-
Notifications
You must be signed in to change notification settings - Fork 46
161 lines (143 loc) · 4.57 KB
/
nightly-fuzzing.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
name: Fuzz Testing Nightly
on:
schedule:
# 3:00 AM PST monday-saturday
- cron: '00 11 * * 1-6'
jobs:
image_verify_seed_corpus:
name: Build Image Verifier seed corpus
runs-on: ubuntu-22.04
env:
# Change this to a new random value if you suspect the cache is corrupted
CACHE_BUSTER: 6542f37bb328
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
submodules: 'true'
- name: Restore seed corpus
uses: actions/cache/restore@v3
id: image_bundle_restore
with:
path: ./image/verify/fuzz/common_corpus/
key: image_verify-common_corpus-${{ env.CACHE_BUSTER }}
- name: Build seed corpus
if: steps.image_bundle_restore.outputs.cache-hit != 'true'
run: |
mkdir -p image/verify/fuzz/common_corpus
for x in $(seq 01 04); do
cargo run -j$(nproc) --manifest-path=builder/Cargo.toml --release --bin image -- --rom /dev/null --fw image/verify/fuzz/common_corpus/${x}; \
cargo clean; \
done
- name: Save seed corpus
uses: actions/cache/save@v3
if: steps.image_bundle_restore.outputs.cache-hit != 'true'
with:
path: ./image/verify/fuzz/common_corpus/
key: image_verify-common_corpus-${{ env.CACHE_BUSTER }}
dpe_libfuzzer:
uses: ./.github/workflows/reusable-libfuzzer.yml
with:
name: dpe
fuzz_target_path: dpe/dpe/fuzz
fuzz_target_name: fuzz_target_1
fuzz_target_max_len: 512
fuzzer_features:
fuzzer_sanitiser: address
dpe_afl:
uses: ./.github/workflows/reusable-aflplusplus.yml
with:
name: dpe
fuzz_target_path: dpe/dpe/fuzz
fuzz_target_name: fuzz_target_1
fuzz_target_max_len: 512
fuzzer_features:
image_verify_libfuzzer_unstructured:
needs: image_verify_seed_corpus
uses: ./.github/workflows/reusable-libfuzzer.yml
with:
name: image_verify
fuzz_target_path: image/verify/fuzz
fuzz_target_name: fuzz_target_coldreset
fuzz_target_max_len: 131072
fuzzer_features:
fuzzer_sanitiser: address
image_verify_libfuzzer_structured:
needs: image_verify_seed_corpus
uses: ./.github/workflows/reusable-libfuzzer.yml
with:
name: image_verify
fuzz_target_path: image/verify/fuzz
fuzz_target_name: fuzz_target_coldreset
fuzz_target_max_len: 131072
fuzzer_features: struct-aware
fuzzer_sanitiser: address
image_verify_afl_unstructured:
needs: image_verify_seed_corpus
uses: ./.github/workflows/reusable-aflplusplus.yml
with:
name: image_verify
fuzz_target_path: image/verify/fuzz
fuzz_target_name: fuzz_target_coldreset
fuzz_target_max_len: 131072
fuzzer_features:
image_verify_afl_structured:
needs: image_verify_seed_corpus
uses: ./.github/workflows/reusable-aflplusplus.yml
with:
name: image_verify
fuzz_target_path: image/verify/fuzz
fuzz_target_name: fuzz_target_coldreset
fuzz_target_max_len: 131072
fuzzer_features: struct-aware
lms_libfuzzer_unstructured:
uses: ./.github/workflows/reusable-libfuzzer.yml
with:
name: lms
fuzz_target_path: drivers/fuzz
fuzz_target_name: fuzz_target_lms
fuzz_target_max_len: 16384
fuzzer_features:
fuzzer_sanitiser: address
lms_libfuzzer_structured:
uses: ./.github/workflows/reusable-libfuzzer.yml
with:
name: lms
fuzz_target_path: drivers/fuzz
fuzz_target_name: fuzz_target_lms
fuzz_target_max_len: 16384
fuzzer_features: struct-aware
fuzzer_sanitiser: address
lms_afl_unstructured:
uses: ./.github/workflows/reusable-aflplusplus.yml
with:
name: lms
fuzz_target_path: drivers/fuzz
fuzz_target_name: fuzz_target_lms
fuzz_target_max_len: 16384
fuzzer_features:
lms_afl_structured:
uses: ./.github/workflows/reusable-aflplusplus.yml
with:
name: lms
fuzz_target_path: drivers/fuzz
fuzz_target_name: fuzz_target_lms
fuzz_target_max_len: 16384
fuzzer_features: struct-aware
x509_libfuzzer:
uses: ./.github/workflows/reusable-libfuzzer.yml
with:
name: x509
fuzz_target_path: x509/fuzz
fuzz_target_name: fuzz_target_1
fuzz_target_max_len: 8192
fuzzer_features:
fuzzer_sanitiser: address
x509_afl:
uses: ./.github/workflows/reusable-aflplusplus.yml
with:
name: x509
fuzz_target_path: x509/fuzz
fuzz_target_name: fuzz_target_1
fuzz_target_max_len: 8192
fuzzer_features: