[expr] Initial integration

[antonmedv]

Expr is an expression language in Go. It's primary goal is to be safe to take unsanitized user input.
Expr is already in //third_party in google3 ;)

[github-actions]

antonmedv is integrating a new project:
- Main repo: https://github.com/antonmedv/expr.git
- Criticality score: 0.62542

[jonathanmetzman]

lgtm

[antonmedv]

I don't understand why build libfuzzer,address,x86_64 failed.

[antonmedv]

@jonathanmetzman please help with tests. Thanks!

[jonathanmetzman]

Done

[jonathanmetzman]

Post back here if they pass please.

[antonmedv]

Please restart workflows.

[antonmedv]

I tried to test the build locally but got some problems with installing dependencies.

Please, help me with this PR. Thanks! <3

[jonathanmetzman]

I tried to test the build locally but got some problems with installing dependencies.

Please, help me with this PR. Thanks! <3

Installing deps for OSS-Fuzz? It's just docker and python.
Do you understand the error in CI? I don't

[antonmedv]

Do you understand the error in CI? I don't

I don't too.

It's just docker and python.

I was trying to install pip locally

[jonathanmetzman]

Do you understand the error in CI? I don't

I don't too.

It's just docker and python.

I was trying to install pip locally

I don't think pip is required though,.

[antonmedv]

Found the docs: https://google.github.io/oss-fuzz/advanced-topics/reproducing/
It helped =)

[antonmedv]

Same error as in CI:

+ compile_native_go_fuzzer github.com/antonmedv/expr FuzzExpr fuzz_expr
main.1367621804.go:12:2: found packages expr (bench_test.go) and expr_test (fuzz_test.go_fuzz.go) in /src/expr
2023/08/23 12:17:06 failed to build packages:exit status 1
ERROR:__main__:Building fuzzers failed.

[antonmedv]

I trying to put fuzzers in a sep dir. Seems like it helped.

[antonmedv]

@jonathanmetzman please, approve CI builds.

[antonmedv]

@jonathanmetzman I'd like to get this done! I really appreciate any help you can provide.

[jonathanmetzman]

I see this error:

panic: open ./fuzz_corpus.txt: no such file or directory [recovered]
	panic: open ./fuzz_corpus.txt: no such file or directory

Is it trying to read a non-existent file?

[antonmedv]

I switched to go:embed for corpus. Looks like it working:

$ python infra/helper.py build_fuzzers --sanitizer address expr
...
+ cp /src/expr/test/fuzz/fuzz_expr_seed_corpus.zip /out/
+ cp /src/expr/test/fuzz/fuzz_expr.dict /out/
+ go get github.com/AdamKorcz/go-118-fuzz-build/testing
go: downloading github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0
go: downloading github.com/AdaLogics/go-fuzz-headers v0.0.0-20221206110420-d395f97c4830
go: downloading github.com/cyphar/filepath-securejoin v0.2.3
go: added github.com/AdaLogics/go-fuzz-headers v0.0.0-20221206110420-d395f97c4830
go: added github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0
go: added github.com/cyphar/filepath-securejoin v0.2.3
+ compile_native_go_fuzzer github.com/antonmedv/expr/test/fuzz FuzzExpr fuzz_expr

$ python infra/helper.py run_fuzzer expr fuzz_expr
INFO:__main__:Running: docker run --rm --privileged --shm-size=2g --platform linux/amd64 -i -e FUZZING_ENGINE=libfuzzer -e SANITIZER=address -e RUN_FUZZER_MODE=interactive -e HELPER=True -v /Users/anton/dev/google/oss-fuzz/build/out/expr:/out -t gcr.io/oss-fuzz-base/base-runner run_fuzzer fuzz_expr.
Using seed corpus: fuzz_expr_seed_corpus.zip
/out/fuzz_expr -rss_limit_mb=2560 -timeout=25 /tmp/fuzz_expr_corpus -dict=fuzz_expr.dict < /dev/null
bash: line 1:    26 Killed                  /out/fuzz_expr -rss_limit_mb=2560 -timeout=25 /tmp/fuzz_expr_corpus -dict=fuzz_expr.dict < /dev/null

@jonathanmetzman PTAL

[jonathanmetzman]

Did you update the PR?

[antonmedv]

I only updated my repo.

[antonmedv]

Will update the branch.

[antonmedv]

@jonathanmetzman PTAL