-
Notifications
You must be signed in to change notification settings - Fork 407
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Co-authored-by: xansec <[email protected]>
- Loading branch information
1 parent
6d4fb2e
commit 67e799f
Showing
8 changed files
with
906 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
name: Mayhem | ||
on: | ||
push: | ||
pull_request: | ||
workflow_dispatch: | ||
workflow_call: | ||
|
||
env: | ||
REGISTRY: ghcr.io | ||
IMAGE_NAME: ${{ github.repository }} | ||
NEW_MAC: Mayhemfile.new_mac | ||
CHECK_TUN_NAME: Mayhemfile.check_tun_name | ||
|
||
jobs: | ||
build: | ||
name: ${{ matrix.os }} shared=${{ matrix.shared }} ${{ matrix.build_type }} | ||
runs-on: ${{ matrix.os }} | ||
permissions: | ||
packages: write | ||
# required for all workflows | ||
security-events: write | ||
|
||
# only required for workflows in private repositories | ||
actions: read | ||
contents: read | ||
strategy: | ||
matrix: | ||
os: [ubuntu-latest] | ||
shared: [false] | ||
build_type: [Release] | ||
include: | ||
- os: ubuntu-latest | ||
triplet: x64-linux | ||
|
||
steps: | ||
- uses: actions/checkout@v2 | ||
|
||
- name: Log in to the Container registry | ||
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Extract metadata (tags, labels) for Docker | ||
id: meta | ||
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 | ||
with: | ||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
|
||
- name: Build and push Docker image | ||
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc | ||
with: | ||
context: . | ||
push: true | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} | ||
|
||
#- name: Start analysis for check_tun_name | ||
# uses: ForAllSecure/mcode-action@v1 | ||
# with: | ||
# mayhem-token: ${{ secrets.MAYHEM_TOKEN }} | ||
# args: --image ${{ steps.meta.outputs.tags }} --duration 300 --file ${{ env.CHECK_TUN_NAME }} | ||
# sarif-output: sarif | ||
|
||
- name: Start analysis for new_mac | ||
uses: ForAllSecure/mcode-action@v1 | ||
with: | ||
mayhem-token: ${{ secrets.MAYHEM_TOKEN }} | ||
args: --image ${{ steps.meta.outputs.tags }} --duration 300 --file ${{ env.NEW_MAC }} | ||
sarif-output: sarif | ||
|
||
- name: Upload SARIF file(s) | ||
uses: github/codeql-action/upload-sarif@v1 | ||
with: | ||
sarif_file: sarif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
# Build Stage | ||
FROM --platform=linux/amd64 ubuntu:20.04 as builder | ||
|
||
## Install build dependencies. | ||
# Update default packages | ||
RUN apt-get update | ||
|
||
# Get Ubuntu packages | ||
RUN apt-get install -y build-essential curl sudo | ||
|
||
# Get Rust | ||
RUN curl https://sh.rustup.rs -sSf | bash -s -- -y | ||
ENV PATH="/root/.cargo/bin:${PATH}" | ||
|
||
## Add source code to the build stage. | ||
ADD . /boringtun | ||
WORKDIR /boringtun/boringtun | ||
|
||
# Configure Rust and build fuzz file | ||
RUN rustup default nightly | ||
RUN cargo install cargo-fuzz | ||
RUN cargo fuzz build --target x86_64-unknown-linux-gnu new_mac | ||
|
||
# Package Stage | ||
FROM --platform=linux/amd64 ubuntu:20.04 | ||
COPY --from=builder /boringtun/boringtun/fuzz/target/x86_64-unknown-linux-gnu/release / |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
project: boringtun | ||
target: new_mac | ||
|
||
cmds: | ||
- cmd: /new_mac | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
target | ||
# corpus | ||
artifacts |
Oops, something went wrong.