Simple CI program for running fuzzing over TezEdge.

Overview

Fuzzing CI

This program is designed to run fuzzing on selected branches of a source project, restarting it as a new commit arrives.

Building

cargo build

Running

The most of configuration parameters for the program should be specified via a TOML configuration file (see below for details). The -c/--config option tells it what file to use.

To run the program as a webhook so it will be notified on pushes, the server subcommand should be used. It is also possible to specify a URL that allows to view coverage reports using the -u/--url parameter. If you need it to update the team via a Slack channel, an access token might be specified via an environment variable SLACK_AUTH_TOKEN (see below for Slack integration details)

SLACK_AUTH_TOKEN="xoxb-XXXXXXX" cargo run -- -c config.toml server --url http://fuzz.example.com

HTTP Endpoints

The application exposes two endpoints:

  • '/api' to work as a GitHub webhook.
  • '/reports' to serve static content of Kcov-generated reports.

Configuration

The program is controlled by a TOML configuration file.

See the [config.toml] file for the details on possible parameters.

Webhook Configuration

To receive notifications from GitHub, a webhook should be added to the repository that we need to listen to (note that it might be a separate from the repository containing the fuzzing projects).

Open the repository settings, select Webhooks item and press Add webhook.

In the Payload URL enter the URL the app is accessible with, with /api path (e.g. http::/example.com:3030/run).

In the Content type select application/json.

Press Add webhook, and you're set.

Nginx Configuration

A webserver might be configured to display Kcov reports. If that is Nginx, the sample configuration file can be used.

Slack Integration

A Slack app should be created to interact with a channel, see here. After the Slack application is created, its OAuth token should be specified via the slack.token configuration key or via SLACK_AUTH_TOKEN environment variable.

A Slack channel should be specified via slack.channel parameter.

Debugging

By default the program uses info logging level. Adding a single -d parameter turns on debug level logging, and another one -d parameter makes trace logging visible (only for debug builds).

cargo run -- -dd ...

Implementation Details

The application implements a GitHub webhook (currently only ping and push events). On each push event for the specified branch it starts fuzzing cycle for the head version of that branch.

Fuzzing Cycle

First, if the branch (its previous version) is in the process of fuzzing, all the fuzzers are stopped.

Then, the program checks out the fuzzing project. Currently this is done by running the script [checkout.sh].

After the fuzzing project is checked out, its fuzzing projects are prepared for fuzzing:

  • Kcov is run against the project, with fuzzing corpus as input, to get source coverage given by the corpus files.
  • Fuzzing project is built by running cargo hfuzz build.
  • Fuzzer is started for each of the fuzzing targets by launching cargo hfuzz run <target>.

Fuzzing Feedback

Currently only Honggfuzz is supported. It provides very nice feedback for a human user, but to make convertable to any different presentation some tricks are needed.

When honggfuzz is run with -v switch, it does not show that term feedback, but instead reports progress in the following form:


The first group of /-separated numbers are: ...

For us the most valuable number is the cound of covered edges.

Also by running the honggfuzz on a target shortly and then stopping it (e.g. by specifying a low number of iterations or a short period of time) we can see the total number of edges detected by it. So using that number and collecting covered edges as the fuzzing goes we can report current progress in the form of covered/total edges.

You might also like...
An experimental fork of a16z's Helios Ethereum client which can run its network traffic over the Nym mixnet

Helios (Nym mixnet fork) Helios is a fully trustless, efficient, and portable Ethereum light client written in Rust. This fork of Helios includes nasc

An example CosmWasm contract for connecting contracts over IBC.

CosmWasm IBC Example This is a simple IBC enabled CosmWasm smart contract. It expects to be deployed on two chains and, when prompted, will send messa

stealth addresses library implementing ERC-5564 over secp256k1 in rust

eth-stealth-addresses rust library implementing ERC-5564 stealth addresses using canonical ECC over the secp256k1 curve. let's make privacy on evm cha

shavee is a Program to automatically decrypt and mount ZFS datasets using Yubikey HMAC as 2FA or any USB drive with support for PAM to auto mount home directories.

shavee is a simple program to decrypt and mount encrypted ZFS user home directories at login using Yubikey HMAC or a Simple USB drive as 2FA written in rust.

The Solana Program Library (SPL) is a collection of on-chain programs targeting the Sealevel parallel runtime.

Solana Program Library The Solana Program Library (SPL) is a collection of on-chain programs targeting the Sealevel parallel runtime. These programs a

Solana Escrow Program written by RUST.

Environment Setup Install Rust from https://rustup.rs/ Install Solana from https://docs.solana.com/cli/install-solana-cli-tools#use-solanas-install-to

⬆ A program for deploying and upgrading programs.

DeployDAO Migrator WARNING: This code is a work in progress. Please do not use it as is. A program for deploying and upgrading programs. About The Mig

Rust command line program for Bitcoin brainwallet

brainwallet Rust command line program for Bitcoin brainwallet as implemented at https://www.bitaddress.org. To run it, first install Rust, e.g. from h

Solana NFT generative artwork program

resin Solana NFT generative artwork program Installation Depends on imagemagick for art generation, which can be installed here: https://imagemagick.o

Comments
  • Integrate fuzzing with other CI tools

    Integrate fuzzing with other CI tools

    Currently this tool acts as a GitHub webhook. It would be much robust to have it instead integrated with mature CI tools, like Drone or Jenkins, and provide more specific functionality of starting fuzzing and reporting.

    enhancement 
    opened by akoptelov 0
Owner
TezEdge
TezEdge is a Rust-based node for Tezos
TezEdge
An MEV back-running template for ethers-rs

MEV price prediction I show how to predict ChainLink price updates from the mempool. For the sake of illustration I work with AAVE V2 price oracles. E

Andrea Simeoni 54 Apr 19, 2023
Iterate over bitcoin blocks

Blocks iterator Iterates over Bitcoin blocks, decoding data inside Bitcoin Core's blocks directory. Features: Blocks are returned in height order, it

Riccardo Casatta 38 Nov 8, 2022
Voice over the BitcoinSV protocol (made for CoinGeek 2021)

The BitcoinPhone Voice over the Bitcoin protocol. Setup Instructions for Mac Install rust https://www.rust-lang.org/tools/install Install homebrew htt

Joe 15 Mar 12, 2022
NymDrive is a complete, end-to-end encrypted file syncing daemon that runs over the Nym network.

NymDrive NymDrive is a complete, end-to-end encrypted file syncing daemon that runs over the Nym network. Features Active file monitoring of changes i

Hans Bricks 16 Jul 12, 2022
Bulletproofs and Bulletproofs+ Rust implementation for Aggregated Range Proofs over multiple elliptic curves

Bulletproofs This library implements Bulletproofs+ and Bulletproofs aggregated range proofs with multi-exponent verification. The library supports mul

[ZenGo X] 62 Dec 13, 2022
Rust implementation of multi-party Schnorr signatures over elliptic curves.

Multi Party Schnorr Signatures This library contains several Rust implementations of multi-signature Schnorr schemes. Generally speaking, these scheme

[ZenGo X] 148 Dec 15, 2022
Outp0st is an open-source UI tool to enable next-level team collaboration on dApp development over Terra blockchain

Outp0st is an open-source UI tool to enable next-level team collaboration on dApp development over Terra blockchain

Genolis 2 May 4, 2022
L2 validity rollup combined with blind signatures over elliptic curves inside zkSNARK, to provide offchain anonymous voting with onchain binding execution on Ethereum

blind-ovote Blind-OVOTE is a L2 voting solution which combines the validity rollup ideas with blind signatures over elliptic curves inside zkSNARK, to

Aragon ZK Research 3 Nov 18, 2022
RPC over mezzenger transports.

zzrpc RPC over mezzenger transports. https://crates.io/crates/zzrpc usage See zzrpc-tutorial. targeting WebAssembly See rust-webapp-template-api. furt

Daniel Zduniak 4 Dec 30, 2022
An EVM low-level language that gives full control over the control flow of the smart contract.

Meplang - An EVM low-level language Meplang is a low-level programming language that produces EVM bytecode. It is designed for developers who need ful

MEP 19 Jan 31, 2023