ExternalVendorCode/onefuzz
1
0
Fork 0
mirror of https://github.com/microsoft/onefuzz.git synced 2025-06-09 00:31:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,148 Commits 88 Branches 111 Tags
Commit Graph

2148 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Cheick Keita
aff9ffe7e8
Adding a time out when closing the app insight channels (#3181) 2023-06-14 19:11:00 +00:00
dependabot[bot]
8cdbf55ea9
Bump tempfile from 3.5.0 to 3.6.0 in /src/agent (#3169) 
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.5.0 to 3.6.0.
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stebalien/tempfile/compare/v3.5.0...v3.6.0)

---
updated-dependencies:
- dependency-name: tempfile
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-13 21:28:17 +00:00
dependabot[bot]
363c2b0bf8
Bump iced-x86 from 1.18.0 to 1.19.0 in /src/agent (#3153) 
Bumps [iced-x86](https://github.com/icedland/iced) from 1.18.0 to 1.19.0.
- [Release notes](https://github.com/icedland/iced/releases)
- [Commits](https://github.com/icedland/iced/compare/v1.18.0...v1.19.0)

---
updated-dependencies:
- dependency-name: iced-x86
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-13 21:02:18 +00:00
dependabot[bot]
8a2b2b4b60
Bump tempfile from 3.5.0 to 3.6.0 in /src/proxy-manager (#3168) 
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.5.0 to 3.6.0.
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stebalien/tempfile/compare/v3.5.0...v3.6.0)

---
updated-dependencies:
- dependency-name: tempfile
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-13 20:40:07 +00:00
Joe Ranweiler
39673be256
Try to kill debuggee if Linux recording times out (#3177) 
* Try to kill debuggee if Linux recording times out

* Add extra cleanup

* Fix Windows warnings

* Fix import

* Minimize mutex lock scope

* Remove redundant wait

* Remove unused import
 2023-06-13 16:10:27 -04:00
Teo Voinea
8c904199da
Improve error reporting from scale-in protection modification (#3184) 2023-06-09 19:41:14 +00:00
Joe Ranweiler
a040aa21ed
Skip entire function if entry offset excluded (#3172) 
Co-authored-by: George Pollard <gpollard@microsoft.com>
 2023-06-09 19:18:29 +00:00
Adam
300a3e2d76
Release-8.3.0 (#3159) 
* Release-8.3.0
 2023-06-08 17:14:02 +00:00
George Pollard
15351a7b44
Bump Rust to 1.70 (#3165) 
https://releases.rs/docs/1.70.0/
 2023-06-08 08:53:51 -04:00
George Pollard
96456d0f7f
Make coverage-recording errors non-fatal (#3166) 
When we record coverage, if any of the files fail (e.g. due to timeouts during coverage recording), then we fail the whole process.

Instead, make coverage recording best-effort: if any files fail then we continue to record coverage using the other files. A warning is printed that we can monitor for any ongoing problems.

Closes #3041
 2023-06-07 22:58:30 +00:00
George Pollard
37aede810a
Fix install of dotnet in devcontainer (#3176) 
* Install dotnet from Ubuntu package sources

* Update to more recent devcontainer format
 2023-06-07 22:21:10 +00:00
Stas
f724741bd3
Port current implementation to ILogger (#3173) 
* Port logging to ILogger

* addressing pr comments

* enable tracking telemetry

* solving merge conflicts

* if debug enable developer mode

* format

* resolving more merging issues

* add reference links to comments

---------

Co-authored-by: stas <statis@microsoft.com>
 2023-06-07 12:11:47 -07:00
Kanan B
8e2e11fcd9
Downloading files to locally repro crashes (#3160) 
Add `repro get_files` command
 2023-06-07 08:17:51 -07:00
George Pollard
e448947abe
Move auth into middleware (#3133) 
Closes #2098.

This cleans up the authentication a bit; after this change we have two stages in the middleware pipeline:

- `AuthenticationMiddleware` reads the JWT token (it does not validate it, this is done by the Azure Functions service) and stores it in `FunctionContext.Items["ONEFUZZ_USER_INFO"]`
- `AuthorizationMiddleware` checks the user info against the `[Authorize]` attribute to see if the user has the required permissions
- Functions can read the user info from the `FunctionContext` if needed

The authorize attribute can be `[Authorize(Allow.User)]` or `Allow.Agent` or `Allow.Admin`. The `Admin` case is new and allows this to be declaratively specified rather than being checked in code. We have several functions which could be changed to use this (e.g. Pool POST/DELETE/PATCH, Scaleset POST/DELETE/PATCH), but I have only changed one so far (JinjaToScriban).

One of the benefits here is that this simplifies the test code a lot: we can set the desired user info directly onto our `(Test)FunctionContext` rather than having to supply a fake that pretends to parse the token from the HTTP request. This will also have benefits when running the service locally for testing purposes (refer to internal issue).

The other benefit is the ability to programmatically read the required authentication for each function, which may help with Swagger generation.
 2023-06-07 13:57:22 +12:00
Cheick Keita
b44cff5236
Store authentication info in keyvault (#3127) 
* Store authentication info in keyvault

* fix tests

* fix tests

* fix test

* fix build

* test fix

* more fix

* format

* fix test

* fix test

* build

* cleanup

* build fix

* test fix

* catch exception when secret does not exist

* more cleanup

* fix tests

* cleanup

* address comments

* more null check
 2023-06-06 13:49:00 -07:00
George Pollard
9aa2519e90
Don’t validate error codes on client side (#3131) 
* Don’t validate error codes on client side

* Update docs

* Format

* Format

* Format
 2023-06-05 23:32:44 +00:00
dependabot[bot]
6c2dbbf67b
Bump url from 2.3.0 to 2.4.0 in /src/proxy-manager (#3152) 
Bumps [url](https://github.com/servo/rust-url) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/servo/rust-url/releases)
- [Commits](https://github.com/servo/rust-url/compare/v2.3.0...v2.4.0)

---
updated-dependencies:
- dependency-name: url
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-05 22:29:36 +00:00
dependabot[bot]
db59cd367d
Bump url from 2.3.0 to 2.4.0 in /src/agent (#3151) 
Bumps [url](https://github.com/servo/rust-url) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/servo/rust-url/releases)
- [Commits](https://github.com/servo/rust-url/compare/v2.3.0...v2.4.0)

---
updated-dependencies:
- dependency-name: url
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-06 10:01:39 +12:00
Cheick Keita
c76cb9b44f
switch tui to ratatui (#3155) 2023-06-05 17:18:17 +00:00
Cheick Keita
bada352699
Include a reason when a task has never started (#3148) 
* Include a reason to mark a task as failed

* mark dependent task cancelled when the task is cancelled

* cleanup

* build fix
 2023-06-04 20:39:29 -07:00
Cheick Keita
5d8f2452d8
remove dependency on the users crate (#3150) 2023-06-02 15:43:27 -07:00
Teo Voinea
0f6073b46d
Fix bug for scale-in protection (#3144) 
* Fix bug for scale-in protection

* Update metric name
 2023-05-31 12:05:58 +00:00
Adam
98007be1c2
Update requests version in CLI requirements to fix CVE (#3145) 
* updated requests version in CLI requirements to fix CVE
 2023-05-30 17:45:38 -07:00
dependabot[bot]
c09daac757
Bump requests in /contrib/deploy-onefuzz-via-azure-devops (#3120) 2023-05-30 18:56:00 +00:00
dependabot[bot]
15747c122d
Bump FluentAssertions from 6.10.0 to 6.11.0 in /src/ApiService (#3140) 
Bumps [FluentAssertions](https://github.com/fluentassertions/fluentassertions) from 6.10.0 to 6.11.0.
- [Release notes](https://github.com/fluentassertions/fluentassertions/releases)
- [Changelog](https://github.com/fluentassertions/fluentassertions/blob/develop/AcceptApiChanges.ps1)
- [Commits](https://github.com/fluentassertions/fluentassertions/compare/6.10.0...6.11.0)

---
updated-dependencies:
- dependency-name: FluentAssertions
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-29 21:58:56 +00:00
dependabot[bot]
b63425419e
Bump Azure.ResourceManager from 1.3.1 to 1.6.0 in /src/ApiService (#3106) 
* Bump Azure.ResourceManager from 1.3.1 to 1.6.0 in /src/ApiService

Bumps [Azure.ResourceManager](https://github.com/Azure/azure-sdk-for-net) from 1.3.1 to 1.6.0.
- [Release notes](https://github.com/Azure/azure-sdk-for-net/releases)
- [Commits](https://github.com/Azure/azure-sdk-for-net/compare/Azure.ResourceManager_1.3.1...Azure.ResourceManager_1.6.0)

---
updated-dependencies:
- dependency-name: Azure.ResourceManager
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* dotnet restore

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Pollard <gpollard@microsoft.com>
 2023-05-29 13:03:23 +12:00
George Pollard
18e99cdd2f
Use --locked when installing Rust pre-reqs (#3139) 2023-05-29 11:05:09 +12:00
dependabot[bot]
a390822124
Bump path-absolutize from 3.0.11 to 3.1.0 in /src/agent (#3088) 
Bumps [path-absolutize](https://github.com/magiclen/path-absolutize) from 3.0.11 to 3.1.0.
- [Commits](https://github.com/magiclen/path-absolutize/compare/v3.0.11...v3.1.0)

---
updated-dependencies:
- dependency-name: path-absolutize
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-25 23:47:08 +00:00
dependabot[bot]
223a90c593
Bump clap from 4.2.4 to 4.3.0 in /src/agent (#3118) 
Bumps [clap](https://github.com/clap-rs/clap) from 4.2.4 to 4.3.0.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.2.4...clap_complete-v4.3.0)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-25 23:25:15 +00:00
Noah McGregor Harper
5fc5659056
Release 8.2.0 (#3126) 
* Release 8.2.0

* Updating.

* Updated
 2023-05-25 12:36:39 -07:00
George Pollard
be56814e43
Bump azure_* crates to 0.12 (#3132) 2023-05-25 09:30:16 -04:00
Cheick Keita
dc0e7f76b3
fix logic to set check_fuzzer_help (#3130) 2023-05-24 09:22:27 -07:00
Cheick Keita
213fc2471f
fix comment explaining why a validator is needed on the templates (#3125) 2023-05-24 15:47:47 +00:00
George Pollard
66b990bb7e
Bring ErrorCode enums into sync (#3129) 
ErrorCode enums on Python & C# side had gotten out of sync. This can cause the CLI to fail to parse responses.
 2023-05-24 08:41:41 -04:00
George Pollard
5048e6d50c
Allow use of readonly_inputs for qemu_user template (#3116) 
* Allow use of readonly_inputs for qemu_user template

* formatting fix
 2023-05-19 12:33:49 +12:00
George Pollard
dc66164cda
Increase lock wait timeout for qemu_user setup (#3114) 2023-05-17 20:55:47 +00:00
George Pollard
2f478d6c0b
Expand valid scaleset names (#3045) 
Scaleset names are now permitted to be any (valid) strings, instead of only GUIDs. When we generate a scaleset name it is now based upon the pool name; for example the pool `pool` might get a scaleset named `pool-3b24ba211cad4b078655914754485838`.

This should be backwards-compatible since GUIDs are [already serialized to table storage as strings](dddcfa4949/src/ApiService/ApiService/onefuzzlib/orm/EntityConverter.cs (L190-L191)), so this simply loosens the restrictions placed upon them.

Scaleset IDs now have a strong type in the same way as other IDs; this helps to avoid mixing them up with other strings. Because of this I found one bug in the scaleset search query logic due to Pool ID/VMSS ID confusion. As part of fixing this I've changed the scaleset search query to only return nodes from the table rather than querying Azure to find a list; this seems to be sufficient for the CLI.
 2023-05-17 09:58:58 +12:00
Noah McGregor Harper
d84b72b5fd
Initial Custom Metrics - Node & Task Heartbeat (#3082) 
* Refactor logging to use  and new function queue

* Testing setup of custom metric.

* Changing host.json

* Updating log interface.

* changes.

* Fix encoding.

* Updating.

* Updating tests.

* Adding metrics to program

* Pushing latest changes.

* Update interface references.

* Removing string type.

* Add string back.

* Getting additional data for task heartbeat.

* Removing additional fields.

* Removing containers.

* Cleaning up.

* Adding feature flag.

* Adding bicep changes.

* Fixing tests.

* Fixing test metrics.

* Removing most of tests.

* Telemetry Refact Round 2.

* Updated metrics.

* Remove custom metric function.

* Syncing events.cs

* Making optional.

* Using events as metric dimensions.

* Fixing ORM tests.

* Remove metric records.

* Removing bad test.

* Remove testmetrics.'

* Adding test back.

* Improving custom dimensions serialization.

* Update src/ApiService/ApiService/onefuzzlib/Metrics.cs

Co-authored-by: Cheick Keita <kcheick@gmail.com>

* Reverting change.

---------

Co-authored-by: Cheick Keita <kcheick@gmail.com>
 2023-05-16 13:17:28 -07:00
Cheick Keita
64782d7e9b
fix tests (#3107) 2023-05-16 12:37:48 -07:00
Cheick Keita
f6473c6b3e
Refactoring log upload (#3087) 
This is refactoring of our log uploading process.

- The process that upload the logs lives with the agent instead of the task
- The task now logs to a file and to the console.
- The task log file is synchronized to the log container periodically
 2023-05-16 18:56:42 +00:00
Teo Voinea
760e7d6c7f
Fix bug when truncating certain reports (#3103) 
* Fix bug when truncating certain reports

* Update src/ApiService/ApiService/onefuzzlib/Utils.cs

Co-authored-by: George Pollard <porges@porg.es>

* PR suggestion

---------

Co-authored-by: George Pollard <porges@porg.es>
 2023-05-16 13:18:05 +00:00
George Pollard
ffcca1c1e9
Add gh to devcontainer (#3105) 2023-05-16 08:28:09 -04:00
George Pollard
f4ab22d570
Checkout compiler-rt sparsely (#3101) 2023-05-15 10:52:01 -07:00
Cheick Keita
447b4c65f4
Add more context to the deletion of nodes (#3102) 
* Add more context to the deletion of nodes

* Update src/ApiService/ApiService/onefuzzlib/ScalesetOperations.cs

Co-authored-by: Teo Voinea <58236992+tevoinea@users.noreply.github.com>

* adding NODE_DELETED error code

---------

Co-authored-by: Teo Voinea <58236992+tevoinea@users.noreply.github.com>
 2023-05-12 19:20:59 +00:00
Teo Voinea
cee37b5ece
Create migrating-to-events-2.0.md (#3098) 
* Create migrating-to-events-2.0.md

* Update migrating-to-events-2.0.md
 2023-05-11 12:27:30 -07:00
George Pollard
13b727201a
Add an event for Repro VM creation (#3091) 2023-05-10 22:28:22 +00:00
Cheick Keita
93b582f92e
Match the agent version to the server (#3093) 
* match the agent version to the server

* fix node state
 2023-05-10 20:01:49 +00:00
Adam
56ca9ed55d
Release 8.1.0 (#3086) 
* Release-8.1.0

---------

Co-authored-by: Teo Voinea <58236992+tevoinea@users.noreply.github.com>
 2023-05-09 15:45:17 -07:00
Teo Voinea
69171af55d
Deserialize user info when pulling from blob (#3089) 2023-05-08 15:12:54 +00:00
Marc Greisen
4044e5cc1a
Fix typo in parameter name and set default value to true. (#3085) 2023-05-04 13:30:07 -07:00