24 lines
1.7 KiB
Markdown
24 lines
1.7 KiB
Markdown
# Build
|
|
The fuzz targets can be build with `./build.sh --fuzz [--disable-tests]`. They compile with ASan and UBSan by default, see `coreconf/fuzz.sh`.
|
|
|
|
# OSS-Fuzz
|
|
All fuzz targets run continuously on oss-fuzz, the respective `project.yaml` can be found at https://github.com/google/oss-fuzz/blob/master/projects/nss/project.yaml. An overview with code coverage is available at https://introspector.oss-fuzz.com/project-profile?project=nss, as well as a link to a more detailed fuzz introspector report.
|
|
|
|
# MozillaSecurity/orion
|
|
We regularly run two services, one to collect coverage information ourselves and another one to mirror the public oss-fuzz corpora and populate the private bucket with new testcases. Code coverage reports can be found at https://fuzzmanager.fuzzing.mozilla.org/covmanager/reports/.
|
|
|
|
- nss-coverage service: https://github.com/MozillaSecurity/orion/tree/master/services/nss-coverage
|
|
- nss-corpus-update service: https://github.com/MozillaSecurity/orion/tree/master/services/nss-corpus-update
|
|
|
|
# Adding a new fuzz target
|
|
The fuzz targets are located at `fuzz/targets`. Some additional things to keep in my mind when adding a new fuzz target:
|
|
- Every fuzz target needs a `.options` file at `fuzz/options`, other fuzz tooling depends on it.
|
|
- For CI integration, schedule the corresponding fuzzing runs at `automation/taskcluster/graph/src/extend.js`.
|
|
- Testcases can be extracted from the existing tests by adding hooks to `fuzz/config/frida_corpus/hooks.js` and `fuzz/config/frida_corpus/cli.py`.
|
|
|
|
# Useful Links
|
|
- https://oss-fuzz.com/
|
|
- https://introspector.oss-fuzz.com/project-profile?project=nss
|
|
- https://fuzzmanager.fuzzing.mozilla.org/covmanager/reports/
|
|
- https://github.com/MozillaSecurity/orion
|
|
- https://treeherder.mozilla.org/jobs?repo=nss-try
|