feat: add cifuzz example projects

Author: mlsandnerCI

Diff for: example-projects/advanced-setup/bazel/.bazelrc

@@ -0,0 +1,24 @@
+# Force the use of Clang for all builds.
+build --repo_env=CC=clang
+build --repo_env=CXX=clang++
+
+build --cxxopt=-std=c++14
+
+# Replay cifuzz findings (C/C++ only)
+build:cifuzz-replay --@rules_fuzzing//fuzzing:cc_engine_sanitizer=asan-ubsan
+build:cifuzz-replay --compilation_mode=opt
+build:cifuzz-replay --copt=-g
+build:cifuzz-replay --copt=-U_FORTIFY_SOURCE
+build:cifuzz-replay --test_env=UBSAN_OPTIONS=halt_on_error=1
+
+# Coverage with Replay (C/C++ only)
+coverage --@rules_fuzzing//fuzzing:cc_engine=@rules_fuzzing//fuzzing/engines:replay
+coverage --@rules_fuzzing//fuzzing:cc_engine_instrumentation=none
+coverage --@rules_fuzzing//fuzzing:cc_engine_sanitizer=none
+coverage --instrument_test_targets
+coverage --repo_env=BAZEL_USE_LLVM_NATIVE_COVERAGE=1
+coverage --repo_env=GCOV=llvm-profdata
+coverage --repo_env=BAZEL_LLVM_COV=llvm-cov
+coverage --combined_report=lcov
+coverage --experimental_use_llvm_covmap
+coverage --experimental_generate_llvm_lcov

Diff for: example-projects/advanced-setup/bazel/.gitignore

@@ -0,0 +1,6 @@
+/bazel-*
+*_inputs
+.*_cifuzz_corpus/
+/.cifuzz-*/
+/.ijwb/
+/.clwb/

Diff for: example-projects/advanced-setup/bazel/README.md

@@ -0,0 +1,89 @@
+## Project Description
+
+This is an extended example Bazel project with multiple packages and
+two fuzztests `main/tests:explore_me_fuzz_test` and `fuzztests:test_me_fuzz_test`.
+
+The `explore_me_fuzz_test` is defined in the same package as the source
+code and `test_me_fuzz_test` is located in a separated package.
+
+## Run
+
+### Heap Buffer Overflow and Undefined Behaviour
+
+```
+cifuzz run main/tests:explore_me_fuzz_test
+```
+
+### Heap Use After Free
+
+```
+cifuzz run fuzztests:test_me_fuzz_test
+```
+
+## Bundle
+
+### explore_me_fuzz_test
+
+```
+cifuzz bundle main/tests:explore_me_fuzz_test
+```
+
+Should include one fuzz test with two targets to cover fuzzing and coverage builds.
+
+```
+...
+target: main/tests/explore_me_fuzz_test
+path: libfuzzer/address+undefined/main/tests/explore_me_fuzz_test/bin/explore_me_fuzz_test
+...
+target: main/tests/explore_me_fuzz_test
+path: replayer/coverage/main/tests/explore_me_fuzz_test/bin/explore_me_fuzz_test
+```
+
+### test_me_fuzz_test
+
+```
+cifuzz bundle
+```
+
+Should include one fuzz test with two targets to cover fuzzing and coverage builds.
+
+```
+...
+target: fuzztests/test_me_fuzz_test
+path: libfuzzer/address+undefined/fuzztests/test_me_fuzz_test/bin/test_me_fuzz_test
+...
+target: fuzztests/test_me_fuzz_test
+path: replayer/coverage/fuzztests/test_me_fuzz_test/bin/test_me_fuzz_test
+...
+```
+
+## Coverage
+
+### explore_me_fuzz_test
+
+```
+cifuzz coverage main/tests:explore_me_fuzz_test
+```
+
+```
+                               File | Functions Hit/Found |  Lines Hit/Found | Branches Hit/Found
+            main/src/explore_me.cpp |      1 / 1 (100.0%) | 15 / 15 (100.0%) |     8 / 8 (100.0%)
+main/tests/explore_me_fuzz_test.cpp |      2 / 2 (100.0%) |   8 / 8 (100.0%) |     0 / 0 (100.0%)
+                                    |                     |                  |
+                                    | Functions Hit/Found |  Lines Hit/Found | Branches Hit/Found
+                              Total |               3 / 3 |          23 / 23 |              8 / 8
+```
+
+### test_me_fuzz_test
+
+```
+cifuzz coverage fuzztests:test_me_fuzz_test
+```
+
+```
+                           File | Functions Hit/Found | Lines Hit/Found | Branches Hit/Found
+fuzztests/test_me_fuzz_test.cpp |      2 / 2 (100.0%) |  6 / 6 (100.0%) |     0 / 0 (100.0%)
+                                |                     |                 |
+                                | Functions Hit/Found | Lines Hit/Found | Branches Hit/Found
+                          Total |               2 / 2 |           6 / 6 |              0 / 0
+```

Diff for: example-projects/advanced-setup/bazel/WORKSPACE

@@ -0,0 +1,27 @@
+load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository")
+load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
+
+http_archive(
+    name = "rules_fuzzing",
+    sha256 = "ff52ef4845ab00e95d29c02a9e32e9eff4e0a4c9c8a6bcf8407a2f19eb3f9190",
+    strip_prefix = "rules_fuzzing-0.4.1",
+    urls = ["https://github.com/bazelbuild/rules_fuzzing/releases/download/v0.4.1/rules_fuzzing-0.4.1.zip"],
+)
+
+load("@rules_fuzzing//fuzzing:repositories.bzl", "rules_fuzzing_dependencies")
+
+rules_fuzzing_dependencies()
+
+load("@rules_fuzzing//fuzzing:init.bzl", "rules_fuzzing_init")
+
+rules_fuzzing_init()
+
+load("@fuzzing_py_deps//:requirements.bzl", "install_deps")
+
+install_deps()
+
+git_repository(
+    name = "cifuzz",
+    commit = "b013aa0f90fe8ac60adfc6d9640a9cfa451dda9e",
+    remote = "https://github.com/CodeIntelligenceTesting/cifuzz-bazel",
+)

Diff for: example-projects/advanced-setup/bazel/cifuzz.yaml

@@ -0,0 +1,41 @@
+## Configuration for a CI Fuzz project
+## Generated on 2023-04-04
+
+## The build system used to build this project. If not set, cifuzz tries
+## to detect the build system automatically.
+## Valid values: "bazel", "cmake", "maven", "gradle", "other".
+#build-system: cmake
+
+## If the build system type is "other", this command is used by
+## `cifuzz run` to build the fuzz tests.
+#build-command: "make my_fuzz_test"
+
+## Directories containing sample inputs for the code under tests.
+## See https://llvm.org/docs/LibFuzzer.html#corpus
+#seed-corpus-dirs:
+# - path/to/seed-corpus
+
+## A file containing input language keywords or other interesting byte
+## sequences.
+## See https://llvm.org/docs/LibFuzzer.html#dictionaries
+#dict: path/to/dictionary.dct
+
+## Command-line arguments to pass to libFuzzer.
+## See https://llvm.org/docs/LibFuzzer.html#options
+#engine-args:
+# - -rss_limit_mb=4096
+
+## Maximum time to run fuzz tests. The default is to run indefinitely.
+#timeout: 30m
+
+## Set to true to print output of the `cifuzz run` command as JSON.
+#print-json: true
+
+## Set to true to disable desktop notifications
+#no-notifications: true
+
+## Set URL of CI Sense
+#server: https://app.code-intelligence.com
+
+## Set the project name on CI Sense
+#project: my-project-1a2b3c4d

Diff for: example-projects/advanced-setup/bazel/fuzztests/BUILD.bazel

@@ -0,0 +1,19 @@
+load("@rules_fuzzing//fuzzing:cc_defs.bzl", "cc_fuzz_test")
+
+cc_fuzz_test(
+    name = "test_me_fuzz_test",
+    srcs = [
+        "test_me_fuzz_test.cpp",
+    ],
+    corpus = glob(
+        ["test_me_fuzz_test_inputs/**"],
+        allow_empty = True,
+    ) + select({
+        "@cifuzz//:collect_coverage": glob([".test_me_fuzz_test_cifuzz_corpus/**"], allow_empty = True),
+        "//conditions:default": [],
+    }),
+    deps = [
+        "//lib/src:test_me",
+        "@cifuzz",
+    ],
+)

Diff for: example-projects/advanced-setup/bazel/fuzztests/test_me_fuzz_test.cpp

@@ -0,0 +1,11 @@
+#include "lib/src/test_me.h"
+#include <cifuzz/cifuzz.h>
+#include <fuzzer/FuzzedDataProvider.h>
+
+FUZZ_TEST_SETUP() {}
+
+FUZZ_TEST(const uint8_t *data, size_t size) {
+    FuzzedDataProvider fuzzed_data(data, size);
+    std::string c = fuzzed_data.ConsumeRandomLengthString();
+    testMe(c);
+}

Diff for: example-projects/advanced-setup/bazel/lib/src/BUILD.bazel

@@ -0,0 +1,7 @@
+cc_library(
+    name = "test_me",
+    srcs = ["test_me.cpp"],
+    hdrs = ["test_me.h"],
+    visibility = ["//visibility:public"],
+)
+

Diff for: example-projects/advanced-setup/bazel/lib/src/test_me.cpp

@@ -0,0 +1,14 @@
+#include "lib/src/test_me.h"
+#include <string>
+
+using namespace std;
+
+void testMe(string s) {
+    if (s == "FUZZING") {
+        char *c = (char *) malloc(1);
+        free(c);
+        ::printf("%s", c);
+    } else {
+        printf("%s", s.c_str());
+    }
+}

Diff for: example-projects/advanced-setup/bazel/lib/src/test_me.h

@@ -0,0 +1,4 @@
+#include <string>
+using namespace std;
+
+void testMe(string s);

Diff for: example-projects/advanced-setup/bazel/main/src/BUILD.bazel

@@ -0,0 +1,18 @@
+load("@rules_cc//cc:defs.bzl", "cc_binary")
+
+cc_library(
+    name = "explore_me",
+    srcs = ["explore_me.cpp"],
+    hdrs = ["explore_me.h"],
+    visibility = ["//visibility:public"],
+)
+
+cc_binary(
+    name = "main",
+    srcs = ["main.cpp"],
+    deps = [
+        "explore_me",
+        "//lib/src:test_me",
+        ],
+)
+

Diff for: example-projects/advanced-setup/bazel/main/src/explore_me.cpp

@@ -0,0 +1,24 @@
+#include "explore_me.h"
+#include <cstdio>
+#include <cstring>
+using namespace std;
+
+// just a function with multiple paths that can be discoverd by a fuzzer
+void exploreMe(int a, int b, string c) {
+  if (a >= 20000) {
+    if (b >= 2000000) {
+      if (b - a < 100000) {
+        // Trigger the undefined behavior sanitizer
+        int n = 23;
+        n <<= 32;
+
+        if (c == "FUZZING") {
+          // Trigger a heap buffer overflow
+          char *s = (char *)malloc(1);
+          strcpy(s, "too long");
+          printf("%s\n", s);
+        }
+      }
+    }
+  }
+}

Diff for: example-projects/advanced-setup/bazel/main/src/explore_me.h

@@ -0,0 +1,4 @@
+#include <string>
+using namespace std;
+
+void exploreMe(int a, int b, string c);

Diff for: example-projects/advanced-setup/bazel/main/src/main.cpp

@@ -0,0 +1,7 @@
+#include "explore_me.h"
+#include "lib/src/test_me.h"
+
+int main() {
+   exploreMe(1, 1, "A");
+   testMe("hello");
+}

Diff for: example-projects/advanced-setup/bazel/main/tests/BUILD.bazel

@@ -0,0 +1,19 @@
+load("@rules_fuzzing//fuzzing:cc_defs.bzl", "cc_fuzz_test")
+
+cc_fuzz_test(
+    name = "explore_me_fuzz_test",
+    srcs = [
+        "explore_me_fuzz_test.cpp",
+    ],
+    corpus = glob(
+        ["explore_me_fuzz_test_inputs/**"],
+        allow_empty = True,
+    ) + select({
+        "@cifuzz//:collect_coverage": glob([".explore_me_fuzz_test_cifuzz_corpus/**"], allow_empty = True),
+        "//conditions:default": [],
+    }),
+    deps = [
+        "//main/src:explore_me",
+        "@cifuzz",
+    ],
+)

Diff for: example-projects/advanced-setup/bazel/main/tests/explore_me_fuzz_test.cpp

@@ -0,0 +1,14 @@
+#include "../src/explore_me.h"
+#include <cifuzz/cifuzz.h>
+#include <fuzzer/FuzzedDataProvider.h>
+
+FUZZ_TEST_SETUP() {}
+
+FUZZ_TEST(const uint8_t *data, size_t size) {
+  FuzzedDataProvider fuzzed_data(data, size);
+  int a = fuzzed_data.ConsumeIntegral<int>();
+  int b = fuzzed_data.ConsumeIntegral<int>();
+  std::string c = fuzzed_data.ConsumeRandomLengthString();
+
+  exploreMe(a, b, c);
+}

Diff for: example-projects/advanced-setup/cmake/.gitignore

@@ -0,0 +1,5 @@
+build/
+.cifuzz-*/
+*_inputs
+crash-*
+gotest.log

Diff for: example-projects/advanced-setup/cmake/CMakeLists.txt

@@ -0,0 +1,19 @@
+cmake_minimum_required(VERSION 3.16)
+project(cmake_example)
+
+set(CMAKE_CXX_STANDARD 11)
+set(CMAKE_CXX_STANDARD_REQUIRED ON)
+
+enable_testing()
+
+find_package(cifuzz NO_SYSTEM_ENVIRONMENT_PATH)
+enable_fuzz_testing()
+
+add_subdirectory(main)
+add_subdirectory(lib)
+
+add_fuzz_test(test_me_fuzztest fuzztests/test_me_fuzztest.cpp)
+target_link_libraries(test_me_fuzztest PRIVATE testMe)
+
+
+