ExternalVendorCode/onefuzz
1
0
Fork 0
mirror of https://github.com/microsoft/onefuzz.git synced 2025-06-10 17:21:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
406 Commits 88 Branches 111 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Joe Ranweiler 419ca05b28
Actively tail worker stdio from supervisor agent (#588) 
In the supervisor agent, incrementally read from the running worker agent's redirected stderr and stdout, instead of waiting until it exits.

The worker agent's stderr and stdout are piped to the supervisor when tasks are run. The supervisor's `WorkerRunner` does _not_ use `wait_with_output()`, which handles this (at the cost of blocking). Instead, it makes repeated calls to to `try_wait()` on timer-based state transitions, and does not try to read the pipes until the worker exits. But when one of the child's pipes is full, the child can block forever waiting on a `write(2)`, such as in a `log` facade implementation.

This bug has not been caught because we control the child worker agent, and until recently, it mostly only wrote to these streams using `env_logger` at its default log level. But recent work: (1) set more-verbose `INFO` level default logging, (2) logged stderr/stdout lines of child processes of _the worker_, and (3) some user targets logged very verbosely for debugging. This surfaced the underlying issue.
2021-02-26 20:09:02 +00:00
.github
libfuzzer-dotnet integration (#535)
2021-02-11 17:30:24 -05:00
contrib/deploy-onefuzz-via-azure-devops
standardize on unix file endings (#516)
2021-02-06 14:14:26 +00:00
docs
Renames application insights keys to be more clear (#587)
2021-02-26 17:04:49 +00:00
src
Actively tail worker stdio from supervisor agent (#588)
2021-02-26 20:09:02 +00:00
.gitignore
Use absolute path for command replacements (#22)
2020-09-22 15:56:30 -04:00
CHANGELOG.md
release 2.6.0 (#584)
2021-02-22 12:25:12 -05:00
CODE_OF_CONDUCT.md
Initial CODE_OF_CONDUCT.md commit
2020-07-27 15:23:42 -07:00
CONTRIBUTING.md
Update to contributing guide (#119)
2020-10-08 15:04:55 -04:00
CURRENT_VERSION
release 2.6.0 (#584)
2021-02-22 12:25:12 -05:00
LICENSE
Initial LICENSE commit
2020-07-27 15:23:43 -07:00
README.md
Update README.md (#4)
2020-09-18 14:55:44 -04:00
SECURITY.md
Initial SECURITY.md commit
2020-07-27 15:23:46 -07:00

README.md

OneFuzz

A self-hosted Fuzzing-As-A-Service platform

Project OneFuzz enables continuous developer-driven fuzzing to proactively harden software prior to release. With a single command, which can be baked into CICD, developers can launch fuzz jobs from a few virtual machines to thousands of cores.

Build Status

Build Onefuzz

Features

  • Composable fuzzing workflows: Open source allows users to onboard their own fuzzers, swap instrumentation, and manage seed inputs.
  • Built-in ensemble fuzzing: By default, fuzzers work as a team to share strengths, swapping inputs of interest between fuzzing technologies.
  • Programmatic triage and result de-duplication: It provides unique flaw cases that always reproduce.
  • On-demand live-debugging of found crashes: It lets you summon a live debugging session on-demand or from your build system.
  • Observable and Debug-able: Transparent design allows introspection into every stage.
  • Fuzz on Windows and Linux: Multi-platform by design. Fuzz using your own OS build, kernel, or nested hypervisor.
  • Crash reporting notification callbacks: Including Azure DevOps Work Items and Microsoft Teams messages

For information, check out some of our guides:

Are you a Microsoft employee interested in fuzzing? Join us on Teams at Fuzzing @ Microsoft.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repositories using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Data Collection

The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft's privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkID=824704. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.

For more information:

Reporting Security Issues

Security issues and bugs should be reported privately, via email, to the Microsoft Security Response Center (MSRC) at secure@microsoft.com. You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Further information, including the MSRC PGP key, can be found in the Security TechCenter.

Description
A self-hosted Fuzzing-As-A-Service platform
Readme MIT 46 MiB
Languages
C# 39.9%
Rust 38.9%
Python 18.1%
Shell 1%
Bicep 0.9%
Other 1.2%