-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
## Summary of the Pull Request This PR sets up a OneFuzz pipeline on Azure DevOps for our repo. ## Detailed Description of the Pull Request / Additional comments - fuzz.yml: defines the stages and pipeline for ADO - build-console-fuzzing: builds the solution in the Fuzzing configuration - build-console-steps: omits a few tasks that are unnecessary for this build configuration - sln and vcxproj changes: the solution wasn't building in CI. This makes sure that's fixed. - fuzzing.md: a short guide on how to get OneFuzz set up and add a new fuzzer ## References #7638
- Loading branch information
1 parent
4e46c85
commit 68ab807
Showing
14 changed files
with
293 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -39,6 +39,7 @@ MSVC | |
muxc | ||
netcore | ||
osgvsowi | ||
Onefuzz | ||
PFILETIME | ||
pgc | ||
pgo | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -17,6 +17,7 @@ mdtauk | |
cppreference | ||
gfycat | ||
Guake | ||
azurewebsites | ||
askubuntu | ||
dostips | ||
viewtopic | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
{ | ||
"config": { | ||
"base_url": "https://dev.azure.com/microsoft/os", | ||
"auth_token": "INSERT_PAT_HERE", | ||
"project": "OpenConsole", | ||
"type": "Bug", | ||
"unique_fields": [ | ||
"Microsoft.VSTS.Common.CustomString03" | ||
], | ||
"comment": "<a href='{{ input_url }}'>This input</a> caused the <a href='{{ target_url }}'>fuzz target</a> {{ report.executable }} to crash. The faulting input SHA256 hash is {{ report.input_sha256 }} <br>", | ||
"ado_fields": { | ||
"System.AssignedTo": "INSERT_ASSIGNED_HERE", | ||
"System.Tags": "OneFuzz", | ||
"System.AreaPath": "OS\\WDX\\DXP\\WinDev\\Terminal", | ||
"OSG.Watson.Telemetry14DaysInMarketHits": "1", | ||
"System.IterationPath": "OS\\Future", | ||
"Microsoft.VSTS.Common.CustomString01": "{{ job.project }}", | ||
"Microsoft.VSTS.Common.CustomString02": "{{ job.name }}", | ||
"Microsoft.VSTS.Common.CustomString03": "{{ report.minimized_stack_function_lines_sha256}}", | ||
"System.Title": "[Fuzzing] - {{ report.crash_site }}", | ||
"Microsoft.VSTS.CMMI.HowFound": "Security: Fuzzing", | ||
"OSG.SecurityImpact": "Security Triage Requested", | ||
"OSG.SDLSeverity": "Moderate", | ||
"Microsoft.VSTS.TCM.ReproSteps": "The fuzzing target ({{ job.project }} {{ job.name }} {{ job.build }}) reported a crash. <br> {%if report.asan_log %} AddressSanitizer reported the following details: <br> <pre> {{ report.asan_log }} </pre> {% else %} Faulting call stack: <ul> {% for item in report.call_stack %} <li> {{ item }} </li> {% endfor %} </ul> <br> {% endif %} You can reproduce the issue remotely in OneFuzz by running the following command: <pre> {{ repro_cmd }} </pre>" | ||
}, | ||
"on_duplicate": { | ||
"set_state": {"Resolved": "Active", "Closed": "Active"}, | ||
"ado_fields": { | ||
"System.IterationPath": "OS\\Future" | ||
}, | ||
"increment": ["OSG.Watson.Telemetry14DaysInMarketHits"] | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
trigger: | ||
batch: true | ||
branches: | ||
include: | ||
- main | ||
paths: | ||
exclude: | ||
- docs/* | ||
- samples/* | ||
- tools/* | ||
|
||
pr: none | ||
|
||
# 0.0.yyMM.dd## | ||
# 0.0.1904.0900 | ||
name: 0.0.$(Date:yyMM).$(Date:dd)$(Rev:rr) | ||
|
||
stages: | ||
- stage: Build_Fuzz_Config | ||
displayName: Build Fuzzers | ||
dependsOn: [] | ||
condition: succeeded() | ||
jobs: | ||
- template: ./templates/build-console-fuzzing.yml | ||
parameters: | ||
platform: x64 | ||
- stage: OneFuzz | ||
displayName: Submit OneFuzz Job | ||
dependsOn: ['Build_Fuzz_Config'] | ||
condition: succeeded() | ||
pool: | ||
vmImage: 'ubuntu-latest' | ||
variables: | ||
artifactName: fuzzingBuildOutput | ||
jobs: | ||
- job: | ||
steps: | ||
- task: DownloadBuildArtifacts@0 | ||
inputs: | ||
artifactName: $(artifactName) | ||
downloadPath: $(Build.ArtifactStagingDirectory) | ||
- task: UsePythonVersion@0 | ||
inputs: | ||
versionSpec: '3.x' | ||
addToPath: true | ||
architecture: 'x64' | ||
- bash: | | ||
set -ex | ||
pip -q install onefuzz | ||
onefuzz config --endpoint $(endpoint) --client_id $(client_id) --authority $(authority) --tenant_domain $(tenant_domain) --client_secret $(client_secret) | ||
sed -i s/INSERT_PAT_HERE/$(ado_pat)/ build/Fuzz/notifications-ado.json | ||
sed -i s/INSERT_ASSIGNED_HERE/$(ado_assigned_to)/ build/Fuzz/notifications-ado.json | ||
displayName: Configure OneFuzz | ||
- bash: | | ||
onefuzz template libfuzzer basic --colocate_all_tasks --vm_count 1 --target_exe $target_exe_path --notification_config build/Fuzz/notifications-ado.json OpenConsole $test_name $(Build.SourceVersion) default | ||
displayName: Submit OneFuzz Job | ||
env: | ||
target_exe_path: $(Build.ArtifactStagingDirectory)/$(artifactName)/Fuzzing/x64/test/OpenConsoleFuzzer.exe | ||
test_name: WriteCharsLegacy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,114 @@ | ||
parameters: | ||
configuration: 'Fuzzing' | ||
platform: '' | ||
additionalBuildArguments: '' | ||
|
||
jobs: | ||
- job: Build${{ parameters.platform }}${{ parameters.configuration }} | ||
displayName: Build ${{ parameters.platform }} ${{ parameters.configuration }} | ||
variables: | ||
BuildConfiguration: ${{ parameters.configuration }} | ||
BuildPlatform: ${{ parameters.platform }} | ||
pool: | ||
${{ if eq(variables['System.CollectionUri'], 'https://dev.azure.com/ms/') }}: | ||
name: WinDevPoolOSS-L | ||
${{ if ne(variables['System.CollectionUri'], 'https://dev.azure.com/ms/') }}: | ||
name: WinDevPool-L | ||
demands: ImageOverride -equals WinDevVS16-latest | ||
|
||
steps: | ||
- checkout: self | ||
submodules: true | ||
clean: true | ||
|
||
- task: NuGetToolInstaller@0 | ||
displayName: 'Use NuGet 5.2.0' | ||
inputs: | ||
versionSpec: 5.2.0 | ||
|
||
# In the Microsoft Azure DevOps tenant, NuGetCommand is ambiguous. | ||
# This should be `task: NuGetCommand@2` | ||
- task: 333b11bd-d341-40d9-afcf-b32d5ce6f23b@2 | ||
displayName: Restore NuGet packages for solution | ||
inputs: | ||
command: restore | ||
feedsToUse: config | ||
configPath: NuGet.config | ||
restoreSolution: OpenConsole.sln | ||
restoreDirectory: '$(Build.SourcesDirectory)\packages' | ||
|
||
- task: 333b11bd-d341-40d9-afcf-b32d5ce6f23b@2 | ||
displayName: Restore NuGet packages for extraneous build actions | ||
inputs: | ||
command: restore | ||
feedsToUse: config | ||
configPath: NuGet.config | ||
restoreSolution: build/packages.config | ||
restoreDirectory: '$(Build.SourcesDirectory)\packages' | ||
|
||
# The environment variable VCToolsInstallDir isn't defined on lab machines, so we need to retrieve it ourselves. | ||
- script: | | ||
"%ProgramFiles(x86)%\Microsoft Visual Studio\Installer\vswhere.exe" -Latest -requires Microsoft.Component.MSBuild -property InstallationPath > %TEMP%\vsinstalldir.txt | ||
set /p _VSINSTALLDIR15=<%TEMP%\vsinstalldir.txt | ||
del %TEMP%\vsinstalldir.txt | ||
call "%_VSINSTALLDIR15%\Common7\Tools\VsDevCmd.bat" | ||
echo VCToolsInstallDir = %VCToolsInstallDir% | ||
echo ##vso[task.setvariable variable=VCToolsInstallDir]%VCToolsInstallDir% | ||
displayName: 'Retrieve VC tools directory' | ||
- task: VSBuild@1 | ||
displayName: 'Build solution **\OpenConsole.sln' | ||
inputs: | ||
solution: '**\OpenConsole.sln' | ||
vsVersion: 16.0 | ||
platform: '$(BuildPlatform)' | ||
configuration: '$(BuildConfiguration)' | ||
msbuildArgs: "${{ parameters.additionalBuildArguments }}" | ||
clean: true | ||
maximumCpuCount: true | ||
- task: PowerShell@2 | ||
displayName: 'Rationalize build platform' | ||
inputs: | ||
targetType: inline | ||
script: | | ||
$Arch = "$(BuildPlatform)" | ||
If ($Arch -Eq "x86") { $Arch = "Win32" } | ||
Write-Host "##vso[task.setvariable variable=RationalizedBuildPlatform]${Arch}" | ||
- task: CopyFiles@2 | ||
displayName: 'Copy result logs to Artifacts' | ||
inputs: | ||
Contents: | | ||
**/*.wtl | ||
**/*onBuildMachineResults.xml | ||
${{ parameters.testLogPath }} | ||
TargetFolder: '$(Build.ArtifactStagingDirectory)/$(BuildConfiguration)/$(BuildPlatform)/test' | ||
OverWrite: true | ||
flattenFolders: true | ||
- task: CopyFiles@2 | ||
displayName: 'Copy outputs needed for test runs to Artifacts' | ||
inputs: | ||
Contents: | | ||
$(Build.SourcesDirectory)/bin/$(RationalizedBuildPlatform)/$(BuildConfiguration)/*.exe | ||
$(Build.SourcesDirectory)/bin/$(RationalizedBuildPlatform)/$(BuildConfiguration)/*.dll | ||
$(Build.SourcesDirectory)/bin/$(RationalizedBuildPlatform)/$(BuildConfiguration)/*.xml | ||
**/Microsoft.VCLibs.*.appx | ||
**/TestHostApp/*.exe | ||
**/TestHostApp/*.dll | ||
**/TestHostApp/*.xml | ||
!**/*.pdb | ||
!**/*.ipdb | ||
!**/*.obj | ||
!**/*.pch | ||
TargetFolder: '$(Build.ArtifactStagingDirectory)/$(BuildConfiguration)/$(BuildPlatform)/test' | ||
OverWrite: true | ||
flattenFolders: true | ||
condition: succeeded() | ||
- task: PublishBuildArtifacts@1 | ||
displayName: 'Publish All Build Artifacts' | ||
inputs: | ||
PathtoPublish: '$(Build.ArtifactStagingDirectory)' | ||
ArtifactName: 'fuzzingBuildOutput' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.