GitLab CI: Add Valgrind and randpkt fuzzing.
Move common fuzzing configuration items to .fuzz-ubuntu. Build using Clang, which is what the Buildbot fuzzers did. Add jobs for fuzzing using Valgrind and randpkt.
This commit is contained in:
parent
da66bae61b
commit
4397eed75c
|
@ -14,6 +14,9 @@ stages:
|
||||||
- build
|
- build
|
||||||
- analysis
|
- analysis
|
||||||
- test
|
- test
|
||||||
|
- fuzz-asan
|
||||||
|
- fuzz-randpkt
|
||||||
|
- fuzz-valgrind
|
||||||
|
|
||||||
variables:
|
variables:
|
||||||
# Ensure that checkouts are a) fast and b) have a reachable tag. In a
|
# Ensure that checkouts are a) fast and b) have a reachable tag. In a
|
||||||
|
@ -576,35 +579,74 @@ sloccount:
|
||||||
- cat $SLOC_OUT
|
- cat $SLOC_OUT
|
||||||
- if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ] && [ -n "$S3_DESTINATION_ANALYSIS" ] ; then aws s3 cp "$SLOC_OUT" "$S3_DESTINATION_ANALYSIS/" ; fi
|
- if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ] && [ -n "$S3_DESTINATION_ANALYSIS" ] ; then aws s3 cp "$SLOC_OUT" "$S3_DESTINATION_ANALYSIS/" ; fi
|
||||||
|
|
||||||
fuzz-test:
|
# Fuzz TShark using ASAN and valgrind.
|
||||||
|
.fuzz-ubuntu:
|
||||||
extends: .build-ubuntu
|
extends: .build-ubuntu
|
||||||
rules: !reference [.if-fuzz-schedule]
|
rules: !reference [.if-fuzz-schedule]
|
||||||
tags:
|
tags:
|
||||||
- wireshark-ubuntu-fuzz
|
- wireshark-ubuntu-fuzz
|
||||||
stage: test
|
|
||||||
resource_group: fuzz-master
|
resource_group: fuzz-master
|
||||||
variables:
|
variables:
|
||||||
|
CC: "clang-$CLANG_VERSION"
|
||||||
|
CXX: "clang++-$CLANG_VERSION"
|
||||||
|
INSTALL_PREFIX: "$CI_PROJECT_DIR/_install"
|
||||||
MIN_PLUGINS: 10
|
MIN_PLUGINS: 10
|
||||||
MAX_PASSES: 5
|
MAX_PASSES: 15
|
||||||
script:
|
before_script:
|
||||||
|
# Signal after_script, which runs in its own shell.
|
||||||
|
- echo "export FUZZ_PASSED=true" > /tmp/fuzz_result.sh
|
||||||
- mkdir /tmp/fuzz
|
- mkdir /tmp/fuzz
|
||||||
- JOB_START_SECS=$( date -d "$CI_JOB_STARTED_AT" +%s )
|
after_script:
|
||||||
- cmake -G Ninja -DBUILD_wireshark=OFF -DCMAKE_BUILD_TYPE=Debug -DENABLE_ASAN=ON -DCMAKE_INSTALL_PREFIX=$CI_PROJECT_DIR/install.asan ..
|
- . /tmp/fuzz_result.sh
|
||||||
- ninja
|
|
||||||
- ninja install
|
|
||||||
# Run for 4 hours - build time - slop
|
|
||||||
- MAX_SECONDS=$(( 14400 - ( $( date +%s ) - $JOB_START_SECS ) - 300 ))
|
|
||||||
- cd ..
|
|
||||||
- FUZZ_PASSED=false
|
|
||||||
- ./tools/fuzz-test.sh -a -2 -P $MIN_PLUGINS -b $CI_PROJECT_DIR/install.asan/bin -d /tmp/fuzz -t $MAX_SECONDS $( shuf -e /var/menagerie/*/* ) 2> fuzz-test.err && FUZZ_PASSED=true
|
|
||||||
- if $FUZZ_PASSED ; then exit 0 ; fi
|
- if $FUZZ_PASSED ; then exit 0 ; fi
|
||||||
- echo Fuzzing failed. Generating report.
|
- echo Fuzzing failed. Generating report.
|
||||||
- FUZZ_CAPTURE=$( ls /tmp/fuzz/fuzz-*.pcap | head -n 1 )
|
- FUZZ_CAPTURE=$( ls /tmp/fuzz/fuzz-*.pcap | head -n 1 )
|
||||||
- FUZZ_ERRORS="/tmp/fuzz/$( basename "$FUZZ_CAPTURE" .pcap ).err"
|
- FUZZ_ERRORS="/tmp/fuzz/$( basename "$FUZZ_CAPTURE" .pcap ).err"
|
||||||
- printf "\nfuzz-test.sh stderr:\n"
|
- printf "\nfuzz-test.sh stderr:\n" >> "$FUZZ_ERRORS"
|
||||||
- cat fuzz-test.err >> "$FUZZ_ERRORS"
|
- cat fuzz-test.err >> "$FUZZ_ERRORS"
|
||||||
- |
|
- |
|
||||||
if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ] && [ -n "$S3_DESTINATION_FUZZ" ] ; then
|
if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ] && [ -n "$S3_DESTINATION_FUZZ" ] ; then
|
||||||
aws s3 cp "$FUZZ_CAPTURE" "$S3_DESTINATION_FUZZ/"
|
aws s3 cp "$FUZZ_CAPTURE" "$S3_DESTINATION_FUZZ/"
|
||||||
aws s3 cp "$FUZZ_ERRORS" "$S3_DESTINATION_FUZZ/"
|
aws s3 cp "$FUZZ_ERRORS" "$S3_DESTINATION_FUZZ/"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
fuzz-asan:
|
||||||
|
extends: .fuzz-ubuntu
|
||||||
|
stage: fuzz-asan
|
||||||
|
script:
|
||||||
|
- JOB_START_SECS=$( date -d "$CI_JOB_STARTED_AT" +%s )
|
||||||
|
- cmake -G Ninja -DBUILD_wireshark=OFF -DCMAKE_BUILD_TYPE=Debug -DENABLE_ASAN=ON -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX ..
|
||||||
|
- ninja
|
||||||
|
- ninja install
|
||||||
|
# Run for 4 hours - build time - slop
|
||||||
|
- MAX_SECONDS=$(( 14400 - ( $( date +%s ) - $JOB_START_SECS ) - 300 ))
|
||||||
|
- cd ..
|
||||||
|
# /var/menagerie contains captures harvested from wireshark.org's mailing list, wiki, issues, etc.
|
||||||
|
# We have more captures than we can fuzz in $MAX_SECONDS, so we shuffle them each run.
|
||||||
|
- ./tools/fuzz-test.sh -a -2 -P $MIN_PLUGINS -b $INSTALL_PREFIX/bin -d /tmp/fuzz -t $MAX_SECONDS $( shuf -e /var/menagerie/*/* ) 2> fuzz-test.err || echo "export FUZZ_PASSED=false" > /tmp/fuzz_result.sh
|
||||||
|
|
||||||
|
fuzz-randpkt:
|
||||||
|
extends: .fuzz-ubuntu
|
||||||
|
stage: fuzz-randpkt
|
||||||
|
script:
|
||||||
|
# XXX Reuse fuzz-asan?
|
||||||
|
- cmake -G Ninja -DBUILD_wireshark=OFF -DCMAKE_BUILD_TYPE=Debug -DENABLE_ASAN=ON -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX ..
|
||||||
|
- ninja
|
||||||
|
- ninja install
|
||||||
|
- cd ..
|
||||||
|
- ./tools/randpkt-test.sh -a -b $INSTALL_PREFIX/bin -d /tmp/fuzz -p $MAX_PASSES 2> fuzz-test.err || echo "export FUZZ_PASSED=false" > /tmp/fuzz_result.sh
|
||||||
|
needs: [ fuzz-asan ]
|
||||||
|
|
||||||
|
fuzz-valgrind:
|
||||||
|
extends: .fuzz-ubuntu
|
||||||
|
stage: fuzz-valgrind
|
||||||
|
script:
|
||||||
|
- JOB_START_SECS=$( date -d "$CI_JOB_STARTED_AT" +%s )
|
||||||
|
- cmake -G Ninja -DBUILD_wireshark=OFF -DCMAKE_BUILD_TYPE=Debug -DENABLE_ASAN=OFF -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX ..
|
||||||
|
- ninja
|
||||||
|
- ninja install
|
||||||
|
# Run for 3 hours - build time - slop
|
||||||
|
- MAX_SECONDS=$(( 10800 - ( $( date +%s ) - $JOB_START_SECS ) - 300 ))
|
||||||
|
- cd ..
|
||||||
|
- ./tools/fuzz-test.sh -g -P $MIN_PLUGINS -b $INSTALL_PREFIX/bin -d /tmp/fuzz -t $MAX_SECONDS $( shuf -e /var/menagerie/*/* ) 2> fuzz-test.err || echo "export FUZZ_PASSED=false" > /tmp/fuzz_result.sh
|
||||||
|
needs: [ fuzz-randpkt ]
|
||||||
|
|
Loading…
Reference in New Issue