google / oss-fuzz

OSS-Fuzz - continuous fuzzing for open source software.
https://google.github.io/oss-fuzz
Apache License 2.0
10.51k stars 2.23k forks source link

Support Wycheproof on OSS-Fuzz #8034

Open jonathanmetzman opened 2 years ago

jonathanmetzman commented 2 years ago

Metabug

jonathanmetzman commented 2 years ago

Accidentally pushed https://github.com/google/oss-fuzz/commit/8d5c72d77aca0bd4c2022083d2e7458e0d9daa9b to master. This adds wycheproof support to bad build check.

jonathanmetzman commented 2 years ago

@bleichen how do I build wycheproof tests and then run them on different hosts? I need to modify https://github.com/google/oss-fuzz/blob/master/projects/bc-java-wycheproof/build.sh#L18 to do this.

jonathanmetzman commented 2 years ago

If you want to test what I mean, try this:

git clone https://github.com/google/oss-fuzz && cd oss-fuzz
python infra/helper.py build_fuzzers bc-java-wycheproof --engine wycheproof --sanitizer none
./build/out/bc-java-wycheproof/BouncyCastleAllTests

Under the hood running that binary works on the build image where it does this:

$ java -classpath "./BouncyCastleAllTests.runfiles/__main__/BouncyCastleAllTests.jar:./BouncyCastleAllTests.runfiles/__main__/libutils.jar:./BouncyCastleAllTests.runfiles/__main__/../com_google_code_gson/gson-2.7.jar:./BouncyCastleAllTests.runfiles/__main__/../com_google_code_findbugs_jsr305/jsr305-2.0.3.jar:./BouncyCastleAllTests.runfiles/__main__/../junit/junit-4.12.jar:./BouncyCastleAllTests.runfiles/__main__/../org_hamcrest_core/hamcrest-core-1.3.jar:./BouncyCastleAllTests.runfiles/__main__/../bouncycastle_1_59/bcprov-jdk15on-1.59.jar:./BouncyCastleAllTests.runfiles/__main__/../remote_java_tools/java_tools/Runner_deploy.jar" -ea "-Dbazel.test_suite=com.google.security.wycheproof.BouncyCastleAllTests" com.google.testing.junit.runner.BazelTestRunner
Error: Could not find or load main class com.google.testing.junit.runner.BazelTestRunner
Caused by: java.lang.ClassNotFoundException: com.google.testing.junit.runner.BazelTestRunner
jonathanmetzman commented 2 years ago

To describe at a high level what the problem is: OSS-Fuzz builds fuzzers on one host and then runs these fuzzers on another host. wycheproof seems to work by using blaze's unittest functionality when it needs to produce exectuables that can be run on another host.

oliverchang commented 2 years ago

Awesome progress here! I believe this issue of running on another host has been resolved now after https://github.com/google/oss-fuzz/pull/8044 right?

jonathanmetzman commented 2 years ago

Yep I think @mihaimaruseac (mostly) fixed it. There are still some test failures running wycheproof though.