From 755a8154abbe5649e1500744f02830dff7225980 Mon Sep 17 00:00:00 2001 From: Arne Welzel Date: Mon, 18 May 2026 23:21:59 +0200 Subject: [PATCH 1/2] Migrate zeek to Ubuntu 24.04 (#15522) The latest version in the master branch requires OpenSSL 3.0 or later which Ubuntu 20.04 doesn't contain. Bump the base_os_image to 24.04 and adapt the Dockerfile. --- projects/zeek/Dockerfile | 2 +- projects/zeek/build.sh | 10 ++++++++++ projects/zeek/project.yaml | 1 + 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/projects/zeek/Dockerfile b/projects/zeek/Dockerfile index 07a4d24e95c8..eebb3d1b0951 100644 --- a/projects/zeek/Dockerfile +++ b/projects/zeek/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder:ubuntu-24-04 RUN apt-get update && apt-get install -y --no-install-recommends \ bison \ diff --git a/projects/zeek/build.sh b/projects/zeek/build.sh index 4f38fec22766..d59d561655f2 100644 --- a/projects/zeek/build.sh +++ b/projects/zeek/build.sh @@ -56,6 +56,10 @@ for f in ${fuzzers}; do done copy_lib ${f} libpcap + copy_lib ${f} libibverbs + copy_lib ${f} libdbus + copy_lib ${f} libnl-3 + copy_lib ${f} libnl-route-3 copy_lib ${f} libssl copy_lib ${f} libcrypto copy_lib ${f} libz @@ -72,6 +76,12 @@ for f in ${fuzzers}; do # Make libzmq search for dependencies in $ORIGIN so it # has them available at runtime. patchelf --set-rpath '$ORIGIN' ${OUT}/lib/libzmq.so* + + # Do the same for libpcap and libibverbs. libpcap depends + # on the latter and that one depends on libnl-3 and + # libnl-route-3. + patchelf --set-rpath '$ORIGIN' ${OUT}/lib/libpcap.so* + patchelf --set-rpath '$ORIGIN' ${OUT}/lib/libibverbs.so* fi patchelf --set-rpath '$ORIGIN/lib' ${OUT}/${fuzzer_exe} diff --git a/projects/zeek/project.yaml b/projects/zeek/project.yaml index 38ebf3a925b9..56f397e20cff 100644 --- a/projects/zeek/project.yaml +++ b/projects/zeek/project.yaml @@ -1,3 +1,4 @@ +base_os_version: ubuntu-24-04 homepage: "https://www.zeek.org" language: c++ primary_contact: "security@zeek.org" From 93d61b16ff2fa3019d08933be05d7be28feec916 Mon Sep 17 00:00:00 2001 From: "Dexter.k" <164054284+rootvector2@users.noreply.github.com> Date: Tue, 19 May 2026 05:09:16 +0530 Subject: [PATCH 2/2] postcss: initial integration (#15468) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Initial OSS-Fuzz integration for [PostCSS](https://github.com/postcss/postcss), the JavaScript-based CSS parser/transformer. ## What this adds A new `projects/postcss/` directory with the standard four files: - `project.yaml` — `language: javascript`, `libfuzzer`, `none` sanitizer, `primary_contact: andrey@sitnik.es` (PostCSS author/maintainer). - `Dockerfile` — `FROM gcr.io/oss-fuzz-base/base-builder-javascript`, shallow-clones `https://github.com/postcss/postcss`, copies the fuzz target. - `build.sh` — installs runtime dependencies with `--omit=dev --legacy-peer-deps` (PostCSS's devDependencies have an unrelated TypeScript peer-dep conflict that doesn't affect the library's runtime behavior), then installs `@jazzer.js/core` and runs `compile_javascript_fuzzer`. - `fuzz_parse.js` — single fuzz target that uses `FuzzedDataProvider` to randomize parser options (`from`, `map`), then exercises: - `postcss.parse()` with the generated CSS - AST `walk()` and per-node `toString()` / `error()` (touches input/source-map machinery) - `parse → toString → re-parse` round-trip - `toJSON()` / `postcss.fromJSON()` round-trip - `postcss.list.comma` / `space` / `split` (CSS value list helpers with independent quoting/escape logic) Only `CssSyntaxError` is treated as expected; everything else propagates so real bugs surface. ## Why PostCSS PostCSS is a high-impact dependency in the JavaScript ecosystem (used by Tailwind, Autoprefixer, modern CSS Modules, Next.js, Vite, etc.). Any parser or stringifier bug has a wide blast radius across the front-end build chain. ## Local verification Built and ran via Docker on `linux/amd64`: - `compile_javascript_fuzzer` produces `/out/fuzz_parse` cleanly. - 5,000-run smoke: `cov 189 → 771`, `ft 189 → 1414`, corpus 106 entries, ~5,000 exec/s, no crashes. --- projects/postcss/Dockerfile | 32 +++++++++++++++++++++++++++++ projects/postcss/build.sh | 38 +++++++++++++++++++++++++++++++++++ projects/postcss/project.yaml | 8 ++++++++ 3 files changed, 78 insertions(+) create mode 100644 projects/postcss/Dockerfile create mode 100755 projects/postcss/build.sh create mode 100644 projects/postcss/project.yaml diff --git a/projects/postcss/Dockerfile b/projects/postcss/Dockerfile new file mode 100644 index 000000000000..ffcc6433de55 --- /dev/null +++ b/projects/postcss/Dockerfile @@ -0,0 +1,32 @@ +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder-javascript + +COPY build.sh $SRC/ + +# PostCSS's default branch is `main`. Pin it explicitly so the integration +# does not silently break if the default ever changes. The fuzzing harness +# (`test/fuzzing/fuzz_parse.js`) and its dictionary live in this repo, so +# they are picked up by the clone without a separate COPY step. +RUN git clone --depth 1 -b main https://github.com/postcss/postcss + +# postcss-parser-tests is the upstream-maintained collection of CSS test +# cases. We use its `cases/` directory as the seed corpus so the fuzzer +# starts mutating from real, parser-shaped inputs. +RUN git clone --depth 1 -b main https://github.com/postcss/postcss-parser-tests + +WORKDIR $SRC/postcss diff --git a/projects/postcss/build.sh b/projects/postcss/build.sh new file mode 100755 index 000000000000..4de4c702aa71 --- /dev/null +++ b/projects/postcss/build.sh @@ -0,0 +1,38 @@ +#!/bin/bash -eu +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Install runtime dependencies only. PostCSS's devDependencies pull in tools +# that have peer-dep conflicts and are unrelated to the library's runtime +# behavior, so we skip them. +npm install --omit=dev --ignore-scripts --legacy-peer-deps +npm install --save-dev --legacy-peer-deps @jazzer.js/core + +# Build a seed corpus from the upstream postcss-parser-tests CSS cases so +# the fuzzer starts mutating from realistic, parser-shaped inputs rather +# than from empty bytes. +mkdir -p "$WORK/seed_corpus" +cp "$SRC"/postcss-parser-tests/cases/*.css "$WORK/seed_corpus/" +(cd "$WORK/seed_corpus" && zip -q -r "$OUT/fuzz_parse_seed_corpus.zip" .) + +# Ship the CSS dictionary alongside the fuzzer so libFuzzer can splice in +# common CSS tokens during mutation. The dictionary lives in the upstream +# postcss repo under test/fuzzing/, so it is already present in the clone. +cp "$SRC/postcss/test/fuzzing/fuzz_parse.dict" "$OUT/fuzz_parse.dict" + +# Build Fuzzers. The harness lives upstream at test/fuzzing/fuzz_parse.js +# and is supplied by the postcss clone above. +compile_javascript_fuzzer postcss test/fuzzing/fuzz_parse.js -i postcss --sync diff --git a/projects/postcss/project.yaml b/projects/postcss/project.yaml new file mode 100644 index 000000000000..512830f271dd --- /dev/null +++ b/projects/postcss/project.yaml @@ -0,0 +1,8 @@ +homepage: https://postcss.org/ +language: javascript +primary_contact: "andrey@sitnik.es" +main_repo: https://github.com/postcss/postcss +fuzzing_engines: +- libfuzzer +sanitizers: +- none