From f9d9ff2cd2897694e9f9e309db54502a96d11869 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Mon, 21 Dec 2020 09:52:20 +0100 Subject: Create codeql-analysis.yml --- .github/workflows/codeql-analysis.yml | 67 +++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 .github/workflows/codeql-analysis.yml (limited to '.github/workflows') diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 00000000..b4057cac --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,67 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ stable ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ stable ] + schedule: + - cron: '22 4 * * 3' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + language: [ 'cpp', 'python' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] + # Learn more: + # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 -- cgit 1.4.1 From c28ecbbb2b35cc0fd9eac267ea4db33d891d9e59 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 21 Dec 2020 10:59:29 +0100 Subject: update codeql yml --- .github/workflows/codeql-analysis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b4057cac..67129af8 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -13,10 +13,10 @@ name: "CodeQL" on: push: - branches: [ stable ] + branches: [ stable, dev ] pull_request: # The branches below must be a subset of the branches above - branches: [ stable ] + branches: [ stable, dev ] schedule: - cron: '22 4 * * 3' -- cgit 1.4.1 From ed85d5374b83c414e6219f7a3927cd8c160a7f37 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 21 Dec 2020 11:56:01 +0100 Subject: switch to github actions --- .github/workflows/ci.yml | 21 +++++++++++++++++ .travis.yml | 59 ------------------------------------------------ docs/Changelog.md | 9 ++++---- 3 files changed, 26 insertions(+), 63 deletions(-) create mode 100644 .github/workflows/ci.yml delete mode 100644 .travis.yml (limited to '.github/workflows') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..469ee6d0 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,21 @@ +name: CI +'on': + push: + branches: + - stable, dev + pull_request: + branches: + - stable, dev +jobs: + Build: + runs-on: '${{ matrix.os }}' + strategy: + matrix: + os: [ubuntu-20.04, ubuntu-18.04] + steps: + - uses: actions/checkout@v2 + - run: sudo apt install -y git libtool libtool-bin automake bison libglib2.0-0 build-essential clang gcc gcc-plugin-dev libc++-dev findutils libcmocka-dev python3-setuptools + - run: gcc -v + - run: clang -v + - run: sudo -E ./afl-system-config ; sudo sysctl -w kernel.shmmax=10000000000 ; export AFL_SKIP_CPUFREQ=1 ; make distrib ASAN_BUILD=1 + - run: make tests diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index b8b36e6b..00000000 --- a/.travis.yml +++ /dev/null @@ -1,59 +0,0 @@ -language: c - -sudo: required - -branches: - only: - - stable - - dev - -matrix: - include: - #- os: linux # again disabled because fetching packages times out very often :( - # dist: focal - # env: NAME="focal-amd64" MODERN="yes" GCC="9" - - os: linux - dist: bionic - env: NAME="bionic-amd64" MODERN="yes" GCC="7" - - os: linux - dist: xenial - env: NAME="xenial-amd64" MODERN="no" GCC="5" EXTRA="libtool-bin clang-6.0" -# - os: linux # disabled: fatal: unable to access 'https://git.qemu.org/git/capstone/': gnutls_handshake() failed: Handshake failed -# dist: trusty -# env: NAME="trusty-amd64" MODERN="no" GCC="4.8" - - os: linux # until travis can fix this! - dist: xenial - arch: arm64 - env: NAME="xenial-arm64" MODERN="no" GCC="5" EXTRA="libtool-bin clang-6.0" AFL_NO_X86="1" CPU_TARGET="aarch64" -# - os: osx -# osx_image: xcode11.2 -# env: NAME="osx" HOMEBREW_NO_ANALYTICS="1" LINK="http://releases.llvm.org/9.0.0/" NAME="clang+llvm-9.0.0-x86_64-darwin-apple" - -jobs: - allow_failures: - - os: osx - - arch: arm64 - -env: - - AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 AFL_NO_UI=1 - # - AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 AFL_NO_UI=1 AFL_EXIT_WHEN_DONE=1 - # TODO: test AFL_BENCH_UNTIL_CRASH once we have a target that crashes - # - AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 AFL_NO_UI=1 AFL_BENCH_JUST_ONE=1 - -before_install: - # export LLVM_DIR=${TRAVIS_BUILD_DIR}/${LLVM_PACKAGE} - - echo Testing on $NAME - - if [ "$TRAVIS_OS_NAME" = "osx" ]; then wget "$LINK""$NAME".tar.xz ; export LLVM_CONFIG=`pwd`/"$NAME" ; tar xJf "$NAME".tar.xz ; fi - - if [ "$MODERN" = "yes" ]; then sudo apt update ; sudo apt upgrade ; sudo apt install -y git libtool libtool-bin automake bison libglib2.0-0 build-essential clang gcc-"$GCC" gcc-"$GCC"-plugin-dev libc++-"$GCC"-dev findutils libcmocka-dev python3-setuptools ; fi - - if [ "$MODERN" = "no" ]; then sudo apt update ; sudo apt install -y git libtool $EXTRA libpixman-1-dev automake bison libglib2.0 build-essential gcc-"$GCC" gcc-"$GCC"-plugin-dev libc++-dev findutils libcmocka-dev python3-setuptools ; fi - -script: - - gcc -v - - clang -v - - sudo -E ./afl-system-config - - sudo sysctl -w kernel.shmmax=10000000000 - - if [ "$TRAVIS_OS_NAME" = "osx" ]; then export LLVM_CONFIG=`pwd`/"$NAME" ; make source-only ASAN_BUILD=1 ; fi - - if [ "$TRAVIS_OS_NAME" = "linux" -a "$TRAVIS_CPU_ARCH" = "amd64" ]; then make distrib ASAN_BUILD=1 ; fi - - if [ "$TRAVIS_CPU_ARCH" = "arm64" ] ; then export LLVM_CONFIG=llvm-config-6.0 ; make ASAN_BUILD=1 ; cd qemu_mode && sh ./build_qemu_support.sh ; cd .. ; fi - - make tests -# - travis_terminate 0 diff --git a/docs/Changelog.md b/docs/Changelog.md index 0652a295..e36e4e9f 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -11,16 +11,17 @@ sending a mail to . ### Version ++3.01a (release) - afl-fuzz - - fix crash for very, very fast targets+systems, thanks for reporting @mhlakhani + - fix crash for very, very fast targets+systems (thanks to mhlakhani + for reporting) - switched to a faster RNG - added hghwng's patch for faster trace map analysis - - added dummy Makefile to instrumentation/ - afl-cc - allow instrumenting LLVMFuzzerTestOneInput - fixed endless loop for allow/blocklist lines starting with a comment (thanks to Zherya for reporting) - - added AFL_LLVM_INSTRUMENT option NATIVE for native clang pc-guard support - (less performant than our own) + - added AFL_LLVM_INSTRUMENT option NATIVE for native clang pc-guard + support (less performant than our own) + - added dummy Makefile to instrumentation/ ### Version ++3.00c (release) -- cgit 1.4.1 From 2a0d066121266e55bfe538b1931c6b032be2dc90 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 21 Dec 2020 12:14:08 +0100 Subject: update ci --- .github/workflows/ci.yml | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 469ee6d0..694d2316 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,21 +1,24 @@ name: CI -'on': + +on: push: - branches: - - stable, dev + branches: [ stable, dev ] pull_request: - branches: - - stable, dev + branches: [ stable, dev ] + jobs: - Build: + build: runs-on: '${{ matrix.os }}' strategy: matrix: os: [ubuntu-20.04, ubuntu-18.04] steps: - uses: actions/checkout@v2 - - run: sudo apt install -y git libtool libtool-bin automake bison libglib2.0-0 build-essential clang gcc gcc-plugin-dev libc++-dev findutils libcmocka-dev python3-setuptools - - run: gcc -v - - run: clang -v - - run: sudo -E ./afl-system-config ; sudo sysctl -w kernel.shmmax=10000000000 ; export AFL_SKIP_CPUFREQ=1 ; make distrib ASAN_BUILD=1 - - run: make tests + - name: install packages + run: sudo apt-get install -y -m -f --install-suggests git libtool libtool-bin automake bison libglib2.0-0 build-essential clang gcc gcc-plugin-dev libc++-dev findutils libcmocka-dev python3-setuptools + - name: compiler installed + run: gcc -v ; clang -v + - name: build afl++ + run: make distrib ASAN_BUILD=1 + - name: run tests + run: sudo -E ./afl-system-config ; sudo sysctl -w kernel.shmmax=10000000000 ; export AFL_SKIP_CPUFREQ=1 ; make tests -- cgit 1.4.1 From 816ba61080c30474bcb3d4b2cb243734271b0056 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 21 Dec 2020 12:27:06 +0100 Subject: fix ci --- .github/workflows/ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 694d2316..a7d91e64 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,8 +14,10 @@ jobs: os: [ubuntu-20.04, ubuntu-18.04] steps: - uses: actions/checkout@v2 + - name: debug: + run: apt-cache search plugin-dev | grep gcc ; apt-cache search clang | grep clang- - name: install packages - run: sudo apt-get install -y -m -f --install-suggests git libtool libtool-bin automake bison libglib2.0-0 build-essential clang gcc gcc-plugin-dev libc++-dev findutils libcmocka-dev python3-setuptools + run: sudo apt-get install -y -m -f --install-suggests build-essential git libtool libtool-bin automake bison libglib2.0-0 clang llvm-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools - name: compiler installed run: gcc -v ; clang -v - name: build afl++ -- cgit 1.4.1 From b42f405e6093b3ff7d48b691a041a0e7d8ad8c2e Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 21 Dec 2020 12:35:09 +0100 Subject: ci fix --- .github/workflows/ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to '.github/workflows') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a7d91e64..54e3071e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,12 +14,14 @@ jobs: os: [ubuntu-20.04, ubuntu-18.04] steps: - uses: actions/checkout@v2 - - name: debug: + - name: debug run: apt-cache search plugin-dev | grep gcc ; apt-cache search clang | grep clang- - name: install packages run: sudo apt-get install -y -m -f --install-suggests build-essential git libtool libtool-bin automake bison libglib2.0-0 clang llvm-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools - name: compiler installed run: gcc -v ; clang -v + - name: install gcc plugin + run: apt-get install -y -m -f --install-suggests $(readlink /usr/bin/gcc)-plugin-dev - name: build afl++ run: make distrib ASAN_BUILD=1 - name: run tests -- cgit 1.4.1 From 7172302be822c314a8c54dab9391a254ce72d557 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 21 Dec 2020 12:38:12 +0100 Subject: ci fix --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 54e3071e..b307de8e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,13 +15,13 @@ jobs: steps: - uses: actions/checkout@v2 - name: debug - run: apt-cache search plugin-dev | grep gcc ; apt-cache search clang | grep clang- + run: apt-cache search plugin-dev | grep gcc- ; echo ; apt-cache search clang- | grep clang- - name: install packages run: sudo apt-get install -y -m -f --install-suggests build-essential git libtool libtool-bin automake bison libglib2.0-0 clang llvm-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools - name: compiler installed - run: gcc -v ; clang -v + run: gcc -v ; echo ; clang -v - name: install gcc plugin - run: apt-get install -y -m -f --install-suggests $(readlink /usr/bin/gcc)-plugin-dev + run: sudo apt-get install -y -m -f --install-suggests $(readlink /usr/bin/gcc)-plugin-dev - name: build afl++ run: make distrib ASAN_BUILD=1 - name: run tests -- cgit 1.4.1 From 6e27c660587d1eba612b488ae033154c83a7e859 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 21 Dec 2020 12:48:02 +0100 Subject: ci fix --- .github/workflows/ci.yml | 4 ++-- afl-system-config | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b307de8e..31cfceaf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,7 +15,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: debug - run: apt-cache search plugin-dev | grep gcc- ; echo ; apt-cache search clang- | grep clang- + run: apt-cache search plugin-dev | grep gcc- ; echo ; apt-cache search clang-format- | grep clang-format- - name: install packages run: sudo apt-get install -y -m -f --install-suggests build-essential git libtool libtool-bin automake bison libglib2.0-0 clang llvm-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools - name: compiler installed @@ -25,4 +25,4 @@ jobs: - name: build afl++ run: make distrib ASAN_BUILD=1 - name: run tests - run: sudo -E ./afl-system-config ; sudo sysctl -w kernel.shmmax=10000000000 ; export AFL_SKIP_CPUFREQ=1 ; make tests + run: sudo -E ./afl-system-config ; export AFL_SKIP_CPUFREQ=1 ; make tests diff --git a/afl-system-config b/afl-system-config index 4ca9f0a9..7031544c 100755 --- a/afl-system-config +++ b/afl-system-config @@ -80,3 +80,4 @@ if [ "$PLATFORM" = "Darwin" ] ; then DONE=1 fi test -z "$DONE" && echo Error: Unknown platform: $PLATFORM +exit 0 -- cgit 1.4.1 From 2a22dc433caa7d08ed0cc4235fb267bf15b5b6ed Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 21 Dec 2020 13:01:56 +0100 Subject: ci fix --- .github/workflows/codeql-analysis.yml | 37 +---------------------------------- test/test-gcc-plugin.sh | 2 +- 2 files changed, 2 insertions(+), 37 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 67129af8..eda8dfd0 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,24 +1,10 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# name: "CodeQL" on: push: branches: [ stable, dev ] pull_request: - # The branches below must be a subset of the branches above branches: [ stable, dev ] - schedule: - - cron: '22 4 * * 3' jobs: analyze: @@ -28,40 +14,19 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'cpp', 'python' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - # Learn more: - # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed + language: [ 'cpp' ] steps: - name: Checkout repository uses: actions/checkout@v2 - # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v1 with: languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild uses: github/codeql-action/autobuild@v1 - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v1 diff --git a/test/test-gcc-plugin.sh b/test/test-gcc-plugin.sh index 71d86364..01ca4a5a 100755 --- a/test/test-gcc-plugin.sh +++ b/test/test-gcc-plugin.sh @@ -19,7 +19,7 @@ test -e ../afl-gcc-fast -a -e ../afl-compiler-rt.o && { } || { $ECHO "$GREEN[+] gcc_plugin instrumentation present and working correctly" TUPLES=`echo 0|../afl-showmap -m ${MEM_LIMIT} -o /dev/null -- ./test-instr.plain.gccpi 2>&1 | grep Captur | awk '{print$3}'` - test "$TUPLES" -gt 3 -a "$TUPLES" -lt 7 && { + test "$TUPLES" -gt 3 -a "$TUPLES" -lt 9 && { $ECHO "$GREEN[+] gcc_plugin run reported $TUPLES instrumented locations which is fine" } || { $ECHO "$RED[!] gcc_plugin instrumentation produces a weird numbers: $TUPLES" -- cgit 1.4.1