Skip to content

Commit

Permalink
⚠️ Remove OneFuzz from fuzzing checks (ossf#3666)
Browse files Browse the repository at this point in the history
This is removed because OneFuzz has been archived https://github.com/microsoft/onefuzz

Signed-off-by: David Korczynski <[email protected]>
  • Loading branch information
DavidKorczynski authored Nov 13, 2023
1 parent 934f170 commit 87c2d3c
Show file tree
Hide file tree
Showing 12 changed files with 5 additions and 333 deletions.
2 changes: 0 additions & 2 deletions checks/evaluation/fuzzing.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ import (
"github.com/ossf/scorecard/v4/probes/fuzzedWithGoNative"
"github.com/ossf/scorecard/v4/probes/fuzzedWithJavaJazzerFuzzer"
"github.com/ossf/scorecard/v4/probes/fuzzedWithOSSFuzz"
"github.com/ossf/scorecard/v4/probes/fuzzedWithOneFuzz"
"github.com/ossf/scorecard/v4/probes/fuzzedWithPropertyBasedHaskell"
"github.com/ossf/scorecard/v4/probes/fuzzedWithPropertyBasedJavascript"
"github.com/ossf/scorecard/v4/probes/fuzzedWithPropertyBasedTypescript"
Expand All @@ -47,7 +46,6 @@ func Fuzzing(name string,
fuzzedWithRustCargofuzz.Probe,
fuzzedWithSwiftLibFuzzer.Probe,
fuzzedWithJavaJazzerFuzzer.Probe,
fuzzedWithOneFuzz.Probe,
fuzzedWithOSSFuzz.Probe,
fuzzedWithPropertyBasedHaskell.Probe,
fuzzedWithPropertyBasedJavascript.Probe,
Expand Down
18 changes: 1 addition & 17 deletions checks/evaluation/fuzzing_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,10 +64,6 @@ func TestFuzzing(t *testing.T) {
Probe: "fuzzedWithJavaJazzerFuzzer",
Outcome: finding.OutcomeNegative,
},
{
Probe: "fuzzedWithOneFuzz",
Outcome: finding.OutcomeNegative,
},
{
Probe: "fuzzedWithOSSFuzz",
Outcome: finding.OutcomeNegative,
Expand All @@ -87,7 +83,7 @@ func TestFuzzing(t *testing.T) {
},
result: scut.TestReturn{
Score: checker.MinResultScore,
NumberOfWarn: 13,
NumberOfWarn: 12,
},
},
{
Expand Down Expand Up @@ -125,10 +121,6 @@ func TestFuzzing(t *testing.T) {
Probe: "fuzzedWithJavaJazzerFuzzer",
Outcome: finding.OutcomeNegative,
},
{
Probe: "fuzzedWithOneFuzz",
Outcome: finding.OutcomeNegative,
},
{
Probe: "fuzzedWithOSSFuzz",
Outcome: finding.OutcomeNegative,
Expand Down Expand Up @@ -159,10 +151,6 @@ func TestFuzzing(t *testing.T) {
Probe: "fuzzedWithClusterFuzzLite",
Outcome: finding.OutcomeNegative,
},
{
Probe: "fuzzedWithOneFuzz",
Outcome: finding.OutcomeNegative,
},
{
Probe: "fuzzedWithOSSFuzz",
Outcome: finding.OutcomeNegative,
Expand Down Expand Up @@ -196,10 +184,6 @@ func TestFuzzing(t *testing.T) {
Probe: "fuzzedWithGoNative",
Outcome: finding.OutcomePositive,
},
{
Probe: "fuzzedWithOneFuzz",
Outcome: finding.OutcomeNegative,
},
{
Probe: "fuzzedWithOSSFuzz",
Outcome: finding.OutcomeNegative,
Expand Down
6 changes: 3 additions & 3 deletions checks/fuzzing_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ func TestFuzzing(t *testing.T) {
wantErr: false,
expected: scut.TestReturn{
Error: nil,
NumberOfWarn: 13,
NumberOfWarn: 12,
NumberOfDebug: 0,
NumberOfInfo: 0,
Score: 0,
Expand Down Expand Up @@ -110,7 +110,7 @@ func TestFuzzing(t *testing.T) {
wantFuzzErr: false,
expected: scut.TestReturn{
Error: nil,
NumberOfWarn: 13,
NumberOfWarn: 12,
NumberOfDebug: 0,
NumberOfInfo: 0,
Score: 0,
Expand All @@ -121,7 +121,7 @@ func TestFuzzing(t *testing.T) {
wantFuzzErr: true,
expected: scut.TestReturn{
Error: nil,
NumberOfWarn: 13,
NumberOfWarn: 12,
NumberOfDebug: 0,
NumberOfInfo: 0,
Score: 0,
Expand Down
32 changes: 0 additions & 32 deletions checks/raw/fuzzing.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@ import (
const (
fuzzerOSSFuzz = "OSSFuzz"
fuzzerClusterFuzzLite = "ClusterFuzzLite"
oneFuzz = "OneFuzz"
fuzzerBuiltInGo = "GoBuiltInFuzzer"
fuzzerPropertyBasedHaskell = "HaskellPropertyBasedTesting"
fuzzerPropertyBasedJavaScript = "JavaScriptPropertyBasedTesting"
Expand Down Expand Up @@ -181,21 +180,6 @@ func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) {
)
}

usingOneFuzz, e := checkOneFuzz(c)
if e != nil {
return checker.FuzzingData{}, fmt.Errorf("%w", e)
}
if usingOneFuzz {
fuzzers = append(fuzzers,
checker.Tool{
Name: oneFuzz,
URL: asPointer("https://github.com/microsoft/onefuzz"),
Desc: asPointer("Enables continuous developer-driven fuzzing to proactively harden software prior to release."),
// TODO: File.
},
)
}

usingOSSFuzz, e := checkOSSFuzz(c)
if e != nil {
return checker.FuzzingData{}, fmt.Errorf("%w", e)
Expand Down Expand Up @@ -251,22 +235,6 @@ func checkCFLite(c *checker.CheckRequest) (bool, error) {
return result, nil
}

func checkOneFuzz(c *checker.CheckRequest) (bool, error) {
result := false
e := fileparser.OnMatchingFileContentDo(c.RepoClient, fileparser.PathMatcher{
Pattern: "^\\.onefuzz$",
CaseSensitive: true,
}, func(path string, content []byte, args ...interface{}) (bool, error) {
result = true
return false, nil
}, nil)
if e != nil {
return result, fmt.Errorf("%w", e)
}

return result, nil
}

func checkOSSFuzz(c *checker.CheckRequest) (bool, error) {
if c.OssFuzzRepo == nil {
return false, nil
Expand Down
59 changes: 0 additions & 59 deletions checks/raw/fuzzing_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -103,65 +103,6 @@ func Test_checkOSSFuzz(t *testing.T) {
}
}

// Test_checkOneFuzz is a test function for checkOneFuzz.
func Test_checkOneFuzz(t *testing.T) {
t.Parallel()
//nolint
tests := []struct {
name string
want bool
wantErr bool
fileName []string
}{
{
name: "Test_checkOneFuzz success",
want: true,
wantErr: false,
fileName: []string{".onefuzz"},
},
{
name: "Test_checkOneFuzz not found",
want: false,
wantErr: false,
fileName: []string{},
},
{
name: "Test_checkOneFuzz failure",
want: false,
wantErr: true,
fileName: []string{".onefuzz"},
},
}
for _, tt := range tests {
tt := tt
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
ctrl := gomock.NewController(t)
defer ctrl.Finish()
mockFuzz := mockrepo.NewMockRepoClient(ctrl)
mockFuzz.EXPECT().ListFiles(gomock.Any()).Return(tt.fileName, nil).AnyTimes()
mockFuzz.EXPECT().GetFileContent(gomock.Any()).DoAndReturn(func(f string) (string, error) {
if tt.wantErr {
//nolint
return "", errors.New("error")
}
return "", nil
}).AnyTimes()
req := checker.CheckRequest{
RepoClient: mockFuzz,
}
got, err := checkOneFuzz(&req)
if (err != nil) != tt.wantErr {
t.Errorf("checkOneFuzz() error = %v, wantErr %v", err, tt.wantErr)
return
}
if got != tt.want {
t.Errorf("checkOneFuzz() = %v, want %v for test %v", got, tt.want, tt.name)
}
})
}
}

// Test_checkCFLite is a test function for checkCFLite.
func Test_checkCFLite(t *testing.T) {
t.Parallel()
Expand Down
1 change: 0 additions & 1 deletion docs/checks.md
Original file line number Diff line number Diff line change
Expand Up @@ -342,7 +342,6 @@ This check tries to determine if the project uses
- currently only supports [Go fuzzing](https://go.dev/doc/fuzz/),
- a limited set of property-based testing libraries for Haskell including [QuickCheck](https://hackage.haskell.org/package/QuickCheck), [Hedgehog](https://hedgehog.qa/), [validity](https://hackage.haskell.org/package/validity) or [SmallCheck](https://hackage.haskell.org/package/smallcheck),
- a limited set of property-based testing libraries for JavaScript and TypeScript including [fast-check](https://fast-check.dev/).
4. if it contains a [OneFuzz](https://github.com/microsoft/onefuzz) integration [detection file](https://github.com/microsoft/onefuzz/blob/main/docs/getting-started.md#detecting-the-use-of-onefuzz);

Fuzzing, or fuzz testing, is the practice of feeding unexpected or random data
into a program to expose bugs. Regular fuzzing is important to detect
Expand Down
1 change: 0 additions & 1 deletion docs/checks/internal/checks.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -402,7 +402,6 @@ checks:
- currently only supports [Go fuzzing](https://go.dev/doc/fuzz/),
- a limited set of property-based testing libraries for Haskell including [QuickCheck](https://hackage.haskell.org/package/QuickCheck), [Hedgehog](https://hedgehog.qa/), [validity](https://hackage.haskell.org/package/validity) or [SmallCheck](https://hackage.haskell.org/package/smallcheck),
- a limited set of property-based testing libraries for JavaScript and TypeScript including [fast-check](https://fast-check.dev/).
4. if it contains a [OneFuzz](https://github.com/microsoft/onefuzz) integration [detection file](https://github.com/microsoft/onefuzz/blob/main/docs/getting-started.md#detecting-the-use-of-onefuzz);
Fuzzing, or fuzz testing, is the practice of feeding unexpected or random data
into a program to expose bugs. Regular fuzzing is important to detect
Expand Down
2 changes: 1 addition & 1 deletion e2e/fuzzing_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,7 @@ var _ = Describe("E2E TEST:"+checks.CheckFuzzing, func() {
expected := scut.TestReturn{
Error: nil,
Score: checker.MinResultScore,
NumberOfWarn: 13,
NumberOfWarn: 12,
NumberOfInfo: 0,
NumberOfDebug: 0,
}
Expand Down
2 changes: 0 additions & 2 deletions probes/entries.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ import (
"github.com/ossf/scorecard/v4/probes/fuzzedWithGoNative"
"github.com/ossf/scorecard/v4/probes/fuzzedWithJavaJazzerFuzzer"
"github.com/ossf/scorecard/v4/probes/fuzzedWithOSSFuzz"
"github.com/ossf/scorecard/v4/probes/fuzzedWithOneFuzz"
"github.com/ossf/scorecard/v4/probes/fuzzedWithPropertyBasedHaskell"
"github.com/ossf/scorecard/v4/probes/fuzzedWithPropertyBasedJavascript"
"github.com/ossf/scorecard/v4/probes/fuzzedWithPropertyBasedTypescript"
Expand Down Expand Up @@ -73,7 +72,6 @@ var (
}
Fuzzing = []ProbeImpl{
fuzzedWithOSSFuzz.Run,
fuzzedWithOneFuzz.Run,
fuzzedWithGoNative.Run,
fuzzedWithPythonAtheris.Run,
fuzzedWithCLibFuzzer.Run,
Expand Down
32 changes: 0 additions & 32 deletions probes/fuzzedWithOneFuzz/def.yml

This file was deleted.

39 changes: 0 additions & 39 deletions probes/fuzzedWithOneFuzz/impl.go

This file was deleted.

Loading

0 comments on commit 87c2d3c

Please sign in to comment.