From 2c96d90df280e99f0899be6c7d455c7335c0f23c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jiri=20Dan=C4=9Bk?= <jdanek@redhat.com>
Date: Sun, 13 Mar 2022 17:06:34 +0100
Subject: [PATCH 1/3] Add ClusterFuzzLite PR fuzzing

---
 .clusterfuzzlite/Dockerfile     | 26 ++++++++++++++++++
 .clusterfuzzlite/build.sh       | 31 ++++++++++++++++++++++
 .clusterfuzzlite/project.yaml   |  1 +
 .github/workflows/cflite_pr.yml | 47 +++++++++++++++++++++++++++++++++
 4 files changed, 105 insertions(+)
 create mode 100644 .clusterfuzzlite/Dockerfile
 create mode 100755 .clusterfuzzlite/build.sh
 create mode 100644 .clusterfuzzlite/project.yaml
 create mode 100644 .github/workflows/cflite_pr.yml

diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile
new file mode 100644
index 0000000000..fd3ab88270
--- /dev/null
+++ b/.clusterfuzzlite/Dockerfile
@@ -0,0 +1,26 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+FROM gcr.io/oss-fuzz-base/base-builder:v1
+RUN apt-get update && \
+    apt-get install -y \
+        cmake
+COPY . $SRC/qpid-proton
+WORKDIR qpid-proton
+COPY .clusterfuzzlite/build.sh $SRC/
diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh
new file mode 100755
index 0000000000..1a696b8bda
--- /dev/null
+++ b/.clusterfuzzlite/build.sh
@@ -0,0 +1,31 @@
+#!/bin/bash -eu
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+mkdir build
+pushd build
+  cmake .. -DCMAKE_BUILD_TYPE=Release -DBUILD_STATIC_LIBS=ON -DENABLE_FUZZ_TESTING=ON -DFUZZ_REGRESSION_TESTS=OFF
+  pushd c/tests/fuzz/
+    make -j $(nproc)
+  popd
+  cp c/tests/fuzz/{fuzz-connection-driver,fuzz-message-decode} $OUT/
+popd
+
+zip -j $OUT/fuzz-connection-driver_seed_corpus.zip c/tests/fuzz/fuzz-connection-driver/corpus/* c/tests/fuzz/fuzz-connection-driver/crash/*
+zip -j $OUT/fuzz-message-decode_seed_corpus.zip c/tests/fuzz/fuzz-message-decode/corpus/* c/tests/fuzz/fuzz-message-decode/crash/*
diff --git a/.clusterfuzzlite/project.yaml b/.clusterfuzzlite/project.yaml
new file mode 100644
index 0000000000..b4788012b1
--- /dev/null
+++ b/.clusterfuzzlite/project.yaml
@@ -0,0 +1 @@
+language: c++
diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml
new file mode 100644
index 0000000000..eba8595947
--- /dev/null
+++ b/.github/workflows/cflite_pr.yml
@@ -0,0 +1,47 @@
+name: ClusterFuzzLite PR fuzzing
+on:
+  pull_request:
+    paths:
+      - '**'
+permissions: read-all
+jobs:
+  PR:
+    runs-on: ubuntu-latest
+    concurrency:
+      group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}
+      cancel-in-progress: true
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer:
+          - address
+        # Override this with the sanitizers you want.
+        # - undefined
+        # - memory
+    steps:
+      - name: Build Fuzzers (${{ matrix.sanitizer }})
+        id: build
+        uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          sanitizer: ${{ matrix.sanitizer }}
+          # Optional but recommended: used to only run fuzzers that are affected
+          # by the PR.
+          # See later section on "Git repo for storage".
+          # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
+          # storage-repo-branch: main   # Optional. Defaults to "main"
+          # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+      - name: Run Fuzzers (${{ matrix.sanitizer }})
+        id: run
+        uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          fuzz-seconds: 600
+          mode: 'code-change'
+          sanitizer: ${{ matrix.sanitizer }}
+          # Optional but recommended: used to download the corpus produced by
+          # batch fuzzing.
+          # See later section on "Git repo for storage".
+          # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
+          # storage-repo-branch: main   # Optional. Defaults to "main"
+          # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".

From ec4d42cdfb2799045b18b3f54ab6eefc25998744 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jiri=20Dan=C4=9Bk?= <jdanek@redhat.com>
Date: Sun, 13 Mar 2022 17:20:40 +0100
Subject: [PATCH 2/3] enable the other sanitizers too

---
 .github/workflows/cflite_pr.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml
index eba8595947..539abe756d 100644
--- a/.github/workflows/cflite_pr.yml
+++ b/.github/workflows/cflite_pr.yml
@@ -15,9 +15,8 @@ jobs:
       matrix:
         sanitizer:
           - address
-        # Override this with the sanitizers you want.
-        # - undefined
-        # - memory
+          - undefined
+          - memory
     steps:
       - name: Build Fuzzers (${{ matrix.sanitizer }})
         id: build

From 6714b4cb055da258a0d565b312de5e3a7162c5c3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jiri=20Dan=C4=9Bk?= <jdanek@redhat.com>
Date: Sun, 13 Mar 2022 17:20:53 +0100
Subject: [PATCH 3/3] add .dockerignore

---
 .dockerignore | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 .dockerignore

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000000..264df2cb86
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,24 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+.git
+build*
+cmake-build*
+**/__pycache__
+**/*.pyc