From 8e13bd799a79fd78ba55002f588b83813e70a4ca Mon Sep 17 00:00:00 2001 From: Leilei Zhang Date: Fri, 13 Dec 2024 16:46:31 +0800 Subject: [PATCH 1/7] add fuzz --- .pipelines/v2/oneFuzz.yml | 56 +++++++++++++++++++ .pipelines/v2/templates/job-fuzz.yml | 35 ++++++++++++ .pipelines/verifyDepsJsonLibraryVersions.ps1 | 2 +- PowerToys.sln | 15 +++++ .../AdvancedPaste.FuzzTests.csproj | 26 +++++++++ .../AdvancedPaste.FuzzTests/FuzzTests.cs | 21 +++++++ .../AdvancedPaste.FuzzTests/Logger.cs | 46 +++++++++++++++ .../AdvancedPaste.FuzzTests/MSTestSettings.cs | 5 ++ .../OneFuzzConfig.json | 47 ++++++++++++++++ 9 files changed, 252 insertions(+), 1 deletion(-) create mode 100644 .pipelines/v2/oneFuzz.yml create mode 100644 .pipelines/v2/templates/job-fuzz.yml create mode 100644 src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/AdvancedPaste.FuzzTests.csproj create mode 100644 src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/FuzzTests.cs create mode 100644 src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/Logger.cs create mode 100644 src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/MSTestSettings.cs create mode 100644 src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/OneFuzzConfig.json diff --git a/.pipelines/v2/oneFuzz.yml b/.pipelines/v2/oneFuzz.yml new file mode 100644 index 000000000000..c3aa3d9865e2 --- /dev/null +++ b/.pipelines/v2/oneFuzz.yml @@ -0,0 +1,56 @@ +pr: none +trigger: none + +schedules: + - cron: "0 0 * * *" + displayName: Daily fuzzing submission + branches: + include: + - main + always: true +name: $(BuildDefinitionName)_$(date:yyMM).$(date:dd)$(rev:rrr) + +parameters: + - name: platform + type: string + default: x64 # for fuzzing, we only use x64 for now + - name: enableMsBuildCaching + type: boolean + displayName: "Enable MSBuild Caching" + default: false + - name: useVSPreview + type: boolean + displayName: "Build Using Visual Studio Preview" + default: false + +stages: + - stage: Build_${{ parameters.platform }} + displayName: Build ${{ parameters.platform }} + jobs: + - template: templates/job-build-project.yml + parameters: + pool: + ${{ if eq(variables['System.CollectionId'], 'cb55739e-4afe-46a3-970f-1b49d8ee7564') }}: + name: SHINE-INT-L + ${{ else }}: + name: SHINE-OSS-L + ${{ if eq(parameters.useVSPreview, true) }}: + demands: ImageOverride -equals SHINE-VS17-Preview + buildPlatforms: + - ${{ parameters.platform }} + buildConfigurations: [Release] + enablePackageCaching: true + enableMsBuildCaching: ${{ parameters.enableMsBuildCaching }} + runTests: true + useVSPreview: ${{ parameters.useVSPreview }} + + - stage: OneFuzz + displayName: Fuzz ${{ parameters.platform }} + dependsOn: + - Build_${{parameters.platform}} + jobs: + - template: templates/job-fuzz.yml + parameters: + platform: ${{ parameters.platform }} + configuration: Release + inputArtifactStem: "" diff --git a/.pipelines/v2/templates/job-fuzz.yml b/.pipelines/v2/templates/job-fuzz.yml new file mode 100644 index 000000000000..621bf83a2074 --- /dev/null +++ b/.pipelines/v2/templates/job-fuzz.yml @@ -0,0 +1,35 @@ +parameters: + - name: configuration + type: string + default: "Release" + - name: platform + type: string + default: "" + - name: inputArtifactStem + type: string + default: "" + +jobs: + - job: OneFuzz + pool: + vmImage: windows-2022 + + steps: + - checkout: self + submodules: false + clean: true + fetchDepth: 1 + fetchTags: false + + - download: current + displayName: Download artifacts + artifact: build-${{ parameters.platform }}-${{ parameters.configuration }}${{ parameters.inputArtifactStem }} + patterns: |- + **/tests/*.FuzzTests/** + + - task: onefuzz-task@0 + inputs: + onefuzzOSes: Windows + env: + onefuzzDropDirectory: $(Pipeline.Workspace)\build-${{ parameters.platform }}-${{ parameters.configuration }}${{ parameters.inputArtifactStem }}\x64\Release\x64\Release\tests + SYSTEM_ACCESSTOKEN: $(System.AccessToken) diff --git a/.pipelines/verifyDepsJsonLibraryVersions.ps1 b/.pipelines/verifyDepsJsonLibraryVersions.ps1 index 7d5fc02c1095..3837514b4667 100644 --- a/.pipelines/verifyDepsJsonLibraryVersions.ps1 +++ b/.pipelines/verifyDepsJsonLibraryVersions.ps1 @@ -15,7 +15,7 @@ Param( $referencedFileVersionsPerDll = @{} $totalFailures = 0 -Get-ChildItem $targetDir -Recurse -Filter *.deps.json -Exclude UITests-FancyZones*,MouseJump.Common.UnitTests* | ForEach-Object { +Get-ChildItem $targetDir -Recurse -Filter *.deps.json -Exclude UITests-FancyZones*,MouseJump.Common.UnitTests*,AdvancedPaste.FuzzTests* | ForEach-Object { # Temporarily exclude FancyZones UI tests because of Appium.WebDriver dependencies $depsJsonFullFileName = $_.FullName $depsJsonFileName = $_.Name diff --git a/PowerToys.sln b/PowerToys.sln index 1e0926876f74..a3101d8fac5c 100644 --- a/PowerToys.sln +++ b/PowerToys.sln @@ -637,6 +637,8 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "NewPlus.ShellExtension.win1 EndProject Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AdvancedPaste.UnitTests", "src\modules\AdvancedPaste\AdvancedPaste.UnitTests\AdvancedPaste.UnitTests.csproj", "{D5E5F5EA-1B6C-4A73-88BE-304F36C9E4EE}" EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AdvancedPaste.FuzzTests", "src\modules\AdvancedPaste\AdvancedPaste.FuzzTests\AdvancedPaste.FuzzTests.csproj", "{7F5B9557-5878-4438-A721-3E28296BA193}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|ARM64 = Debug|ARM64 @@ -2821,6 +2823,18 @@ Global {D5E5F5EA-1B6C-4A73-88BE-304F36C9E4EE}.Release|x64.Build.0 = Release|x64 {D5E5F5EA-1B6C-4A73-88BE-304F36C9E4EE}.Release|x86.ActiveCfg = Release|x64 {D5E5F5EA-1B6C-4A73-88BE-304F36C9E4EE}.Release|x86.Build.0 = Release|x64 + {7F5B9557-5878-4438-A721-3E28296BA193}.Debug|ARM64.ActiveCfg = Debug|ARM64 + {7F5B9557-5878-4438-A721-3E28296BA193}.Debug|ARM64.Build.0 = Debug|ARM64 + {7F5B9557-5878-4438-A721-3E28296BA193}.Debug|x64.ActiveCfg = Debug|x64 + {7F5B9557-5878-4438-A721-3E28296BA193}.Debug|x64.Build.0 = Debug|x64 + {7F5B9557-5878-4438-A721-3E28296BA193}.Debug|x86.ActiveCfg = Debug|x64 + {7F5B9557-5878-4438-A721-3E28296BA193}.Debug|x86.Build.0 = Debug|x64 + {7F5B9557-5878-4438-A721-3E28296BA193}.Release|ARM64.ActiveCfg = Release|ARM64 + {7F5B9557-5878-4438-A721-3E28296BA193}.Release|ARM64.Build.0 = Release|ARM64 + {7F5B9557-5878-4438-A721-3E28296BA193}.Release|x64.ActiveCfg = Release|x64 + {7F5B9557-5878-4438-A721-3E28296BA193}.Release|x64.Build.0 = Release|x64 + {7F5B9557-5878-4438-A721-3E28296BA193}.Release|x86.ActiveCfg = Release|x64 + {7F5B9557-5878-4438-A721-3E28296BA193}.Release|x86.Build.0 = Release|x64 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE @@ -3055,6 +3069,7 @@ Global {89D0E199-B17A-418C-B2F8-7375B6708357} = {A2221D7E-55E7-4BEA-90D1-4F162D670BBF} {0DB0F63A-D2F8-4DA3-A650-2D0B8724218E} = {CA716AE6-FE5C-40AC-BB8F-2C87912687AC} {D5E5F5EA-1B6C-4A73-88BE-304F36C9E4EE} = {9873BA05-4C41-4819-9283-CF45D795431B} + {7F5B9557-5878-4438-A721-3E28296BA193} = {9873BA05-4C41-4819-9283-CF45D795431B} EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {C3A2F9D1-7930-4EF4-A6FC-7EE0A99821D0} diff --git a/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/AdvancedPaste.FuzzTests.csproj b/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/AdvancedPaste.FuzzTests.csproj new file mode 100644 index 000000000000..f22ee39381d4 --- /dev/null +++ b/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/AdvancedPaste.FuzzTests.csproj @@ -0,0 +1,26 @@ + + + net8.0-windows10.0.19041.0 + latest + enable + enable + + + ..\..\..\..\$(Platform)\$(Configuration)\tests\AdvancedPaste.FuzzTests\ + + + + + + + + + + + + + + PreserveNewest + + + diff --git a/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/FuzzTests.cs b/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/FuzzTests.cs new file mode 100644 index 000000000000..0c774a4dfb6b --- /dev/null +++ b/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/FuzzTests.cs @@ -0,0 +1,21 @@ +// Copyright (c) Microsoft Corporation +// The Microsoft Corporation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +using AdvancedPaste.Helpers; +using Windows.ApplicationModel.DataTransfer; + +// OneFuzz currently does not support .NET 9 code testing, so this is a temporary solution. +// Create a .NET 8 project and use a file link to include the code for testing first. +namespace AdvancedPaste.FuzzTests +{ + public class FuzzTests + { + public static void FuzzToJsonFromXmlOrCsv(ReadOnlySpan input) + { + var dataPackage = new DataPackage(); + dataPackage.SetText(input.ToString()); + _ = Task.Run(async () => await JsonHelper.ToJsonFromXmlOrCsvAsync(dataPackage.GetView())).Result; + } + } +} diff --git a/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/Logger.cs b/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/Logger.cs new file mode 100644 index 000000000000..4f47fe5713e8 --- /dev/null +++ b/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/Logger.cs @@ -0,0 +1,46 @@ +// Copyright (c) Microsoft Corporation +// The Microsoft Corporation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; +using System.Threading.Tasks; + +// This is used for fuzz testing and ensures that the project links only to JsonHelper, +// avoiding unnecessary connections to additional files +namespace ManagedCommon +{ + public static class Logger + { + // An empty method to simulate logging information + public static void LogTrace() + { + // Do nothing + } + + // An empty method to simulate logging information + public static void LogInfo(string message) + { + // Do nothing + } + + // An empty method to simulate logging warnings + public static void LogWarning(string message) + { + // Do nothing + } + + // An empty method to simulate logging errors + public static void LogError(string message, Exception? ex = null) + { + // Do nothing + } + + public static void LogDebug(string message, Exception? ex = null) + { + // Do nothing + } + } +} diff --git a/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/MSTestSettings.cs b/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/MSTestSettings.cs new file mode 100644 index 000000000000..5b05c0b86e3f --- /dev/null +++ b/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/MSTestSettings.cs @@ -0,0 +1,5 @@ +// Copyright (c) Microsoft Corporation +// The Microsoft Corporation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +[assembly: Parallelize(Scope = ExecutionScope.MethodLevel)] diff --git a/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/OneFuzzConfig.json b/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/OneFuzzConfig.json new file mode 100644 index 000000000000..41bdc8c58ad2 --- /dev/null +++ b/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/OneFuzzConfig.json @@ -0,0 +1,47 @@ +{ + "configVersion": 3, + "entries": [ + { + "fuzzer": { + "$type": "libfuzzerDotNet", + "dll": "AdvancedPaste.FuzzTests.dll", + "class": "AdvancedPaste.FuzzTests.FuzzTests", + "method": "FuzzToJsonFromXmlOrCsv", + "FuzzingTargetBinaries": [ + "PowerToys.AdvancedPaste.dll" + ] + }, + "adoTemplate": { + // supply the values appropriate to your + // project, where bugs will be filed + "org": "microsoft", + "project": "OS", + "AssignedTo": "leilzh@microsoft.com", + "AreaPath": "OS\\Windows Client and Services\\WinPD\\DEEP-Developer Experience, Ecosystem and Partnerships\\SHINE\\PowerToys", + "IterationPath": "OS\\Future" + }, + "jobNotificationEmail": "leilzh@microsoft.com", + "skip": false, + "rebootAfterSetup": false, + "oneFuzzJobs": [ + // at least one job is required + { + "projectName": "AdvancedPaste", + "targetName": "AdvancedPaste-dotnet-fuzzer" + } + ], + "jobDependencies": [ + // this should contain, at minimum, + // the DLL and PDB files + // you will need to add any other files required + // (globs are supported) + "AdvancedPaste.FuzzTests.dll", + "AdvancedPaste.FuzzTests.pdb", + "Microsoft.Windows.SDK.NET.dll", + "Newtonsoft.Json.dll", + "WinRT.Runtime.dll" + ], + "SdlWorkItemId": 49911822 + } + ] +} From ba0ee2611a032384f920a71d19217bba37bb8ac4 Mon Sep 17 00:00:00 2001 From: Leilei Zhang Date: Fri, 13 Dec 2024 17:32:57 +0800 Subject: [PATCH 2/7] install .net8 --- .pipelines/v2/templates/job-build-project.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.pipelines/v2/templates/job-build-project.yml b/.pipelines/v2/templates/job-build-project.yml index 1933b74e8de9..ff082d35379b 100644 --- a/.pipelines/v2/templates/job-build-project.yml +++ b/.pipelines/v2/templates/job-build-project.yml @@ -134,6 +134,11 @@ jobs: sdk: true version: '6.0' + - template: steps-ensure-dotnet-version.yml + parameters: + sdk: true + version: '8.0' + - template: steps-ensure-dotnet-version.yml parameters: sdk: true From 4b44684193ec3657626a84c71efae3804cd7c913 Mon Sep 17 00:00:00 2001 From: Leilei Zhang Date: Fri, 13 Dec 2024 18:01:07 +0800 Subject: [PATCH 3/7] add spelling check --- .github/actions/spell-check/allow/code.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/actions/spell-check/allow/code.txt b/.github/actions/spell-check/allow/code.txt index b9a7ad1d6349..755d80ce2de5 100644 --- a/.github/actions/spell-check/allow/code.txt +++ b/.github/actions/spell-check/allow/code.txt @@ -246,3 +246,9 @@ pwa AOT Aot + +# YML +onefuzz + +# NameInCode +leilzh From a04a2f3db02c2b095c588b971b3e4d391da81b8f Mon Sep 17 00:00:00 2001 From: Leilei Zhang Date: Mon, 16 Dec 2024 11:12:36 +0800 Subject: [PATCH 4/7] refine the pipeline --- .pipelines/v2/oneFuzz.yml | 1 - .pipelines/v2/templates/job-fuzz.yml | 7 +++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.pipelines/v2/oneFuzz.yml b/.pipelines/v2/oneFuzz.yml index c3aa3d9865e2..4f70ce66a4f3 100644 --- a/.pipelines/v2/oneFuzz.yml +++ b/.pipelines/v2/oneFuzz.yml @@ -53,4 +53,3 @@ stages: parameters: platform: ${{ parameters.platform }} configuration: Release - inputArtifactStem: "" diff --git a/.pipelines/v2/templates/job-fuzz.yml b/.pipelines/v2/templates/job-fuzz.yml index 621bf83a2074..8efed710b167 100644 --- a/.pipelines/v2/templates/job-fuzz.yml +++ b/.pipelines/v2/templates/job-fuzz.yml @@ -9,6 +9,9 @@ parameters: type: string default: "" +variables: + ArtifactName: build-${{ parameters.platform }}-${{ parameters.configuration }}${{ parameters.inputArtifactStem }} + jobs: - job: OneFuzz pool: @@ -23,7 +26,7 @@ jobs: - download: current displayName: Download artifacts - artifact: build-${{ parameters.platform }}-${{ parameters.configuration }}${{ parameters.inputArtifactStem }} + artifact: $(ArtifactName) patterns: |- **/tests/*.FuzzTests/** @@ -31,5 +34,5 @@ jobs: inputs: onefuzzOSes: Windows env: - onefuzzDropDirectory: $(Pipeline.Workspace)\build-${{ parameters.platform }}-${{ parameters.configuration }}${{ parameters.inputArtifactStem }}\x64\Release\x64\Release\tests + onefuzzDropDirectory: $(Pipeline.Workspace)\$(ArtifactName)\x64\Release\x64\Release\tests SYSTEM_ACCESSTOKEN: $(System.AccessToken) From 8869578187a45d71d6e872d338fc2ffdacb2db72 Mon Sep 17 00:00:00 2001 From: Leilei Zhang Date: Mon, 16 Dec 2024 14:54:05 +0800 Subject: [PATCH 5/7] add readme and update the test code --- .pipelines/v2/templates/job-fuzz.yml | 6 +-- .../AdvancedPaste.FuzzTests/Fuzz.md | 45 +++++++++++++++++++ .../AdvancedPaste.FuzzTests/FuzzTests.cs | 17 +++++-- 3 files changed, 61 insertions(+), 7 deletions(-) create mode 100644 src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/Fuzz.md diff --git a/.pipelines/v2/templates/job-fuzz.yml b/.pipelines/v2/templates/job-fuzz.yml index 8efed710b167..b4e380194e65 100644 --- a/.pipelines/v2/templates/job-fuzz.yml +++ b/.pipelines/v2/templates/job-fuzz.yml @@ -9,14 +9,12 @@ parameters: type: string default: "" -variables: - ArtifactName: build-${{ parameters.platform }}-${{ parameters.configuration }}${{ parameters.inputArtifactStem }} - jobs: - job: OneFuzz pool: vmImage: windows-2022 - + variables: + ArtifactName: build-${{ parameters.platform }}-${{ parameters.configuration }}${{ parameters.inputArtifactStem }} steps: - checkout: self submodules: false diff --git a/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/Fuzz.md b/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/Fuzz.md new file mode 100644 index 000000000000..82f9b485d0ff --- /dev/null +++ b/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/Fuzz.md @@ -0,0 +1,45 @@ +# Fuzzing .NET Code with OneFuzz + +This document explains the purpose of the project, the rationale for using specific technologies, and key instructions for fuzz testing .NET code using OneFuzz. + +## Overview + +This project demonstrates fuzz testing for .NET applications. It uses a `.NET 8 (Windows)` project where a code file is linked to the project. The linked file contains the functions required for fuzz testing. + +## Why Use .NET 8 (Windows)? + +1. **Current Support**: At the time of writing, OneFuzz supports only .NET 8 projects. The Fuzz team is actively working on .NET 9 support. +2. **Interim Solution**: Until .NET 9 support is available, .NET 8 serves as a robust and temporary solution for fuzz testing, enabling direct code linking for efficient development. + +## Requesting Access + +To log into the production instance of OneFuzz with the CLI, you **must request access**. Visit the internal [OneFuzz Access Request Page](https://myaccess.microsoft.com/@microsoft.onmicrosoft.com#/access-packages/6df691eb-e3d1-444b-b4b2-9e944dc794be) for details. + +## How to Fuzz .NET Code + +To set up and run fuzz testing on .NET code, follow the detailed guide available [here](https://eng.ms/docs/cloud-ai-platform/azure-edge-platform-aep/aep-security/epsf-edge-and-platform-security-fundamentals/the-onefuzz-service/onefuzz/howto/fuzzing-dotnet-code). + +## Running a .NET Fuzz Target Locally + +Testing a .NET fuzz target locally requires specific configurations. For a step-by-step guide, see the section on [Running a .NET Fuzz Target Locally](https://eng.ms/docs/cloud-ai-platform/azure-edge-platform-aep/aep-security/epsf-edge-and-platform-security-fundamentals/the-onefuzz-service/onefuzz/howto/fuzzing-dotnet-code#extra-running-a-net-fuzz-target-locally). + +## Writing a Good OneFuzzConfig.json + +The `OneFuzzConfig.json` file provides critical information for deploying fuzzing jobs using the OneFuzz Ingestion Preparation Tool and Ingestion Service. + +### Structure + +The primary structure is an array of configuration entries. Outside the array, the `configVersion` field is used to track changes to the configuration schema. + +For more details on how to write and structure this file, see the [OneFuzzConfig V3 Documentation](https://eng.ms/docs/cloud-ai-platform/azure-edge-platform-aep/aep-security/epsf-edge-and-platform-security-fundamentals/the-onefuzz-service/onefuzz/onefuzzconfig/onefuzzconfigv3). + +## Tools + +### OneFuzz Ingestion Preparation (OIP) Tool + +The OIP tool helps prepare data for ingestion and fuzz testing. Learn more about it [here](https://eng.ms/docs/cloud-ai-platform/azure-edge-platform-aep/aep-security/epsf-edge-and-platform-security-fundamentals/the-onefuzz-service/onefuzz/oip/onefuzzingestionpreparationtool). + +### OneFuzz CLI + +The CLI provides commands to manage and execute fuzzing jobs. Download and set up the CLI by following this [guide](https://eng.ms/docs/cloud-ai-platform/azure-edge-platform-aep/aep-security/epsf-edge-and-platform-security-fundamentals/the-onefuzz-service/onefuzz/howto/downloading-cli). + diff --git a/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/FuzzTests.cs b/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/FuzzTests.cs index 0c774a4dfb6b..a23618862c78 100644 --- a/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/FuzzTests.cs +++ b/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/FuzzTests.cs @@ -13,9 +13,20 @@ public class FuzzTests { public static void FuzzToJsonFromXmlOrCsv(ReadOnlySpan input) { - var dataPackage = new DataPackage(); - dataPackage.SetText(input.ToString()); - _ = Task.Run(async () => await JsonHelper.ToJsonFromXmlOrCsvAsync(dataPackage.GetView())).Result; + try + { + var dataPackage = new DataPackage(); + dataPackage.SetText(input.ToString()); + _ = Task.Run(async () => await JsonHelper.ToJsonFromXmlOrCsvAsync(dataPackage.GetView())).Result; + } + catch (Exception ex) when (ex is ArgumentException) + { + // This is an example. It's important to filter out any *expected* exceptions from our code here. + // However, catching all exceptions is considered an anti-pattern because it may suppress legitimate + // issues, such as a NullReferenceException thrown by our code. In this case, we still re-throw + // the exception, as the ToJsonFromXmlOrCsvAsync method is not expected to throw any exceptions. + throw; + } } } } From 74a716b610ab147ddae95bc9a1ac3cab1c0cb90f Mon Sep 17 00:00:00 2001 From: Leilei Zhang Date: Mon, 16 Dec 2024 15:11:01 +0800 Subject: [PATCH 6/7] fix spelling error --- .github/actions/spell-check/allow/code.txt | 12 +++++++++++- .../AdvancedPaste/AdvancedPaste.FuzzTests/Fuzz.md | 4 ++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/actions/spell-check/allow/code.txt b/.github/actions/spell-check/allow/code.txt index 755d80ce2de5..8c53e5282757 100644 --- a/.github/actions/spell-check/allow/code.txt +++ b/.github/actions/spell-check/allow/code.txt @@ -78,7 +78,14 @@ sinclairinat stylecop uipi yinwang - +myaccess +onmicrosoft +aep +epsf +howto +onefuzzconfig +oip +onefuzzingestionpreparationtool # KEYS @@ -252,3 +259,6 @@ onefuzz # NameInCode leilzh + +#Tools +OIP diff --git a/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/Fuzz.md b/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/Fuzz.md index 82f9b485d0ff..7e83a77b8fa5 100644 --- a/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/Fuzz.md +++ b/src/modules/AdvancedPaste/AdvancedPaste.FuzzTests/Fuzz.md @@ -17,7 +17,7 @@ To log into the production instance of OneFuzz with the CLI, you **must request ## How to Fuzz .NET Code -To set up and run fuzz testing on .NET code, follow the detailed guide available [here](https://eng.ms/docs/cloud-ai-platform/azure-edge-platform-aep/aep-security/epsf-edge-and-platform-security-fundamentals/the-onefuzz-service/onefuzz/howto/fuzzing-dotnet-code). +To set up and run fuzz testing on .NET code, follow the detailed guide available [Fuzz .NET Code](https://eng.ms/docs/cloud-ai-platform/azure-edge-platform-aep/aep-security/epsf-edge-and-platform-security-fundamentals/the-onefuzz-service/onefuzz/howto/fuzzing-dotnet-code). ## Running a .NET Fuzz Target Locally @@ -37,7 +37,7 @@ For more details on how to write and structure this file, see the [OneFuzzConfig ### OneFuzz Ingestion Preparation (OIP) Tool -The OIP tool helps prepare data for ingestion and fuzz testing. Learn more about it [here](https://eng.ms/docs/cloud-ai-platform/azure-edge-platform-aep/aep-security/epsf-edge-and-platform-security-fundamentals/the-onefuzz-service/onefuzz/oip/onefuzzingestionpreparationtool). +The OIP tool helps prepare data for ingestion and fuzz testing. Learn more about [OneFuzz Ingestion Preparation (OIP) Tool](https://eng.ms/docs/cloud-ai-platform/azure-edge-platform-aep/aep-security/epsf-edge-and-platform-security-fundamentals/the-onefuzz-service/onefuzz/oip/onefuzzingestionpreparationtool). ### OneFuzz CLI From b08d25d4cf3bd5a1e4a7bbe4fff884145d44a744 Mon Sep 17 00:00:00 2001 From: Leilei Zhang Date: Tue, 17 Dec 2024 21:10:41 +0800 Subject: [PATCH 7/7] change to weekly run --- .pipelines/v2/oneFuzz.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pipelines/v2/oneFuzz.yml b/.pipelines/v2/oneFuzz.yml index 4f70ce66a4f3..2bcbf360503b 100644 --- a/.pipelines/v2/oneFuzz.yml +++ b/.pipelines/v2/oneFuzz.yml @@ -2,8 +2,8 @@ pr: none trigger: none schedules: - - cron: "0 0 * * *" - displayName: Daily fuzzing submission + - cron: "0 0 * * 1" + displayName: Weekly fuzzing submission branches: include: - main