-
Notifications
You must be signed in to change notification settings - Fork 7
65 lines (57 loc) · 1.99 KB
/
fuzzing.yml
File metadata and controls
65 lines (57 loc) · 1.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
name: Atheris Fuzzing
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
schedule:
# Run fuzzing every Monday at 2 AM
- cron: '0 2 * * 1'
workflow_dispatch:
permissions:
contents: read
jobs:
fuzz:
name: Run Atheris Fuzz Tests
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
fuzz-target:
- fuzz_validation.py
- fuzz_helpers.py
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: '3.11'
- name: Install dependencies
run: |
python -m pip install --require-hashes -r .github/requirements-pip.txt
pip install --require-hashes -r .github/requirements-fuzz.txt
# Install only minimal dependencies needed for fuzz targets
pip install -r requirements.txt || echo "Some dependencies may not install in CI - continuing"
- name: Run fuzzing - ${{ matrix.fuzz-target }}
run: |
cd .github/fuzz
# Run each fuzzer for 60 seconds
timeout 60s python ${{ matrix.fuzz-target }} -atheris_runs=100000 || exit_code=$?
# Exit code 124 means timeout (expected), 0 means success, anything else is a crash
if [ $exit_code -ne 0 ] && [ $exit_code -ne 124 ]; then
echo "Fuzzer crashed with exit code $exit_code"
exit 1
fi
echo "Fuzzing completed successfully"
continue-on-error: false
- name: Upload crash artifacts
if: failure()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: fuzz-crashes-${{ matrix.fuzz-target }}
path: |
.github/fuzz/crash-*
.github/fuzz/leak-*
.github/fuzz/timeout-*
if-no-files-found: ignore