Source code
Revision control
Copy as Markdown
Other Tools
# Build
The fuzz targets can be build with `./build.sh --fuzz [--disable-tests]`. They compile with ASan and UBSan by default, see `coreconf/fuzz.sh`.
# OSS-Fuzz
All fuzz targets run continuously on oss-fuzz, the respective `project.yaml` can be found at https://github.com/google/oss-fuzz/blob/master/projects/nss/project.yaml. An overview with code coverage is available at https://introspector.oss-fuzz.com/project-profile?project=nss, as well as a link to a more detailed fuzz introspector report.
# MozillaSecurity/orion
We regularly run two services, one to collect coverage information ourselves and another one to mirror the public oss-fuzz corpora and populate the private bucket with new testcases. Code coverage reports can be found at https://fuzzmanager.fuzzing.mozilla.org/covmanager/reports/.
- nss-corpus-update service: https://github.com/MozillaSecurity/orion/tree/master/services/nss-corpus-update
# Adding a new fuzz target
The fuzz targets are located at `fuzz/targets`. Some additional things to keep in my mind when adding a new fuzz target:
- Every fuzz target needs a `.options` file at `fuzz/options`, other fuzz tooling depends on it.
- For CI integration, schedule the corresponding fuzzing runs at `automation/taskcluster/graph/src/extend.js`.
- Testcases can be extracted from the existing tests by adding hooks to `fuzz/config/frida_corpus/hooks.js` and `fuzz/config/frida_corpus/cli.py`.
# Useful Links