diff --git a/projects/nodejs/Dockerfile b/projects/nodejs/Dockerfile new file mode 100644 index 000000000000..e4a3299d685f --- /dev/null +++ b/projects/nodejs/Dockerfile @@ -0,0 +1,25 @@ +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +MAINTAINER david@adalogics.com +RUN apt-get update && apt-get install -y make +RUN apt-get install -y flex bison build-essential +RUN git clone --recursive --depth 1 https://github.com/nodejs/node +WORKDIR $SRC +COPY build.sh $SRC/ + +COPY fuzz_url.cc $SRC/ diff --git a/projects/nodejs/build.sh b/projects/nodejs/build.sh new file mode 100755 index 000000000000..075ebb64e06f --- /dev/null +++ b/projects/nodejs/build.sh @@ -0,0 +1,46 @@ +#!/bin/bash -eu +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +cd $SRC/node + +# Build node +export LDFLAGS="$CXXFLAGS" +export LD="$CXX" +./configure --without-intl --without-node-code-cache --without-dtrace --without-snapshot --without-ssl +make -j$(nproc) + +# Gather static libraries +cd $SRC/node/out +rm -rf ./library_files && mkdir library_files +find . -name "*.a" -exec cp {} ./library_files/ \; + +# Build the fuzzers +CMDS="-D__STDC_FORMAT_MACROS -D__POSIX__ -DNODE_HAVE_I18N_SUPPORT=1 \ + -DNODE_ARCH=\"x64\" -DNODE_PLATFORM=\"linux\" -DNODE_WANT_INTERNALS=1" +INCLUDES="-I../src -I../deps/v8/include -I../deps/uv/include" + +# Compilation +$CXX -o fuzz_url.o $SRC/fuzz_url.cc $CXXFLAGS $CMDS $INCLUDES \ + -pthread -fno-omit-frame-pointer -fno-rtti -fno-exceptions -std=gnu++1y -MMD -c + +# Linking +$CXX -o $OUT/fuzz_url $LIB_FUZZING_ENGINE $CXXFLAGS \ + -rdynamic -Wl,-z,noexecstack,-z,relro,-z,now \ + -pthread -Wl,--start-group \ + ./Release/obj.target/cctest/src/node_snapshot_stub.o \ + ./Release/obj.target/cctest/src/node_code_cache_stub.o \ + fuzz_url.o ./library_files/*.a \ + -latomic -lm -ldl -Wl,--end-group diff --git a/projects/nodejs/fuzz_url.cc b/projects/nodejs/fuzz_url.cc new file mode 100644 index 000000000000..1c07fac3f09a --- /dev/null +++ b/projects/nodejs/fuzz_url.cc @@ -0,0 +1,25 @@ +/* Copyright 2020 Google Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +#include + +#include "node.h" +#include "node_internals.h" +#include "node_url.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + node::url::URL url2((char*)data, size); + + return 0; +} diff --git a/projects/nodejs/project.yaml b/projects/nodejs/project.yaml index 80ca11e74f26..e6173dbab65c 100644 --- a/projects/nodejs/project.yaml +++ b/projects/nodejs/project.yaml @@ -1,2 +1,7 @@ homepage: "https://nodejs.org" primary_contact: "security@nodejs.org" +language: c++ +sanitizers: + - address +auto_ccs: + - "david@adalogics.com"