Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ Support for C++ fuzz functions in the fuzzing check, add more const LanguageNames for clients #2001

Closed
wants to merge 12 commits into from
Closed

✨ Support for C++ fuzz functions in the fuzzing check, add more const LanguageNames for clients #2001

wants to merge 12 commits into from

Conversation

aidenwang9867
Copy link
Contributor

@aidenwang9867 aidenwang9867 commented Jun 23, 2022
edited

What kind of change does this PR introduce?

  1. Add support for C++ built-in fuzz functions check as a part of scorecard's fuzzing check.
  2. Add corresponding unit tests for C++ fuzz func matching
  3. Add more const LanguageNames in clients/languages.go.

What is the current behavior?

Scorecard supports (1) ClusterFuzzLite, (2) OSS-Fuzz, and (3) Go built-in Fuzzing in the fuzzing check.

What is the new behavior (if this is a feature change)?**

Checking for C++ fuzz functions now is included in the fuzzing check.

  • Tests for the changes have been added (for bug fixes/features)

Special notes for your reviewer

Does this PR introduce a user-facing change?

Yes, same as in PR #1979.

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

Users now can check for C++ fuzz functions in their repo as a part of the fuzzing check, and with param `--details`, detailed fuzz function names and positions can be seen in the result.

@aidenwang9867 aidenwang9867 temporarily deployed to integration-test June 23, 2022 00:15 Inactive
@aidenwang9867 aidenwang9867 changed the title ✨ Add fuzzing check support for C++ fuzz functions and more const LanguageNames ✨ Support for C++ fuzz functions in the fuzzing check, add more const LanguageNames for clients Jun 23, 2022
@codecov
Copy link

codecov bot commented Jun 23, 2022
edited

Codecov Report

Merging #2001 (05dec6d) into main (7f0258e) will increase coverage by 2.45%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #2001      +/-   ##
==========================================
+ Coverage   42.79%   45.25%   +2.45%     
==========================================
  Files          93       93              
  Lines        7695     7695              
==========================================
+ Hits         3293     3482     +189     
+ Misses       4146     3950     -196     
- Partials      256      263       +7

@github-actions
Copy link

Integration tests success for
[9a0f160]
(https://github.com/ossf/scorecard/actions/runs/2545920065)

@aidenwang9867 aidenwang9867 mentioned this pull request Jun 23, 2022
Open
@aidenwang9867 aidenwang9867 temporarily deployed to integration-test June 23, 2022 17:03 Inactive
@github-actions
Copy link

Integration tests success for
[fc5d95d]
(https://github.com/ossf/scorecard/actions/runs/2550757294)

@laurentsimon
Copy link
Contributor

@oliverchang @Navidem @metzman can you take a look?

olivekl
olivekl reviewed Jun 24, 2022
View reviewed changes
Copy link
Contributor

@olivekl olivekl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doc changes LGTM. Nice work on adding C++ support!

oliverchang
oliverchang reviewed Jul 5, 2022
View reviewed changes
Copy link
Contributor

@oliverchang oliverchang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice!

checks/raw/fuzzing.go Outdated Show resolved Hide resolved
@aidenwang9867 aidenwang9867 temporarily deployed to integration-test July 7, 2022 06:19 Inactive
@github-actions
Copy link

github-actions bot commented Jul 7, 2022

Integration tests success for
[1f77a10]
(https://github.com/ossf/scorecard/actions/runs/2627578516)

@github-actions
Copy link

github-actions bot commented Jul 7, 2022

Integration tests success for
[f815c6e]
(https://github.com/ossf/scorecard/actions/runs/2627578037)

@aidenwang9867 aidenwang9867 temporarily deployed to integration-test July 7, 2022 22:23 Inactive
@github-actions
Copy link

github-actions bot commented Jul 7, 2022

Integration tests success for
[863cbb2]
(https://github.com/ossf/scorecard/actions/runs/2632676896)

@aidenwang9867 aidenwang9867 temporarily deployed to integration-test July 7, 2022 23:29 Inactive
@github-actions
Copy link

github-actions bot commented Jul 7, 2022

Integration tests success for
[7ce2186]
(https://github.com/ossf/scorecard/actions/runs/2632928747)

@aidenwang9867 aidenwang9867 temporarily deployed to integration-test July 22, 2022 04:57 Inactive
@github-actions
Copy link

Integration tests success for
[150ffcd]
(https://github.com/ossf/scorecard/actions/runs/2716406414)

@aidenwang9867 aidenwang9867 temporarily deployed to integration-test August 1, 2022 20:54 Inactive
@github-actions
Copy link

github-actions bot commented Aug 1, 2022

Integration tests success for
[53358bf]
(https://github.com/ossf/scorecard/actions/runs/2777794788)

@aidenwang9867 aidenwang9867 temporarily deployed to integration-test August 5, 2022 22:22 Inactive
@github-actions
Copy link

github-actions bot commented Aug 5, 2022

Integration tests success for
[05dec6d]
(https://github.com/ossf/scorecard/actions/runs/2806557237)

@github-actions
Copy link

Stale pull request message

@laurentsimon
Copy link
Contributor

Keep this PR active.

@github-actions
Copy link

Stale pull request message

@github-actions
Copy link

Stale pull request message

oliverchang
oliverchang approved these changes Sep 12, 2022
View reviewed changes
docs/checks.md
@@ -320,7 +320,7 @@ This check tries to determine if the project uses
[fuzzing](https://owasp.org/www-community/Fuzzing) by checking:
1. if the repository name is included in the [OSS-Fuzz](https://github.com/google/oss-fuzz) project list;
2. if [ClusterFuzzLite](https://google.github.io/clusterfuzzlite/) is deployed in the repository;
3. if there are user-defined language-specified fuzzing functions (currently only supports [Go fuzzing](https://go.dev/doc/fuzz/)) in the repository.
3. if there are user-defined language-specified fuzzing functions (currently supports [Go Fuzzing](https://go.dev/doc/fuzz/)) and [C++ Fuzz Test](https://help.code-intelligence.com/create-a-c-fuzz-test) in the repository.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please replace the C++ link with https://llvm.org/docs/LibFuzzer.html#fuzz-target

docs/checks/internal/checks.yaml
@@ -377,7 +377,7 @@ checks:
[fuzzing](https://owasp.org/www-community/Fuzzing) by checking:
1. if the repository name is included in the [OSS-Fuzz](https://github.com/google/oss-fuzz) project list;
2. if [ClusterFuzzLite](https://google.github.io/clusterfuzzlite/) is deployed in the repository;
3. if there are user-defined language-specified fuzzing functions (currently only supports [Go fuzzing](https://go.dev/doc/fuzz/)) in the repository.
3. if there are user-defined language-specified fuzzing functions (currently supports [Go Fuzzing](https://go.dev/doc/fuzz/)) and [C++ Fuzz Test](https://help.code-intelligence.com/create-a-c-fuzz-test) in the repository.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please replace the C++ link with https://llvm.org/docs/LibFuzzer.html#fuzz-target

@github-actions
Copy link

Stale pull request message

@github-actions github-actions bot closed this Oct 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@olivekl olivekl olivekl left review comments

@oliverchang oliverchang oliverchang approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@aidenwang9867 @laurentsimon @oliverchang @olivekl