Updates to support easily running OSS-Fuzz using local repo sources

DaveLak · DaveLak · commit 576a858b7298 · 2024-04-11T22:06:05.000-04:00
- Updates the fuzzing documentation to include steps for working with
  locally modified versions of the gitpython repository.
- Updates the build.sh script to make the fuzz target search path more
  specific, reducing the risk of local OSS-Fuzz builds picking up
  files located outside of where we expect them (for example, in a .venv
  directory.)
- add artifacts produced by local OSS-Fuzz runs to gitignore
diff --git a/.gitignore b/.gitignore
@@ -47,3 +47,6 @@ output.txt
 
 # Finder metadata
 .DS_Store
+
+# Files created by OSS-Fuzz when running locally
+fuzz_*.pkg.spec
diff --git a/fuzzing/README.md b/fuzzing/README.md
@@ -134,8 +134,10 @@ containers.
 Set environment variables to simplify command usage:
 
 ```shell
-export SANITIZER=address  # Can be either 'address' or 'undefined'.
-export FUZZ_TARGET=fuzz_config # specify the fuzz target without the .py extension.
+# $SANITIZER can be either 'address' or 'undefined':
+export SANITIZER=address
+# specify the fuzz target without the .py extension:
+export FUZZ_TARGET=fuzz_config
 ```
 
 #### Build and Run
@@ -149,6 +151,19 @@ python infra/helper.py build_image gitpython
 python infra/helper.py build_fuzzers --sanitizer $SANITIZER gitpython
 ```
 
+> [!TIP]
+> The `build_fuzzers` command above accepts a local file path pointing to your gitpython repository clone as the last
+> argument.
+> This makes it easy to build fuzz targets you are developing locally in this repository without changing anything in
+> the OSS-Fuzz repo!
+> For example, if you have cloned this repository (or a fork of it) into: `~/code/GitPython`
+> Then running this command would build new or modified fuzz targets using the `~/code/GitPython/fuzzing/fuzz-targets`
+> directory:
+> ```shell
+> python infra/helper.py build_fuzzers --sanitizer $SANITIZER gitpython ~/code/GitPython
+> ```
+
+
 Verify the build of your fuzzers with the optional `check_build` command:
 
 ```shell
diff --git a/fuzzing/oss-fuzz-scripts/build.sh b/fuzzing/oss-fuzz-scripts/build.sh
@@ -13,7 +13,7 @@ find "$SEED_DATA_DIR" \( -name '*_seed_corpus.zip' -o -name '*.options' -o -name
   -exec cp {} "$OUT" \;
 
 # Build fuzzers in $OUT.
-find "$SRC" -name 'fuzz_*.py' -print0 | while IFS= read -r -d $'\0' fuzz_harness; do
+find "$SRC/gitpython/fuzzing" -name 'fuzz_*.py' -print0 | while IFS= read -r -d $'\0' fuzz_harness; do
   compile_python_fuzzer "$fuzz_harness"
 
   common_base_dictionary_filename="$SEED_DATA_DIR/__base.dict"
