Attempt to fix cel-cpp build (#14321)

We've swapped over to using bzlmod primarily and at some point broke
workspace dependencies support (and bazel < 7).

Author: jnthntatum

projects/cel-cpp/.bazelrc

@@ -18,6 +18,10 @@
 build --action_env=CC=clang
 build --action_env=CXX=clang++
 
-build:oss-fuzz --@rules_fuzzing//fuzzing:cc_engine=@rules_fuzzing_oss_fuzz//:oss_fuzz_engine
+build:oss-fuzz --@rules_fuzzing//fuzzing:cc_engine=@rules_fuzzing//fuzzing/engines:oss_fuzz
 build:oss-fuzz --@rules_fuzzing//fuzzing:cc_engine_instrumentation=oss-fuzz
 build:oss-fuzz --@rules_fuzzing//fuzzing:cc_engine_sanitizer=none
+build:oss-fuzz --cxxopt=-stdlib=libc++
+build:oss-fuzz --linkopt=-lc++
+build:oss-fuzz --verbose_failures
+build:oss-fuzz --spawn_strategy=standalone

projects/cel-cpp/Dockerfile

@@ -20,12 +20,12 @@ RUN apt-get update && apt-get install python3 openjdk-11-jdk -y
 RUN git clone --depth 1 https://github.com/google/cel-cpp/
 COPY build.sh $SRC/
 RUN mkdir $SRC/cel-cpp/fuzz/
+COPY build.sh $SRC/cel-cpp
 COPY BUILD fuzz*.cc $SRC/cel-cpp/fuzz/
-COPY WORKSPACE .bazelrc $SRC/
-RUN cat WORKSPACE >> $SRC/cel-cpp/WORKSPACE
+COPY MODULE.bazel .bazelrc $SRC/
+RUN cat MODULE.bazel >> $SRC/cel-cpp/MODULE.bazel
 RUN cat .bazelrc >> $SRC/cel-cpp/.bazelrc
-RUN echo "4.1.0" > $SRC/cel-cpp/.bazelversion
 WORKDIR $SRC/cel-cpp
 # This is to fix Fuzz Introspector build by using LLVM old pass manager
 # re https://github.com/ossf/fuzz-introspector/issues/305
-ENV OLD_LLVMPASS 1
+ENV OLD_LLVMPASS=1

projects/cel-cpp/MODULE.bazel

@@ -0,0 +1,2 @@
+
+bazel_dep(name = "rules_fuzzing", version = "0.6.0")

projects/cel-cpp/build.sh

@@ -14,5 +14,34 @@
 # limitations under the License.
 #
 ################################################################################
-export USE_BAZEL_VERSION=5.4.0
-bazel_build_fuzz_tests
+export USE_BAZEL_VERSION="7.3.2"
+export CC=${CC:-clang}
+export CXX=${CXX:-clang++}
+
+# modified version of bazel_build_fuzz_tests to work around issues with
+# bzlmod dependency on rules_fuzzing
+
+bazel build -c opt --config=oss-fuzz //fuzz:fuzz_parse_oss_fuzz
+
+for oss_fuzz_archive in $(find bazel-bin/ -name "*oss_fuzz.tar"); do
+    tar --no-same-owner -xvf "${oss_fuzz_archive}" -C "${OUT}"
+done
+
+if [ "$SANITIZER" = "coverage" ]; then
+    echo "Collecting the repository source files for coverage tracking."
+    declare -r COVERAGE_SOURCES="${OUT}/proc/self/cwd"
+    mkdir -p "${COVERAGE_SOURCES}"
+    declare -r RSYNC_FILTER_ARGS=(
+        "--include" "*.h"
+        "--include" "*.cc"
+        "--include" "*.hpp"
+        "--include" "*.cpp"
+        "--include" "*.c"
+        "--include" "*.inc"
+        "--include" "*/"
+        "--exclude" "*"
+    )
+    rsync -avLk "${RSYNC_FILTER_ARGS[@]}" \
+        "$(bazel info execution_root)/" \
+        "${COVERAGE_SOURCES}/"
+fi

projects/cel-cpp/fuzz_parse.cc

@@ -19,16 +19,15 @@
 #include "parser/options.h"
 #include "parser/parser.h"
 
-#define MAX_RECURSION 0x100
-
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
     std::string str (reinterpret_cast<const char*>(data), size);
     google::api::expr::parser::ParserOptions options;
-    options.max_recursion_depth = MAX_RECURSION;
+    options.max_recursion_depth = 128;
+    options.expression_size_codepoint_limit = 1 << 20;
     try {
         auto parse_status = google::api::expr::parser::Parse(str, "fuzzinput", options);
         if (!parse_status.ok()) {
-            parse_status.status().message();
+            static_cast<void>(parse_status.status().message());
         }
     } catch (const std::exception& e) {
         return 0;

projects/cel-cpp/project.yaml

@@ -1,8 +1,9 @@
-homepage: "https://opensource.google/projects/cel"
+homepage: "https://cel.dev"
 language: c++
-primary_contact: "kyessenov@gmail.com"
+primary_contact: "tswadell@google.com"
 auto_ccs :
-- "tswadell@google.com"
+- "jdtatum@google.com"
+- "kyessenov@google.com"
 - "p.antoine@catenacyber.fr"
 
 sanitizers:
@@ -13,7 +14,6 @@ main_repo: 'https://github.com/google/cel-cpp'
 file_github_issue: True
 
 fuzzing_engines:
-  - afl
   - honggfuzz
   - libfuzzer