From da2f2ae00a76502d9bc57e59f5f3e2229cd01897 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 15:42:38 +0200 Subject: [PATCH 01/86] persist credentials: false --- .github/workflows/ci.yml | 10 ++++++++++ .github/workflows/pages-ci.yml | 4 +++- .github/workflows/pages.yml | 4 +++- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 43da0775..ef5d59d4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,7 +27,9 @@ jobs: - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: + persist-credentials: false repository: curl/curl-fuzzer + - name: Set matrix id: set-matrix run: | @@ -95,7 +97,9 @@ jobs: - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: + persist-credentials: false repository: curl/curl-fuzzer + - name: Install Dependencies run: | sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list @@ -114,7 +118,9 @@ jobs: - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: + persist-credentials: false repository: curl/curl-fuzzer + - name: Install Dependencies run: | sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list @@ -130,15 +136,19 @@ jobs: - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: + persist-credentials: false repository: curl/curl-fuzzer + - name: Set up Python uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 with: python-version: '3.12' + - name: Install test dependencies run: | python -m pip install --upgrade pip pip install pytest + - name: Run TLV constants sync test run: pytest tests/test_tlv_constants_sync.py diff --git a/.github/workflows/pages-ci.yml b/.github/workflows/pages-ci.yml index 226e3a30..c4011a74 100644 --- a/.github/workflows/pages-ci.yml +++ b/.github/workflows/pages-ci.yml @@ -15,7 +15,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 9d224c3e..35c9db0e 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -19,7 +19,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 From 34c89e5ea2a6195f9f9cc64a8858191bad899d5f Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 15:44:58 +0200 Subject: [PATCH 02/86] order/formatting --- .github/workflows/pages.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 35c9db0e..488e6fc1 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -5,15 +5,15 @@ on: branches: [master] workflow_dispatch: +concurrency: + group: "pages" + cancel-in-progress: false + permissions: contents: read pages: write id-token: write -concurrency: - group: "pages" - cancel-in-progress: false - jobs: build: runs-on: ubuntu-latest From 025a1d0c47b6d3f6d00853b497ba7832301f824d Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 15:45:31 +0200 Subject: [PATCH 03/86] pages-ci.yml permissions: {} --- .github/workflows/pages-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/pages-ci.yml b/.github/workflows/pages-ci.yml index c4011a74..6a6cb8f7 100644 --- a/.github/workflows/pages-ci.yml +++ b/.github/workflows/pages-ci.yml @@ -7,8 +7,7 @@ on: branches: [master] workflow_dispatch: -permissions: - contents: read +permissions: {} jobs: test: From f30e86612a9d651331adaa24f9e8e33f2d246692 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 15:47:01 +0200 Subject: [PATCH 04/86] sync upload-artifacts version with other jobs --- .github/workflows/pages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 488e6fc1..0c0f6a4b 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -37,7 +37,7 @@ jobs: run: python -m curl_fuzzer_tools.generate_decoder_html - name: Upload artifact - uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: path: docs From 54ffb886c98722df7893a04994ddca2fdd54468a Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 15:48:31 +0200 Subject: [PATCH 05/86] pages.yml limit permissions to deploy job --- .github/workflows/pages.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 0c0f6a4b..1e9a1e34 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -9,11 +9,6 @@ concurrency: group: "pages" cancel-in-progress: false -permissions: - contents: read - pages: write - id-token: write - jobs: build: runs-on: ubuntu-latest @@ -44,6 +39,9 @@ jobs: deploy: needs: build runs-on: ubuntu-latest + permissions: + pages: write + id-token: write environment: name: github-pages url: ${{ steps.deployment.outputs.page_url }} From af44f189339dbf58b884fbb3ca5cadc5a22e2ce9 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 15:50:24 +0200 Subject: [PATCH 06/86] silence zizmor about unpinned oss-fuzz action --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ef5d59d4..157921e1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,7 +42,7 @@ jobs: steps: # Use the CIFuzz job to test the repository. - name: Build Fuzzers - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master # zizmor: ignore[unpinned-uses] with: oss-fuzz-project-name: 'curl' dry-run: false @@ -73,7 +73,7 @@ jobs: - name: Display extracted files run: ls -laR build-out/ - name: Run Fuzzer ${{ matrix.fuzzer }} - uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master # zizmor: ignore[unpinned-uses] with: oss-fuzz-project-name: 'curl' fuzz-seconds: 120 @@ -157,7 +157,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Build Fuzzers - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master # zizmor: ignore[unpinned-uses] with: oss-fuzz-project-name: 'curl' dry-run: false From 90f8921ccf2f2ca8160efcb33199c1be7b89b219 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 15:52:13 +0200 Subject: [PATCH 07/86] use full version for python install action --- .github/workflows/ci.yml | 2 +- .github/workflows/pages-ci.yml | 2 +- .github/workflows/pages.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 157921e1..74879544 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -140,7 +140,7 @@ jobs: repository: curl/curl-fuzzer - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: '3.12' diff --git a/.github/workflows/pages-ci.yml b/.github/workflows/pages-ci.yml index 6a6cb8f7..5da81e5b 100644 --- a/.github/workflows/pages-ci.yml +++ b/.github/workflows/pages-ci.yml @@ -19,7 +19,7 @@ jobs: persist-credentials: false - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: "3.12" diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 1e9a1e34..cfa4d726 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -19,7 +19,7 @@ jobs: persist-credentials: false - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: "3.12" From cf4b5e900cd5251824558f1b9eddd1ba8bedb0c2 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 15:52:50 +0200 Subject: [PATCH 08/86] use full version for deploy-pages action --- .github/workflows/pages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index cfa4d726..bf6f9e8e 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -48,4 +48,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 From eda6e78db6432414b57331cf5db67f759b192e7e Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 15:55:49 +0200 Subject: [PATCH 09/86] avoid GH macros in shell code --- .github/workflows/ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 74879544..229b4bdb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -64,12 +64,14 @@ jobs: runs-on: ubuntu-latest strategy: matrix: ${{ fromJSON(needs.DetermineMatrix.outputs.matrix) }} + env: + MATRIX_FUZZER: '${{ matrix.fuzzer }}' steps: - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: fuzz_tar - name: Unpack fuzzer ${{ matrix.fuzzer }} - run: tar xvf fuzz.tar build-out/${{ matrix.fuzzer }} build-out/${{ matrix.fuzzer }}_seed_corpus.zip + run: tar xvf fuzz.tar build-out/"${MATRIX_FUZZER}" build-out/"${MATRIX_FUZZER}"_seed_corpus.zip - name: Display extracted files run: ls -laR build-out/ - name: Run Fuzzer ${{ matrix.fuzzer }} From 85118a5ca7e082d15ffd7e0f3b991dc3b385a68c Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 15:56:23 +0200 Subject: [PATCH 10/86] pages.yml permissions: {} by default --- .github/workflows/pages.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index bf6f9e8e..4341c658 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -9,6 +9,8 @@ concurrency: group: "pages" cancel-in-progress: false +permissions: {} + jobs: build: runs-on: ubuntu-latest From 63b90e42221ab3694ff77a8af14a45a0a0619892 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 16:00:44 +0200 Subject: [PATCH 11/86] add name for each job for zizmor pedantic --- .github/workflows/ci.yml | 7 +++++++ .github/workflows/pages-ci.yml | 1 + .github/workflows/pages.yml | 2 ++ 3 files changed, 10 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 229b4bdb..c87ab902 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,6 +20,7 @@ permissions: {} jobs: DetermineMatrix: + name: 'Determine matrix' runs-on: ubuntu-latest outputs: matrix: ${{ steps.set-matrix.outputs.matrix }} @@ -38,6 +39,7 @@ jobs: python3 -m generate_matrix | tee $GITHUB_OUTPUT BuildFuzzers: + name: 'Build fuzzers' runs-on: ubuntu-latest steps: # Use the CIFuzz job to test the repository. @@ -60,6 +62,7 @@ jobs: path: fuzz.tar RunFuzzers: + name: 'Run fuzzers' needs: [ BuildFuzzers, DetermineMatrix ] runs-on: ubuntu-latest strategy: @@ -88,6 +91,7 @@ jobs: path: ./out/artifacts Mainline: + name: 'Mainline' strategy: matrix: sanitizer: @@ -115,6 +119,7 @@ jobs: run: ./mainline.sh just_dependencies: + name: 'Just dependencies' runs-on: ubuntu-latest steps: - name: Checkout @@ -133,6 +138,7 @@ jobs: run: ./scripts/compile_target.sh deps PythonTests: + name: 'Python tests' runs-on: ubuntu-latest steps: - name: Checkout @@ -156,6 +162,7 @@ jobs: # Ensure that the repository can be built for i386 Testi386: + name: 'Test i386' runs-on: ubuntu-latest steps: - name: Build Fuzzers diff --git a/.github/workflows/pages-ci.yml b/.github/workflows/pages-ci.yml index 5da81e5b..a16ee412 100644 --- a/.github/workflows/pages-ci.yml +++ b/.github/workflows/pages-ci.yml @@ -11,6 +11,7 @@ permissions: {} jobs: test: + name: 'Test pages' runs-on: ubuntu-latest steps: - name: Checkout diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 4341c658..b5cba77b 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -13,6 +13,7 @@ permissions: {} jobs: build: + name: 'Build pages' runs-on: ubuntu-latest steps: - name: Checkout @@ -39,6 +40,7 @@ jobs: path: docs deploy: + name: 'Deploy pages' needs: build runs-on: ubuntu-latest permissions: From b0df63a635e9f4d06b2798400eda364639ba7398 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 16:02:40 +0200 Subject: [PATCH 12/86] say why we need write permisions (for zizmor) copied from the action readme --- .github/workflows/pages.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index b5cba77b..f548ba0f 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -44,8 +44,8 @@ jobs: needs: build runs-on: ubuntu-latest permissions: - pages: write - id-token: write + pages: write # To deploy to Pages + id-token: write # To verify the deployment originates from an appropriate source environment: name: github-pages url: ${{ steps.deployment.outputs.page_url }} From f4931604175340815f62902a0a99e3dfb02285d5 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 16:06:12 +0200 Subject: [PATCH 13/86] add zizmor job --- .github/workflows/checksrc.yml | 39 ++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/checksrc.yml diff --git a/.github/workflows/checksrc.yml b/.github/workflows/checksrc.yml new file mode 100644 index 00000000..6124376f --- /dev/null +++ b/.github/workflows/checksrc.yml @@ -0,0 +1,39 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: 'Source' + +'on': + push: + branches: + - master + pull_request: + branches: + - master + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +jobs: + linters: + name: 'linters' + runs-on: ubuntu-latest + steps: + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + + - name: 'install prereqs' + run: | + /home/linuxbrew/.linuxbrew/bin/brew install zizmor + + - name: 'zizmor GHA' + env: + GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" + zizmor --pedantic .github/workflows/*.yml From 678575a6af08231716e3544cc534d0ffb5dbdd11 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 16:14:24 +0200 Subject: [PATCH 14/86] sh: add missing quote, drop no longer used var, fixup printf mask, shellcheck warnings --- generate_fnmatch.sh | 2 +- mainline.sh | 4 ++-- ossfuzz.sh | 10 ++++------ 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/generate_fnmatch.sh b/generate_fnmatch.sh index df85f854..77bf5565 100755 --- a/generate_fnmatch.sh +++ b/generate_fnmatch.sh @@ -1,4 +1,4 @@ #!/bin/bash # Redirect the output of this script to a test file. -printf "$1\0$2\0" +printf '%s\0%s\0' "$1" "$2" diff --git a/mainline.sh b/mainline.sh index 0cb1eae7..c0faf260 100755 --- a/mainline.sh +++ b/mainline.sh @@ -3,7 +3,7 @@ set -ex # Save off the current folder as the build root. -export BUILD_ROOT=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +export BUILD_ROOT; BUILD_ROOT=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) SCRIPTDIR=${BUILD_ROOT}/scripts # Parse the options. @@ -30,4 +30,4 @@ export CXXFLAGS="-fsanitize=address,fuzzer-no-link -stdlib=libstdc++ $FUZZ_FLAG" export CPPFLAGS="$FUZZ_FLAG" export OPENSSLFLAGS="-fno-sanitize=alignment -lstdc++" -${SCRIPTDIR}/compile_target.sh ${TARGET} +"${SCRIPTDIR}"/compile_target.sh "${TARGET}" diff --git a/ossfuzz.sh b/ossfuzz.sh index 895e3d2d..501323a6 100755 --- a/ossfuzz.sh +++ b/ossfuzz.sh @@ -25,9 +25,7 @@ export BUILD_ROOT=$PWD SCRIPTDIR=${BUILD_ROOT}/scripts -. ${SCRIPTDIR}/fuzz_targets - -GDBDIR=/src/gdb +. "${SCRIPTDIR}"/fuzz_targets echo "BUILD_ROOT: $BUILD_ROOT" echo "FUZZ_TARGETS: $FUZZ_TARGETS" @@ -36,7 +34,7 @@ echo "FUZZ_TARGETS: $FUZZ_TARGETS" export CURL_SOURCE_DIR=/src/curl # Compile the fuzzers. -${SCRIPTDIR}/compile_target.sh fuzz +"${SCRIPTDIR}"/compile_target.sh fuzz # Zip up the seed corpus. scripts/create_zip.sh @@ -44,8 +42,8 @@ scripts/create_zip.sh # Copy the fuzzers over. for TARGET in $FUZZ_TARGETS do - cp -v build/${TARGET} ${TARGET}_seed_corpus.zip $OUT/ + cp -v build/"${TARGET}" "${TARGET}"_seed_corpus.zip "$OUT"/ done # Copy dictionary and options file to $OUT. -cp -v ossconfig/*.dict ossconfig/*.options $OUT/ +cp -v ossconfig/*.dict ossconfig/*.options "$OUT"/ From 79608b89900c1535ab8ed5441d6baa08ea7240df Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 16:22:56 +0200 Subject: [PATCH 15/86] sh: add missing quote, drop no longer used var, fixup printf mask, shellcheck warnings cleanup --- ossfuzz.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ossfuzz.sh b/ossfuzz.sh index 501323a6..347d93b7 100755 --- a/ossfuzz.sh +++ b/ossfuzz.sh @@ -42,7 +42,7 @@ scripts/create_zip.sh # Copy the fuzzers over. for TARGET in $FUZZ_TARGETS do - cp -v build/"${TARGET}" "${TARGET}"_seed_corpus.zip "$OUT"/ + cp -v build/"${TARGET}" "${TARGET}_seed_corpus.zip" "$OUT"/ done # Copy dictionary and options file to $OUT. From a4943f6bcbed9922261d40f97be719451d99c994 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 16:23:09 +0200 Subject: [PATCH 16/86] sh: add missing quote, drop no longer used var, fixup printf mask, shellcheck warnings (./scripts/) --- scripts/check_data.sh | 5 +++-- scripts/compile_target.sh | 15 ++++++++------- scripts/create_zip.sh | 8 ++++---- scripts/ossfuzzdeps.sh | 1 - 4 files changed, 15 insertions(+), 14 deletions(-) diff --git a/scripts/check_data.sh b/scripts/check_data.sh index 99002dca..5aece2d2 100755 --- a/scripts/check_data.sh +++ b/scripts/check_data.sh @@ -11,7 +11,7 @@ then fi # Exit if the build root has not been defined. -. ${SCRIPTDIR}/fuzz_targets +. "${SCRIPTDIR}"/fuzz_targets if [[ ${DEBUG} == 1 ]] then @@ -44,6 +44,7 @@ do PERCALL=100 fi - find ${BUILD_ROOT}/corpora/${TARGET}/ ${EXTRA_CORPUS} -type f -print0 | xargs -0 -L${PERCALL} ${BUILD_ROOT}/build/${TARGET} + # shellcheck disable=SC2248 + find "${BUILD_ROOT}/corpora/${TARGET}/" ${EXTRA_CORPUS} -type f -print0 | xargs -0 -L${PERCALL} "${BUILD_ROOT}/build/${TARGET}" fi done diff --git a/scripts/compile_target.sh b/scripts/compile_target.sh index f422bfde..1d65a1ea 100755 --- a/scripts/compile_target.sh +++ b/scripts/compile_target.sh @@ -24,14 +24,14 @@ TARGET=${1:-fuzz} SCRIPTDIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -export BUILD_ROOT=$(readlink -f "${SCRIPTDIR}/..") +export BUILD_ROOT; BUILD_ROOT=$(readlink -f "${SCRIPTDIR}/..") # Check for GDB-specific behaviour by checking for the GDBMODE flag. # - Compile with -O0 so that DEBUGASSERTs can be debugged in gdb. if [[ -n ${GDBMODE:-} ]] then - [[ -n ${CFLAGS:-} ]] && export CFLAGS="${CFLAGS} -O0" || export CFLAGS="-O0" - [[ -n ${CXXFLAGS:-} ]] && export CXXFLAGS="${CXXFLAGS} -O0" || export CXXFLAGS="-O0" + export CFLAGS="${CFLAGS:-} -O0" + export CXXFLAGS="${CXXFLAGS:-} -O0" CMAKE_GDB_FLAG="-DBUILD_GDB=ON" else CMAKE_GDB_FLAG="-DBUILD_GDB=OFF" @@ -58,13 +58,14 @@ echo "MAKEFLAGS: ${MAKEFLAGS}" # Create a build directory for the dependencies. BUILD_DIR=${BUILD_ROOT}/build -mkdir -p ${BUILD_DIR} +mkdir -p "${BUILD_DIR}" options='' command -v ninja >/dev/null 2>&1 && options+=' -G Ninja' # Compile the dependencies. -pushd ${BUILD_DIR} -cmake ${CMAKE_GDB_FLAG} .. ${options} -cmake --build . --target ${TARGET} ${CMAKE_VERBOSE_FLAG} +pushd "${BUILD_DIR}" +# shellcheck disable=SC2086 +cmake "${CMAKE_GDB_FLAG}" .. ${options} +cmake --build . --target "${TARGET}" ${CMAKE_VERBOSE_FLAG} popd diff --git a/scripts/create_zip.sh b/scripts/create_zip.sh index 87c010b3..d9e72bb4 100755 --- a/scripts/create_zip.sh +++ b/scripts/create_zip.sh @@ -5,11 +5,11 @@ set -ex SCRIPTDIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) BUILD_ROOT=$(readlink -f "${SCRIPTDIR}/..") -. ${SCRIPTDIR}/fuzz_targets +. "${SCRIPTDIR}"/fuzz_targets for TARGET in ${FUZZ_TARGETS} do - pushd ${BUILD_ROOT}/corpora/${TARGET} - zip ../../${TARGET}_seed_corpus.zip * - popd + pushd "${BUILD_ROOT}/corpora/${TARGET}" + zip ../../"${TARGET}_seed_corpus.zip" * + popd done diff --git a/scripts/ossfuzzdeps.sh b/scripts/ossfuzzdeps.sh index 2e836762..a950f41e 100755 --- a/scripts/ossfuzzdeps.sh +++ b/scripts/ossfuzzdeps.sh @@ -6,7 +6,6 @@ # Use it to compile and install all the dependencies set -ex -SCRIPTDIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) # Work out if we need to install with sudo or not. if [[ $(id -u) -eq 0 ]] From 8efe6d87924151ab826eb1869afbad66419e9946 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 16:24:18 +0200 Subject: [PATCH 17/86] sh: add missing quote, drop no longer used var, fixup printf mask, shellcheck warnings (./scripts/) cont --- scripts/create_zip.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/create_zip.sh b/scripts/create_zip.sh index d9e72bb4..84601646 100755 --- a/scripts/create_zip.sh +++ b/scripts/create_zip.sh @@ -10,6 +10,6 @@ BUILD_ROOT=$(readlink -f "${SCRIPTDIR}/..") for TARGET in ${FUZZ_TARGETS} do pushd "${BUILD_ROOT}/corpora/${TARGET}" - zip ../../"${TARGET}_seed_corpus.zip" * + zip ../../"${TARGET}_seed_corpus.zip" ./* popd done From 2a6b733826a9c2a7ae67555fd3a3e6a22f374d80 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 16:26:55 +0200 Subject: [PATCH 18/86] move jobs from ci to local 1 --- .github/workflows/build.yml | 60 +++++++++++++++++++++++++++++++++++++ .github/workflows/ci.yml | 43 +------------------------- 2 files changed, 61 insertions(+), 42 deletions(-) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000..54015b91 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,60 @@ +name: Build +'on': + push: + branches: + - master + - main + - '*/ci' + pull_request: + branches: + - master + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +jobs: + just_dependencies: + name: 'Just dependencies' + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + repository: curl/curl-fuzzer + + - name: Install Dependencies + run: | + sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list + sudo apt-get -o Dpkg::Use-Pty=0 update + sudo rm -f /var/lib/man-db/auto-update + sudo apt-get -o Dpkg::Use-Pty=0 install -y cmake clang ninja-build + - name: Compile deps target + run: ./scripts/compile_target.sh deps + + PythonTests: + name: 'Python tests' + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + repository: curl/curl-fuzzer + + - name: Set up Python + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + with: + python-version: '3.12' + + - name: Install test dependencies + run: | + python -m pip install --upgrade pip + pip install pytest + + - name: Run TLV constants sync test + run: pytest tests/test_tlv_constants_sync.py diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c87ab902..c845a508 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -112,54 +112,13 @@ jobs: sudo apt-get -o Dpkg::Use-Pty=0 update sudo rm -f /var/lib/man-db/auto-update sudo apt-get -o Dpkg::Use-Pty=0 install -y cmake clang ninja-build + - name: Compile mainline env: # test with different "sanitizers" SANITIZER: ${{ matrix.sanitizer }} run: ./mainline.sh - just_dependencies: - name: 'Just dependencies' - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - persist-credentials: false - repository: curl/curl-fuzzer - - - name: Install Dependencies - run: | - sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list - sudo apt-get -o Dpkg::Use-Pty=0 update - sudo rm -f /var/lib/man-db/auto-update - sudo apt-get -o Dpkg::Use-Pty=0 install -y cmake clang ninja-build - - name: Compile deps target - run: ./scripts/compile_target.sh deps - - PythonTests: - name: 'Python tests' - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - persist-credentials: false - repository: curl/curl-fuzzer - - - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 - with: - python-version: '3.12' - - - name: Install test dependencies - run: | - python -m pip install --upgrade pip - pip install pytest - - - name: Run TLV constants sync test - run: pytest tests/test_tlv_constants_sync.py - # Ensure that the repository can be built for i386 Testi386: name: 'Test i386' From a2b10cad7e2896c8d2c73deb843c37719a60672f Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 16:30:20 +0200 Subject: [PATCH 19/86] move jobs from ci to local 2 They are building master curl. Seems overkill to run in each curl PR commit. --- .github/workflows/build.yml | 29 +++++++++++++++++++++++++++++ .github/workflows/ci.yml | 29 ----------------------------- 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 54015b91..73ddf0af 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -58,3 +58,32 @@ jobs: - name: Run TLV constants sync test run: pytest tests/test_tlv_constants_sync.py + + Mainline: + name: 'Mainline' + strategy: + matrix: + sanitizer: + - address + - memory + + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + repository: curl/curl-fuzzer + + - name: Install Dependencies + run: | + sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list + sudo apt-get -o Dpkg::Use-Pty=0 update + sudo rm -f /var/lib/man-db/auto-update + sudo apt-get -o Dpkg::Use-Pty=0 install -y cmake clang ninja-build + + - name: Compile mainline + env: + # test with different "sanitizers" + SANITIZER: ${{ matrix.sanitizer }} + run: ./mainline.sh diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c845a508..04fee732 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -90,35 +90,6 @@ jobs: name: artifacts path: ./out/artifacts - Mainline: - name: 'Mainline' - strategy: - matrix: - sanitizer: - - address - - memory - - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - persist-credentials: false - repository: curl/curl-fuzzer - - - name: Install Dependencies - run: | - sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list - sudo apt-get -o Dpkg::Use-Pty=0 update - sudo rm -f /var/lib/man-db/auto-update - sudo apt-get -o Dpkg::Use-Pty=0 install -y cmake clang ninja-build - - - name: Compile mainline - env: - # test with different "sanitizers" - SANITIZER: ${{ matrix.sanitizer }} - run: ./mainline.sh - # Ensure that the repository can be built for i386 Testi386: name: 'Test i386' From 4772856910b1ca58773849c29751c56b931a35c3 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 16:31:28 +0200 Subject: [PATCH 20/86] build.yml cleanup checkout --- .github/workflows/build.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 73ddf0af..966289dd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,7 +25,6 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - repository: curl/curl-fuzzer - name: Install Dependencies run: | @@ -44,7 +43,6 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - repository: curl/curl-fuzzer - name: Set up Python uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 @@ -73,7 +71,6 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - repository: curl/curl-fuzzer - name: Install Dependencies run: | From 768105fc206db0ec4ff423c4e218dba3f784c301 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 16:35:10 +0200 Subject: [PATCH 21/86] checksrc.yml fixup --- .github/workflows/checksrc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checksrc.yml b/.github/workflows/checksrc.yml index 6124376f..2a15d963 100644 --- a/.github/workflows/checksrc.yml +++ b/.github/workflows/checksrc.yml @@ -23,7 +23,7 @@ jobs: name: 'linters' runs-on: ubuntu-latest steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false From 2afde68e2c1d963ba812f037192f4961e22eee18 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 19:21:17 +0200 Subject: [PATCH 22/86] fixup pages upload action --- .github/workflows/pages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index f548ba0f..41e5ab1b 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -35,7 +35,7 @@ jobs: run: python -m curl_fuzzer_tools.generate_decoder_html - name: Upload artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0 with: path: docs From d313e2ba0d1bb6c0141665fbc76cd28bc33b19bd Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 19:31:59 +0200 Subject: [PATCH 23/86] test_corpus_decoder.py fix indent to be consistently 4 test_tlv_constants_sync.py add missing EOL at EOF --- tests/browser/test_corpus_decoder.py | 214 +++++++++++++-------------- tests/test_tlv_constants_sync.py | 2 +- 2 files changed, 108 insertions(+), 108 deletions(-) diff --git a/tests/browser/test_corpus_decoder.py b/tests/browser/test_corpus_decoder.py index 6ed7118e..0b9d3cfd 100644 --- a/tests/browser/test_corpus_decoder.py +++ b/tests/browser/test_corpus_decoder.py @@ -63,110 +63,110 @@ def test_upload_repository_corpus(tmp_path: Path) -> None: @pytest.mark.skipif(sync_playwright is None, reason="Playwright not installed") @pytest.mark.parametrize("scheme", ["light", "dark"]) def test_accessibility_after_upload_in_light_and_dark(tmp_path: Path, scheme: Literal["light", "dark"]) -> None: - """Basic accessibility smoke: after upload, key elements are visible in both schemes. - - This test toggles prefers-color-scheme and checks that: - - The dark/light CSS actually applies (by inspecting body background color in dark) - - Headings and summary items remain present - - A coarse contrast check (>= 3.0) passes between body background and heading text - to catch regressions where text becomes unreadable. - """ - html_path = tmp_path / "index.html" - generate_html(html_path) - - corpus_path = _example_corpus() - expected_tlvs = _expected_tlvs(corpus_path) - - file_url = html_path.resolve().as_uri() - - if sync_playwright is None: - pytest.skip("Playwright not installed") - - with sync_playwright() as playwright: - browser = playwright.chromium.launch() - page = browser.new_page() - page.emulate_media(color_scheme=scheme) # Apply requested color scheme - page.goto(file_url) - - # Upload corpus and wait for summary - page.set_input_files("#corpus-input", str(corpus_path)) - page.wait_for_selector(f"text=Decoded {expected_tlvs} TLVs successfully.") - - # Verify headings and summary exist - assert page.locator("header h1").count() == 1 - assert page.locator("#summary-count").inner_text().strip() == str(expected_tlvs) - - # Page-wide contrast sweep over visible text nodes; collect failures (< 3.0) - results = page.evaluate( - r""" - () => { - function parseColor(c) { - const m = c.match(/rgba?\((\d+),\s*(\d+),\s*(\d+)(?:,\s*([0-9.]+))?\)/); - if (!m) return {r:0,g:0,b:0,a:1}; - return { r: +m[1], g: +m[2], b: +m[3], a: m[4] === undefined ? 1 : +m[4] }; - } - function blend(top, bottom) { - // Alpha composite 'top' over 'bottom'; both are {r,g,b,a} with a in [0,1] - const a = top.a + bottom.a * (1 - top.a); - const r = Math.round((top.r * top.a + bottom.r * bottom.a * (1 - top.a)) / (a || 1)); - const g = Math.round((top.g * top.a + bottom.g * bottom.a * (1 - top.a)) / (a || 1)); - const b = Math.round((top.b * top.a + bottom.b * bottom.a * (1 - top.a)) / (a || 1)); - return { r, g, b, a: 1 }; - } - function srgbToLin(v) { - v /= 255; - return v <= 0.04045 ? v/12.92 : Math.pow((v + 0.055)/1.055, 2.4); - } - function relLuma({r,g,b}) { - const R = srgbToLin(r), G = srgbToLin(g), B = srgbToLin(b); - return 0.2126*R + 0.7152*G + 0.0722*B; - } - function isVisible(el) { - const cs = getComputedStyle(el); - const rect = el.getBoundingClientRect(); - return rect.width > 0 && rect.height > 0 && cs.visibility !== 'hidden' && cs.display !== 'none' && parseFloat(cs.opacity) > 0.05; - } - function bodyBg() { - let b = parseColor(getComputedStyle(document.body).backgroundColor); - if (b.a === 0) b = { r: 255, g: 255, b: 255, a: 1 }; - return b; - } - function effectiveBackground(el) { - if (!el) return bodyBg(); - const cs = getComputedStyle(el); - const bg = parseColor(cs.backgroundColor); - if (bg.a === 0) return effectiveBackground(el.parentElement); - const parentBg = effectiveBackground(el.parentElement); - if (bg.a >= 1) return bg; - return blend(bg, parentBg); - } - const nodes = Array.from(document.querySelectorAll('*')); - const failures = []; - let scanned = 0; - for (const el of nodes) { - if (!isVisible(el)) continue; - const text = (el.textContent || '').trim(); - if (!text) continue; - const cs = getComputedStyle(el); - let fg = parseColor(cs.color); - const bg = effectiveBackground(el); - if (fg.a === 0) continue; // fully transparent text - if (fg.a < 1) fg = blend(fg, bg); - const L1 = relLuma(fg); - const L2 = relLuma(bg); - const contrast = (Math.max(L1,L2)+0.05) / (Math.min(L1,L2)+0.05); - scanned += 1; - if (contrast < 3.0) { - failures.push({ tag: el.tagName.toLowerCase(), text: text.slice(0, 60), contrast: Math.round(contrast*100)/100 }); - } - } - return { scanned, failures, minContrast: failures.length ? Math.min(...failures.map(f=>f.contrast)) : null }; - } - """ - ) - assert results and isinstance(results, dict) - assert results.get("scanned", 0) > 0 - failed = results.get("failures", []) - assert not failed, f"Low contrast elements in {scheme} mode: {failed[:3]}{(' …' if len(failed) > 3 else '')}" - - browser.close() + """Basic accessibility smoke: after upload, key elements are visible in both schemes. + + This test toggles prefers-color-scheme and checks that: + - The dark/light CSS actually applies (by inspecting body background color in dark) + - Headings and summary items remain present + - A coarse contrast check (>= 3.0) passes between body background and heading text + to catch regressions where text becomes unreadable. + """ + html_path = tmp_path / "index.html" + generate_html(html_path) + + corpus_path = _example_corpus() + expected_tlvs = _expected_tlvs(corpus_path) + + file_url = html_path.resolve().as_uri() + + if sync_playwright is None: + pytest.skip("Playwright not installed") + + with sync_playwright() as playwright: + browser = playwright.chromium.launch() + page = browser.new_page() + page.emulate_media(color_scheme=scheme) # Apply requested color scheme + page.goto(file_url) + + # Upload corpus and wait for summary + page.set_input_files("#corpus-input", str(corpus_path)) + page.wait_for_selector(f"text=Decoded {expected_tlvs} TLVs successfully.") + + # Verify headings and summary exist + assert page.locator("header h1").count() == 1 + assert page.locator("#summary-count").inner_text().strip() == str(expected_tlvs) + + # Page-wide contrast sweep over visible text nodes; collect failures (< 3.0) + results = page.evaluate( + r""" + () => { + function parseColor(c) { + const m = c.match(/rgba?\((\d+),\s*(\d+),\s*(\d+)(?:,\s*([0-9.]+))?\)/); + if (!m) return {r:0,g:0,b:0,a:1}; + return { r: +m[1], g: +m[2], b: +m[3], a: m[4] === undefined ? 1 : +m[4] }; + } + function blend(top, bottom) { + // Alpha composite 'top' over 'bottom'; both are {r,g,b,a} with a in [0,1] + const a = top.a + bottom.a * (1 - top.a); + const r = Math.round((top.r * top.a + bottom.r * bottom.a * (1 - top.a)) / (a || 1)); + const g = Math.round((top.g * top.a + bottom.g * bottom.a * (1 - top.a)) / (a || 1)); + const b = Math.round((top.b * top.a + bottom.b * bottom.a * (1 - top.a)) / (a || 1)); + return { r, g, b, a: 1 }; + } + function srgbToLin(v) { + v /= 255; + return v <= 0.04045 ? v/12.92 : Math.pow((v + 0.055)/1.055, 2.4); + } + function relLuma({r,g,b}) { + const R = srgbToLin(r), G = srgbToLin(g), B = srgbToLin(b); + return 0.2126*R + 0.7152*G + 0.0722*B; + } + function isVisible(el) { + const cs = getComputedStyle(el); + const rect = el.getBoundingClientRect(); + return rect.width > 0 && rect.height > 0 && cs.visibility !== 'hidden' && cs.display !== 'none' && parseFloat(cs.opacity) > 0.05; + } + function bodyBg() { + let b = parseColor(getComputedStyle(document.body).backgroundColor); + if (b.a === 0) b = { r: 255, g: 255, b: 255, a: 1 }; + return b; + } + function effectiveBackground(el) { + if (!el) return bodyBg(); + const cs = getComputedStyle(el); + const bg = parseColor(cs.backgroundColor); + if (bg.a === 0) return effectiveBackground(el.parentElement); + const parentBg = effectiveBackground(el.parentElement); + if (bg.a >= 1) return bg; + return blend(bg, parentBg); + } + const nodes = Array.from(document.querySelectorAll('*')); + const failures = []; + let scanned = 0; + for (const el of nodes) { + if (!isVisible(el)) continue; + const text = (el.textContent || '').trim(); + if (!text) continue; + const cs = getComputedStyle(el); + let fg = parseColor(cs.color); + const bg = effectiveBackground(el); + if (fg.a === 0) continue; // fully transparent text + if (fg.a < 1) fg = blend(fg, bg); + const L1 = relLuma(fg); + const L2 = relLuma(bg); + const contrast = (Math.max(L1,L2)+0.05) / (Math.min(L1,L2)+0.05); + scanned += 1; + if (contrast < 3.0) { + failures.push({ tag: el.tagName.toLowerCase(), text: text.slice(0, 60), contrast: Math.round(contrast*100)/100 }); + } + } + return { scanned, failures, minContrast: failures.length ? Math.min(...failures.map(f=>f.contrast)) : null }; + } + """ + ) + assert results and isinstance(results, dict) + assert results.get("scanned", 0) > 0 + failed = results.get("failures", []) + assert not failed, f"Low contrast elements in {scheme} mode: {failed[:3]}{(' …' if len(failed) > 3 else '')}" + + browser.close() diff --git a/tests/test_tlv_constants_sync.py b/tests/test_tlv_constants_sync.py index ae68e42a..a092d33e 100644 --- a/tests/test_tlv_constants_sync.py +++ b/tests/test_tlv_constants_sync.py @@ -103,4 +103,4 @@ def test_tlv_constants_are_in_sync() -> None: + ", ".join( f"{python_by_value[value]} ({value})" for value in extra_value_ids ) - ) \ No newline at end of file + ) From 9702b25e0de133cb33ace4d864e05af5ca5ebc51 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 19:36:49 +0200 Subject: [PATCH 24/86] try dropping actions/setup-python to install 3.12 3.12 is preinstalled on the ubuntu-latest runner: https://packages.ubuntu.com/noble/python3 Also pyproject.toml requires anything between 3.9 and 4.0. This suggests that this step and pinning to 3.12 isn't necessary in the foreseeable future. --- .github/workflows/build.yml | 5 ----- .github/workflows/pages-ci.yml | 5 ----- .github/workflows/pages.yml | 5 ----- 3 files changed, 15 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 966289dd..bddbe7c1 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -44,11 +44,6 @@ jobs: with: persist-credentials: false - - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 - with: - python-version: '3.12' - - name: Install test dependencies run: | python -m pip install --upgrade pip diff --git a/.github/workflows/pages-ci.yml b/.github/workflows/pages-ci.yml index a16ee412..9007ae24 100644 --- a/.github/workflows/pages-ci.yml +++ b/.github/workflows/pages-ci.yml @@ -19,11 +19,6 @@ jobs: with: persist-credentials: false - - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 - with: - python-version: "3.12" - - name: Install dependencies run: | python -m pip install --upgrade pip diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 41e5ab1b..b0d434bf 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -21,11 +21,6 @@ jobs: with: persist-credentials: false - - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 - with: - python-version: "3.12" - - name: Install dependencies run: | python -m pip install --upgrade pip From c36f41d4d7d82a81f7ccee77cb4d4fcfbbdd00dd Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 20:03:12 +0200 Subject: [PATCH 25/86] build.yml formatting --- .github/workflows/build.yml | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bddbe7c1..0eeb8055 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,26 +32,10 @@ jobs: sudo apt-get -o Dpkg::Use-Pty=0 update sudo rm -f /var/lib/man-db/auto-update sudo apt-get -o Dpkg::Use-Pty=0 install -y cmake clang ninja-build + - name: Compile deps target run: ./scripts/compile_target.sh deps - PythonTests: - name: 'Python tests' - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - persist-credentials: false - - - name: Install test dependencies - run: | - python -m pip install --upgrade pip - pip install pytest - - - name: Run TLV constants sync test - run: pytest tests/test_tlv_constants_sync.py - Mainline: name: 'Mainline' strategy: @@ -79,3 +63,20 @@ jobs: # test with different "sanitizers" SANITIZER: ${{ matrix.sanitizer }} run: ./mainline.sh + + PythonTests: + name: 'Python tests' + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + + - name: Install test dependencies + run: | + python -m pip install --upgrade pip + pip install pytest + + - name: Run TLV constants sync test + run: pytest tests/test_tlv_constants_sync.py From 93cb739718e3d34ebcb3c01656cdb577acf16c6d Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 20:03:49 +0200 Subject: [PATCH 26/86] build.yml formatting 2 --- .github/workflows/build.yml | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0eeb8055..4ba32f76 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -17,8 +17,14 @@ concurrency: permissions: {} jobs: - just_dependencies: - name: 'Just dependencies' + Mainline: + name: 'Mainline' + strategy: + matrix: + sanitizer: + - address + - memory + runs-on: ubuntu-latest steps: - name: Checkout @@ -33,17 +39,14 @@ jobs: sudo rm -f /var/lib/man-db/auto-update sudo apt-get -o Dpkg::Use-Pty=0 install -y cmake clang ninja-build - - name: Compile deps target - run: ./scripts/compile_target.sh deps - - Mainline: - name: 'Mainline' - strategy: - matrix: - sanitizer: - - address - - memory + - name: Compile mainline + env: + # test with different "sanitizers" + SANITIZER: ${{ matrix.sanitizer }} + run: ./mainline.sh + just_dependencies: + name: 'Just dependencies' runs-on: ubuntu-latest steps: - name: Checkout @@ -58,11 +61,8 @@ jobs: sudo rm -f /var/lib/man-db/auto-update sudo apt-get -o Dpkg::Use-Pty=0 install -y cmake clang ninja-build - - name: Compile mainline - env: - # test with different "sanitizers" - SANITIZER: ${{ matrix.sanitizer }} - run: ./mainline.sh + - name: Compile deps target + run: ./scripts/compile_target.sh deps PythonTests: name: 'Python tests' From 58aa9e8c626a2f1a091ca00ca545000f8a2d7108 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 20:07:08 +0200 Subject: [PATCH 27/86] yamllint fix indentation, spacing --- .github/workflows/ci.yml | 48 ++++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 04fee732..66cac341 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,28 +42,28 @@ jobs: name: 'Build fuzzers' runs-on: ubuntu-latest steps: - # Use the CIFuzz job to test the repository. - - name: Build Fuzzers - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master # zizmor: ignore[unpinned-uses] - with: - oss-fuzz-project-name: 'curl' - dry-run: false - keep-unaffected-fuzz-targets: true + # Use the CIFuzz job to test the repository. + - name: Build Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master # zizmor: ignore[unpinned-uses] + with: + oss-fuzz-project-name: 'curl' + dry-run: false + keep-unaffected-fuzz-targets: true - # Archive the fuzzer output (which maintains permissions) - - name: Create fuzz tar - run: tar cvf fuzz.tar build-out/ + # Archive the fuzzer output (which maintains permissions) + - name: Create fuzz tar + run: tar cvf fuzz.tar build-out/ - # Upload the fuzzer output - - name: Archive fuzz tar - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 - with: - name: fuzz_tar - path: fuzz.tar + # Upload the fuzzer output + - name: Archive fuzz tar + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: fuzz_tar + path: fuzz.tar RunFuzzers: name: 'Run fuzzers' - needs: [ BuildFuzzers, DetermineMatrix ] + needs: [BuildFuzzers, DetermineMatrix] runs-on: ubuntu-latest strategy: matrix: ${{ fromJSON(needs.DetermineMatrix.outputs.matrix) }} @@ -95,10 +95,10 @@ jobs: name: 'Test i386' runs-on: ubuntu-latest steps: - - name: Build Fuzzers - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master # zizmor: ignore[unpinned-uses] - with: - oss-fuzz-project-name: 'curl' - dry-run: false - keep-unaffected-fuzz-targets: true - architecture: 'i386' + - name: Build Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master # zizmor: ignore[unpinned-uses] + with: + oss-fuzz-project-name: 'curl' + dry-run: false + keep-unaffected-fuzz-targets: true + architecture: 'i386' From 5d249090d0f8f928ab3838f4dfee4f4a5b6cb0a4 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 20:07:58 +0200 Subject: [PATCH 28/86] yamllint fix more --- .github/workflows/build.yml | 1 + .github/workflows/ci.yml | 1 + .github/workflows/pages-ci.yml | 2 +- .github/workflows/pages.yml | 2 +- 4 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4ba32f76..8d704351 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,4 +1,5 @@ name: Build + 'on': push: branches: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 66cac341..55da2035 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,5 @@ name: CI + 'on': push: branches: diff --git a/.github/workflows/pages-ci.yml b/.github/workflows/pages-ci.yml index 9007ae24..3f3e959b 100644 --- a/.github/workflows/pages-ci.yml +++ b/.github/workflows/pages-ci.yml @@ -1,6 +1,6 @@ name: Playwright browser test for corpus decoder -on: +'on': push: branches: [master] pull_request: diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index b0d434bf..df34632c 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -1,6 +1,6 @@ name: Deploy decoder to GitHub Pages -on: +'on': push: branches: [master] workflow_dispatch: From 85166629213c975c6b977d37e82756b2ca380d2b Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 23 Oct 2025 20:10:14 +0200 Subject: [PATCH 29/86] add comment --- .github/workflows/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 55da2035..f0e7316a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,3 +1,5 @@ +# Workflow used by curl/curl + name: CI 'on': From 3c55bfca9554d09b0da69fd09b798d27e4f19a24 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Fri, 24 Oct 2025 02:57:08 +0200 Subject: [PATCH 30/86] format like other workflows --- .github/workflows/pages-ci.yml | 6 ++++-- .github/workflows/pages.yml | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pages-ci.yml b/.github/workflows/pages-ci.yml index 3f3e959b..17017b5d 100644 --- a/.github/workflows/pages-ci.yml +++ b/.github/workflows/pages-ci.yml @@ -2,9 +2,11 @@ name: Playwright browser test for corpus decoder 'on': push: - branches: [master] + branches: + - master pull_request: - branches: [master] + branches: + - master workflow_dispatch: permissions: {} diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index df34632c..eaf1d712 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -2,7 +2,8 @@ name: Deploy decoder to GitHub Pages 'on': push: - branches: [master] + branches: + - master workflow_dispatch: concurrency: From f5dbde0edcc6a5b7bcb2d9beb4b38db5a91a34c1 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Fri, 24 Oct 2025 02:57:42 +0200 Subject: [PATCH 31/86] format like other workflows 2, drop main from local workflow --- .github/workflows/build.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8d704351..bf6370cd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -4,12 +4,9 @@ name: Build push: branches: - master - - main - - '*/ci' pull_request: branches: - master - - main concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} From 1b0f8db422b48f33d5a0dcb01b6af44d0d72de39 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Fri, 24 Oct 2025 14:21:28 +0200 Subject: [PATCH 32/86] set/ignore concurrency limits for zizmor 1.16.0 --- .github/workflows/codeql.yml | 3 ++- .github/workflows/pages-ci.yml | 4 ++++ .github/workflows/pages.yml | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c7c2e70c..ea70a9c4 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -11,7 +11,8 @@ name: 'CodeQL' - cron: '0 0 * * 4' concurrency: - group: ${{ github.workflow }} + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true permissions: {} diff --git a/.github/workflows/pages-ci.yml b/.github/workflows/pages-ci.yml index 17017b5d..c46676ba 100644 --- a/.github/workflows/pages-ci.yml +++ b/.github/workflows/pages-ci.yml @@ -9,6 +9,10 @@ name: Playwright browser test for corpus decoder - master workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + permissions: {} jobs: diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index eaf1d712..37f54eaa 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -8,7 +8,7 @@ name: Deploy decoder to GitHub Pages concurrency: group: "pages" - cancel-in-progress: false + cancel-in-progress: false # zizmor: ignore[concurrency-limits] permissions: {} From f0f7dc3fd8e51f7b3c87d06fb0e59cf86581a312 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Fri, 24 Oct 2025 14:22:06 +0200 Subject: [PATCH 33/86] pages.yml replace hard-coded string with gh variable --- .github/workflows/pages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 37f54eaa..f396081a 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -7,7 +7,7 @@ name: Deploy decoder to GitHub Pages workflow_dispatch: concurrency: - group: "pages" + group: ${{ github.workflow }} cancel-in-progress: false # zizmor: ignore[concurrency-limits] permissions: {} From 7bad78c913852b7c105f51a5c7137bebe0d5d335 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 15:43:46 +0100 Subject: [PATCH 34/86] use imperative in comment --- src/curl_fuzzer_tools/generate_decoder_html.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/curl_fuzzer_tools/generate_decoder_html.py b/src/curl_fuzzer_tools/generate_decoder_html.py index 36ff5fc2..045a2dcd 100644 --- a/src/curl_fuzzer_tools/generate_decoder_html.py +++ b/src/curl_fuzzer_tools/generate_decoder_html.py @@ -65,7 +65,7 @@ def main() -> Path: def run() -> None: - """Wrapper to set up logging before running the tool.""" + """Set up logging before running the tool.""" common_logging(__name__, __file__) main() From 14a975684b1de1e0191b175ea8904cd8e2c433ee Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 16:51:43 +0100 Subject: [PATCH 35/86] pages-ci.yml move pytest-playwright to pyproject.toml --- .github/workflows/pages-ci.yml | 1 - pyproject.toml | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pages-ci.yml b/.github/workflows/pages-ci.yml index c46676ba..93e45a07 100644 --- a/.github/workflows/pages-ci.yml +++ b/.github/workflows/pages-ci.yml @@ -29,7 +29,6 @@ jobs: run: | python -m pip install --upgrade pip pip install .[browser-tests] - pip install pytest pytest-playwright python -m playwright install - name: Install Playwright system dependencies diff --git a/pyproject.toml b/pyproject.toml index c734808b..0a71385f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -31,6 +31,7 @@ dependencies = [ browser-tests = [ "pytest>=8.3,<9", "playwright>=1.55,<1.56", + "pytest_playwright>=0.7.1,<0.8", ] [project.scripts] @@ -56,6 +57,7 @@ dev = [ browser-tests = [ "pytest>=8.3,<9", "playwright>=1.55,<1.56", + "pytest_playwright>=0.7.1,<0.8", ] [tool.mypy] From 43fcfc443e407b01b5eafc146817ff799925adae Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 17:02:02 +0100 Subject: [PATCH 36/86] pyproject.toml: move default set into a group, add 'python-tests' target --- .github/workflows/build.yml | 2 +- .github/workflows/pages-ci.yml | 2 +- .github/workflows/pages.yml | 2 +- pyproject.toml | 13 ++++++++++--- 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bf6370cd..e181bf1f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -74,7 +74,7 @@ jobs: - name: Install test dependencies run: | python -m pip install --upgrade pip - pip install pytest + pip install '.[python-tests]' - name: Run TLV constants sync test run: pytest tests/test_tlv_constants_sync.py diff --git a/.github/workflows/pages-ci.yml b/.github/workflows/pages-ci.yml index 93e45a07..fa4d03bf 100644 --- a/.github/workflows/pages-ci.yml +++ b/.github/workflows/pages-ci.yml @@ -28,7 +28,7 @@ jobs: - name: Install dependencies run: | python -m pip install --upgrade pip - pip install .[browser-tests] + pip install '.[browser-tests]' python -m playwright install - name: Install Playwright system dependencies diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index f396081a..275b6a60 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -25,7 +25,7 @@ jobs: - name: Install dependencies run: | python -m pip install --upgrade pip - pip install . + pip install '.[page-gen]' - name: Generate decoder HTML run: python -m curl_fuzzer_tools.generate_decoder_html diff --git a/pyproject.toml b/pyproject.toml index 0a71385f..25138579 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -22,17 +22,20 @@ classifiers = [ "Topic :: Software Development :: Testing", "Typing :: Typed", ] -dependencies = [ + +[project.optional-dependencies] +page-gen = [ "scapy (>=2.6.1,<3.0.0)", "jinja2 (>=3.1.0,<4.0.0)", ] - -[project.optional-dependencies] browser-tests = [ "pytest>=8.3,<9", "playwright>=1.55,<1.56", "pytest_playwright>=0.7.1,<0.8", ] +python-tests = [ + "pytest>=8.3,<9", +] [project.scripts] read_corpus = "curl_fuzzer_tools.read_corpus:run" @@ -54,6 +57,10 @@ dev = [ "mypy==1.18.2", "ruff==0.14.2", ] +page-gen = [ + "scapy (>=2.6.1,<3.0.0)", + "jinja2 (>=3.1.0,<4.0.0)", +] browser-tests = [ "pytest>=8.3,<9", "playwright>=1.55,<1.56", From 1f368d05b64b1fa45a8bba0e80dade7da1cde7c9 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 17:04:44 +0100 Subject: [PATCH 37/86] run ruff in ci --- .github/workflows/checksrc.yml | 7 +++++++ pyproject.toml | 3 +++ 2 files changed, 10 insertions(+) diff --git a/.github/workflows/checksrc.yml b/.github/workflows/checksrc.yml index 2a15d963..38187a0f 100644 --- a/.github/workflows/checksrc.yml +++ b/.github/workflows/checksrc.yml @@ -30,6 +30,7 @@ jobs: - name: 'install prereqs' run: | /home/linuxbrew/.linuxbrew/bin/brew install zizmor + pip install '.[ci-tests]' - name: 'zizmor GHA' env: @@ -37,3 +38,9 @@ jobs: run: | eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" zizmor --pedantic .github/workflows/*.yml + + - name: 'ruff' + run: | + ruff --version + # shellcheck disable=SC2046 + ruff check $(git ls-files '*.py') diff --git a/pyproject.toml b/pyproject.toml index 25138579..1f9b6e5a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -24,6 +24,9 @@ classifiers = [ ] [project.optional-dependencies] +ci-tests = [ + "ruff==0.14.2", +] page-gen = [ "scapy (>=2.6.1,<3.0.0)", "jinja2 (>=3.1.0,<4.0.0)", From f405dbb7147c4efa334a3feca12b11682e0dc509 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 17:11:16 +0100 Subject: [PATCH 38/86] use imperative in comment more --- src/curl_fuzzer_tools/corpus.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/curl_fuzzer_tools/corpus.py b/src/curl_fuzzer_tools/corpus.py index 0a411bbd..fc5f8ec5 100644 --- a/src/curl_fuzzer_tools/corpus.py +++ b/src/curl_fuzzer_tools/corpus.py @@ -550,7 +550,7 @@ def write_mimepart(self, namevalue: str) -> None: def encode_tlv( self, tlv_type: int, tlv_length: int, tlv_data: Optional[bytes] = None ) -> bytes: - """Encodes the Type, Length, and Value into a bytes array""" + """Encode the Type, Length, and Value into a bytes array""" log.debug( "Encoding TLV %r, length %d, data %r", self.TYPEMAP.get(tlv_type, ""), @@ -568,7 +568,7 @@ def encode_tlv( def write_tlv( self, tlv_type: int, tlv_length: int, tlv_data: Optional[bytes] = None ) -> None: - """Writes an encoded TLV to the output as bytes""" + """Write an encoded TLV to the output as bytes""" log.debug( "Writing TLV %r, length %d, data %r", self.TYPEMAP.get(tlv_type, ""), From cdb44a4bff47265dc54cb55201f4f34113ba442e Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 17:13:04 +0100 Subject: [PATCH 39/86] fix minor ruff issues, drop exception --- pyproject.toml | 1 - src/curl_fuzzer_tools/corpus_to_pcap.py | 2 +- src/curl_fuzzer_tools/generate_corpus.py | 2 +- src/curl_fuzzer_tools/generate_matrix.py | 2 +- src/curl_fuzzer_tools/read_corpus.py | 2 +- 5 files changed, 4 insertions(+), 5 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 1f9b6e5a..6a9471e7 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -97,7 +97,6 @@ extend-select = [ ignore = [ "D400", - "D401", "D415" ] diff --git a/src/curl_fuzzer_tools/corpus_to_pcap.py b/src/curl_fuzzer_tools/corpus_to_pcap.py index 08af5b49..e22d20c6 100644 --- a/src/curl_fuzzer_tools/corpus_to_pcap.py +++ b/src/curl_fuzzer_tools/corpus_to_pcap.py @@ -74,7 +74,7 @@ def corpus_to_pcap(args: argparse.Namespace) -> None: def main() -> None: - """Main function""" + """Begin main function""" parser = argparse.ArgumentParser() parser.add_argument("--input", required=True) parser.add_argument("--output", required=True) diff --git a/src/curl_fuzzer_tools/generate_corpus.py b/src/curl_fuzzer_tools/generate_corpus.py index 47185c29..be05248f 100755 --- a/src/curl_fuzzer_tools/generate_corpus.py +++ b/src/curl_fuzzer_tools/generate_corpus.py @@ -131,7 +131,7 @@ def generate_corpus(args: argparse.Namespace) -> None: def main() -> None: - """Main function""" + """Begin main function""" parser = argparse.ArgumentParser() parser.add_argument("--output", required=True) parser.add_argument("--url", required=True) diff --git a/src/curl_fuzzer_tools/generate_matrix.py b/src/curl_fuzzer_tools/generate_matrix.py index 5a199624..d6e03d01 100644 --- a/src/curl_fuzzer_tools/generate_matrix.py +++ b/src/curl_fuzzer_tools/generate_matrix.py @@ -9,7 +9,7 @@ log = logging.getLogger(__name__) def main() -> None: - """Main function""" + """Begin main function""" # Get FUZZ_TARGETS from the environment fuzz_targets = os.getenv("FUZZ_TARGETS", "") log.info("Fuzz targets: %s", fuzz_targets) diff --git a/src/curl_fuzzer_tools/read_corpus.py b/src/curl_fuzzer_tools/read_corpus.py index 04585971..80eba501 100755 --- a/src/curl_fuzzer_tools/read_corpus.py +++ b/src/curl_fuzzer_tools/read_corpus.py @@ -21,7 +21,7 @@ def read_corpus(corpus_file: Path) -> None: def main() -> None: - """Main function""" + """Begin main function""" parser = argparse.ArgumentParser() parser.add_argument( "input", From 9c4c0437bcbae94a1e6c848803926d280e30cb2d Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 17:16:54 +0100 Subject: [PATCH 40/86] fix more minor ruff issues, drop another exception --- pyproject.toml | 1 - src/curl_fuzzer_tools/corpus.py | 42 ++++++++++++------------ src/curl_fuzzer_tools/corpus_to_pcap.py | 2 +- src/curl_fuzzer_tools/curl_test_data.py | 8 ++--- src/curl_fuzzer_tools/generate_corpus.py | 2 +- src/curl_fuzzer_tools/generate_matrix.py | 6 ++-- src/curl_fuzzer_tools/logger.py | 2 +- src/curl_fuzzer_tools/read_corpus.py | 2 +- 8 files changed, 32 insertions(+), 33 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 6a9471e7..cb085b6f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -97,7 +97,6 @@ extend-select = [ ignore = [ "D400", - "D415" ] [tool.ruff.format] diff --git a/src/curl_fuzzer_tools/corpus.py b/src/curl_fuzzer_tools/corpus.py index fc5f8ec5..5b0a6d90 100644 --- a/src/curl_fuzzer_tools/corpus.py +++ b/src/curl_fuzzer_tools/corpus.py @@ -1,4 +1,4 @@ -"""Common corpus functions""" +"""Common corpus functions.""" import logging import struct @@ -11,7 +11,7 @@ class BaseType(object): - """Known TLV types""" + """Known TLV types.""" TYPE_URL = 1 TYPE_RSP0 = 2 @@ -484,41 +484,41 @@ class BaseType(object): class TLVEncoder(BaseType): - """Class for encoding TLVs""" + """Class for encoding TLVs.""" def __init__(self, output: BinaryIO, test_data: TestData) -> None: - """Create a TLVEncoder object""" + """Create a TLVEncoder object.""" self.output = output self.test_data = test_data def write_string(self, tlv_type: int, wstring: str) -> None: - """Write a string TLV to the output""" + """Write a string TLV to the output.""" data = wstring.encode("utf-8") self.write_tlv(tlv_type, len(data), data) def write_u32(self, tlv_type: int, num: int) -> None: - """Write an unsigned 32-bit integer TLV to the output""" + """Write an unsigned 32-bit integer TLV to the output.""" data = struct.pack("!L", num) self.write_tlv(tlv_type, len(data), data) def write_bytes(self, tlv_type: int, bytedata: bytes) -> None: - """Write a bytes TLV to the output""" + """Write a bytes TLV to the output.""" self.write_tlv(tlv_type, len(bytedata), bytedata) def maybe_write_string(self, tlv_type: int, wstring: Optional[str]) -> None: - """Write a string TLV to the output if specified""" + """Write a string TLV to the output if specified.""" if wstring is not None: self.write_string(tlv_type, wstring) def maybe_write_u32(self, tlv_type: int, num: Optional[int]) -> None: - """Write an unsigned 32-bit integer TLV to the output if specified""" + """Write an unsigned 32-bit integer TLV to the output if specified.""" if num is not None: self.write_u32(tlv_type, num) def maybe_write_response( self, rsp_type: int, rsp: Optional[str], rsp_file: Optional[Path], rsp_test: int ) -> None: - """Write a response TLV to the output if specified""" + """Write a response TLV to the output if specified.""" if rsp: self.write_bytes(rsp_type, rsp.encode("utf-8")) elif rsp_file: @@ -529,7 +529,7 @@ def maybe_write_response( self.write_bytes(rsp_type, wstring.encode("utf-8")) def write_mimepart(self, namevalue: str) -> None: - """Write a MIME part TLV to the output""" + """Write a MIME part TLV to the output.""" (name, value) = namevalue.split(":", 1) # Create some mimepart TLVs for the name and value @@ -550,7 +550,7 @@ def write_mimepart(self, namevalue: str) -> None: def encode_tlv( self, tlv_type: int, tlv_length: int, tlv_data: Optional[bytes] = None ) -> bytes: - """Encode the Type, Length, and Value into a bytes array""" + """Encode the Type, Length, and Value into a bytes array.""" log.debug( "Encoding TLV %r, length %d, data %r", self.TYPEMAP.get(tlv_type, ""), @@ -568,7 +568,7 @@ def encode_tlv( def write_tlv( self, tlv_type: int, tlv_length: int, tlv_data: Optional[bytes] = None ) -> None: - """Write an encoded TLV to the output as bytes""" + """Write an encoded TLV to the output as bytes.""" log.debug( "Writing TLV %r, length %d, data %r", self.TYPEMAP.get(tlv_type, ""), @@ -581,13 +581,13 @@ def write_tlv( class TLVContents(BaseType): - """Class for TLV contents""" + """Class for TLV contents.""" TLV_DECODE_FMT = "!HL" TLV_DECODE_FMT_LEN = struct.calcsize(TLV_DECODE_FMT) def __init__(self, data: bytes) -> None: - """Create a TLVContents object""" + """Create a TLVContents object.""" # Parse the data to populate the TLV fields (stype, slen) = struct.unpack( self.TLV_DECODE_FMT, data[0 : self.TLV_DECODE_FMT_LEN] @@ -601,7 +601,7 @@ def __init__(self, data: bytes) -> None: ] def __repr__(self) -> str: - """Return a string representation of the TLVContents object""" + """Return a string representation of the TLVContents object.""" stype = self.TYPEMAP.get(self.type, "") return ( f"{self.__class__.__name__}(type={stype!r} ({self.type!r}), " @@ -609,27 +609,27 @@ def __repr__(self) -> str: ) def total_length(self) -> int: - """Return the total length of the TLV, including the header""" + """Return the total length of the TLV, including the header.""" return self.TLV_DECODE_FMT_LEN + self.length class TLVDecoder(BaseType): - """Class for decoding TLVs""" + """Class for decoding TLVs.""" def __init__(self, inputdata: bytes) -> None: - """Create a TLVDecoder object""" + """Create a TLVDecoder object.""" self.inputdata = inputdata self.pos = 0 self.tlv: Optional["TLVContents"] = None def __iter__(self) -> "TLVDecoder": - """Return an iterator for the TLVs""" + """Return an iterator for the TLVs.""" self.pos = 0 self.tlv = None return self def __next__(self) -> "TLVContents": - """Return the next TLV in the input data""" + """Return the next TLV in the input data.""" if self.tlv: self.pos += self.tlv.total_length() diff --git a/src/curl_fuzzer_tools/corpus_to_pcap.py b/src/curl_fuzzer_tools/corpus_to_pcap.py index e22d20c6..2e9af2dd 100644 --- a/src/curl_fuzzer_tools/corpus_to_pcap.py +++ b/src/curl_fuzzer_tools/corpus_to_pcap.py @@ -74,7 +74,7 @@ def corpus_to_pcap(args: argparse.Namespace) -> None: def main() -> None: - """Begin main function""" + """Begin main function.""" parser = argparse.ArgumentParser() parser.add_argument("--input", required=True) parser.add_argument("--output", required=True) diff --git a/src/curl_fuzzer_tools/curl_test_data.py b/src/curl_fuzzer_tools/curl_test_data.py index f4cbfc4d..b8945626 100755 --- a/src/curl_fuzzer_tools/curl_test_data.py +++ b/src/curl_fuzzer_tools/curl_test_data.py @@ -19,7 +19,7 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # -"""Module for extracting test data from the test data folder""" +"""Module for extracting test data from the test data folder.""" from __future__ import absolute_import, division, print_function, unicode_literals @@ -34,14 +34,14 @@ class TestData(object): - """Class for extracting test data from the curl test data folder""" + """Class for extracting test data from the curl test data folder.""" def __init__(self, data_folder: Path) -> None: - """Create a TestData object""" + """Create a TestData object.""" self.data_folder = data_folder def get_test_data(self, test_number: int) -> str: - """Get the test data for a given test number""" + """Get the test data for a given test number.""" # Create the test file name filename = self.data_folder / f"test{test_number}" diff --git a/src/curl_fuzzer_tools/generate_corpus.py b/src/curl_fuzzer_tools/generate_corpus.py index be05248f..6350ae20 100755 --- a/src/curl_fuzzer_tools/generate_corpus.py +++ b/src/curl_fuzzer_tools/generate_corpus.py @@ -131,7 +131,7 @@ def generate_corpus(args: argparse.Namespace) -> None: def main() -> None: - """Begin main function""" + """Begin main function.""" parser = argparse.ArgumentParser() parser.add_argument("--output", required=True) parser.add_argument("--url", required=True) diff --git a/src/curl_fuzzer_tools/generate_matrix.py b/src/curl_fuzzer_tools/generate_matrix.py index d6e03d01..a549a27f 100644 --- a/src/curl_fuzzer_tools/generate_matrix.py +++ b/src/curl_fuzzer_tools/generate_matrix.py @@ -1,5 +1,5 @@ #!/usr/bin/env python3 -"""Generate a matrix of fuzzers for Github Actions""" +"""Generate a matrix of fuzzers for Github Actions.""" import json import logging @@ -9,7 +9,7 @@ log = logging.getLogger(__name__) def main() -> None: - """Begin main function""" + """Begin main function.""" # Get FUZZ_TARGETS from the environment fuzz_targets = os.getenv("FUZZ_TARGETS", "") log.info("Fuzz targets: %s", fuzz_targets) @@ -27,7 +27,7 @@ def main() -> None: print(f"matrix={json.dumps(output_data)}") def run() -> None: - """Run the main function""" + """Run the main function.""" logging.basicConfig(level=logging.INFO, stream=sys.stderr) main() diff --git a/src/curl_fuzzer_tools/logger.py b/src/curl_fuzzer_tools/logger.py index edf08c1e..a67c2fe5 100644 --- a/src/curl_fuzzer_tools/logger.py +++ b/src/curl_fuzzer_tools/logger.py @@ -1,4 +1,4 @@ -"""Common logging functionality""" +"""Common logging functionality.""" import logging import sys diff --git a/src/curl_fuzzer_tools/read_corpus.py b/src/curl_fuzzer_tools/read_corpus.py index 80eba501..9554cd9f 100755 --- a/src/curl_fuzzer_tools/read_corpus.py +++ b/src/curl_fuzzer_tools/read_corpus.py @@ -21,7 +21,7 @@ def read_corpus(corpus_file: Path) -> None: def main() -> None: - """Begin main function""" + """Begin main function.""" parser = argparse.ArgumentParser() parser.add_argument( "input", From b707d40f82ad72b15897adfc4e3fdc44896b2660 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 17:17:35 +0100 Subject: [PATCH 41/86] ruff drop the last exception, no longer triggering --- pyproject.toml | 1 - 1 file changed, 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index cb085b6f..e17c20b2 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -96,7 +96,6 @@ extend-select = [ ] ignore = [ - "D400", ] [tool.ruff.format] From 85a674d5300b8852ba68a5d3b81b66c3aa433ccf Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 17:18:38 +0100 Subject: [PATCH 42/86] ruff: drop setting causing 2 configuration conflict warnings ``` warning: `incorrect-blank-line-before-class` (D203) and `no-blank-line-before-class` (D211) are incompatible. Ignoring `incorrect-blank-line-before-class`. warning: `multi-line-summary-first-line` (D212) and `multi-line-summary-second-line` (D213) are incompatible. Ignoring `multi-line-summary-second-line`. ``` --- pyproject.toml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index e17c20b2..331bc77d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -91,12 +91,6 @@ indent-width = 4 target-version = "py39" [tool.ruff.lint] -extend-select = [ - "D" # pydocstyle -] - -ignore = [ -] [tool.ruff.format] # Like Black, use double quotes for strings. From b384d7e4a8b13a1abeb3beedac0a91305df64af6 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 17:22:08 +0100 Subject: [PATCH 43/86] ruff: sync config with other curl repos --- pyproject.toml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pyproject.toml b/pyproject.toml index 331bc77d..4af35ccb 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -92,6 +92,13 @@ target-version = "py39" [tool.ruff.lint] +extend-select = [ + "B007","B016","C405","C416","COM818", + "D200","D213","D204","D401","D415", + "FURB129","N818","PERF401","PERF403","PIE790","PIE808","PLW0127", + "Q004","RUF010","SIM101","SIM117","SIM118","TRY400","TRY401" +] + [tool.ruff.format] # Like Black, use double quotes for strings. quote-style = "double" From 594255602332588d8eccb8ca73cc4758d7e92533 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 17:22:48 +0100 Subject: [PATCH 44/86] generate_corpus.py fix two ruff warnings ``` PIE808 [*] Unnecessary `start` argument in `range` --> src/curl_fuzzer_tools/generate_corpus.py:178:21 | 176 | upload1.add_argument("--upload1file") 177 | 178 | for ii in range(0, 11): | ^ 179 | group = parser.add_mutually_exclusive_group() 180 | group.add_argument("--rsp{0}".format(ii)) | help: Remove `start` argument PIE808 [*] Unnecessary `start` argument in `range` --> src/curl_fuzzer_tools/generate_corpus.py:184:21 | 182 | group.add_argument("--rsp{0}test".format(ii), type=int) 183 | 184 | for ii in range(0, 2): | ^ 185 | group = parser.add_mutually_exclusive_group() 186 | group.add_argument("--secrsp{0}".format(ii)) | help: Remove `start` argument ``` --- src/curl_fuzzer_tools/generate_corpus.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/curl_fuzzer_tools/generate_corpus.py b/src/curl_fuzzer_tools/generate_corpus.py index 6350ae20..37fa272c 100755 --- a/src/curl_fuzzer_tools/generate_corpus.py +++ b/src/curl_fuzzer_tools/generate_corpus.py @@ -175,13 +175,13 @@ def main() -> None: upload1.add_argument("--upload1") upload1.add_argument("--upload1file") - for ii in range(0, 11): + for ii in range(11): group = parser.add_mutually_exclusive_group() group.add_argument("--rsp{0}".format(ii)) group.add_argument("--rsp{0}file".format(ii)) group.add_argument("--rsp{0}test".format(ii), type=int) - for ii in range(0, 2): + for ii in range(2): group = parser.add_mutually_exclusive_group() group.add_argument("--secrsp{0}".format(ii)) group.add_argument("--secrsp{0}file".format(ii)) From 32dc43784babebee2d21950c5c532fa43409de7c Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 17:24:28 +0100 Subject: [PATCH 45/86] test_corpus_decoder.py fix comment to pass ruff --- tests/browser/test_corpus_decoder.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/browser/test_corpus_decoder.py b/tests/browser/test_corpus_decoder.py index 0b9d3cfd..ca93a48e 100644 --- a/tests/browser/test_corpus_decoder.py +++ b/tests/browser/test_corpus_decoder.py @@ -63,7 +63,8 @@ def test_upload_repository_corpus(tmp_path: Path) -> None: @pytest.mark.skipif(sync_playwright is None, reason="Playwright not installed") @pytest.mark.parametrize("scheme", ["light", "dark"]) def test_accessibility_after_upload_in_light_and_dark(tmp_path: Path, scheme: Literal["light", "dark"]) -> None: - """Basic accessibility smoke: after upload, key elements are visible in both schemes. + """ + Basic accessibility smoke: after upload, key elements are visible in both schemes. This test toggles prefers-color-scheme and checks that: - The dark/light CSS actually applies (by inspecting body background color in dark) From c99a1be560f22f9ace3075f32c0ae0c64156b304 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 17:27:32 +0100 Subject: [PATCH 46/86] python: sync all shebang to say `python3` --- src/curl_fuzzer_tools/corpus_to_pcap.py | 2 +- src/curl_fuzzer_tools/curl_test_data.py | 2 +- src/curl_fuzzer_tools/generate_corpus.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/curl_fuzzer_tools/corpus_to_pcap.py b/src/curl_fuzzer_tools/corpus_to_pcap.py index 2e9af2dd..b8ec2e28 100644 --- a/src/curl_fuzzer_tools/corpus_to_pcap.py +++ b/src/curl_fuzzer_tools/corpus_to_pcap.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/env python3 # """Script which converts corpus files to pcap files.""" diff --git a/src/curl_fuzzer_tools/curl_test_data.py b/src/curl_fuzzer_tools/curl_test_data.py index b8945626..d62c5341 100755 --- a/src/curl_fuzzer_tools/curl_test_data.py +++ b/src/curl_fuzzer_tools/curl_test_data.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/env python3 # -*- coding: utf-8 -*- # # Project ___| | | | _ \| | diff --git a/src/curl_fuzzer_tools/generate_corpus.py b/src/curl_fuzzer_tools/generate_corpus.py index 37fa272c..9d712cc5 100755 --- a/src/curl_fuzzer_tools/generate_corpus.py +++ b/src/curl_fuzzer_tools/generate_corpus.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/env python3 # """Simple script which generates corpus files.""" From dd807ec0f5c14f3cfd9920adb3fb4d3a172e0cde Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 17:28:50 +0100 Subject: [PATCH 47/86] generate_decoder_html.py add missing shebang --- src/curl_fuzzer_tools/generate_decoder_html.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/curl_fuzzer_tools/generate_decoder_html.py b/src/curl_fuzzer_tools/generate_decoder_html.py index 045a2dcd..a4504623 100644 --- a/src/curl_fuzzer_tools/generate_decoder_html.py +++ b/src/curl_fuzzer_tools/generate_decoder_html.py @@ -1,3 +1,4 @@ +#!/usr/bin/env python3 """Generate an interactive HTML page for decoding curl corpus files.""" from __future__ import annotations From 1de585ac502ca8647be7eea603a86e5a8d4dc3bc Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 17:29:19 +0100 Subject: [PATCH 48/86] curl_fuzzer_tools: set exec flag for runnable scripts, where missing --- src/curl_fuzzer_tools/corpus_to_pcap.py | 0 src/curl_fuzzer_tools/generate_decoder_html.py | 0 src/curl_fuzzer_tools/generate_matrix.py | 0 src/curl_fuzzer_tools/py.typed | 0 4 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 src/curl_fuzzer_tools/corpus_to_pcap.py mode change 100644 => 100755 src/curl_fuzzer_tools/generate_decoder_html.py mode change 100644 => 100755 src/curl_fuzzer_tools/generate_matrix.py delete mode 100644 src/curl_fuzzer_tools/py.typed diff --git a/src/curl_fuzzer_tools/corpus_to_pcap.py b/src/curl_fuzzer_tools/corpus_to_pcap.py old mode 100644 new mode 100755 diff --git a/src/curl_fuzzer_tools/generate_decoder_html.py b/src/curl_fuzzer_tools/generate_decoder_html.py old mode 100644 new mode 100755 diff --git a/src/curl_fuzzer_tools/generate_matrix.py b/src/curl_fuzzer_tools/generate_matrix.py old mode 100644 new mode 100755 diff --git a/src/curl_fuzzer_tools/py.typed b/src/curl_fuzzer_tools/py.typed deleted file mode 100644 index e69de29b..00000000 From a690a0e6de074abd1068fe7b36229a4396368599 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 17:30:43 +0100 Subject: [PATCH 49/86] try not upgrading pip for more determinism/security --- .github/workflows/build.yml | 1 - .github/workflows/pages-ci.yml | 1 - .github/workflows/pages.yml | 1 - 3 files changed, 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e181bf1f..13859464 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -73,7 +73,6 @@ jobs: - name: Install test dependencies run: | - python -m pip install --upgrade pip pip install '.[python-tests]' - name: Run TLV constants sync test diff --git a/.github/workflows/pages-ci.yml b/.github/workflows/pages-ci.yml index fa4d03bf..765402d8 100644 --- a/.github/workflows/pages-ci.yml +++ b/.github/workflows/pages-ci.yml @@ -27,7 +27,6 @@ jobs: - name: Install dependencies run: | - python -m pip install --upgrade pip pip install '.[browser-tests]' python -m playwright install diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 275b6a60..906c93ee 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -24,7 +24,6 @@ jobs: - name: Install dependencies run: | - python -m pip install --upgrade pip pip install '.[page-gen]' - name: Generate decoder HTML From 61c3ca634cb3dbff255f8677b55d4b91776d3d60 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 17:51:04 +0100 Subject: [PATCH 50/86] GHA tidy-un one-liner runs --- .github/workflows/build.yml | 3 +-- .github/workflows/pages-ci.yml | 3 +-- .github/workflows/pages.yml | 3 +-- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 13859464..65954e51 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -72,8 +72,7 @@ jobs: persist-credentials: false - name: Install test dependencies - run: | - pip install '.[python-tests]' + run: pip install '.[python-tests]' - name: Run TLV constants sync test run: pytest tests/test_tlv_constants_sync.py diff --git a/.github/workflows/pages-ci.yml b/.github/workflows/pages-ci.yml index 765402d8..9c5c1dc8 100644 --- a/.github/workflows/pages-ci.yml +++ b/.github/workflows/pages-ci.yml @@ -31,8 +31,7 @@ jobs: python -m playwright install - name: Install Playwright system dependencies - run: | - playwright install-deps + run: playwright install-deps - name: Run Playwright browser test run: pytest tests/browser/test_corpus_decoder.py diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 906c93ee..46285320 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -23,8 +23,7 @@ jobs: persist-credentials: false - name: Install dependencies - run: | - pip install '.[page-gen]' + run: pip install '.[page-gen]' - name: Generate decoder HTML run: python -m curl_fuzzer_tools.generate_decoder_html From de1a148373a34c38f1b372e04c0040cf8fc2412c Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 17:51:57 +0100 Subject: [PATCH 51/86] pages-ci.yml optimize apt a little --- .github/workflows/pages-ci.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pages-ci.yml b/.github/workflows/pages-ci.yml index 9c5c1dc8..1e70bfd7 100644 --- a/.github/workflows/pages-ci.yml +++ b/.github/workflows/pages-ci.yml @@ -31,7 +31,10 @@ jobs: python -m playwright install - name: Install Playwright system dependencies - run: playwright install-deps + run: | + sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list + sudo rm -f /var/lib/man-db/auto-update + playwright install-deps - name: Run Playwright browser test run: pytest tests/browser/test_corpus_decoder.py From b7b545fae558499dde5bb09ef72553494a7f2451 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 17:54:10 +0100 Subject: [PATCH 52/86] drop step name from actions/checkout To sync with other repos. --- .github/workflows/build.yml | 9 +++------ .github/workflows/ci.yml | 3 +-- .github/workflows/pages-ci.yml | 3 +-- .github/workflows/pages.yml | 3 +-- 4 files changed, 6 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 65954e51..f41309f8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,8 +25,7 @@ jobs: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false @@ -47,8 +46,7 @@ jobs: name: 'Just dependencies' runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false @@ -66,8 +64,7 @@ jobs: name: 'Python tests' runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f0e7316a..49d3fc5e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -28,8 +28,7 @@ jobs: outputs: matrix: ${{ steps.set-matrix.outputs.matrix }} steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false repository: curl/curl-fuzzer diff --git a/.github/workflows/pages-ci.yml b/.github/workflows/pages-ci.yml index 1e70bfd7..bdec2b41 100644 --- a/.github/workflows/pages-ci.yml +++ b/.github/workflows/pages-ci.yml @@ -20,8 +20,7 @@ jobs: name: 'Test pages' runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 46285320..0bf6bb95 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -17,8 +17,7 @@ jobs: name: 'Build pages' runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false From ec576697d403f861da2dfb7093caed89c1859d07 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 17:55:35 +0100 Subject: [PATCH 53/86] inline a comment --- .github/workflows/build.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f41309f8..050e1a94 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -38,8 +38,7 @@ jobs: - name: Compile mainline env: - # test with different "sanitizers" - SANITIZER: ${{ matrix.sanitizer }} + SANITIZER: '${{ matrix.sanitizer }}' # test with different "sanitizers" run: ./mainline.sh just_dependencies: From 56bd8acc0f80020858217f94ec05b547d90187d8 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 18:01:11 +0100 Subject: [PATCH 54/86] debug 1 --- .github/workflows/checksrc.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/checksrc.yml b/.github/workflows/checksrc.yml index 38187a0f..ad3d36c9 100644 --- a/.github/workflows/checksrc.yml +++ b/.github/workflows/checksrc.yml @@ -29,6 +29,9 @@ jobs: - name: 'install prereqs' run: | + echo '-------------------' + find /etc/apt/sources.list.d + echo '-------------------' /home/linuxbrew/.linuxbrew/bin/brew install zizmor pip install '.[ci-tests]' From 0391613b00cb69aefa79792e8072250c98c52b3f Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 18:02:20 +0100 Subject: [PATCH 55/86] Revert "debug 1" This reverts commit 53a54f937dc95098b784988b19d3a7e02b8ec1dd. --- .github/workflows/checksrc.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/checksrc.yml b/.github/workflows/checksrc.yml index ad3d36c9..38187a0f 100644 --- a/.github/workflows/checksrc.yml +++ b/.github/workflows/checksrc.yml @@ -29,9 +29,6 @@ jobs: - name: 'install prereqs' run: | - echo '-------------------' - find /etc/apt/sources.list.d - echo '-------------------' /home/linuxbrew/.linuxbrew/bin/brew install zizmor pip install '.[ci-tests]' From 3ecb5ed70e842f5cf8e05c64b1f8e349c415545c Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 18:09:27 +0100 Subject: [PATCH 56/86] tidy up shell shebangs --- codecoverage.sh.off | 2 +- codeprofile.sh.off | 2 +- generate_fnmatch.sh | 2 +- mainline.sh | 2 +- ossfuzz.sh | 4 +++- scripts/check_data.sh | 2 +- scripts/compile_target.sh | 4 +++- scripts/create_zip.sh | 2 +- scripts/fuzz_targets | 2 +- scripts/ossfuzzdeps.sh | 2 +- 10 files changed, 14 insertions(+), 10 deletions(-) diff --git a/codecoverage.sh.off b/codecoverage.sh.off index ccb352d3..a3fd90de 100755 --- a/codecoverage.sh.off +++ b/codecoverage.sh.off @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -ex diff --git a/codeprofile.sh.off b/codeprofile.sh.off index 01f6d787..185dddc2 100755 --- a/codeprofile.sh.off +++ b/codeprofile.sh.off @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -ex diff --git a/generate_fnmatch.sh b/generate_fnmatch.sh index 77bf5565..5785cdc0 100755 --- a/generate_fnmatch.sh +++ b/generate_fnmatch.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Redirect the output of this script to a test file. printf '%s\0%s\0' "$1" "$2" diff --git a/mainline.sh b/mainline.sh index c0faf260..21fa5547 100755 --- a/mainline.sh +++ b/mainline.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -ex diff --git a/ossfuzz.sh b/ossfuzz.sh index 347d93b7..1d374955 100755 --- a/ossfuzz.sh +++ b/ossfuzz.sh @@ -1,4 +1,4 @@ -#!/bin/bash -eu +#!/usr/bin/env bash #*************************************************************************** # _ _ ____ _ # Project ___| | | | _ \| | @@ -21,6 +21,8 @@ # ########################################################################### +set -eu + # Save off the current folder as the build root. export BUILD_ROOT=$PWD SCRIPTDIR=${BUILD_ROOT}/scripts diff --git a/scripts/check_data.sh b/scripts/check_data.sh index 5aece2d2..9fa83595 100755 --- a/scripts/check_data.sh +++ b/scripts/check_data.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash SCRIPTDIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) BUILD_ROOT=$(readlink -f "${SCRIPTDIR}/..") diff --git a/scripts/compile_target.sh b/scripts/compile_target.sh index 1d65a1ea..1c659f36 100755 --- a/scripts/compile_target.sh +++ b/scripts/compile_target.sh @@ -1,4 +1,4 @@ -#!/bin/bash -eu +#!/usr/bin/env bash #*************************************************************************** # _ _ ____ _ # Project ___| | | | _ \| | @@ -21,6 +21,8 @@ # ########################################################################### +set -eu + TARGET=${1:-fuzz} SCRIPTDIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) diff --git a/scripts/create_zip.sh b/scripts/create_zip.sh index 84601646..f4645b5c 100755 --- a/scripts/create_zip.sh +++ b/scripts/create_zip.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -ex diff --git a/scripts/fuzz_targets b/scripts/fuzz_targets index 4d02af65..cba08fb2 100644 --- a/scripts/fuzz_targets +++ b/scripts/fuzz_targets @@ -1,3 +1,3 @@ -#!/bin/bash +#!/usr/bin/env bash export FUZZ_TARGETS="curl_fuzzer_dict curl_fuzzer_file curl_fuzzer_ftp curl_fuzzer_gopher curl_fuzzer_http curl_fuzzer_https curl_fuzzer_imap curl_fuzzer_ldap curl_fuzzer_mqtt curl_fuzzer_pop3 curl_fuzzer_rtsp curl_fuzzer_smb curl_fuzzer_smtp curl_fuzzer_tftp curl_fuzzer_ws curl_fuzzer fuzz_url curl_fuzzer_bufq" diff --git a/scripts/ossfuzzdeps.sh b/scripts/ossfuzzdeps.sh index a950f41e..425d6415 100755 --- a/scripts/ossfuzzdeps.sh +++ b/scripts/ossfuzzdeps.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # This script is called from google/oss-fuzz:projects/curl/Dockerfile to install necessary # dependencies for building curl fuzz targets. From 6c67b4469aeee88140182794e2fa2f967fe66b0a Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 18:10:21 +0100 Subject: [PATCH 57/86] drop copyright year from a file --- ossfuzz.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ossfuzz.sh b/ossfuzz.sh index 1d374955..26f67215 100755 --- a/ossfuzz.sh +++ b/ossfuzz.sh @@ -6,7 +6,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 2018-2021, Max Dymond, , et al. +# Copyright (C) Max Dymond, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms From bcc83bc2fabcea1c84dfdd029c2523d5b0e3bcfa Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 18:16:27 +0100 Subject: [PATCH 58/86] CMakeLists.txt fix indent/spaces --- CMakeLists.txt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 4b557df0..bbb5cce8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2,9 +2,9 @@ cmake_minimum_required(VERSION 3.11) project(curl_fuzzer_deps) if(NOT "$ENV{MAKE}" STREQUAL "") - set(MAKE "$ENV{MAKE}") + set(MAKE "$ENV{MAKE}") else() - set(MAKE "make") + set(MAKE "make") endif() include(ExternalProject) @@ -212,7 +212,7 @@ ExternalProject_Add( DOWNLOAD_NO_PROGRESS 1 ) -if (TARGET openssl_external) +if(TARGET openssl_external) add_dependencies(openldap_external openssl_external) else() message(STATUS "Not building OpenLDAP with OpenSSL") @@ -273,7 +273,7 @@ set(CURL_POST_INSTALL_COMMAND # Conditionally check to see if there's a source directory or not. # If there is, use it. Otherwise, download the latest version. # -if (DEFINED ENV{CURL_SOURCE_DIR}) +if(DEFINED ENV{CURL_SOURCE_DIR}) message(STATUS "Building curl from source directory: $ENV{CURL_SOURCE_DIR}") ExternalProject_Add( curl_external @@ -325,10 +325,10 @@ set(CURL_INCLUDE_DIRS set(CURL_LIB_DIR ${CURL_INSTALL_DIR}/lib) # Fuzzing engine -if (DEFINED ENV{LIB_FUZZING_ENGINE}) +if(DEFINED ENV{LIB_FUZZING_ENGINE}) # Check to see if ENV{LIB_FUZZING_ENGINE} is a file. If so, use it directly. # Otherwise, assume it's a flag to the compiler. - if (EXISTS $ENV{LIB_FUZZING_ENGINE}) + if(EXISTS $ENV{LIB_FUZZING_ENGINE}) message(STATUS "Using LIB_FUZZING_ENGINE file: $ENV{LIB_FUZZING_ENGINE}") set(LIB_FUZZING_ENGINE $ENV{LIB_FUZZING_ENGINE}) set(LIB_FUZZING_ENGINE_FLAG "") From 148cf25f7dd93cef2429471375fac680aa52732d Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 18:20:07 +0100 Subject: [PATCH 59/86] CMakeLists.txt rename custom macro to begin with curl_ --- CMakeLists.txt | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index bbb5cce8..9dc7612f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -367,7 +367,7 @@ set(COMMON_LINK_OPTIONS ${LIB_FUZZING_ENGINE_FLAG}) set(FUZZ_DEPS curl_external ${CURL_DEPS} ${LIB_FUZZING_ENGINE_DEP}) # Helper macro to define a fuzzer target -macro(add_curl_fuzzer name proto) +macro(curl_add_fuzzer name proto) add_executable(${name} ${COMMON_SOURCES}) target_compile_options(${name} PRIVATE ${COMMON_FLAGS} -DFUZZ_PROTOCOLS_${proto}) target_include_directories(${name} PRIVATE ${CURL_INCLUDE_DIRS}) @@ -377,22 +377,22 @@ macro(add_curl_fuzzer name proto) endmacro() # Main fuzzer and protocol-specific fuzzers -add_curl_fuzzer(curl_fuzzer ALL) -add_curl_fuzzer(curl_fuzzer_dict DICT) -add_curl_fuzzer(curl_fuzzer_file FILE) -add_curl_fuzzer(curl_fuzzer_ftp FTP) -add_curl_fuzzer(curl_fuzzer_gopher GOPHER) -add_curl_fuzzer(curl_fuzzer_http HTTP) -add_curl_fuzzer(curl_fuzzer_https HTTPS) -add_curl_fuzzer(curl_fuzzer_imap IMAP) -add_curl_fuzzer(curl_fuzzer_ldap LDAP) -add_curl_fuzzer(curl_fuzzer_mqtt MQTT) -add_curl_fuzzer(curl_fuzzer_pop3 POP3) -add_curl_fuzzer(curl_fuzzer_rtsp RTSP) -add_curl_fuzzer(curl_fuzzer_smb SMB) -add_curl_fuzzer(curl_fuzzer_smtp SMTP) -add_curl_fuzzer(curl_fuzzer_tftp TFTP) -add_curl_fuzzer(curl_fuzzer_ws WS) +curl_add_fuzzer(curl_fuzzer ALL) +curl_add_fuzzer(curl_fuzzer_dict DICT) +curl_add_fuzzer(curl_fuzzer_file FILE) +curl_add_fuzzer(curl_fuzzer_ftp FTP) +curl_add_fuzzer(curl_fuzzer_gopher GOPHER) +curl_add_fuzzer(curl_fuzzer_http HTTP) +curl_add_fuzzer(curl_fuzzer_https HTTPS) +curl_add_fuzzer(curl_fuzzer_imap IMAP) +curl_add_fuzzer(curl_fuzzer_ldap LDAP) +curl_add_fuzzer(curl_fuzzer_mqtt MQTT) +curl_add_fuzzer(curl_fuzzer_pop3 POP3) +curl_add_fuzzer(curl_fuzzer_rtsp RTSP) +curl_add_fuzzer(curl_fuzzer_smb SMB) +curl_add_fuzzer(curl_fuzzer_smtp SMTP) +curl_add_fuzzer(curl_fuzzer_tftp TFTP) +curl_add_fuzzer(curl_fuzzer_ws WS) # BUFQ fuzzer add_executable(curl_fuzzer_bufq fuzz_bufq.cc) From 7797d3661be2470a68d97b94918fd7736c975b99 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 18:21:00 +0100 Subject: [PATCH 60/86] CMakeLists.txt rename local vars to begin with _ --- CMakeLists.txt | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 9dc7612f..e0596957 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -367,13 +367,13 @@ set(COMMON_LINK_OPTIONS ${LIB_FUZZING_ENGINE_FLAG}) set(FUZZ_DEPS curl_external ${CURL_DEPS} ${LIB_FUZZING_ENGINE_DEP}) # Helper macro to define a fuzzer target -macro(curl_add_fuzzer name proto) - add_executable(${name} ${COMMON_SOURCES}) - target_compile_options(${name} PRIVATE ${COMMON_FLAGS} -DFUZZ_PROTOCOLS_${proto}) - target_include_directories(${name} PRIVATE ${CURL_INCLUDE_DIRS}) - target_link_libraries(${name} PRIVATE ${COMMON_LINK_LIBS}) - target_link_options(${name} PRIVATE ${COMMON_LINK_OPTIONS}) - add_dependencies(${name} ${FUZZ_DEPS}) +macro(curl_add_fuzzer _name _proto) + add_executable(${_name} ${COMMON_SOURCES}) + target_compile_options(${_name} PRIVATE ${COMMON_FLAGS} -DFUZZ_PROTOCOLS_${_proto}) + target_include_directories(${_name} PRIVATE ${CURL_INCLUDE_DIRS}) + target_link_libraries(${_name} PRIVATE ${COMMON_LINK_LIBS}) + target_link_options(${_name} PRIVATE ${COMMON_LINK_OPTIONS}) + add_dependencies(${_name} ${FUZZ_DEPS}) endmacro() # Main fuzzer and protocol-specific fuzzers From 411d94556cc607c4f6941531a8f03bfcf6a5ae61 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 20:34:23 +0100 Subject: [PATCH 61/86] ci.yml format if expression to match rest of project --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 49d3fc5e..6ec35d7d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -87,7 +87,7 @@ jobs: dry-run: false - name: Upload Crash uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 - if: failure() + if: ${{ failure() }} with: name: artifacts path: ./out/artifacts From cc2a263efa6a6ced206a502796f33a7966b1b5c8 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 21:52:21 +0100 Subject: [PATCH 62/86] pip apply std args --- .github/workflows/build.yml | 2 +- .github/workflows/checksrc.yml | 2 +- .github/workflows/pages-ci.yml | 2 +- .github/workflows/pages.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 050e1a94..edff6aee 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -68,7 +68,7 @@ jobs: persist-credentials: false - name: Install test dependencies - run: pip install '.[python-tests]' + run: pip --disable-pip-version-check --no-input --no-cache-dir install '.[python-tests]' - name: Run TLV constants sync test run: pytest tests/test_tlv_constants_sync.py diff --git a/.github/workflows/checksrc.yml b/.github/workflows/checksrc.yml index 38187a0f..0d93d993 100644 --- a/.github/workflows/checksrc.yml +++ b/.github/workflows/checksrc.yml @@ -30,7 +30,7 @@ jobs: - name: 'install prereqs' run: | /home/linuxbrew/.linuxbrew/bin/brew install zizmor - pip install '.[ci-tests]' + pip --disable-pip-version-check --no-input --no-cache-dir install '.[ci-tests]' - name: 'zizmor GHA' env: diff --git a/.github/workflows/pages-ci.yml b/.github/workflows/pages-ci.yml index bdec2b41..a27f0a13 100644 --- a/.github/workflows/pages-ci.yml +++ b/.github/workflows/pages-ci.yml @@ -26,7 +26,7 @@ jobs: - name: Install dependencies run: | - pip install '.[browser-tests]' + pip --disable-pip-version-check --no-input --no-cache-dir install '.[browser-tests]' python -m playwright install - name: Install Playwright system dependencies diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 0bf6bb95..1ce5be1f 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -22,7 +22,7 @@ jobs: persist-credentials: false - name: Install dependencies - run: pip install '.[page-gen]' + run: pip --disable-pip-version-check --no-input --no-cache-dir install '.[page-gen]' - name: Generate decoder HTML run: python -m curl_fuzzer_tools.generate_decoder_html From 4749f1f42e0ca8182ece554662940cd5ac99d02a Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 22:13:09 +0100 Subject: [PATCH 63/86] GHA/ci: try suppressing CodeQL warnings --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6ec35d7d..508af363 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,7 +46,7 @@ jobs: steps: # Use the CIFuzz job to test the repository. - name: Build Fuzzers - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master # zizmor: ignore[unpinned-uses] + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master # lgtm[actions/unpinned-tag] # zizmor: ignore[unpinned-uses] with: oss-fuzz-project-name: 'curl' dry-run: false @@ -80,7 +80,7 @@ jobs: - name: Display extracted files run: ls -laR build-out/ - name: Run Fuzzer ${{ matrix.fuzzer }} - uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master # zizmor: ignore[unpinned-uses] + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master # lgtm[actions/unpinned-tag] # zizmor: ignore[unpinned-uses] with: oss-fuzz-project-name: 'curl' fuzz-seconds: 120 @@ -98,7 +98,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Build Fuzzers - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master # zizmor: ignore[unpinned-uses] + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master # lgtm[actions/unpinned-tag] # zizmor: ignore[unpinned-uses] with: oss-fuzz-project-name: 'curl' dry-run: false From 46637a18386a040ce54baa599ee7a613cfd348b4 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 22:18:34 +0100 Subject: [PATCH 64/86] Revert "GHA/ci: try suppressing CodeQL warnings" This reverts commit d70a5b8c283615fa6cc783463cc7944df646027c. Doesn't seem to work. --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 508af363..6ec35d7d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,7 +46,7 @@ jobs: steps: # Use the CIFuzz job to test the repository. - name: Build Fuzzers - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master # lgtm[actions/unpinned-tag] # zizmor: ignore[unpinned-uses] + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master # zizmor: ignore[unpinned-uses] with: oss-fuzz-project-name: 'curl' dry-run: false @@ -80,7 +80,7 @@ jobs: - name: Display extracted files run: ls -laR build-out/ - name: Run Fuzzer ${{ matrix.fuzzer }} - uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master # lgtm[actions/unpinned-tag] # zizmor: ignore[unpinned-uses] + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master # zizmor: ignore[unpinned-uses] with: oss-fuzz-project-name: 'curl' fuzz-seconds: 120 @@ -98,7 +98,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Build Fuzzers - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master # lgtm[actions/unpinned-tag] # zizmor: ignore[unpinned-uses] + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master # zizmor: ignore[unpinned-uses] with: oss-fuzz-project-name: 'curl' dry-run: false From 068abc08052041f98b813c0aa87ba2ca5e5de212 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 22:27:10 +0100 Subject: [PATCH 65/86] run python in venv, also apply some pip options from curl --- .github/workflows/build.yml | 8 ++++++-- .github/workflows/checksrc.yml | 4 +++- .github/workflows/pages-ci.yml | 9 +++++++-- .github/workflows/pages.yml | 8 ++++++-- 4 files changed, 22 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index edff6aee..55135762 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -68,7 +68,11 @@ jobs: persist-credentials: false - name: Install test dependencies - run: pip --disable-pip-version-check --no-input --no-cache-dir install '.[python-tests]' + run: | + python3 -m venv ~/venv + ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[python-tests]' - name: Run TLV constants sync test - run: pytest tests/test_tlv_constants_sync.py + run: | + source ~/venv/bin/activate + pytest tests/test_tlv_constants_sync.py diff --git a/.github/workflows/checksrc.yml b/.github/workflows/checksrc.yml index 0d93d993..c45f1c3c 100644 --- a/.github/workflows/checksrc.yml +++ b/.github/workflows/checksrc.yml @@ -30,7 +30,8 @@ jobs: - name: 'install prereqs' run: | /home/linuxbrew/.linuxbrew/bin/brew install zizmor - pip --disable-pip-version-check --no-input --no-cache-dir install '.[ci-tests]' + python3 -m venv ~/venv + ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[ci-tests]' - name: 'zizmor GHA' env: @@ -41,6 +42,7 @@ jobs: - name: 'ruff' run: | + source ~/venv/bin/activate ruff --version # shellcheck disable=SC2046 ruff check $(git ls-files '*.py') diff --git a/.github/workflows/pages-ci.yml b/.github/workflows/pages-ci.yml index a27f0a13..a177906b 100644 --- a/.github/workflows/pages-ci.yml +++ b/.github/workflows/pages-ci.yml @@ -26,14 +26,19 @@ jobs: - name: Install dependencies run: | - pip --disable-pip-version-check --no-input --no-cache-dir install '.[browser-tests]' + python3 -m venv ~/venv + ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[browser-tests]' + source ~/venv/bin/activate python -m playwright install - name: Install Playwright system dependencies run: | sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list sudo rm -f /var/lib/man-db/auto-update + source ~/venv/bin/activate playwright install-deps - name: Run Playwright browser test - run: pytest tests/browser/test_corpus_decoder.py + run: | + source ~/venv/bin/activate + pytest tests/browser/test_corpus_decoder.py diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 1ce5be1f..36e81186 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -22,10 +22,14 @@ jobs: persist-credentials: false - name: Install dependencies - run: pip --disable-pip-version-check --no-input --no-cache-dir install '.[page-gen]' + run: | + python3 -m venv ~/venv + ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[page-gen]' - name: Generate decoder HTML - run: python -m curl_fuzzer_tools.generate_decoder_html + run: | + source ~/venv/bin/activate + python -m curl_fuzzer_tools.generate_decoder_html - name: Upload artifact uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0 From c5a4d7bfd74bcee7aab00759c733caa96e1e4bbb Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 22:53:20 +0100 Subject: [PATCH 66/86] pyproject.toml: move scapy to dev group (only used by corpus to pcap manual script) --- pyproject.toml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 4af35ccb..a180ad2a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -32,6 +32,7 @@ page-gen = [ "jinja2 (>=3.1.0,<4.0.0)", ] browser-tests = [ + "jinja2 (>=3.1.0,<4.0.0)", "pytest>=8.3,<9", "playwright>=1.55,<1.56", "pytest_playwright>=0.7.1,<0.8", @@ -59,12 +60,13 @@ build-backend = "setuptools.build_meta" dev = [ "mypy==1.18.2", "ruff==0.14.2", + "scapy (>=2.6.1,<3.0.0)", ] page-gen = [ - "scapy (>=2.6.1,<3.0.0)", "jinja2 (>=3.1.0,<4.0.0)", ] browser-tests = [ + "jinja2 (>=3.1.0,<4.0.0)", "pytest>=8.3,<9", "playwright>=1.55,<1.56", "pytest_playwright>=0.7.1,<0.8", From 1e779445b5f5c5c7857b40931563d51b4fbf744b Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 22:53:53 +0100 Subject: [PATCH 67/86] switch back to py action --- .github/workflows/build.yml | 12 ++++++------ .github/workflows/checksrc.yml | 8 +++++--- .github/workflows/ci.yml | 4 ++-- .github/workflows/pages-ci.yml | 13 ++++++------- .github/workflows/pages.yml | 12 ++++++------ 5 files changed, 25 insertions(+), 24 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 55135762..b8da84c9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -67,12 +67,12 @@ jobs: with: persist-credentials: false + - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 + with: + python-version: '3.12' + - name: Install test dependencies - run: | - python3 -m venv ~/venv - ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[python-tests]' + run: pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[python-tests]' - name: Run TLV constants sync test - run: | - source ~/venv/bin/activate - pytest tests/test_tlv_constants_sync.py + run: pytest tests/test_tlv_constants_sync.py diff --git a/.github/workflows/checksrc.yml b/.github/workflows/checksrc.yml index c45f1c3c..09e53c23 100644 --- a/.github/workflows/checksrc.yml +++ b/.github/workflows/checksrc.yml @@ -27,11 +27,14 @@ jobs: with: persist-credentials: false + - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 + with: + python-version: '3.12' + - name: 'install prereqs' run: | /home/linuxbrew/.linuxbrew/bin/brew install zizmor - python3 -m venv ~/venv - ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[ci-tests]' + pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[ci-tests]' - name: 'zizmor GHA' env: @@ -42,7 +45,6 @@ jobs: - name: 'ruff' run: | - source ~/venv/bin/activate ruff --version # shellcheck disable=SC2046 ruff check $(git ls-files '*.py') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6ec35d7d..c6d6b863 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -69,13 +69,13 @@ jobs: runs-on: ubuntu-latest strategy: matrix: ${{ fromJSON(needs.DetermineMatrix.outputs.matrix) }} - env: - MATRIX_FUZZER: '${{ matrix.fuzzer }}' steps: - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: fuzz_tar - name: Unpack fuzzer ${{ matrix.fuzzer }} + env: + MATRIX_FUZZER: '${{ matrix.fuzzer }}' run: tar xvf fuzz.tar build-out/"${MATRIX_FUZZER}" build-out/"${MATRIX_FUZZER}"_seed_corpus.zip - name: Display extracted files run: ls -laR build-out/ diff --git a/.github/workflows/pages-ci.yml b/.github/workflows/pages-ci.yml index a177906b..3c8be68d 100644 --- a/.github/workflows/pages-ci.yml +++ b/.github/workflows/pages-ci.yml @@ -24,21 +24,20 @@ jobs: with: persist-credentials: false + - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 + with: + python-version: '3.12' + - name: Install dependencies run: | - python3 -m venv ~/venv - ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[browser-tests]' - source ~/venv/bin/activate + pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[browser-tests]' python -m playwright install - name: Install Playwright system dependencies run: | sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list sudo rm -f /var/lib/man-db/auto-update - source ~/venv/bin/activate playwright install-deps - name: Run Playwright browser test - run: | - source ~/venv/bin/activate - pytest tests/browser/test_corpus_decoder.py + run: pytest tests/browser/test_corpus_decoder.py diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 36e81186..d4e9b67a 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -21,15 +21,15 @@ jobs: with: persist-credentials: false + - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 + with: + python-version: '3.12' + - name: Install dependencies - run: | - python3 -m venv ~/venv - ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[page-gen]' + run: pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[page-gen]' - name: Generate decoder HTML - run: | - source ~/venv/bin/activate - python -m curl_fuzzer_tools.generate_decoder_html + run: python -m curl_fuzzer_tools.generate_decoder_html - name: Upload artifact uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0 From 96d0f38c4f99103e65e0fd7c6a767743a5cb0bf9 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 22:54:01 +0100 Subject: [PATCH 68/86] Revert "switch back to py action" This reverts commit 52efe1f1f73a013f6537cb5ec481ec3da8db0ef2. --- .github/workflows/build.yml | 12 ++++++------ .github/workflows/checksrc.yml | 8 +++----- .github/workflows/ci.yml | 4 ++-- .github/workflows/pages-ci.yml | 13 +++++++------ .github/workflows/pages.yml | 12 ++++++------ 5 files changed, 24 insertions(+), 25 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b8da84c9..55135762 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -67,12 +67,12 @@ jobs: with: persist-credentials: false - - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 - with: - python-version: '3.12' - - name: Install test dependencies - run: pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[python-tests]' + run: | + python3 -m venv ~/venv + ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[python-tests]' - name: Run TLV constants sync test - run: pytest tests/test_tlv_constants_sync.py + run: | + source ~/venv/bin/activate + pytest tests/test_tlv_constants_sync.py diff --git a/.github/workflows/checksrc.yml b/.github/workflows/checksrc.yml index 09e53c23..c45f1c3c 100644 --- a/.github/workflows/checksrc.yml +++ b/.github/workflows/checksrc.yml @@ -27,14 +27,11 @@ jobs: with: persist-credentials: false - - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 - with: - python-version: '3.12' - - name: 'install prereqs' run: | /home/linuxbrew/.linuxbrew/bin/brew install zizmor - pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[ci-tests]' + python3 -m venv ~/venv + ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[ci-tests]' - name: 'zizmor GHA' env: @@ -45,6 +42,7 @@ jobs: - name: 'ruff' run: | + source ~/venv/bin/activate ruff --version # shellcheck disable=SC2046 ruff check $(git ls-files '*.py') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c6d6b863..6ec35d7d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -69,13 +69,13 @@ jobs: runs-on: ubuntu-latest strategy: matrix: ${{ fromJSON(needs.DetermineMatrix.outputs.matrix) }} + env: + MATRIX_FUZZER: '${{ matrix.fuzzer }}' steps: - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: fuzz_tar - name: Unpack fuzzer ${{ matrix.fuzzer }} - env: - MATRIX_FUZZER: '${{ matrix.fuzzer }}' run: tar xvf fuzz.tar build-out/"${MATRIX_FUZZER}" build-out/"${MATRIX_FUZZER}"_seed_corpus.zip - name: Display extracted files run: ls -laR build-out/ diff --git a/.github/workflows/pages-ci.yml b/.github/workflows/pages-ci.yml index 3c8be68d..a177906b 100644 --- a/.github/workflows/pages-ci.yml +++ b/.github/workflows/pages-ci.yml @@ -24,20 +24,21 @@ jobs: with: persist-credentials: false - - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 - with: - python-version: '3.12' - - name: Install dependencies run: | - pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[browser-tests]' + python3 -m venv ~/venv + ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[browser-tests]' + source ~/venv/bin/activate python -m playwright install - name: Install Playwright system dependencies run: | sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list sudo rm -f /var/lib/man-db/auto-update + source ~/venv/bin/activate playwright install-deps - name: Run Playwright browser test - run: pytest tests/browser/test_corpus_decoder.py + run: | + source ~/venv/bin/activate + pytest tests/browser/test_corpus_decoder.py diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index d4e9b67a..36e81186 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -21,15 +21,15 @@ jobs: with: persist-credentials: false - - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 - with: - python-version: '3.12' - - name: Install dependencies - run: pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[page-gen]' + run: | + python3 -m venv ~/venv + ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[page-gen]' - name: Generate decoder HTML - run: python -m curl_fuzzer_tools.generate_decoder_html + run: | + source ~/venv/bin/activate + python -m curl_fuzzer_tools.generate_decoder_html - name: Upload artifact uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0 From a01bcd9aff98d6b36f0b478f9e2115e86ce30cba Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 22:54:39 +0100 Subject: [PATCH 69/86] pages-ci.yml installing page-gen pkgs --- .github/workflows/pages-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pages-ci.yml b/.github/workflows/pages-ci.yml index a177906b..a852d049 100644 --- a/.github/workflows/pages-ci.yml +++ b/.github/workflows/pages-ci.yml @@ -27,7 +27,7 @@ jobs: - name: Install dependencies run: | python3 -m venv ~/venv - ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[browser-tests]' + ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[page-gen,browser-tests]' source ~/venv/bin/activate python -m playwright install From ebe35be6a55dd33e3792879370289dd4868ab55f Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 23:02:03 +0100 Subject: [PATCH 70/86] Reapply "switch back to py action" This reverts commit f3664804cfa0256d158ee9fa9076ef2a8cbc266b. --- .github/workflows/build.yml | 12 ++++++------ .github/workflows/checksrc.yml | 8 +++++--- .github/workflows/ci.yml | 4 ++-- .github/workflows/pages-ci.yml | 13 ++++++------- .github/workflows/pages.yml | 12 ++++++------ 5 files changed, 25 insertions(+), 24 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 55135762..b8da84c9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -67,12 +67,12 @@ jobs: with: persist-credentials: false + - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 + with: + python-version: '3.12' + - name: Install test dependencies - run: | - python3 -m venv ~/venv - ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[python-tests]' + run: pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[python-tests]' - name: Run TLV constants sync test - run: | - source ~/venv/bin/activate - pytest tests/test_tlv_constants_sync.py + run: pytest tests/test_tlv_constants_sync.py diff --git a/.github/workflows/checksrc.yml b/.github/workflows/checksrc.yml index c45f1c3c..09e53c23 100644 --- a/.github/workflows/checksrc.yml +++ b/.github/workflows/checksrc.yml @@ -27,11 +27,14 @@ jobs: with: persist-credentials: false + - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 + with: + python-version: '3.12' + - name: 'install prereqs' run: | /home/linuxbrew/.linuxbrew/bin/brew install zizmor - python3 -m venv ~/venv - ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[ci-tests]' + pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[ci-tests]' - name: 'zizmor GHA' env: @@ -42,7 +45,6 @@ jobs: - name: 'ruff' run: | - source ~/venv/bin/activate ruff --version # shellcheck disable=SC2046 ruff check $(git ls-files '*.py') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6ec35d7d..c6d6b863 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -69,13 +69,13 @@ jobs: runs-on: ubuntu-latest strategy: matrix: ${{ fromJSON(needs.DetermineMatrix.outputs.matrix) }} - env: - MATRIX_FUZZER: '${{ matrix.fuzzer }}' steps: - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: fuzz_tar - name: Unpack fuzzer ${{ matrix.fuzzer }} + env: + MATRIX_FUZZER: '${{ matrix.fuzzer }}' run: tar xvf fuzz.tar build-out/"${MATRIX_FUZZER}" build-out/"${MATRIX_FUZZER}"_seed_corpus.zip - name: Display extracted files run: ls -laR build-out/ diff --git a/.github/workflows/pages-ci.yml b/.github/workflows/pages-ci.yml index a852d049..57648771 100644 --- a/.github/workflows/pages-ci.yml +++ b/.github/workflows/pages-ci.yml @@ -24,21 +24,20 @@ jobs: with: persist-credentials: false + - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 + with: + python-version: '3.12' + - name: Install dependencies run: | - python3 -m venv ~/venv - ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[page-gen,browser-tests]' - source ~/venv/bin/activate + pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[page-gen,browser-tests]' python -m playwright install - name: Install Playwright system dependencies run: | sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list sudo rm -f /var/lib/man-db/auto-update - source ~/venv/bin/activate playwright install-deps - name: Run Playwright browser test - run: | - source ~/venv/bin/activate - pytest tests/browser/test_corpus_decoder.py + run: pytest tests/browser/test_corpus_decoder.py diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 36e81186..d4e9b67a 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -21,15 +21,15 @@ jobs: with: persist-credentials: false + - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6 + with: + python-version: '3.12' + - name: Install dependencies - run: | - python3 -m venv ~/venv - ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[page-gen]' + run: pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary '.[page-gen]' - name: Generate decoder HTML - run: | - source ~/venv/bin/activate - python -m curl_fuzzer_tools.generate_decoder_html + run: python -m curl_fuzzer_tools.generate_decoder_html - name: Upload artifact uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0 From 619edeb27d52e30cf449500b0b9a5c2cc42b2c7d Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 23:24:44 +0100 Subject: [PATCH 71/86] pyproject.toml formatting to prev --- pyproject.toml | 1 - 1 file changed, 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index a180ad2a..22afbb26 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -93,7 +93,6 @@ indent-width = 4 target-version = "py39" [tool.ruff.lint] - extend-select = [ "B007","B016","C405","C416","COM818", "D200","D213","D204","D401","D415", From d55a74d434a09a401f1134a2b69cbf5e97bf3e3e Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 26 Oct 2025 23:49:42 +0100 Subject: [PATCH 72/86] pyproject.toml tidy up version formats --- pyproject.toml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 22afbb26..6bd33d64 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -28,11 +28,11 @@ ci-tests = [ "ruff==0.14.2", ] page-gen = [ - "scapy (>=2.6.1,<3.0.0)", - "jinja2 (>=3.1.0,<4.0.0)", + "scapy>=2.6.1,<3.0.0", + "jinja2>=3.1.0,<4.0.0", ] browser-tests = [ - "jinja2 (>=3.1.0,<4.0.0)", + "jinja2>=3.1.0,<4.0.0", "pytest>=8.3,<9", "playwright>=1.55,<1.56", "pytest_playwright>=0.7.1,<0.8", @@ -60,13 +60,13 @@ build-backend = "setuptools.build_meta" dev = [ "mypy==1.18.2", "ruff==0.14.2", - "scapy (>=2.6.1,<3.0.0)", + "scapy>=2.6.1,<3.0.0", ] page-gen = [ - "jinja2 (>=3.1.0,<4.0.0)", + "jinja2>=3.1.0,<4.0.0", ] browser-tests = [ - "jinja2 (>=3.1.0,<4.0.0)", + "jinja2>=3.1.0,<4.0.0", "pytest>=8.3,<9", "playwright>=1.55,<1.56", "pytest_playwright>=0.7.1,<0.8", From a5ddc396142d6f8a8969b9f8c4b766a909231d43 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Mon, 27 Oct 2025 00:09:49 +0100 Subject: [PATCH 73/86] cmake: drop redundant DEFINED check for envs. enough to check if the value is not empty --- CMakeLists.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index e0596957..45b12725 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -50,7 +50,7 @@ ExternalProject_Add( # For the memory sanitizer build, turn off OpenSSL as it causes bugs we can't # affect (see 16697, 17624) -if(NOT (DEFINED ENV{SANITIZER} AND "$ENV{SANITIZER}" STREQUAL "memory")) +if(NOT "$ENV{SANITIZER}" STREQUAL "memory") message(STATUS "Building OpenSSL as a dependency") # Install openssl # @@ -65,14 +65,14 @@ if(NOT (DEFINED ENV{SANITIZER} AND "$ENV{SANITIZER}" STREQUAL "memory")) set(OPENSSL_ARCH_TARGET "") set(OPENSSL_ARCH_FLAG "") set(OPENSSL_EC_FLAG "enable-ec_nistp_64_gcc_128") - if(DEFINED ENV{ARCHITECTURE} AND "$ENV{ARCHITECTURE}" STREQUAL "i386") + if("$ENV{ARCHITECTURE}" STREQUAL "i386") set(OPENSSL_ARCH_TARGET "linux-generic32") set(OPENSSL_ARCH_FLAG "386") set(OPENSSL_EC_FLAG "no-threads") endif() set(OPENSSL_ASM_FLAG "") - if(DEFINED ENV{SANITIZER} AND "$ENV{SANITIZER}" STREQUAL "memory") + if("$ENV{SANITIZER}" STREQUAL "memory") set(OPENSSL_ASM_FLAG "no-asm") endif() From 34c9d1e5df017b2ce884161b5d10aebf70ee3985 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Mon, 27 Oct 2025 00:10:28 +0100 Subject: [PATCH 74/86] cmake: check for non-empty env value, to not accept defined but empty ones --- CMakeLists.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 45b12725..43b1d9f7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -273,7 +273,7 @@ set(CURL_POST_INSTALL_COMMAND # Conditionally check to see if there's a source directory or not. # If there is, use it. Otherwise, download the latest version. # -if(DEFINED ENV{CURL_SOURCE_DIR}) +if(NOT "$ENV{CURL_SOURCE_DIR}" STREQUAL "") message(STATUS "Building curl from source directory: $ENV{CURL_SOURCE_DIR}") ExternalProject_Add( curl_external @@ -325,10 +325,10 @@ set(CURL_INCLUDE_DIRS set(CURL_LIB_DIR ${CURL_INSTALL_DIR}/lib) # Fuzzing engine -if(DEFINED ENV{LIB_FUZZING_ENGINE}) +if(NOT "$ENV{LIB_FUZZING_ENGINE}" STREQUAL "") # Check to see if ENV{LIB_FUZZING_ENGINE} is a file. If so, use it directly. # Otherwise, assume it's a flag to the compiler. - if(EXISTS $ENV{LIB_FUZZING_ENGINE}) + if(EXISTS "$ENV{LIB_FUZZING_ENGINE}") message(STATUS "Using LIB_FUZZING_ENGINE file: $ENV{LIB_FUZZING_ENGINE}") set(LIB_FUZZING_ENGINE $ENV{LIB_FUZZING_ENGINE}) set(LIB_FUZZING_ENGINE_FLAG "") From 2f9c6ae9f979ea8a3742360fb33432255e42dd62 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Mon, 27 Oct 2025 00:11:45 +0100 Subject: [PATCH 75/86] cmake: use string(APPEND) --- CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 43b1d9f7..76f39579 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -314,8 +314,8 @@ add_dependencies(curl_external ${CURL_DEPS}) # Now it's time for the main targets! # # Read environment variables for compiler flags -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} $ENV{CFLAGS}") -set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} $ENV{CXXFLAGS}") +string(APPEND CMAKE_C_FLAGS " $ENV{CFLAGS}") +string(APPEND CMAKE_CXX_FLAGS " $ENV{CXXFLAGS}") # Paths to curl install (adjust as needed) set(CURL_INCLUDE_DIRS From 1e58bd7cac39892d24d88ab94647fb0c8f43c6df Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Mon, 27 Oct 2025 00:13:15 +0100 Subject: [PATCH 76/86] cmake: do not add CFLAGS/CXXFLAGS manually, they are used by cmake automatically https://cmake.org/cmake/help/latest/envvar/CFLAGS.html https://cmake.org/cmake/help/latest/envvar/CXXFLAGS.html --- CMakeLists.txt | 4 ---- 1 file changed, 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 76f39579..7342b0ae 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -312,10 +312,6 @@ set(CURL_DEPS add_dependencies(curl_external ${CURL_DEPS}) # Now it's time for the main targets! -# -# Read environment variables for compiler flags -string(APPEND CMAKE_C_FLAGS " $ENV{CFLAGS}") -string(APPEND CMAKE_CXX_FLAGS " $ENV{CXXFLAGS}") # Paths to curl install (adjust as needed) set(CURL_INCLUDE_DIRS From 94ba626c08a60e735af24f13823870323b4c14f3 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Mon, 27 Oct 2025 06:47:26 +0100 Subject: [PATCH 77/86] cmake fold long (>132) lines --- CMakeLists.txt | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 7342b0ae..59701e25 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -42,7 +42,8 @@ ExternalProject_Add( URL ${ZSTD_URL} PREFIX ${CMAKE_BINARY_DIR}/zstd SOURCE_SUBDIR build/cmake - CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${ZSTD_INSTALL_DIR} -DZSTD_BUILD_PROGRAMS=OFF -DZSTD_BUILD_SHARED=OFF -DZSTD_BUILD_STATIC=ON -DZSTD_BUILD_CONTRIB=OFF -DZSTD_BUILD_TESTS=OFF + CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${ZSTD_INSTALL_DIR} + -DZSTD_BUILD_SHARED=OFF -DZSTD_BUILD_STATIC=ON -DZSTD_BUILD_PROGRAMS=OFF -DZSTD_BUILD_CONTRIB=OFF -DZSTD_BUILD_TESTS=OFF BUILD_BYPRODUCTS ${ZSTD_STATIC_LIB} DOWNLOAD_EXTRACT_TIMESTAMP TRUE DOWNLOAD_NO_PROGRESS 1 @@ -56,7 +57,8 @@ if(NOT "$ENV{SANITIZER}" STREQUAL "memory") # # renovate: datasource=github-tags depName=openssl/openssl set(OPENSSL_VERSION 3.6.0) - set(OPENSSL_URL https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz) + set(OPENSSL_URL + https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz) set(OPENSSL_INSTALL_DIR ${CMAKE_BINARY_DIR}/openssl-install) set(OPENSSL_SRC_DIR ${CMAKE_BINARY_DIR}/openssl/src/openssl_external) set(OPENSSL_STATIC_LIB ${OPENSSL_INSTALL_DIR}/lib/libssl.a ${OPENSSL_INSTALL_DIR}/lib/libcrypto.a) @@ -143,8 +145,8 @@ ExternalProject_Add( nghttp2_external URL ${NGHTTP2_URL} PREFIX ${CMAKE_BINARY_DIR}/nghttp2 - CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${NGHTTP2_INSTALL_DIR} -DENABLE_LIB_ONLY=ON -DENABLE_THREADS=OFF -DBUILD_STATIC_LIBS=ON -DBUILD_SHARED_LIBS=OFF - -DBUILD_TESTING=OFF -DENABLE_DOC=OFF ${NGHTTP2_OPENSSL_OPTION} + CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${NGHTTP2_INSTALL_DIR} -DBUILD_STATIC_LIBS=ON -DBUILD_SHARED_LIBS=OFF + -DENABLE_LIB_ONLY=ON -DENABLE_THREADS=OFF -DBUILD_TESTING=OFF -DENABLE_DOC=OFF ${NGHTTP2_OPENSSL_OPTION} BUILD_BYPRODUCTS ${NGHTTP2_STATIC_LIB} DOWNLOAD_EXTRACT_TIMESTAMP TRUE DOWNLOAD_NO_PROGRESS 1 @@ -166,7 +168,8 @@ ExternalProject_Add( libidn2_external URL ${LIBIDN2_URL} PREFIX ${CMAKE_BINARY_DIR}/libidn2 - CONFIGURE_COMMAND ./configure --disable-dependency-tracking --prefix=${LIBIDN2_INSTALL_DIR} --disable-shared --enable-static --disable-doc + CONFIGURE_COMMAND ./configure --disable-dependency-tracking --prefix=${LIBIDN2_INSTALL_DIR} --disable-shared --enable-static + --disable-doc BUILD_IN_SOURCE 1 BUILD_BYPRODUCTS ${LIBIDN2_STATIC_LIB} DOWNLOAD_EXTRACT_TIMESTAMP TRUE From 14ba64aa494dc8be758e155134b538c8ac0813cb Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Mon, 27 Oct 2025 07:36:48 +0100 Subject: [PATCH 78/86] drop copyright year --- curl_fuzzer.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/curl_fuzzer.h b/curl_fuzzer.h index bb2beae0..b55a29c8 100644 --- a/curl_fuzzer.h +++ b/curl_fuzzer.h @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2017, Max Dymond, , et al. + * Copyright (C) Max Dymond, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms From 63b1b35eafe605e2b735bbae9fe9f16b98811f99 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Mon, 27 Oct 2025 07:39:29 +0100 Subject: [PATCH 79/86] drop copyright year --- LICENSE | 2 +- curl_fuzzer.cc | 2 +- curl_fuzzer_callback.cc | 2 +- curl_fuzzer_tlv.cc | 2 +- fuzz_bufq.cc | 2 +- fuzz_bufq.h | 2 +- fuzz_fnmatch.cc | 2 +- fuzz_url.cc | 2 +- src/curl_fuzzer_tools/curl_test_data.py | 2 +- standalone_fuzz_target_runner.cc | 2 +- testinput.h | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/LICENSE b/LICENSE index 61320304..e611d51f 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2017 curl-fuzzer authors +Copyright (c) curl-fuzzer authors Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/curl_fuzzer.cc b/curl_fuzzer.cc index b66130f5..0eccea80 100644 --- a/curl_fuzzer.cc +++ b/curl_fuzzer.cc @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2017 - 2022, Max Dymond, , et al. + * Copyright (C) Max Dymond, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms diff --git a/curl_fuzzer_callback.cc b/curl_fuzzer_callback.cc index 86f9d304..f34d8b1b 100644 --- a/curl_fuzzer_callback.cc +++ b/curl_fuzzer_callback.cc @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2017, Max Dymond, , et al. + * Copyright (C) Max Dymond, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms diff --git a/curl_fuzzer_tlv.cc b/curl_fuzzer_tlv.cc index 07de82e2..5753da2a 100644 --- a/curl_fuzzer_tlv.cc +++ b/curl_fuzzer_tlv.cc @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2017, Max Dymond, , et al. + * Copyright (C) Max Dymond, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms diff --git a/fuzz_bufq.cc b/fuzz_bufq.cc index 995b62d7..b63e5906 100644 --- a/fuzz_bufq.cc +++ b/fuzz_bufq.cc @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2017 - 2022, Max Dymond, , et al. + * Copyright (C) Max Dymond, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms diff --git a/fuzz_bufq.h b/fuzz_bufq.h index f3b103d0..70635544 100644 --- a/fuzz_bufq.h +++ b/fuzz_bufq.h @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2017, Max Dymond, , et al. + * Copyright (C) Max Dymond, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms diff --git a/fuzz_fnmatch.cc b/fuzz_fnmatch.cc index 1706037f..a0e340d5 100644 --- a/fuzz_fnmatch.cc +++ b/fuzz_fnmatch.cc @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2017, Max Dymond, , et al. + * Copyright (C) Max Dymond, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms diff --git a/fuzz_url.cc b/fuzz_url.cc index 9cefdcfe..50f51aa4 100644 --- a/fuzz_url.cc +++ b/fuzz_url.cc @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2017 - 2022, Max Dymond, , et al. + * Copyright (C) Max Dymond, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms diff --git a/src/curl_fuzzer_tools/curl_test_data.py b/src/curl_fuzzer_tools/curl_test_data.py index d62c5341..85ec5da8 100755 --- a/src/curl_fuzzer_tools/curl_test_data.py +++ b/src/curl_fuzzer_tools/curl_test_data.py @@ -6,7 +6,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 2017, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms diff --git a/standalone_fuzz_target_runner.cc b/standalone_fuzz_target_runner.cc index dc0b874c..2cdd4ed6 100644 --- a/standalone_fuzz_target_runner.cc +++ b/standalone_fuzz_target_runner.cc @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2017, Max Dymond, , et al. + * Copyright (C) Max Dymond, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms diff --git a/testinput.h b/testinput.h index cfa4b964..7043dd10 100644 --- a/testinput.h +++ b/testinput.h @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2017, Max Dymond, , et al. + * Copyright (C) Max Dymond, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms From 8a2f1c62fc944fb0daa85e44824f96b96f3d6fb2 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Mon, 27 Oct 2025 07:45:28 +0100 Subject: [PATCH 80/86] whitespace fixes --- .vscode/settings.json | 2 +- REPRODUCING.md | 2 +- codecoverage.sh.off | 2 +- curl_fuzzer.h | 120 +++++++++++++++++++++--------------------- curl_fuzzer_tlv.cc | 8 +-- fuzz_bufq.h | 2 +- fuzz_url.cc | 1 - ossconfig/http.dict | 1 - testinput.h | 2 +- 9 files changed, 69 insertions(+), 71 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index d0b582f2..1a5da3e8 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -2,4 +2,4 @@ "[python]": { "editor.defaultFormatter": "charliermarsh.ruff" }, -} \ No newline at end of file +} diff --git a/REPRODUCING.md b/REPRODUCING.md index 57c36439..8d2ba09a 100644 --- a/REPRODUCING.md +++ b/REPRODUCING.md @@ -1,5 +1,5 @@ # Reproducing OSS-Fuzz issues -## Reproducible vs non-reproducible +## Reproducible vs non-reproducible OSS-Fuzz generates two kinds of issues; reproducible and non-reproducible. It _generally_ only raises issues for reproducible problems; that is, a testcase that can be passed to the relevant fuzzer which causes a crash. They are marked as such in the OSS-Fuzz dashboard. These instructions are for diagnosing reproducible problems. diff --git a/codecoverage.sh.off b/codecoverage.sh.off index a3fd90de..2ff63b4f 100755 --- a/codecoverage.sh.off +++ b/codecoverage.sh.off @@ -23,7 +23,7 @@ INSTALLDIR=/tmp/curlcov_install # if there have been earlier mainline runs locally if [[ -d .deps/ && -f Makefile ]] then - make distclean + make distclean fi # Install openssl diff --git a/curl_fuzzer.h b/curl_fuzzer.h index b55a29c8..1e13d710 100644 --- a/curl_fuzzer.h +++ b/curl_fuzzer.h @@ -26,60 +26,60 @@ /** * TLV types. */ -#define TLV_TYPE_URL 1 -#define TLV_TYPE_RESPONSE0 2 -#define TLV_TYPE_USERNAME 3 -#define TLV_TYPE_PASSWORD 4 -#define TLV_TYPE_POSTFIELDS 5 -#define TLV_TYPE_HEADER 6 -#define TLV_TYPE_COOKIE 7 -#define TLV_TYPE_UPLOAD1 8 -#define TLV_TYPE_RANGE 9 -#define TLV_TYPE_CUSTOMREQUEST 10 -#define TLV_TYPE_MAIL_RECIPIENT 11 -#define TLV_TYPE_MAIL_FROM 12 -#define TLV_TYPE_MIME_PART 13 -#define TLV_TYPE_MIME_PART_NAME 14 -#define TLV_TYPE_MIME_PART_DATA 15 -#define TLV_TYPE_HTTPAUTH 16 -#define TLV_TYPE_RESPONSE1 17 -#define TLV_TYPE_RESPONSE2 18 -#define TLV_TYPE_RESPONSE3 19 -#define TLV_TYPE_RESPONSE4 20 -#define TLV_TYPE_RESPONSE5 21 -#define TLV_TYPE_RESPONSE6 22 -#define TLV_TYPE_RESPONSE7 23 -#define TLV_TYPE_RESPONSE8 24 -#define TLV_TYPE_RESPONSE9 25 -#define TLV_TYPE_RESPONSE10 26 -#define TLV_TYPE_OPTHEADER 27 -#define TLV_TYPE_NOBODY 28 -#define TLV_TYPE_FOLLOWLOCATION 29 -#define TLV_TYPE_ACCEPTENCODING 30 -#define TLV_TYPE_SECOND_RESPONSE0 31 -#define TLV_TYPE_SECOND_RESPONSE1 32 -#define TLV_TYPE_WILDCARDMATCH 33 -#define TLV_TYPE_RTSP_REQUEST 34 -#define TLV_TYPE_RTSP_SESSION_ID 35 -#define TLV_TYPE_RTSP_STREAM_URI 36 -#define TLV_TYPE_RTSP_TRANSPORT 37 -#define TLV_TYPE_RTSP_CLIENT_CSEQ 38 -#define TLV_TYPE_MAIL_AUTH 39 -#define TLV_TYPE_HTTP_VERSION 40 -#define TLV_TYPE_DOH_URL 41 -#define TLV_TYPE_LOGIN_OPTIONS 42 -#define TLV_TYPE_XOAUTH2_BEARER 43 -#define TLV_TYPE_USERPWD 44 -#define TLV_TYPE_USERAGENT 45 -#define TLV_TYPE_NETRC 46 -#define TLV_TYPE_SSH_HOST_PUBLIC_KEY_SHA256 47 -#define TLV_TYPE_POST 48 -#define TLV_TYPE_WS_OPTIONS 49 -#define TLV_TYPE_CONNECT_ONLY 50 -#define TLV_TYPE_HSTS 51 -#define TLV_TYPE_HTTPPOSTBODY 52 -#define TLV_TYPE_PROXY 53 -#define TLV_TYPE_PROXYTYPE 54 +#define TLV_TYPE_URL 1 +#define TLV_TYPE_RESPONSE0 2 +#define TLV_TYPE_USERNAME 3 +#define TLV_TYPE_PASSWORD 4 +#define TLV_TYPE_POSTFIELDS 5 +#define TLV_TYPE_HEADER 6 +#define TLV_TYPE_COOKIE 7 +#define TLV_TYPE_UPLOAD1 8 +#define TLV_TYPE_RANGE 9 +#define TLV_TYPE_CUSTOMREQUEST 10 +#define TLV_TYPE_MAIL_RECIPIENT 11 +#define TLV_TYPE_MAIL_FROM 12 +#define TLV_TYPE_MIME_PART 13 +#define TLV_TYPE_MIME_PART_NAME 14 +#define TLV_TYPE_MIME_PART_DATA 15 +#define TLV_TYPE_HTTPAUTH 16 +#define TLV_TYPE_RESPONSE1 17 +#define TLV_TYPE_RESPONSE2 18 +#define TLV_TYPE_RESPONSE3 19 +#define TLV_TYPE_RESPONSE4 20 +#define TLV_TYPE_RESPONSE5 21 +#define TLV_TYPE_RESPONSE6 22 +#define TLV_TYPE_RESPONSE7 23 +#define TLV_TYPE_RESPONSE8 24 +#define TLV_TYPE_RESPONSE9 25 +#define TLV_TYPE_RESPONSE10 26 +#define TLV_TYPE_OPTHEADER 27 +#define TLV_TYPE_NOBODY 28 +#define TLV_TYPE_FOLLOWLOCATION 29 +#define TLV_TYPE_ACCEPTENCODING 30 +#define TLV_TYPE_SECOND_RESPONSE0 31 +#define TLV_TYPE_SECOND_RESPONSE1 32 +#define TLV_TYPE_WILDCARDMATCH 33 +#define TLV_TYPE_RTSP_REQUEST 34 +#define TLV_TYPE_RTSP_SESSION_ID 35 +#define TLV_TYPE_RTSP_STREAM_URI 36 +#define TLV_TYPE_RTSP_TRANSPORT 37 +#define TLV_TYPE_RTSP_CLIENT_CSEQ 38 +#define TLV_TYPE_MAIL_AUTH 39 +#define TLV_TYPE_HTTP_VERSION 40 +#define TLV_TYPE_DOH_URL 41 +#define TLV_TYPE_LOGIN_OPTIONS 42 +#define TLV_TYPE_XOAUTH2_BEARER 43 +#define TLV_TYPE_USERPWD 44 +#define TLV_TYPE_USERAGENT 45 +#define TLV_TYPE_NETRC 46 +#define TLV_TYPE_SSH_HOST_PUBLIC_KEY_SHA256 47 +#define TLV_TYPE_POST 48 +#define TLV_TYPE_WS_OPTIONS 49 +#define TLV_TYPE_CONNECT_ONLY 50 +#define TLV_TYPE_HSTS 51 +#define TLV_TYPE_HTTPPOSTBODY 52 +#define TLV_TYPE_PROXY 53 +#define TLV_TYPE_PROXYTYPE 54 #define TLV_TYPE_PROXYUSERPWD 100 #define TLV_TYPE_REFERER 101 @@ -274,25 +274,25 @@ #define MAXIMUM_WRITE_LENGTH 52428800 /* convenience string for HTTPPOST body name */ -#define FUZZ_HTTPPOST_NAME "test" +#define FUZZ_HTTPPOST_NAME "test" /* Cookie-jar WRITE (CURLOPT_COOKIEJAR) path. */ #define FUZZ_COOKIE_JAR_PATH "/dev/null" /* Cookie-jar READ (CURLOPT_COOKIEFILE) path. */ -#define FUZZ_RO_COOKIE_FILE_PATH "/dev/null" +#define FUZZ_RO_COOKIE_FILE_PATH "/dev/null" /* Alt-Svc header cache path */ -#define FUZZ_ALT_SVC_HEADER_CACHE_PATH "/dev/null" +#define FUZZ_ALT_SVC_HEADER_CACHE_PATH "/dev/null" /* HSTS header cache path */ -#define FUZZ_HSTS_HEADER_CACHE_PATH "/dev/null" +#define FUZZ_HSTS_HEADER_CACHE_PATH "/dev/null" /* Certificate Revocation List file path */ -#define FUZZ_CRL_FILE_PATH "/dev/null" +#define FUZZ_CRL_FILE_PATH "/dev/null" /* .netrc file path */ -#define FUZZ_NETRC_FILE_PATH "/dev/null" +#define FUZZ_NETRC_FILE_PATH "/dev/null" /* Number of supported responses */ #define TLV_MAX_NUM_RESPONSES 11 diff --git a/curl_fuzzer_tlv.cc b/curl_fuzzer_tlv.cc index 5753da2a..5aae1aa8 100644 --- a/curl_fuzzer_tlv.cc +++ b/curl_fuzzer_tlv.cc @@ -462,10 +462,10 @@ void fuzz_setup_http_post(FUZZ_DATA *fuzz, TLV *tlv) * for lots of others which could be added here. */ curl_formadd(&post, &last, - CURLFORM_COPYNAME, FUZZ_HTTPPOST_NAME, - CURLFORM_PTRCONTENTS, fuzz->post_body, - CURLFORM_CONTENTLEN, (curl_off_t) strlen(fuzz->post_body), - CURLFORM_END); + CURLFORM_COPYNAME, FUZZ_HTTPPOST_NAME, + CURLFORM_PTRCONTENTS, fuzz->post_body, + CURLFORM_CONTENTLEN, (curl_off_t) strlen(fuzz->post_body), + CURLFORM_END); fuzz->last_post_part = last; fuzz->httppost = post; diff --git a/fuzz_bufq.h b/fuzz_bufq.h index 70635544..e1adbe20 100644 --- a/fuzz_bufq.h +++ b/fuzz_bufq.h @@ -49,4 +49,4 @@ #define FV_PRINTF(verbose, ...) \ if(!!(verbose)) { \ printf(__VA_ARGS__); \ - } \ No newline at end of file + } diff --git a/fuzz_url.cc b/fuzz_url.cc index 50f51aa4..7a0214d0 100644 --- a/fuzz_url.cc +++ b/fuzz_url.cc @@ -53,4 +53,3 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) /* This function must always return 0. Non-zero codes are reserved. */ return 0; } - diff --git a/ossconfig/http.dict b/ossconfig/http.dict index 57b7b437..0afa0b4e 100644 --- a/ossconfig/http.dict +++ b/ossconfig/http.dict @@ -38,4 +38,3 @@ "Pragma:" "no-cache" "Host:" - diff --git a/testinput.h b/testinput.h index 7043dd10..2820e417 100644 --- a/testinput.h +++ b/testinput.h @@ -21,4 +21,4 @@ ***************************************************************************/ #include -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); \ No newline at end of file +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); From 6297e70990f9a6a929a6365c1c7c4177b713efbe Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Mon, 27 Oct 2025 07:58:44 +0100 Subject: [PATCH 81/86] debug 2 --- .github/workflows/ci.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c6d6b863..37f4346f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -52,6 +52,19 @@ jobs: dry-run: false keep-unaffected-fuzz-targets: true + - name: What is on the disk (pwd) + run: | + echo '---------------------' + pwd + find . -type d + echo '---------------------' + + - name: What is on the disk (home) + run: | + echo '---------------------' + find ~ -type d + echo '---------------------' + # Archive the fuzzer output (which maintains permissions) - name: Create fuzz tar run: tar cvf fuzz.tar build-out/ @@ -85,6 +98,20 @@ jobs: oss-fuzz-project-name: 'curl' fuzz-seconds: 120 dry-run: false + + - name: What is on the disk (pwd) + run: | + echo '---------------------' + pwd + find . -type d + echo '---------------------' + + - name: What is on the disk (home) + run: | + echo '---------------------' + find ~ -type d + echo '---------------------' + - name: Upload Crash uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 if: ${{ failure() }} From d0ad1e9881f0d42641304c344b5612dbb15303c3 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Mon, 27 Oct 2025 08:21:17 +0100 Subject: [PATCH 82/86] Revert "debug 2" This reverts commit 6297e70990f9a6a929a6365c1c7c4177b713efbe. --- .github/workflows/ci.yml | 27 --------------------------- 1 file changed, 27 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 37f4346f..c6d6b863 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -52,19 +52,6 @@ jobs: dry-run: false keep-unaffected-fuzz-targets: true - - name: What is on the disk (pwd) - run: | - echo '---------------------' - pwd - find . -type d - echo '---------------------' - - - name: What is on the disk (home) - run: | - echo '---------------------' - find ~ -type d - echo '---------------------' - # Archive the fuzzer output (which maintains permissions) - name: Create fuzz tar run: tar cvf fuzz.tar build-out/ @@ -98,20 +85,6 @@ jobs: oss-fuzz-project-name: 'curl' fuzz-seconds: 120 dry-run: false - - - name: What is on the disk (pwd) - run: | - echo '---------------------' - pwd - find . -type d - echo '---------------------' - - - name: What is on the disk (home) - run: | - echo '---------------------' - find ~ -type d - echo '---------------------' - - name: Upload Crash uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 if: ${{ failure() }} From 688b83786e8b2530bfda30071e6cb46c55a1756a Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Mon, 27 Oct 2025 12:48:31 +0100 Subject: [PATCH 83/86] ossfuzzdeps.sh indent --- scripts/ossfuzzdeps.sh | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/scripts/ossfuzzdeps.sh b/scripts/ossfuzzdeps.sh index 425d6415..2ff5e149 100755 --- a/scripts/ossfuzzdeps.sh +++ b/scripts/ossfuzzdeps.sh @@ -22,15 +22,15 @@ fi # Download dependencies for oss-fuzz $SUDO apt-get -o Dpkg::Use-Pty=0 update $SUDO apt-get -o Dpkg::Use-Pty=0 install -y \ - make \ - autoconf \ - automake \ - libtool \ - libgmp-dev \ - libssl-dev \ - zlib1g-dev \ - pkg-config \ - wget \ - cmake \ - ninja-build \ - groff-base + make \ + autoconf \ + automake \ + libtool \ + libgmp-dev \ + libssl-dev \ + zlib1g-dev \ + pkg-config \ + wget \ + cmake \ + ninja-build \ + groff-base From eb4f36b8974604af786cf8cd22ba158fc4485716 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Mon, 27 Oct 2025 13:55:27 +0100 Subject: [PATCH 84/86] bash: sync up indent spaces between files (to 2) --- scripts/compile_target.sh | 12 ++++++------ scripts/ossfuzzdeps.sh | 36 ++++++++++++++++++------------------ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/scripts/compile_target.sh b/scripts/compile_target.sh index 1c659f36..7cd27ba5 100755 --- a/scripts/compile_target.sh +++ b/scripts/compile_target.sh @@ -32,11 +32,11 @@ export BUILD_ROOT; BUILD_ROOT=$(readlink -f "${SCRIPTDIR}/..") # - Compile with -O0 so that DEBUGASSERTs can be debugged in gdb. if [[ -n ${GDBMODE:-} ]] then - export CFLAGS="${CFLAGS:-} -O0" - export CXXFLAGS="${CXXFLAGS:-} -O0" - CMAKE_GDB_FLAG="-DBUILD_GDB=ON" + export CFLAGS="${CFLAGS:-} -O0" + export CXXFLAGS="${CXXFLAGS:-} -O0" + CMAKE_GDB_FLAG="-DBUILD_GDB=ON" else - CMAKE_GDB_FLAG="-DBUILD_GDB=OFF" + CMAKE_GDB_FLAG="-DBUILD_GDB=OFF" fi echo "BUILD_ROOT: $BUILD_ROOT" @@ -50,9 +50,9 @@ echo "ARCHITECTURE: ${ARCHITECTURE:-undefined}" if [[ "${ARCHITECTURE:-}" == "i386" ]] then - CMAKE_VERBOSE_FLAG="-v" + CMAKE_VERBOSE_FLAG="-v" else - CMAKE_VERBOSE_FLAG="" + CMAKE_VERBOSE_FLAG="" fi export MAKEFLAGS; MAKEFLAGS+=" -s -j$(($(nproc) + 0))" diff --git a/scripts/ossfuzzdeps.sh b/scripts/ossfuzzdeps.sh index 2ff5e149..30eb07d4 100755 --- a/scripts/ossfuzzdeps.sh +++ b/scripts/ossfuzzdeps.sh @@ -10,27 +10,27 @@ set -ex # Work out if we need to install with sudo or not. if [[ $(id -u) -eq 0 ]] then - # We are root, so we can install without sudo. - echo "Running as root, no sudo required." - export SUDO="" + # We are root, so we can install without sudo. + echo "Running as root, no sudo required." + export SUDO="" else - # We are not root, so we need to use sudo. - echo "Running as non-root, using sudo." - export SUDO="sudo" + # We are not root, so we need to use sudo. + echo "Running as non-root, using sudo." + export SUDO="sudo" fi # Download dependencies for oss-fuzz $SUDO apt-get -o Dpkg::Use-Pty=0 update $SUDO apt-get -o Dpkg::Use-Pty=0 install -y \ - make \ - autoconf \ - automake \ - libtool \ - libgmp-dev \ - libssl-dev \ - zlib1g-dev \ - pkg-config \ - wget \ - cmake \ - ninja-build \ - groff-base + make \ + autoconf \ + automake \ + libtool \ + libgmp-dev \ + libssl-dev \ + zlib1g-dev \ + pkg-config \ + wget \ + cmake \ + ninja-build \ + groff-base From 4692da0267924f6db153d0e86df8a6ad62c07e91 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Mon, 27 Oct 2025 14:01:05 +0100 Subject: [PATCH 85/86] cmake: unfold externalproject name to the ExternalProject_Add line for greppability --- CMakeLists.txt | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 59701e25..5a51c4f2 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -18,8 +18,7 @@ set(ZLIB_URL https://zlib.net/zlib-${ZLIB_VERSION}.tar.xz set(ZLIB_INSTALL_DIR ${CMAKE_BINARY_DIR}/zlib-install) set(ZLIB_STATIC_LIB ${ZLIB_INSTALL_DIR}/lib/libz.a) -ExternalProject_Add( - zlib_external +ExternalProject_Add(zlib_external URL ${ZLIB_URL} PREFIX ${CMAKE_BINARY_DIR}/zlib CONFIGURE_COMMAND /configure --static --prefix=${ZLIB_INSTALL_DIR} @@ -37,8 +36,7 @@ set(ZSTD_URL https://github.com/facebook/zstd/releases/download/v${ZSTD_VERSION} set(ZSTD_INSTALL_DIR ${CMAKE_BINARY_DIR}/zstd-install) set(ZSTD_STATIC_LIB ${ZSTD_INSTALL_DIR}/lib/libzstd.a) -ExternalProject_Add( - zstd_external +ExternalProject_Add(zstd_external URL ${ZSTD_URL} PREFIX ${CMAKE_BINARY_DIR}/zstd SOURCE_SUBDIR build/cmake @@ -106,8 +104,7 @@ if(NOT "$ENV{SANITIZER}" STREQUAL "memory") $ENV{OPENSSLFLAGS} ) - ExternalProject_Add( - openssl_external + ExternalProject_Add(openssl_external URL ${OPENSSL_URL} PREFIX ${CMAKE_BINARY_DIR}/openssl CONFIGURE_COMMAND ${OPENSSL_CONFIGURE_COMMAND} @@ -141,8 +138,7 @@ set(NGHTTP2_URL https://github.com/nghttp2/nghttp2/releases/download/v${NGHTTP2_ set(NGHTTP2_INSTALL_DIR ${CMAKE_BINARY_DIR}/nghttp2-install) set(NGHTTP2_STATIC_LIB ${NGHTTP2_INSTALL_DIR}/lib/libnghttp2.a) -ExternalProject_Add( - nghttp2_external +ExternalProject_Add(nghttp2_external URL ${NGHTTP2_URL} PREFIX ${CMAKE_BINARY_DIR}/nghttp2 CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${NGHTTP2_INSTALL_DIR} -DBUILD_STATIC_LIBS=ON -DBUILD_SHARED_LIBS=OFF @@ -164,8 +160,7 @@ set(LIBIDN2_URL https://ftp.gnu.org/gnu/libidn/libidn2-${LIBIDN2_VERSION}.tar.gz set(LIBIDN2_INSTALL_DIR ${CMAKE_BINARY_DIR}/libidn2-install) set(LIBIDN2_STATIC_LIB ${LIBIDN2_INSTALL_DIR}/lib/libidn2.a) -ExternalProject_Add( - libidn2_external +ExternalProject_Add(libidn2_external URL ${LIBIDN2_URL} PREFIX ${CMAKE_BINARY_DIR}/libidn2 CONFIGURE_COMMAND ./configure --disable-dependency-tracking --prefix=${LIBIDN2_INSTALL_DIR} --disable-shared --enable-static @@ -184,8 +179,7 @@ set(GDB_INSTALL_DIR ${CMAKE_BINARY_DIR}/gdb-install) option(BUILD_GDB "Build GDB as an external project" OFF) if(BUILD_GDB) - ExternalProject_Add( - gdb_external + ExternalProject_Add(gdb_external URL ${GDB_URL} PREFIX ${CMAKE_BINARY_DIR}/gdb CONFIGURE_COMMAND ./configure --disable-dependency-tracking --prefix=${GDB_INSTALL_DIR} @@ -204,8 +198,7 @@ set(OPENLDAP_INSTALL_DIR ${CMAKE_BINARY_DIR}/openldap-install) set(OPENLDAP_STATIC_LIB_LDAP ${OPENLDAP_INSTALL_DIR}/lib/libldap.a) set(OPENLDAP_STATIC_LIB_LBER ${OPENLDAP_INSTALL_DIR}/lib/liblber.a) -ExternalProject_Add( - openldap_external +ExternalProject_Add(openldap_external URL ${OPENLDAP_URL} PREFIX ${CMAKE_BINARY_DIR}/openldap CONFIGURE_COMMAND ./configure --prefix=${OPENLDAP_INSTALL_DIR} --disable-shared --enable-static --without-tls --disable-slapd @@ -278,8 +271,7 @@ set(CURL_POST_INSTALL_COMMAND # if(NOT "$ENV{CURL_SOURCE_DIR}" STREQUAL "") message(STATUS "Building curl from source directory: $ENV{CURL_SOURCE_DIR}") - ExternalProject_Add( - curl_external + ExternalProject_Add(curl_external SOURCE_DIR $ENV{CURL_SOURCE_DIR} PATCH_COMMAND ${CMAKE_COMMAND} -E echo "pre-build commands" ${CURL_POST_INSTALL_COMMAND} @@ -289,8 +281,7 @@ if(NOT "$ENV{CURL_SOURCE_DIR}" STREQUAL "") else() message(STATUS "Building curl from git master") set(CURL_URL "https://github.com/curl/curl") - ExternalProject_Add( - curl_external + ExternalProject_Add(curl_external GIT_REPOSITORY ${CURL_URL} GIT_SHALLOW 1 PREFIX ${CMAKE_BINARY_DIR}/curl From 96a3b03c0bf1251461c15464b99a789368ed39e7 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Mon, 27 Oct 2025 14:04:22 +0100 Subject: [PATCH 86/86] cmake make zlib configure path relative, syncing with the others --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 5a51c4f2..03e239ff 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -21,7 +21,7 @@ set(ZLIB_STATIC_LIB ${ZLIB_INSTALL_DIR}/lib/libz.a) ExternalProject_Add(zlib_external URL ${ZLIB_URL} PREFIX ${CMAKE_BINARY_DIR}/zlib - CONFIGURE_COMMAND /configure --static --prefix=${ZLIB_INSTALL_DIR} + CONFIGURE_COMMAND ./configure --static --prefix=${ZLIB_INSTALL_DIR} BUILD_IN_SOURCE 1 BUILD_BYPRODUCTS ${ZLIB_STATIC_LIB} DOWNLOAD_EXTRACT_TIMESTAMP TRUE