├── .devcontainer
├── Dockerfile
├── devcontainer.json
├── install-dependencies.sh
├── post-create-script.sh
├── pre-commit
└── workspace.code-workspace
├── .gitattributes
├── .github
├── ISSUE_TEMPLATE
│ ├── bug_report.md
│ ├── config.yml
│ ├── documentation-issue.md
│ └── feature_request.md
├── codeql
│ └── codeql-config.yml
├── dependabot.yml
├── policies
│ └── resourceManagement.yml
├── pull_request_template.md
└── workflows
│ ├── ci.yml
│ ├── codeql-analysis.yml
│ ├── sync-issue-to azure-devops-work-item.yml
│ └── validate-devcontainer.yml
├── .gitignore
├── CHANGELOG.md
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── CURRENT_VERSION
├── LICENSE
├── README.md
├── SECURITY.md
├── codecov.yml
├── contrib
├── README.md
├── deploy-onefuzz-via-azure-devops
│ ├── .gitignore
│ ├── .pylintrc
│ ├── Pipfile
│ ├── Pipfile.lock
│ ├── README.md
│ ├── __init__.py
│ ├── deploy-onefuzz.yml
│ ├── get_latest_version.py
│ └── tox.ini
├── onefuzz-job-azure-devops-pipeline
│ ├── README.md
│ ├── ado-work-items.json
│ └── azure-pipelines.yml
├── onefuzz-job-github-actions
│ ├── README.md
│ ├── github-issues.json
│ └── github-pipeline.yml
└── webhook-teams-service
│ ├── .gitignore
│ ├── README.md
│ ├── example-message.png
│ ├── host.json
│ ├── local.settings.json
│ ├── mypy.ini
│ ├── requirements.txt
│ └── webhook
│ ├── __init__.py
│ └── function.json
├── docs
├── AADEntitites.md
├── FAQ.md
├── OneFuzz-Docker-CLI.md
├── README.md
├── command-replacements.md
├── comms-channels.md
├── containers.md
├── custom-analysis.md
├── custom-images.md
├── deprecated
│ ├── declarative-templates.md
│ └── managing-templates.md
├── getting-started.md
├── how-to
│ ├── add-edit-workbook.md
│ ├── fuzzing-other-architectures-on-azure.md
│ ├── git-bisect-a-crash.md
│ └── remote-debugging-dotnet.md
├── known-issues.md
├── managed-identities.md
├── migrating-regions.md
├── migrating-to-events-2.0.md
├── notifications.md
├── notifications
│ ├── ado.md
│ ├── github.md
│ ├── teams-message.png
│ └── teams.md
├── onefuzz_text.svg
├── overview.md
├── screencasts
│ ├── README.md
│ ├── launching-job.cast
│ ├── launching-job.gif
│ ├── live-debugging.cast
│ └── live-debugging.gif
├── specs
│ └── spec-template.md
├── ssh-config.md
├── supported-platforms.md
├── tasks.md
├── telemetry.md
├── terminology.md
├── threat-model
│ └── onefuzz-threat-model.tm7
├── troubleshooting.md
├── unmanaged-nodes.md
├── upgrading.md
├── values.md
├── versioning.md
├── webhook_events.md
└── webhooks.md
├── global.json
└── src
├── ApiService
├── .config
│ └── dotnet-tools.json
├── .editorconfig
├── .gitignore
├── ApiService.sln
├── ApiService
│ ├── ApiService.csproj
│ ├── Auth
│ │ ├── AuthenticationItems.cs
│ │ ├── AuthenticationMiddleware.cs
│ │ ├── AuthorizationMiddleware.cs
│ │ └── AuthorizeAttribute.cs
│ ├── FeatureFlags.cs
│ ├── Functions
│ │ ├── AgentCanSchedule.cs
│ │ ├── AgentCommands.cs
│ │ ├── AgentEvents.cs
│ │ ├── AgentRegistration.cs
│ │ ├── Config.cs
│ │ ├── Containers.cs
│ │ ├── Download.cs
│ │ ├── Events.cs
│ │ ├── Info.cs
│ │ ├── InstanceConfig.cs
│ │ ├── Jobs.cs
│ │ ├── Migrations
│ │ │ └── JinjaToScriban.cs
│ │ ├── Negotiate.cs
│ │ ├── Node.cs
│ │ ├── NodeAddSshKey.cs
│ │ ├── Notifications.cs
│ │ ├── NotificationsTest.cs
│ │ ├── Pool.cs
│ │ ├── Proxy.cs
│ │ ├── QueueFileChanges.cs
│ │ ├── QueueJobResult.cs
│ │ ├── QueueNodeHeartbeat.cs
│ │ ├── QueueProxyUpdate.cs
│ │ ├── QueueSignalREvents.cs
│ │ ├── QueueTaskHeartbeat.cs
│ │ ├── QueueWebhooks.cs
│ │ ├── ReproVmss.cs
│ │ ├── Scaleset.cs
│ │ ├── Tasks.cs
│ │ ├── TimerDaily.cs
│ │ ├── TimerProxy.cs
│ │ ├── TimerRepro.cs
│ │ ├── TimerRetention.cs
│ │ ├── TimerTasks.cs
│ │ ├── TimerWorkers.cs
│ │ ├── Tool.cs
│ │ ├── ValidateScriban.cs
│ │ ├── WebhookLogs.cs
│ │ ├── WebhookPing.cs
│ │ └── Webhooks.cs
│ ├── GroupMembershipChecker.cs
│ ├── HttpClient.cs
│ ├── Log.cs
│ ├── LogExt.cs
│ ├── OneFuzzTypes
│ │ ├── Converters.cs
│ │ ├── Enums.cs
│ │ ├── Events.cs
│ │ ├── Model.cs
│ │ ├── Requests.cs
│ │ ├── Responses.cs
│ │ ├── ReturnTypes.cs
│ │ ├── Validated.cs
│ │ └── Webhooks.cs
│ ├── Program.cs
│ ├── ServiceConfiguration.cs
│ ├── TestHooks
│ │ ├── ContainerTestHooks.cs
│ │ ├── CredsTestHooks.cs
│ │ ├── DiskOperationsTestHooks.cs
│ │ ├── EventsTestHooks.cs
│ │ ├── ExtensionsTestHooks.cs
│ │ ├── InstanceConfigTestHooks.cs
│ │ ├── IpOperationsTestHooks.cs
│ │ ├── JobOperationsTestHooks.cs
│ │ ├── LogAnalyticsTestHooks.cs
│ │ ├── NodeOperationsTestHooks.cs
│ │ ├── NotificationOperationsTestHooks.cs
│ │ ├── NsgOperationsTestHooks.cs
│ │ ├── PoolOperationsTestHooks.cs
│ │ ├── ProxyForwardTestHooks.cs
│ │ ├── TestHooks.cs
│ │ ├── UriExtension.cs
│ │ └── VmssTestHooks.cs
│ ├── az-local.settings.json
│ ├── host.json
│ ├── onefuzzlib
│ │ ├── Auth.cs
│ │ ├── AutoScale.cs
│ │ ├── Config.cs
│ │ ├── ConfigOperations.cs
│ │ ├── Containers.cs
│ │ ├── Creds.cs
│ │ ├── Defs.cs
│ │ ├── DiskOperations.cs
│ │ ├── EndpointAuthorization.cs
│ │ ├── Events.cs
│ │ ├── Extension.cs
│ │ ├── ImageReference.cs
│ │ ├── InstanceIds.cs
│ │ ├── IpOperations.cs
│ │ ├── JobOperations.cs
│ │ ├── JobResultOperations.cs
│ │ ├── LogAnalytics.cs
│ │ ├── Metrics.cs
│ │ ├── Network.cs
│ │ ├── NodeMessageOperations.cs
│ │ ├── NodeOperations.cs
│ │ ├── NodeTasksOperations.cs
│ │ ├── NotificationOperations.cs
│ │ ├── NsgOperations.cs
│ │ ├── OnefuzzContext.cs
│ │ ├── PoolOperations.cs
│ │ ├── ProxyForwardOperations.cs
│ │ ├── ProxyOperations.cs
│ │ ├── Queue.cs
│ │ ├── Reports.cs
│ │ ├── ReproOperations.cs
│ │ ├── Request.cs
│ │ ├── RequestAccess.cs
│ │ ├── RetentionPolicy.cs
│ │ ├── ScalesetOperations.cs
│ │ ├── Scheduler.cs
│ │ ├── Secrets.cs
│ │ ├── ShrinkQueue.cs
│ │ ├── Storage.cs
│ │ ├── Subnet.cs
│ │ ├── TaskEventOperations.cs
│ │ ├── TaskOperations.cs
│ │ ├── Utils.cs
│ │ ├── Versions.cs
│ │ ├── VmExtensionWrapper.cs
│ │ ├── VmOperations.cs
│ │ ├── VmssOperations.cs
│ │ ├── WebhookOperations.cs
│ │ ├── WellKnownContainers.cs
│ │ ├── events
│ │ │ └── Converters.cs
│ │ ├── notifications
│ │ │ ├── Ado.cs
│ │ │ ├── GithubIssues.cs
│ │ │ ├── JinjaTemplateAdapter.cs
│ │ │ ├── NotificationsBase.cs
│ │ │ └── Teams.cs
│ │ └── orm
│ │ │ ├── CaseConverter.cs
│ │ │ ├── CustomConverterFactory.cs
│ │ │ ├── EntityConverter.cs
│ │ │ ├── Orm.cs
│ │ │ └── Queries.cs
│ └── packages.lock.json
├── CSharpExtensions.json
├── Directory.Build.props
├── FunctionalTests
│ ├── 1f-api
│ │ ├── ApiBase.cs
│ │ ├── ApiClient.cs
│ │ ├── Authentication.cs
│ │ ├── Container.cs
│ │ ├── Download.cs
│ │ ├── Error.cs
│ │ ├── Info.cs
│ │ ├── Jobs.cs
│ │ ├── Negotiate.cs
│ │ ├── Node.cs
│ │ ├── NodeAddSshKey.cs
│ │ ├── Notifications.cs
│ │ ├── Pool.cs
│ │ ├── Proxy.cs
│ │ ├── ReproVmss.cs
│ │ ├── Result.cs
│ │ ├── Scaleset.cs
│ │ ├── Tasks.cs
│ │ ├── UserInfo.cs
│ │ ├── WebhookLogs.cs
│ │ ├── WebhookPing.cs
│ │ └── Webhooks.cs
│ ├── Auth.cs
│ ├── FunctionalTests.csproj
│ ├── GlobalSuppressions.cs
│ ├── Helpers.cs
│ ├── TestContainer.cs
│ ├── TestInfo.cs
│ ├── TestNode.cs
│ ├── TestPool.cs
│ ├── TestProxy.cs
│ ├── TestScaleset.cs
│ ├── TestTasks.cs
│ ├── TestVersionCheckMiddleware.cs
│ └── packages.lock.json
├── IntegrationTests
│ ├── AdoTests.cs
│ ├── AgentCanScheduleTests.cs
│ ├── AgentCommandsTests.cs
│ ├── AgentEventsTests.cs
│ ├── AgentRegistrationTests.cs
│ ├── AuthTests.cs
│ ├── ContainersTests.cs
│ ├── DownloadTests.cs
│ ├── EndpointAuthTests.cs
│ ├── EventsTests.cs
│ ├── Fakes
│ │ ├── TestContainers.cs
│ │ ├── TestContext.cs
│ │ ├── TestCreds.cs
│ │ ├── TestEvents.cs
│ │ ├── TestFeatureManagerSnapshot.cs
│ │ ├── TestFunctionContext.cs
│ │ ├── TestHttpRequestData.cs
│ │ ├── TestMetrics.cs
│ │ ├── TestServiceConfiguration.cs
│ │ ├── TestVmssOperations.cs
│ │ ├── TestWebhookMessageLogOperations.cs
│ │ └── TestWebhookOperations.cs
│ ├── InfoTests.cs
│ ├── Integration
│ │ ├── AzureStorage.cs
│ │ └── AzuriteStorage.cs
│ ├── IntegrationTests.csproj
│ ├── JinjaToScribanMigrationTests.cs
│ ├── JobsTests.cs
│ ├── NodeTests.cs
│ ├── PoolTests.cs
│ ├── README.md
│ ├── ReproVmssTests.cs
│ ├── ScalesetTests.cs
│ ├── TasksTests.cs
│ ├── TestLogTracer.cs
│ ├── ToolsTests.cs
│ ├── _FunctionTestBase.cs
│ └── packages.lock.json
└── Tests
│ ├── AuthTests.cs
│ ├── ErrorTests.cs
│ ├── EventExportConverterTests.cs
│ ├── EventsTests.cs
│ ├── ExponentialBackoffTests.cs
│ ├── ImageReferenceTests.cs
│ ├── InstanceIdTests.cs
│ ├── JsonTests.cs
│ ├── OrmModelsTest.cs
│ ├── OrmTest.cs
│ ├── QueryTest.cs
│ ├── RemoveUserInfoTest.cs
│ ├── ReportTests.cs
│ ├── RequestAccessTests.cs
│ ├── RequestsTests.cs
│ ├── SchedulerTests.cs
│ ├── StatefulOrmTests.cs
│ ├── TemplateTests.cs
│ ├── Tests.csproj
│ ├── TimerReproTests.cs
│ ├── TreePathTests.cs
│ ├── TruncationTests.cs
│ ├── ValidatedStringTests.cs
│ └── packages.lock.json
├── Dockerfile
├── agent
├── .cargo
│ └── config.toml
├── .gitignore
├── .rustfmt.toml
├── Cargo.lock
├── Cargo.toml
├── LibFuzzerDotnetLoader
│ ├── .gitignore
│ ├── LibFuzzerDotnetLoader.csproj
│ ├── Program.cs
│ └── README.md
├── atexit
│ ├── Cargo.toml
│ └── src
│ │ └── lib.rs
├── cobertura
│ ├── Cargo.toml
│ └── src
│ │ └── lib.rs
├── coverage
│ ├── Cargo.toml
│ ├── README.md
│ ├── examples
│ │ ├── allowlist-check.rs
│ │ ├── cobertura.rs
│ │ └── record.rs
│ ├── fuzz
│ │ ├── .gitignore
│ │ ├── Cargo.lock
│ │ ├── Cargo.toml
│ │ └── fuzz_targets
│ │ │ ├── fuzz_target_allowlist_parse.rs
│ │ │ └── fuzz_target_record_coverage.rs
│ ├── src
│ │ ├── allowlist.rs
│ │ ├── allowlist
│ │ │ ├── test-data
│ │ │ │ ├── allow-all-glob-except-commented.txt
│ │ │ │ ├── allow-all-glob-except.txt
│ │ │ │ ├── allow-all-glob-extension.txt
│ │ │ │ ├── allow-all-glob.txt
│ │ │ │ ├── allow-all.txt
│ │ │ │ ├── allow-some.txt
│ │ │ │ └── empty.txt
│ │ │ └── tests.rs
│ │ ├── binary.rs
│ │ ├── binary
│ │ │ └── tests.rs
│ │ ├── cobertura.rs
│ │ ├── lib.rs
│ │ ├── record.rs
│ │ ├── record
│ │ │ ├── linux.rs
│ │ │ ├── linux
│ │ │ │ └── debugger.rs
│ │ │ └── windows.rs
│ │ ├── source.rs
│ │ └── timer.rs
│ └── tests
│ │ ├── snapshot.rs
│ │ ├── snapshots
│ │ └── snapshot__windows_snapshot_tests.snap
│ │ └── windows
│ │ └── Inlinee.cpp
├── data
│ └── licenses.json
├── debuggable-module
│ ├── Cargo.toml
│ ├── examples
│ │ └── dump.rs
│ └── src
│ │ ├── block.rs
│ │ ├── debuginfo.rs
│ │ ├── lib.rs
│ │ ├── linux.rs
│ │ ├── load_module.rs
│ │ ├── loader.rs
│ │ ├── path.rs
│ │ └── windows.rs
├── debugger
│ ├── Cargo.toml
│ └── src
│ │ ├── breakpoint.rs
│ │ ├── dbghelp.rs
│ │ ├── debug_event.rs
│ │ ├── debugger.rs
│ │ ├── lib.rs
│ │ ├── module.rs
│ │ ├── stack.rs
│ │ └── target.rs
├── dynamic-library
│ ├── Cargo.toml
│ └── src
│ │ ├── bin
│ │ └── dynamic-library.rs
│ │ ├── lib.rs
│ │ ├── linux.rs
│ │ ├── linux
│ │ ├── ld_debug_output_missing.txt
│ │ ├── ld_debug_output_none_missing.txt
│ │ ├── ldd_output_missing_0.txt
│ │ ├── ldd_output_missing_1.txt
│ │ ├── ldd_output_missing_2.txt
│ │ └── tests.rs
│ │ └── windows.rs
├── input-tester
│ ├── Cargo.toml
│ └── src
│ │ ├── appverifier.rs
│ │ ├── crash_detector.rs
│ │ ├── lib.rs
│ │ ├── logging.rs
│ │ ├── summary.rs
│ │ ├── test_result
│ │ ├── asan.rs
│ │ ├── fast_fail.rs
│ │ ├── mod.rs
│ │ ├── vcpp_debugger.rs
│ │ └── verifier_stop.rs
│ │ └── tester.rs
├── libclusterfuzz
│ ├── Cargo.toml
│ ├── LICENSE
│ ├── README.md
│ ├── cgmanifest.json
│ ├── data
│ │ ├── parsed-traces
│ │ │ ├── check_dir@address_in_state.txt.snap
│ │ │ ├── check_dir@android_asan_null_dereference_read.txt.snap
│ │ │ ├── check_dir@android_asan_null_dereference_write.txt.snap
│ │ │ ├── check_dir@android_asan_unknown_read.txt.snap
│ │ │ ├── check_dir@android_asan_unknown_write.txt.snap
│ │ │ ├── check_dir@asan_assert_failure.txt.snap
│ │ │ ├── check_dir@asan_breakpoint.txt.snap
│ │ │ ├── check_dir@asan_breakpoint_with_check.txt.snap
│ │ │ ├── check_dir@asan_bus.txt.snap
│ │ │ ├── check_dir@asan_container_overflow_read.txt.snap
│ │ │ ├── check_dir@asan_double_free.txt.snap
│ │ │ ├── check_dir@asan_fpe.txt.snap
│ │ │ ├── check_dir@asan_gsignal.txt.snap
│ │ │ ├── check_dir@asan_heap_overflow_read.txt.snap
│ │ │ ├── check_dir@asan_heap_overflow_write.txt.snap
│ │ │ ├── check_dir@asan_ill.txt.snap
│ │ │ ├── check_dir@asan_ill_null_address.txt.snap
│ │ │ ├── check_dir@asan_invalid_free.txt.snap
│ │ │ ├── check_dir@asan_null_dereference_read.txt.snap
│ │ │ ├── check_dir@asan_null_dereference_unknown.txt.snap
│ │ │ ├── check_dir@asan_null_dereference_win_read.txt.snap
│ │ │ ├── check_dir@asan_null_dereference_win_write.txt.snap
│ │ │ ├── check_dir@asan_null_dereference_write.txt.snap
│ │ │ ├── check_dir@asan_stack_overflow.txt.snap
│ │ │ ├── check_dir@asan_stack_overflow2.txt.snap
│ │ │ ├── check_dir@asan_stack_overflow3.txt.snap
│ │ │ ├── check_dir@asan_uaf.txt.snap
│ │ │ ├── check_dir@asan_unknown_crash_read.txt.snap
│ │ │ ├── check_dir@asan_unknown_crash_write.txt.snap
│ │ │ ├── check_dir@asan_unknown_read.txt.snap
│ │ │ ├── check_dir@asan_unknown_unknown.txt.snap
│ │ │ ├── check_dir@asan_unknown_win_read.txt.snap
│ │ │ ├── check_dir@asan_unknown_win_write.txt.snap
│ │ │ ├── check_dir@asan_unknown_write.txt.snap
│ │ │ ├── check_dir@assert.txt.snap
│ │ │ ├── check_dir@assert_chromium_log.txt.snap
│ │ │ ├── check_dir@assert_failure_google.txt.snap
│ │ │ ├── check_dir@assert_glibc.txt.snap
│ │ │ ├── check_dir@assert_glibc_with_glib.txt.snap
│ │ │ ├── check_dir@assert_with_panic_keyword.txt.snap
│ │ │ ├── check_dir@browser_uaf.txt.snap
│ │ │ ├── check_dir@browser_uaf2.txt.snap
│ │ │ ├── check_dir@browser_uaf3.txt.snap
│ │ │ ├── check_dir@cfi_bad_cast.txt.snap
│ │ │ ├── check_dir@check_failure_google.txt.snap
│ │ │ ├── check_dir@check_failure_vs_no_closing.txt.snap
│ │ │ ├── check_dir@check_failure_with_handle_sigill=1.txt.snap
│ │ │ ├── check_dir@check_failure_with_msan_abrt.txt.snap
│ │ │ ├── check_dir@check_failure_with_string_vs_string.txt.snap
│ │ │ ├── check_dir@cobalt_check.txt.snap
│ │ │ ├── check_dir@fuchsia_asan.txt.snap
│ │ │ ├── check_dir@fuchsia_ignore.txt.snap
│ │ │ ├── check_dir@fuchsia_reproducible_crash.txt.snap
│ │ │ ├── check_dir@gdb_sigtrap_and_libfuzzer.txt.snap
│ │ │ ├── check_dir@glib_assert_failure.txt.snap
│ │ │ ├── check_dir@golang_asan_panic.txt.snap
│ │ │ ├── check_dir@golang_fatal_error_stack_overflow.txt.snap
│ │ │ ├── check_dir@golang_generic_fatal_error_and_asan_abrt.txt.snap
│ │ │ ├── check_dir@golang_generic_panic_and_asan_abrt.txt.snap
│ │ │ ├── check_dir@golang_libfuzzer_panic.txt.snap
│ │ │ ├── check_dir@golang_new_crash_type_and_asan_abrt.txt.snap
│ │ │ ├── check_dir@golang_panic_runtime_error_index_out_of_range_with_msan.txt.snap
│ │ │ ├── check_dir@golang_panic_runtime_error_slice_bounds_out_of_range.txt.snap
│ │ │ ├── check_dir@gsignal_at_first_stack_frame.txt.snap
│ │ │ ├── check_dir@hwasan_allocation_tail_overwritten.txt.snap
│ │ │ ├── check_dir@ignore_abort_frames.txt.snap
│ │ │ ├── check_dir@ignore_honggfuzz.txt.snap
│ │ │ ├── check_dir@ignore_libcplusplus.txt.snap
│ │ │ ├── check_dir@ignore_llvm.txt.snap
│ │ │ ├── check_dir@ignore_sanitizer.txt.snap
│ │ │ ├── check_dir@ignore_vdso.txt.snap
│ │ │ ├── check_dir@ignore_win_frames.txt.snap
│ │ │ ├── check_dir@libfuzzer_deadly_signal.txt.snap
│ │ │ ├── check_dir@libfuzzer_fuzz_target_exited.txt.snap
│ │ │ ├── check_dir@libfuzzer_llvm_fuzzer_test_one_input_crash.txt.snap
│ │ │ ├── check_dir@libfuzzer_oom.txt.snap
│ │ │ ├── check_dir@libfuzzer_oom_malloc.txt.snap
│ │ │ ├── check_dir@libfuzzer_overwrites_const_input.txt.snap
│ │ │ ├── check_dir@libfuzzer_timeout.txt.snap
│ │ │ ├── check_dir@lkl_libfuzzer.txt.snap
│ │ │ ├── check_dir@lkl_libfuzzer_symbolized.txt.snap
│ │ │ ├── check_dir@lkl_libfuzzer_unsymbolized.txt.snap
│ │ │ ├── check_dir@log_fatal_google.txt.snap
│ │ │ ├── check_dir@lsan_direct_leak.txt.snap
│ │ │ ├── check_dir@lsan_indirect_leak_cycle.txt.snap
│ │ │ ├── check_dir@lsan_multiple_leaks.txt.snap
│ │ │ ├── check_dir@lsan_single_frame_stacks.txt.snap
│ │ │ ├── check_dir@msan_browser.txt.snap
│ │ │ ├── check_dir@msan_renderer.txt.snap
│ │ │ ├── check_dir@msan_uninitialized_value.txt.snap
│ │ │ ├── check_dir@oom2.txt.snap
│ │ │ ├── check_dir@oom3.txt.snap
│ │ │ ├── check_dir@oom4.txt.snap
│ │ │ ├── check_dir@python_unhandled_exception.txt.snap
│ │ │ ├── check_dir@regress_double_unknown.txt.snap
│ │ │ ├── check_dir@rust_assert.txt.snap
│ │ │ ├── check_dir@rust_ignores.txt.snap
│ │ │ ├── check_dir@rust_oom.txt.snap
│ │ │ ├── check_dir@sanitizer_signal_abrt.txt.snap
│ │ │ ├── check_dir@sanitizer_signal_abrt_unknown.txt.snap
│ │ │ ├── check_dir@security_dcheck_failure_with_abrt.txt.snap
│ │ │ ├── check_dir@swift_invalid_free.txt.snap
│ │ │ ├── check_dir@symbolized_asan_null_dereference.txt.snap
│ │ │ ├── check_dir@symbolized_asan_unknown.txt.snap
│ │ │ ├── check_dir@tsan_data_race.txt.snap
│ │ │ ├── check_dir@tsan_use_after_free.txt.snap
│ │ │ ├── check_dir@ubsan_bad_cast_member_call.txt.snap
│ │ │ ├── check_dir@ubsan_divide_by_zero.txt.snap
│ │ │ ├── check_dir@ubsan_fpe.txt.snap
│ │ │ ├── check_dir@ubsan_ill.txt.snap
│ │ │ ├── check_dir@ubsan_incorrect_function_pointer_type.txt.snap
│ │ │ ├── check_dir@ubsan_index_oob.txt.snap
│ │ │ ├── check_dir@ubsan_integer_overflow_negation.txt.snap
│ │ │ ├── check_dir@ubsan_invalid_bool_value.txt.snap
│ │ │ ├── check_dir@ubsan_misaligned_address.txt.snap
│ │ │ ├── check_dir@ubsan_null_pointer_member_access.txt.snap
│ │ │ ├── check_dir@ubsan_null_pointer_read.txt.snap
│ │ │ ├── check_dir@ubsan_null_pointer_reference_binding.txt.snap
│ │ │ ├── check_dir@ubsan_null_pointer_write.txt.snap
│ │ │ ├── check_dir@ubsan_pointer_overflow_null_nonzero_offset.txt.snap
│ │ │ ├── check_dir@ubsan_pointer_overflow_null_zero_offset.txt.snap
│ │ │ ├── check_dir@ubsan_unknown_logs_error.txt.snap
│ │ │ ├── check_dir@unknown_module.txt.snap
│ │ │ ├── check_dir@v8_abort_with_source.txt.snap
│ │ │ ├── check_dir@v8_abort_without_source.txt.snap
│ │ │ ├── check_dir@v8_check_no_sourcefile.txt.snap
│ │ │ ├── check_dir@v8_check_symbolized.txt.snap
│ │ │ ├── check_dir@v8_check_trap.txt.snap
│ │ │ ├── check_dir@v8_dcheck_symbolized.txt.snap
│ │ │ ├── check_dir@v8_process_oom.txt.snap
│ │ │ ├── check_dir@variable_length_write.txt.snap
│ │ │ ├── check_dir@windows_asan_divide_by_zero.txt.snap
│ │ │ └── check_dir@wtfcrash.txt.snap
│ │ └── stack-traces
│ │ │ ├── address_in_state.txt
│ │ │ ├── android_asan_null_dereference_read.txt
│ │ │ ├── android_asan_null_dereference_write.txt
│ │ │ ├── android_asan_uaf.txt
│ │ │ ├── android_asan_unknown_read.txt
│ │ │ ├── android_asan_unknown_write.txt
│ │ │ ├── android_kernel.txt
│ │ │ ├── android_kernel_no_parens.txt
│ │ │ ├── android_null_stack.txt
│ │ │ ├── android_security_dcheck_failure.txt
│ │ │ ├── asan_assert_failure.txt
│ │ │ ├── asan_breakpoint.txt
│ │ │ ├── asan_breakpoint_with_check.txt
│ │ │ ├── asan_bus.txt
│ │ │ ├── asan_container_overflow_read.txt
│ │ │ ├── asan_double_free.txt
│ │ │ ├── asan_fpe.txt
│ │ │ ├── asan_gsignal.txt
│ │ │ ├── asan_heap_overflow_read.txt
│ │ │ ├── asan_heap_overflow_write.txt
│ │ │ ├── asan_ill.txt
│ │ │ ├── asan_ill_null_address.txt
│ │ │ ├── asan_in_drt_string.txt
│ │ │ ├── asan_invalid_free.txt
│ │ │ ├── asan_null_dereference_read.txt
│ │ │ ├── asan_null_dereference_unknown.txt
│ │ │ ├── asan_null_dereference_win_read.txt
│ │ │ ├── asan_null_dereference_win_write.txt
│ │ │ ├── asan_null_dereference_write.txt
│ │ │ ├── asan_stack_overflow.txt
│ │ │ ├── asan_stack_overflow2.txt
│ │ │ ├── asan_stack_overflow3.txt
│ │ │ ├── asan_uaf.txt
│ │ │ ├── asan_unknown_crash_read.txt
│ │ │ ├── asan_unknown_crash_write.txt
│ │ │ ├── asan_unknown_read.txt
│ │ │ ├── asan_unknown_unknown.txt
│ │ │ ├── asan_unknown_win_read.txt
│ │ │ ├── asan_unknown_win_write.txt
│ │ │ ├── asan_unknown_write.txt
│ │ │ ├── assert.txt
│ │ │ ├── assert_chromium_log.txt
│ │ │ ├── assert_failure_google.txt
│ │ │ ├── assert_glibc.txt
│ │ │ ├── assert_glibc_with_glib.txt
│ │ │ ├── assert_in_drt_string.txt
│ │ │ ├── assert_with_panic_keyword.txt
│ │ │ ├── browser_uaf.txt
│ │ │ ├── browser_uaf2.txt
│ │ │ ├── browser_uaf3.txt
│ │ │ ├── cdb_divide_by_zero.txt
│ │ │ ├── cdb_integer_overflow.txt
│ │ │ ├── cdb_other.txt
│ │ │ ├── cdb_read.txt
│ │ │ ├── cdb_read_x64.txt
│ │ │ ├── cdb_stack_overflow.txt
│ │ │ ├── cfi_bad_cast.txt
│ │ │ ├── cfi_bad_cast_indirect_fc.txt
│ │ │ ├── cfi_invalid_vtable.txt
│ │ │ ├── cfi_nodebug.txt
│ │ │ ├── cfi_unrelated_vtable.txt
│ │ │ ├── check_failure_android_media.txt
│ │ │ ├── check_failure_android_media2.txt
│ │ │ ├── check_failure_chrome.txt
│ │ │ ├── check_failure_chrome_android.txt
│ │ │ ├── check_failure_chrome_android2.txt
│ │ │ ├── check_failure_chrome_mac.txt
│ │ │ ├── check_failure_chrome_win.txt
│ │ │ ├── check_failure_google.txt
│ │ │ ├── check_failure_vs_no_closing.txt
│ │ │ ├── check_failure_with_assert_message.txt
│ │ │ ├── check_failure_with_comparison.txt
│ │ │ ├── check_failure_with_comparison2.txt
│ │ │ ├── check_failure_with_handle_sigill=0.txt
│ │ │ ├── check_failure_with_handle_sigill=1.txt
│ │ │ ├── check_failure_with_msan_abrt.txt
│ │ │ ├── check_failure_with_string_vs_string.txt
│ │ │ ├── cobalt_check.txt
│ │ │ ├── fuchsia_asan.txt
│ │ │ ├── fuchsia_ignore.txt
│ │ │ ├── fuchsia_reproducible_crash.txt
│ │ │ ├── gdb_sigtrap.txt
│ │ │ ├── gdb_sigtrap_and_libfuzzer.txt
│ │ │ ├── generic_segv.txt
│ │ │ ├── glib_assert_failure.txt
│ │ │ ├── golang_asan_panic.txt
│ │ │ ├── golang_fatal_error_stack_overflow.txt
│ │ │ ├── golang_generic_fatal_error_and_asan_abrt.txt
│ │ │ ├── golang_generic_panic_and_asan_abrt.txt
│ │ │ ├── golang_libfuzzer_panic.txt
│ │ │ ├── golang_new_crash_type_and_asan_abrt.txt
│ │ │ ├── golang_panic_custom_short_message.txt
│ │ │ ├── golang_panic_runtime_error_index_out_of_range.txt
│ │ │ ├── golang_panic_runtime_error_index_out_of_range_with_msan.txt
│ │ │ ├── golang_panic_runtime_error_integer_divide_by_zero.txt
│ │ │ ├── golang_panic_runtime_error_invalid_memory_address.txt
│ │ │ ├── golang_panic_runtime_error_makeslice_len_out_of_range.txt
│ │ │ ├── golang_panic_runtime_error_slice_bounds_out_of_range.txt
│ │ │ ├── golang_panic_with_type_assertions_in_frames.txt
│ │ │ ├── golang_sigsegv_panic.txt
│ │ │ ├── gsignal_at_first_stack_frame.txt
│ │ │ ├── hwasan_allocation_tail_overwritten.txt
│ │ │ ├── hwasan_tag_mismatch.txt
│ │ │ ├── ignore_abort_frames.txt
│ │ │ ├── ignore_asan_warning.txt
│ │ │ ├── ignore_honggfuzz.txt
│ │ │ ├── ignore_libc_if_symbolized.txt
│ │ │ ├── ignore_libcplusplus.txt
│ │ │ ├── ignore_llvm.txt
│ │ │ ├── ignore_sanitizer.txt
│ │ │ ├── ignore_vdso.txt
│ │ │ ├── ignore_win_frames.txt
│ │ │ ├── java_IllegalStateException.txt
│ │ │ ├── java_fatal_exception.txt
│ │ │ ├── java_severity_medium_exception.txt
│ │ │ ├── kasan_gpf.txt
│ │ │ ├── kasan_null.txt
│ │ │ ├── kasan_oob_read.txt
│ │ │ ├── kasan_syzkaller.txt
│ │ │ ├── kasan_syzkaller_android.txt
│ │ │ ├── kasan_uaf.txt
│ │ │ ├── keep_libc_if_unsymbolized.txt
│ │ │ ├── libfuzzer_deadly_signal.txt
│ │ │ ├── libfuzzer_fuzz_target_exited.txt
│ │ │ ├── libfuzzer_llvm_fuzzer_test_one_input_crash.txt
│ │ │ ├── libfuzzer_oom.txt
│ │ │ ├── libfuzzer_oom_malloc.txt
│ │ │ ├── libfuzzer_overwrites_const_input.txt
│ │ │ ├── libfuzzer_timeout.txt
│ │ │ ├── lkl_libfuzzer.txt
│ │ │ ├── lkl_libfuzzer_symbolized.txt
│ │ │ ├── lkl_libfuzzer_unsymbolized.txt
│ │ │ ├── log_fatal_google.txt
│ │ │ ├── lsan_direct_leak.txt
│ │ │ ├── lsan_indirect_leak_cycle.txt
│ │ │ ├── lsan_multiple_leaks.txt
│ │ │ ├── lsan_single_frame_stacks.txt
│ │ │ ├── missing_library_android.txt
│ │ │ ├── missing_library_linux.txt
│ │ │ ├── msan_browser.txt
│ │ │ ├── msan_renderer.txt
│ │ │ ├── msan_uninitialized_value.txt
│ │ │ ├── oom.txt
│ │ │ ├── oom2.txt
│ │ │ ├── oom3.txt
│ │ │ ├── oom4.txt
│ │ │ ├── python_unhandled_exception.txt
│ │ │ ├── regress_double_unknown.txt
│ │ │ ├── rust_assert.txt
│ │ │ ├── rust_ignores.txt
│ │ │ ├── rust_oom.txt
│ │ │ ├── sanitizer_signal_abrt.txt
│ │ │ ├── sanitizer_signal_abrt_unknown.txt
│ │ │ ├── security_check_failure.txt
│ │ │ ├── security_dcheck_failure.txt
│ │ │ ├── security_dcheck_failure_with_abrt.txt
│ │ │ ├── stack_filtering.txt
│ │ │ ├── swift_invalid_free.txt
│ │ │ ├── symbolized_asan_null_dereference.txt
│ │ │ ├── symbolized_asan_unknown.txt
│ │ │ ├── tsan_data_race.txt
│ │ │ ├── tsan_use_after_free.txt
│ │ │ ├── ubsan_bad_cast_downcast.txt
│ │ │ ├── ubsan_bad_cast_member_call.txt
│ │ │ ├── ubsan_divide_by_zero.txt
│ │ │ ├── ubsan_fpe.txt
│ │ │ ├── ubsan_ill.txt
│ │ │ ├── ubsan_incorrect_function_pointer_type.txt
│ │ │ ├── ubsan_index_oob.txt
│ │ │ ├── ubsan_integer_overflow_addition.txt
│ │ │ ├── ubsan_integer_overflow_negation.txt
│ │ │ ├── ubsan_invalid_bool_value.txt
│ │ │ ├── ubsan_misaligned_address.txt
│ │ │ ├── ubsan_non_positive_vla_bound_value.txt
│ │ │ ├── ubsan_null_pointer_member_access.txt
│ │ │ ├── ubsan_null_pointer_member_call.txt
│ │ │ ├── ubsan_null_pointer_read.txt
│ │ │ ├── ubsan_null_pointer_reference_binding.txt
│ │ │ ├── ubsan_null_pointer_write.txt
│ │ │ ├── ubsan_object_size.txt
│ │ │ ├── ubsan_pointer_overflow.txt
│ │ │ ├── ubsan_pointer_overflow_null_nonzero_offset.txt
│ │ │ ├── ubsan_pointer_overflow_null_zero_offset.txt
│ │ │ ├── ubsan_unknown_logs_error.txt
│ │ │ ├── ubsan_unsigned_integer_overflow.txt
│ │ │ ├── unknown_module.txt
│ │ │ ├── v8_abort_with_source.txt
│ │ │ ├── v8_abort_without_source.txt
│ │ │ ├── v8_check.txt
│ │ │ ├── v8_check_eq.txt
│ │ │ ├── v8_check_no_sourcefile.txt
│ │ │ ├── v8_check_symbolized.txt
│ │ │ ├── v8_check_trap.txt
│ │ │ ├── v8_check_windows.txt
│ │ │ ├── v8_correctness_failure.txt
│ │ │ ├── v8_dcheck_symbolized.txt
│ │ │ ├── v8_fatal_error_no_check.txt
│ │ │ ├── v8_fatal_error_partial.txt
│ │ │ ├── v8_javascript_assertion_should_pass.txt
│ │ │ ├── v8_oom.txt
│ │ │ ├── v8_process_oom.txt
│ │ │ ├── v8_representation_changer_error.txt
│ │ │ ├── v8_runtime_error.txt
│ │ │ ├── v8_unimplemented_code.txt
│ │ │ ├── v8_unknown_fatal_error.txt
│ │ │ ├── v8_unreachable_code.txt
│ │ │ ├── variable_length_write.txt
│ │ │ ├── windows_asan_divide_by_zero.txt
│ │ │ └── wtfcrash.txt
│ ├── src
│ │ ├── generated.rs
│ │ └── lib.rs
│ └── third-party
│ │ ├── build.py
│ │ ├── crash_analysis
│ │ ├── __init__.py
│ │ └── stack_parsing.py
│ │ └── update.sh
├── onefuzz-agent
│ ├── .gitignore
│ ├── Cargo.toml
│ ├── build.rs
│ └── src
│ │ ├── agent.rs
│ │ ├── agent
│ │ └── tests.rs
│ │ ├── buffer.rs
│ │ ├── commands.rs
│ │ ├── config.rs
│ │ ├── coordinator.rs
│ │ ├── coordinator
│ │ └── double.rs
│ │ ├── debug.rs
│ │ ├── done.rs
│ │ ├── failure.rs
│ │ ├── heartbeat.rs
│ │ ├── log_uploader.rs
│ │ ├── main.rs
│ │ ├── panic.rs
│ │ ├── reboot.rs
│ │ ├── reboot
│ │ └── double.rs
│ │ ├── scheduler.rs
│ │ ├── setup.rs
│ │ ├── setup
│ │ └── double.rs
│ │ ├── validations.rs
│ │ ├── work.rs
│ │ ├── work
│ │ └── double.rs
│ │ ├── worker.rs
│ │ └── worker
│ │ ├── double.rs
│ │ └── tests.rs
├── onefuzz-file-format
│ ├── Cargo.toml
│ ├── src
│ │ ├── coverage.rs
│ │ ├── coverage
│ │ │ ├── binary.rs
│ │ │ ├── binary
│ │ │ │ ├── v0.rs
│ │ │ │ ├── v0
│ │ │ │ │ └── tests.rs
│ │ │ │ └── v1.rs
│ │ │ ├── source.rs
│ │ │ └── source
│ │ │ │ ├── v0.rs
│ │ │ │ └── v1.rs
│ │ ├── hex.rs
│ │ └── lib.rs
│ ├── test-data
│ │ ├── fuzz.c
│ │ ├── fuzz.h
│ │ └── lib
│ │ │ └── explode.h
│ ├── test-script
│ │ ├── generate-report.ps1
│ │ └── generate-report.sh
│ └── tests
│ │ ├── binary.rs
│ │ ├── files
│ │ ├── binary-coverage.v0.json
│ │ ├── binary-coverage.v1.json
│ │ ├── source-coverage.v0.json
│ │ └── source-coverage.v1.json
│ │ └── source.rs
├── onefuzz-result
│ ├── Cargo.toml
│ └── src
│ │ ├── job_result.rs
│ │ └── lib.rs
├── onefuzz-task
│ ├── Cargo.toml
│ ├── build.rs
│ ├── data
│ │ ├── afl-fuzzer_stats.txt
│ │ ├── fake-crash-report-old.json
│ │ └── fake-crash-report.json
│ ├── src
│ │ ├── check_for_update.rs
│ │ ├── config_test_utils.rs
│ │ ├── lib.rs
│ │ ├── local
│ │ │ ├── cmd.rs
│ │ │ ├── common.rs
│ │ │ ├── coverage.rs
│ │ │ ├── create_template.rs
│ │ │ ├── example_templates
│ │ │ │ ├── libfuzzer_basic.yml
│ │ │ │ └── radamsa.yml
│ │ │ ├── generic_analysis.rs
│ │ │ ├── generic_crash_report.rs
│ │ │ ├── generic_generator.rs
│ │ │ ├── libfuzzer.rs
│ │ │ ├── libfuzzer_crash_report.rs
│ │ │ ├── libfuzzer_fuzz.rs
│ │ │ ├── libfuzzer_merge.rs
│ │ │ ├── libfuzzer_regression.rs
│ │ │ ├── libfuzzer_test_input.rs
│ │ │ ├── mod.rs
│ │ │ ├── readme.md
│ │ │ ├── schema.json
│ │ │ ├── template.rs
│ │ │ ├── test_input.rs
│ │ │ └── tui.rs
│ │ ├── main.rs
│ │ ├── managed
│ │ │ ├── cmd.rs
│ │ │ └── mod.rs
│ │ └── tasks
│ │ │ ├── analysis
│ │ │ ├── generic.rs
│ │ │ └── mod.rs
│ │ │ ├── config.rs
│ │ │ ├── coverage
│ │ │ ├── dotnet.rs
│ │ │ ├── generic.rs
│ │ │ ├── generic
│ │ │ │ └── windows-interceptor.list
│ │ │ └── mod.rs
│ │ │ ├── fuzz
│ │ │ ├── generator.rs
│ │ │ ├── libfuzzer.rs
│ │ │ ├── libfuzzer
│ │ │ │ ├── common.rs
│ │ │ │ ├── dotnet.rs
│ │ │ │ └── generic.rs
│ │ │ ├── mod.rs
│ │ │ └── supervisor.rs
│ │ │ ├── generic
│ │ │ ├── input_poller.rs
│ │ │ ├── input_poller
│ │ │ │ ├── callback.rs
│ │ │ │ └── tests.rs
│ │ │ └── mod.rs
│ │ │ ├── heartbeat.rs
│ │ │ ├── merge
│ │ │ ├── generic.rs
│ │ │ ├── libfuzzer_merge.rs
│ │ │ └── mod.rs
│ │ │ ├── mod.rs
│ │ │ ├── regression
│ │ │ ├── common.rs
│ │ │ ├── generic.rs
│ │ │ ├── libfuzzer.rs
│ │ │ └── mod.rs
│ │ │ ├── report
│ │ │ ├── crash_report.rs
│ │ │ ├── dotnet.rs
│ │ │ ├── dotnet
│ │ │ │ ├── common.rs
│ │ │ │ ├── common
│ │ │ │ │ ├── data
│ │ │ │ │ │ └── print-exception.stdout
│ │ │ │ │ └── tests.rs
│ │ │ │ └── generic.rs
│ │ │ ├── generic.rs
│ │ │ ├── libfuzzer_report.rs
│ │ │ └── mod.rs
│ │ │ ├── stats
│ │ │ ├── afl.rs
│ │ │ ├── common.rs
│ │ │ └── mod.rs
│ │ │ └── utils.rs
│ └── tests
│ │ ├── template_integration.rs
│ │ └── templates
│ │ └── libfuzzer_basic.yml
├── onefuzz-telemetry
│ ├── Cargo.toml
│ └── src
│ │ └── lib.rs
├── onefuzz
│ ├── Cargo.toml
│ ├── examples
│ │ ├── dir-monitor.rs
│ │ ├── memory.rs
│ │ └── test-input.rs
│ └── src
│ │ ├── asan.rs
│ │ ├── auth.rs
│ │ ├── az_copy.rs
│ │ ├── blob.rs
│ │ ├── blob
│ │ ├── client.rs
│ │ └── url.rs
│ │ ├── env.rs
│ │ ├── expand.rs
│ │ ├── fs.rs
│ │ ├── heartbeat.rs
│ │ ├── http.rs
│ │ ├── input_tester.rs
│ │ ├── ipc.rs
│ │ ├── jitter.rs
│ │ ├── lib.rs
│ │ ├── libfuzzer.rs
│ │ ├── machine_id.rs
│ │ ├── memory.rs
│ │ ├── memory
│ │ ├── tests_linux.rs
│ │ └── tests_windows.rs
│ │ ├── monitor.rs
│ │ ├── monitor
│ │ └── tests.rs
│ │ ├── process.rs
│ │ ├── sanitizer.rs
│ │ ├── sha256.rs
│ │ ├── syncdir.rs
│ │ ├── triage.rs
│ │ ├── uploader.rs
│ │ └── utils.rs
├── reqwest-retry
│ ├── Cargo.toml
│ └── src
│ │ └── lib.rs
├── stacktrace-parser
│ ├── Cargo.toml
│ ├── data
│ │ ├── parsed-traces
│ │ │ ├── check_dir@asan-check-failure-missing-symbolizer.txt.snap
│ │ │ ├── check_dir@asan-check-failure.txt.snap
│ │ │ ├── check_dir@asan-odr-violation.txt.snap
│ │ │ ├── check_dir@clang-10-asan-breakpoint.txt.snap
│ │ │ ├── check_dir@dotnet-nested-exception-linenumbers.txt.snap
│ │ │ ├── check_dir@dotnet-unhandled-exception.txt.snap
│ │ │ ├── check_dir@format-string.txt.snap
│ │ │ ├── check_dir@libfuzzer-asan-log.txt.snap
│ │ │ ├── check_dir@libfuzzer-deadly-signal.txt.snap
│ │ │ ├── check_dir@libfuzzer-linux-llvm10-out-of-memory-malloc.txt.snap
│ │ │ ├── check_dir@libfuzzer-linux-llvm10-out-of-memory-rss.txt.snap
│ │ │ ├── check_dir@libfuzzer-scariness-underflow.txt.snap
│ │ │ ├── check_dir@libfuzzer-scariness.txt.snap
│ │ │ ├── check_dir@libfuzzer-windows-llvm10-out-of-memory-malloc.txt.snap
│ │ │ ├── check_dir@libfuzzer-windows-llvm10-out-of-memory-rss.txt.snap
│ │ │ └── check_dir@tsan-linux-llvm10-data-race.txt.snap
│ │ └── stack-traces
│ │ │ ├── asan-check-failure-missing-symbolizer.txt
│ │ │ ├── asan-check-failure.txt
│ │ │ ├── asan-odr-violation.txt
│ │ │ ├── clang-10-asan-breakpoint.txt
│ │ │ ├── dotnet-nested-exception-linenumbers.txt
│ │ │ ├── dotnet-unhandled-exception.txt
│ │ │ ├── format-string.txt
│ │ │ ├── libfuzzer-asan-log.txt
│ │ │ ├── libfuzzer-deadly-signal.txt
│ │ │ ├── libfuzzer-linux-llvm10-out-of-memory-malloc.txt
│ │ │ ├── libfuzzer-linux-llvm10-out-of-memory-rss.txt
│ │ │ ├── libfuzzer-scariness-underflow.txt
│ │ │ ├── libfuzzer-scariness.txt
│ │ │ ├── libfuzzer-windows-llvm10-out-of-memory-malloc.txt
│ │ │ ├── libfuzzer-windows-llvm10-out-of-memory-rss.txt
│ │ │ └── tsan-linux-llvm10-data-race.txt
│ └── src
│ │ ├── asan.rs
│ │ ├── bin
│ │ └── parse-stacktrace.rs
│ │ ├── dotnet.rs
│ │ └── lib.rs
├── storage-queue
│ ├── Cargo.toml
│ └── src
│ │ ├── azure_queue.rs
│ │ ├── lib.rs
│ │ └── local_queue.rs
└── win-util
│ ├── Cargo.toml
│ └── src
│ ├── file.rs
│ ├── handle.rs
│ ├── lib.rs
│ ├── memory.rs
│ ├── pipe_handle.rs
│ ├── process.rs
│ └── string.rs
├── ci
├── afl.sh
├── aflpp.sh
├── agent.sh
├── azcopy.sh
├── build_cli.ps1
├── check-check-pr.sh
├── check-dependencies.sh
├── disable-py-cache.sh
├── dotnet-fuzzing-tools.ps1
├── dotnet-fuzzing-tools.sh
├── enable-py-cache.sh
├── get-version.sh
├── onefuzztypes.sh
├── proxy.sh
├── radamsa-linux.sh
├── radamsa-windows.sh
├── rust-prereqs.sh
├── set-versions.sh
├── test-libfuzzer-dotnet.sh
└── unset-versions.sh
├── cli
├── .flake8
├── .gitignore
├── LICENSE
├── MANIFEST.in
├── README.md
├── bandit.cfg
├── examples
│ ├── azure-functions-example
│ │ ├── README.md
│ │ ├── host.json
│ │ ├── info
│ │ │ ├── __init__.py
│ │ │ └── function.json
│ │ └── requirements.txt
│ ├── domato.py
│ ├── get-running.py
│ ├── honggfuzz.py
│ ├── llvm-source-coverage
│ │ ├── .gitignore
│ │ ├── README.md
│ │ ├── inputs
│ │ │ └── input.txt
│ │ ├── setup
│ │ │ ├── Makefile
│ │ │ └── simple.c
│ │ ├── source-coverage-libfuzzer.py
│ │ ├── source-coverage.py
│ │ └── tools
│ │ │ └── source-coverage.sh
│ └── oss-fuzz-target.py
├── extra
│ └── pyinstaller
│ │ └── hook-onefuzz.py
├── mypy.ini
├── onefuzz
│ ├── __init__.py
│ ├── __main__.py
│ ├── __version__.py
│ ├── api.py
│ ├── azcopy.py
│ ├── azure_identity_credential_adapter.py
│ ├── backend.py
│ ├── cli.py
│ ├── data
│ │ ├── licenses.json
│ │ └── privacy.txt
│ ├── debug.py
│ ├── job_templates
│ │ ├── __init__.py
│ │ ├── builder.py
│ │ ├── cache.py
│ │ ├── handlers.py
│ │ ├── job_monitor.py
│ │ ├── main.py
│ │ └── manage.py
│ ├── opentelemetry_exporter.py
│ ├── py.typed
│ ├── rdp.py
│ ├── ssh.py
│ ├── status
│ │ ├── __init__.py
│ │ ├── cache.py
│ │ ├── cmd.py
│ │ ├── raw.py
│ │ ├── signalr.py
│ │ ├── top.py
│ │ └── top_view.py
│ ├── template.py
│ └── templates
│ │ ├── __init__.py
│ │ ├── afl.py
│ │ ├── libfuzzer.py
│ │ ├── ossfuzz.py
│ │ ├── radamsa.py
│ │ └── regression.py
├── requirements-dev.txt
├── requirements-lint.txt
├── requirements.txt
├── setup.py
└── tests
│ ├── __init__.py
│ ├── pytest.ini
│ └── test_template_helper.py
├── deny.toml
├── deployment
├── .flake8
├── .gitignore
├── README.md
├── azuredeploy.bicep
├── bicep-templates
│ ├── autoscale-settings.bicep
│ ├── event-grid.bicep
│ ├── feature-flags.bicep
│ ├── function-settings-disabled-apps.bicep
│ ├── function-settings.bicep
│ ├── function.bicep
│ ├── operational-insights.bicep
│ ├── server-farms.bicep
│ ├── signalR.bicep
│ └── storageAccounts.bicep
├── config.json
├── deploy.py
├── deploylib
│ ├── __init__.py
│ ├── configuration.py
│ ├── data_migration.py
│ ├── registration.py
│ └── tests
│ │ ├── README.md
│ │ ├── __init__.py
│ │ └── test_deploy_config.py
├── deployment-role.json
├── instance-specific-setup
│ ├── README.md
│ ├── linux
│ │ └── setup.sh
│ └── windows
│ │ └── setup.ps1
├── mypy.ini
├── requirements.txt
├── set_admins.py
└── workbook-data.json
├── integration-tests
├── GoodBad
│ ├── .gitignore
│ ├── GoodBad.cs
│ └── GoodBad.csproj
├── check-regression.py
├── git-bisect
│ ├── README.md
│ ├── build.sh
│ ├── run-local.sh
│ ├── run-onefuzz.sh
│ └── src
│ │ ├── Makefile
│ │ ├── bisect-local.sh
│ │ ├── bisect-onefuzz.sh
│ │ └── fuzz.c
├── integration-test.py
├── libfuzzer-aarch64-crosscompile
│ ├── .gitignore
│ ├── Makefile
│ ├── fuzz.c
│ └── inputs
│ │ └── hi.txt
├── libfuzzer-dlopen
│ ├── Makefile
│ ├── bad.c
│ ├── bad.h
│ ├── main.c
│ └── seeds
│ │ └── good.txt
├── libfuzzer-linked-library
│ ├── Makefile
│ ├── Makefile.windows
│ ├── bad1.c
│ ├── bad1.h
│ ├── bad2.c
│ ├── bad2.h
│ ├── main.c
│ └── seeds
│ │ └── good.txt
├── libfuzzer-load-library
│ ├── Makefile
│ ├── bad.c
│ ├── bad.h
│ ├── main.c
│ └── seeds
│ │ └── good.txt
├── libfuzzer-regression
│ ├── Makefile
│ ├── seeds
│ │ └── good.txt
│ └── simple.c
├── libfuzzer-rust
│ ├── Cargo.toml
│ ├── Makefile
│ ├── README.md
│ ├── fuzz
│ │ ├── .gitignore
│ │ ├── Cargo.toml
│ │ └── fuzz_targets
│ │ │ └── fuzz_target_1.rs
│ └── src
│ │ └── lib.rs
├── libfuzzer
│ ├── Makefile
│ ├── seeds
│ │ └── good.txt
│ └── simple.c
└── trivial-crash
│ ├── Makefile
│ ├── fuzz.c
│ └── seeds
│ ├── fail.txt
│ └── pass.txt
├── proxy-manager
├── .gitignore
├── Cargo.lock
├── Cargo.toml
├── build.rs
├── data
│ └── licenses.json
└── src
│ ├── config.rs
│ ├── main.rs
│ └── proxy.rs
├── pytypes
├── .flake8
├── .gitignore
├── LICENSE
├── MANIFEST.in
├── README.md
├── extra
│ └── generate-docs.py
├── mypy.ini
├── onefuzztypes
│ ├── __init__.py
│ ├── __version__.py
│ ├── _monkeypatch.py
│ ├── consts.py
│ ├── enums.py
│ ├── events.py
│ ├── job_templates.py
│ ├── models.py
│ ├── primitives.py
│ ├── py.typed
│ ├── requests.py
│ ├── responses.py
│ ├── validators.py
│ └── webhooks.py
├── requirements-dev.txt
├── requirements-lint.txt
├── requirements.txt
├── setup.py
└── tests
│ ├── __init__.py
│ ├── test_alnum_filter.py
│ ├── test_instance_config_update.py
│ └── test_models.py
├── runtime-tools
├── linux
│ ├── .dockerignore
│ ├── .gitignore
│ ├── Dockerfile
│ ├── onefuzz.initd
│ ├── onefuzz.service
│ ├── run.sh
│ ├── set-env.sh
│ └── setup.sh
└── win64
│ ├── .dockerignore
│ ├── .gitignore
│ ├── Dockerfile
│ ├── onefuzz-run.ps1
│ ├── onefuzz-silent-exit.reg
│ ├── onefuzz.ps1
│ ├── set-env.ps1
│ └── setup.ps1
└── utils
├── README.md
├── add-corpus-storage-accounts
├── add-corpus-storage-account.py
├── requirements-lint.txt
└── requirements.txt
├── ado-testing
├── README.md
├── check-ado.py
├── check-notifications.py
├── mypy.ini
└── requirements.txt
├── check-pr
├── .flake8
├── README.md
├── __pycache__
│ └── cleanup_ad.cpython-38.pyc
├── check-pr.py
├── cleanup_ad.py
├── github_client.py
├── mypy.ini
├── requirements-lint.txt
└── requirements.txt
├── lint.sh
└── telemetry-stats
├── .gitignore
├── Cargo.lock
├── Cargo.toml
├── README.md
└── src
└── main.rs
/.devcontainer/Dockerfile:
--------------------------------------------------------------------------------
1 | # See here for image contents: https://github.com/microsoft/vscode-dev-containers/tree/v0.224.3/containers/ubuntu/.devcontainer/base.Dockerfile
2 |
3 | ARG VARIANT="ubuntu-22.04"
4 |
5 | FROM mcr.microsoft.com/devcontainers/base:${VARIANT}
6 |
7 | # note: keep this in sync with .github/workflows/ci.yml
8 | ARG RUSTVERSION="1.71.1"
9 |
10 | # Install packages required for build:
11 | RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
12 | && apt-get -y install --no-install-recommends \
13 | libunwind-dev clang build-essential libssl-dev pkg-config lldb \
14 | bash-completion npm \
15 | python-is-python3 direnv uuid-runtime python3-distutils python3-pip python3-venv \
16 | dotnet7 gh
17 |
18 | # Install Rust:
19 | USER vscode
20 | RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --default-toolchain ${RUSTVERSION} -y
21 |
22 | # Install other dependencies:
23 | COPY install-dependencies.sh .
24 | RUN ./install-dependencies.sh
25 |
26 | # Setup direnv for Python stuff:
27 | RUN echo 'eval "$(direnv hook bash)"' >> ~/.bashrc
28 |
29 | USER root
30 | RUN rm install-dependencies.sh
31 |
--------------------------------------------------------------------------------
/.devcontainer/install-dependencies.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | set -eux
4 |
5 | # Note that this script runs as user 'vscode' during devcontainer setup.
6 |
7 | # Rust global tools, needed to run CI scripts
8 | "$HOME/.cargo/bin/cargo" install cargo-license@0.4.2 cargo-llvm-cov cargo-deny
9 | "$HOME/.cargo/bin/rustup" component add llvm-tools-preview
10 |
11 | # NPM global tools
12 | sudo npm install -g azurite azure-functions-core-tools@4
13 |
14 | # Pip global tools
15 | pip install wheel
16 |
17 | # Other binaries
18 | echo "Installing azcopy ..."
19 | tmpdir=$(mktemp -d)
20 | pushd "$tmpdir"
21 | wget https://aka.ms/downloadazcopy-v10-linux -O - | tar -zxv
22 | sudo cp ./azcopy_linux_amd64_*/azcopy /usr/bin/
23 | popd
24 | rm -rf "$tmpdir"
25 |
--------------------------------------------------------------------------------
/.devcontainer/post-create-script.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | set -eux
4 |
5 | # Restore rust dependencies
6 | echo "Restoring rust dependencies"
7 | cd /workspaces/onefuzz/src/agent
8 | cargo fetch
9 |
10 | # Restore dotnet dependencies
11 | echo "Restore dotnet dependencies"
12 | cd /workspaces/onefuzz/src/ApiService
13 | dotnet restore
14 |
15 | echo "Setting up venv"
16 | cd /workspaces/onefuzz/src
17 | python -m venv venv
18 | . ./venv/bin/activate
19 |
20 | echo "Installing pytypes"
21 | cd /workspaces/onefuzz/src/pytypes
22 | echo "layout python3" >> .envrc
23 | direnv allow
24 | pip install -e .
25 |
26 | echo "Installing cli"
27 | cd /workspaces/onefuzz/src/cli
28 | echo "layout python3" >> .envrc
29 | direnv allow
30 | pip install -e .
31 |
32 |
33 | cd /workspaces/onefuzz/src/utils
34 | chmod u+x lint.sh
35 | pip install types-six
36 |
37 | cp /workspaces/onefuzz/.devcontainer/pre-commit /workspaces/onefuzz/.git/hooks
38 | chmod u+x /workspaces/onefuzz/.git/hooks/pre-commit
39 |
--------------------------------------------------------------------------------
/.devcontainer/workspace.code-workspace:
--------------------------------------------------------------------------------
1 | {
2 | "folders": [
3 | {
4 | "path": ".."
5 | },
6 | {
7 | "path": "../src/agent"
8 | },
9 | {
10 | "path": "../src/api-service"
11 | },
12 | {
13 | "path": "../src/ApiService"
14 | },
15 | {
16 | "path": "../src/cli"
17 | },
18 | {
19 | "path": "../src/pytypes"
20 | }
21 | ],
22 | "settings": {}
23 | }
24 |
--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | * text=auto
2 | *.ps1 text eol=crlf
3 | *.sh text eol=lf
4 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bug report
3 | about: Report errors or unexpected behavior
4 | labels: bug
5 | ---
6 |
7 |
8 |
9 | ## Information
10 |
11 | - Onefuzz version:
12 | - OS:
13 |
14 | ## Provide detailed reproduction steps (if any)
15 |
16 | 1.
17 | 2.
18 | 3.
19 |
20 | ### Expected result
21 |
22 | _What is the expected result of the above steps?_
23 |
24 | ### Actual result
25 |
26 | _What is the actual result of the above steps?_
27 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/config.yml:
--------------------------------------------------------------------------------
1 | blank_issues_enabled: false
2 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/documentation-issue.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Documentation Issue
3 | about: Report issues in our documentation
4 | title: ''
5 | labels: documentation
6 | assignees: ''
7 |
8 | ---
9 |
10 |
11 |
12 | ## Provide a description of requested docs changes
13 |
14 | _What is the purpose and what should be changed?_
15 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature_request.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Feature request
3 | about: Suggest an idea for this project
4 | labels: enhancement
5 | ---
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/.github/codeql/codeql-config.yml:
--------------------------------------------------------------------------------
1 | paths:
2 | - src/ApiService
3 | - src/agent
4 | - src/cli
5 | - src/deployment
6 | - src/proxy-manager
7 | - src/pytypes
8 |
--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
1 | version: 2
2 | updates:
3 | - package-ecosystem: cargo
4 | directory: "/src/agent"
5 | schedule:
6 | interval: daily
7 | open-pull-requests-limit: 10
8 | ignore:
9 | - dependency-name: "*"
10 | update-types: ["version-update:semver-patch"]
11 | - package-ecosystem: cargo
12 | directory: "/src/proxy-manager"
13 | schedule:
14 | interval: daily
15 | open-pull-requests-limit: 10
16 | ignore:
17 | - dependency-name: "*"
18 | update-types: ["version-update:semver-patch"]
19 | - package-ecosystem: nuget
20 | directory: "/src/ApiService"
21 | schedule:
22 | interval: daily
23 |
--------------------------------------------------------------------------------
/.github/policies/resourceManagement.yml:
--------------------------------------------------------------------------------
1 | id:
2 | name: GitOps.PullRequestIssueManagement
3 | description: GitOps.PullRequestIssueManagement primitive
4 | owner:
5 | resource: repository
6 | disabled: false
7 | where:
8 | configuration:
9 | resourceManagementConfiguration:
10 | scheduledSearches: []
11 | eventResponderTasks:
12 | - if:
13 | - payloadType: Issues
14 | - isAction:
15 | action: Opened
16 | then:
17 | - addLabel:
18 | label: 'Needs: triage'
19 | description:
20 | onFailure:
21 | onSuccess:
22 |
--------------------------------------------------------------------------------
/.github/pull_request_template.md:
--------------------------------------------------------------------------------
1 | ## Summary of the Pull Request
2 |
3 | _What is this about?_
4 |
5 | ## PR Checklist
6 | * [ ] Applies to work item: #xxx
7 | * [ ] CLA signed. If not, go over [here](https://cla.opensource.microsoft.com/microsoft/onefuzz) and sign the CLI.
8 | * [ ] Tests added/passed
9 | * [ ] Requires documentation to be updated
10 | * [ ] I've discussed this with core contributors already. If not checked, I'm ready to accept this work might be rejected in favor of a different grand plan. Issue number where discussion took place: #xxx
11 |
12 | ## Info on Pull Request
13 |
14 | _What does this include?_
15 |
16 | ## Validation Steps Performed
17 |
18 | _How does someone test & validate?_
19 |
--------------------------------------------------------------------------------
/.github/workflows/sync-issue-to azure-devops-work-item.yml:
--------------------------------------------------------------------------------
1 | name: Sync issue to Azure DevOps work item
2 |
3 | on:
4 | issues:
5 | types: [opened, edited, deleted, closed, reopened]
6 | workflow_dispatch:
7 |
8 | jobs:
9 | alert:
10 | runs-on: ubuntu-latest
11 | name: New Issue Workflow
12 | steps:
13 | - uses: danhellem/github-actions-issue-to-work-item@master
14 | env:
15 | ado_token: "${{ secrets.ADO_PERSONAL_ACCESS_TOKEN }}"
16 | github_token: "${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}"
17 | ado_organization: "${{ secrets.ADO_ORGANIZATION_NAME }}"
18 | ado_project: "${{ secrets.ADO_PROJECT_NAME }}"
19 | ado_area_path: "${{ secrets.ADO_AREA_PATH }}"
20 | ado_iteration_path: "${{ secrets.ADO_ITERATION_PATH }}"
21 | ado_wit: "User Story"
22 | ado_new_state: "New"
23 | ado_active_state: "Active"
24 | ado_close_state: "Completed"
25 | ado_bypassrules: false
26 | log_level: 100
27 |
--------------------------------------------------------------------------------
/.github/workflows/validate-devcontainer.yml:
--------------------------------------------------------------------------------
1 | name: Validate Devcontainer configuration
2 | on:
3 | # run on PRs to main branch, if any
4 | # devcontainer files have changed
5 | pull_request:
6 | branches:
7 | - main
8 | paths:
9 | - .devcontainer/**
10 |
11 | jobs:
12 | use-devcontainer:
13 | runs-on: ubuntu-latest
14 | steps:
15 | - uses: actions/checkout@v3
16 | # note that all we do here is ensure the devcontainer can
17 | # setup and run one command, ensuring that it works
18 | - name: Build and use devcontainer
19 | uses: devcontainers/ci@v0.3
20 | with:
21 | runCmd: cargo --version
22 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .env
2 | .vscode
3 | .mypy_cache/
4 | .idea
5 | **/.direnv
6 | **/.envrc
7 | **/venv
8 |
9 | # profiling/coverage files
10 | *.profraw
11 | *.profdata
12 | lcov.info
13 |
14 | # vim
15 | *.swp
16 |
17 | /.ionide/symbolCache.db
18 |
19 | /src/ApiService/ApiService/Properties/PublishProfiles/*
20 | /src/ApiService/ApiService/Properties/ServiceDependencies/*
21 |
22 | .vs
23 |
24 | **/__azurite_db_*.json
25 | **/__blobstorage__
26 | **/__queuestorage__
27 |
--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
1 | # Microsoft Open Source Code of Conduct
2 |
3 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
4 |
5 | Resources:
6 |
7 | - [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
8 | - [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
9 | - Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
10 |
--------------------------------------------------------------------------------
/CURRENT_VERSION:
--------------------------------------------------------------------------------
1 | 8.9.0
2 |
--------------------------------------------------------------------------------
/codecov.yml:
--------------------------------------------------------------------------------
1 | ignore:
2 | - "src/agent/**/examples/"
3 | - "src/ApiService/*Tests/"
4 |
5 | component_management:
6 | individual_components:
7 | - component_id: agent
8 | name: OneFuzz Agent
9 | paths:
10 | - src/agent/**
11 | - component_id: cli
12 | name: OneFuzz CLI
13 | paths:
14 | - src/cli/**
15 | - component_id: service
16 | name: OneFuzz Service
17 | paths:
18 | - src/ApiService/**
19 | - component_id: proxy
20 | name: OneFuzz Proxy
21 | paths:
22 | - src/proxy-manager/**
23 |
--------------------------------------------------------------------------------
/contrib/README.md:
--------------------------------------------------------------------------------
1 | # Supplemental Contributions related to OneFuzz
2 |
3 | * [Deploying fuzzing jobs in your Azure Devops Pipelines](onefuzz-job-azure-devops-pipeline)
4 | * [Deploying fuzzing jobs in your Github Actions workflow](onefuzz-job-github-actions)
5 | * [Keep your OneFuzz deployment up-to-date using Azure Devops pipelines](deploy-onefuzz-via-azure-devops)
6 | * [Demo web application that forwards OneFuzz webhook events to Microsoft Teams](webhook-teams-service)
7 |
--------------------------------------------------------------------------------
/contrib/deploy-onefuzz-via-azure-devops/.pylintrc:
--------------------------------------------------------------------------------
1 | [MASTER]
2 | ignore=CVS .git .hg
3 | init-hook="from pylint.config import find_pylintrc; import os, sys; sys.path.append(os.path.dirname(find_pylintrc()))"
4 |
5 | [MESSAGES CONTROL]
6 | # Pointless whinging.
7 | # W0613 = Unused argument
8 | # R0801 = Similar lines https://github.com/PyCQA/pylint/issues/214
9 | # R0901 = Too many ancestors
10 | # R0902 = Too many instance attributes
11 | # R0903 = Too few public methods
12 | # R0904 = Too many public methods
13 | # R0911 = Too many return statements
14 | # R0913 = Too many arguments
15 | # R0914 = Too many local variables
16 | #
17 | # Sometimes disabled depending on how bad a module is.
18 | # C0103 = Module name doesn't conform to snake_case naming style
19 | # C0111 = Missing docstring
20 | # C0112 = Empty docstring
21 |
22 | disable=C0103,C0111,R0801,R0901,R0902,R0903,R0904,R0911,R0913,R0914
23 |
24 | [FORMAT]
25 | max-line-length=80
26 |
27 | [REPORTS]
28 | output-format=colorized
29 |
30 | [BASIC]
31 | good-names=i,j,k,_,logger
32 |
--------------------------------------------------------------------------------
/contrib/deploy-onefuzz-via-azure-devops/Pipfile:
--------------------------------------------------------------------------------
1 | [[source]]
2 | name = "pypi"
3 | url = "https://pypi.org/simple"
4 | verify_ssl = true
5 |
6 | [packages]
7 | black = "==22.3.0"
8 | pylint = "*"
9 | requests = "*"
10 | pip = ">=21.1"
11 |
12 | [requires]
13 | python_version = "3.8"
14 |
--------------------------------------------------------------------------------
/contrib/deploy-onefuzz-via-azure-devops/README.md:
--------------------------------------------------------------------------------
1 | # What is this for?
2 |
3 | This section of code contains scripts which help to deploy latest releases of OneFuzz at demand. It uses Azure DevOps Build Pipeline.
4 |
5 | The script [deploy-onefuzz.yml](deploy-onefuzz.yml) can be used saved in Azure DevOps Build Pipeline or can be stored in the repository and can be pointed to it.
6 |
7 | It also contain supporting `python` scripts which helps to fetch latest version and artifacts from OneFuzz GitHub repository.
8 |
9 | # How to use it?
10 |
11 | This script is intended only for deploying newer updates. There are certain set of pipeline variables needs to be set as mentioned in [deploy-onefuzz.yml](deploy-onefuzz.yml) for authentication purposes to the OneFuzz instance.
--------------------------------------------------------------------------------
/contrib/deploy-onefuzz-via-azure-devops/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/microsoft/onefuzz/82fffbe8adc047f055cb4fddcae17e9e1244423e/contrib/deploy-onefuzz-via-azure-devops/__init__.py
--------------------------------------------------------------------------------
/contrib/deploy-onefuzz-via-azure-devops/tox.ini:
--------------------------------------------------------------------------------
1 | [tox]
2 | envlist = py38
3 | skipsdist = True
4 | skip_missing_interpreters=True
5 |
6 | [testenv]
7 | deps =
8 | pipenv
9 |
10 | commands =
11 | python -m pip install --upgrade pip
12 | python -m pip install --upgrade wheel
13 | pipenv install --dev
14 | pipenv check
15 |
16 | pipenv run black --diff --check .
17 | pipenv run pylint .
18 |
--------------------------------------------------------------------------------
/contrib/onefuzz-job-azure-devops-pipeline/ado-work-items.json:
--------------------------------------------------------------------------------
1 | {
2 | "config": {
3 | "base_url": "https://dev.azure.com/INSERT_YOUR_ORG_HERE",
4 | "auth_token": "INSERT_PAT_HERE",
5 | "project": "INSERT_YOUR_PROJECT_HERE",
6 | "type": "Bug",
7 | "unique_fields": [
8 | "System.Title",
9 | "System.AreaPath"
10 | ],
11 | "comment": "
This is my call stack: {% for item in report.call_stack %} - {{ item }}
{% endfor %}
Repro Command:
{{ repro_cmd }} ",
12 | "ado_fields": {
13 | "System.AreaPath": "OneFuzz-Ado-Integration",
14 | "System.Title": "{{report.task_id}}"
15 | },
16 | "ado_duplicate_fields": {
17 | "System.Reason": "My custom value that means a work item is a duplicate",
18 | "Custom.Work.Item.Field": "My custom value that means a work item is a duplicate"
19 | },
20 | "on_duplicate": {
21 | "increment": [],
22 | "comment": "DUP {{report.input_sha256}}
Repro Command:
{{ repro_cmd }} ",
23 | "set_state": {
24 | "Resolved": "Active"
25 | },
26 | "ado_fields": {}
27 | }
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/contrib/webhook-teams-service/.gitignore:
--------------------------------------------------------------------------------
1 | bin
2 | obj
3 | csx
4 | .vs
5 | edge
6 | Publish
7 |
8 | *.user
9 | *.suo
10 | *.cscfg
11 | *.Cache
12 | project.lock.json
13 |
14 | /packages
15 | /TestResults
16 |
17 | /tools/NuGet.exe
18 | /App_Data
19 | /secrets
20 | /data
21 | .secrets
22 | appsettings.json
23 | local.settings.json
24 |
25 | node_modules
26 | dist
27 |
28 | # Local python packages
29 | .python_packages/
30 |
31 | # Python Environments
32 | .env
33 | .venv
34 | env/
35 | venv/
36 | ENV/
37 | env.bak/
38 | venv.bak/
39 |
40 | # Byte-compiled / optimized / DLL files
41 | __pycache__/
42 | *.py[cod]
43 | *$py.class
--------------------------------------------------------------------------------
/contrib/webhook-teams-service/example-message.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/microsoft/onefuzz/82fffbe8adc047f055cb4fddcae17e9e1244423e/contrib/webhook-teams-service/example-message.png
--------------------------------------------------------------------------------
/contrib/webhook-teams-service/host.json:
--------------------------------------------------------------------------------
1 | {
2 | "version": "2.0",
3 | "logging": {
4 | "applicationInsights": {
5 | "samplingSettings": {
6 | "isEnabled": true,
7 | "excludedTypes": "Request"
8 | }
9 | }
10 | },
11 | "extensionBundle": {
12 | "id": "Microsoft.Azure.Functions.ExtensionBundle",
13 | "version": "[1.*, 2.0.0)"
14 | }
15 | }
--------------------------------------------------------------------------------
/contrib/webhook-teams-service/local.settings.json:
--------------------------------------------------------------------------------
1 | {
2 | "IsEncrypted": false,
3 | "Values": {
4 | "FUNCTIONS_WORKER_RUNTIME": "python"
5 | }
6 | }
7 |
--------------------------------------------------------------------------------
/contrib/webhook-teams-service/mypy.ini:
--------------------------------------------------------------------------------
1 | [mypy]
2 | disallow_untyped_defs = True
3 | follow_imports = silent
4 | check_untyped_defs = True
5 | disallow_any_generics = True
6 | no_implicit_reexport = True
7 | strict_optional = True
8 | warn_redundant_casts = True
9 | warn_return_any = True
10 | warn_unused_configs = True
11 | warn_unused_ignores = True
12 |
13 | [mypy-azure.*]
14 | ignore_missing_imports = True
15 |
--------------------------------------------------------------------------------
/contrib/webhook-teams-service/requirements.txt:
--------------------------------------------------------------------------------
1 | # Do not include azure-functions-worker as it may conflict with the Azure Functions platform
2 |
3 | azure-functions
4 | aiohttp
--------------------------------------------------------------------------------
/contrib/webhook-teams-service/webhook/function.json:
--------------------------------------------------------------------------------
1 | {
2 | "scriptFile": "__init__.py",
3 | "bindings": [
4 | {
5 | "authLevel": "function",
6 | "type": "httpTrigger",
7 | "direction": "in",
8 | "name": "req",
9 | "methods": [
10 | "post"
11 | ]
12 | },
13 | {
14 | "type": "http",
15 | "direction": "out",
16 | "name": "$return"
17 | }
18 | ]
19 | }
--------------------------------------------------------------------------------
/docs/FAQ.md:
--------------------------------------------------------------------------------
1 | # Frequently Asked Questions
2 |
3 | ## Results sometimes show up before tasks are "running"
4 |
5 | We use VM Scale Sets. Often, some of the VMs in the set provision faster than
6 | others. Rather than wait for the entire set to begin, the agent starts on each
7 | VM as soon as the VM is up.
8 |
9 | ## Debugging issues on scalesets
10 |
11 | You can use az vmss run-command to launch commands in your VMs. As an example,
12 | the following command in bash will recursively list c:\onefuzz for a given task:
13 |
14 | ```sh
15 | az vmss list-instances --subscription SUBSCRIPTION -n TASK_ID -g RESOURCE_GROUP \
16 | --query [].id --output tsv | az vmss run-command invoke --ids @- \
17 | --command-id RunPowerShellScript --scripts 'Get-ChildItem -Path c:\onefuzz -Recurse'
18 | ```
19 |
20 | On Linux VMs, use RunShellScript. On Windows VMs, use RunPowerShellScript. Note
21 | that you will only see the last 4096 bytes of output. See
22 | [here](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/run-command#restrictions)
23 | for all restrictions on run-command.
24 |
--------------------------------------------------------------------------------
/docs/README.md:
--------------------------------------------------------------------------------
1 | # OneFuzz Documentation
2 |
3 | A brief index of the documentation follows:
4 |
5 | ## For Users
6 |
7 | First steps:
8 |
9 | * [Getting Started](getting-started.md)
10 | * [Frequently Asked Questions](FAQ.md)
11 | * [Known Issues](known-issues.md)
12 | * [Terminology](terminology.md) of OneFuzz
13 |
14 | Guides:
15 |
16 | * [Migrating Regions](migrating-regions.md)
17 |
18 | Integrations and customizations:
19 |
20 | * [Custom Analysis](custom-analysis.md)
21 | * [Custom Images](custom-images.md)
22 | * [Notifications](notifications.md)
23 | * [Webhooks](webhooks.md)
24 | * [Webhook Events](webhook_events.md)
25 |
26 | ## For Contributors
27 |
28 | Guides:
29 |
30 | * [Architecture Overview](overview.md)
31 | * [Comms Channels](comms-channels.md)
32 | * [Understanding Tasks](tasks.md)
33 |
34 | Policies:
35 |
36 | * [Supported Platforms](supported-platforms.md)
37 | * [Versioning](versioning.md)
38 |
--------------------------------------------------------------------------------
/docs/custom-analysis.md:
--------------------------------------------------------------------------------
1 | # Custom Analysis Tasks
2 |
3 | OneFuzz supports the ability to create user-defined analysis tasks, enabling
4 | custom triage of crashes.
5 |
6 | ## Example use case
7 |
8 | Users can automatically record the output of
9 | [!analyze](https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/using-the--analyze-extension)
10 | for crash using a `generic_generator` task with analyzer_exe of `cdb`, and the
11 | `analyzer_options` of
12 |
13 | ```json
14 | [
15 | "-c", "!analyze;q", "-logo", "{output_dir}\\{input_file_name_no_ext}.report",
16 | "{target_exe}", "{target_options}"
17 | ]
18 | ```
19 |
20 | For a crash named `mycrash.txt`, this will create `mycrash.report` in the
21 | `analysis` container.
22 |
23 | This can be seen in the [radamsa](../src/cli/onefuzz/templates/radamsa.py)
24 | template for any Windows targets.
25 |
26 | See also:
27 |
28 | * [Command Replacements](command-replacements.md)
29 | * [Example to collect LLVM Source-Based Coverage using custom analysis](../src/cli/examples/llvm-source-coverage/README.md)
30 |
--------------------------------------------------------------------------------
/docs/how-to/remote-debugging-dotnet.md:
--------------------------------------------------------------------------------
1 | ## How to setup remote debugging of dotnet Azure Functions on new deployments
2 |
3 | 1) when running `deploy.py` use `--host_dotnet_on_windows` flag as part of the command line. This will deploy `dotnet` Azure Function on Windows Server Farm, which supports functinoality for remote debugging of `dotnet` code.
4 |
5 | 2) Follow instructions on how to connect Visual Studio 2022 to newly deployed Azure Function: [https://docs.microsoft.com/en-us/azure/azure-functions/functions-develop-vs?tabs=in-process#remote-debugging](https://docs.microsoft.com/en-us/azure/azure-functions/functions-develop-vs?tabs=in-process#remote-debugging)
--------------------------------------------------------------------------------
/docs/notifications/teams-message.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/microsoft/onefuzz/82fffbe8adc047f055cb4fddcae17e9e1244423e/docs/notifications/teams-message.png
--------------------------------------------------------------------------------
/docs/overview.md:
--------------------------------------------------------------------------------
1 | ## Architecture Overview
2 |
3 | ```mermaid
4 | flowchart TB
5 |
6 | subgraph clients[Clients]
7 | CLI
8 | script.py
9 | end
10 |
11 | subgraph service[Service]
12 | AzFunc("Azure\nFunctions\n⚡")
13 |
14 | pool-linux[/Linux queue/]
15 | pool-win[/Windows queue/]
16 |
17 | EventGrid{Event Grid}
18 | SystemData[(System Data)]
19 | end
20 |
21 | UserData[(User Data)]
22 |
23 | subgraph linux-compute[Linux VMs]
24 | vmss1
25 | vmss2
26 | end
27 |
28 | subgraph windows-compute[Windows VMs]
29 | vmss3
30 | vmss4
31 | end
32 |
33 | CLI--HTTP-->AzFunc
34 | script.py--HTTP-->AzFunc
35 |
36 | AzFunc--Timers-->AzFunc
37 | AzFunc --> pool-linux
38 | AzFunc --> pool-win
39 | AzFunc <--> UserData
40 | AzFunc -- ORM --> SystemData
41 | SystemData -- Trigger --> AzFunc
42 |
43 | SystemData --> EventGrid
44 | UserData --> EventGrid
45 | EventGrid -- Event --> AzFunc
46 |
47 | UserData <-- Container Sync --> linux-compute
48 | UserData <-- Container Sync --> windows-compute
49 |
50 | linux-compute -. poll .-> pool-linux
51 | windows-compute -. poll .-> pool-win
52 | ```
53 |
--------------------------------------------------------------------------------
/docs/screencasts/README.md:
--------------------------------------------------------------------------------
1 | # Screencasts of using OneFuzz
2 |
3 | ## Launching a Job
4 | 
5 |
6 |
7 | ## Live debugging a crash
8 | 
9 |
10 | Note: Launching the VM is sped up in this screencast. Launching VMs for crash
11 | reproduction currently takes approximiately 2 minutes for Linux and 7 minutes
12 | for Windows.
13 |
--------------------------------------------------------------------------------
/docs/screencasts/launching-job.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/microsoft/onefuzz/82fffbe8adc047f055cb4fddcae17e9e1244423e/docs/screencasts/launching-job.gif
--------------------------------------------------------------------------------
/docs/screencasts/live-debugging.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/microsoft/onefuzz/82fffbe8adc047f055cb4fddcae17e9e1244423e/docs/screencasts/live-debugging.gif
--------------------------------------------------------------------------------
/docs/ssh-config.md:
--------------------------------------------------------------------------------
1 | # SSH within OneFuzz
2 |
3 | OneFuzz enables automatically connecting to fuzzing & crash repro nodes via SSH.
4 | Each VM and VM scale set has its own SSH key pair.
5 |
6 | On Linux VMs, the public key is written to `~onefuzz/.ssh/authorized_keys`
7 |
8 | For Windows VMs, the public key is written to
9 | `\$env:ProgramData\ssh\administrators_authorized_keys` following
10 | [Windows OpenSSH server guides](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_server_configuration).
11 |
12 | ## OneFuzz cli handling keys
13 |
14 | When using any of the SSH enabled components of the onefuzz CLI, the CLI will
15 | automatically fetch the key-pair for a VM as needed. The private key is written
16 | to a temporary directory and removed upon completion of the SSH command.
17 |
18 | NOTE: As VMs and VM scale sets are intended to be short-lived and ephemeral, the
19 | onefuzz CLI configures SSH to not write to the user's known host file and
20 | ignores host key checking.
21 |
--------------------------------------------------------------------------------
/global.json:
--------------------------------------------------------------------------------
1 | {
2 | "sdk": {
3 | "version": "7.0.100",
4 | "rollForward": "latestFeature"
5 | }
6 | }
7 |
--------------------------------------------------------------------------------
/src/ApiService/.config/dotnet-tools.json:
--------------------------------------------------------------------------------
1 | {
2 | "version": 1,
3 | "isRoot": true,
4 | "tools": {}
5 | }
--------------------------------------------------------------------------------
/src/ApiService/ApiService/Auth/AuthenticationItems.cs:
--------------------------------------------------------------------------------
1 | using Microsoft.Azure.Functions.Worker;
2 |
3 | namespace Microsoft.OneFuzz.Service.Auth;
4 |
5 | public static class AuthenticationItems {
6 | private const string Key = "ONEFUZZ_USER_INFO";
7 |
8 | public static void SetUserAuthInfo(this FunctionContext context, UserAuthInfo info)
9 | => context.Items[Key] = info;
10 |
11 | public static UserAuthInfo GetUserAuthInfo(this FunctionContext context)
12 | => (UserAuthInfo)context.Items[Key];
13 |
14 | public static UserAuthInfo? TryGetUserAuthInfo(this FunctionContext context)
15 | => context.Items.TryGetValue(Key, out var result) ? (UserAuthInfo)result : null;
16 | }
17 |
--------------------------------------------------------------------------------
/src/ApiService/ApiService/Auth/AuthorizeAttribute.cs:
--------------------------------------------------------------------------------
1 | namespace Microsoft.OneFuzz.Service.Auth;
2 |
3 | [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
4 | public sealed class AuthorizeAttribute : Attribute {
5 | public AuthorizeAttribute(Allow allow) {
6 | Allow = allow;
7 | }
8 |
9 | public Allow Allow { get; set; }
10 | }
11 |
12 | public enum Allow {
13 | Agent,
14 | User,
15 | Admin,
16 |
17 | }
18 |
--------------------------------------------------------------------------------
/src/ApiService/ApiService/FeatureFlags.cs:
--------------------------------------------------------------------------------
1 | namespace Microsoft.OneFuzz.Service;
2 |
3 | public static class FeatureFlagConstants {
4 | public const string RenderOnlyScribanTemplates = "RenderOnlyScribanTemplates";
5 | public const string EnableNodeDecommissionStrategy = "EnableNodeDecommissionStrategy";
6 | public const string SemanticNotificationConfigValidation = "SemanticNotificationConfigValidation";
7 | public const string EnableCustomMetricTelemetry = "EnableCustomMetricTelemetry";
8 | public const string EnableBlobRetentionPolicy = "EnableBlobRetentionPolicy";
9 | public const string EnableDryRunBlobRetention = "EnableDryRunBlobRetention";
10 | public const string EnableWorkItemCreation = "EnableWorkItemCreation";
11 | public const string EnableContainerRetentionPolicies = "EnableContainerRetentionPolicies";
12 | public const string EnableSlimEventSerialization = "EnableSlimEventSerialization";
13 | }
14 |
--------------------------------------------------------------------------------
/src/ApiService/ApiService/Functions/Negotiate.cs:
--------------------------------------------------------------------------------
1 | using System.Net;
2 | using System.Threading.Tasks;
3 | using Microsoft.Azure.Functions.Worker;
4 | using Microsoft.Azure.Functions.Worker.Http;
5 | using Microsoft.OneFuzz.Service.Auth;
6 |
7 | namespace Microsoft.OneFuzz.Service.Functions;
8 |
9 | public class Negotiate {
10 | [Function("Negotiate")]
11 | [Authorize(Allow.User)]
12 | public static async Task Run(
13 | [HttpTrigger(AuthorizationLevel.Anonymous, "POST")] HttpRequestData req,
14 | [SignalRConnectionInfoInput(HubName = "dashboard")] string info) {
15 |
16 | // This endpoint handles the signalr negotation
17 | // As we do not differentiate from clients at this time, we pass the Functions runtime
18 | // provided connection straight to the client
19 | //
20 | // For more info:
21 | // https://docs.microsoft.com/en-us/azure/azure-signalr/signalr-concept-internals
22 |
23 | var resp = req.CreateResponse(HttpStatusCode.OK);
24 | resp.Headers.Add("Content-Type", "application/json");
25 | await resp.WriteStringAsync(info);
26 | return resp;
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/src/ApiService/ApiService/Functions/QueueSignalREvents.cs:
--------------------------------------------------------------------------------
1 | using Microsoft.Azure.Functions.Worker;
2 | using Microsoft.Extensions.Logging;
3 | namespace Microsoft.OneFuzz.Service.Functions;
4 |
5 | public class QueueSignalREvents {
6 | private readonly ILogger _logger;
7 |
8 | public QueueSignalREvents(ILogger logger) {
9 | _logger = logger;
10 | }
11 |
12 | [Function("QueueSignalREvents")]
13 | [SignalROutput(HubName = "dashboard")]
14 | public static string Run(
15 | [QueueTrigger("signalr-events", Connection = "AzureWebJobsStorage")] string msg) {
16 | return msg;
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/src/ApiService/ApiService/Functions/QueueWebhooks.cs:
--------------------------------------------------------------------------------
1 | using System.Text.Json;
2 | using Microsoft.Azure.Functions.Worker;
3 | using Microsoft.Extensions.Logging;
4 | using Microsoft.OneFuzz.Service.OneFuzzLib.Orm;
5 | namespace Microsoft.OneFuzz.Service.Functions;
6 |
7 | public class QueueWebhooks {
8 | private readonly ILogger _log;
9 | private readonly IWebhookMessageLogOperations _webhookMessageLog;
10 | public QueueWebhooks(ILogger log, IWebhookMessageLogOperations webhookMessageLog) {
11 | _log = log;
12 | _webhookMessageLog = webhookMessageLog;
13 | }
14 |
15 | [Function("QueueWebhooks")]
16 | public async Async.Task Run([QueueTrigger("webhooks", Connection = "AzureWebJobsStorage")] string msg) {
17 |
18 | _log.LogInformation("Webhook Message Queued: {msg}", msg);
19 |
20 | var obj = JsonSerializer.Deserialize(msg, EntityConverter.GetJsonSerializerOptions()).EnsureNotNull($"wrong data {msg}");
21 |
22 | await _webhookMessageLog.ProcessFromQueue(obj);
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/src/ApiService/ApiService/LogExt.cs:
--------------------------------------------------------------------------------
1 | using System.Net;
2 | using Microsoft.Extensions.Logging;
3 |
4 | namespace Microsoft.OneFuzz.Service;
5 | public static class LogExt {
6 | ///
7 | ///
8 | ///
9 | ///
10 | ///
11 | ///
12 | public static void LogOneFuzzError(this ILogger logger, Error err) {
13 | var errors = err.Errors ?? new List();
14 | logger.LogError("Error: Code = {Code}, Errors = {errorsString}", err.Code, string.Join(';', errors));
15 | }
16 |
17 |
18 | public static void AddHttpStatus(this ILogger logger, (HttpStatusCode Status, string Reason) result) {
19 | logger.AddTag("StatusCode", ((int)result.Status).ToString());
20 | logger.AddTag("ReasonPhrase", result.Reason);
21 | }
22 |
23 |
24 | }
25 |
--------------------------------------------------------------------------------
/src/ApiService/ApiService/az-local.settings.json:
--------------------------------------------------------------------------------
1 | {
2 | "IsEncrypted": false,
3 | "Values": {
4 | "FUNCTIONS_WORKER_RUNTIME": "dotnet-isolated",
5 | "linux_fx_version": "DOTNET-ISOLATED|7.0"
6 | }
7 | }
8 |
--------------------------------------------------------------------------------
/src/ApiService/ApiService/host.json:
--------------------------------------------------------------------------------
1 | {
2 | "version": "2.0",
3 | "functionTimeout": "12:00:00",
4 | "logging": {
5 | "applicationInsights": {
6 | "samplingSettings": {
7 | "isEnabled": true,
8 | "excludedTypes": "Request"
9 | }
10 | }
11 | }
12 | }
--------------------------------------------------------------------------------
/src/ApiService/ApiService/onefuzzlib/InstanceIds.cs:
--------------------------------------------------------------------------------
1 | namespace Microsoft.OneFuzz.Service;
2 |
3 | public static class InstanceIds {
4 | // See: https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-instance-ids#scale-set-vm-names
5 | // Machine Name here is {ScaleSet}_{InstanceId}
6 | public static string InstanceIdFromMachineName(string machineName)
7 | => machineName.Split("_").Last();
8 | }
9 |
--------------------------------------------------------------------------------
/src/ApiService/ApiService/onefuzzlib/Versions.cs:
--------------------------------------------------------------------------------
1 | using Semver;
2 |
3 | namespace Microsoft.OneFuzz.Service;
4 |
5 | public class Versions {
6 | public static bool IsMinimumVersion(string versionStr, string minimumStr) {
7 | var version = SemVersion.Parse(versionStr, SemVersionStyles.Any);
8 | var minimum = SemVersion.Parse(minimumStr, SemVersionStyles.Any);
9 |
10 | return version.ComparePrecedenceTo(minimum) >= 0;
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/src/ApiService/ApiService/onefuzzlib/WellKnownContainers.cs:
--------------------------------------------------------------------------------
1 |
2 | namespace Microsoft.OneFuzz.Service;
3 |
4 | public static class WellKnownContainers {
5 | public static readonly Container BaseConfig = Container.Parse("base-config");
6 | public static readonly Container VmScripts = Container.Parse("vm-scripts");
7 | public static readonly Container InstanceSpecificSetup = Container.Parse("instance-specific-setup");
8 | public static readonly Container Tools = Container.Parse("tools");
9 | public static readonly Container ReproScripts = Container.Parse("repro-scripts");
10 | public static readonly Container TaskConfigs = Container.Parse("task-configs");
11 | public static readonly Container ProxyConfigs = Container.Parse("proxy-configs");
12 | public static readonly Container Events = Container.Parse("events");
13 | }
14 |
--------------------------------------------------------------------------------
/src/ApiService/CSharpExtensions.json:
--------------------------------------------------------------------------------
1 | {
2 | "$comment1": "See https://github.com/cezarypiatek/CSharpExtensions ",
3 | "$comment2": "These types are all 'builders' and okay to ignore the result of",
4 | "CSE005": {
5 | "IgnoredReturnTypes": [
6 | "FluentAssertions.AndConstraint",
7 | "Microsoft.Azure.Functions.Worker.IFunctionsWorkerApplicationBuilder",
8 | "Microsoft.Extensions.Configuration.AzureAppConfiguration.AzureAppConfigurationOptions",
9 | "Microsoft.Extensions.Configuration.IConfigurationBuilder",
10 | "Microsoft.Extensions.DependencyInjection.IServiceCollection",
11 | "NSubstitute.Core.ConfiguredCall",
12 | "System.Text.StringBuilder"
13 | ]
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/src/ApiService/FunctionalTests/1f-api/ApiClient.cs:
--------------------------------------------------------------------------------
1 | namespace FunctionalTests {
2 | sealed class ApiClient {
3 | static Microsoft.Morse.AuthenticationConfig authConfig =
4 | new Microsoft.Morse.AuthenticationConfig(
5 | ClientId: System.Environment.GetEnvironmentVariable("ONEFUZZ_CLIENT_ID")!,
6 | TenantId: System.Environment.GetEnvironmentVariable("ONEFUZZ_TENANT_ID")!,
7 | Scopes: new[] { System.Environment.GetEnvironmentVariable("ONEFUZZ_SCOPES")! },
8 | Secret: System.Environment.GetEnvironmentVariable("ONEFUZZ_SECRET")!);
9 |
10 | static Microsoft.Morse.ServiceAuth auth = new Microsoft.Morse.ServiceAuth(authConfig);
11 | static Microsoft.OneFuzz.Service.Request request = new Microsoft.OneFuzz.Service.Request(new HttpClient(), () => auth.Token(new CancellationToken()));
12 |
13 | public static Microsoft.OneFuzz.Service.Request Request => request;
14 |
15 | public static Uri Endpoint { get; } = new(Environment.GetEnvironmentVariable("ONEFUZZ_ENDPOINT") ?? "http://localhost:7071");
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/src/ApiService/FunctionalTests/1f-api/Authentication.cs:
--------------------------------------------------------------------------------
1 | using System.Text.Json;
2 |
3 | namespace FunctionalTests;
4 |
5 | public class Authentication : IFromJsonElement {
6 | readonly JsonElement _e;
7 |
8 | public Authentication(JsonElement e) => _e = e;
9 |
10 | public string Password => _e.GetStringProperty("password");
11 |
12 | public string PublicKey => _e.GetStringProperty("public_key");
13 | public string PrivateKey => _e.GetStringProperty("private_key");
14 |
15 | public static Authentication Convert(JsonElement e) => new(e);
16 | }
17 |
--------------------------------------------------------------------------------
/src/ApiService/FunctionalTests/1f-api/Download.cs:
--------------------------------------------------------------------------------
1 | using System.Net;
2 | using System.Web;
3 | using Xunit.Abstractions;
4 |
5 | namespace FunctionalTests {
6 | public class DownloadApi : ApiBase {
7 |
8 | public DownloadApi(Uri endpoint, Microsoft.OneFuzz.Service.Request request, ITestOutputHelper output) :
9 | base(endpoint, "/api/Download", request, output) {
10 | }
11 |
12 | public async Task> Get(string? container = null, string? filename = null) {
13 | var n = HttpUtility.ParseQueryString(string.Empty);
14 | if (container is not null)
15 | n.Add("container", container);
16 | if (filename is not null)
17 | n.Add("filename", filename);
18 | return await QueryGet(n.ToString());
19 | }
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/src/ApiService/FunctionalTests/1f-api/Negotiate.cs:
--------------------------------------------------------------------------------
1 | namespace FunctionalTests {
2 | public class NegotiateApi {
3 | }
4 | }
5 |
--------------------------------------------------------------------------------
/src/ApiService/FunctionalTests/1f-api/NodeAddSshKey.cs:
--------------------------------------------------------------------------------
1 | using System.Text.Json.Nodes;
2 | using Xunit.Abstractions;
3 |
4 |
5 | namespace FunctionalTests {
6 | public class NodeAddSshKeyApi : ApiBase {
7 |
8 | public NodeAddSshKeyApi(Uri endpoint, Microsoft.OneFuzz.Service.Request request, ITestOutputHelper output) :
9 | base(endpoint, "/api/node_add_ssh_key", request, output) {
10 | }
11 |
12 | public async Task Post(Guid machineId, string publicSshKey) {
13 | var n = new JsonObject()
14 | .AddV("machine_id", machineId)
15 | .AddV("public_key", publicSshKey);
16 |
17 | var r = await Post(n);
18 | return Return(r);
19 | }
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/src/ApiService/FunctionalTests/1f-api/UserInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Text.Json;
2 |
3 | namespace FunctionalTests;
4 |
5 | public class UserInfo : IFromJsonElement {
6 |
7 | readonly JsonElement _e;
8 | public UserInfo(JsonElement e) => _e = e;
9 | public static UserInfo Convert(JsonElement e) => new(e);
10 |
11 | public Guid? ApplicationId => _e.GetNullableGuidProperty("application_id");
12 | public Guid? ObjectId => _e.GetNullableGuidProperty("object_id");
13 | public string? Upn => _e.GetNullableStringProperty("upn");
14 | }
15 |
--------------------------------------------------------------------------------
/src/ApiService/FunctionalTests/1f-api/WebhookLogs.cs:
--------------------------------------------------------------------------------
1 | namespace FunctionalTests {
2 | public class WebhookLogs {
3 | }
4 | }
5 |
--------------------------------------------------------------------------------
/src/ApiService/FunctionalTests/1f-api/WebhookPing.cs:
--------------------------------------------------------------------------------
1 | namespace FunctionalTests {
2 | public class WebhookPing {
3 | }
4 | }
5 |
--------------------------------------------------------------------------------
/src/ApiService/FunctionalTests/1f-api/Webhooks.cs:
--------------------------------------------------------------------------------
1 | namespace FunctionalTests {
2 | public class Webhooks {
3 | }
4 | }
5 |
--------------------------------------------------------------------------------
/src/ApiService/FunctionalTests/GlobalSuppressions.cs:
--------------------------------------------------------------------------------
1 | // This file is used by Code Analysis to maintain SuppressMessage
2 | // attributes that are applied to this project.
3 | // Project-level suppressions either have no target or are given
4 | // a specific target and scoped to a namespace, type, member, etc.
5 |
6 | using System.Diagnostics.CodeAnalysis;
7 |
8 | [assembly: SuppressMessage("Style", "IDE0005:Using directive is unnecessary.", Justification = "Test code")]
9 | [assembly: SuppressMessage("Design", "CA1036:Override methods on comparable types", Justification = "Test code", Scope = "type", Target = "~T:FunctionalTests.Error")]
10 | [assembly: SuppressMessage("Design", "CA1036:Override methods on comparable types", Justification = "Test code", Scope = "type", Target = "~T:FunctionalTests.Forward")]
11 | [assembly: SuppressMessage("Design", "CA1036:Override methods on comparable types", Justification = "Test code", Scope = "type", Target = "~T:FunctionalTests.ProxyGetResult")]
12 |
--------------------------------------------------------------------------------
/src/ApiService/FunctionalTests/Helpers.cs:
--------------------------------------------------------------------------------
1 | using Xunit;
2 |
3 | namespace FunctionalTests {
4 | public class Helpers {
5 | public static async Task<(Pool, Scaleset)> CreatePoolAndScaleset(PoolApi poolApi, ScalesetApi scalesetApi, string os = "linux", string? region = null, int numNodes = 2) {
6 |
7 | var newPoolId = Guid.NewGuid().ToString();
8 | var newPoolName = PoolApi.TestPoolPrefix + newPoolId;
9 | var newPool = await poolApi.Create(newPoolName, os);
10 |
11 | Assert.True(newPool.IsOk, $"failed to create new pool: {newPool.ErrorV}");
12 | var newScalesetResult = await scalesetApi.Create(newPool.OkV!.Name, numNodes, region: region);
13 |
14 | Assert.True(newScalesetResult.IsOk, $"failed to crate new scaleset: {newScalesetResult.ErrorV}");
15 | var newScaleset = newScalesetResult.OkV!;
16 |
17 | return (newPool.OkV!, newScaleset);
18 |
19 | }
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/src/ApiService/FunctionalTests/TestInfo.cs:
--------------------------------------------------------------------------------
1 | using FluentAssertions;
2 | using Xunit;
3 | using Xunit.Abstractions;
4 |
5 |
6 | namespace FunctionalTests {
7 | [Trait("Category", "Live")]
8 | public class TestInfo {
9 | private readonly ITestOutputHelper _output;
10 | InfoApi _infoApi;
11 | public TestInfo(ITestOutputHelper output) {
12 | _output = output;
13 | _infoApi = new InfoApi(ApiClient.Endpoint, ApiClient.Request, output);
14 | }
15 |
16 | [Fact]
17 | async Task GetInfo() {
18 | var info = await _infoApi.Get();
19 | _ = info.IsOk.Should().BeTrue();
20 | _ = info.OkV!.Versions.ContainsKey("onefuzz").Should().BeTrue();
21 | }
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/src/ApiService/FunctionalTests/TestTasks.cs:
--------------------------------------------------------------------------------
1 | using FluentAssertions;
2 | using Xunit;
3 | using Xunit.Abstractions;
4 |
5 |
6 | namespace FunctionalTests {
7 | [Trait("Category", "Live")]
8 | public class TestTasks {
9 | TaskApi _taskApi;
10 |
11 | private readonly ITestOutputHelper _output;
12 |
13 | public TestTasks(ITestOutputHelper output) {
14 | this._output = output;
15 | _taskApi = new TaskApi(ApiClient.Endpoint, ApiClient.Request, output);
16 | }
17 |
18 | [Fact]
19 | public async Task GetNonExistentTask() {
20 | var t1 = await _taskApi.Get(Guid.NewGuid());
21 | _ = t1.IsOk.Should().BeTrue();
22 | _ = t1.OkV.Should().BeEmpty();
23 |
24 |
25 | var t2 = await _taskApi.Get(Guid.NewGuid(), Guid.NewGuid());
26 | _ = t2.IsOk.Should().BeFalse();
27 | _ = t2.ErrorV!.UnableToFindTask.Should().BeTrue();
28 | }
29 |
30 |
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/ApiService/IntegrationTests/AgentCanScheduleTests.cs:
--------------------------------------------------------------------------------
1 | using Microsoft.OneFuzz.Service;
2 | using Xunit;
3 | using Xunit.Abstractions;
4 |
5 | namespace IntegrationTests;
6 |
7 | [Trait("Category", "Live")]
8 | public class AzureStorageAgentCanScheduleTest : AgentCommandsTestsBase {
9 | public AzureStorageAgentCanScheduleTest(ITestOutputHelper output)
10 | : base(output, Integration.AzureStorage.FromEnvironment()) { }
11 | }
12 |
13 | public class AzuriteAgentCanScheduleTest : AgentEventsTestsBase {
14 | public AzuriteAgentCanScheduleTest(ITestOutputHelper output)
15 | : base(output, new Integration.AzuriteStorage()) { }
16 | }
17 |
18 | public abstract class AgentCanScheduleTestsBase : FunctionTestBase {
19 | public AgentCanScheduleTestsBase(ITestOutputHelper output, IStorage storage)
20 | : base(output, storage) { }
21 |
22 | }
23 |
--------------------------------------------------------------------------------
/src/ApiService/IntegrationTests/AuthTests.cs:
--------------------------------------------------------------------------------
1 | using FluentAssertions;
2 | using Microsoft.Extensions.Logging;
3 | using Microsoft.OneFuzz.Service;
4 | using Xunit;
5 | using Xunit.Abstractions;
6 |
7 | namespace Tests {
8 |
9 | public class AuthTests {
10 | protected ILogger Logger { get; }
11 | public AuthTests(ITestOutputHelper output) {
12 | var provider = new IntegrationTests.OneFuzzLoggerProvider(output);
13 | Logger = provider.CreateLogger("Auth");
14 | }
15 |
16 | [Fact]
17 | public async System.Threading.Tasks.Task TestAuth() {
18 | var auth = await AuthHelpers.BuildAuth(Logger);
19 |
20 | auth.Should().NotBeNull();
21 | auth.PrivateKey.StartsWith("-----BEGIN OPENSSH PRIVATE KEY-----").Should().BeTrue();
22 | auth.PrivateKey.EndsWith("-----END OPENSSH PRIVATE KEY-----\n").Should().BeTrue();
23 | auth.PublicKey.StartsWith("ssh-rsa").Should().BeTrue();
24 | }
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/src/ApiService/IntegrationTests/Fakes/TestContainers.cs:
--------------------------------------------------------------------------------
1 | using Microsoft.Extensions.Caching.Memory;
2 | using Microsoft.Extensions.Logging;
3 | using Microsoft.OneFuzz.Service;
4 |
5 | // TestContainers class allows use of InstanceID without having to set it up in blob storage
6 | sealed class TestContainers : Containers {
7 | public TestContainers(ILogger log, IStorage storage, IServiceConfig config, IOnefuzzContext context, IMemoryCache cache)
8 | : base(log, storage, config, context, cache) { }
9 | }
10 |
--------------------------------------------------------------------------------
/src/ApiService/IntegrationTests/Fakes/TestEvents.cs:
--------------------------------------------------------------------------------
1 | using System.Collections.Generic;
2 | using Microsoft.Extensions.Logging;
3 | using Microsoft.OneFuzz.Service;
4 | using Async = System.Threading.Tasks;
5 |
6 | namespace IntegrationTests.Fakes;
7 |
8 | public sealed class TestEvents : Events {
9 |
10 | public List Events { get; } = new();
11 | public List SignalREvents { get; } = new();
12 |
13 | public TestEvents(ILogger log, IOnefuzzContext context)
14 | : base(log, context) { }
15 |
16 | public override void LogEvent(BaseEvent anEvent) {
17 | Events.Add(anEvent);
18 | }
19 |
20 | public override Async.Task QueueSignalrEvent(DownloadableEventMessage message) {
21 | SignalREvents.Add(message);
22 | return Async.Task.CompletedTask;
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/src/ApiService/IntegrationTests/Fakes/TestMetrics.cs:
--------------------------------------------------------------------------------
1 | using System.Collections.Generic;
2 | using Microsoft.Extensions.Logging;
3 | using Microsoft.OneFuzz.Service;
4 | namespace IntegrationTests.Fakes;
5 |
6 | public sealed class TestMetrics : Metrics {
7 |
8 | public List Metrics { get; } = new();
9 | public List CustomMetrics { get; } = new();
10 | public TestMetrics(ILogger log, IOnefuzzContext context)
11 | : base(log, context) { }
12 | }
13 |
--------------------------------------------------------------------------------
/src/ApiService/IntegrationTests/Fakes/TestWebhookMessageLogOperations.cs:
--------------------------------------------------------------------------------
1 | using System.Collections.Generic;
2 | using Microsoft.Extensions.Logging;
3 | using Microsoft.OneFuzz.Service;
4 | namespace IntegrationTests.Fakes;
5 |
6 | public sealed class TestWebhookMessageLogOperations : WebhookMessageLogOperations {
7 |
8 | public List Events { get; } = new();
9 | public List SignalREvents { get; } = new();
10 |
11 | public TestWebhookMessageLogOperations(ILogger log, IOnefuzzContext context)
12 | : base(log, context) { }
13 | }
14 |
--------------------------------------------------------------------------------
/src/ApiService/IntegrationTests/Fakes/TestWebhookOperations.cs:
--------------------------------------------------------------------------------
1 | using System.Collections.Generic;
2 | using System.Net.Http;
3 | using Microsoft.Extensions.Logging;
4 | using Microsoft.OneFuzz.Service;
5 | namespace IntegrationTests.Fakes;
6 |
7 | public sealed class TestWebhookOperations : WebhookOperations {
8 |
9 | public List Events { get; } = new();
10 | public List SignalREvents { get; } = new();
11 |
12 | public TestWebhookOperations(IHttpClientFactory httpClientFactory, ILogger log, IOnefuzzContext context)
13 | : base(httpClientFactory, log, context) { }
14 | }
15 |
--------------------------------------------------------------------------------
/src/ApiService/IntegrationTests/README.md:
--------------------------------------------------------------------------------
1 | # Integration Tests
2 |
3 | The integration tests in this project allow specific Functions to be run against
4 | Azure Storage. They can be run in two modes:
5 |
6 | - **Against the [Azurite](https://github.com/Azure/Azurite) storage emulator**:
7 | these tests are run by default. `azurite` must be started and running (e.g.
8 | with `azurite -s &`).
9 |
10 | - **Against a real Azure Storage account**: to use this, the environment
11 | variables `AZURE_ACCOUNT_NAME` and `AZURE_ACCOUNT_KEY` must be set.
12 |
13 | These tests can be excluded by running `dotnet test` with the arguments
14 | `--filter "Category!=Live"`.
15 |
16 | The same tests are used in each case. The way this is achieved in Xunit is by
17 | writing the tests in an (abstract) base class and then deriving two
18 | implementations from this base class, one for each “run configuration”.
19 |
--------------------------------------------------------------------------------
/src/ApiService/Tests/ErrorTests.cs:
--------------------------------------------------------------------------------
1 | using System.Text.Json;
2 | using Microsoft.OneFuzz.Service;
3 | using Xunit;
4 |
5 | namespace Tests;
6 |
7 | public class ErrorTests {
8 |
9 | [Fact]
10 | public void JsonHasErrorTitle() {
11 | var error = Error.Create(ErrorCode.INVALID_IMAGE);
12 | var json = JsonSerializer.Serialize(error);
13 | Assert.Equal(@"{""Code"":463,""Errors"":[],""Title"":""INVALID_IMAGE""}", json);
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/src/ApiService/Tests/EventsTests.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using Microsoft.OneFuzz.Service;
3 | using Xunit;
4 |
5 | namespace Tests;
6 |
7 | public class EventTests {
8 |
9 | [Fact]
10 | public static void CheckAllEventClass() {
11 | // instantiate one event to force the static constructor to run
12 | // if it doesn't throw then this test passes
13 | _ = new EventPing(Guid.Empty);
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/src/ApiService/Tests/ExponentialBackoffTests.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using FluentAssertions;
3 | using Microsoft.OneFuzz.Service.Functions;
4 | using Xunit;
5 |
6 | namespace Tests;
7 |
8 | public class ExponentialBackoffTests {
9 | [Theory]
10 | [InlineData(1, 5)]
11 | [InlineData(2, 25)]
12 | [InlineData(3, 125)]
13 | [InlineData(4, 625)]
14 | public void ExpectedBackoffsWhenLessThanOneDay(int retryAttempt, int expectedBackoffMinutes) {
15 | var expectedBackoff = TimeSpan.FromMinutes(expectedBackoffMinutes);
16 |
17 | expectedBackoff.Should().Be(QueueFileChanges.CalculateExponentialBackoff(retryAttempt));
18 | }
19 |
20 | [Fact]
21 | public void BackoffIsCappedToRoughlyTwoDays() {
22 | QueueFileChanges.CalculateExponentialBackoff(5).Should()
23 | .BeLessThan(TimeSpan.FromDays(3));
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/src/ApiService/Tests/InstanceIdTests.cs:
--------------------------------------------------------------------------------
1 | using Microsoft.OneFuzz.Service;
2 | using Xunit;
3 |
4 | namespace Tests;
5 |
6 | public class InstanceIdTests {
7 | [Fact]
8 | public void CanExtractInstanceIdFromMachineName() {
9 | Assert.Equal("5", InstanceIds.InstanceIdFromMachineName("node_5"));
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/src/ApiService/Tests/RemoveUserInfoTest.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Text.Json;
3 | using Microsoft.OneFuzz.Service;
4 | using Xunit;
5 |
6 | namespace Tests {
7 | public class RemoveUserInfoTest {
8 |
9 | [Fact]
10 | public void TestSerialize() {
11 | var userInfo = new UserInfo(Guid.NewGuid(), Guid.NewGuid(), "test");
12 | var options = new JsonSerializerOptions();
13 | options.Converters.Add(new RemoveUserInfo());
14 | var serialized = JsonSerializer.Serialize(userInfo, options);
15 |
16 | Assert.Equal("{}", serialized);
17 | }
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/src/agent/.cargo/config.toml:
--------------------------------------------------------------------------------
1 | [target.x86_64-pc-windows-msvc]
2 | rustflags = [
3 | "-C",
4 | "target-feature=+crt-static",
5 | "-C",
6 | "control-flow-guard",
7 | "-C",
8 | "link-arg=/DYNAMICBASE",
9 | "-C",
10 | "link-arg=/CETCOMPAT",
11 | ]
12 |
--------------------------------------------------------------------------------
/src/agent/.gitignore:
--------------------------------------------------------------------------------
1 | target
2 | .agent-run
--------------------------------------------------------------------------------
/src/agent/.rustfmt.toml:
--------------------------------------------------------------------------------
1 | edition = "2021"
2 | newline_style = "Native"
3 |
--------------------------------------------------------------------------------
/src/agent/Cargo.toml:
--------------------------------------------------------------------------------
1 | [workspace]
2 | members = [
3 | "atexit",
4 | "cobertura",
5 | "coverage",
6 | "debuggable-module",
7 | "debugger",
8 | "dynamic-library",
9 | "input-tester",
10 | "onefuzz",
11 | "onefuzz-task",
12 | "onefuzz-agent",
13 | "onefuzz-result",
14 | "onefuzz-file-format",
15 | "onefuzz-telemetry",
16 | "reqwest-retry",
17 | "storage-queue",
18 | "win-util",
19 | "libclusterfuzz",
20 | "stacktrace-parser",
21 | ]
22 |
23 | resolver = "2"
24 |
25 | [profile.release]
26 | lto = "thin"
27 | # Per https://fasterthanli.me/articles/why-is-my-rust-build-so-slow:
28 | # In Cargo.toml, debug = true actually means debug = 2, and it's usually overkill,
29 | # unless you're doing the sort of debugging where you need to be able to inspect
30 | # the value of local variables for example.
31 | # If all you're after is a stack trace, debug = 1 is good enough.
32 | debug = 1
33 |
--------------------------------------------------------------------------------
/src/agent/LibFuzzerDotnetLoader/.gitignore:
--------------------------------------------------------------------------------
1 | bin/
2 | obj/
--------------------------------------------------------------------------------
/src/agent/LibFuzzerDotnetLoader/LibFuzzerDotnetLoader.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Exe
5 | 11.0
6 | net7.0
7 | enable
8 | enable
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
--------------------------------------------------------------------------------
/src/agent/atexit/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "atexit"
3 | version = "0.1.0"
4 | license = "MIT"
5 | authors = ["fuzzing@microsoft.com"]
6 | edition = "2021"
7 |
8 | [dependencies]
9 | ctrlc = "3.4.0"
10 | lazy_static = "1.4"
11 | log = "0.4"
12 |
--------------------------------------------------------------------------------
/src/agent/cobertura/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "cobertura"
3 | version = "0.1.0"
4 | edition = "2021"
5 | license = "MIT"
6 |
7 | [dependencies]
8 | anyhow = "1.0"
9 | quick-xml = "0.30"
10 |
--------------------------------------------------------------------------------
/src/agent/coverage/fuzz/.gitignore:
--------------------------------------------------------------------------------
1 | target
2 | corpus
3 | artifacts
4 | coverage
5 |
--------------------------------------------------------------------------------
/src/agent/coverage/fuzz/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "coverage-fuzz"
3 | version = "0.0.0"
4 | publish = false
5 | edition = "2021"
6 |
7 | [package.metadata]
8 | cargo-fuzz = true
9 |
10 | [dependencies]
11 | libfuzzer-sys = "0.4"
12 | tempfile = "3.7"
13 | debuggable-module = { path = "../../debuggable-module" }
14 |
15 |
16 | [dependencies.coverage]
17 | path = ".."
18 |
19 | # Prevent this from interfering with workspaces
20 | [workspace]
21 | members = ["."]
22 |
23 | [profile.release]
24 | debug = 1
25 |
26 | [[bin]]
27 | name = "fuzz_target_record_coverage"
28 | path = "fuzz_targets/fuzz_target_record_coverage.rs"
29 | test = false
30 | doc = false
31 |
32 | [[bin]]
33 | name = "fuzz_target_allowlist_parse"
34 | path = "fuzz_targets/fuzz_target_allowlist_parse.rs"
35 | test = false
36 | doc = false
37 |
38 |
--------------------------------------------------------------------------------
/src/agent/coverage/fuzz/fuzz_targets/fuzz_target_allowlist_parse.rs:
--------------------------------------------------------------------------------
1 | #![no_main]
2 |
3 | use libfuzzer_sys::fuzz_target;
4 | use coverage::allowlist::AllowList;
5 |
6 | fuzz_target!(|data: &[u8]| {
7 | // fuzzed code goes here
8 | if let Ok(s) = std::str::from_utf8(data)
9 | {
10 | let _ = AllowList::parse(s);
11 | }
12 | });
13 |
--------------------------------------------------------------------------------
/src/agent/coverage/src/allowlist/test-data/allow-all-glob-except-commented.txt:
--------------------------------------------------------------------------------
1 | a/*
2 | ! a/c
3 | # c
4 |
--------------------------------------------------------------------------------
/src/agent/coverage/src/allowlist/test-data/allow-all-glob-except.txt:
--------------------------------------------------------------------------------
1 | a/*
2 | ! a/c
3 | c
4 |
--------------------------------------------------------------------------------
/src/agent/coverage/src/allowlist/test-data/allow-all-glob-extension.txt:
--------------------------------------------------------------------------------
1 | a.*
2 |
--------------------------------------------------------------------------------
/src/agent/coverage/src/allowlist/test-data/allow-all-glob.txt:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/src/agent/coverage/src/allowlist/test-data/allow-all.txt:
--------------------------------------------------------------------------------
1 | a
2 | a/b
3 | b
4 | c
5 |
--------------------------------------------------------------------------------
/src/agent/coverage/src/allowlist/test-data/allow-some.txt:
--------------------------------------------------------------------------------
1 | a
2 | b
3 |
--------------------------------------------------------------------------------
/src/agent/coverage/src/allowlist/test-data/empty.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/microsoft/onefuzz/82fffbe8adc047f055cb4fddcae17e9e1244423e/src/agent/coverage/src/allowlist/test-data/empty.txt
--------------------------------------------------------------------------------
/src/agent/coverage/src/lib.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | #[macro_use]
5 | extern crate log;
6 |
7 | pub mod allowlist;
8 | pub mod binary;
9 | pub mod cobertura;
10 | pub mod record;
11 | pub mod source;
12 | mod timer;
13 |
14 | #[doc(inline)]
15 | pub use allowlist::AllowList;
16 |
17 | #[doc(inline)]
18 | pub use record::{CoverageRecorder, Recorded};
19 |
--------------------------------------------------------------------------------
/src/agent/coverage/tests/snapshots/snapshot__windows_snapshot_tests.snap:
--------------------------------------------------------------------------------
1 | ---
2 | source: coverage/tests/snapshot.rs
3 | expression: result
4 | input_file: coverage/tests/windows/Inlinee.cpp
5 | ---
6 | [ ] #include
7 | [ ]
8 | [ ] __declspec(dllexport) void test();
9 | [ ]
10 | [ ] int main()
11 | [✔] {
12 | [✔] std::cout << "Before\n";
13 | [✔] test();
14 | [✔] std::cout << "After\n";
15 | [✔] }
16 | [ ]
17 | [ ] __declspec(dllexport) void test() {
18 | [✔] std::cout << "Hello World!\n";
19 | [ ] }
20 |
21 |
--------------------------------------------------------------------------------
/src/agent/coverage/tests/windows/Inlinee.cpp:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | __declspec(dllexport) void test();
4 |
5 | int main()
6 | {
7 | std::cout << "Before\n";
8 | test();
9 | std::cout << "After\n";
10 | }
11 |
12 | __declspec(dllexport) void test() {
13 | std::cout << "Hello World!\n";
14 | }
15 |
--------------------------------------------------------------------------------
/src/agent/data/licenses.json:
--------------------------------------------------------------------------------
1 | []
--------------------------------------------------------------------------------
/src/agent/debuggable-module/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "debuggable-module"
3 | version = "0.1.0"
4 | edition = "2021"
5 | license = "MIT"
6 |
7 | [dependencies]
8 | anyhow = "1.0"
9 | elsa = "1.9.0"
10 | gimli = "0.28.0"
11 | goblin = "0.6"
12 | iced-x86 = "1.20"
13 | log = "0.4.17"
14 | pdb = "0.8.0"
15 | regex = "1.9"
16 | symbolic = { version = "12.3", features = [
17 | "debuginfo",
18 | "demangle",
19 | "symcache",
20 | ] }
21 | thiserror = "1.0"
22 |
23 | [dev-dependencies]
24 | clap = { version = "4.4", features = ["derive"] }
25 |
--------------------------------------------------------------------------------
/src/agent/debuggable-module/src/loader.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | use anyhow::Result;
5 |
6 | use crate::path::FilePath;
7 |
8 | #[derive(Default)]
9 | pub struct Loader {
10 | loaded: elsa::sync::FrozenMap>,
11 | }
12 |
13 | impl Loader {
14 | pub fn new() -> Self {
15 | Self::default()
16 | }
17 |
18 | pub fn load(&self, path: &FilePath) -> Result<&[u8]> {
19 | // Note: if we ever have this callable in parallel from
20 | // multiple threads, we should use some kind of
21 | // lock to prevent loading the same file multiple times.
22 |
23 | if let Some(data) = self.loaded.get(path) {
24 | return Ok(data);
25 | }
26 |
27 | let data: Box<[u8]> = std::fs::read(path)?.into();
28 | Ok(self.loaded.insert(path.clone(), data))
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/src/agent/debugger/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "debugger"
3 | version = "0.1.0"
4 | authors = ["fuzzing@microsoft.com"]
5 | edition = "2021"
6 | license = "MIT"
7 |
8 | [dependencies]
9 | anyhow = "1.0"
10 | fnv = "1.0"
11 | goblin = "0.6"
12 | iced-x86 = "1.20"
13 | log = "0.4"
14 | memmap2 = "0.7"
15 | rand = "0.8"
16 | serde = { version = "1.0", features = ["derive"] }
17 | win-util = { path = "../win-util" }
18 |
19 | [dependencies.windows]
20 | version = "0.48"
21 |
--------------------------------------------------------------------------------
/src/agent/debugger/src/lib.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | #![cfg(windows)]
5 | // Allow safe functions that take `HANDLE` arguments.
6 | //
7 | // Though they type alias raw pointers, they are opaque. In the future, we will
8 | // wrap them in a newtype. This will witness that they were obtained via win32
9 | // API calls or documented pseudohandle construction.
10 | #![allow(clippy::not_unsafe_ptr_arg_deref)]
11 |
12 | mod breakpoint;
13 | pub mod dbghelp;
14 | mod debug_event;
15 | mod debugger;
16 | mod module;
17 | pub mod stack;
18 | mod target;
19 |
20 | pub use self::{
21 | debug_event::DebugEvent,
22 | debugger::{BreakpointId, BreakpointType, DebugEventHandler, Debugger, ModuleLoadInfo},
23 | };
24 |
--------------------------------------------------------------------------------
/src/agent/dynamic-library/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "dynamic-library"
3 | version = "0.1.0"
4 | edition = "2021"
5 | license = "MIT"
6 |
7 | [dependencies]
8 | anyhow = "1.0"
9 | clap = { version = "4.4.2", features = ["derive"] }
10 | lazy_static = "1.4"
11 | regex = "1.9"
12 | thiserror = "1.0"
13 |
14 | [target.'cfg(windows)'.dependencies]
15 | debugger = { path = "../debugger" }
16 | winreg = "0.51"
17 |
18 | [dependencies.windows]
19 | version = "0.48"
20 |
21 | [[bin]]
22 | name = "dynamic-library"
23 |
--------------------------------------------------------------------------------
/src/agent/dynamic-library/src/lib.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | #[cfg(target_os = "linux")]
5 | pub mod linux;
6 |
7 | #[cfg(target_os = "windows")]
8 | pub mod windows;
9 |
--------------------------------------------------------------------------------
/src/agent/dynamic-library/src/linux/ldd_output_missing_0.txt:
--------------------------------------------------------------------------------
1 | linux-vdso.so.1 (0x00007ffd717b5000)
2 | libmycode.so => /my/project/libmycode.so.1 (0x00007ffd717b5000)
3 | libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f1c2ac27000)
4 | libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1c29e74000)
5 | /lib64/ld-linux-x86-64.so.2 (0x00007f1c2b1cf000)
6 |
--------------------------------------------------------------------------------
/src/agent/dynamic-library/src/linux/ldd_output_missing_1.txt:
--------------------------------------------------------------------------------
1 | linux-vdso.so.1 (0x00007ffd717b5000)
2 | libmycode.so => not found
3 | libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f1c2ac27000)
4 | libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1c29e74000)
5 | /lib64/ld-linux-x86-64.so.2 (0x00007f1c2b1cf000)
6 |
--------------------------------------------------------------------------------
/src/agent/dynamic-library/src/linux/ldd_output_missing_2.txt:
--------------------------------------------------------------------------------
1 | linux-vdso.so.1 (0x00007ffd717b5000)
2 | libmycode.so => not found
3 | libmyothercode.so => not found
4 | libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f1c2ac27000)
5 | libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1c29e74000)
6 | /lib64/ld-linux-x86-64.so.2 (0x00007f1c2b1cf000)
7 |
--------------------------------------------------------------------------------
/src/agent/input-tester/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "input-tester"
3 | version = "0.1.0"
4 | authors = ["fuzzing@microsoft.com"]
5 | edition = "2021"
6 | license = "MIT"
7 |
8 | [dependencies]
9 | anyhow = "1.0"
10 | atexit = { path = "../atexit" }
11 | debugger = { path = "../debugger" }
12 | fnv = "1.0"
13 | hex = "0.4"
14 | log = "0.4"
15 | num_cpus = "1.15"
16 | rayon = "1.8"
17 | sha2 = "0.10.2"
18 | win-util = { path = "../win-util" }
19 |
20 | [dependencies.windows]
21 | version = "0.48"
22 | features = [
23 | "Win32_System_SystemServices"
24 | ]
25 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "libclusterfuzz"
3 | version = "0.0.1"
4 | authors = ["fuzzing@microsoft.com>"]
5 | edition = "2021"
6 | license = "Apache-2.0"
7 | description = "Minimal porting of features from libclusterfuzz"
8 |
9 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
10 |
11 | [dependencies]
12 | anyhow = "1.0"
13 | regex = "1.9.1"
14 | lazy_static = "1.4"
15 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/README.md:
--------------------------------------------------------------------------------
1 | Please note, this is crate contains rust code generated from parsing python
2 | code from [clusterfuzz](https://github.com/google/clusterfuzz). All of the
3 | code from this project is labeled with Google's original copyright
4 | statements.
5 |
6 | However, any errors may be the result of a mistake in the code generation
7 | process. As such, please file the issues with
8 | [onefuzz](https://github.com/microsoft/onefuzz) first.
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/cgmanifest.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://json.schemastore.org/component-detection-manifest.json",
3 | "Registrations": [
4 | {
5 | "Component": {
6 | "Type": "git",
7 | "Git": {
8 | "RepositoryUrl": "https://github.com/google/clusterfuzz",
9 | "CommitHash": "d85aed776d120e6df26aa1cd0335fc7a53d76816"
10 | }
11 | }
12 | }
13 | ]
14 | }
15 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/parsed-traces/check_dir@golang_libfuzzer_panic.txt.snap:
--------------------------------------------------------------------------------
1 | ---
2 | source: stacktrace-parser/src/lib.rs
3 | expression: parsed
4 | input_file: libclusterfuzz/data/stack-traces/golang_libfuzzer_panic.txt
5 | ---
6 | {
7 | "text": "panic: parse //%B9%B9%B9%B9%B9%01%00%00%00%00%00%00%00%B9%B9%B9%B9%B9%B9%B9%B9%B9%B9%B9%B9%B9%B9%B9: invalid URL escape \"%01\"\n\ngoroutine 17 [running, locked to thread]:\ngithub.com/dvyukov/go-fuzz-corpus/url.Fuzz(0x6030001458a0, 0x20, 0x20, 0x10c0000c8ea0)\n /tmp/go-fuzz-build242808228/gopath/src/github.com/dvyukov/go-fuzz-corpus/url/main.go:24 +0x3d5\nmain.fuzzer_run(0x6030001458a0, 0x20, 0x20)\n /tmp/go-fuzz-build242808228/gopath/src/github.com/dvyukov/go-fuzz-corpus/url/go.fuzz.main/main.go:13 +0x41\nmain._cgoexpwrap_9bd49841752b_fuzzer_run(0x6030001458a0, 0x20, 0x20)\n _cgo_gotypes.go:45 +0x41\n==158476== ERROR: libFuzzer: deadly signal\n",
8 | "sanitizer": "libFuzzer",
9 | "summary": "libFuzzer: deadly signal",
10 | "fault_type": "deadly signal"
11 | }
12 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/parsed-traces/check_dir@sanitizer_signal_abrt.txt.snap:
--------------------------------------------------------------------------------
1 | ---
2 | source: stacktrace-parser/src/lib.rs
3 | expression: parsed
4 | input_file: libclusterfuzz/data/stack-traces/sanitizer_signal_abrt.txt
5 | ---
6 | {
7 | "text": "ASAN:SIGABRT\n==28640==ERROR: AddressSanitizer: ABRT (pc 0x7f8632666425 sp 0x7fff0cae8f08 bp 0x7fff0cae91d0 T0)\n #0 0x7f8632666424 (/lib/x86_64-linux-gnu/libc-2.15.so+0x36424)\n #1 0x7f8632669b8a (/lib/x86_64-linux-gnu/libc-2.15.so+0x39b8a)\n #2 0x42b11e (/tmp/coredump+0x42b11e)\n #3 0x7f863265176c (/lib/x86_64-linux-gnu/libc-2.15.so+0x2176c)\n #4 0x42ae7c (/tmp/coredump+0x42ae7c)\nAborted (core dumped)\n\n",
8 | "sanitizer": "AddressSanitizer",
9 | "summary": "AddressSanitizer: ABRT (pc 0x7f8632666425 sp 0x7fff0cae8f08 bp 0x7fff0cae91d0 T0)",
10 | "fault_type": "ABRT"
11 | }
12 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/parsed-traces/check_dir@unknown_module.txt.snap:
--------------------------------------------------------------------------------
1 | ---
2 | source: stacktrace-parser/src/lib.rs
3 | expression: parsed
4 | input_file: libclusterfuzz/data/stack-traces/unknown_module.txt
5 | ---
6 | {
7 | "text": "==3304==ERROR: AddressSanitizer: access-violation on unknown address 0x0ec3fdec (pc 0x0ec3fdec bp 0x00000000 sp 0x0ec3fde8 T16777215)\n[0624/081056:ERROR:client_util.cc(272)] Could not find exported function RelaunchChromeBrowserWithNewCommandLineIfNeeded\n #0 0xec3fdeb ()\n\nAddressSanitizer can not provide additional info.\nSUMMARY: AddressSanitizer: SEGV ()\n==3304==ABORTING\n",
8 | "sanitizer": "AddressSanitizer",
9 | "summary": "AddressSanitizer: SEGV ()",
10 | "fault_type": "SEGV"
11 | }
12 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/assert_failure_google.txt:
--------------------------------------------------------------------------------
1 | F0812 21:22:15.159294 61315 logging.cc:89] assert.h assertion failed at file/path.cc:380 in Foo: Blah.empty() && "Failure!"
2 | AddressSanitizer:DEADLYSIGNAL
3 | =================================================================
4 | ==61315==ERROR: AddressSanitizer: ABRT on unknown address 0x05390000ef83 (pc 0x7fd6607ef602 bp 0x7ffc9d927900 sp 0x7ffc9d9277d8 T0)
5 | SCARINESS: 10 (signal)
6 | #0 0x7fd6607ef601 in raise (/usr/grte/v4/lib64/libc.so.6+0xfffff)
7 | #1 0x7fd6607f131f in abort (/usr/grte/v4/lib64/libc.so.6+0xfffff)
8 | #12 0x561b33363be6 in Frame(int) file/path.cc:48:11
9 | #13 0x561b33360f41 in LLVMFuzzerTestOneInput file/path.cc:23:3
10 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/assert_in_drt_string.txt:
--------------------------------------------------------------------------------
1 | [30020:30020:0810/024340:317857911391:INFO:audio_manager_pulse.cc(258)] Failed to connect to the context. Error: Connection refused
2 | Xlib: extension "RANDR" missing on display ":1".
3 | #READY
4 | Xlib: extension "RANDR" missing on display ":1".
5 | Content-Type: text/plain
6 | ASSERT should not be triggered when type is changed in focus event.
7 | #EOF
8 | #EOF
9 | #EOF
10 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/cfi_invalid_vtable.txt:
--------------------------------------------------------------------------------
1 | test/cfi/simple-fail.cpp:103:4: runtime error: control flow integrity check for type 'B' failed during cast to unrelated type (vtable address 0x000000422710)
2 | 0x000000422710: note: invalid vtable
3 | ^
4 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/cfi_nodebug.txt:
--------------------------------------------------------------------------------
1 | Received signal 4 ILL_ILLOPN 7fdf1d27c590
2 | CFI: Most likely a control flow integrity violation; for more information see:
3 | https://www.chromium.org/developers/testing/control-flow-integrity
4 | #0 0x7fdf1ae337a8 in abc::def() /blah/blah.cc:111
5 | #1 0x7fdf14feb340 in foo() /blah/hello.cc:3
6 | #2 0xbeefbeefbeef in bar() /blah/hello.cc:5
7 | #3 133713371337ff in hack() /blah/hack.cc:55
8 | dx: 0000000000000529 ax: 0000000000001fe9 cx: 0000000000000017 sp: 00007fff77dd82d8
9 | ip: 00007fdf1d27c590 efl: 0000000000010202 cgf: ffff000000000033 erf: 0000000000000000
10 | [end of stack trace]
11 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/cfi_unrelated_vtable.txt:
--------------------------------------------------------------------------------
1 | test/cfi/simple-fail.cpp:103:4: runtime error: control flow integrity check for type 'B' failed during cast to unrelated type (vtable address 0x000000422710)
2 | 0x000000422710: note: vtable is of type 'A'
3 | 00 00 00 00 c0 c4 41 00 00 00 00 00 31 41 00 00 00 00 00 00 30 d0 ef 00 00 00 00 00 18 27 42 00
4 | ^
5 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/check_failure_chrome_android.txt:
--------------------------------------------------------------------------------
1 | ### ### ### ### ### ### ### ### ### ### ### ### ###
2 | Fatal signal 6 (SIGABRT), code -6 in tid 24061 (oid.apps.chrome)
3 | Detects a new minidump 10450b7b-4280-5e94-1777691c-05ff1236.dmp24061 send intent to MinidumpUploadService
4 | --------- DEBUG (22983):
5 | *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
6 | Build fingerprint: google/hammerhead/hammerhead:6.0/MRA59G/2457013:userdebug/dev-keys
7 | Revision: 0
8 | ABI: arm
9 | pid: 24061, tid: 24061, name: oid.apps.chrome >>> com.google.android.apps.chrome <<<
10 | signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
11 | Abort message: [FATAL:compositor_impl_android.cc(550)] Timed out waiting for GPU channel.
12 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/check_failure_chrome_android2.txt:
--------------------------------------------------------------------------------
1 | Fatal signal 6 (SIGABRT), code -6 in tid 21409 (CrRendererMain)
2 | --------- SELinux (198):
3 | SELinux: Loaded file_contexts contexts from /file_contexts.
4 | *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
5 | Build fingerprint: google/hammerhead/hammerhead:6.0/MRA59G/2457013:userdebug/dev-keys
6 | Revision: 0
7 | ABI: arm
8 | pid: 21395, tid: 21409, name: CrRendererMain >>> com.google.android.apps.chrome:sandboxed_process2 <<<
9 | signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
10 | Abort message: [FATAL:FrameView.cpp(1838)] Check failed: lifecycle().state() < DocumentLifecycle::LayoutClean.
11 | #0 0xa26fcd8b in logging::LogMessage::~LogMessage() base/logging.cc:532:29
12 | #1 0xa3c30597 in blink::FrameView::checkLayoutInvalidationIsAllowed() const third_party/WebKit/Source/core/frame/FrameView.cpp:1838:5
13 | #2 0xa3d1ca0b in blink::FrameView::setNeedsLayout() third_party/WebKit/Source/core/frame/FrameView.cpp:1929:5
14 | #3 0xa8d680f1 in blink::LayoutPart::updateWidgetGeometry() third_party/WebKit/Source/core/layout/LayoutPart.cpp:309:20
15 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/check_failure_google.txt:
--------------------------------------------------------------------------------
1 | F0813 00:29:27.775753 384244 file.cc:130] Check failed: std::is_sorted(foo.begin(), foo.end())
2 | AddressSanitizer:DEADLYSIGNAL
3 | =================================================================
4 | ==384244==ERROR: AddressSanitizer: ABRT on unknown address 0x05390005dcf4 (pc 0x7f91eacc0602 bp 0x7ffeddeee0c0 sp 0x7ffeddeedf98 T0)
5 | SCARINESS: 10 (signal)
6 | #0 0x7f91eacc0601 in raise (/usr/grte/v4/lib64/libc.so.6+0xfffff)
7 | #1 0x7f91eacc231f in abort (/usr/grte/v4/lib64/libc.so.6+0xfffff)
8 | #6 0x560e73b80fe2 in Frame(int) file/path.cc:130:3
9 | #8 0x560e73b7d819 in LLVMFuzzerTestOneInput file/path.cc:10:1
10 | AddressSanitizer can not provide additional info.
11 | SUMMARY: AddressSanitizer: ABRT (/usr/grte/v4/lib64/libc.so.6+0xfffff) in raise
12 | ==384244==ABORTING
13 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/check_failure_with_comparison.txt:
--------------------------------------------------------------------------------
1 | [5:5:0100/000000:FATAL:zygote_linux.cc(449)] Check failed: len > 0 (-1 vs. 0)
2 | [1:1:0100/000000:FATAL:zygote_linux.cc(420)] Failed to synchronise with parent zygote process
3 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/check_failure_with_comparison2.txt:
--------------------------------------------------------------------------------
1 | [1:1:0412/075451.163515:FATAL:compositing_layer_property_updater.cc(57)] Check failed: layout_snapped_paint_offset == snapped_paint_offset ("9,134.016" vs. "9,134")"LayoutHTMLCanvas CANVAS id='htmlvar00020'"
2 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/gdb_sigtrap.txt:
--------------------------------------------------------------------------------
1 | 0x0000000000000ac8 in __aeabi_memcpy ()
2 |
3 | Program received signal SIGTRAP, Trace/breakpoint trap.
4 | 0x0000000000000ac8 in __aeabi_memcpy ()
5 | #0 0x0000000000000ac8 in __aeabi_memcpy ()
6 | #1 0x00000000000007d8 in memcpy ()
7 | #2 0x000000000000cdc0 in xymodem_trnasfer (target_addr=0x2022000, max_sz=, prot_type=1) at usbdev/protocol_xymodem.c:362
8 | #3 0x0000000000002060 in LoadImageFromUsb30 (uTargetAddr=, uSizeLimit=, req_type=3239010) at usbdev/usbdev_api.c:267
9 | #4 0x0000000000001fec in LoadBL1FromUsb30 () at usbdev/usbdev_api.c:225
10 | #5 0x0000000000004514 in Main () at boot/main.c:94
11 | #6 0x0000000000000044 in GPIO_SetPudBits (SFR_Address=, base=, mask=, value=) at gpio/gpio.c:38
12 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/generic_segv.txt:
--------------------------------------------------------------------------------
1 | Warning: unknown flag --harmony-templates.
2 | Try --help for options
3 | Received signal 11 SEGV_MAPERR 7f6b0c580000
4 | ==== C stack trace ===============================
5 | [0x7f6b13882bf1]
6 | [0x7f6b137dadb5]
7 | [0x7f6b0d5c2340]
8 | [0x7f69a09750a9]
9 | [end of stack trace]
10 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/golang_generic_fatal_error_and_asan_abrt.txt:
--------------------------------------------------------------------------------
1 | fatal error: error message here
2 |
3 | goroutine 17 [running, locked to thread]:
4 | encoding/json.(*decodeState).unquoteBytes(0x10c000096420, 0x10c00001c568, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0)
5 | /src/go/src/encoding/json/decode.go:1264 +0xb3b
6 | main.LLVMFuzzerTestOneInput(0x6050000001d0, 0xa, 0x9b1ad0)
7 | github.com/dvyukov/go-fuzz-corpus/json/go.fuzz.main/main.go:35 +0x66
8 | main._cgoexpwrap_e34c4d0cdb90_LLVMFuzzerTestOneInput(0x6050000001d0, 0xa, 0x2758b0)
9 | _cgo_gotypes.go:64 +0x37
10 | AddressSanitizer:DEADLYSIGNAL
11 | =================================================================
12 | ==1==ERROR: AddressSanitizer: ABRT on unknown address 0x000000000001 (pc 0x0000005c1a81 bp 0x10c0000bd628 sp 0x10c0000bd610 T0)
13 | SCARINESS: 10 (signal)
14 | #0 0x5c1a80 in runtime.raise runtime/sys_linux_amd64.s:149
15 | AddressSanitizer can not provide additional info.
16 | SUMMARY: AddressSanitizer: ABRT (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_golang_d17eb352b38c4d62fce2871b0afb04af926c5e25/revisions/fuzzer-json+0x5c1a80)
17 | ==1==ABORTING
18 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/golang_generic_panic_and_asan_abrt.txt:
--------------------------------------------------------------------------------
1 | panic: error message here
2 |
3 | goroutine 17 [running, locked to thread]:
4 | encoding/json.(*decodeState).unquoteBytes(0x10c000096420, 0x10c00001c568, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0)
5 | /src/go/src/encoding/json/decode.go:1264 +0xb3b
6 | main.LLVMFuzzerTestOneInput(0x6050000001d0, 0xa, 0x9b1ad0)
7 | github.com/dvyukov/go-fuzz-corpus/json/go.fuzz.main/main.go:35 +0x66
8 | main._cgoexpwrap_e34c4d0cdb90_LLVMFuzzerTestOneInput(0x6050000001d0, 0xa, 0x2758b0)
9 | _cgo_gotypes.go:64 +0x37
10 | AddressSanitizer:DEADLYSIGNAL
11 | =================================================================
12 | ==1==ERROR: AddressSanitizer: ABRT on unknown address 0x000000000001 (pc 0x0000005c1a81 bp 0x10c0000bd628 sp 0x10c0000bd610 T0)
13 | SCARINESS: 10 (signal)
14 | #0 0x5c1a80 in runtime.raise runtime/sys_linux_amd64.s:149
15 | AddressSanitizer can not provide additional info.
16 | SUMMARY: AddressSanitizer: ABRT (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_golang_d17eb352b38c4d62fce2871b0afb04af926c5e25/revisions/fuzzer-json+0x5c1a80)
17 | ==1==ABORTING
18 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/golang_libfuzzer_panic.txt:
--------------------------------------------------------------------------------
1 | panic: parse //%B9%B9%B9%B9%B9%01%00%00%00%00%00%00%00%B9%B9%B9%B9%B9%B9%B9%B9%B9%B9%B9%B9%B9%B9%B9: invalid URL escape "%01"
2 |
3 | goroutine 17 [running, locked to thread]:
4 | github.com/dvyukov/go-fuzz-corpus/url.Fuzz(0x6030001458a0, 0x20, 0x20, 0x10c0000c8ea0)
5 | /tmp/go-fuzz-build242808228/gopath/src/github.com/dvyukov/go-fuzz-corpus/url/main.go:24 +0x3d5
6 | main.fuzzer_run(0x6030001458a0, 0x20, 0x20)
7 | /tmp/go-fuzz-build242808228/gopath/src/github.com/dvyukov/go-fuzz-corpus/url/go.fuzz.main/main.go:13 +0x41
8 | main._cgoexpwrap_9bd49841752b_fuzzer_run(0x6030001458a0, 0x20, 0x20)
9 | _cgo_gotypes.go:45 +0x41
10 | ==158476== ERROR: libFuzzer: deadly signal
11 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/golang_new_crash_type_and_asan_abrt.txt:
--------------------------------------------------------------------------------
1 | unknown error: error message here
2 |
3 | goroutine 17 [running, locked to thread]:
4 | encoding/json.(*decodeState).unquoteBytes(0x10c000096420, 0x10c00001c568, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0)
5 | /src/go/src/encoding/json/decode.go:1264 +0xb3b
6 | main.LLVMFuzzerTestOneInput(0x6050000001d0, 0xa, 0x9b1ad0)
7 | github.com/dvyukov/go-fuzz-corpus/json/go.fuzz.main/main.go:35 +0x66
8 | main._cgoexpwrap_e34c4d0cdb90_LLVMFuzzerTestOneInput(0x6050000001d0, 0xa, 0x2758b0)
9 | _cgo_gotypes.go:64 +0x37
10 | AddressSanitizer:DEADLYSIGNAL
11 | =================================================================
12 | ==1==ERROR: AddressSanitizer: ABRT on unknown address 0x000000000001 (pc 0x0000005c1a81 bp 0x10c0000bd628 sp 0x10c0000bd610 T0)
13 | SCARINESS: 10 (signal)
14 | #0 0x5c1a80 in runtime.raise runtime/sys_linux_amd64.s:149
15 | AddressSanitizer can not provide additional info.
16 | SUMMARY: AddressSanitizer: ABRT (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_golang_d17eb352b38c4d62fce2871b0afb04af926c5e25/revisions/fuzzer-json+0x5c1a80)
17 | ==1==ABORTING
18 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/golang_panic_runtime_error_integer_divide_by_zero.txt:
--------------------------------------------------------------------------------
1 | panic: runtime error: integer divide by zero
2 |
3 | goroutine 40 [running]:
4 | github.com/d2r2/go-bsbmp.(*SensorBMP180).ReadPressureMult10Pa(0x2502020, 0x2500080, 0x3, 0x4087becc, 0xc0000000, 0x4087becc)
5 | /home/pi/go/src/github.com/d2r2/go-bsbmp/bmp180.go:340 +0xfa4
6 | github.com/d2r2/go-bsbmp.(*BMP).ReadAltitude(0x2500090, 0x3, 0x4087becc, 0x1, 0x4b2038)
7 | /home/pi/go/src/github.com/d2r2/go-bsbmp/bmp.go:213 +0x38
8 | main.main.func3(0x2500090)
9 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/golang_panic_runtime_error_makeslice_len_out_of_range.txt:
--------------------------------------------------------------------------------
1 | panic: runtime error: makeslice: len out of range
2 |
3 | goroutine 1 [running]:
4 | panic(0x85d9e0, 0xc849858ed0)
5 | /usr/lib/go/src/runtime/panic.go:464 +0x3e6
6 | cmd/compile/internal/gc.newliveness(0xc82082ee10, 0xc82b6e4240, 0xc8505aa000, 0x35a64, 0x3a000, 0xc8497de000, 0xd398, 0xf000, 0x4130239190186200)
7 | /usr/lib/go/src/cmd/compile/internal/gc/plive.go:687 +0x161
8 | cmd/compile/internal/gc.liveness(0xc82082ee10, 0xc82b6e4240, 0xc82d2c3e80, 0xc82d2c3f00)
9 | /usr/lib/go/src/cmd/compile/internal/gc/plive.go:1782 +0x2cf
10 | cmd/compile/internal/gc.compile(0xc82082ee10)
11 | /usr/lib/go/src/cmd/compile/internal/gc/pgen.go:541 +0xdf2
12 | cmd/compile/internal/gc.funccompile(0xc82082ee10)
13 | /usr/lib/go/src/cmd/compile/internal/gc/dcl.go:1450 +0x1c0
14 | cmd/compile/internal/gc.Main()
15 | /usr/lib/go/src/cmd/compile/internal/gc/lex.go:476 +0x2205
16 | cmd/compile/internal/amd64.Main()
17 | /usr/lib/go/src/cmd/compile/internal/amd64/galign.go:127 +0x58d
18 | main.main()
19 | /usr/lib/go/src/cmd/compile/main.go:33 +0x395
20 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/golang_sigsegv_panic.txt:
--------------------------------------------------------------------------------
1 | root@943ca8071e8b:/out# ./fuzzer-bzip2
2 | panic: runtime error: invalid memory address or nil pointer dereference
3 | [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x5da137]
4 |
5 | goroutine 1 [running]:
6 | math.glob..func1(0x5da117)
7 | /src/go/src/math/exp_asm.go:11 +0x7
8 | math.init.ializers()
9 | /src/go/src/math/exp_asm.go:11 +0x3f
10 | Aborted
11 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/hwasan_tag_mismatch.txt:
--------------------------------------------------------------------------------
1 | ==872==ERROR: HWAddressSanitizer: tag-mismatch on address 0x0040e1287be0 at pc 0x007618899e7c
2 | READ of size 8 at 0x0040e1287be0 tags: 0f/47 (ptr/mem) in thread T31
3 | #0 0x7618899e78 frame1
4 | #1 0x761889ddb8 frame2
5 | #2 0x7618896a00 frame3
6 |
7 | [0x0040e1287b80,0x0040e1287c00) is a small unallocated heap chunk; size: 128 offset: 96
8 | 0x0040e1287be0 is located 96 bytes inside of 112-byte region [0x0040e1287b80,0x0040e1287bf0)
9 | freed by thread T0 here:
10 | #0 0x761a68a9dc frame4
11 | #1 0x7618897814 frame5
12 | #2 0x7618899150 frame6
13 |
14 | previously allocated here:
15 | #0 0x761a68a7ac frame7
16 | #1 0x7618898aec frame8
17 | #2 0x7618898770 frame9
18 | #3 0x76188917a0 frame10
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/ignore_asan_warning.txt:
--------------------------------------------------------------------------------
1 | E: clusterfuzz: Failed to lock chroot: /var/lib/schroot/session/clusterfuzz: Failed to write session file: File exists
2 | ==16763==WARNING: AddressSanitizer failed to allocate 0xffffffff bytes
3 | /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/fuzz-00919.js:4: RangeError: Invalid array buffer length
4 | var __v_4 = new ArrayBuffer(byteLength);
5 | ^
6 |
7 |
8 | #
9 | # Fatal error in ../../src/objects-inl.h, line 3061
10 | # Check failed: !v8::internal::FLAG_enable_slow_asserts || (object->IsAccessCheckInfo()).
11 | #
12 |
13 | ==== C stack trace ===============================
14 |
15 | 1: 0xb2b5b14
16 | 2: 0xb2b6142
17 | 3: 0x9543acd
18 | 4: 0x9545ce5
19 | 5: 0x977a2fb
20 | 6: 0x98973ef
21 | 7: 0x9f9bca2
22 | 8: 0x82cccf8
23 | 9: 0x82ce064
24 | 10: 0x812fab0
25 | 11: 0x815df3d
26 | 12: 0x8195d8d
27 | 13: 0xb2cd849
28 | 14: 0x810d1b4
29 | 15: 0x80e3b8b
30 | 16: 0xf7246d78
31 | 17: clone
32 | E: Child terminated by signal ‘Illegal instruction’
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/log_fatal_google.txt:
--------------------------------------------------------------------------------
1 | F0812 20:32:32.874783 47273 file.h:195] Log fatal.
2 | AddressSanitizer:DEADLYSIGNAL
3 | =================================================================
4 | ==47273==ERROR: AddressSanitizer: ABRT on unknown address 0x05390000b8a9 (pc 0x7fb149fee602 bp 0x7ffe9a107800 sp 0x7ffe9a1076d8 T0)
5 | SCARINESS: 10 (signal)
6 | #0 0x7fd6607ef601 in raise (/usr/grte/v4/lib64/libc.so.6+0xfffff)
7 | #1 0x7fd6607f131f in abort (/usr/grte/v4/lib64/libc.so.6+0xfffff)
8 | #10 0x5585f338030f in Frame(int) file/path.cc:87:9
9 | #11 0x5585f33815b2 in LLVMFuzzerTestOneInput file/path.cc:98:1
10 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/lsan_single_frame_stacks.txt:
--------------------------------------------------------------------------------
1 | -----------------------------------------------------
2 | Suppressions used:
3 | count bytes template
4 | 581 16883 libfontconfig
5 | -----------------------------------------------------
6 |
7 | =================================================================
8 | ==31049==ERROR: LeakSanitizer: detected memory leaks
9 | Direct leak of 1 byte(s) in 1 object(s) allocated from:
10 | #0 0x7f1d1174876b in f(unsigned long) /usr/include/blah.h:88
11 |
12 | Direct leak of 1 byte(s) in 1 object(s) allocated from:
13 | #0 0x7f1d1174876c in g(unsigned long) /usr/include/blah.h:89
14 |
15 | SUMMARY: AddressSanitizer: 2 byte(s) leaked in 2 allocation(s).
16 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/missing_library_android.txt:
--------------------------------------------------------------------------------
1 | CANNOT LINK EXECUTABLE "/build/vts_proto_fuzzer": library "libvts_codecoverage.so" not found
2 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/missing_library_linux.txt:
--------------------------------------------------------------------------------
1 | ./test: error while loading shared libraries: libtest.so.1: cannot open shared object file: No such file or directory
2 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/sanitizer_signal_abrt.txt:
--------------------------------------------------------------------------------
1 | ASAN:SIGABRT
2 | ==28640==ERROR: AddressSanitizer: ABRT (pc 0x7f8632666425 sp 0x7fff0cae8f08 bp 0x7fff0cae91d0 T0)
3 | #0 0x7f8632666424 (/lib/x86_64-linux-gnu/libc-2.15.so+0x36424)
4 | #1 0x7f8632669b8a (/lib/x86_64-linux-gnu/libc-2.15.so+0x39b8a)
5 | #2 0x42b11e (/tmp/coredump+0x42b11e)
6 | #3 0x7f863265176c (/lib/x86_64-linux-gnu/libc-2.15.so+0x2176c)
7 | #4 0x42ae7c (/tmp/coredump+0x42ae7c)
8 | Aborted (core dumped)
9 |
10 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/sanitizer_signal_abrt_unknown.txt:
--------------------------------------------------------------------------------
1 | ERROR: AddressSanitizer: ABRT on unknown address 0x000000000001 (pc 0x7f24b70be418 bp 0x0000005b6a80 sp 0x7ffe58419768 T0)
2 | SCARINESS: 10 (signal)
3 | #0 0x7f24b70be417 in gsignal
4 | #1 0x7f24b70c0019 in abort
5 | #2 0x7f24b70b6bd6 in libc.so.6
6 | #3 0x7f24b70b6c81 in __assert_fail
7 | #4 0x512b27 in LLVMFuzzerTestOneInput
8 | /src/json/test/src/fuzzer-parse_msgpack.cpp:45:13
9 | #5 0x5122e3 in main /src/libfuzzer/afl/afl_driver.cpp:287:7
10 | #6 0x7f24b70a982f in __libc_start_main
11 | #7 0x41b588 in _start
12 |
13 | AddressSanitizer can not provide additional info.
14 | SUMMARY: AddressSanitizer: ABRT (/lib/x86_64-linux-gnu/libc.so.6+0x35417)
15 | ==1==ABORTING
16 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/ubsan_unknown_logs_error.txt:
--------------------------------------------------------------------------------
1 | Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-1ecd3fd5c9ee4c8545301c3dd5ddc333dbe7360c
2 | ../../third_party/freetype/src/src/cff/cffload.c:2060:51: runtime error: unsupported ubsan error that needs a new signature
3 | #0 0x564ca63e03d4 in a ../../file:1234:1
4 | #1 0x564ca63de001 in b ../../file:1234:1
5 | #2 0x564ca63d2426 in c ../../file:1234:1
6 | SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../file:1234:1
7 | Executed /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-1ecd3fd5c9ee4c8545301c3dd5ddc333dbe7360c in 1 ms
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/unknown_module.txt:
--------------------------------------------------------------------------------
1 | ==3304==ERROR: AddressSanitizer: access-violation on unknown address 0x0ec3fdec (pc 0x0ec3fdec bp 0x00000000 sp 0x0ec3fde8 T16777215)
2 | [0624/081056:ERROR:client_util.cc(272)] Could not find exported function RelaunchChromeBrowserWithNewCommandLineIfNeeded
3 | #0 0xec3fdeb ()
4 |
5 | AddressSanitizer can not provide additional info.
6 | SUMMARY: AddressSanitizer: SEGV ()
7 | ==3304==ABORTING
8 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/v8_check.txt:
--------------------------------------------------------------------------------
1 | #
2 | # Fatal error in ../../src/heap/mark-compact.h, line 54
3 | # Check failed: !IsImpossible(mark_bit).
4 | #
5 |
6 | ==== C stack trace ===============================
7 |
8 | 1: 0xb29b0f4
9 | 2: 0xb29b722
10 | 3: 0x8efa09d
11 | 4: 0x8e6592c
12 | 5: 0x87d84a9
13 | 6: 0x8835c19
14 | 7: 0x9f048dc
15 | 8: 0xa70a1bc
16 | 9: 0xa6ffa2c
17 | 10: 0xa7279c8
18 | 11: 0xa727de0
19 | 12: 0xa729b5f
20 | 13: 0x8abff10
21 | 14: 0x8ab8e14
22 | 15: 0x81c0f08
23 | 16: 0x8226891
24 | 17: 0x812f610
25 | 18: 0x81580df
26 | 19: 0x81627fe
27 | 20: 0x8164309
28 | 21: __libc_start_main
29 | 22: 0x806081a
30 | E: Child terminated by signal ‘Illegal instruction’
31 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/v8_check_eq.txt:
--------------------------------------------------------------------------------
1 | #
2 | # Fatal error in ../../v8/src/compiler/verifier.cc, line 394
3 | # Check failed: a == b (2 vs. 3).
4 | #
5 |
6 | ==== C stack trace ===============================
7 |
8 | 1: 0x7f4843814746
9 | 2: 0x7f4843814d6b
10 | 3: 0x7f4841e7fb22
11 | 4: 0x7f4841e84a9c
12 | 5: 0x7f4841cfa3c9
13 | 6: 0x7f4841cfbc1f
14 | 7: 0x7f4841ea52dd
15 | 8: 0x7f4841eb26d7
16 | 9: 0x7f4841eb4bd2
17 | 10: 0x7f4841eb089b
18 | 11: 0x7f4842f25943
19 | 12: 0x7f46d0409afb
20 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/v8_check_windows.txt:
--------------------------------------------------------------------------------
1 | #
2 | # Fatal error in ..\..\v8\src\objects-debug.cc, line 1234
3 | # Check failed: !field_type->NowStable().
4 | #
5 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/v8_correctness_failure.txt:
--------------------------------------------------------------------------------
1 | #
2 | # V8 correctness failure
3 | # V8 correctness configs: x64,fullcode:x64,ignition_staging
4 | # V8 correctness sources: deadbeef,beefdead,abcd1234
5 | # V8 correctness suppression: crbug.com/123456
6 |
7 |
8 | More text
9 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/v8_fatal_error_no_check.txt:
--------------------------------------------------------------------------------
1 | #
2 | # Fatal error in v8::HandleScope::CreateHandle()
3 | # Cannot create a handle without a HandleScope
4 | #
5 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/v8_fatal_error_partial.txt:
--------------------------------------------------------------------------------
1 | #
2 | # Fatal error in ../../src/objects-inl.h, line 2244
3 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/v8_oom.txt:
--------------------------------------------------------------------------------
1 | #
2 | # Fatal error in CALL_AND_RETRY_LAST
3 | # Allocation failed - JavaScript heap out of memory
4 | #
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/v8_representation_changer_error.txt:
--------------------------------------------------------------------------------
1 | #
2 | # Fatal error in ../../v8/src/compiler/representation-change.cc, line 517
3 | # RepresentationChangerError: node #81:Int64Constant of kRepWord64 (Internal) cannot be changed to kRepTagged
4 | #
5 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/v8_runtime_error.txt:
--------------------------------------------------------------------------------
1 | #
2 | # Runtime error in ../../src/runtime/runtime-test.cc, line 87
3 | #
4 | # args[0]->IsJSFunction()
5 |
6 | ==== C stack trace ===============================
7 |
8 | 1: 0x34cdfb0
9 | 2: 0x34ce63d
10 | 3: 0x332661a
11 | 4: 0x3325b71
12 | 5: 0x7f7256306187
13 | Caught: illegal access
14 | Caught: ReferenceError: debug is not defined
15 | Caught: ReferenceError: foo is not defined
16 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/v8_unimplemented_code.txt:
--------------------------------------------------------------------------------
1 | Caught: ReferenceError: debug is not defined
2 | Caught: ReferenceError: Debug is not defined
3 |
4 |
5 | #
6 | # Fatal error in ../../src/arm/simulator-arm.cc, line 3715
7 | # unimplemented code
8 | #
9 |
10 | ==== C stack trace ===============================
11 |
12 | 1: 0xb27abe4
13 | 2: 0xb27b212
14 | 3: 0xa706089
15 | 4: 0xa6ed7c3
16 | 5: 0xa7157b8
17 | 6: 0xa715bd0
18 | 7: 0xa71794f
19 | 8: 0x8ac1900
20 | 9: 0x8aba804
21 | 10: 0x81c1fc8
22 | 11: 0x8226821
23 | 12: 0x812f5a0
24 | 13: 0x815780f
25 | 14: 0x816227e
26 | 15: 0x816463f
27 | 16: __libc_start_main
28 | 17: 0x80607aa
29 | E: Child terminated by signal ‘Illegal instruction’
30 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/v8_unknown_fatal_error.txt:
--------------------------------------------------------------------------------
1 | #
2 | # Fatal error in ../../src/arm/simulator-arm.cc, line 3715
3 | # something that isn't supported yet
4 | #
5 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/data/stack-traces/v8_unreachable_code.txt:
--------------------------------------------------------------------------------
1 | #
2 | # Fatal error in ../../v8/src/compiler/typer.cc, line 1626
3 | # unreachable code
4 | #
5 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/third-party/crash_analysis/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/microsoft/onefuzz/82fffbe8adc047f055cb4fddcae17e9e1244423e/src/agent/libclusterfuzz/third-party/crash_analysis/__init__.py
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/third-party/crash_analysis/stack_parsing.py:
--------------------------------------------------------------------------------
1 | # this is a stubbed out class to enable us to load `constants.py` during code
2 | # generation.
3 |
4 | class stack_parser:
5 | def StackFrameSpec(*args, **kwargs):
6 | pass
7 |
--------------------------------------------------------------------------------
/src/agent/libclusterfuzz/third-party/update.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Copyright (c) Microsoft Corporation.
4 | # Licensed under the MIT License.
5 | #
6 |
7 | set -ex
8 |
9 |
10 | cd $(dirname "$(readlink -f "$0")")
11 | git clone --depth 1 https://github.com/google/clusterfuzz clusterfuzz-src
12 | mv clusterfuzz-src/src/python/lib/clusterfuzz/stacktraces/constants.py .
13 | mkdir -p ../data/stack-traces
14 | cp clusterfuzz-src/src/python/tests/core/crash_analysis/stack_parsing/stack_analyzer_data/*.txt ../data/stack-traces/
15 | chmod -x ../data/stack-traces/*.txt
16 | python build.py
17 | rm -rf constants.py __pycache__ */__pycache__ clusterfuzz-src
18 | (cd ../; cargo fmt)
19 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-agent/.gitignore:
--------------------------------------------------------------------------------
1 | /target
2 | Cargo.lock
3 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-agent/src/coordinator/double.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | use super::*;
5 |
6 | #[derive(Debug, Default)]
7 | pub struct CoordinatorDouble {
8 | pub commands: Arc>>,
9 | pub events: Arc>>,
10 | }
11 |
12 | #[async_trait]
13 | impl ICoordinator for CoordinatorDouble {
14 | async fn poll_commands(&mut self) -> Result, PollCommandError> {
15 | let mut commands = self.commands.write().await;
16 | Ok(commands.pop())
17 | }
18 |
19 | async fn emit_event(&self, event: NodeEvent) -> Result<()> {
20 | let mut events = self.events.write().await;
21 | events.push(event);
22 | Ok(())
23 | }
24 |
25 | async fn can_schedule(&self, _work: &WorkSet) -> Result {
26 | Ok(CanSchedule {
27 | allowed: true,
28 | work_stopped: true,
29 | reason: None,
30 | })
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-agent/src/done.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | use std::fs::metadata;
5 | use std::path::PathBuf;
6 |
7 | use anyhow::{Context, Result};
8 | use onefuzz::fs::onefuzz_root;
9 | use tokio::fs;
10 | use uuid::Uuid;
11 |
12 | pub async fn set_done_lock(machine_id: Uuid) -> Result<()> {
13 | let path = done_path(machine_id)?;
14 | fs::write(&path, "")
15 | .await
16 | .with_context(|| format!("unable to write done lock: {}", path.display()))?;
17 | Ok(())
18 | }
19 |
20 | pub fn remove_done_lock(machine_id: Uuid) -> Result<()> {
21 | let path = done_path(machine_id)?;
22 | if path.exists() {
23 | std::fs::remove_file(&path)
24 | .with_context(|| format!("unable to remove done lock: {}", path.display()))?;
25 | }
26 |
27 | Ok(())
28 | }
29 |
30 | pub fn is_agent_done(machine_id: Uuid) -> Result {
31 | Ok(metadata(done_path(machine_id)?).is_ok())
32 | }
33 |
34 | pub fn done_path(machine_id: Uuid) -> Result {
35 | Ok(onefuzz_root()?.join(format!("supervisor-is-done-{machine_id}")))
36 | }
37 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-agent/src/panic.rs:
--------------------------------------------------------------------------------
1 | use crate::failure::save_failure;
2 | use backtrace::Backtrace;
3 | use std::{panic, sync::Once};
4 |
5 | fn panic_hook(info: &panic::PanicInfo<'_>) {
6 | let err = anyhow!("supervisor panicked: {}\n{:?}", info, Backtrace::new());
7 | if let Err(err) = save_failure(&err, uuid::Uuid::nil()) {
8 | error!("unable to write panic log: {:?}", err);
9 | }
10 | }
11 |
12 | pub fn set_panic_handler() {
13 | static SET_HOOK: Once = Once::new();
14 | SET_HOOK.call_once(move || {
15 | let old_hook = panic::take_hook();
16 | panic::set_hook(Box::new(move |info| {
17 | panic_hook(info);
18 | old_hook(info);
19 | }));
20 | });
21 | }
22 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-agent/src/setup/double.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | use std::sync::Arc;
5 |
6 | use tokio::sync::RwLock;
7 |
8 | use super::*;
9 |
10 | #[derive(Clone, Debug, Default)]
11 | pub struct SetupRunnerDouble {
12 | pub ran: Arc>>,
13 | pub script: SetupOutput,
14 | pub error_message: Option,
15 | }
16 |
17 | #[async_trait]
18 | impl ISetupRunner for SetupRunnerDouble {
19 | async fn run(&self, work_set: &WorkSet) -> Result {
20 | let mut ran = self.ran.write().await;
21 | ran.push(work_set.clone());
22 | if let Some(error) = self.error_message.clone() {
23 | anyhow::bail!(error);
24 | }
25 | Ok(self.script.clone())
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-agent/src/work/double.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | use super::*;
5 |
6 | #[derive(Default)]
7 | pub struct WorkQueueDouble {
8 | pub available: Vec,
9 | pub claimed: Vec,
10 | }
11 |
12 | #[async_trait]
13 | impl IWorkQueue for WorkQueueDouble {
14 | async fn poll(&mut self) -> Result> {
15 | Ok(self.available.pop())
16 | }
17 |
18 | async fn claim(&mut self, message: Message) -> Result {
19 | let work_set = message.work_set.clone();
20 | self.claimed.push(message);
21 | Ok(work_set)
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-file-format/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "onefuzz-file-format"
3 | version = "0.1.0"
4 | edition = "2021"
5 | license = "MIT"
6 |
7 | [dependencies]
8 | anyhow = "1.0"
9 | coverage = { path = "../coverage" }
10 | debuggable-module = { path = "../debuggable-module" }
11 | quick-xml = "0.30"
12 | serde = { version = "1.0", features = ["derive"] }
13 | serde_json = { version = "1.0", features = ["preserve_order"] }
14 |
15 | [dev-dependencies]
16 | pretty_assertions = "1.4"
17 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-file-format/src/coverage.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | pub mod binary;
5 | pub mod source;
6 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-file-format/src/hex.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | use serde::{Deserialize, Deserializer, Serialize, Serializer};
5 |
6 | #[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
7 | pub struct Hex(#[serde(with = "self")] pub u64);
8 |
9 | pub fn serialize(val: &u64, serializer: S) -> Result
10 | where
11 | S: Serializer,
12 | {
13 | let s = format!("{val:x}");
14 | serializer.serialize_str(&s)
15 | }
16 |
17 | pub fn deserialize<'de, D>(deserializer: D) -> Result
18 | where
19 | D: Deserializer<'de>,
20 | {
21 | let s = String::deserialize(deserializer)?;
22 | u64::from_str_radix(&s, 16).map_err(serde::de::Error::custom)
23 | }
24 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-file-format/src/lib.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | #[macro_use]
5 | extern crate serde;
6 |
7 | pub mod coverage;
8 | mod hex;
9 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-file-format/test-data/fuzz.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 |
5 | #include "fuzz.h"
6 |
7 | int LLVMFuzzerTestOneInput(uint8_t *data, size_t len) {
8 | if (len < 4) { return 0; }
9 |
10 | int hit = 0;
11 |
12 | // Multiple statements per line.
13 | if (data[0] == 'b') { hit++; }
14 |
15 | // One statement per line.
16 | if (data[1] == 'a') {
17 | hit++;
18 | }
19 |
20 | // Access separate from comparison.
21 | char c = data[2];
22 | if (c == 'd') {
23 | hit++;
24 | }
25 |
26 | // Switch.
27 | switch (data[3]) {
28 | case '!': {
29 | hit++;
30 | break;
31 | }
32 | default: {
33 | // Do nothing.
34 | }
35 | }
36 |
37 | if (len > 4 && data[4] == '!') {
38 | // Also used in `check_hit_count()`.
39 | explode();
40 | }
41 |
42 | check_hit_count(hit);
43 |
44 | return 0;
45 | }
46 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-file-format/test-data/fuzz.h:
--------------------------------------------------------------------------------
1 | #include "lib/explode.h"
2 |
3 | void check_hit_count(int hit) {
4 | if (hit > 3) {
5 | explode();
6 | }
7 | }
8 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-file-format/test-data/lib/explode.h:
--------------------------------------------------------------------------------
1 | void explode() {
2 | int *ptr = (int *) 0xdead;
3 | *ptr = 0x123;
4 | }
5 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-file-format/test-script/generate-report.ps1:
--------------------------------------------------------------------------------
1 | cargo run --example cobertura > coverage.xml
2 |
3 | # To install:
4 | #
5 | # dotnet tool install --global dotnet-reportgenerator-globaltool --version 4.6.1
6 | #
7 | reportgenerator.exe -sourcedirs:test-data -reports:coverage.xml -targetdir:reports -reporttypes:HtmlInline_AzurePipelines
8 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-file-format/test-script/generate-report.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | set -ex -o pipefail
3 |
4 | cargo run --example cobertura > coverage.xml
5 |
6 | # To install:
7 | #
8 | # dotnet tool install --global dotnet-reportgenerator-globaltool --version 4.6.1
9 | #
10 | reportgenerator -sourcedirs:test-data -reports:coverage.xml -targetdir:reports -reporttypes:HtmlInline_AzurePipelines
11 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-file-format/tests/files/binary-coverage.v0.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "module": "/setup/main.exe",
4 | "blocks": [
5 | {
6 | "offset": 1,
7 | "count": 0
8 | },
9 | {
10 | "offset": 300,
11 | "count": 1
12 | },
13 | {
14 | "offset": 5000,
15 | "count": 0
16 | }
17 | ]
18 | },
19 | {
20 | "module": "/setup/lib/some.dll",
21 | "blocks": [
22 | {
23 | "offset": 123,
24 | "count": 0
25 | },
26 | {
27 | "offset": 456,
28 | "count": 10
29 | }
30 | ]
31 | }
32 | ]
33 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-file-format/tests/files/binary-coverage.v1.json:
--------------------------------------------------------------------------------
1 | {
2 | "version": "1.0",
3 | "coverage": {
4 | "/setup/main.exe": {
5 | "blocks": {
6 | "1": 0,
7 | "12c": 1,
8 | "1388": 0
9 | }
10 | },
11 | "/setup/lib/some.dll": {
12 | "blocks": {
13 | "7b": 0,
14 | "1c8": 10
15 | }
16 | }
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-file-format/tests/files/source-coverage.v0.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "file": "src/bin/main.c",
4 | "locations": [
5 | { "line": 4, "column": 1, "count": 1 },
6 | { "line": 9, "column": 2, "count": 0 },
7 | { "line": 12, "column": 3, "count": 5 }
8 | ]
9 | },
10 | {
11 | "file": "src/lib/common.c",
12 | "locations": [
13 | { "line": 5, "column": null, "count": 0 },
14 | { "line": 5, "column": null, "count": 1 },
15 | { "line": 8, "column": null, "count": 0 }
16 | ]
17 | }
18 | ]
19 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-file-format/tests/files/source-coverage.v1.json:
--------------------------------------------------------------------------------
1 | {
2 | "version": "1.0",
3 | "coverage": {
4 | "src/bin/main.c": {
5 | "lines": {
6 | "4": 1,
7 | "9": 0,
8 | "12": 5
9 | }
10 | },
11 | "src/lib/common.c": {
12 | "lines": {
13 | "5": 1,
14 | "8": 0
15 | }
16 | }
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-result/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "onefuzz-result"
3 | version = "0.2.0"
4 | authors = ["fuzzing@microsoft.com"]
5 | edition = "2021"
6 | publish = false
7 | license = "MIT"
8 |
9 | [dependencies]
10 | anyhow = { version = "1.0", features = ["backtrace"] }
11 | async-trait = "0.1"
12 | chrono = { version = "0.4", default-features = false, features = [
13 | "clock",
14 | "std",
15 | "serde"
16 | ] }
17 | reqwest = "0.11"
18 | serde = "1.0"
19 | storage-queue = { path = "../storage-queue" }
20 | uuid = { version = "1.4", features = ["serde", "v4"] }
21 | onefuzz-telemetry = { path = "../onefuzz-telemetry" }
22 | log = "0.4"
23 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-result/src/lib.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | pub mod job_result;
5 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-task/data/afl-fuzzer_stats.txt:
--------------------------------------------------------------------------------
1 | start_time : 1587433304
2 | last_update : 1587433306
3 | fuzzer_pid : 26515
4 | cycles_done : 8
5 | execs_done : 13655
6 | execs_per_sec : 2666.67
7 | paths_total : 2
8 | paths_favored : 2
9 | paths_found : 1
10 | paths_imported : 0
11 | max_depth : 2
12 | cur_path : 0
13 | pending_favs : 0
14 | pending_total : 0
15 | variable_paths : 0
16 | stability : 100.00%
17 | bitmap_cvg : 0.01%
18 | unique_crashes : 0
19 | unique_hangs : 0
20 | last_path : 1587433304
21 | last_crash : 0
22 | last_hang : 0
23 | execs_since_crash : 13655
24 | exec_timeout : 20
25 | afl_banner : fuzz.exe
26 | afl_version : 2.52b
27 | target_mode : default
28 | command_line : afl-fuzz -i inputs -o OUT -- /home/bcaswell/projects/onefuzz/samples/afl-clang/fuzz.exe
29 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-task/data/fake-crash-report-old.json:
--------------------------------------------------------------------------------
1 | {
2 | "input_url": null,
3 | "input_blob": {
4 | "account": "fakestorageaccount",
5 | "container": "fake-storage-container",
6 | "name": "fake-crash-sample"
7 | },
8 | "executable": "dds.exe",
9 | "crash_type": "fake crash report",
10 | "crash_site": "fake crash site",
11 | "call_stack": [
12 | "#0 fake",
13 | "#1 call",
14 | "#2 stack"
15 | ],
16 | "call_stack_sha256": "0000000000000000000000000000000000000000000000000000000000000000",
17 | "input_sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
18 | "asan_log": "fake asan log",
19 | "task_id": "2061fc8d-9f02-4d06-838a-87f59880e4e8",
20 | "job_id": "510f8e4e-3c4d-4b54-968c-4da459d09f04",
21 | "scariness_score": null,
22 | "scariness_description": null,
23 | "minimized_stack": [],
24 | "minimized_stack_sha256": null,
25 | "minimized_stack_function_names": [],
26 | "minimized_stack_function_names_sha256": null,
27 | "minimized_stack_function_lines": null,
28 | "minimized_stack_function_lines_sha256": null
29 | }
30 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-task/data/fake-crash-report.json:
--------------------------------------------------------------------------------
1 | {
2 | "input_url": null,
3 | "input_blob": {
4 | "account": "fakestorageaccount",
5 | "container": "fake-storage-container",
6 | "name": "fake-crash-sample"
7 | },
8 | "executable": "dds.exe",
9 | "crash_type": "fake crash report",
10 | "crash_site": "fake crash site",
11 | "call_stack": [
12 | "#0 fake",
13 | "#1 call",
14 | "#2 stack"
15 | ],
16 | "call_stack_sha256": "0000000000000000000000000000000000000000000000000000000000000000",
17 | "input_sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
18 | "asan_log": "fake asan log",
19 | "task_id": "2061fc8d-9f02-4d06-838a-87f59880e4e8",
20 | "job_id": "510f8e4e-3c4d-4b54-968c-4da459d09f04",
21 | "scariness_score": null,
22 | "scariness_description": null,
23 | "minimized_stack": [],
24 | "minimized_stack_sha256": null,
25 | "minimized_stack_function_names": [],
26 | "minimized_stack_function_names_sha256": null,
27 | "minimized_stack_function_lines": null,
28 | "minimized_stack_function_lines_sha256": null,
29 | "tool_name": "libfuzzer",
30 | "tool_version": "1.2.3",
31 | "onefuzz_version": "1.2.3"
32 | }
33 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-task/src/lib.rs:
--------------------------------------------------------------------------------
1 | #[macro_use]
2 | extern crate anyhow;
3 | #[macro_use]
4 | extern crate clap;
5 | #[macro_use]
6 | extern crate onefuzz_telemetry;
7 |
8 | #[cfg(test)]
9 | #[macro_use]
10 | pub mod config_test_utils;
11 | pub mod local;
12 | pub mod tasks;
13 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-task/src/local/example_templates/radamsa.yml:
--------------------------------------------------------------------------------
1 | # yaml-language-server: $schema=../schema.json
2 |
3 | # This template file demonstrates how to configure a radamsa task
4 |
5 | target_args: &target_args
6 | target_env: {}
7 | target_exe: "C:\\temp\\onefuzz\\integration\\windows-libfuzzer\\fuzz.exe"
8 | target_options: []
9 |
10 | tasks:
11 | - type: Generator
12 | <<: *target_args
13 | crashes: "./crashes"
14 | generator_env: {}
15 | generator_exe: "./path/to/generator"
16 | generator_options: []
17 | readonly_inputs: ["./path/to/readonly-inputs"]
18 | rename_output: true
19 |
20 | - type: Report
21 | <<: *target_args
22 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-task/src/local/mod.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | pub mod cmd;
5 | pub mod common;
6 | #[cfg(any(target_os = "linux", target_os = "windows"))]
7 | pub mod coverage;
8 | pub mod create_template;
9 | pub mod generic_analysis;
10 | pub mod generic_crash_report;
11 | pub mod generic_generator;
12 | pub mod libfuzzer;
13 | pub mod libfuzzer_crash_report;
14 | pub mod libfuzzer_fuzz;
15 | pub mod libfuzzer_merge;
16 | pub mod libfuzzer_regression;
17 | pub mod libfuzzer_test_input;
18 | pub mod template;
19 | pub mod test_input;
20 | pub mod tui;
21 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-task/src/local/readme.md:
--------------------------------------------------------------------------------
1 | Example templates: `./example_templates`
2 |
3 | Updating schema:
4 |
5 | 1. Run the test at the bottome of `template.rs`
6 | 1. Copy the output into `schema.json`
7 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-task/src/managed/mod.rs:
--------------------------------------------------------------------------------
1 | pub mod cmd;
2 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-task/src/tasks/analysis/mod.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | pub mod generic;
5 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-task/src/tasks/coverage/generic/windows-interceptor.list:
--------------------------------------------------------------------------------
1 | # Required to avoid recording errors.
2 | ! *\llvm-project\compiler-rt\*
3 | ! *\llvm\compiler-rt\*
4 | ! *\vctools\crt\*
5 | ! *\Windows Kits\10\Include\*\ucrt\*
6 | ! *\ExternalAPIs\Windows\10\sdk\*
7 | ! *\ExternalAPIs\UnifiedCRT\*
8 | ! minkernel\crts\*
9 | ! vccrt\vcruntime\*
10 |
11 | # Optional, reduces noise.
12 | ! *\Microsoft Visual Studio\*\VC\Tools\MSVC\*\include\*
13 | ! *\Windows Kits\10\include\*\um\*
14 | ! *\vctools\langapi\*
15 | ! onecore\internal\sdk\inc\minwin\*
16 | ! shared\inc\*
17 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-task/src/tasks/coverage/mod.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | const COBERTURA_COVERAGE_FILE: &str = "cobertura-coverage.xml";
5 |
6 | pub mod dotnet;
7 | pub mod generic;
8 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-task/src/tasks/fuzz/libfuzzer.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | pub mod common;
5 | pub mod dotnet;
6 | pub mod generic;
7 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-task/src/tasks/fuzz/mod.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | pub mod generator;
5 | pub mod libfuzzer;
6 | pub mod supervisor;
7 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-task/src/tasks/generic/mod.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | pub mod input_poller;
5 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-task/src/tasks/merge/mod.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | pub mod generic;
5 | pub mod libfuzzer_merge;
6 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-task/src/tasks/mod.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | pub mod analysis;
5 | pub mod config;
6 | #[cfg(any(target_os = "linux", target_os = "windows"))]
7 | pub mod coverage;
8 | pub mod fuzz;
9 | pub mod generic;
10 | pub mod heartbeat;
11 | pub mod merge;
12 | pub mod regression;
13 | pub mod report;
14 | pub mod stats;
15 | pub mod utils;
16 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-task/src/tasks/regression/mod.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | pub mod common;
5 | pub mod generic;
6 | pub mod libfuzzer;
7 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-task/src/tasks/report/dotnet.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | pub mod common;
5 | pub mod generic;
6 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-task/src/tasks/report/mod.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | pub mod crash_report;
5 | pub mod dotnet;
6 | pub mod generic;
7 | pub mod libfuzzer_report;
8 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-task/src/tasks/stats/mod.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | pub mod afl;
5 | pub mod common;
6 |
--------------------------------------------------------------------------------
/src/agent/onefuzz-telemetry/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "onefuzz-telemetry"
3 | version = "0.1.0"
4 | authors = ["fuzzing@microsoft.com"]
5 | edition = "2021"
6 | license = "MIT"
7 |
8 | [dependencies]
9 | anyhow = "1.0"
10 | appinsights = { version = "0.2.3" }
11 | chrono = { version = "0.4", default-features = false, features = [
12 | "clock",
13 | "std",
14 | ] }
15 | lazy_static = "1.4"
16 | log = "0.4"
17 | serde = { version = "1.0", features = ["derive"] }
18 | tokio = { version = "1.32", features = ["full"] }
19 | uuid = { version = "1.4", features = ["serde", "v4"] }
20 |
--------------------------------------------------------------------------------
/src/agent/onefuzz/examples/dir-monitor.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | use anyhow::Result;
5 | use clap::Parser;
6 | use onefuzz::monitor::DirectoryMonitor;
7 |
8 | #[derive(Debug, Parser)]
9 | struct Opt {
10 | #[arg(short, long)]
11 | path: String,
12 | }
13 |
14 | #[tokio::main]
15 | async fn main() -> Result<()> {
16 | let opt = Opt::parse();
17 |
18 | let mut monitor = DirectoryMonitor::new(opt.path).await?;
19 | monitor.set_report_directories(true);
20 |
21 | while let Some(created) = monitor.next_file().await? {
22 | println!("[create] {}", created.display());
23 | }
24 |
25 | println!("done!");
26 |
27 | Ok(())
28 | }
29 |
--------------------------------------------------------------------------------
/src/agent/onefuzz/examples/memory.rs:
--------------------------------------------------------------------------------
1 | fn main() {
2 | let bytes = onefuzz::memory::available_bytes().unwrap();
3 | let gb = (bytes as f64) * 1e-9;
4 | println!("available bytes: {bytes} ({gb:.1} GB)");
5 | }
6 |
--------------------------------------------------------------------------------
/src/agent/onefuzz/src/blob.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | pub mod client;
5 | pub mod url;
6 |
7 | pub use self::client::BlobClient;
8 | pub use self::url::{BlobContainerUrl, BlobUrl};
9 |
--------------------------------------------------------------------------------
/src/agent/onefuzz/src/env.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | use anyhow::Result;
5 | use std::ffi::OsString;
6 | use std::path::PathBuf;
7 |
8 | pub const PATH: &str = "PATH";
9 | pub const LD_LIBRARY_PATH: &str = "LD_LIBRARY_PATH";
10 |
11 | #[allow(clippy::ptr_arg)]
12 | pub fn update_path(path: OsString, to_add: &PathBuf) -> Result {
13 | let mut paths: Vec<_> = std::env::split_paths(&path).collect();
14 | if !paths.contains(to_add) {
15 | paths.push(to_add.clone())
16 | }
17 | Ok(std::env::join_paths(paths)?)
18 | }
19 |
20 | #[allow(clippy::ptr_arg)]
21 | pub fn get_path_with_directory(variable: &str, to_add: &PathBuf) -> Result {
22 | match std::env::var_os(variable) {
23 | Some(path) => update_path(path, to_add),
24 | None => Ok(to_add.clone().into()),
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/src/agent/onefuzz/src/ipc.rs:
--------------------------------------------------------------------------------
1 | #[derive(Debug, Deserialize, Serialize)]
2 | pub enum IpcMessageKind {
3 | Telemetry,
4 | }
5 |
--------------------------------------------------------------------------------
/src/agent/onefuzz/src/jitter.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | use rand::prelude::*;
5 | use std::time::Duration;
6 | use tokio::time::sleep;
7 |
8 | pub fn jitter(value: Duration) -> Duration {
9 | let random: u64 = thread_rng().gen_range(0..10);
10 | Duration::from_secs(random) + value
11 | }
12 |
13 | pub async fn delay_with_jitter(value: Duration) {
14 | sleep(jitter(value)).await
15 | }
16 |
17 | pub async fn random_delay(value: Duration) {
18 | let random: u64 = thread_rng().gen_range(0..value.as_secs());
19 | let delay = Duration::new(random, 0);
20 | sleep(delay).await
21 | }
22 |
--------------------------------------------------------------------------------
/src/agent/onefuzz/src/lib.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | #[macro_use]
5 | extern crate anyhow;
6 |
7 | #[macro_use]
8 | extern crate onefuzz_telemetry;
9 |
10 | pub mod asan;
11 | pub mod auth;
12 | pub mod az_copy;
13 | pub mod blob;
14 | pub mod env;
15 | pub mod expand;
16 | pub mod fs;
17 | pub mod heartbeat;
18 | pub mod http;
19 | pub mod input_tester;
20 | pub mod ipc;
21 | pub mod jitter;
22 | pub mod libfuzzer;
23 | pub mod machine_id;
24 | pub mod memory;
25 | pub mod monitor;
26 | pub mod process;
27 | pub mod sanitizer;
28 | pub mod sha256;
29 | pub mod syncdir;
30 | pub mod utils;
31 |
32 | #[cfg(target_os = "linux")]
33 | pub mod triage;
34 | pub mod uploader;
35 |
--------------------------------------------------------------------------------
/src/agent/onefuzz/src/memory/tests_windows.rs:
--------------------------------------------------------------------------------
1 | use super::available_bytes;
2 |
3 | #[test]
4 | fn can_read_available_memory() -> anyhow::Result<()> {
5 | let available_bytes = available_bytes();
6 | assert!(available_bytes? > 0);
7 | Ok(())
8 | }
9 |
--------------------------------------------------------------------------------
/src/agent/reqwest-retry/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "reqwest-retry"
3 | version = "0.1.0"
4 | authors = ["fuzzing@microsoft.com"]
5 | edition = "2021"
6 | license = "MIT"
7 |
8 | [dependencies]
9 | anyhow = "1.0"
10 | async-trait = "0.1"
11 | backoff = { version = "0.4", features = ["tokio"] }
12 | log = "0.4"
13 | onefuzz-telemetry = { path = "../onefuzz-telemetry" }
14 | reqwest = { version = "0.11", features = [
15 | "json",
16 | "stream",
17 | "native-tls-vendored",
18 | ], default-features = false }
19 | thiserror = "1.0"
20 |
21 | [dev-dependencies]
22 | tokio = { version = "1.32", features = ["macros"] }
23 | wiremock = "0.5"
24 |
--------------------------------------------------------------------------------
/src/agent/stacktrace-parser/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "stacktrace-parser"
3 | version = "0.1.0"
4 | authors = [""]
5 | edition = "2021"
6 | license = "MIT"
7 |
8 | [dependencies]
9 | anyhow = "1.0"
10 | hex = "0.4"
11 | regex = "1.9.1"
12 | lazy_static = "1.4.0"
13 | sha2 = "0.10.2"
14 | serde = { version = "1.0", features = ["derive"] }
15 | serde_json = "1.0"
16 | libclusterfuzz = { path = "../libclusterfuzz" }
17 |
18 | [dev-dependencies]
19 | insta = { version = "1.32.0", features = ["glob", "json"] }
20 | pretty_assertions = "1.4"
21 |
--------------------------------------------------------------------------------
/src/agent/stacktrace-parser/data/parsed-traces/check_dir@format-string.txt.snap:
--------------------------------------------------------------------------------
1 | ---
2 | source: stacktrace-parser/src/lib.rs
3 | expression: parsed
4 | input_file: stacktrace-parser/data/stack-traces/format-string.txt
5 | ---
6 | {
7 | "text": "==16627==AddressSanitizer: WARNING: unexpected format specifier in printf interceptor: %r (reported once per process)\n",
8 | "sanitizer": "AddressSanitizer",
9 | "summary": "AddressSanitizer: WARNING: unexpected format specifier in printf interceptor: %r (reported once per process)",
10 | "fault_type": "unexpected format specifier"
11 | }
12 |
--------------------------------------------------------------------------------
/src/agent/stacktrace-parser/data/parsed-traces/check_dir@libfuzzer-windows-llvm10-out-of-memory-rss.txt.snap:
--------------------------------------------------------------------------------
1 | ---
2 | source: stacktrace-parser/src/lib.rs
3 | expression: parsed
4 | input_file: stacktrace-parser/data/stack-traces/libfuzzer-windows-llvm10-out-of-memory-rss.txt
5 | ---
6 | {
7 | "text": "INFO: Seed: 3655625785\nINFO: Loaded 1 modules (12 inline 8-bit counters): 12 [00007FF7C1F46088, 00007FF7C1F46094),\nINFO: Loaded 1 PC tables (12 PCs): 12 [00007FF7C1EF8720,00007FF7C1EF87E0),\nX:\\fuzz\\fuzz.exe: Running 1 inputs 1 time(s) each.\nRunning: .\\good.txt\n==12788== ERROR: libFuzzer: out-of-memory (used: 178Mb; limit: 1Mb)\n To change the out-of-memory limit use -rss_limit_mb=\n\nSUMMARY: libFuzzer: out-of-memory",
8 | "sanitizer": "libFuzzer",
9 | "summary": "libFuzzer: out-of-memory",
10 | "fault_type": "out-of-memory"
11 | }
12 |
--------------------------------------------------------------------------------
/src/agent/stacktrace-parser/data/stack-traces/asan-odr-violation.txt:
--------------------------------------------------------------------------------
1 | =================================================================
2 | ==10896==ERROR: AddressSanitizer: odr-violation (0x7fffc6d5bd60):
3 | [1] size=64 'vtable for a::b' ../../a/b.cc
4 | [2] size=64 'vtable for a::b' ../../a/b.cc
5 | These globals were registered at these points:
6 | [1]:
7 | #0 0x555556716bcd in __asan_register_globals /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_globals.cpp:360:3
8 | #1 0x7fff9886d28b in asan.module_ctor (/onefuzz/blob-containers/oft-setup-b9607df0891452adabf9aab8954aa772/libviews.so+0xb0228b)
9 |
10 | [2]:
11 | #0 0x555556716bcd in __asan_register_globals /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_globals.cpp:360:3
12 | #1 0x7fffc6d58ccb in asan.module_ctor (/onefuzz/blob-containers/oft-setup-b9607df0891452adabf9aab8954aa772/libx11_window.so+0x46ccb)
13 |
14 | ==10896==HINT: if you don't care about these errors you may set ASAN_OPTIONS=detect_odr_violation=0
15 | SUMMARY: AddressSanitizer: odr-violation: global 'vtable for a::b' at ../../a/b.cc
16 | ==10896==ABORTING
--------------------------------------------------------------------------------
/src/agent/stacktrace-parser/data/stack-traces/dotnet-nested-exception-linenumbers.txt:
--------------------------------------------------------------------------------
1 | Unhandled exception. System.Exception: No fuzzing target specified
2 | ---> System.Exception: Missing `LIBFUZZER_DOTNET_TARGET` environment variables: LIBFUZZER_DOTNET_TARGET_ASSEMBLY, LIBFUZZER_DOTNET_TARGET_CLASS, LIBFUZZER_DOTNET_TARGET_METHOD
3 | at LibFuzzerDotnetLoader.LibFuzzerDotnetTarget.FromEnvironmentVars() in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 190
4 | at LibFuzzerDotnetLoader.LibFuzzerDotnetTarget.FromEnvironment() in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 166
5 | --- End of inner exception stack trace ---
6 | at LibFuzzerDotnetLoader.LibFuzzerDotnetTarget.FromEnvironment() in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 171
7 | at LibFuzzerDotnetLoader.Program.TryMain() in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 70
8 | at LibFuzzerDotnetLoader.Program.Main(String[] args) in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 57
9 |
--------------------------------------------------------------------------------
/src/agent/stacktrace-parser/data/stack-traces/format-string.txt:
--------------------------------------------------------------------------------
1 | ==16627==AddressSanitizer: WARNING: unexpected format specifier in printf interceptor: %r (reported once per process)
2 |
--------------------------------------------------------------------------------
/src/agent/stacktrace-parser/data/stack-traces/libfuzzer-linux-llvm10-out-of-memory-rss.txt:
--------------------------------------------------------------------------------
1 | INFO: Seed: 3192757444
2 | INFO: Loaded 1 modules (12 inline 8-bit counters): 12 [0x7a1eb0, 0x7a1ebc),
3 | INFO: Loaded 1 PC tables (12 PCs): 12 [0x566fd8,0x567098),
4 | ./fuzz.exe: Running 1 inputs 1 time(s) each.
5 | Running: good.txt
6 | ==25201== ERROR: libFuzzer: out-of-memory (used: 134Mb; limit: 1Mb)
7 | To change the out-of-memory limit use -rss_limit_mb=
8 |
9 | Live Heap Allocations: 21573335 bytes in 22 chunks; quarantined: 100009208 bytes in 8 chunks; 5943 other chunks; total chunks: 5973; showing top 95% (at most 8 unique contexts)
10 | 21499304 byte(s) (99%) in 10 allocation(s)
11 | #0 0x51d4dd in malloc (/home/user/src/onefuzz/src/agent/fuzz.exe+0x51d4dd)
12 | #1 0x431b97 in operator new(unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x431b97)
13 | #2 0x471852 in main (/home/user/src/onefuzz/src/agent/fuzz.exe+0x471852)
14 | #3 0x7f2e2eb89b96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310
15 |
16 | SUMMARY: libFuzzer: out-of-memory
--------------------------------------------------------------------------------
/src/agent/stacktrace-parser/data/stack-traces/libfuzzer-windows-llvm10-out-of-memory-rss.txt:
--------------------------------------------------------------------------------
1 | INFO: Seed: 3655625785
2 | INFO: Loaded 1 modules (12 inline 8-bit counters): 12 [00007FF7C1F46088, 00007FF7C1F46094),
3 | INFO: Loaded 1 PC tables (12 PCs): 12 [00007FF7C1EF8720,00007FF7C1EF87E0),
4 | X:\fuzz\fuzz.exe: Running 1 inputs 1 time(s) each.
5 | Running: .\good.txt
6 | ==12788== ERROR: libFuzzer: out-of-memory (used: 178Mb; limit: 1Mb)
7 | To change the out-of-memory limit use -rss_limit_mb=
8 |
9 | SUMMARY: libFuzzer: out-of-memory
--------------------------------------------------------------------------------
/src/agent/stacktrace-parser/data/stack-traces/tsan-linux-llvm10-data-race.txt:
--------------------------------------------------------------------------------
1 | ==================
2 | WARNING: ThreadSanitizer: data race (pid=4659)
3 | Write of size 4 at 0x000001109278 by thread T1:
4 | #0 Thread1 /home/user/fuzz-targets/tiny_race.c:4:10 (tiny_race.exe+0x4ac607)
5 |
6 | Previous write of size 4 at 0x000001109278 by main thread:
7 | #0 main /home/user/fuzz-targets/tiny_race.c:10:10 (tiny_race.exe+0x4ac64e)
8 |
9 | Location is global 'Global' of size 4 at 0x000001109278 (tiny_race.exe+0x000001109278)
10 |
11 | Thread T1 (tid=4661, running) created by main thread at:
12 | #0 pthread_create (tiny_race.exe+0x422fe5)
13 | #1 main /home/user/fuzz-targets/tiny_race.c:9:3 (tiny_race.exe+0x4ac644)
14 |
15 | SUMMARY: ThreadSanitizer: data race /home/user/fuzz-targets/tiny_race.c:4:10 in Thread1
16 | ==================
17 | ThreadSanitizer: reported 1 warnings
--------------------------------------------------------------------------------
/src/agent/stacktrace-parser/src/bin/parse-stacktrace.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | use anyhow::Result;
5 | use stacktrace_parser::CrashLog;
6 | use std::{env, fs};
7 |
8 | fn main() -> Result<()> {
9 | for filename in env::args().skip(1) {
10 | let data = fs::read_to_string(&filename)?;
11 | let asan = CrashLog::parse(data)?;
12 | eprintln!("{filename}");
13 | println!("{}", serde_json::to_string_pretty(&asan)?);
14 | }
15 |
16 | Ok(())
17 | }
18 |
--------------------------------------------------------------------------------
/src/agent/storage-queue/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "storage-queue"
3 | version = "0.1.0"
4 | authors = ["fuzzing@microsoft.com"]
5 | edition = "2021"
6 | license = "MIT"
7 |
8 | [dependencies]
9 | anyhow = "1.0"
10 | async-trait = "0.1"
11 | backoff = { version = "0.4", features = ["tokio"] }
12 | base64 = "0.21"
13 | bytes = { version = "1.5", features = ["serde"] }
14 | derivative = "2.2"
15 | flume = "0.10"
16 | num_cpus = "1.15"
17 | quick-xml = { version = "0.30", features = ["serialize", "serde-types"] }
18 | regex = "1.9.1"
19 | reqwest = { version = "0.11", features = [
20 | "json",
21 | "stream",
22 | "native-tls-vendored",
23 | ], default-features = false }
24 | reqwest-retry = { path = "../reqwest-retry" }
25 | serde = { version = "1.0", features = ["derive"] }
26 | serde_derive = "1.0"
27 | serde_json = "1.0"
28 | bincode = "1.3"
29 | tokio = { version = "1.32", features = ["full"] }
30 | queue-file = "1.4"
31 | uuid = { version = "1.4", features = ["serde", "v4"] }
32 |
--------------------------------------------------------------------------------
/src/agent/win-util/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "win-util"
3 | version = "0.1.0"
4 | authors = ["fuzzing@microsoft.com"]
5 | edition = "2021"
6 | license = "MIT"
7 |
8 | [dependencies]
9 | anyhow = "1.0"
10 | atexit = { path = "../atexit" }
11 | log = "0.4"
12 | os_pipe = "1.1"
13 |
14 | [target.'cfg(windows)'.dependencies]
15 | winreg = "0.51"
16 |
17 | [dependencies.windows]
18 | version = "0.48"
19 | features = [
20 | "Win32_Foundation",
21 | "Win32_Security",
22 | "Win32_Storage_FileSystem",
23 | "Win32_System_Diagnostics_Debug",
24 | "Win32_System_ErrorReporting",
25 | "Win32_System_IO",
26 | "Win32_System_Kernel",
27 | "Win32_System_Memory",
28 | "Win32_System_Pipes",
29 | "Win32_System_ProcessStatus",
30 | "Win32_System_SystemInformation",
31 | "Win32_System_Threading",
32 | "Win32_UI_Shell",
33 | ]
34 |
35 | [dev-dependencies]
36 | tempfile = "3.8.0"
37 |
--------------------------------------------------------------------------------
/src/agent/win-util/src/lib.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT License.
3 |
4 | #![cfg(windows)]
5 |
6 | pub mod file;
7 | pub mod handle;
8 | pub mod memory;
9 | pub mod pipe_handle;
10 | pub mod process;
11 | pub mod string;
12 |
13 | pub fn last_os_error() -> anyhow::Error {
14 | std::io::Error::last_os_error().into()
15 | }
16 |
--------------------------------------------------------------------------------
/src/ci/afl.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Copyright (c) Microsoft Corporation. All rights reserved.
4 | # Licensed under the MIT License.
5 |
6 | mkdir -p artifacts/third-party/afl-linux
7 |
8 | git clone https://github.com/google/AFL
9 | cd AFL
10 | # v2.75b
11 | git checkout 82b5e359463238d790cadbe2dd494d6a4928bff3
12 | make
13 | (cd libdislocator; make)
14 |
15 | cp -r afl-analyze afl-as afl-cmin afl-fuzz afl-gcc afl-gotcpu afl-plot afl-showmap afl-tmin afl-whatsup dictionaries libdislocator/libdislocator.so LICENSE ../artifacts/third-party/afl-linux
16 |
--------------------------------------------------------------------------------
/src/ci/aflpp.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Copyright (c) Microsoft Corporation. All rights reserved.
4 | # Licensed under the MIT License.
5 |
6 | set -ex
7 |
8 | mkdir -p artifacts/third-party/aflpp-linux
9 |
10 |
11 | sudo apt-get install -y llvm llvm-dev clang
12 |
13 | git clone https://github.com/AFLplusplus/AFLplusplus
14 | cd AFLplusplus
15 | # checkout v3.12c
16 | git checkout 2dac4e785fa9f27e8c59bb504cfa8942eba938be
17 | make
18 | (cd utils/libdislocator && make)
19 | (cd utils/aflpp_driver && make); cp utils/aflpp_driver/*.so .
20 |
21 | cp -rf afl-* *.so *.a *.o dictionaries LICENSE ../artifacts/third-party/aflpp-linux
22 |
--------------------------------------------------------------------------------
/src/ci/azcopy.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Copyright (c) Microsoft Corporation. All rights reserved.
4 | # Licensed under the MIT License.
5 |
6 | set -ex
7 |
8 | mkdir -p artifacts/azcopy
9 |
10 | # NOTE: hard-coded to TLSv1.2 per aka.ms team to work around download failures
11 | wget --secure-protocol=TLSv1_2 --retry-connrefused -t 30 --waitretry=5 -O azcopy.zip https://aka.ms/downloadazcopy-v10-windows
12 | unzip azcopy.zip
13 | mv azcopy_windows*/* artifacts/azcopy/
14 |
15 | # NOTE: hard-coded to TLSv1.2 per aka.ms team to work around download failures
16 | wget --secure-protocol=TLSv1_2 --retry-connrefused -t 30 --waitretry=5 -O azcopy.tgz https://aka.ms/downloadazcopy-v10-linux
17 | tar zxvf azcopy.tgz
18 | mv azcopy_linux_amd64*/* artifacts/azcopy/
19 |
--------------------------------------------------------------------------------
/src/ci/check-check-pr.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | set -ex
4 |
5 | cd src/utils/check-pr
6 | pip install -r requirements.txt
7 | pip install -r requirements-lint.txt
8 | flake8 .
9 | black --check .
10 | isort --profile black --check .
11 | mypy .
12 |
--------------------------------------------------------------------------------
/src/ci/disable-py-cache.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Copyright (c) Microsoft Corporation. All rights reserved.
4 | # Licensed under the MIT License.
5 |
6 |
7 | # Temporary work-around to improve the efficacy of static analysis of functions
8 | # decorated with memoization.cached.
9 | #
10 | # For more information:
11 | # https://github.com/lonelyenvoy/python-memoization/issues/16
12 |
13 | set -e
14 |
15 | SCRIPT_DIR=$(dirname ${BASH_SOURCE[0]})
16 |
17 | sed -i "s/^from memoization import cached/##### from memoization import cached/" $(find . -name '*.py' -not -path .python_packages)
18 | sed -i "s/@cached/##### @cached/" $(find . -name '*.py' -not -path .python_packages)
19 |
--------------------------------------------------------------------------------
/src/ci/enable-py-cache.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Copyright (c) Microsoft Corporation. All rights reserved.
4 | # Licensed under the MIT License.
5 |
6 | # Temporary work-around to improve the efficacy of static analysis of functions
7 | # decorated with memoization.cached.
8 | #
9 | # For more information:
10 | # https://github.com/lonelyenvoy/python-memoization/issues/16
11 |
12 | set -e
13 |
14 | SCRIPT_DIR=$(dirname ${BASH_SOURCE[0]})
15 |
16 | sed -i "s/^##### from memoization import cached/from memoization import cached/" $(find . -name '*.py' -not -path .python_packages)
17 | sed -i "s/##### @cached/@cached/" $(find . -name '*.py' -not -path .python_packages)
18 |
--------------------------------------------------------------------------------
/src/ci/get-version.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Copyright (c) Microsoft Corporation. All rights reserved.
4 | # Licensed under the MIT License.
5 |
6 | set -e
7 |
8 | SCRIPT_DIR=$(dirname ${BASH_SOURCE[0]})
9 | BASE_VERSION=$(cat ${SCRIPT_DIR}/../../CURRENT_VERSION)
10 | BRANCH=$(git rev-parse --abbrev-ref HEAD)
11 | GIT_HASH=$(git rev-parse HEAD)
12 |
13 | # NB: ensure this code stays in sync the with version test in
14 | # .github/workflows/ci.yml
15 |
16 | if [ "${GITHUB_REF}" != "" ]; then
17 | TAG_VERSION=${GITHUB_REF#refs/tags/}
18 |
19 | # this isn't a tag
20 | if [ ${TAG_VERSION} == ${GITHUB_REF} ]; then
21 | echo ${BASE_VERSION}+${GIT_HASH}
22 | else
23 | echo ${BASE_VERSION}
24 | fi
25 | else
26 | if $(git diff --quiet); then
27 | echo ${BASE_VERSION}+${GIT_HASH}
28 | else
29 | echo ${BASE_VERSION}+${GIT_HASH}localchanges
30 | fi
31 | fi
32 |
--------------------------------------------------------------------------------
/src/ci/onefuzztypes.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Copyright (c) Microsoft Corporation. All rights reserved.
4 | # Licensed under the MIT License.
5 |
6 | set -ex
7 |
8 | mkdir -p artifacts/sdk
9 |
10 | cd src/pytypes
11 | pip install -r requirements-dev.txt
12 | python setup.py sdist bdist_wheel
13 |
14 | pip install -r requirements-lint.txt
15 | black ./onefuzztypes ./extra --check
16 | flake8 ./onefuzztypes ./extra
17 | bandit -r ./onefuzztypes
18 | isort --profile black ./onefuzztypes ./extra --check
19 | mypy ./onefuzztypes ./extra --ignore-missing-imports
20 | pytest -v tests
21 |
22 | cp dist/*.* ../../artifacts/sdk
23 |
24 | echo 'verify webhook docs are up-to-date'
25 | python -m venv build-docs
26 | . build-docs/bin/activate
27 | pip install -e .
28 | python extra/generate-docs.py ../../docs/webhook_events.md
29 | git diff --quiet ../../docs/webhook_events.md
30 | deactivate
31 | rm -rf build-docs
32 |
--------------------------------------------------------------------------------
/src/ci/proxy.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Copyright (c) Microsoft Corporation. All rights reserved.
4 | # Licensed under the MIT License.
5 |
6 | set -ex
7 |
8 | mkdir -p artifacts/proxy
9 |
10 | cd src/proxy-manager
11 | cargo fmt -- --check
12 | cargo clippy --release --all-targets -- -D warnings
13 | cargo deny -L error check
14 | cargo license -j > data/licenses.json
15 | cargo build --release --locked
16 | # export RUST_LOG=trace
17 | export RUST_BACKTRACE=full
18 | cargo test --release --locked
19 |
20 | cp target/release/onefuzz-proxy-manager ../../artifacts/proxy
21 |
--------------------------------------------------------------------------------
/src/ci/radamsa-linux.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Copyright (c) Microsoft Corporation. All rights reserved.
4 | # Licensed under the MIT License.
5 |
6 | set -ex
7 |
8 | mkdir -p artifacts/third-party/radamsa-linux
9 |
10 | git clone https://gitlab.com/akihe/radamsa
11 | cd radamsa
12 | # latest checked version
13 | git checkout 8121b78fb8f87e869cbeca931964df2b32435eb7
14 | make
15 | cp LICENCE bin/* ../artifacts/third-party/radamsa-linux
16 |
--------------------------------------------------------------------------------
/src/ci/radamsa-windows.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Copyright (c) Microsoft Corporation. All rights reserved.
4 | # Licensed under the MIT License.
5 |
6 | # NOTE: This assumes building within msys64/bash
7 |
8 | set -ex
9 |
10 | export PATH=/usr/bin:$PATH
11 | pacman -S gcc gzip --noconfirm
12 |
13 | mkdir -p artifacts/third-party/radamsa-win64
14 | git clone https://gitlab.com/akihe/radamsa
15 | cd radamsa
16 | # latest checked version
17 | git checkout 8121b78fb8f87e869cbeca931964df2b32435eb7
18 | make
19 | cp LICENCE bin/* ../artifacts/third-party/radamsa-win64
20 | cp /c/msys64/usr/bin/msys-2.0.dll ../artifacts/third-party/radamsa-win64
21 |
--------------------------------------------------------------------------------
/src/ci/rust-prereqs.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Copyright (c) Microsoft Corporation. All rights reserved.
4 | # Licensed under the MIT License.
5 |
6 | set -ex
7 |
8 | cargo install --locked cargo-license@0.4.2 cargo-llvm-cov cargo-deny cargo-insta cargo-nextest
9 |
--------------------------------------------------------------------------------
/src/ci/set-versions.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Copyright (c) Microsoft Corporation. All rights reserved.
4 | # Licensed under the MIT License.
5 |
6 | set -ex
7 |
8 | SCRIPT_DIR=$(dirname ${BASH_SOURCE[0]})
9 | GET_VERSION=${SCRIPT_DIR}/get-version.sh
10 | VERSION=${1:-$(${GET_VERSION})}
11 | cd ${SCRIPT_DIR}/../../
12 |
13 | arrVer=(${VERSION//./ })
14 | MAJOR=${arrVer[0]}
15 | MINOR=${arrVer[1]}
16 |
17 | SET_VERSIONS="src/pytypes/onefuzztypes/__version__.py src/cli/onefuzz/__version__.py"
18 | SET_REQS="src/cli/requirements.txt"
19 |
20 | sed -i "s/0.0.0/${VERSION}/" ${SET_VERSIONS}
21 | sed -i "s/onefuzztypes==0.0.0/onefuzztypes==${MAJOR}.${MINOR}.*/" ${SET_REQS}
22 |
--------------------------------------------------------------------------------
/src/ci/unset-versions.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Copyright (c) Microsoft Corporation. All rights reserved.
4 | # Licensed under the MIT License.
5 |
6 | set -ex
7 |
8 | SCRIPT_DIR=$(dirname ${BASH_SOURCE[0]})
9 | cd ${SCRIPT_DIR}/../../
10 |
11 | SET_VERSIONS="src/pytypes/onefuzztypes/__version__.py src/cli/onefuzz/__version__.py"
12 | SET_REQS="src/cli/requirements.txt"
13 |
14 | sed -i 's/__version__ = .*/__version__ = "0.0.0"/' ${SET_VERSIONS}
15 | sed -i "s/onefuzztypes==.*/onefuzztypes==0.0.0/" ${SET_REQS}
16 |
--------------------------------------------------------------------------------
/src/cli/.flake8:
--------------------------------------------------------------------------------
1 | [flake8]
2 | ignore = E203, E266, E501, W503
3 | max-line-length = 80
4 | max-complexity = 18
5 | select = B,C,E,F,W,T4,B9
6 |
--------------------------------------------------------------------------------
/src/cli/MANIFEST.in:
--------------------------------------------------------------------------------
1 | include LICENSE
2 | include *.txt
3 | include *.md
4 | include extra/pyinstaller/*.py
5 | include onefuzz/data/privacy.txt
6 | include onefuzz/data/licenses.json
7 | graft examples
--------------------------------------------------------------------------------
/src/cli/bandit.cfg:
--------------------------------------------------------------------------------
1 | # B603:subprocess_without_shell_equals_true
2 | # B607:start_process_with_partial_path
3 | skips: ['B603', 'B607']
--------------------------------------------------------------------------------
/src/cli/examples/azure-functions-example/README.md:
--------------------------------------------------------------------------------
1 | # Sample Azure Functions based on Onefuzz SDK
2 |
3 | This uses a user-provided managed identity to interact with Onefuzz
4 |
5 | In the Azure Functions application settings, provide the following:
6 |
7 | * `ONEFUZZ_CLIENT_ID`
8 | * `ONEFUZZ_CLIENT_SECRET`
9 | * `ONEFUZZ_ENDPOINT`
10 | * `ONEFUZZ_AUTHORITY` (optional)
11 |
--------------------------------------------------------------------------------
/src/cli/examples/azure-functions-example/host.json:
--------------------------------------------------------------------------------
1 | {
2 | "version": "2.0",
3 | "extensionBundle": {
4 | "id": "Microsoft.Azure.Functions.ExtensionBundle",
5 | "version": "[1.*, 2.0.0)"
6 | }
7 | }
--------------------------------------------------------------------------------
/src/cli/examples/azure-functions-example/info/__init__.py:
--------------------------------------------------------------------------------
1 | import logging
2 | import os
3 |
4 | import azure.functions as func
5 |
6 | from onefuzz.api import Onefuzz
7 |
8 |
9 | def main(req: func.HttpRequest) -> func.HttpResponse:
10 | logging.info("Python HTTP trigger function processed a request.")
11 |
12 | o = Onefuzz()
13 | o.config(
14 | endpoint=os.environ.get("ONEFUZZ_ENDPOINT"),
15 | )
16 | info = o.info.get()
17 | return func.HttpResponse(info.json())
18 |
--------------------------------------------------------------------------------
/src/cli/examples/azure-functions-example/info/function.json:
--------------------------------------------------------------------------------
1 | {
2 | "scriptFile": "__init__.py",
3 | "bindings": [
4 | {
5 | "authLevel": "anonymous",
6 | "type": "httpTrigger",
7 | "direction": "in",
8 | "name": "req",
9 | "methods": [
10 | "get"
11 | ]
12 | },
13 | {
14 | "type": "http",
15 | "direction": "out",
16 | "name": "$return"
17 | }
18 | ]
19 | }
20 |
--------------------------------------------------------------------------------
/src/cli/examples/azure-functions-example/requirements.txt:
--------------------------------------------------------------------------------
1 | # Update this version to the SDK version used.
2 | onefuzz
3 |
--------------------------------------------------------------------------------
/src/cli/examples/get-running.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | #
3 | # Copyright (c) Microsoft Corporation.
4 | # Licensed under the MIT License.
5 |
6 | from onefuzz.api import Onefuzz
7 |
8 |
9 | def main() -> None:
10 | onefuzz = Onefuzz()
11 | jobs = onefuzz.jobs.list()
12 | for job in jobs:
13 | print(
14 | "job:",
15 | str(job.job_id)[:8],
16 | ":".join([job.config.project, job.config.name, job.config.build]),
17 | )
18 | for task in onefuzz.tasks.list(job_id=job.job_id):
19 | if task.state in ["stopped", "stopping"]:
20 | continue
21 | print(
22 | " ",
23 | str(task.task_id)[:8],
24 | task.config.task.type,
25 | task.config.task.target_exe,
26 | )
27 |
28 |
29 | if __name__ == "__main__":
30 | main()
31 |
--------------------------------------------------------------------------------
/src/cli/examples/llvm-source-coverage/.gitignore:
--------------------------------------------------------------------------------
1 | setup/fuzz.exe
2 | setup/fuzz-coverage.exe
3 |
--------------------------------------------------------------------------------
/src/cli/examples/llvm-source-coverage/inputs/input.txt:
--------------------------------------------------------------------------------
1 | 0000
--------------------------------------------------------------------------------
/src/cli/examples/llvm-source-coverage/setup/Makefile:
--------------------------------------------------------------------------------
1 | CC=clang
2 |
3 | CFLAGS=-g3 -fsanitize=fuzzer -fsanitize=address
4 | CFLAGS_COV=-g3 -fsanitize=fuzzer -fprofile-instr-generate -fcoverage-mapping
5 |
6 | all: fuzz.exe fuzz-coverage.exe
7 |
8 | fuzz.exe: simple.c
9 | $(CC) $(CFLAGS) $< -o $@
10 |
11 | fuzz-coverage.exe: simple.c
12 | $(CC) $(CFLAGS_COV) $< -o $@
13 |
14 | test: fuzz.exe
15 | ./fuzz.exe -runs=100 ../inputs
16 |
17 | .PHONY: clean
18 |
19 | clean:
20 | rm -f fuzz.exe fuzz-coverage.exe
21 |
--------------------------------------------------------------------------------
/src/cli/extra/pyinstaller/hook-onefuzz.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | #
3 | # Copyright (c) Microsoft Corporation.
4 | # Licensed under the MIT License.
5 |
6 | from PyInstaller.utils.hooks import collect_data_files
7 |
8 | datas = collect_data_files("onefuzz")
9 |
--------------------------------------------------------------------------------
/src/cli/onefuzz/__init__.py:
--------------------------------------------------------------------------------
1 | # Copyright (c) Microsoft Corporation.
2 | # Licensed under the MIT License.
3 |
4 | """
5 | Python interface to the Onefuzz service.
6 | """
7 |
--------------------------------------------------------------------------------
/src/cli/onefuzz/__main__.py:
--------------------------------------------------------------------------------
1 | # Copyright (c) Microsoft Corporation.
2 | # Licensed under the MIT License.
3 |
4 | """
5 | Command line interface to the Onefuzz service
6 | """
7 |
8 | import sys
9 |
10 | from opentelemetry import trace
11 | from opentelemetry.sdk.trace import TracerProvider
12 | from opentelemetry.sdk.trace.export import SimpleSpanProcessor
13 |
14 | from onefuzz.__version__ import __version__
15 | from onefuzz.api import Command, Endpoint, Onefuzz
16 | from onefuzz.cli import execute_api
17 | from onefuzz.opentelemetry_exporter import OneFuzzSpanExporter
18 |
19 | provider = TracerProvider()
20 | processor = SimpleSpanProcessor(OneFuzzSpanExporter())
21 | provider.add_span_processor(processor)
22 | trace.set_tracer_provider(provider)
23 |
24 |
25 | tracer = trace.get_tracer(__name__)
26 |
27 |
28 | def main() -> int:
29 | with tracer.start_as_current_span("cli"):
30 | return execute_api(Onefuzz(), [Endpoint, Command], __version__)
31 |
32 |
33 | if __name__ == "__main__":
34 | sys.exit(main())
35 |
--------------------------------------------------------------------------------
/src/cli/onefuzz/__version__.py:
--------------------------------------------------------------------------------
1 | # Copyright (c) Microsoft Corporation.
2 | # Licensed under the MIT License.
3 |
4 | # pylint: disable=W0612,C0111
5 | __version__ = "0.0.0"
6 |
--------------------------------------------------------------------------------
/src/cli/onefuzz/data/licenses.json:
--------------------------------------------------------------------------------
1 | []
--------------------------------------------------------------------------------
/src/cli/onefuzz/data/privacy.txt:
--------------------------------------------------------------------------------
1 | The software may collect information about you and your use of the software and
2 | send it to Microsoft. Microsoft may use this information to provide services
3 | and improve our products and services. You may turn off the telemetry as
4 | described in the repository. There are also some features in the software that
5 | may enable you and Microsoft to collect data from users of your applications.
6 | If you use these features, you must comply with applicable law, including
7 | providing appropriate notices to users of your applications together with a
8 | copy of Microsoft's privacy statement. Our privacy statement is located at
9 | https://go.microsoft.com/fwlink/?LinkID=824704. You can learn more about data
10 | collection and use in the help documentation and our privacy statement. Your
11 | use of the software operates as your consent to these practices.
12 |
13 | Instructions on how to turn off telemetry:
14 | * https://github.com/microsoft/onefuzz/blob/main/docs/telemetry.md#how-to-disable-sending-telemetry-to-microsoft
15 |
--------------------------------------------------------------------------------
/src/cli/onefuzz/job_templates/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/microsoft/onefuzz/82fffbe8adc047f055cb4fddcae17e9e1244423e/src/cli/onefuzz/job_templates/__init__.py
--------------------------------------------------------------------------------
/src/cli/onefuzz/opentelemetry_exporter.py:
--------------------------------------------------------------------------------
1 | import logging
2 | import os
3 | import typing
4 |
5 | from opentelemetry.sdk.trace import ReadableSpan
6 | from opentelemetry.sdk.trace.export import SpanExporter, SpanExportResult
7 |
8 | LOGGER = logging.getLogger("opentelemetry")
9 |
10 |
11 | class OneFuzzSpanExporter(SpanExporter):
12 | def __init__(
13 | self,
14 | formatter: typing.Callable[[ReadableSpan], str] = lambda span: str(
15 | span.to_json()
16 | )
17 | + os.linesep,
18 | ):
19 | self.formatter = formatter
20 |
21 | def export(self, spans: typing.Sequence[ReadableSpan]) -> SpanExportResult:
22 | for span in spans:
23 | LOGGER.debug(self.formatter(span))
24 | return SpanExportResult.SUCCESS
25 |
26 | def force_flush(self, _timeout_millis: int = 30000) -> bool:
27 | return True
28 |
--------------------------------------------------------------------------------
/src/cli/onefuzz/py.typed:
--------------------------------------------------------------------------------
1 | # Marker file for PEP 561.
2 |
--------------------------------------------------------------------------------
/src/cli/onefuzz/status/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/microsoft/onefuzz/82fffbe8adc047f055cb4fddcae17e9e1244423e/src/cli/onefuzz/status/__init__.py
--------------------------------------------------------------------------------
/src/cli/onefuzz/status/raw.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | #
3 | # Copyright (c) Microsoft Corporation.
4 | # Licensed under the MIT License.
5 |
6 | import logging
7 | import time
8 | from typing import Any, List
9 |
10 | from six.moves import input # workaround for static analysis
11 |
12 | from ..api import Onefuzz
13 | from .signalr import Stream
14 |
15 | SIGNALR_CONNECT_TIMEOUT_SECONDS = 0.1
16 |
17 |
18 | def log_entry(onefuzz: Onefuzz, entries: List[Any]) -> None:
19 | for entry in entries:
20 | onefuzz.logger.info("%s", entry)
21 |
22 |
23 | def raw(onefuzz: Onefuzz, logger: logging.Logger) -> None:
24 | client = Stream(onefuzz, logger)
25 | client.setup(lambda x: log_entry(onefuzz, x))
26 |
27 | while client.connected is None:
28 | time.sleep(SIGNALR_CONNECT_TIMEOUT_SECONDS)
29 |
30 | wait_for_exit()
31 | client.stop()
32 |
33 |
34 | def wait_for_exit() -> None:
35 | text = ""
36 | while "exit" not in text:
37 | print("type exit to stop the log stream")
38 | text = input("")
39 |
--------------------------------------------------------------------------------
/src/cli/requirements-dev.txt:
--------------------------------------------------------------------------------
1 | setuptools
2 | wheel
3 | pyinstaller
4 | pip-licenses
--------------------------------------------------------------------------------
/src/cli/requirements-lint.txt:
--------------------------------------------------------------------------------
1 | flake8
2 | mypy==0.910
3 | pytest
4 | isort
5 | vulture
6 | click>=8.0.4
7 | black
8 | bandit
9 | types-requests
10 | types-six
11 |
--------------------------------------------------------------------------------
/src/cli/requirements.txt:
--------------------------------------------------------------------------------
1 | msal==1.22.0
2 | # install requests >=2.31.0 to fix CVE-2023-32681
3 | requests>=2.31.0
4 | jmespath~=0.10.0
5 | semver~=2.13.0
6 | signalrcore==0.9.2
7 | asciimatics~=1.13.0
8 | pydantic~=1.8.1 --no-binary=pydantic
9 | memoization~=0.4.0
10 | msrestazure==0.6.4
11 | azure-storage-blob==12.14.1
12 | azure-applicationinsights==0.1.0
13 | tenacity==8.0.1
14 | docstring_parser==0.8.1
15 | azure-identity==1.14.0
16 | azure-cli-core==2.50.0
17 | PyJWT>=2.4.0
18 | opentelemetry-api==1.16.0
19 | opentelemetry-sdk==1.16.0
20 | opentelemetry-instrumentation-requests==0.37b0
21 | # install rsa version >=4.7 to fix CVE-2020-25658
22 | rsa>=4.7
23 | # onefuzztypes version is set during build
24 | onefuzztypes==0.0.0
25 |
--------------------------------------------------------------------------------
/src/cli/tests/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/microsoft/onefuzz/82fffbe8adc047f055cb4fddcae17e9e1244423e/src/cli/tests/__init__.py
--------------------------------------------------------------------------------
/src/cli/tests/pytest.ini:
--------------------------------------------------------------------------------
1 | [pytest]
2 | junit_family=xunit1
3 | filterwarnings =
4 | ignore:.*Using or importing the ABCs from 'collections':DeprecationWarning
5 |
--------------------------------------------------------------------------------
/src/deny.toml:
--------------------------------------------------------------------------------
1 | [licenses]
2 | allow = [
3 | "Apache-2.0 WITH LLVM-exception",
4 | "Apache-2.0",
5 | "BSD-3-Clause",
6 | "CC0-1.0",
7 | "ISC",
8 | "MIT",
9 | "Unicode-DFS-2016",
10 | "Zlib",
11 | ]
12 |
13 | [advisories]
14 | vulnerability = "deny"
15 | unmaintained = "deny"
16 | unsound = "deny"
17 | yanked = "deny"
18 | ignore = [
19 | "RUSTSEC-2020-0016", # There is a PR currently open to stop using the unmaintained crate: https://github.com/servo/ipc-channel/pull/302
20 | ]
21 |
22 | [bans]
23 |
24 | # disallow rustls; we must use OpenSSL
25 | [[bans.deny]]
26 | name = "rustls"
27 |
28 | # disallow ring; unapproved crypto
29 | [[bans.deny]]
30 | name = "ring"
31 |
--------------------------------------------------------------------------------
/src/deployment/.flake8:
--------------------------------------------------------------------------------
1 | [flake8]
2 | ignore = E203, E266, E501, W503
3 | max-line-length = 80
4 | max-complexity = 18
5 | select = B,C,E,F,W,T4,B9
6 |
--------------------------------------------------------------------------------
/src/deployment/.gitignore:
--------------------------------------------------------------------------------
1 | # Byte-compiled / optimized / DLL files
2 | __pycache__/
3 | *.py[cod]
4 | *$py.class
5 |
6 | # C extensions
7 | *.so
8 |
9 | # Distribution / packaging
10 | .Python
11 | build/
12 | develop-eggs/
13 | dist/
14 | downloads/
15 | eggs/
16 | .eggs/
17 | lib/
18 | lib64/
19 | parts/
20 | sdist/
21 | var/
22 | wheels/
23 | *.egg-info/
24 | .installed.cfg
25 | *.egg
26 | MANIFEST
27 |
28 | # PyInstaller
29 | # Usually these files are written by a python script from a template
30 | # before PyInstaller builds the exe, so as to inject date/other infos into it.
31 | *.manifest
32 | *.spec
33 |
34 | # Installer logs
35 | pip-log.txt
36 | pip-delete-this-directory.txt
37 |
38 | # Unit test / coverage reports
39 | htmlcov/
40 | .tox/
41 | .coverage
42 | .coverage.*
43 | .cache
44 | nosetests.xml
45 | coverage.xml
46 | *.cover
47 | .hypothesis/
48 | .pytest_cache/
49 |
50 | # Flask stuff:
51 | instance/
52 | .webassets-cache
53 |
54 | # Scrapy stuff:
55 | .scrapy
56 |
57 | # pyenv
58 | .python-version
59 |
60 | # Environments
61 | .env
62 | .venv
63 | env/
64 | venv/
65 | ENV/
66 | env.bak/
67 | venv.bak/
68 |
69 | # mypy
70 | .mypy_cache/
71 |
72 | test-cov.xml
73 | test-output.xml
--------------------------------------------------------------------------------
/src/deployment/README.md:
--------------------------------------------------------------------------------
1 | deployment-role.json - Example Role for deploying OneFuzz
--------------------------------------------------------------------------------
/src/deployment/bicep-templates/server-farms.bicep:
--------------------------------------------------------------------------------
1 | param server_farm_name string
2 | param owner string
3 | param location string
4 | param use_windows bool
5 |
6 | var kind = (use_windows) ? 'app' : 'linux'
7 |
8 | resource serverFarms 'Microsoft.Web/serverfarms@2022-03-01' = {
9 | name: server_farm_name
10 | location: location
11 | kind: kind
12 | properties: {
13 | // reserved must be set to true for Linux server farm, otherwise it is false
14 | reserved: !use_windows
15 | }
16 | sku: {
17 | name: 'P2v2'
18 | tier: 'PremiumV2'
19 | family: 'Pv2'
20 | capacity: 1
21 | }
22 | tags: {
23 | OWNER: owner
24 | }
25 | }
26 |
27 | output id string = serverFarms.id
28 | output kind string = kind
29 |
--------------------------------------------------------------------------------
/src/deployment/bicep-templates/signalR.bicep:
--------------------------------------------------------------------------------
1 | param location string
2 |
3 | var signalr_name = 'onefuzz-${uniqueString(resourceGroup().id)}'
4 | resource signalR 'Microsoft.SignalRService/signalR@2021-10-01' = {
5 | name: signalr_name
6 | location: location
7 | sku: {
8 | name: 'Standard_S1'
9 | tier: 'Standard'
10 | capacity: 1
11 | }
12 | properties: {
13 | features: [
14 | {
15 | flag: 'ServiceMode'
16 | value: 'Serverless'
17 | properties: {}
18 | }
19 | {
20 | flag: 'EnableConnectivityLogs'
21 | value: 'True'
22 | properties: {}
23 | }
24 | {
25 | flag: 'EnableMessagingLogs'
26 | value: 'False'
27 | properties: {}
28 | }
29 | ]
30 | }
31 | }
32 |
33 | output signalRName string = signalr_name
34 |
--------------------------------------------------------------------------------
/src/deployment/config.json:
--------------------------------------------------------------------------------
1 | {
2 | "tenant_id": "",
3 | "tenant_domain": "",
4 | "multi_tenant_domain": "",
5 | "cli_client_id": "",
6 | "proxy_nsg_config": {
7 | "allowed_ips": [
8 | "*"
9 | ],
10 | "allowed_service_tags": []
11 | }
12 | }
--------------------------------------------------------------------------------
/src/deployment/deploylib/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/microsoft/onefuzz/82fffbe8adc047f055cb4fddcae17e9e1244423e/src/deployment/deploylib/__init__.py
--------------------------------------------------------------------------------
/src/deployment/deploylib/tests/README.md:
--------------------------------------------------------------------------------
1 | # Deployment tests.
2 |
3 | - `test_deploy_config.py`
4 |
5 | Requires the deployment packages and scripts from OneFuzz.
6 |
7 | `test_deploy_config.py` validates that the Deploy script takes properly formatted json configuration..
8 |
--------------------------------------------------------------------------------
/src/deployment/deploylib/tests/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | #
3 | # Copyright (c) Microsoft Corporation.
4 | # Licensed under the MIT License.
5 |
--------------------------------------------------------------------------------
/src/deployment/instance-specific-setup/README.md:
--------------------------------------------------------------------------------
1 | If you have setup scripts, configurations, or tools that should always run on every VM, please put them here.
2 |
3 | Either `linux/setup.sh` or `windows/setup.ps1` will be launched during VM initialization.
--------------------------------------------------------------------------------
/src/deployment/instance-specific-setup/linux/setup.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Put your instance specific setup code here.
3 |
4 | set -ex
5 |
6 | echo This is a sample setup tool
7 |
--------------------------------------------------------------------------------
/src/deployment/instance-specific-setup/windows/setup.ps1:
--------------------------------------------------------------------------------
1 | # This is a custom setup tool
2 |
3 | Write-Output "Custom setup"
4 |
--------------------------------------------------------------------------------
/src/deployment/mypy.ini:
--------------------------------------------------------------------------------
1 | [mypy]
2 | disallow_untyped_defs = True
3 | follow_imports = silent
4 | check_untyped_defs = True
5 | ; disallow_any_generics = True
6 | no_implicit_reexport = True
7 | strict_optional = True
8 | warn_redundant_casts = True
9 | warn_return_any = True
10 | warn_unused_configs = True
11 | warn_unused_ignores = True
12 |
13 | [mypy-azure.*]
14 | ignore_missing_imports = True
15 |
16 | [mypy-msrestazure.*]
17 | ignore_missing_imports = True
18 |
19 | [mypy-msrest.*]
20 | ignore_missing_imports = True
21 |
22 | [mypy-functional.*]
23 | ignore_missing_imports = True
24 |
--------------------------------------------------------------------------------
/src/deployment/requirements.txt:
--------------------------------------------------------------------------------
1 | azure-cli-core==2.50.0
2 | azure-cli==2.50.0
3 | azure-identity==1.14.0
4 | azure-cosmosdb-table==1.0.6
5 | azure-mgmt-eventgrid==10.2.0b2
6 | azure-mgmt-resource>=23.1.0b2
7 | azure-mgmt-storage==21.0.0
8 | azure-storage-blob==12.14.1
9 | pyfunctional==1.4.3
10 | pyopenssl==22.0.0
11 | adal~=1.2.7
12 | idna<3,>=2.10
--------------------------------------------------------------------------------
/src/integration-tests/GoodBad/.gitignore:
--------------------------------------------------------------------------------
1 | /bin/
2 | /obj/
3 |
--------------------------------------------------------------------------------
/src/integration-tests/GoodBad/GoodBad.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | 11.0
5 | net7.0
6 | enable
7 | enable
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/src/integration-tests/git-bisect/README.md:
--------------------------------------------------------------------------------
1 | # git-bisect regression source
2 |
3 | This assumes you have a working clang with libfuzzer, bash, and git.
4 |
5 | This makes a git repo `test` with 9 commits. Each commit after the first adds a bug.
6 |
7 | * `commit 0` has no bugs.
8 | * `commit 1` will additionally cause an abort if the input is `1`.
9 | * `commit 2` will additionally cause an abort if the input is `2`.
10 | * `commit 3` will additionally cause an abort if the input is `3`.
11 | * etc.
12 |
13 | This directory provides exemplar scripts that demonstrate how to perform
14 | `git bisect` with libfuzzer.
15 |
16 | * [run-local.sh](run-local.sh) builds & runs the libfuzzer target locally. It uses [src/bisect-local.sh](src/bisect-local.sh) as the `git bisect run` command.
17 | * [run-onefuzz.sh](run-onefuzz.sh) builds the libfuzzer target locally, but uses OneFuzz to run the regression tasks. It uses [src/bisect-onefuzz.sh](src/bisect-onefuzz.sh) as the `git bisect run` command.
18 |
19 | With each project having their own unique paradigm for building, this model
20 | allows plugging OneFuzz as a `bisect` command in whatever fashion your
21 | project requires.
--------------------------------------------------------------------------------
/src/integration-tests/git-bisect/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | set -e
4 |
5 | rm -rf test
6 |
7 | git init test
8 | (cd test; git config user.name "Example"; git config user.email example@contoso.com)
9 | (cp src/Makefile test; cd test; git add Makefile)
10 | for i in $(seq 0 8); do
11 | cp src/fuzz.c test/fuzz.c
12 | for j in $(seq $i 8); do
13 | if [ $i != $j ]; then
14 | sed -i /TEST$j/d test/fuzz.c
15 | fi
16 | done
17 | (cd test; git add fuzz.c; git commit -m "commit $i")
18 | done
--------------------------------------------------------------------------------
/src/integration-tests/git-bisect/run-local.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | set -e
4 |
5 | # build our git repo with our samples in `test`
6 | # (note, we don't care about the output of this script)
7 | ./build.sh 2>/dev/null > /dev/null
8 |
9 | # create our crashing input
10 | echo -n '3' > test/test.txt
11 |
12 | cd test
13 |
14 | # start the bisect, looking from HEAD backwards 8 commits
15 | git bisect start HEAD HEAD~8 --
16 | git bisect run ../src/bisect-local.sh test.txt
17 | git bisect reset
--------------------------------------------------------------------------------
/src/integration-tests/git-bisect/run-onefuzz.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | set -e
4 |
5 | # build our git repo with our samples in `test`
6 | # (note, we don't care about the output of this script)
7 | ./build.sh 2>/dev/null > /dev/null
8 |
9 | # create our crashing input
10 | echo -n '3' > test/test.txt
11 |
12 | cd test
13 |
14 | # start the bisect, looking from HEAD backwards 8 commits
15 | git bisect start HEAD HEAD~8 --
16 | git bisect run ../src/bisect-onefuzz.sh test.txt
17 | git bisect reset
--------------------------------------------------------------------------------
/src/integration-tests/git-bisect/src/Makefile:
--------------------------------------------------------------------------------
1 | CC=clang
2 |
3 | CFLAGS=-g3 -fsanitize=fuzzer -fsanitize=address
4 |
5 | all: fuzz.exe
6 |
7 | fuzz.exe: fuzz.c
8 | $(CC) $(CFLAGS) fuzz.c -o fuzz.exe
9 |
10 | .PHONY: clean
11 |
12 | clean:
13 | @rm -f fuzz.exe
14 |
--------------------------------------------------------------------------------
/src/integration-tests/git-bisect/src/bisect-local.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | set -ex
4 |
5 | make clean
6 | make
7 | ./fuzz.exe $*
--------------------------------------------------------------------------------
/src/integration-tests/git-bisect/src/bisect-onefuzz.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | set -e
4 |
5 | PROJECT=${PROJECT:-regression-test}
6 | TARGET=${TARGET:-$(uuidgen)}
7 | BUILD=regression-$(git rev-parse HEAD)
8 | POOL=${ONEFUZZ_POOL:-linux}
9 |
10 | make clean
11 | make
12 | onefuzz template regression libfuzzer ${PROJECT} ${TARGET} ${BUILD} ${POOL} --check_regressions --delete_input_container --reports --crashes $*
--------------------------------------------------------------------------------
/src/integration-tests/git-bisect/src/fuzz.c:
--------------------------------------------------------------------------------
1 | #include
2 | int LLVMFuzzerTestOneInput(char *data, size_t len) {
3 | if (len != 1) { return 0; }
4 | if (data[0] == '1') { abort(); } // TEST1
5 | if (data[0] == '2') { abort(); } // TEST2
6 | if (data[0] == '3') { abort(); } // TEST3
7 | if (data[0] == '4') { abort(); } // TEST4
8 | if (data[0] == '5') { abort(); } // TEST5
9 | if (data[0] == '6') { abort(); } // TEST6
10 | if (data[0] == '7') { abort(); } // TEST7
11 | if (data[0] == '8') { abort(); } // TEST8
12 | return 0;
13 | }
14 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-aarch64-crosscompile/.gitignore:
--------------------------------------------------------------------------------
1 | compiler-rt
2 | fuzz-libs
3 | fuzz.exe
4 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-aarch64-crosscompile/inputs/hi.txt:
--------------------------------------------------------------------------------
1 | hi
2 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-dlopen/Makefile:
--------------------------------------------------------------------------------
1 | CC=clang
2 | CFLAGS=-fsanitize=address,fuzzer -fPIC -O0 -ggdb3
3 |
4 | .PHONY: all clean test
5 |
6 | all: libbad.so fuzz.exe
7 |
8 | fuzz.exe: main.o
9 | $(CC) $(CFLAGS) -o $@ $<
10 |
11 | libbad.so: bad.o
12 | $(CC) -shared -o $@ $<
13 |
14 | test: all
15 | LD_LIBRARY_PATH=. ./fuzz.exe
16 |
17 | clean:
18 | rm -rf fuzz.exe *.o *.so crash-*
19 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-dlopen/bad.h:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation. All rights reserved.
2 | // Licensed under the MIT License.
3 |
4 | #ifndef BAD_H
5 | #define BAD_H
6 |
7 | int func(const uint8_t *data, size_t len);
8 |
9 | #endif
10 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-dlopen/main.c:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation. All rights reserved.
2 | // Licensed under the MIT License.
3 |
4 | #include
5 | #include
6 | #include
7 | #include
8 | #include
9 |
10 | int (*fuzz_func)(const uint8_t *data, size_t size);
11 |
12 | int LLVMFuzzerInitialize(int *argc, char ***argv)
13 | {
14 | printf("initialize\n");
15 | void *handle;
16 | int (*b)(void);
17 | char *error;
18 |
19 | handle = dlopen("libbad.so", RTLD_LAZY);
20 | if (!handle)
21 | {
22 | printf("can't open %s", dlerror());
23 | return 1;
24 | }
25 | fuzz_func = (int (*)(const uint8_t *data, size_t size))dlsym(handle, "func");
26 | error = dlerror();
27 | if (error != NULL)
28 | {
29 | printf("%s\n", error);
30 | exit(EXIT_FAILURE);
31 | }
32 | return 0;
33 | }
34 |
35 | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
36 | {
37 | assert(fuzz_func != NULL);
38 | return fuzz_func(data, size);
39 | }
40 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-dlopen/seeds/good.txt:
--------------------------------------------------------------------------------
1 | good
2 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-linked-library/Makefile:
--------------------------------------------------------------------------------
1 | CC=clang
2 |
3 | .PHONY: all clean test
4 |
5 | all: fuzz.exe
6 |
7 | CFLAGS=-fsanitize=address,fuzzer -fPIC -O0 -ggdb3
8 |
9 | fuzz.exe: main.o libbad1.so libbad2.so
10 | $(CC) $(CFLAGS) -o $@ $< -lbad1 -lbad2 -L.
11 |
12 | libbad1.so: bad1.o
13 | $(CC) -fsanitize=address -shared -o $@ $<
14 |
15 | libbad2.so: bad2.o
16 | $(CC) -fsanitize=address -shared -o $@ $<
17 |
18 | test: all
19 | LD_LIBRARY_PATH=. ./fuzz.exe
20 |
21 | clean:
22 | rm -rf fuzz.exe *.o *.so *.dll crash-* *.lib *.exp *.pdb
23 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-linked-library/Makefile.windows:
--------------------------------------------------------------------------------
1 | CC=clang
2 |
3 | .PHONY: all clean test
4 |
5 | all: fuzz.exe
6 |
7 | CFLAGS=-g3 -fsanitize=address,fuzzer
8 |
9 | fuzz.exe: main.o bad1.dll bad2.dll
10 | $(CC) $(CFLAGS) main.o -o fuzz.exe -L. -lbad1 -lbad2
11 |
12 | bad1.dll: bad1.o
13 | $(CC) $(CFLAGS) -shared -o bad1.dll bad1.o
14 |
15 | bad2.dll: bad2.o
16 | $(CC) $(CFLAGS) -shared -o bad2.dll bad2.o
17 |
18 |
19 | test: all
20 | LD_LIBRARY_PATH=. ./fuzz.exe
21 |
22 | clean:
23 | rm -f *.dll *.exe *.exp *.pdb *.o *.lib
24 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-linked-library/bad1.h:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation. All rights reserved.
2 | // Licensed under the MIT License.
3 |
4 | #ifndef BAD1_H
5 | #define BAD1_H
6 |
7 | int func1(const uint8_t *data, size_t len);
8 |
9 | #endif
10 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-linked-library/bad2.h:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation. All rights reserved.
2 | // Licensed under the MIT License.
3 |
4 | #ifndef BAD2_H
5 | #define BAD2_H
6 |
7 | int func2(const uint8_t *data, size_t len);
8 |
9 | #endif
10 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-linked-library/main.c:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation. All rights reserved.
2 | // Licensed under the MIT License.
3 |
4 | #include
5 | #include
6 |
7 | #include "bad1.h"
8 | #include "bad2.h"
9 |
10 | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
11 | func1(data, size);
12 | func2(data, size);
13 | return 0;
14 | }
15 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-linked-library/seeds/good.txt:
--------------------------------------------------------------------------------
1 | good
2 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-load-library/Makefile:
--------------------------------------------------------------------------------
1 | CC=clang
2 | CFLAGS=-fsanitize=address,fuzzer -O0 -g3
3 |
4 | .PHONY: all clean
5 |
6 | all: fuzz.exe
7 |
8 | fuzz.exe: main.o bad.dll
9 | $(CC) $(CFLAGS) -o $@ $<
10 |
11 | bad.dll: bad.o
12 | $(CC) $(CFLAGS) -shared -o $@ $<
13 |
14 | clean:
15 | rm -rf fuzz.exe *.o *.dll crash-* *.pdb *.exp *.lib
16 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-load-library/bad.h:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation. All rights reserved.
2 | // Licensed under the MIT License.
3 |
4 | #ifndef BAD_H
5 | #define BAD_H
6 |
7 | int func(const uint8_t *data, size_t len);
8 |
9 | #endif
10 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-load-library/main.c:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation. All rights reserved.
2 | // Licensed under the MIT License.
3 |
4 | #include
5 | #include
6 | #include
7 | #include
8 | #include
9 |
10 | int (*fuzz_func)(const uint8_t *data, size_t size);
11 |
12 | int LLVMFuzzerInitialize(int *argc, char ***argv)
13 | {
14 | HINSTANCE handle;
15 |
16 | printf("initialize\n");
17 |
18 | handle = LoadLibrary(TEXT("bad.dll"));
19 | if (!handle)
20 | {
21 | printf("can't open dll\n");
22 | exit(EXIT_FAILURE);
23 | }
24 |
25 | fuzz_func = (int (*)(const uint8_t *data, size_t size))GetProcAddress(handle, "func");
26 | if (fuzz_func == NULL) {
27 | printf("unable to load fuzz func\n");
28 | exit(EXIT_FAILURE);
29 | }
30 |
31 | return 0;
32 | }
33 |
34 | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
35 | {
36 | assert(fuzz_func != NULL);
37 | return fuzz_func(data, size);
38 | }
39 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-load-library/seeds/good.txt:
--------------------------------------------------------------------------------
1 | good
2 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-regression/Makefile:
--------------------------------------------------------------------------------
1 | CC=clang
2 |
3 | CFLAGS=-g3 -fsanitize=fuzzer -fsanitize=address
4 |
5 | all: broken.exe fixed.exe
6 |
7 | broken.exe: simple.c
8 | $(CC) $(CFLAGS) simple.c -o broken.exe
9 |
10 | fixed.exe: simple.c
11 | $(CC) $(CFLAGS) simple.c -o fixed.exe -DFIXED
12 |
13 | .PHONY: clean
14 |
15 | clean:
16 | rm -f broken.exe fixed.exe
17 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-regression/seeds/good.txt:
--------------------------------------------------------------------------------
1 | good
2 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-regression/simple.c:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation. All rights reserved.
2 | // Licensed under the MIT License.
3 |
4 | #include
5 | #include
6 |
7 |
8 | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t len) {
9 | int cnt = 0;
10 |
11 | if (len < 3) {
12 | return 0;
13 | }
14 |
15 | if (data[0] == 'x') { cnt++; }
16 | if (data[1] == 'y') { cnt++; }
17 | if (data[2] == 'z') { cnt++; }
18 |
19 | #ifndef FIXED
20 | if (cnt >= 3) {
21 | abort();
22 | }
23 | #endif
24 |
25 | return 0;
26 | }
27 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-rust/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "rust_fuzz_example"
3 | version = "0.1.0"
4 | license = "MIT"
5 | authors = [""]
6 | edition = "2021"
7 |
8 | [dependencies]
9 | libc = "0.2.79"
10 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-rust/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: all clean
2 |
3 | all:
4 | rustup install nightly
5 | cargo install cargo-fuzz
6 | cargo +nightly fuzz build --release
7 |
8 | clean:
9 | cargo clean
10 | (cd fuzz; cargo clean)
11 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-rust/README.md:
--------------------------------------------------------------------------------
1 | # Fuzzing Rust in OneFuzz
2 |
3 | OneFuzz can orchastrate fuzzing of Rust using
4 | [cargo-fuzz](https://crates.io/crates/cargo-fuzz) to build libfuzzer based
5 | fuzzing targets.
6 |
7 | Included in this directory is a simple example to demonstrate rust based
8 | fuzzing. For more examples, check out the libfuzzer examples in the [rust
9 | fuzzing trophy case](https://github.com/rust-fuzz/trophy-case).
10 |
11 | ## Example command
12 |
13 | ```bash
14 | # ensure the latest cargo-fuzz is installed
15 | cargo install cargo-fuzz --force
16 | # build your fuzzing targets
17 | cargo +nightly fuzz build --release
18 | # Launch a fuzz job for each of the targets provided by cargo-fuzz
19 | for target in $(cargo fuzz list); do
20 | onefuzz template libfuzzer basic $PROJECT_NAME $target $BUILD_NUMBER $POOL_NAME --target_exe ./fuzz/target/x86_64-unknown-linux-gnu/release/$target --inputs ./fuzz/corpus/$target
21 | done
22 | ```
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-rust/fuzz/.gitignore:
--------------------------------------------------------------------------------
1 | target
2 | corpus
3 | artifacts
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-rust/fuzz/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "rust-fuzz"
3 | version = "0.0.0"
4 | authors = ["Automatically generated"]
5 | publish = false
6 | edition = "2021"
7 |
8 | [package.metadata]
9 | cargo-fuzz = true
10 |
11 | [dependencies]
12 | libfuzzer-sys = "0.3"
13 |
14 | [dependencies.rust_fuzz_example]
15 | path = ".."
16 |
17 | # Prevent this from interfering with workspaces
18 | [workspace]
19 | members = ["."]
20 |
21 | [[bin]]
22 | name = "fuzz_target_1"
23 | path = "fuzz_targets/fuzz_target_1.rs"
24 | test = false
25 | doc = false
26 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-rust/fuzz/fuzz_targets/fuzz_target_1.rs:
--------------------------------------------------------------------------------
1 | #![no_main]
2 | use libfuzzer_sys::fuzz_target;
3 | use rust_fuzz_example;
4 |
5 | fuzz_target!(|data: &[u8]| {
6 | rust_fuzz_example::check(data);
7 | });
8 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer-rust/src/lib.rs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation. All rights reserved.
2 | // Licensed under the MIT License.
3 |
4 | extern crate libc;
5 |
6 | pub fn check(data: &[u8]) -> bool {
7 | if data.len() < 4 {
8 | return false;
9 | }
10 |
11 | if data[0] != 0x41 {
12 | return false;
13 | }
14 |
15 | if data[1] != 0x42 {
16 | return false;
17 | }
18 |
19 | if data[2] != 0x43 {
20 | return false;
21 | }
22 |
23 | match data[3] {
24 | // OOB access
25 | 4 => data[100000] == 0xFF,
26 | // null ptr
27 | 5 => unsafe {
28 | let ptr: *mut u8 = 0 as *mut u8;
29 | *ptr = 10;
30 | true
31 | },
32 | _ => false,
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer/Makefile:
--------------------------------------------------------------------------------
1 | ifeq ($(OS),Windows_NT)
2 | CFLAGS=/O2 /Zi /fsanitize=fuzzer /fsanitize=address
3 | CC=cl
4 | else
5 | CFLAGS=-g3 -fsanitize=fuzzer -fsanitize=address
6 | CC=clang
7 | endif
8 |
9 | all: fuzz.exe
10 |
11 | fuzz.exe: simple.c
12 | $(CC) $(CFLAGS) $< -o $@
13 |
14 | test: fuzz.exe
15 | ./fuzz.exe -runs=100 seeds
16 |
17 | .PHONY: clean
18 |
19 | clean:
20 | rm -f fuzz.exe
21 |
--------------------------------------------------------------------------------
/src/integration-tests/libfuzzer/seeds/good.txt:
--------------------------------------------------------------------------------
1 | good
2 |
--------------------------------------------------------------------------------
/src/integration-tests/trivial-crash/Makefile:
--------------------------------------------------------------------------------
1 | ifeq ($(OS),Windows_NT)
2 | CLEANCMD=del fuzz.exe, fuzz.exp, fuzz.lib, fuzz.pdb, fuzz-afl.exe, afl-llvm-rt.o.o, fuzz.o, main.o
3 | else
4 | CLEANCMD=rm -rf fuzz.exe fuzz.exp fuzz.lib fuzz.pdb fuzz-afl.exe afl-llvm-rt.o.o fuzz.o main.o
5 | endif
6 |
7 | CC=clang
8 | OBJS=fuzz.c
9 | CFLAGS=-O3 -funroll-loops -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign
10 |
11 | all: fuzz.exe
12 |
13 | fuzz.exe: $(OBJS)
14 | $(CC) -g3 $(CFLAGS) $(OBJS) -o $@
15 |
16 | .PHONY: clean
17 |
18 | clean:
19 | $(CLEANCMD)
20 |
--------------------------------------------------------------------------------
/src/integration-tests/trivial-crash/seeds/fail.txt:
--------------------------------------------------------------------------------
1 | hello
--------------------------------------------------------------------------------
/src/integration-tests/trivial-crash/seeds/pass.txt:
--------------------------------------------------------------------------------
1 | racecar
--------------------------------------------------------------------------------
/src/proxy-manager/.gitignore:
--------------------------------------------------------------------------------
1 | target
2 |
--------------------------------------------------------------------------------
/src/proxy-manager/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "onefuzz-proxy-manager"
3 | version = "0.0.1"
4 | authors = ["fuzzing@microsoft.com"]
5 | edition = "2021"
6 | publish = false
7 | license = "MIT"
8 |
9 | [dependencies]
10 | anyhow = "1.0"
11 | clap = { version = "4", features = ["cargo", "string"] }
12 | env_logger = "0.10"
13 | futures = "0.3"
14 | reqwest = { version = "0.11", features = [
15 | "json",
16 | "stream",
17 | "native-tls-vendored",
18 | ], default-features = false }
19 | serde = { version = "1.0", features = ["derive"] }
20 | serde_json = "1.0"
21 | storage-queue = { path = "../agent/storage-queue" }
22 | thiserror = "1.0"
23 | tokio = { version = "1.32", features = [
24 | "macros",
25 | "rt-multi-thread",
26 | "fs",
27 | "process",
28 | ] }
29 | url = { version = "2.4", features = ["serde"] }
30 | reqwest-retry = { path = "../agent/reqwest-retry" }
31 | onefuzz-telemetry = { path = "../agent/onefuzz-telemetry" }
32 | uuid = { version = "1.4", features = ["serde"] }
33 | log = "0.4"
34 | tempfile = "3.8.0"
35 |
--------------------------------------------------------------------------------
/src/proxy-manager/data/licenses.json:
--------------------------------------------------------------------------------
1 | []
--------------------------------------------------------------------------------
/src/pytypes/.flake8:
--------------------------------------------------------------------------------
1 | [flake8]
2 | # Recommend matching the black line length (default 88),
3 | # rather than using the flake8 default of 79:
4 | max-line-length = 88
5 | extend-ignore =
6 | # See https://github.com/PyCQA/pycodestyle/issues/373
7 | E203,
8 |
--------------------------------------------------------------------------------
/src/pytypes/MANIFEST.in:
--------------------------------------------------------------------------------
1 | LICENSE
2 | include *.txt
3 | include *.md
4 |
--------------------------------------------------------------------------------
/src/pytypes/mypy.ini:
--------------------------------------------------------------------------------
1 | [mypy]
2 | plugins = pydantic.mypy
3 | disallow_untyped_defs = True
4 | follow_imports = silent
5 | check_untyped_defs = True
6 | ; disallow_any_generics = True
7 | no_implicit_reexport = True
8 | strict_optional = True
9 | warn_redundant_casts = True
10 | warn_return_any = True
11 | warn_unused_configs = True
12 | warn_unused_ignores = True
13 |
14 | [pydantic-mypy]
15 | init_forbid_extra = True
16 | init_typed = True
17 | warn_required_dynamic_aliases = True
18 | warn_untyped_fields = True
19 |
20 | [mypy-azure.*]
21 | ignore_missing_imports = True
22 |
23 | [mypy-msrestazure.*]
24 | ignore_missing_imports = True
25 |
26 | [mypy-msrest.*]
27 | ignore_missing_imports = True
28 |
29 | [mypy-opencensus.*]
30 | ignore_missing_imports = True
31 |
32 | [mypy-memoization.*]
33 | ignore_missing_imports = True
34 |
--------------------------------------------------------------------------------
/src/pytypes/onefuzztypes/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/microsoft/onefuzz/82fffbe8adc047f055cb4fddcae17e9e1244423e/src/pytypes/onefuzztypes/__init__.py
--------------------------------------------------------------------------------
/src/pytypes/onefuzztypes/__version__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | #
3 | # Copyright (c) Microsoft Corporation.
4 | # Licensed under the MIT License.
5 |
6 | __version__ = "0.0.0"
7 |
--------------------------------------------------------------------------------
/src/pytypes/onefuzztypes/consts.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | #
3 | # Copyright (c) Microsoft Corporation.
4 | # Licensed under the MIT License.
5 |
6 | ONE_HOUR = 1
7 | SEVEN_DAYS = 7 * 24
8 |
--------------------------------------------------------------------------------
/src/pytypes/onefuzztypes/primitives.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | #
3 | # Copyright (c) Microsoft Corporation.
4 | # Licensed under the MIT License.
5 |
6 | from typing import Any, Dict, NewType
7 |
8 | from onefuzztypes.validators import check_alnum, check_alnum_dash
9 |
10 | Extension = Dict[str, Any]
11 | Directory = NewType("Directory", str)
12 | File = NewType("File", str)
13 |
14 |
15 | class Region(str):
16 | def __new__(cls, value: str) -> "Region":
17 | check_alnum(value)
18 | obj = super().__new__(cls, value)
19 | return obj
20 |
21 |
22 | class Container(str):
23 | def __new__(cls, value: str) -> "Container":
24 | check_alnum_dash(value)
25 | obj = super().__new__(cls, value)
26 | return obj
27 |
28 |
29 | class PoolName(str):
30 | def __new__(cls, value: str) -> "PoolName":
31 | obj = super().__new__(cls, value)
32 | return obj
33 |
--------------------------------------------------------------------------------
/src/pytypes/onefuzztypes/py.typed:
--------------------------------------------------------------------------------
1 | # Marker file for PEP 561.
2 |
--------------------------------------------------------------------------------
/src/pytypes/requirements-dev.txt:
--------------------------------------------------------------------------------
1 | setuptools
2 | wheel
--------------------------------------------------------------------------------
/src/pytypes/requirements-lint.txt:
--------------------------------------------------------------------------------
1 | flake8
2 | mypy==0.910
3 | pytest
4 | isort
5 | pydantic~=1.8.2 --no-binary=pydantic
6 | vulture
7 | click==8.0.4
8 | black
9 | bandit
10 |
--------------------------------------------------------------------------------
/src/pytypes/requirements.txt:
--------------------------------------------------------------------------------
1 | pydantic==1.8.2 --no-binary=pydantic
2 |
--------------------------------------------------------------------------------
/src/pytypes/tests/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/microsoft/onefuzz/82fffbe8adc047f055cb4fddcae17e9e1244423e/src/pytypes/tests/__init__.py
--------------------------------------------------------------------------------
/src/pytypes/tests/test_alnum_filter.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | #
3 | # Copyright (c) Microsoft Corporation.
4 | # Licensed under the MIT License.
5 |
6 | import unittest
7 |
8 | from onefuzztypes.validators import check_alnum_dash
9 |
10 |
11 | class TestFilter(unittest.TestCase):
12 | def test_filter(self) -> None:
13 | check_alnum_dash("abc-")
14 | check_alnum_dash("-abc12A")
15 |
16 | invalid = [".", "abc'", "abc;", "abc\r", "abc\n", "abc;", "abc\x00"]
17 | for value in invalid:
18 | with self.assertRaises(ValueError):
19 | check_alnum_dash(value)
20 |
21 |
22 | if __name__ == "__main__":
23 | unittest.main()
24 |
--------------------------------------------------------------------------------
/src/pytypes/tests/test_instance_config_update.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | #
3 | # Copyright (c) Microsoft Corporation.
4 | # Licensed under the MIT License.
5 |
6 | from uuid import UUID
7 | import unittest
8 |
9 | from onefuzztypes.models import InstanceConfig
10 |
11 |
12 | class TestInstanceConfig(unittest.TestCase):
13 | def test_with_admins(self) -> None:
14 | no_admins = InstanceConfig(admins=None, allowed_aad_tenants=[UUID(int=0)])
15 | with_admins = InstanceConfig(
16 | admins=[UUID(int=0)], allowed_aad_tenants=[UUID(int=0)]
17 | )
18 | with_admins_2 = InstanceConfig(
19 | admins=[UUID(int=1)], allowed_aad_tenants=[UUID(int=0)]
20 | )
21 |
22 | no_admins.update(with_admins)
23 | self.assertEqual(no_admins.admins, None)
24 |
25 | with_admins.update(with_admins_2)
26 | self.assertEqual(with_admins.admins, with_admins_2.admins)
27 |
28 | def test_with_empty_admins(self) -> None:
29 | with self.assertRaises(ValueError):
30 | InstanceConfig.parse_obj({"admins": []})
31 |
32 |
33 | if __name__ == "__main__":
34 | unittest.main()
35 |
--------------------------------------------------------------------------------
/src/runtime-tools/linux/.dockerignore:
--------------------------------------------------------------------------------
1 | Dockerfile
--------------------------------------------------------------------------------
/src/runtime-tools/linux/.gitignore:
--------------------------------------------------------------------------------
1 | azcopy
2 | execution-engine
3 |
--------------------------------------------------------------------------------
/src/runtime-tools/linux/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright (c) Microsoft Corporation.
2 | # Licensed under the MIT License.
3 |
4 | FROM mcr.microsoft.com/oss/mirror/docker.io/library/ubuntu:20.04
5 | # creating a dummy sudo command to allow the setup script to run
6 | RUN echo "#!/bin/bash\n\$@" > /usr/bin/sudo && chmod +x /usr/bin/sudo
7 | RUN mkdir /onefuzz
8 | COPY . /onefuzz
9 | RUN chmod +x /onefuzz/setup.sh
10 | RUN export DEBIAN_FRONTEND=noninteractive && export DOCKER_BUILD=1 && cd /onefuzz && ./setup.sh fuzz
11 | RUN export DEBIAN_FRONTEND=noninteractive \
12 | && apt-get -y install --no-install-recommends \
13 | libunwind-dev build-essential libssl-dev \
14 | pkg-config lldb ca-certificates
15 | RUN mkdir -p /onefuzz/tools/linux \
16 | && mv /onefuzz/downloaded/* /onefuzz/tools/linux
17 | RUN chmod +x /onefuzz/tools/linux/run.sh
18 | RUN chmod +x /onefuzz/tools/linux/onefuzz-agent
19 | RUN chmod +x /onefuzz/tools/linux/onefuzz-task
20 | WORKDIR /onefuzz
21 |
22 | ENTRYPOINT ["./tools/linux/run.sh"]
--------------------------------------------------------------------------------
/src/runtime-tools/linux/onefuzz.initd:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 |
3 | ### BEGIN INIT INFO
4 | # Provides: onefuzz
5 | # Required-Start: $remote_fs $syslog
6 | # Required-Stop: $remote_fs $syslog
7 | # Default-Start: 2 3 4 5
8 | # Default-Stop:
9 | # Short-Description: OneFuzz
10 | ### END INIT INFO
11 |
12 | set -e
13 |
14 | # /etc/init.d/onefuzz: start and stop the OneFuzz agent
15 |
16 | . /lib/lsb/init-functions
17 |
18 | export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
19 |
20 | case "$1" in
21 | start)
22 | nohup /onefuzz/tools/linux/run.sh > /onefuzz/logs/onefuzz.initd.stdout 2>/onefuzz/logs/onefuzz.initd.stderr
23 | ;;
24 |
25 | stop)
26 | echo "unable to $1"
27 | ;;
28 |
29 | reload|force-reload)
30 | echo "unable to $1"
31 | ;;
32 |
33 | restart)
34 | echo "unable to $1"
35 | ;;
36 |
37 | try-restart)
38 | echo "unable to $1"
39 | ;;
40 |
41 | status)
42 | echo "unable to $1"
43 | ;;
44 |
45 | *)
46 | log_action_msg "Usage: /etc/init.d/onefuzz start" || true
47 | exit 1
48 | esac
49 |
50 | exit 0
51 |
--------------------------------------------------------------------------------
/src/runtime-tools/linux/onefuzz.service:
--------------------------------------------------------------------------------
1 | # onefuzz systemd startup script
2 | [Unit]
3 | Description=onefuzz
4 |
5 | [Service]
6 | Type=simple
7 | ExecStart=/bin/bash /onefuzz/tools/linux/run.sh
8 | Restart=always
9 | RestartSec=30
10 |
11 | [Install]
12 | WantedBy=default.target
--------------------------------------------------------------------------------
/src/runtime-tools/linux/set-env.sh:
--------------------------------------------------------------------------------
1 | # Copyright (c) Microsoft Corporation.
2 | # Licensed under the MIT License.
3 | export DOTNET_ROOT=/onefuzz/tools/dotnet
4 | export DOTNET_CLI_HOME="$DOTNET_ROOT"
5 | export LLVM_SYMBOLIZER_PATH=/onefuzz/bin/llvm-symbolizer
6 | export RUST_LOG = "info"
--------------------------------------------------------------------------------
/src/runtime-tools/win64/.dockerignore:
--------------------------------------------------------------------------------
1 | Dockerfile
--------------------------------------------------------------------------------
/src/runtime-tools/win64/.gitignore:
--------------------------------------------------------------------------------
1 | azcopy.exe
2 | execution-engine.exe
3 |
--------------------------------------------------------------------------------
/src/runtime-tools/win64/Dockerfile:
--------------------------------------------------------------------------------
1 | # escape=`
2 | # Copyright (c) Microsoft Corporation.
3 | # Licensed under the MIT License.
4 |
5 | ARG BASE_IMAGE=mcr.microsoft.com/windows:ltsc2019
6 | FROM ${BASE_IMAGE}
7 |
8 | SHELL ["powershell.exe", "-ExecutionPolicy", "Unrestricted", "-Command"]
9 |
10 | RUN dir
11 |
12 | COPY . c:\onefuzz\tools\win64\
13 | COPY . c:\downloads\
14 | RUN New-LocalUser -Name 'onefuzz' -Description 'onefuzz account' -NoPassword
15 | RUN cd c:\downloads; & .\setup.ps1 -docker
16 |
17 | WORKDIR "c:\onefuzz"
18 |
19 | ENTRYPOINT & .\onefuzz-run.ps1 -docker
--------------------------------------------------------------------------------
/src/runtime-tools/win64/onefuzz-silent-exit.reg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/microsoft/onefuzz/82fffbe8adc047f055cb4fddcae17e9e1244423e/src/runtime-tools/win64/onefuzz-silent-exit.reg
--------------------------------------------------------------------------------
/src/runtime-tools/win64/set-env.ps1:
--------------------------------------------------------------------------------
1 | # Copyright (c) Microsoft Corporation.
2 | # Licensed under the MIT License.
3 |
4 | $env:Path += ";C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\;C:\onefuzz\win64;C:\onefuzz\tools\win64;C:\onefuzz\tools\win64\radamsa;$env:ProgramFiles\LLVM\bin"
5 | $env:LLVM_SYMBOLIZER_PATH = "C:\Program Files\LLVM\bin\llvm-symbolizer.exe"
6 | $env:RUST_LOG = "info"
7 |
--------------------------------------------------------------------------------
/src/utils/README.md:
--------------------------------------------------------------------------------
1 | # lint.sh
2 |
3 | Before you run:
4 |
5 | Install [direnv](https://direnv.net/) and [hook it into your shell](https://direnv.net/docs/hook.html)
6 |
7 | Restart your shell to apply direnv hook.
8 |
9 | ## From inside `src/cli` and run following shell commands
10 |
11 | - `echo "layout python3" >> .envrc`
12 | - `direnv allow`
13 | - `pip install -e ../pytypes`
14 | - `pip install -e .`
15 |
16 |
17 | ## From inside `src/pytypes` and run following shell commands
18 | - `echo "layout python3" >> .envrc`
19 | - `direnv allow`
20 | - `pip install -e .`
21 |
22 |
23 | ## From inside `src/api-service` and run following shell commands
24 | - `echo "layout python3" >> .envrc`
25 | - `direnv allow`
26 | - `pip install -e ../pytypes`
27 | - `pip install -r requirements-dev.txt`
28 | - `cd \_\_app\_\_; pip install -r requirements.txt`
29 |
30 | Now your environment is setup and you are ready to run `bash lint.sh` to reformat your code and make OneFuzz CI linter happy.
--------------------------------------------------------------------------------
/src/utils/add-corpus-storage-accounts/requirements-lint.txt:
--------------------------------------------------------------------------------
1 | flake8
2 | mypy==0.910
3 | pytest
4 | isort
5 | vulture
6 | click==8.0.4
7 | black
8 |
--------------------------------------------------------------------------------
/src/utils/add-corpus-storage-accounts/requirements.txt:
--------------------------------------------------------------------------------
1 | azure-mgmt-storage~=19.0.0
2 | azure-cli-core==2.50.0
3 | azure-mgmt-eventgrid==3.0.0rc9
4 |
--------------------------------------------------------------------------------
/src/utils/ado-testing/README.md:
--------------------------------------------------------------------------------
1 | # ADO integration test utility
2 |
3 | This utility automates querying an ADO instance to verify the number of work items are as expected.
--------------------------------------------------------------------------------
/src/utils/ado-testing/check-notifications.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | #
3 | # Copyright (c) Microsoft Corporation.
4 | # Licensed under the MIT License.
5 |
6 | import json
7 | from subprocess import check_call
8 |
9 | from onefuzz.api import Onefuzz
10 |
11 |
12 | def main() -> None:
13 | of = Onefuzz()
14 | containers = [x.name for x in of.containers.list()]
15 | for entry in of.notifications.list():
16 | container = entry.container
17 | if container not in containers:
18 | continue
19 | files = of.containers.files.list(container).files
20 | assert len(files), "missing files in report container: %s" % container
21 | assert files[0].endswith(".json"), "not .json extension: %s" % files[0]
22 | data = json.loads(of.containers.files.get(container, files[0]))
23 | print("checking", data["task_id"])
24 | check_call(["python", "check-ado.py", "--title", data["task_id"]])
25 |
26 |
27 | if __name__ == "__main__":
28 | main()
29 |
--------------------------------------------------------------------------------
/src/utils/ado-testing/mypy.ini:
--------------------------------------------------------------------------------
1 | [mypy]
2 | disallow_untyped_defs = True
3 | warn_return_any = True
4 | warn_unused_configs = True
5 | warn_unused_ignores = True
6 |
7 | [mypy-signalrcore.*]
8 | ignore_missing_imports = True
9 |
10 | [mypy-asciimatics.*]
11 | ignore_missing_imports = True
12 |
13 | [mypy-msal.*]
14 | ignore_missing_imports = True
15 |
16 | [mypy-jmespath.*]
17 | ignore_missing_imports = True
18 |
19 | [mypy-setuptools.*]
20 | ignore_missing_imports = True
21 |
22 | [mypy-azure.*]
23 | ignore_missing_imports = True
24 |
25 | [mypy-semver.*]
26 | ignore_missing_imports = True
27 |
28 | [mypy-msrest.*]
29 | ignore_missing_imports = True
30 |
31 | [mypy-msrestazure.tools]
32 | ignore_missing_imports = True
33 |
--------------------------------------------------------------------------------
/src/utils/ado-testing/requirements.txt:
--------------------------------------------------------------------------------
1 | azure-devops==6.0.0b2
--------------------------------------------------------------------------------
/src/utils/check-pr/.flake8:
--------------------------------------------------------------------------------
1 | [flake8]
2 | ignore = E203, E266, E501, W503
3 | max-line-length = 80
4 | max-complexity = 18
5 | select = B,C,E,F,W,T4,B9
6 |
--------------------------------------------------------------------------------
/src/utils/check-pr/README.md:
--------------------------------------------------------------------------------
1 | # PR integration test tool
2 |
3 | ## Requirements
4 |
5 | * Python >= 3.7, and dependencies (see `requirements.txt`)
6 | * [az-cli](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli).
7 | * [azcopy](https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10)
8 | * [azure-functions-core-tools](https://docs.microsoft.com/en-us/azure/azure-functions/functions-run-local?tabs=v4%2Clinux%2Ccsharp%2Cportal%2Cbash#install-the-azure-functions-core-tools) (ver. 4.x required)
9 |
10 | ## Setup
11 |
12 | 1. In GitHub, generate a personal access token (PAT) with the `public_repo` scope.
13 | You may need to enable SSO for the token, depending on the org that your OneFuzz fork belongs to.
14 | 1. Set `GITHUB_ISSUE_TOKEN` equal to the above PAT in your shell session.
15 | [`direnv`](https://direnv.net/) can help here.
16 | 1. Create and activate a virtualenv, e.g. `python -m venv venv` followed by `. ./venv/bin/activate` (e.g. on Linux).
17 | 1. Install dependencies with `pip install -r requirements.txt`
18 |
19 | You can now invoke `check-pr.py`.
20 | See `./check-pr.py -h` for available commands.
21 |
--------------------------------------------------------------------------------
/src/utils/check-pr/__pycache__/cleanup_ad.cpython-38.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/microsoft/onefuzz/82fffbe8adc047f055cb4fddcae17e9e1244423e/src/utils/check-pr/__pycache__/cleanup_ad.cpython-38.pyc
--------------------------------------------------------------------------------
/src/utils/check-pr/mypy.ini:
--------------------------------------------------------------------------------
1 | [mypy]
2 | disallow_untyped_defs = True
3 | follow_imports = silent
4 | check_untyped_defs = True
5 | no_implicit_reexport = True
6 | strict_optional = True
7 | warn_redundant_casts = True
8 | warn_return_any = True
9 | warn_unused_configs = True
10 | warn_unused_ignores = True
11 | ignore_missing_imports = True
--------------------------------------------------------------------------------
/src/utils/check-pr/requirements-lint.txt:
--------------------------------------------------------------------------------
1 | flake8
2 | mypy==0.910
3 | pytest
4 | isort
5 | vulture
6 | click==8.0.4
7 | black
8 | bandit
9 | types-requests
10 | types-six
11 |
--------------------------------------------------------------------------------
/src/utils/check-pr/requirements.txt:
--------------------------------------------------------------------------------
1 | azure-common~=1.1.28
2 | azure-identity==1.14.0
3 | PyGithub==1.56
4 | azure-cli-core==2.50.0
5 | azure-cli==2.50.0
6 | azure-core==1.28.0
7 | msgraph-core==0.2.2
--------------------------------------------------------------------------------
/src/utils/telemetry-stats/.gitignore:
--------------------------------------------------------------------------------
1 | target
2 |
--------------------------------------------------------------------------------
/src/utils/telemetry-stats/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "onefuzz-telemetry-stats"
3 | version = "0.1.0"
4 | authors = [""]
5 | edition = "2021"
6 | license = "MIT"
7 |
8 | [dependencies]
9 | serde = { version = "1.0", features = ["derive"] }
10 | serde_json = "1.0"
11 | anyhow = "1.0"
12 | chrono = { version = "0.4", default-features = false, features = [
13 | "clock",
14 | "std",
15 | "serde",
16 | ] }
17 |
--------------------------------------------------------------------------------
/src/utils/telemetry-stats/README.md:
--------------------------------------------------------------------------------
1 | # OneFuzz Telemetry Tool
2 |
3 | CLI that parses a local copy of [exported telemetry](https://docs.microsoft.com/en-us/azure/azure-monitor/app/export-telemetry#setup/). Use [azcopy](https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10) to copy the telemetry locally.
4 |
5 | ## Usage
6 |
7 | ```bash
8 | mkdir -p stats
9 | azcopy sync 'INSTANCE_SAS_URL' stats
10 | find stats -type f | onefuzz-telemetry-stats
11 | ```
12 |
--------------------------------------------------------------------------------