ExternalVendorCode/onefuzz
1
0
Fork 0
mirror of https://github.com/microsoft/onefuzz.git synced 2025-06-11 01:31:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,837 Commits 88 Branches 111 Tags
Commit Graph

1837 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
George Pollard
ad7e5fa85e
Rust problem matchers (#2974) 2023-04-05 20:38:34 +00:00
Teo Voinea
363cae0f33
Make GetNotification nullable (#2981) 2023-04-05 16:06:55 -04:00
Teo Voinea
5519ad0396
Update feature configuration package and use different ids for feature flags (#2980) 2023-04-05 13:14:48 -04:00
dependabot[bot]
f62fe0ca2a
Bump uuid from 0.8.2 to 1.3.0 (#2973) 
* Bump uuid from 0.8.2 to 1.2.1 in /src/proxy-manager

Bumps [uuid](https://github.com/uuid-rs/uuid) from 0.8.2 to 1.2.1.
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/0.8.2...1.2.1)

---
updated-dependencies:
- dependency-name: uuid
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update all to 1.3.0

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Pollard <gpollard@microsoft.com>
 2023-04-05 16:42:19 +12:00
dependabot[bot]
d203f5865b
Bump notify from 5.0.0-pre.14 to 5.1.0 in /src/agent (#2871) 
Bumps [notify](https://github.com/notify-rs/notify) from 5.0.0-pre.14 to 5.1.0.
- [Release notes](https://github.com/notify-rs/notify/releases)
- [Changelog](https://github.com/notify-rs/notify/blob/main/CHANGELOG.md)
- [Commits](https://github.com/notify-rs/notify/compare/5.0.0-pre.14...notify-5.1.0)

---
updated-dependencies:
- dependency-name: notify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-05 02:56:03 +00:00
dependabot[bot]
6725c0f0c0
Bump bytes from 1.2.0 to 1.4.0 in /src/agent (#2815) 
Bumps [bytes](https://github.com/tokio-rs/bytes) from 1.2.0 to 1.4.0.
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/bytes/compare/v1.2.0...v1.4.0)

---
updated-dependencies:
- dependency-name: bytes
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-05 02:33:42 +00:00
dependabot[bot]
47cf9af9b4
Bump tokio from 1.25.0 to 1.27.0 in /src/proxy-manager (#2951) 
* Bump tokio from 1.25.0 to 1.27.0 in /src/proxy-manager

Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.25.0 to 1.27.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.25.0...tokio-1.27.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Allow Unicode-DFS-2016 license

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Pollard <gpollard@microsoft.com>
 2023-04-05 02:21:13 +00:00
dependabot[bot]
bfde38e171
Bump coverlet.collector from 3.1.2 to 3.2.0 in /src/ApiService (#2971) 
* Bump coverlet.collector from 3.1.2 to 3.2.0 in /src/ApiService

Bumps [coverlet.collector](https://github.com/coverlet-coverage/coverlet) from 3.1.2 to 3.2.0.
- [Release notes](https://github.com/coverlet-coverage/coverlet/releases)
- [Commits](https://github.com/coverlet-coverage/coverlet/commits/v3.2.0)

---
updated-dependencies:
- dependency-name: coverlet.collector
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* dotnet restore

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Pollard <gpollard@microsoft.com>
 2023-04-05 02:05:44 +00:00
dependabot[bot]
469724101e
Bump FluentAssertions from 6.7.0 to 6.10.0 in /src/ApiService (#2968) 
* Bump FluentAssertions from 6.7.0 to 6.10.0 in /src/ApiService

Bumps [FluentAssertions](https://github.com/fluentassertions/fluentassertions) from 6.7.0 to 6.10.0.
- [Release notes](https://github.com/fluentassertions/fluentassertions/releases)
- [Changelog](https://github.com/fluentassertions/fluentassertions/blob/develop/AcceptApiChanges.ps1)
- [Commits](https://github.com/fluentassertions/fluentassertions/compare/6.7.0...6.10.0)

---
updated-dependencies:
- dependency-name: FluentAssertions
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* dotnet restore

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Pollard <gpollard@microsoft.com>
 2023-04-05 01:29:34 +00:00
George Pollard
7ea0901277
Update .NET libraries which have security problems in transitive dependencies (#2967) 
The existing versions of these libraries have dependencies on packages with known vulnerabilities.

Updating the ADO packages fixes the following:

- `Newtonsoft.Json` (High) https://github.com/advisories/GHSA-5crp-9r3c-p9vr
- `System.Data.SqlClient` (Moderate) https://github.com/advisories/GHSA-8g2p-5pqh-5jmc
- `System.Drawing.Common` (Critical) https://github.com/advisories/GHSA-rxg9-xrhp-64gj

Updating the Identity packages fixes the following:

- `System.Security.Cryptography.Xml` (Moderate) https://github.com/advisories/GHSA-2m65-m22p-9wjw

Updating the System.Text.RegularExpressions package fixed:

- `System.Text.RegularExpressions` (High) https://github.com/advisories/GHSA-cmhx-cq75-c4mj

Updating the System.Net.Http package (in test project) fixed:

- `System.Net.Http` (High) https://github.com/advisories/GHSA-7jgj-8wvc-jh57
 2023-04-05 01:05:16 +00:00
George Pollard
96db6d4862
Add dependabot config for .NET (#2966) 2023-04-04 16:01:27 -07:00
Adam
b8f03277e6
Update az cli 2.47 (#2959) 
* update az cli to fix bicep error deploying from ADO

* update AZ CLI deps


---------

Co-authored-by: George Pollard <gpollard@microsoft.com>
 2023-04-04 13:54:44 -07:00
George Pollard
810ccff428
Use minimized stack for crash site (#2962) 2023-04-04 20:37:04 +00:00
Teo Voinea
8bd2d40f6f
Loosen scriban validation (#2963) 
* Add new command

* Update remaining jinja templates and references to use scriban

* Do not enforce that key exists in dictionary when doing strict validation
 2023-04-04 11:09:13 -04:00
George Pollard
34b513eda2
Rename EventGrid subscription (#2960) 2023-04-04 02:41:27 +00:00
Cheick Keita
706c9fc992
Fix and CVE-2023-0286 (#2957) 
- Added tempfile dependency to fix WS-2023-0045
- removed explicit version in example to fix WS-2023-0045
 2023-04-03 13:50:25 -07:00
George Pollard
8cbf66ebfa
Ensure custom target_options are always passed last to the fuzzer (#2952) 
Fixes #2941. 

It is possible for users to supply `target_options` which could interfere with the normal arguments that we pass. For example `-ignore_remaining_args=1` might be used when the user has custom options they need to parse in `LLVMFuzzerInitialize`.

To prevent these from interfering with our options, change the LibFuzzer code so that custom arguments are _always_ passed last.

This required two additional arguments to the `build_std_command` function:

- `extra_args` supplies any extra arguments needed by the system, for example, when testing the runnability of a fuzzer we pass `-help=1`. This is needed to be able to insert the argument before any custom args.
- `custom_arg_filter` can be supplied to perform any modifications on the custom arguments if needed. Since LibFuzzer arguments are last-one-wins, if we always pass custom args last, when we want to forcibly override the custom arguments we will need to remove them. Currently this is only used to remove any `-runs=X` arguments that are supplied when we are performing a single-input run.
 2023-04-03 11:27:29 +12:00
Cheick Keita
6933521a1a
Adding validation command to the agent (#2948) 
* WIP: Adding a validation command to the agent

* introducing a ValidationConfig

* refactoring

* adding verification code

* remove unused test

* format

* update dependencies

* adding a command to get the loading logs

* add print logs for linux

* clippy fix

* clippy on windows

* renaming stuff

* bug fix
 2023-03-31 13:23:25 -07:00
Teo Voinea
ac789fabf2
Update ado.md (#2956) 2023-03-31 11:34:09 -07:00
Marc Greisen
1feeb51c13
Release 7.0.0 (#2907) 2023-03-29 14:59:16 -07:00
Cheick Keita
795ece3675
Add option to specify a known crash container (#2950) 
* add option to upload known crash directory

* specify a container instead of a directory

* remove crash upload
 2023-03-28 12:47:38 -07:00
George Pollard
3c3f12a7e4
Make ImageReference strongly-typed and checked up-front (#2369) 
- Turn `ImageReference` into its own type so it is validated early on in request submission time, and we don't end up with malformed IDs, etc.
- Add in support for shared image galleries since that was easy enough to add while I'm doing this.
- Explicitly document which image sources are permitted and how to reference them with resource IDs.

This addresses/closes #1464 for the C# port. Also fixes #2927 which was recently reported.
 2023-03-26 22:20:08 +00:00
dependabot[bot]
6d5161cd14
Bump openssl from 0.10.41 to 0.10.48 in /src/agent (#2946) 
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.41 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.41...openssl-v0.10.48)

---
updated-dependencies:
- dependency-name: openssl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-26 21:53:05 +00:00
dependabot[bot]
6985fcb76a
Bump openssl from 0.10.36 to 0.10.48 in /src/proxy-manager (#2945) 
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.36 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.36...openssl-v0.10.48)

---
updated-dependencies:
- dependency-name: openssl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-27 10:30:05 +13:00
George Pollard
260abca73a
Install v17 redistributables (#2943) 2023-03-24 15:19:39 +13:00
Adam
3adb2fee36
Update integration test pool size (#2935) 
* Upping VMSS count from 10 -> 20 on default tests
 2023-03-23 16:26:46 -07:00
Cheick Keita
2a8dca21c1
Fix WS-2023-0045 (#2931) 
* Fix WS-2023-0045
Upgrade version of tempfile
remove_dir_all was imported by tempfile. The new version removed that dependency

* fix build
 2023-03-23 11:17:08 -07:00
George Pollard
3e0d42006c
Remove xml-rs dependency (#2936) 2023-03-22 13:14:48 +13:00
Cheick Keita
cc08109e39
fix CVE-2023-0286 (#2933) 
* fix CVE-2023-0286
removing dependency oncryptography==3.3.2

* update azure-cli-core and azure-cli to 2.46.0

* fix version handling in the server
 2023-03-21 18:23:07 +00:00
George Pollard
658d2aa01f
Bump to Rust 1.68 (#2934) 2023-03-21 13:04:45 -04:00
Cheick Keita
4956cf5406
fix condition when generating the task config (#2925) 2023-03-17 20:44:30 +00:00
Adam
1f67494334
Deployment fix for --auto_create_cli_app flag bug (#2921) 
* Update .gitignore

* re-add sync-fork.yml

deleted after merge from origin/main

* Update README.md

TEST

* Update README.md

* Update sync-fork.yml

bump ver to 1.8

* updated deploy.py and configuration.py

* cleanup

* formatting

* linter cleanup

* linter cleanup 2

* better logging

* last linter issue

* remove extra app

* Updating getting started docs for config refactor

* Update docs/getting-started.md

Co-authored-by: Noah McGregor Harper <74685766+nharper285@users.noreply.github.com>

* update getting-started.md doc for config refactor

* update getting-started.md doc for config refactor

---------

Co-authored-by: Noah McGregor Harper <74685766+nharper285@users.noreply.github.com>
 2023-03-10 15:26:40 -08:00
Teo Voinea
49543cfa14
Ipc between agent and task (#2912) 
* .

* It doesn't work yet but we're making progress

* Added graceful shutdown and tests

* Small fix

* Fix crate issues

* test fix

* Fix build

* make clippy happy

* The order changed

* Use timeout in kill

* Almost done shutting down ipc

* It should all work now

* Update deny.toml

* Fix warning
 2023-03-10 17:21:18 +00:00
Noah McGregor Harper
a374939225
Fix onefuzz repro bug - Remove managed identity from CustomScriptExtension (#2920) 
* Adding potential repro fix.

* Removing managed identity.

* Remove return statement.

* reverting changes.

* removing logging.

* Reverting changes.

* Adding back trace.

* Removing protected settings.

* Removing managed identited.

* Conditionally setting protected settings.
 2023-03-10 09:11:12 -08:00
Teo Voinea
f00248fb98
Fix notification validation (#2914) 
* Add new command

* Update remaining jinja templates and references to use scriban

* Add missing properties to render context when validating notification config
 2023-03-07 20:30:32 +00:00
Noah McGregor Harper
e5dc7872ce
Add additional filter check for reports and regressions (#2911) 
* Add additional filter check for reports and regressions.

* Change comparator option.
 2023-03-07 10:13:30 -08:00
Teo Voinea
6f66fcb9f8
Revert "Create 2 way IPC connection between agent and task" (#2910) 
* Revert "Create 2 way IPC connection between agent and task (#2886)"

This reverts commit 091c870be6d9813cfceb60d61932f09c35f9bb67.

* Temporarily allow vulnerability since a new one just came out

* Temporarily allow vulnerability

* Update proxy.sh

* Update agent.sh

* Update deny.toml
 2023-03-06 16:09:29 -05:00
Marc Greisen
aad0d817cc
Update to use new Work item time (#2908) 
Moving work items to a different project
 2023-03-06 11:01:58 -08:00
Noah McGregor Harper
15c5812696
Revert YML Param Changes. (#2906) 2023-03-03 14:46:24 -08:00
Noah McGregor Harper
5bfcc4e242
Port 'missing field' error fix to C# (#2905) 
* Port  Fix to C#.

* Remove extra space.

* Adding correct condition.

---------

Co-authored-by: Marc Greisen <mgreisen@microsoft.com>
 2023-03-03 13:36:48 -08:00
Teo Voinea
091c870be6
Create 2 way IPC connection between agent and task (#2886) 
* .

* It doesn't work yet but we're making progress

* Added graceful shutdown and tests

* Small fix

* Fix crate issues

* test fix

* Fix build

* make clippy happy

* The order changed

* Use timeout in kill
 2023-03-03 14:08:34 -05:00
Noah McGregor Harper
8a7a0b0138
[Bug Fix] Create Wrapper Function To Handle GUID Table Properties (#2898) 
* Investigating Proxy Issues.

* Creating and using wrapper function that converts GUIDs to strings.

* Remove log statements.

* Removing logging statements.

* Formatting imports.

* Removing more logging.

* Adding unit test for filter.

* Remove comment.
 2023-03-02 12:57:55 -08:00
Noah McGregor Harper
e653f9b73e
Resolving Variable Reference Error (#2903) 2023-03-02 12:44:49 -08:00
Joe Ranweiler
f12319b359
Document coverage crate and tool (#2904) 2023-03-02 11:50:13 -08:00
Cheick Keita
71c82235c6
Update the error truncating logic to retrieve the last messages (#2896) 
* Update the error truncating logic to retrieve the last messages instead of the for first ones

* format
 2023-03-02 08:57:37 -08:00
Adam
503fc7cd9e
Update c# functional testing InfoResponse (#2894) 
* Updating func test info 'properties' key to 'versions'
 2023-03-01 10:22:55 -08:00
Noah McGregor Harper
ca7e07f027
Reverting client_id Name Change (#2889) 2023-02-27 16:01:57 -08:00
Cheick Keita
3d299ce51e
fix extra container intilization (#2887) 
* fix extra container intilization

* fix extra url download

* fix extra dir parameter to the agent

* rename extra to extra_dir
 2023-02-27 13:57:32 -08:00
George Pollard
a7eab4d973
Update SharpFuzz to a version supporting .net7.0, change .NET installation method (#2878) 
* Update SharpFuzz to a version supporting .net7.0

* Two-digit version numbers are Channels, not Versions
 2023-02-23 21:25:16 +00:00
Cheick Keita
b84896802c
Adding extra container to tasks (#2847) 
* adding extra container to tasks

* setup expand

* build fix

* generate docs

* build fix

* build fix

* build fix

* format

* format

* build fix

* fix extra container references

* format

* Update "Needs Triage" label to the one we use. (#2845)

* Report extension errors (#2846)

Old failure message:
```
failed to launch extension
```

New failure message:

```
failed to launch extension(s): Errors for extension 'CustomScriptExtension':
:Error: ProvisioningState/failed/3 (Provisioning failed) - Failed to download all specified files. Exiting. Error Message: The remote server returned an error: (400) Bad Request.
```

* Sematically validate notification configs (#2850)

* Add new command

* Update remaining jinja templates and references to use scriban

* Add ado template validation

* Validate ado and github templates

* Remove unnecessary function

* Update src/ApiService/ApiService/OneFuzzTypes/Model.cs

Co-authored-by: Cheick Keita <kcheick@gmail.com>

---------

Co-authored-by: Cheick Keita <kcheick@gmail.com>

* adding extra container to integration tests

* adding doc

* update tests

* format

* build and clippy fix

* Update src/agent/onefuzz-task/src/tasks/report/generic.rs

Co-authored-by: Teo Voinea <58236992+tevoinea@users.noreply.github.com>

---------

Co-authored-by: Marc Greisen <mgreisen@microsoft.com>
Co-authored-by: George Pollard <gpollard@microsoft.com>
Co-authored-by: Teo Voinea <58236992+tevoinea@users.noreply.github.com>
 2023-02-23 19:08:01 +00:00