Fuzzing #206
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Fuzzing | |
| on: | |
| schedule: | |
| # Run daily at midnight UTC | |
| - cron: '0 0 * * *' | |
| workflow_dispatch: | |
| inputs: | |
| duration: | |
| description: 'Fuzzing duration in seconds' | |
| required: false | |
| default: '600' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| jobs: | |
| fuzz: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 90 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - fuzz_decrypt | |
| - fuzz_kdf | |
| - fuzz_manifest | |
| - fuzz_chunked | |
| - fuzz_config | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - name: Clone sibling dependencies | |
| shell: bash | |
| run: | | |
| git clone --depth 1 https://github.com/Dicklesworthstone/asupersync.git ../asupersync | |
| git clone --depth 1 https://github.com/Dicklesworthstone/frankensqlite.git ../frankensqlite | |
| git clone --depth 1 https://github.com/Dicklesworthstone/franken_agent_detection.git ../franken_agent_detection | |
| git clone --depth 1 https://github.com/Dicklesworthstone/frankensearch.git ../frankensearch | |
| - name: Install Rust nightly | |
| uses: dtolnay/rust-toolchain@881ba7bf39a41cda34ac9e123fb41b44ed08232f # nightly | |
| with: | |
| components: llvm-tools-preview | |
| - name: Install cargo-fuzz | |
| run: cargo install cargo-fuzz | |
| - name: Restore corpus cache | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 | |
| with: | |
| path: fuzz/corpus/${{ matrix.target }} | |
| key: fuzz-corpus-${{ matrix.target }}-${{ github.sha }} | |
| restore-keys: | | |
| fuzz-corpus-${{ matrix.target }}- | |
| - name: Run fuzzer | |
| run: | | |
| DURATION=${{ github.event.inputs.duration || '600' }} | |
| cargo +nightly fuzz run ${{ matrix.target }} -- \ | |
| -max_total_time=$DURATION \ | |
| -max_len=65536 \ | |
| -print_final_stats=1 || true | |
| - name: Save corpus | |
| uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 | |
| if: always() | |
| with: | |
| path: fuzz/corpus/${{ matrix.target }} | |
| key: fuzz-corpus-${{ matrix.target }}-${{ github.sha }} | |
| - name: Upload crashes | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 | |
| if: failure() | |
| with: | |
| name: crashes-${{ matrix.target }} | |
| path: fuzz/artifacts/${{ matrix.target }} | |
| if-no-files-found: ignore | |
| report: | |
| runs-on: ubuntu-latest | |
| needs: fuzz | |
| if: always() | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Summary | |
| run: | | |
| echo "## Fuzzing Complete" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "Targets fuzzed:" >> $GITHUB_STEP_SUMMARY | |
| echo "- fuzz_decrypt" >> $GITHUB_STEP_SUMMARY | |
| echo "- fuzz_kdf" >> $GITHUB_STEP_SUMMARY | |
| echo "- fuzz_manifest" >> $GITHUB_STEP_SUMMARY | |
| echo "- fuzz_chunked" >> $GITHUB_STEP_SUMMARY | |
| echo "- fuzz_config" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "Duration: ${{ github.event.inputs.duration || '600' }} seconds per target" >> $GITHUB_STEP_SUMMARY |