Add CLI11 to OSS-Fuzz (CLI parsing fuzzer)#14131
Add CLI11 to OSS-Fuzz (CLI parsing fuzzer)#14131TheodorNEngoy wants to merge 16 commits intogoogle:masterfrom
Conversation
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
|
TheodorNEngoy is integrating a new project: |
TheodorNEngoy
force-pushed
the
add-cli11
branch
from
760e254 to
87786eb
Compare
|
First-time contributor — please approve Actions workflows so CI can run. Thanks! |
|
@TheodorNEngoy I have been thinking about this for a while, so I should be listed as the project contributor on this form. I would suggest however using the fuzz test that is in the repo already, that is the one we have building up over the last year to really test out CLI11 for fuzzing. I think it is getting close to ready for OSS-Fuzz. cli11_app_fuzz.cpp is the primary applications using the fuzzer, then it could be built using CMAKE and maintained as part of the regular repo. If it made sense I could also supply an existing corpus from the more extensive testing I have done locally on the fuzz applications. very happy to have someone else interested in getting this in OSS-Fuzz! |
|
I signed it! |
TheodorNEngoy
force-pushed
the
add-cli11
branch
from
ff4638c to
e5f23c9
Compare
|
@googlebot I signed it! |
|
First-time contributor — please approve Actions workflows so CI can run. Thanks! |
|
Ready for review: local build+run completed successfully (ASan/libFuzzer). Please approve Actions so presubmit builds run, and let us know a committer’s Google‑account email to set as |
|
Local helper flow succeeded (build_image → build_fuzzers → run_fuzzer -max_total_time=30). All presubmit prechecks are green. Please approve Actions to run the build matrix and review. We will set |
|
Upstream CIFuzz PR opened: CLIUtils/CLI11#1225 |
|
Local UBSan build+run succeeded (libFuzzer, -runs=1000). |
|
First-time contributor — please approve Actions so the build matrix can run. Thanks! |
|
Upstream CIFuzz PR: CLIUtils/CLI11#1225 |
|
Enabled i386 in project.yaml and validated locally (ASan/libFuzzer, -runs=1000). |
|
Switched to upstream fuzz harness (cli11_app_fuzz.cpp + fuzzApp.cpp) and packaged CLI11 dictionaries; local ASan build+run OK. @phlptp thanks for the pointer — happy to set you as |
|
@TheodorNEngoy use phlptp@gmail.com as the google account email, my github account is associated with that address. |
|
Set |
|
Enabled AFL & Honggfuzz in project.yaml and verified local ASan builds; libFuzzer/AFL/Honggfuzz smoke runs OK. primary_contact is set to phlptp@gmail.com; ready for presubmit once Actions are approved. |
|
Enabled AFL & Honggfuzz in project.yaml; local libFuzzer ASan build + check_build passed. primary_contact is set to phlptp@gmail.com. Ready for presubmit once Actions are approved. |
|
Local check_build now passes for: libFuzzer (ASan x86_64 + i386, UBSan x86_64), AFL (ASan), and Honggfuzz (ASan). primary_contact is set to phlptp@gmail.com. Ready for presubmit once Actions are approved. |
|
Temporarily disabling AFL to get presubmit green (AFL dry-run treats minimal seeds as crashes). libFuzzer + Honggfuzz builds & check_build pass locally. We'll follow up with an AFL-friendly harness/seed. |
|
libFuzzer + Honggfuzz pass local check_build. AFL is temporarily disabled to avoid dry‑run issues. primary_contact is set to phlptp@gmail.com. Please approve GitHub Actions and review. Thanks! |
|
libFuzzer + Honggfuzz pass local check_build. AFL is disabled for now. primary_contact is set to phlptp@gmail.com (Google account). Please review/approve when ready. |
|
Status: libFuzzer + Honggfuzz build & check_build pass locally; AFL is disabled for now. CIFuzz on CLI11 is set to dry-run until this PR merges. Ready for review. |
| -o "$OUT/cli11_app_fuzzer" $LIB_FUZZING_ENGINE ${LDFLAGS:-} | ||
|
|
||
| # --- Package dictionary (if present) --- | ||
| if [[ -f "$SRC/cli11/fuzz/fuzz_dictionary1.txt" ]]; then |
There was a problem hiding this comment.
The fuzz_dictionary2 file is meant for the file_fuzzer, it probably isn't that useful to concatenate them. For the app fuzzer just fuzz_dictionary1 should be used.
|
Updated build.sh: cli11_app_fuzzer now packages only fuzz_dictionary1.txt (per maintainer feedback; fuzz_dictionary2.txt is for the file fuzzer). Ready for another look. |
…p libFuzzer + Honggfuzz
…per maintainer feedback)
TheodorNEngoy
force-pushed
the
add-cli11
branch
from
e1205be to
ea72da3
Compare
|
Status: Upstream CIFuzz is merged (CLIUtils/CLI11#1225). CLI11’s workflow is in dry‑run (safe) until this PR lands. Locally verified: libFuzzer + Honggfuzz pass ; AFL is disabled. Please approve presubmit workflows. Thanks! |
|
Status: Upstream CIFuzz is merged (CLIUtils/CLI11#1225). CLI11’s workflow is in |
|
CI note: This PR comes from a fork. Please click Approve and run on the pending GitHub Actions checks so presubmit can execute. Thanks! |
|
First-time fork: please click Approve and run on the pending GitHub Actions checks so presubmit can execute. Thanks! |
Flip CIFuzz out of dry‑run now that cli11 exists in OSS‑Fuzz. --------- Co-authored-by: TheodorNEngoy <[email protected]>
|
Can you share who are some of the important users of this project? |
|
I lack insight into all the users. There are 4000+ stars on github. I know we use it in several applications for the Department of Energy and have been contacted by other Government applications for review to include it their applications. It is included in several C++ packaging repositories. And does get used in High performance computing applications which is some of the original applications. |
Department of energy is important enough for us :-) |
| @@ -0,0 +1,19 @@ | |||
| # Copyright 2025 Google LLC | |||
There was a problem hiding this comment.
| # Copyright 2025 Google LLC | |
| # Copyright 2026 Google LLC |
| @@ -0,0 +1,30 @@ | |||
| #!/bin/bash -eu | |||
| # Copyright 2025 Google LLC | |||
There was a problem hiding this comment.
| # Copyright 2025 Google LLC | |
| # Copyright 2026 Google LLC |
3 participants
Integrates https://github.com/CLIUtils/CLI11 into OSS-Fuzz with a libFuzzer harness. Per acceptance policy, a project committer using a Google account must be added as in project.yaml for access to ClusterFuzz reports. Maintainers: please reply with the email to add.
Docs: Accepting new projects & New project guide.