ExternalVendorCode/onefuzz
1
0
Fork 0
mirror of https://github.com/microsoft/onefuzz.git synced 2025-06-09 08:41:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,148 Commits 88 Branches 111 Tags
Commit Graph

1881 Commits

Author SHA1 Message Date
George Pollard
03e5efffe0
Update packages from CG report (#3031) 
* Update Azure.Data.Tables

* Update wiremock, h2, hyper
 2023-04-18 00:54:45 +00:00
George Pollard
256f261f2c
Parse .NET exception stacks in crash output (#2988) 2023-04-18 10:50:02 +12:00
George Pollard
dc7d5ec2d5
Remove old RUSTSEC suppression (#3017) 2023-04-13 09:01:51 -04:00
Teo Voinea
c105423d14
Add maxPerPage to ORM (#3016) 
* Add support for maxPerPage in OMR

* Fix small bug
 2023-04-12 20:37:56 +00:00
Teo Voinea
41fa0a78bb
Cap recursion in ORM (#2992) 
* Add new command

* Update remaining jinja templates and references to use scriban

* almost done

* making progress

* Add 2 cases to stop OOM exceptions in the future

* More logs

* PR feedback

* Remove unnecessary changes

* 🧹

* PR comments
 2023-04-13 08:22:39 +12:00
George Pollard
ace0ccc2d8
cargo update -p hyper (#3008) 2023-04-11 22:37:36 +00:00
George Pollard
f84b9c1a88
Bump Xunit (#3009) 2023-04-11 20:50:46 +00:00
Noah McGregor Harper
169cef7a06
Remove Additional config params - require on each request (#3000) 
* Only Overrite Config Cache

* Lint

* Fixing isort.

* Removing expiry.

* Removing import.

* Removing config params.

* Remove bad import.

* Adjusting to type changes.

* Remove whitespace.

* Formatting.

* Formatting.

* null check.

* Formatting.
 2023-04-11 11:35:09 -07:00
Adam
77c42930a6
adding updated key vault policy for Microsoft.Azure.WebSites (#3006) 
* Fixes permissions on access policy needed for SSL cert syncing
 2023-04-11 10:07:37 -07:00
George Pollard
a39666021a
Unify some crate versions (#3010) 
In Component Governance we have a bunch of crates which are consumed twice under different versions in the `agent` and `proxy-manager` components. Try to unify some of these to reduce the overall dependency count (and potentially help with build times).
 2023-04-11 09:10:49 -04:00
dependabot[bot]
0ae81b2987
Bump gimli from 0.26.2 to 0.27.2 in /src/agent (#2836) 
Bumps [gimli](https://github.com/gimli-rs/gimli) from 0.26.2 to 0.27.2.
- [Release notes](https://github.com/gimli-rs/gimli/releases)
- [Changelog](https://github.com/gimli-rs/gimli/blob/master/CHANGELOG.md)
- [Commits](https://github.com/gimli-rs/gimli/compare/0.26.2...0.27.2)

---
updated-dependencies:
- dependency-name: gimli
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-11 00:35:10 +00:00
dependabot[bot]
d108706353
Bump rayon from 1.6.1 to 1.7.0 in /src/agent (#2990) 
Bumps [rayon](https://github.com/rayon-rs/rayon) from 1.6.1 to 1.7.0.
- [Release notes](https://github.com/rayon-rs/rayon/releases)
- [Changelog](https://github.com/rayon-rs/rayon/blob/master/RELEASES.md)
- [Commits](https://github.com/rayon-rs/rayon/compare/rayon-core-v1.6.1...rayon-core-v1.7.0)

---
updated-dependencies:
- dependency-name: rayon
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-11 00:16:27 +00:00
dependabot[bot]
c35c312eaf
Bump iced-x86 from 1.17.0 to 1.18.0 in /src/agent (#2880) 
Bumps [iced-x86](https://github.com/icedland/iced) from 1.17.0 to 1.18.0.
- [Release notes](https://github.com/icedland/iced/releases)
- [Commits](https://github.com/icedland/iced/compare/v1.17.0...v1.18.0)

---
updated-dependencies:
- dependency-name: iced-x86
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-10 23:49:19 +00:00
dependabot[bot]
ebbedb7af1
Bump Microsoft.Azure.Functions.Worker.Extensions.Storage from 5.0.0 to 5.0.1 in /src/ApiService (#2969) 
* Bump Microsoft.Azure.Functions.Worker.Extensions.Storage

Bumps [Microsoft.Azure.Functions.Worker.Extensions.Storage](https://github.com/Azure/azure-functions-dotnet-worker) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/Azure/azure-functions-dotnet-worker/releases)
- [Changelog](https://github.com/Azure/azure-functions-dotnet-worker/blob/main/release_notes.md)
- [Commits](https://github.com/Azure/azure-functions-dotnet-worker/commits/storage-extension-5.0.1)

---
updated-dependencies:
- dependency-name: Microsoft.Azure.Functions.Worker.Extensions.Storage
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Dotnet restore

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Pollard <gpollard@microsoft.com>
 2023-04-11 11:21:14 +12:00
Adam
ab2958a6ac
Add custom domain cert KeyVault access policy to deployment (#3004) 
* added certificate key vault access policy
 2023-04-10 22:13:50 +00:00
Cheick Keita
e35b9fa0c7
Pass the task tags to the agent (#2895) 
* Pass the task tags to the agent

* build fix

* build fix

* format
 2023-04-10 21:57:15 +00:00
Cheick Keita
35e9effe4d
Allow the duration of the tasks to be specified in the template (#2997) 2023-04-10 19:16:48 +00:00
Adam
4195fc8533
updating rust dependency crossbeam-channel to 0.5.8 (#3002) 2023-04-10 11:49:27 -07:00
Teo Voinea
ba817a9e08
Implement ITruncatable for EventJobStopped (#2993) 2023-04-10 17:14:43 +00:00
Noah McGregor Harper
e835fb1867
Adding handle for missing unique field key in AdoFields (#2986) 
* Adding handle for missing unique field key in .

* Better approach.

* Using TyGetValue.
 2023-04-07 13:30:29 -07:00
Cheick Keita
1ae063969b
Fix Notification delete (#2987) 2023-04-07 19:38:10 +00:00
dependabot[bot]
446b8638bd
Bump TaskTupleAwaiter from 2.0.0 to 2.0.3 in /src/ApiService (#2978) 
* Bump TaskTupleAwaiter from 2.0.0 to 2.0.3 in /src/ApiService

Bumps [TaskTupleAwaiter](https://github.com/buvinghausen/TaskTupleAwaiter) from 2.0.0 to 2.0.3.
- [Release notes](https://github.com/buvinghausen/TaskTupleAwaiter/releases)
- [Commits](https://github.com/buvinghausen/TaskTupleAwaiter/compare/2.0.0...2.0.3)

---
updated-dependencies:
- dependency-name: TaskTupleAwaiter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* dotnet restore

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Pollard <gpollard@microsoft.com>
 2023-04-06 02:20:54 +00:00
Cheick Keita
d27d815d92
Better logging of failure in the task_logger (#2940) 
* logging task_logger failure

* format

* clippy fxes

* cleanup

* address comments
 2023-04-06 00:38:11 +00:00
dependabot[bot]
f19a0e8d70
Bump elsa from 1.7.0 to 1.8.1 in /src/agent (#2983) 
Bumps [elsa](https://github.com/manishearth/elsa) from 1.7.0 to 1.8.1.
- [Release notes](https://github.com/manishearth/elsa/releases)
- [Commits](https://github.com/manishearth/elsa/compare/v1.7.0...v1.8.1)

---
updated-dependencies:
- dependency-name: elsa
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-05 22:59:29 +00:00
dependabot[bot]
0428da2425
Bump tempfile from 3.4.0 to 3.5.0 in /src/agent (#2976) 
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/Stebalien/tempfile/releases)
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/NEWS)
- [Commits](https://github.com/Stebalien/tempfile/commits)

---
updated-dependencies:
- dependency-name: tempfile
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-05 22:30:56 +00:00
dependabot[bot]
98656371b0
Bump tokio from 1.25.0 to 1.27.0 in /src/agent (#2975) 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.25.0 to 1.27.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.25.0...tokio-1.27.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-05 22:11:06 +00:00
dependabot[bot]
2b1f400e71
Bump crossterm from 0.25.0 to 0.26.1 in /src/agent (#2888) 
Bumps [crossterm](https://github.com/crossterm-rs/crossterm) from 0.25.0 to 0.26.1.
- [Release notes](https://github.com/crossterm-rs/crossterm/releases)
- [Changelog](https://github.com/crossterm-rs/crossterm/blob/master/CHANGELOG.md)
- [Commits](https://github.com/crossterm-rs/crossterm/compare/0.25...0.26.1)

---
updated-dependencies:
- dependency-name: crossterm
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-05 21:47:57 +00:00
George Pollard
f047f5d9d6
UniqueReports should be UniqueInputs (#2982) 2023-04-05 21:18:16 +00:00
Teo Voinea
363cae0f33
Make GetNotification nullable (#2981) 2023-04-05 16:06:55 -04:00
Teo Voinea
5519ad0396
Update feature configuration package and use different ids for feature flags (#2980) 2023-04-05 13:14:48 -04:00
dependabot[bot]
f62fe0ca2a
Bump uuid from 0.8.2 to 1.3.0 (#2973) 
* Bump uuid from 0.8.2 to 1.2.1 in /src/proxy-manager

Bumps [uuid](https://github.com/uuid-rs/uuid) from 0.8.2 to 1.2.1.
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/0.8.2...1.2.1)

---
updated-dependencies:
- dependency-name: uuid
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update all to 1.3.0

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Pollard <gpollard@microsoft.com>
 2023-04-05 16:42:19 +12:00
dependabot[bot]
d203f5865b
Bump notify from 5.0.0-pre.14 to 5.1.0 in /src/agent (#2871) 
Bumps [notify](https://github.com/notify-rs/notify) from 5.0.0-pre.14 to 5.1.0.
- [Release notes](https://github.com/notify-rs/notify/releases)
- [Changelog](https://github.com/notify-rs/notify/blob/main/CHANGELOG.md)
- [Commits](https://github.com/notify-rs/notify/compare/5.0.0-pre.14...notify-5.1.0)

---
updated-dependencies:
- dependency-name: notify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-05 02:56:03 +00:00
dependabot[bot]
6725c0f0c0
Bump bytes from 1.2.0 to 1.4.0 in /src/agent (#2815) 
Bumps [bytes](https://github.com/tokio-rs/bytes) from 1.2.0 to 1.4.0.
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/bytes/compare/v1.2.0...v1.4.0)

---
updated-dependencies:
- dependency-name: bytes
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-05 02:33:42 +00:00
dependabot[bot]
47cf9af9b4
Bump tokio from 1.25.0 to 1.27.0 in /src/proxy-manager (#2951) 
* Bump tokio from 1.25.0 to 1.27.0 in /src/proxy-manager

Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.25.0 to 1.27.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.25.0...tokio-1.27.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Allow Unicode-DFS-2016 license

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Pollard <gpollard@microsoft.com>
 2023-04-05 02:21:13 +00:00
dependabot[bot]
bfde38e171
Bump coverlet.collector from 3.1.2 to 3.2.0 in /src/ApiService (#2971) 
* Bump coverlet.collector from 3.1.2 to 3.2.0 in /src/ApiService

Bumps [coverlet.collector](https://github.com/coverlet-coverage/coverlet) from 3.1.2 to 3.2.0.
- [Release notes](https://github.com/coverlet-coverage/coverlet/releases)
- [Commits](https://github.com/coverlet-coverage/coverlet/commits/v3.2.0)

---
updated-dependencies:
- dependency-name: coverlet.collector
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* dotnet restore

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Pollard <gpollard@microsoft.com>
 2023-04-05 02:05:44 +00:00
dependabot[bot]
469724101e
Bump FluentAssertions from 6.7.0 to 6.10.0 in /src/ApiService (#2968) 
* Bump FluentAssertions from 6.7.0 to 6.10.0 in /src/ApiService

Bumps [FluentAssertions](https://github.com/fluentassertions/fluentassertions) from 6.7.0 to 6.10.0.
- [Release notes](https://github.com/fluentassertions/fluentassertions/releases)
- [Changelog](https://github.com/fluentassertions/fluentassertions/blob/develop/AcceptApiChanges.ps1)
- [Commits](https://github.com/fluentassertions/fluentassertions/compare/6.7.0...6.10.0)

---
updated-dependencies:
- dependency-name: FluentAssertions
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* dotnet restore

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Pollard <gpollard@microsoft.com>
 2023-04-05 01:29:34 +00:00
George Pollard
7ea0901277
Update .NET libraries which have security problems in transitive dependencies (#2967) 
The existing versions of these libraries have dependencies on packages with known vulnerabilities.

Updating the ADO packages fixes the following:

- `Newtonsoft.Json` (High) https://github.com/advisories/GHSA-5crp-9r3c-p9vr
- `System.Data.SqlClient` (Moderate) https://github.com/advisories/GHSA-8g2p-5pqh-5jmc
- `System.Drawing.Common` (Critical) https://github.com/advisories/GHSA-rxg9-xrhp-64gj

Updating the Identity packages fixes the following:

- `System.Security.Cryptography.Xml` (Moderate) https://github.com/advisories/GHSA-2m65-m22p-9wjw

Updating the System.Text.RegularExpressions package fixed:

- `System.Text.RegularExpressions` (High) https://github.com/advisories/GHSA-cmhx-cq75-c4mj

Updating the System.Net.Http package (in test project) fixed:

- `System.Net.Http` (High) https://github.com/advisories/GHSA-7jgj-8wvc-jh57
 2023-04-05 01:05:16 +00:00
Adam
b8f03277e6
Update az cli 2.47 (#2959) 
* update az cli to fix bicep error deploying from ADO

* update AZ CLI deps


---------

Co-authored-by: George Pollard <gpollard@microsoft.com>
 2023-04-04 13:54:44 -07:00
George Pollard
810ccff428
Use minimized stack for crash site (#2962) 2023-04-04 20:37:04 +00:00
Teo Voinea
8bd2d40f6f
Loosen scriban validation (#2963) 
* Add new command

* Update remaining jinja templates and references to use scriban

* Do not enforce that key exists in dictionary when doing strict validation
 2023-04-04 11:09:13 -04:00
George Pollard
34b513eda2
Rename EventGrid subscription (#2960) 2023-04-04 02:41:27 +00:00
Cheick Keita
706c9fc992
Fix and CVE-2023-0286 (#2957) 
- Added tempfile dependency to fix WS-2023-0045
- removed explicit version in example to fix WS-2023-0045
 2023-04-03 13:50:25 -07:00
George Pollard
8cbf66ebfa
Ensure custom target_options are always passed last to the fuzzer (#2952) 
Fixes #2941. 

It is possible for users to supply `target_options` which could interfere with the normal arguments that we pass. For example `-ignore_remaining_args=1` might be used when the user has custom options they need to parse in `LLVMFuzzerInitialize`.

To prevent these from interfering with our options, change the LibFuzzer code so that custom arguments are _always_ passed last.

This required two additional arguments to the `build_std_command` function:

- `extra_args` supplies any extra arguments needed by the system, for example, when testing the runnability of a fuzzer we pass `-help=1`. This is needed to be able to insert the argument before any custom args.
- `custom_arg_filter` can be supplied to perform any modifications on the custom arguments if needed. Since LibFuzzer arguments are last-one-wins, if we always pass custom args last, when we want to forcibly override the custom arguments we will need to remove them. Currently this is only used to remove any `-runs=X` arguments that are supplied when we are performing a single-input run.
 2023-04-03 11:27:29 +12:00
Cheick Keita
6933521a1a
Adding validation command to the agent (#2948) 
* WIP: Adding a validation command to the agent

* introducing a ValidationConfig

* refactoring

* adding verification code

* remove unused test

* format

* update dependencies

* adding a command to get the loading logs

* add print logs for linux

* clippy fix

* clippy on windows

* renaming stuff

* bug fix
 2023-03-31 13:23:25 -07:00
Cheick Keita
795ece3675
Add option to specify a known crash container (#2950) 
* add option to upload known crash directory

* specify a container instead of a directory

* remove crash upload
 2023-03-28 12:47:38 -07:00
George Pollard
3c3f12a7e4
Make ImageReference strongly-typed and checked up-front (#2369) 
- Turn `ImageReference` into its own type so it is validated early on in request submission time, and we don't end up with malformed IDs, etc.
- Add in support for shared image galleries since that was easy enough to add while I'm doing this.
- Explicitly document which image sources are permitted and how to reference them with resource IDs.

This addresses/closes #1464 for the C# port. Also fixes #2927 which was recently reported.
 2023-03-26 22:20:08 +00:00
dependabot[bot]
6d5161cd14
Bump openssl from 0.10.41 to 0.10.48 in /src/agent (#2946) 
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.41 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.41...openssl-v0.10.48)

---
updated-dependencies:
- dependency-name: openssl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-26 21:53:05 +00:00
dependabot[bot]
6985fcb76a
Bump openssl from 0.10.36 to 0.10.48 in /src/proxy-manager (#2945) 
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.36 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.36...openssl-v0.10.48)

---
updated-dependencies:
- dependency-name: openssl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-27 10:30:05 +13:00
George Pollard
260abca73a
Install v17 redistributables (#2943) 2023-03-24 15:19:39 +13:00
Adam
3adb2fee36
Update integration test pool size (#2935) 
* Upping VMSS count from 10 -> 20 on default tests
 2023-03-23 16:26:46 -07:00