Merge branch 'master' into pr_helper_history

projects/brotli-java/build.sh

@@ -20,7 +20,7 @@ sed -i 's/1.6</1.7</g' ./pom.xml
 
 MAVEN_ARGS="-Dmaven.test.skip=true -Djavac.src.version=11 -Djavac.target.version=11 -X"
 $MVN package
-find ./dec -name "dec-*.jar" -exec mv {} $OUT/dec.jar \;
+find ./dec -name "org.brotli.dec-*.jar" -exec mv {} $OUT/dec.jar \;
 
 ALL_JARS="dec.jar"
 BUILD_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "$OUT/%s:"):$JAZZER_API_PATH

projects/json-flattener/project.yaml

@@ -1,5 +1,6 @@
 homepage: "https://github.com/wnameless/json-flattener/"
 language: jvm
+primary_contact: "[email protected]"
 fuzzing_engines:
   - libfuzzer
 main_repo: "https://github.com/wnameless/json-flattener/"
@@ -11,4 +12,4 @@ vendor_ccs:
   - "[email protected]"
   - "[email protected]"
   - "[email protected]"
-  - "[email protected]"
+  - "[email protected]"

projects/keycloak/Dockerfile

@@ -0,0 +1,29 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder-jvm
+
+RUN curl -L https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.zip -o maven.zip && \
+    unzip maven.zip -d $SRC/maven && \
+    rm -rf maven.zip
+
+ENV MVN $SRC/maven/apache-maven-3.6.3/bin/mvn
+
+RUN git clone --depth 1 https://github.com/cncf/cncf-fuzzing cncf-fuzzing
+RUN git clone --depth 1 https://github.com/keycloak/keycloak keycloak
+
+COPY build.sh $SRC/
+WORKDIR $SRC/keycloak

projects/keycloak/build.sh

@@ -0,0 +1,18 @@
+#!/bin/bash -eu
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+cp $SRC/cncf-fuzzing/projects/keycloak/*.java $SRC/
+$SRC/cncf-fuzzing/projects/keycloak/build.sh

projects/keycloak/project.yaml

@@ -0,0 +1,15 @@
+fuzzing_engines:
+- libfuzzer
+homepage: "https://www.keycloak.org/"
+language: jvm
+main_repo: "https://github.com/keycloak/keycloak"
+sanitizers:
+- address
+primary_contact: "[email protected]"
+auto_ccs:
+- "[email protected]"
+- "[email protected]"
+vendor_ccs:
+- "[email protected]"
+- "[email protected]"
+- "[email protected]"

projects/kyverno/Dockerfile

@@ -0,0 +1,28 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder-go
+RUN git clone --depth 1 https://github.com/kyverno/kyverno
+RUN wget https://go.dev/dl/go1.20.2.linux-amd64.tar.gz \ 
+    && mkdir temp-go \ 
+    && rm -rf /root/.go/* \ 
+    && tar -C temp-go/ -xzf go1.20.2.linux-amd64.tar.gz \ 
+    && mv temp-go/go/* /root/.go/ 
+
+COPY build.sh \
+         fuzz_policy_test.go \
+	 $SRC/
+WORKDIR $SRC/kyverno

projects/kyverno/build.sh

@@ -0,0 +1,25 @@
+#!/bin/bash -eu
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# required by Go 1.20
+export CXX="${CXX} -lresolv"
+
+printf "package policy\nimport _ \"github.com/AdamKorcz/go-118-fuzz-build/testing\"\n" > pkg/validation/policy/registerfuzzdep.go
+cp $SRC/fuzz_policy_test.go $SRC/kyverno/pkg/validation/policy/
+go mod tidy
+
+compile_native_go_fuzzer github.com/kyverno/kyverno/pkg/validation/policy FuzzValidatePolicy FuzzValidatePolicy

projects/kyverno/fuzz_policy_test.go

@@ -0,0 +1,45 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package policy
+
+import (
+	"github.com/go-logr/logr"
+	kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
+	"github.com/kyverno/kyverno/pkg/openapi"
+	"testing"
+
+	fuzz "github.com/AdamKorcz/go-fuzz-headers-1"
+)
+
+var fuzzOpenApiManager openapi.Manager
+
+func init() {
+	var err error
+	fuzzOpenApiManager, err = openapi.NewManager(logr.Discard())
+	if err != nil {
+		panic(err)
+	}
+}
+
+func FuzzValidatePolicy(f *testing.F) {
+	f.Fuzz(func(t *testing.T, data []byte) {
+		ff := fuzz.NewConsumer(data)
+		p := &kyverno.ClusterPolicy{}
+		ff.GenerateStruct(p)
+
+		Validate(p, nil, nil, true, fuzzOpenApiManager, "admin")
+	})
+}

projects/kyverno/project.yaml

@@ -0,0 +1,10 @@
+homepage: "https://www.kyverno.io"
+main_repo: "https://github.com/kyverno/kyverno"
+primary_contact: "[email protected]"
+auto_ccs :
+  - "[email protected]"
+language: go
+fuzzing_engines:
+  - libfuzzer
+sanitizers:
+  - address

projects/mp4san/Dockerfile

@@ -0,0 +1,20 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM gcr.io/oss-fuzz-base/base-builder-rust
+
+RUN git clone --depth 1 https://github.com/privacyresearchgroup/mp4san mp4san
+WORKDIR mp4san
+
+COPY build.sh $SRC/

projects/mp4san/build.sh

@@ -0,0 +1,29 @@
+#!/bin/bash -eu
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+PROJECT_DIR=$SRC/mp4san
+FUZZ_DIR=$PROJECT_DIR/mp4san/fuzz
+cd $FUZZ_DIR && cargo fuzz build -O --debug-assertions
+
+FUZZ_INPUT_DIR=$FUZZ_DIR/input
+
+FUZZ_TARGET_OUTPUT_DIR=$FUZZ_DIR/target/x86_64-unknown-linux-gnu/release/
+for fuzz_target in $FUZZ_DIR/fuzz_targets/*.rs
+do
+    FUZZ_TARGET_NAME=$(basename ${fuzz_target%.*})
+    cp $FUZZ_TARGET_OUTPUT_DIR/$FUZZ_TARGET_NAME $OUT/
+    cp $FUZZ_DIR/mp4.dict $OUT/$FUZZ_TARGET_NAME.dict
+    zip -jr $OUT/${FUZZ_TARGET_NAME}_seed_corpus.zip $FUZZ_INPUT_DIR/
+done

projects/mp4san/project.yaml

@@ -0,0 +1,10 @@
+homepage: "https://github.com/privacyresearchgroup/mp4san"
+language: rust
+primary_contact: "[email protected]"
+main_repo: "https://github.com/privacyresearchgroup/mp4san"
+vendor_ccs:
+  - "[email protected]"
+sanitizers:
+  - address
+fuzzing_engines:
+  - libfuzzer

projects/powerdns/build.sh

@@ -34,6 +34,7 @@ autoreconf -vi
     --enable-fuzz-targets \
     --disable-dependency-tracking \
     --disable-silent-rules || /bin/bash
+make -j$(nproc) -C ext/arc4random/
 make -j$(nproc) -C ext/yahttp/
 cd pdns
 make -j$(nproc) fuzz_targets

projects/quic-go/.gitignore

@@ -0,0 +1 @@
+oss-fuzz.sh

projects/quic-go/Dockerfile

@@ -16,9 +16,14 @@
 
 FROM gcr.io/oss-fuzz-base/base-builder-go
 
-RUN git clone --depth 1 https://github.com/quic-go/qpack/
-RUN git clone --depth 1 https://github.com/quic-go/quic-go/
+RUN git clone --depth 1 https://github.com/quic-go/qpack/ $GOPATH/src/github.com/quic-go/qpack
+RUN git clone --depth 1 https://github.com/quic-go/quic-go/ $GOPATH/src/github.com/quic-go/quic-go
 
-RUN cp quic-go/oss-fuzz.sh build.sh
-# Enable this for easier local testing / repro
-# COPY build.sh .
+RUN cp $GOPATH/src/github.com/quic-go/quic-go/oss-fuzz.sh $SRC/build.sh
+# Local testing:
+# 1. copy oss-fuzz.sh from quic-go repo to projects/quic-go
+# 2. uncomment this line
+# 3. run infra/helper.py build_image quic-go
+# COPY oss-fuzz.sh $SRC/build.sh
+
+RUN chmod +x $SRC/build.sh

projects/rabbitmq-c/build.sh

@@ -26,7 +26,9 @@ cmake \
 
 make -j$(nproc)
 
-cp fuzz/fuzz_url $OUT/fuzz_url
+if [ "$SANITIZER" != "undefined" ]; then
+    cp fuzz/fuzz_url $OUT/fuzz_url
+fi
 cp fuzz/fuzz_table $OUT/fuzz_table
 cp fuzz/fuzz_server $OUT/fuzz_server
 popd

projects/rabbitmq-c/project.yaml

@@ -9,4 +9,6 @@ fuzzing_engines:
   - honggfuzz
 sanitizers:
   - address
+  - memory
+  - undefined
 main_repo: 'https://github.com/alanxz/rabbitmq-c'

projects/spring-cloud-config/Dockerfile

@@ -20,6 +20,10 @@ RUN curl -L https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-
 unzip maven.zip -d $SRC/maven-3.6.3 && \
 rm -rf maven.zip
 
+RUN curl -L https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.7%2B7/OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz -o jdk.tar.gz && \
+tar xvf jdk.tar.gz && \
+rm -rf jdk.tar.gz
+
 ENV MVN $SRC/maven-3.6.3/apache-maven-3.6.3/bin/mvn
 
 WORKDIR ${SRC}

projects/spring-cloud-config/build.sh

@@ -15,8 +15,8 @@
 #
 ################################################################################
 
-apt-get update && apt-get install -y openjdk-17-jdk-headless
-export JAVA_HOME="/usr/lib/jvm/java-17-openjdk-amd64"
+cp -r $SRC/jdk-17.0.7+7 $OUT/jdk
+export JAVA_HOME="$OUT/jdk"
 
 MVN_FLAGS="-Dmaven.compiler.source=17 -Dmaven.compiler.target=17 -DskipTests"
 ALL_JARS=""
@@ -74,11 +74,8 @@ for fuzzer in $(find ${SRC} -name '*Fuzzer.java'); do
 	echo "#!/bin/sh
 # LLVMFuzzerTestOneInput Magic String required for infra/base-image/test_all.py. DO NOT REMOVE
 
-# We need java-17.
-apt-get update && apt-get install -y openjdk-17-jdk-headless
-
 this_dir=\$(dirname \"\$0\")
-JAVA_HOME=\"/usr/lib/jvm/java-17-openjdk-amd64\" \
+JAVA_HOME=\$this_dir/jdk \
 LD_LIBRARY_PATH=\"\$JAVA_HOME/lib/server\":\$this_dir \
 \$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \
 --cp=${RUNTIME_CLASSPATH} \

projects/spring-cloud-netflix/Dockerfile

@@ -20,6 +20,10 @@ RUN curl -L https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-
 unzip maven.zip -d $SRC/maven && \
 rm -rf maven.zip
 
+RUN curl -L https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.7%2B7/OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz -o jdk.tar.gz && \
+tar xvf jdk.tar.gz && \
+rm -rf jdk.tar.gz
+
 ENV MVN $SRC/maven/apache-maven-3.6.3/bin/mvn
 
 RUN git clone https://github.com/spring-cloud/spring-cloud-netflix.git

projects/spring-cloud-netflix/build.sh

@@ -15,8 +15,8 @@
 #
 ################################################################################
 
-apt-get update && apt-get install -y openjdk-17-jdk-headless
-export JAVA_HOME="/usr/lib/jvm/java-17-openjdk-amd64"
+cp -r $SRC/jdk-17.0.7+7 $OUT/jdk
+export JAVA_HOME="$OUT/jdk"
 
 MVN_FLAGS="-Dmaven.compiler.source=17 -Dmaven.compiler.target=17 -DskipTests"
 ALL_JARS=""
@@ -73,11 +73,9 @@ for fuzzer in $(find ${SRC} -name '*Fuzzer.java'); do
 
 	echo "#!/bin/sh
 # LLVMFuzzerTestOneInput Magic String required for infra/base-image/test_all.py. DO NOT REMOVE
-# We need java-17.
-apt-get update && apt-get install -y openjdk-17-jdk-headless
 
 this_dir=\$(dirname \"\$0\")
-JAVA_HOME=\"/usr/lib/jvm/java-17-openjdk-amd64\" \
+JAVA_HOME=\$this_dir/jdk \
 LD_LIBRARY_PATH=\"\$JAVA_HOME/lib/server\":\$this_dir \
 \$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \
 --cp=${RUNTIME_CLASSPATH} \

projects/xz/build.sh

@@ -24,7 +24,8 @@
   --disable-xz \
   --disable-xzdec \
   --disable-lzmadec \
-  --disable-lzmainfo
+  --disable-lzmainfo \
+  --disable-ifunc
 make clean
 make -j$(nproc) && make -C tests/ossfuzz && \
     cp tests/ossfuzz/config/fuzz.options $OUT/ && \