ExternalVendorCode/onefuzz
1
0
Fork 0
mirror of https://github.com/microsoft/onefuzz.git synced 2025-06-09 08:41:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,148 Commits 88 Branches 111 Tags
Commit Graph

2148 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Teo Voinea
ba817a9e08
Implement ITruncatable for EventJobStopped (#2993) 2023-04-10 17:14:43 +00:00
Noah McGregor Harper
e835fb1867
Adding handle for missing unique field key in AdoFields (#2986) 
* Adding handle for missing unique field key in .

* Better approach.

* Using TyGetValue.
 2023-04-07 13:30:29 -07:00
Cheick Keita
1ae063969b
Fix Notification delete (#2987) 2023-04-07 19:38:10 +00:00
George Pollard
947bb7f141
Update codeql-config.yml (#2989) 2023-04-06 08:59:49 -04:00
dependabot[bot]
446b8638bd
Bump TaskTupleAwaiter from 2.0.0 to 2.0.3 in /src/ApiService (#2978) 
* Bump TaskTupleAwaiter from 2.0.0 to 2.0.3 in /src/ApiService

Bumps [TaskTupleAwaiter](https://github.com/buvinghausen/TaskTupleAwaiter) from 2.0.0 to 2.0.3.
- [Release notes](https://github.com/buvinghausen/TaskTupleAwaiter/releases)
- [Commits](https://github.com/buvinghausen/TaskTupleAwaiter/compare/2.0.0...2.0.3)

---
updated-dependencies:
- dependency-name: TaskTupleAwaiter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* dotnet restore

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Pollard <gpollard@microsoft.com>
 2023-04-06 02:20:54 +00:00
Cheick Keita
d27d815d92
Better logging of failure in the task_logger (#2940) 
* logging task_logger failure

* format

* clippy fxes

* cleanup

* address comments
 2023-04-06 00:38:11 +00:00
dependabot[bot]
f19a0e8d70
Bump elsa from 1.7.0 to 1.8.1 in /src/agent (#2983) 
Bumps [elsa](https://github.com/manishearth/elsa) from 1.7.0 to 1.8.1.
- [Release notes](https://github.com/manishearth/elsa/releases)
- [Commits](https://github.com/manishearth/elsa/compare/v1.7.0...v1.8.1)

---
updated-dependencies:
- dependency-name: elsa
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-05 22:59:29 +00:00
dependabot[bot]
0428da2425
Bump tempfile from 3.4.0 to 3.5.0 in /src/agent (#2976) 
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/Stebalien/tempfile/releases)
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/NEWS)
- [Commits](https://github.com/Stebalien/tempfile/commits)

---
updated-dependencies:
- dependency-name: tempfile
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-05 22:30:56 +00:00
dependabot[bot]
98656371b0
Bump tokio from 1.25.0 to 1.27.0 in /src/agent (#2975) 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.25.0 to 1.27.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.25.0...tokio-1.27.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-05 22:11:06 +00:00
dependabot[bot]
2b1f400e71
Bump crossterm from 0.25.0 to 0.26.1 in /src/agent (#2888) 
Bumps [crossterm](https://github.com/crossterm-rs/crossterm) from 0.25.0 to 0.26.1.
- [Release notes](https://github.com/crossterm-rs/crossterm/releases)
- [Changelog](https://github.com/crossterm-rs/crossterm/blob/master/CHANGELOG.md)
- [Commits](https://github.com/crossterm-rs/crossterm/compare/0.25...0.26.1)

---
updated-dependencies:
- dependency-name: crossterm
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-05 21:47:57 +00:00
George Pollard
f047f5d9d6
UniqueReports should be UniqueInputs (#2982) 2023-04-05 21:18:16 +00:00
George Pollard
ad7e5fa85e
Rust problem matchers (#2974) 2023-04-05 20:38:34 +00:00
Teo Voinea
363cae0f33
Make GetNotification nullable (#2981) 2023-04-05 16:06:55 -04:00
Teo Voinea
5519ad0396
Update feature configuration package and use different ids for feature flags (#2980) 2023-04-05 13:14:48 -04:00
dependabot[bot]
f62fe0ca2a
Bump uuid from 0.8.2 to 1.3.0 (#2973) 
* Bump uuid from 0.8.2 to 1.2.1 in /src/proxy-manager

Bumps [uuid](https://github.com/uuid-rs/uuid) from 0.8.2 to 1.2.1.
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/0.8.2...1.2.1)

---
updated-dependencies:
- dependency-name: uuid
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update all to 1.3.0

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Pollard <gpollard@microsoft.com>
 2023-04-05 16:42:19 +12:00
dependabot[bot]
d203f5865b
Bump notify from 5.0.0-pre.14 to 5.1.0 in /src/agent (#2871) 
Bumps [notify](https://github.com/notify-rs/notify) from 5.0.0-pre.14 to 5.1.0.
- [Release notes](https://github.com/notify-rs/notify/releases)
- [Changelog](https://github.com/notify-rs/notify/blob/main/CHANGELOG.md)
- [Commits](https://github.com/notify-rs/notify/compare/5.0.0-pre.14...notify-5.1.0)

---
updated-dependencies:
- dependency-name: notify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-05 02:56:03 +00:00
dependabot[bot]
6725c0f0c0
Bump bytes from 1.2.0 to 1.4.0 in /src/agent (#2815) 
Bumps [bytes](https://github.com/tokio-rs/bytes) from 1.2.0 to 1.4.0.
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/bytes/compare/v1.2.0...v1.4.0)

---
updated-dependencies:
- dependency-name: bytes
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-05 02:33:42 +00:00
dependabot[bot]
47cf9af9b4
Bump tokio from 1.25.0 to 1.27.0 in /src/proxy-manager (#2951) 
* Bump tokio from 1.25.0 to 1.27.0 in /src/proxy-manager

Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.25.0 to 1.27.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.25.0...tokio-1.27.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Allow Unicode-DFS-2016 license

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Pollard <gpollard@microsoft.com>
 2023-04-05 02:21:13 +00:00
dependabot[bot]
bfde38e171
Bump coverlet.collector from 3.1.2 to 3.2.0 in /src/ApiService (#2971) 
* Bump coverlet.collector from 3.1.2 to 3.2.0 in /src/ApiService

Bumps [coverlet.collector](https://github.com/coverlet-coverage/coverlet) from 3.1.2 to 3.2.0.
- [Release notes](https://github.com/coverlet-coverage/coverlet/releases)
- [Commits](https://github.com/coverlet-coverage/coverlet/commits/v3.2.0)

---
updated-dependencies:
- dependency-name: coverlet.collector
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* dotnet restore

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Pollard <gpollard@microsoft.com>
 2023-04-05 02:05:44 +00:00
dependabot[bot]
469724101e
Bump FluentAssertions from 6.7.0 to 6.10.0 in /src/ApiService (#2968) 
* Bump FluentAssertions from 6.7.0 to 6.10.0 in /src/ApiService

Bumps [FluentAssertions](https://github.com/fluentassertions/fluentassertions) from 6.7.0 to 6.10.0.
- [Release notes](https://github.com/fluentassertions/fluentassertions/releases)
- [Changelog](https://github.com/fluentassertions/fluentassertions/blob/develop/AcceptApiChanges.ps1)
- [Commits](https://github.com/fluentassertions/fluentassertions/compare/6.7.0...6.10.0)

---
updated-dependencies:
- dependency-name: FluentAssertions
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* dotnet restore

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Pollard <gpollard@microsoft.com>
 2023-04-05 01:29:34 +00:00
George Pollard
7ea0901277
Update .NET libraries which have security problems in transitive dependencies (#2967) 
The existing versions of these libraries have dependencies on packages with known vulnerabilities.

Updating the ADO packages fixes the following:

- `Newtonsoft.Json` (High) https://github.com/advisories/GHSA-5crp-9r3c-p9vr
- `System.Data.SqlClient` (Moderate) https://github.com/advisories/GHSA-8g2p-5pqh-5jmc
- `System.Drawing.Common` (Critical) https://github.com/advisories/GHSA-rxg9-xrhp-64gj

Updating the Identity packages fixes the following:

- `System.Security.Cryptography.Xml` (Moderate) https://github.com/advisories/GHSA-2m65-m22p-9wjw

Updating the System.Text.RegularExpressions package fixed:

- `System.Text.RegularExpressions` (High) https://github.com/advisories/GHSA-cmhx-cq75-c4mj

Updating the System.Net.Http package (in test project) fixed:

- `System.Net.Http` (High) https://github.com/advisories/GHSA-7jgj-8wvc-jh57
 2023-04-05 01:05:16 +00:00
George Pollard
96db6d4862
Add dependabot config for .NET (#2966) 2023-04-04 16:01:27 -07:00
Adam
b8f03277e6
Update az cli 2.47 (#2959) 
* update az cli to fix bicep error deploying from ADO

* update AZ CLI deps


---------

Co-authored-by: George Pollard <gpollard@microsoft.com>
 2023-04-04 13:54:44 -07:00
George Pollard
810ccff428
Use minimized stack for crash site (#2962) 2023-04-04 20:37:04 +00:00
Teo Voinea
8bd2d40f6f
Loosen scriban validation (#2963) 
* Add new command

* Update remaining jinja templates and references to use scriban

* Do not enforce that key exists in dictionary when doing strict validation
 2023-04-04 11:09:13 -04:00
George Pollard
34b513eda2
Rename EventGrid subscription (#2960) 2023-04-04 02:41:27 +00:00
Cheick Keita
706c9fc992
Fix and CVE-2023-0286 (#2957) 
- Added tempfile dependency to fix WS-2023-0045
- removed explicit version in example to fix WS-2023-0045
 2023-04-03 13:50:25 -07:00
George Pollard
8cbf66ebfa
Ensure custom target_options are always passed last to the fuzzer (#2952) 
Fixes #2941. 

It is possible for users to supply `target_options` which could interfere with the normal arguments that we pass. For example `-ignore_remaining_args=1` might be used when the user has custom options they need to parse in `LLVMFuzzerInitialize`.

To prevent these from interfering with our options, change the LibFuzzer code so that custom arguments are _always_ passed last.

This required two additional arguments to the `build_std_command` function:

- `extra_args` supplies any extra arguments needed by the system, for example, when testing the runnability of a fuzzer we pass `-help=1`. This is needed to be able to insert the argument before any custom args.
- `custom_arg_filter` can be supplied to perform any modifications on the custom arguments if needed. Since LibFuzzer arguments are last-one-wins, if we always pass custom args last, when we want to forcibly override the custom arguments we will need to remove them. Currently this is only used to remove any `-runs=X` arguments that are supplied when we are performing a single-input run.
 2023-04-03 11:27:29 +12:00
Cheick Keita
6933521a1a
Adding validation command to the agent (#2948) 
* WIP: Adding a validation command to the agent

* introducing a ValidationConfig

* refactoring

* adding verification code

* remove unused test

* format

* update dependencies

* adding a command to get the loading logs

* add print logs for linux

* clippy fix

* clippy on windows

* renaming stuff

* bug fix
 2023-03-31 13:23:25 -07:00
Teo Voinea
ac789fabf2
Update ado.md (#2956) 2023-03-31 11:34:09 -07:00
Marc Greisen
1feeb51c13
Release 7.0.0 (#2907) 2023-03-29 14:59:16 -07:00
Cheick Keita
795ece3675
Add option to specify a known crash container (#2950) 
* add option to upload known crash directory

* specify a container instead of a directory

* remove crash upload
 2023-03-28 12:47:38 -07:00
George Pollard
3c3f12a7e4
Make ImageReference strongly-typed and checked up-front (#2369) 
- Turn `ImageReference` into its own type so it is validated early on in request submission time, and we don't end up with malformed IDs, etc.
- Add in support for shared image galleries since that was easy enough to add while I'm doing this.
- Explicitly document which image sources are permitted and how to reference them with resource IDs.

This addresses/closes #1464 for the C# port. Also fixes #2927 which was recently reported.
 2023-03-26 22:20:08 +00:00
dependabot[bot]
6d5161cd14
Bump openssl from 0.10.41 to 0.10.48 in /src/agent (#2946) 
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.41 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.41...openssl-v0.10.48)

---
updated-dependencies:
- dependency-name: openssl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-26 21:53:05 +00:00
dependabot[bot]
6985fcb76a
Bump openssl from 0.10.36 to 0.10.48 in /src/proxy-manager (#2945) 
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.36 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.36...openssl-v0.10.48)

---
updated-dependencies:
- dependency-name: openssl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-27 10:30:05 +13:00
George Pollard
260abca73a
Install v17 redistributables (#2943) 2023-03-24 15:19:39 +13:00
Adam
3adb2fee36
Update integration test pool size (#2935) 
* Upping VMSS count from 10 -> 20 on default tests
 2023-03-23 16:26:46 -07:00
Cheick Keita
2a8dca21c1
Fix WS-2023-0045 (#2931) 
* Fix WS-2023-0045
Upgrade version of tempfile
remove_dir_all was imported by tempfile. The new version removed that dependency

* fix build
 2023-03-23 11:17:08 -07:00
George Pollard
3e0d42006c
Remove xml-rs dependency (#2936) 2023-03-22 13:14:48 +13:00
Cheick Keita
cc08109e39
fix CVE-2023-0286 (#2933) 
* fix CVE-2023-0286
removing dependency oncryptography==3.3.2

* update azure-cli-core and azure-cli to 2.46.0

* fix version handling in the server
 2023-03-21 18:23:07 +00:00
George Pollard
658d2aa01f
Bump to Rust 1.68 (#2934) 2023-03-21 13:04:45 -04:00
Cheick Keita
4956cf5406
fix condition when generating the task config (#2925) 2023-03-17 20:44:30 +00:00
Adam
1f67494334
Deployment fix for --auto_create_cli_app flag bug (#2921) 
* Update .gitignore

* re-add sync-fork.yml

deleted after merge from origin/main

* Update README.md

TEST

* Update README.md

* Update sync-fork.yml

bump ver to 1.8

* updated deploy.py and configuration.py

* cleanup

* formatting

* linter cleanup

* linter cleanup 2

* better logging

* last linter issue

* remove extra app

* Updating getting started docs for config refactor

* Update docs/getting-started.md

Co-authored-by: Noah McGregor Harper <74685766+nharper285@users.noreply.github.com>

* update getting-started.md doc for config refactor

* update getting-started.md doc for config refactor

---------

Co-authored-by: Noah McGregor Harper <74685766+nharper285@users.noreply.github.com>
 2023-03-10 15:26:40 -08:00
Teo Voinea
49543cfa14
Ipc between agent and task (#2912) 
* .

* It doesn't work yet but we're making progress

* Added graceful shutdown and tests

* Small fix

* Fix crate issues

* test fix

* Fix build

* make clippy happy

* The order changed

* Use timeout in kill

* Almost done shutting down ipc

* It should all work now

* Update deny.toml

* Fix warning
 2023-03-10 17:21:18 +00:00
Noah McGregor Harper
a374939225
Fix onefuzz repro bug - Remove managed identity from CustomScriptExtension (#2920) 
* Adding potential repro fix.

* Removing managed identity.

* Remove return statement.

* reverting changes.

* removing logging.

* Reverting changes.

* Adding back trace.

* Removing protected settings.

* Removing managed identited.

* Conditionally setting protected settings.
 2023-03-10 09:11:12 -08:00
Teo Voinea
f00248fb98
Fix notification validation (#2914) 
* Add new command

* Update remaining jinja templates and references to use scriban

* Add missing properties to render context when validating notification config
 2023-03-07 20:30:32 +00:00
Noah McGregor Harper
e5dc7872ce
Add additional filter check for reports and regressions (#2911) 
* Add additional filter check for reports and regressions.

* Change comparator option.
 2023-03-07 10:13:30 -08:00
Teo Voinea
6f66fcb9f8
Revert "Create 2 way IPC connection between agent and task" (#2910) 
* Revert "Create 2 way IPC connection between agent and task (#2886)"

This reverts commit 091c870be6d9813cfceb60d61932f09c35f9bb67.

* Temporarily allow vulnerability since a new one just came out

* Temporarily allow vulnerability

* Update proxy.sh

* Update agent.sh

* Update deny.toml
 2023-03-06 16:09:29 -05:00
Marc Greisen
aad0d817cc
Update to use new Work item time (#2908) 
Moving work items to a different project
 2023-03-06 11:01:58 -08:00
Noah McGregor Harper
15c5812696
Revert YML Param Changes. (#2906) 2023-03-03 14:46:24 -08:00