Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

⚠️ Remove OneFuzz from fuzzing checks #3666

Merged
merged 1 commit into from
Nov 13, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions checks/evaluation/fuzzing.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ import (
"github.com/ossf/scorecard/v4/probes/fuzzedWithGoNative"
"github.com/ossf/scorecard/v4/probes/fuzzedWithJavaJazzerFuzzer"
"github.com/ossf/scorecard/v4/probes/fuzzedWithOSSFuzz"
"github.com/ossf/scorecard/v4/probes/fuzzedWithOneFuzz"
"github.com/ossf/scorecard/v4/probes/fuzzedWithPropertyBasedHaskell"
"github.com/ossf/scorecard/v4/probes/fuzzedWithPropertyBasedJavascript"
"github.com/ossf/scorecard/v4/probes/fuzzedWithPropertyBasedTypescript"
Expand All @@ -47,7 +46,6 @@ func Fuzzing(name string,
fuzzedWithRustCargofuzz.Probe,
fuzzedWithSwiftLibFuzzer.Probe,
fuzzedWithJavaJazzerFuzzer.Probe,
fuzzedWithOneFuzz.Probe,
fuzzedWithOSSFuzz.Probe,
fuzzedWithPropertyBasedHaskell.Probe,
fuzzedWithPropertyBasedJavascript.Probe,
Expand Down
18 changes: 1 addition & 17 deletions checks/evaluation/fuzzing_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,10 +64,6 @@ func TestFuzzing(t *testing.T) {
Probe: "fuzzedWithJavaJazzerFuzzer",
Outcome: finding.OutcomeNegative,
},
{
Probe: "fuzzedWithOneFuzz",
Outcome: finding.OutcomeNegative,
},
{
Probe: "fuzzedWithOSSFuzz",
Outcome: finding.OutcomeNegative,
Expand All @@ -87,7 +83,7 @@ func TestFuzzing(t *testing.T) {
},
result: scut.TestReturn{
Score: checker.MinResultScore,
NumberOfWarn: 13,
NumberOfWarn: 12,
},
},
{
Expand Down Expand Up @@ -125,10 +121,6 @@ func TestFuzzing(t *testing.T) {
Probe: "fuzzedWithJavaJazzerFuzzer",
Outcome: finding.OutcomeNegative,
},
{
Probe: "fuzzedWithOneFuzz",
Outcome: finding.OutcomeNegative,
},
{
Probe: "fuzzedWithOSSFuzz",
Outcome: finding.OutcomeNegative,
Expand Down Expand Up @@ -159,10 +151,6 @@ func TestFuzzing(t *testing.T) {
Probe: "fuzzedWithClusterFuzzLite",
Outcome: finding.OutcomeNegative,
},
{
Probe: "fuzzedWithOneFuzz",
Outcome: finding.OutcomeNegative,
},
{
Probe: "fuzzedWithOSSFuzz",
Outcome: finding.OutcomeNegative,
Expand Down Expand Up @@ -196,10 +184,6 @@ func TestFuzzing(t *testing.T) {
Probe: "fuzzedWithGoNative",
Outcome: finding.OutcomePositive,
},
{
Probe: "fuzzedWithOneFuzz",
Outcome: finding.OutcomeNegative,
},
{
Probe: "fuzzedWithOSSFuzz",
Outcome: finding.OutcomeNegative,
Expand Down
6 changes: 3 additions & 3 deletions checks/fuzzing_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ func TestFuzzing(t *testing.T) {
wantErr: false,
expected: scut.TestReturn{
Error: nil,
NumberOfWarn: 13,
NumberOfWarn: 12,
NumberOfDebug: 0,
NumberOfInfo: 0,
Score: 0,
Expand Down Expand Up @@ -110,7 +110,7 @@ func TestFuzzing(t *testing.T) {
wantFuzzErr: false,
expected: scut.TestReturn{
Error: nil,
NumberOfWarn: 13,
NumberOfWarn: 12,
NumberOfDebug: 0,
NumberOfInfo: 0,
Score: 0,
Expand All @@ -121,7 +121,7 @@ func TestFuzzing(t *testing.T) {
wantFuzzErr: true,
expected: scut.TestReturn{
Error: nil,
NumberOfWarn: 13,
NumberOfWarn: 12,
NumberOfDebug: 0,
NumberOfInfo: 0,
Score: 0,
Expand Down
32 changes: 0 additions & 32 deletions checks/raw/fuzzing.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@ import (
const (
fuzzerOSSFuzz = "OSSFuzz"
fuzzerClusterFuzzLite = "ClusterFuzzLite"
oneFuzz = "OneFuzz"
fuzzerBuiltInGo = "GoBuiltInFuzzer"
fuzzerPropertyBasedHaskell = "HaskellPropertyBasedTesting"
fuzzerPropertyBasedJavaScript = "JavaScriptPropertyBasedTesting"
Expand Down Expand Up @@ -181,21 +180,6 @@ func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) {
)
}

usingOneFuzz, e := checkOneFuzz(c)
if e != nil {
return checker.FuzzingData{}, fmt.Errorf("%w", e)
}
if usingOneFuzz {
fuzzers = append(fuzzers,
checker.Tool{
Name: oneFuzz,
URL: asPointer("https://github.com/microsoft/onefuzz"),
Desc: asPointer("Enables continuous developer-driven fuzzing to proactively harden software prior to release."),
// TODO: File.
},
)
}

usingOSSFuzz, e := checkOSSFuzz(c)
if e != nil {
return checker.FuzzingData{}, fmt.Errorf("%w", e)
Expand Down Expand Up @@ -251,22 +235,6 @@ func checkCFLite(c *checker.CheckRequest) (bool, error) {
return result, nil
}

func checkOneFuzz(c *checker.CheckRequest) (bool, error) {
result := false
e := fileparser.OnMatchingFileContentDo(c.RepoClient, fileparser.PathMatcher{
Pattern: "^\\.onefuzz$",
CaseSensitive: true,
}, func(path string, content []byte, args ...interface{}) (bool, error) {
result = true
return false, nil
}, nil)
if e != nil {
return result, fmt.Errorf("%w", e)
}

return result, nil
}

func checkOSSFuzz(c *checker.CheckRequest) (bool, error) {
if c.OssFuzzRepo == nil {
return false, nil
Expand Down
59 changes: 0 additions & 59 deletions checks/raw/fuzzing_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -103,65 +103,6 @@ func Test_checkOSSFuzz(t *testing.T) {
}
}

// Test_checkOneFuzz is a test function for checkOneFuzz.
func Test_checkOneFuzz(t *testing.T) {
t.Parallel()
//nolint
tests := []struct {
name string
want bool
wantErr bool
fileName []string
}{
{
name: "Test_checkOneFuzz success",
want: true,
wantErr: false,
fileName: []string{".onefuzz"},
},
{
name: "Test_checkOneFuzz not found",
want: false,
wantErr: false,
fileName: []string{},
},
{
name: "Test_checkOneFuzz failure",
want: false,
wantErr: true,
fileName: []string{".onefuzz"},
},
}
for _, tt := range tests {
tt := tt
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
ctrl := gomock.NewController(t)
defer ctrl.Finish()
mockFuzz := mockrepo.NewMockRepoClient(ctrl)
mockFuzz.EXPECT().ListFiles(gomock.Any()).Return(tt.fileName, nil).AnyTimes()
mockFuzz.EXPECT().GetFileContent(gomock.Any()).DoAndReturn(func(f string) (string, error) {
if tt.wantErr {
//nolint
return "", errors.New("error")
}
return "", nil
}).AnyTimes()
req := checker.CheckRequest{
RepoClient: mockFuzz,
}
got, err := checkOneFuzz(&req)
if (err != nil) != tt.wantErr {
t.Errorf("checkOneFuzz() error = %v, wantErr %v", err, tt.wantErr)
return
}
if got != tt.want {
t.Errorf("checkOneFuzz() = %v, want %v for test %v", got, tt.want, tt.name)
}
})
}
}

// Test_checkCFLite is a test function for checkCFLite.
func Test_checkCFLite(t *testing.T) {
t.Parallel()
Expand Down
1 change: 0 additions & 1 deletion docs/checks.md
Original file line number Diff line number Diff line change
Expand Up @@ -342,7 +342,6 @@ This check tries to determine if the project uses
- currently only supports [Go fuzzing](https://go.dev/doc/fuzz/),
- a limited set of property-based testing libraries for Haskell including [QuickCheck](https://hackage.haskell.org/package/QuickCheck), [Hedgehog](https://hedgehog.qa/), [validity](https://hackage.haskell.org/package/validity) or [SmallCheck](https://hackage.haskell.org/package/smallcheck),
- a limited set of property-based testing libraries for JavaScript and TypeScript including [fast-check](https://fast-check.dev/).
4. if it contains a [OneFuzz](https://github.com/microsoft/onefuzz) integration [detection file](https://github.com/microsoft/onefuzz/blob/main/docs/getting-started.md#detecting-the-use-of-onefuzz);

Fuzzing, or fuzz testing, is the practice of feeding unexpected or random data
into a program to expose bugs. Regular fuzzing is important to detect
Expand Down
1 change: 0 additions & 1 deletion docs/checks/internal/checks.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -402,7 +402,6 @@ checks:
- currently only supports [Go fuzzing](https://go.dev/doc/fuzz/),
- a limited set of property-based testing libraries for Haskell including [QuickCheck](https://hackage.haskell.org/package/QuickCheck), [Hedgehog](https://hedgehog.qa/), [validity](https://hackage.haskell.org/package/validity) or [SmallCheck](https://hackage.haskell.org/package/smallcheck),
- a limited set of property-based testing libraries for JavaScript and TypeScript including [fast-check](https://fast-check.dev/).
4. if it contains a [OneFuzz](https://github.com/microsoft/onefuzz) integration [detection file](https://github.com/microsoft/onefuzz/blob/main/docs/getting-started.md#detecting-the-use-of-onefuzz);

Fuzzing, or fuzz testing, is the practice of feeding unexpected or random data
into a program to expose bugs. Regular fuzzing is important to detect
Expand Down
2 changes: 1 addition & 1 deletion e2e/fuzzing_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,7 @@ var _ = Describe("E2E TEST:"+checks.CheckFuzzing, func() {
expected := scut.TestReturn{
Error: nil,
Score: checker.MinResultScore,
NumberOfWarn: 13,
NumberOfWarn: 12,
NumberOfInfo: 0,
NumberOfDebug: 0,
}
Expand Down
2 changes: 0 additions & 2 deletions probes/entries.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ import (
"github.com/ossf/scorecard/v4/probes/fuzzedWithGoNative"
"github.com/ossf/scorecard/v4/probes/fuzzedWithJavaJazzerFuzzer"
"github.com/ossf/scorecard/v4/probes/fuzzedWithOSSFuzz"
"github.com/ossf/scorecard/v4/probes/fuzzedWithOneFuzz"
"github.com/ossf/scorecard/v4/probes/fuzzedWithPropertyBasedHaskell"
"github.com/ossf/scorecard/v4/probes/fuzzedWithPropertyBasedJavascript"
"github.com/ossf/scorecard/v4/probes/fuzzedWithPropertyBasedTypescript"
Expand Down Expand Up @@ -73,7 +72,6 @@ var (
}
Fuzzing = []ProbeImpl{
fuzzedWithOSSFuzz.Run,
fuzzedWithOneFuzz.Run,
fuzzedWithGoNative.Run,
fuzzedWithPythonAtheris.Run,
fuzzedWithCLibFuzzer.Run,
Expand Down
32 changes: 0 additions & 32 deletions probes/fuzzedWithOneFuzz/def.yml

This file was deleted.

39 changes: 0 additions & 39 deletions probes/fuzzedWithOneFuzz/impl.go

This file was deleted.

Loading
Loading