Continuous Fuzzing #116
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Fuzzing | |
| on: | |
| schedule: | |
| # Run every day at 02:00 UTC | |
| - cron: '0 2 * * *' | |
| workflow_dispatch: | |
| inputs: | |
| fuzz_runtime: | |
| description: 'Fuzzing runtime per target (seconds)' | |
| required: false | |
| default: '3600' | |
| jobs: | |
| continuous-fuzz: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 300 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install dependencies | |
| run: | | |
| set -euo pipefail | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| autoconf automake libtool pkg-config \ | |
| libev-dev libpcre2-dev libc-ares-dev \ | |
| libssl-dev libseccomp-dev clang | |
| for version in 19 18 17 16 15 14; do | |
| if sudo apt-get install -y \ | |
| "clang-${version}" \ | |
| "libclang-rt-${version}-dev" \ | |
| "libfuzzer-${version}-dev"; then | |
| echo "Using clang-${version} for fuzzing" | |
| echo "FUZZ_CC=clang-${version}" >> "$GITHUB_ENV" | |
| FOUND=1 | |
| break | |
| else | |
| echo "clang-${version} toolchain unavailable, trying next version" | |
| fi | |
| done | |
| if [[ ${FOUND:-0} -eq 0 ]]; then | |
| echo "error: unable to install clang with libFuzzer support" >&2 | |
| exit 1 | |
| fi | |
| - name: Generate build system | |
| run: | | |
| AUTOCONF_VERSION=2.71 AUTOMAKE_VERSION=1.16 ./autogen.sh | |
| - name: Configure | |
| run: ./configure --disable-dependency-tracking | |
| - name: Build | |
| run: make -j$(nproc) | |
| - name: Download previous corpus | |
| continue-on-error: true | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: fuzzer-corpus-continuous | |
| path: tests/fuzz/corpus/ | |
| - name: Run extended fuzzing | |
| env: | |
| FUZZ_OPTIONAL: 0 | |
| FUZZ_RUNTIME: ${{ github.event.inputs.fuzz_runtime || '3600' }} | |
| FUZZ_VERBOSE: 0 | |
| FUZZ_PARALLEL: 1 | |
| run: | | |
| set -euo pipefail | |
| if ! tests/fuzz/run_fuzz.sh >fuzz.log 2>&1; then | |
| cat fuzz.log >&2 | |
| exit 1 | |
| fi | |
| - name: Upload crash artifacts | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: fuzzer-crashes-continuous-${{ github.run_number }} | |
| path: | | |
| tests/fuzz/crash-* | |
| tests/fuzz/leak-* | |
| tests/fuzz/timeout-* | |
| tests/fuzz/bin/*.log | |
| if-no-files-found: ignore | |
| - name: Upload corpus | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: fuzzer-corpus-continuous | |
| path: tests/fuzz/corpus/ | |
| retention-days: 90 | |
| - name: Create issue on crash | |
| if: failure() | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| github.rest.issues.create({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| title: `Fuzzer crash detected in continuous fuzzing (run #${context.runNumber})`, | |
| body: `The continuous fuzzing workflow detected a crash. | |
| **Run**: ${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId} | |
| **Artifacts**: Crash artifacts are available in the workflow run. | |
| Please investigate the crash files to identify and fix the issue.`, | |
| labels: ['bug', 'fuzzing', 'security'] | |
| }) |