Commit ae0b2eaa authored by Yevgeny Pats's avatar Yevgeny Pats
Browse files

Update documentation for continuous async fuzzing

parent b7262c9b
Pipeline #202845068 passed with stage
in 43 seconds
# Continuous Fuzzing for Golang Example
This is an example of how to integrate your [go-fuzz](https://github.com/dvyukov/go-fuzz) targets into GitLab Ci/CD
The example on this branch will show how to run you fuzz targets in async way using [parent-child pipelines](https://docs.gitlab.com/ee/ci/parent_child_pipelines.html) without blocking your main pipeline.
This example works with [go-fuzz](https://github.com/dvyukov/go-fuzz) but the same can be applied to all other [supported languages](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing)
This example will show the following steps:
* [Building and running a simple go-fuzz target locally](#building-go-fuzz-target)
......@@ -133,21 +135,26 @@ The best way to integrate go-fuzz fuzzing with Gitlab CI/CD is by adding additio
```yaml
include:
- template: Coverage-Fuzzing.gitlab-ci.yml
fuzz_test_parse_complex:
extends: .fuzz_base
image: gcr.io/fuzzit-public/buster-golang12:2dc7875
script:
- go-fuzz-build -libfuzzer -o parse-complex.a .
- clang -fsanitize=fuzzer parse-complex.a -o parse-complex
- ./gl-fuzz run --regression=$REGRESSION -- ./parse-complex
sync_fuzzing:
variables:
COVFUZZ_ADDITIONAL_ARGS: '-max_total_time=300'
trigger:
include: .covfuzz-ci.yml
strategy: depend
rules:
- if: $CI_COMMIT_BRANCH != 'continuous_fuzzing' && $CI_PIPELINE_SOURCE != 'merge_request_event'
async_fuzzing:
variables:
COVFUZZ_ADDITIONAL_ARGS: '-max_total_time=3600'
trigger:
include: .covfuzz-ci.yml
rules:
- if: $CI_COMMIT_BRANCH == 'continuous_fuzzing' && $CI_PIPELINE_SOURCE != 'merge_request_event'
```
For each fuzz target you will will have to create a step which extends `.fuzz_base` that runs the following:
* Builds the fuzz target
* Runs the fuzz target via `gl-fuzz` CLI.
* For `$CI_DEFAULT_BRANCH` (can be override by `$COV_FUZZING_BRANCH`) will run fully fledged fuzzing sessions.
For everything else including MRs will run fuzzing regression with the accumlated corpus and fixed crashes.
This essentially creates two steps:
* `sync_fuzzing`: This will run all your fuzz targets for a short period of time in a blocking configuration. This will give you the ability to be confident of your MRs making sure that no low-hanging fruit bugs were introduces or old one re-introduced again.
* `async_fuzzing`: This will run on your main branch and will help you find deep bugs in your code without blocking your developments cycle and MRs.
The `covfuzz-ci.yml` is the same as in [original synchronous example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/go-fuzzing-example#running-go-fuzz-from-ci)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment