE_STORAGE_KEY: ${{ secrets.CORPUS_AZURE_STORAGE_KEY }}
steps:
- uses: actions/checkout@v4
- name: Download fuzzing corpus
run: cargo xtask fuzz corpus-fetch -v
- name: Save corpus
uses: actions/cache/save@v4
with:
path: |
./fuzz/corpus
./fuzz/artifacts
key: fuzz-corpus-${{ github.run_id }}
fuzz:
name: Fuzzing ${{ matrix.target }}
runs-on: ubuntu-20.04
needs: corpus-download
strategy:
fail-fast: false
matrix:
target: [ pdu_decoding, rle_decompression, bitmap_stream, cliprdr_format, channel_processing ]
steps:
- uses: actions/checkout@v4
- name: Download corpus
uses: actions/cache/restore@v4
with:
fail-on-cache-miss: true
path: |
./fuzz/corpus
./fuzz/artifacts
key: fuzz-corpus-${{ github.run_id }}
- name: Print corpus
run: |
tree ./fuzz/corpus
tree ./fuzz/artifacts
- name: Rust cache
uses: Swatinem/[email protected]
with:
workspaces: fuzz -> target
- name: Binary cache
uses: actions/cache@v4
with:
path: ./.cargo/local_root/bin
key: ${{ runner.os }}-bin-${{ github.job }}-${{ hashFiles('xtask/src/bin_version.rs') }}
- name: Prepare runner
run: cargo xtask fuzz install -v
- name: Fuzz
run: cargo xtask fuzz run --duration 1000 --target ${{ matrix.target }} -v
- name: Minify fuzzing corpus
if: ${{ always() && !cancelled() }}
run: cargo xtask fuzz corpus-min --target ${{ matrix.target }} -v
# Use GitHub artifacts instead of cache for the updated corpus
# because same cache can’t be used by multiple jobs at the same time.
# Also, we can’t dynamically create a unique cache keys for all
# the targets, because then we can’t easily retrieve this cache
# without hardcoding a step for each one. It’s not good for maintenance.
- name: Prepare minified corpus upload
# We want to upload artifacts even if fuzzing "fails" (so we can retrieve the artifact causing the crash)
if: ${{ always() && !cancelled() }}
run: |
mkdir ${{ runner.temp }}/corpus/
cp -r ./fuzz/corpus/${{ matrix.target }} ${{ runner.temp }}/corpus
mkdir ${{ runner.temp }}/artifacts/
cp -r ./fuzz/artifacts/${{ matrix.target }} ${{ runner.temp }}/artifacts
- name: Upload minified corpus
if: ${{ always() && !cancelled() }}
uses: actions/upload-artifact@v4
with:
retention-days: 7
name: minified-corpus-${{ matrix.target }}
path: |
${{ runner.temp }}/corpus
${{ runner.temp }}/artifacts
corpus-merge:
name: Corpus merge artifacts
runs-on: ubuntu-latest
needs: fuzz
if: ${{ always() && !cancelled() }}
steps:
- name: Merge Artifacts
uses: actions/upload-artifact/merge@v4
with:
name: minified-corpus
pattern: minified-corpus-*
delete-merged: true
corpus-upload:
name: Upload corpus
runs-on: ubuntu-20.04
needs: corpus-merge
if: ${{ always() && !cancelled() }}
env:
AZURE_STORAGE_KEY: ${{ secrets.CORPUS_AZURE_STORAGE_KEY }}
steps:
- uses: actions/checkout@v4
- name: Download updated corpus
uses: actions/download-artifact@v4
with:
name: minified-corpus
path: ./fuzz/
- name: Print corpus
run: |
tree ./fuzz/corpus
tree ./fuzz/artifacts
- name: Upload fuzzing corpus
run: cargo xtask fuzz corpus-push -v
- name: Clean corpus cache
run: |
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ github.token }}"\
-H "X-GitHub-Api-Version: 2022-11-28" \
"${GITHUB_API_URL}/repos/${GITHUB_REPOSITORY}/actions/caches?key=fuzz-corpus-${{ github.run_id }}"
notify:
name: Notify failure
runs-on: ubuntu-latest
if: ${{ always() && contains(needs.*.result, 'failure') && github.event_name == 'schedule' }}
needs:
- fuzz
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_ARCHITECTURE }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
steps:
- name: Send slack notification
id: slack
uses: slackapi/[email protected]
with:
payload: |
{
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*${{ github.repository }}* :warning: \n Fuzz workflow for *${{ github.repository }}* <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|found a bug>"
}
}
]
}