mozillasecurity / fuzzfetch Goto Github PK
View Code? Open in Web Editor NEWDownloader for Firefox/jsshell builds for fuzzing.
License: Mozilla Public License 2.0
Downloader for Firefox/jsshell builds for fuzzing.
License: Mozilla Public License 2.0
Traceback (most recent call last):
File "/usr/lib/python2.7/runpy.py", line 174, in _run_module_as_main
"__main__", fname, loader, pkg_name)
File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
exec code in run_globals
File "/home/user/code/fuzzfetch/src/fuzzfetch/__main__.py", line 9, in <module>
Fetcher.main()
File "/home/user/code/fuzzfetch/src/fuzzfetch/fetch.py", line 680, in main
obj.extract_build(out_tmp, tests=extract_args['tests'], full_symbols=extract_args['full_symbols'])
File "/home/user/code/fuzzfetch/src/fuzzfetch/fetch.py", line 377, in extract_build
self.extract_tar(path)
File "/home/user/code/fuzzfetch/src/fuzzfetch/fetch.py", line 513, in extract_tar
for member in tar.getmembers():
File "/usr/lib/python2.7/tarfile.py", line 1836, in getmembers
self._load() # all members, we first have to
File "/usr/lib/python2.7/tarfile.py", line 2417, in _load
tarinfo = self.next()
File "/usr/lib/python2.7/tarfile.py", line 2348, in next
self.fileobj.seek(self.offset - 1)
EOFError: compressed file ended before the logical end-of-stream was detected
Need to add support for win32/64 & linux32 builds.
DOMFuzz may be useful as a reference.
This should also include overriding which platform you want (eg. downloading 32-bit on a 64-bit platform).
Add a buildflags
field to the fuzzmanager metadata and populate it with the actual build flag.
I.e. debug == --enable-debug
Updating mock fixtures for test_nearest_retrieval is too difficult. I added a skip for now.
This used to work correctly:
fuzzfetch -a --fuzzing -n ~/build --tests common reftests gtest
[2018-08-14 07:56:49] Identified task: https://index.taskcluster.net/v1/task/gecko.v2.mozilla-central.latest.firefox.linux64-fuzzing-asan-opt
[2018-08-14 07:56:49] > Task ID: Y8DJ8m1FTMC2SZz8cntzlA
[2018-08-14 07:56:49] > Rank: 1534239069
[2018-08-14 07:56:49] > Changeset: 914b3b370ad059a04ad751642b74e013f8e3ad08
[2018-08-14 07:56:49] > Build ID: 20180814093109
[2018-08-14 07:56:49] > Downloading and extracting archive: https://queue.taskcluster.net/v1/task/Y8DJ8m1FTMC2SZz8cntzlA/artifacts/public/build/target.tar.bz2 ..
[2018-08-14 07:57:49] > Downloading and extracting archive: https://queue.taskcluster.net/v1/task/Y8DJ8m1FTMC2SZz8cntzlA/artifacts/public/build/target.common.tests.zip ..
Traceback (most recent call last):
File "/usr/local/bin/fuzzfetch", line 11, in
load_entry_point('fuzzfetch==0.6.0', 'console_scripts', 'fuzzfetch')()
File "build/bdist.linux-x86_64/egg/fuzzfetch/fetch.py", line 755, in main
File "build/bdist.linux-x86_64/egg/fuzzfetch/fetch.py", line 448, in extract_build
File "build/bdist.linux-x86_64/egg/fuzzfetch/fetch.py", line 553, in extract_zip
File "build/bdist.linux-x86_64/egg/fuzzfetch/fetch.py", line 74, in _get_url
fuzzfetch.fetch.FetcherException: 404 Client Error: Not Found for url: https://queue.taskcluster.net/v1/task/Y8DJ8m1FTMC2SZz8cntzlA/artifacts/public/build/target.common.tests.zip
Removing common:
fuzzfetch -a --fuzzing -n ~/build --tests reftests gtest
[2018-08-14 08:46:52] Identified task: https://index.taskcluster.net/v1/task/gecko.v2.mozilla-central.latest.firefox.linux64-fuzzing-asan-opt
[2018-08-14 08:46:52] > Task ID: Y8DJ8m1FTMC2SZz8cntzlA
[2018-08-14 08:46:52] > Rank: 1534239069
[2018-08-14 08:46:52] > Changeset: 914b3b370ad059a04ad751642b74e013f8e3ad08
[2018-08-14 08:46:52] > Build ID: 20180814093109
[2018-08-14 08:46:52] > Downloading and extracting archive: https://queue.taskcluster.net/v1/task/Y8DJ8m1FTMC2SZz8cntzlA/artifacts/public/build/target.tar.bz2 ..
[2018-08-14 08:47:52] > Downloading and extracting archive: https://queue.taskcluster.net/v1/task/Y8DJ8m1FTMC2SZz8cntzlA/artifacts/public/build/target.reftest.tests.zip ..
Traceback (most recent call last):
File "/usr/local/bin/fuzzfetch", line 11, in
load_entry_point('fuzzfetch==0.6.0', 'console_scripts', 'fuzzfetch')()
File "build/bdist.linux-x86_64/egg/fuzzfetch/fetch.py", line 755, in main
File "build/bdist.linux-x86_64/egg/fuzzfetch/fetch.py", line 450, in extract_build
File "build/bdist.linux-x86_64/egg/fuzzfetch/fetch.py", line 553, in extract_zip
File "build/bdist.linux-x86_64/egg/fuzzfetch/fetch.py", line 74, in _get_url
fuzzfetch.fetch.FetcherException: 404 Client Error: Not Found for url: https://queue.taskcluster.net/v1/task/Y8DJ8m1FTMC2SZz8cntzlA/artifacts/public/build/target.reftest.tests.zip
Removing reftests and common works properly:
fuzzfetch -a --fuzzing -n ~/build --tests gtest
[2018-08-14 08:48:43] Identified task: https://index.taskcluster.net/v1/task/gecko.v2.mozilla-central.latest.firefox.linux64-fuzzing-asan-opt
[2018-08-14 08:48:43] > Task ID: Y8DJ8m1FTMC2SZz8cntzlA
[2018-08-14 08:48:43] > Rank: 1534239069
[2018-08-14 08:48:43] > Changeset: 914b3b370ad059a04ad751642b74e013f8e3ad08
[2018-08-14 08:48:43] > Build ID: 20180814093109
[2018-08-14 08:48:43] > Downloading and extracting archive: https://queue.taskcluster.net/v1/task/Y8DJ8m1FTMC2SZz8cntzlA/artifacts/public/build/target.tar.bz2 ..
[2018-08-14 08:49:43] > Downloading and extracting archive: https://queue.taskcluster.net/v1/task/Y8DJ8m1FTMC2SZz8cntzlA/artifacts/public/build/target.gtest.tests.zip ..
fuzzfetch fails to pull down the coverage build when trying from windows. If you specify debug using -d then it will pull down a debug build.
These are packaged very differently.
Using 7z instead of libbz2 is about twice as fast due to multi-threading. We should use 7z in a sub-process if it is installed.
fuzzfetch -d -a -n /build --tests common reftests gtest
[2017-09-06 23:05:22] Identified task: https://index.taskcluster.net/v1//task/gecko.v2.mozilla-central.latest.firefox.linux64-asan-debug
[2017-09-06 23:05:22] > Task ID: JWUeT0H2SyO5Jm7N_-BOug
[2017-09-06 23:05:22] > Rank: 1504719482
[2017-09-06 23:05:22] > Changeset: 93dd2e456c0ecca00fb4d28744e88078a77deaf7
[2017-09-06 23:05:22] > Build ID: 20170906173802
[2017-09-06 23:05:22] > Downloading and extracting archive: https://queue.taskcluster.net/v1/task/JWUeT0H2SyO5Jm7N_-BOug/artifacts/public/build/target.tar.bz2 ..
[2017-09-06 23:07:07] > Downloading and extracting archive: https://queue.taskcluster.net/v1/task/JWUeT0H2SyO5Jm7N_-BOug/artifacts/public/build/target.common.tests.zip ..
[2017-09-06 23:07:16] > Downloading and extracting archive: https://queue.taskcluster.net/v1/task/JWUeT0H2SyO5Jm7N_-BOug/artifacts/public/build/target.reftest.tests.zip ..
[2017-09-06 23:07:24] > Downloading and extracting archive: https://queue.taskcluster.net/v1/task/JWUeT0H2SyO5Jm7N_-BOug/artifacts/public/build/target.gtest.tests.zip ..
Traceback (most recent call last):
File "/usr/local/bin/fuzzfetch", line 9, in
load_entry_point('fuzzfetch==0.5.3', 'console_scripts', 'fuzzfetch')()
File "/usr/local/lib/python2.7/dist-packages/fuzzfetch/fetch.py", line 629, in main
obj.extract_build(out_tmp, tests=extract_args['tests'], full_symbols=extract_args['full_symbols'])
File "/usr/local/lib/python2.7/dist-packages/fuzzfetch/fetch.py", line 368, in extract_build
os.path.join(path, 'dependentlibs.list.gtest'))
File "/usr/lib/python2.7/shutil.py", line 119, in copy
copyfile(src, dst)
File "/usr/lib/python2.7/shutil.py", line 82, in copyfile
with open(src, 'rb') as fsrc:
IOError: [Errno 2] No such file or directory: u'gtest/dependentlibs.list.gtest'
eg. 20210429122950
This should be easy to add since they are already listed this way under pushdate
(https://firefox-ci-tc.services.mozilla.com/tasks/index/gecko.v2.mozilla-central.pushdate.2021.04.29.20210429122950.firefox)
py.typed
should be in an empty file in src/fuzzfetch
since @jschwartzentruber added type information in rev 48d367c.
setup.cfg
should also have py.typed
mentioned in package_data
under [options]
.
See https://www.python.org/dev/peps/pep-0561/#packaging-type-information
pip install fuzzfetch
Collecting fuzzfetch
Downloading fuzzfetch-0.5.4.tar.gz
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File "", line 1, in
File "/tmp/pip-build-33YAft/fuzzfetch/setup.py", line 28, in
install_requires=open('requirements.txt').read().strip().splitlines(),
IOError: [Errno 2] No such file or directory: 'requirements.txt'
tar zxvf fuzzfetch-0.5.4.tar.gz
fuzzfetch-0.5.4/
fuzzfetch-0.5.4/src/
fuzzfetch-0.5.4/src/fuzzfetch/
fuzzfetch-0.5.4/src/fuzzfetch/init.py
fuzzfetch-0.5.4/src/fuzzfetch/main.py
fuzzfetch-0.5.4/src/fuzzfetch/fetch.py
fuzzfetch-0.5.4/src/fuzzfetch.egg-info/
fuzzfetch-0.5.4/src/fuzzfetch.egg-info/PKG-INFO
fuzzfetch-0.5.4/src/fuzzfetch.egg-info/SOURCES.txt
fuzzfetch-0.5.4/src/fuzzfetch.egg-info/dependency_links.txt
fuzzfetch-0.5.4/src/fuzzfetch.egg-info/entry_points.txt
fuzzfetch-0.5.4/src/fuzzfetch.egg-info/requires.txt
fuzzfetch-0.5.4/src/fuzzfetch.egg-info/top_level.txt
fuzzfetch-0.5.4/README.md
fuzzfetch-0.5.4/setup.cfg
fuzzfetch-0.5.4/setup.py
fuzzfetch-0.5.4/PKG-INFO
When downloading a build with fuzzfetch it would be nice if the appropriate minidump_stackwalk executable was also downloaded for that build
Validate builds after download via TC's target.checksum.
bug 1681209 is adding support for -noopt
builds in TC. We should support downloading these.
Example namespaces:
Passing the full namespace to --build
already works, but the folder name for the asan build is wrong:
try-20210513204114-fuzzing-asan-opt
try-20210513204114-fuzzing-noopt-debug
We need to add --noopt
(or --no-opt
?) as a command-line option and a BuildFlags
entry.
Using 7z is much faster, we should notify users when it is not installed.
On py3 os.symlink is available, but may require administrator.
Symlinks are used to support domfuzz's historical layout. Domfuzz should support the newer layout and then this can be dropped.
Gtest also uses a symlink for the dependentlibs.list.gtest. We can probably copy this instead.
This is causing some pylint warnings on windows only.
Add argument to emit version information.
Both fuzzfetch -a
and fuzzfetch --inbound -a
return old builds on win64.
https://ci.appveyor.com/project/MozillaSecurity/fuzzfetch/build/1.0.5/job/kjs7wslmyyn5894k
Currently, fuzzfetch can only be used to download a single target at a time. As suggested by @jschwartzentruber, it would be convenient to accept a list of args (i.e. firefox, js, gtest, common, etc
).
It would be good to have the ability to download searchfox data, for example this task:
What we need from this task:
The actual build from that isn't needed as far as I can tell.
This data exists on multiple OSes and should be supported as such, but afaik these are all debug configurations.
lrwxr-xr-x 1 posidron staff 2 Jun 1 23:03 bin -> ..
Nightly.app/Contents/MacOS contains the stuff but 'bin' in 'dist' is linked to the parent.
Encountered this on an M1 Max when trying to follow the command-line instructions at https://bugzilla.mozilla.org/show_bug.cgi?id=1798769#c0. Specfically, the command
python -m fuzzfetch --build 2db9822e6dd3 --debug --fuzzing -n firefox
results in this error.
Add the build string to firefox.fuzzmanagerconf so that we can identify the build later.
We need to add an argument to Fetcher & command-line flags to specify downloading win32 on win64 or linux on linux64.
datetime.strptime()
returns a naive datetime
object by default. TaskCluster uses UTC, we should make that explicit.
With the recent change[1] to fuzzing-debug builds crashreporter-symbols.zip is no longer built. This breaks the downloads.
$ python -m fuzzfetch --fuzzing -a -o ~/workspace/browsers/
[2019-08-06 19:38:20] Identified task: https://index.taskcluster.net/v1/task/gecko.v2.mozilla-central.latest.firefox.macosx64-fuzzing-asan-opt
[2019-08-06 19:38:20] > Task ID: SXe6uN7XRKaS2y6UUNFLLg
[2019-08-06 19:38:20] > Rank: 1565127812
[2019-08-06 19:38:20] > Changeset: fb699b3c084c8d35e52f2b282de90ecb7b0992cd
[2019-08-06 19:38:20] > Build ID: 20190806214332
[2019-08-06 19:38:20] > Downloading: https://queue.taskcluster.net/v1/task/SXe6uN7XRKaS2y6UUNFLLg/artifacts/public/build/target.dmg (143.12MB total)
[2019-08-06 19:38:27] .. downloaded (18.66MB/s)
[2019-08-06 19:38:27] .. extracting
Traceback (most recent call last):
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/runpy.py", line 162, in _run_module_as_main
"__main__", fname, loader, pkg_name)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/runpy.py", line 72, in _run_code
exec code in run_globals
File "/Users/tsmith2/code/fuzzfetch/src/fuzzfetch/__main__.py", line 10, in <module>
Fetcher.main()
File "/Users/tsmith2/code/fuzzfetch/src/fuzzfetch/fetch.py", line 862, in main
obj.extract_build(out, tests=extract_args['tests'], full_symbols=extract_args['full_symbols'])
File "/Users/tsmith2/code/fuzzfetch/src/fuzzfetch/fetch.py", line 568, in extract_build
self._write_fuzzmanagerconf(path)
File "/Users/tsmith2/code/fuzzfetch/src/fuzzfetch/fetch.py", line 604, in _write_fuzzmanagerconf
assert len(ff_loc) == 1
AssertionError
Currently we try fetching metadata for all supported builds from production TaskCluster.
We should mirror the requests made and commit them in so we can mock them with the built-in HTTP server implementation. We should also add stripped down data files (zip/tar.bz2/dmg) with 0-length contents to test extraction.
Not a big deal but following the tutorial https://github.com/MozillaSecurity/grizzly/wiki/Getting-Started
I get:
% python2 -m fuzzfetch -a -n firefox --fuzzing -o $CODE/browsers/
Traceback (most recent call last):
File "/usr/lib/python2.7/runpy.py", line 163, in _run_module_as_main
mod_name, _Error)
File "/usr/lib/python2.7/runpy.py", line 111, in _get_module_details
__import__(mod_name) # Do not catch exceptions initializing package
File "/home/sylvestre/dev/mozilla/fuzzfetch/src/fuzzfetch/__init__.py", line 7, in <module>
from .fetch import * # noqa pylint: disable=wildcard-import
File "/home/sylvestre/dev/mozilla/fuzzfetch/src/fuzzfetch/fetch.py", line 28, in <module>
import configparser # pylint: disable=wrong-import-order
File "/home/sylvestre/.local/lib/python2.7/site-packages/configparser.py", line 11, in <module>
from backports.configparser import (
ImportError: cannot import name ConverterMapping
Removing the Debian package was enough to fix the issue
sudo apt remove python-configparser
(but remove flake8 too)
xpcshell
is contained in common.tests.zip
under the common
folder, but it needs to be next to the firefox binary for it to find some locale data settings. We should move it after extraction.
It also needs xpcshell.fuzzmanagerconf
created for FuzzManager.
Instead of using requests to navigate Taskcluster, we should use the actual Python API for it:
https://github.com/taskcluster/taskcluster/tree/master/clients/client-py#readme
Exception for network errors and invalid builds is currently the same.
fuzzfetch.FetcherException: Unable to find usable archive...
This makes it unclear if invalid build is being requested or something else is wrong.
As of January 1 2019, Mozilla requires that all GitHub projects include this CODE_OF_CONDUCT.md file in the project root. The file has two parts:
If you have any questions about this file, or Code of Conduct policies and procedures, please see Mozilla-GitHub-Standards or email [email protected].
(Message COC001)
We'll need to fixate linter versions to prevent new linter checks from failing our CI tests if we are not really ready for them.
In automation we expect the symbols
directory to be unpacked in to the same directory as the Firefox binary
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.