OneFuzz A Self-hosted Fuzzing-As-A-Service Platform
Project OneFuzz enables continuous developer-driven fuzzing to proactively harden software prior to release. With a single command, which can be baked into CICD, developers can launch fuzz jobs from a few virtual machines to thousands of cores.
- Composable fuzzing workflows: Open source allows users to onboard their own fuzzers, swap instrumentation, and manage seed inputs.
- Built-in ensemble fuzzing: By default, fuzzers work as a team to share strengths, swapping inputs of interest between fuzzing technologies.
- Programmatic triage and result de-duplication: It provides unique flaw cases that always reproduce.
- On-demand live-debugging of found crashes: It lets you summon a live debugging session on-demand or from your build system.
- Observable and Debug-able: Transparent design allows introspection into every stage.
- Fuzz on Windows and Linux: Multi-platform by design. Fuzz using your own OS build, kernel, or nested hypervisor.
- Crash reporting notification callbacks: Including Azure DevOps Work Items and Microsoft Teams messages
Also Read: What is Fuzzing?
How To Use?
Deploying an instance of Onefuzz
From the Latest Release of Onefuzz download the onefuzz-deployment package.
On a host with the Azure CLI logged in, do the following:
unzip onefuzz-deployment-$VERSION.zip pip install -r requirements.txt ./deploy.py $REGION $RESOURCE_GROUP_NAME $ONEFUZZ_INSTANCE_NAME $CONTACT_EMAIL_ADDRESS
When running deploy.py the first time for an instance, you will be prompted to follow a manual step to initialize your CLI config.
Install the CLI
Download the Python SDK (make sure to download both onefuzz and onefuzztypes) from the Latest Release of Onefuzz.
If you’re using the SDK, install via:
pip install ./onefuzz*.whl
Connecting to your instance
Use the onefuzz config command to specify your instance of Onefuzz. This example uses the MSR hosted playground instance (only available to Microsoft employees).
$ onefuzz config --endpoint https://onefuzz-playground.azurewebsites.net $ onefuzz versions check --exact "compatible" $
See More documentation here, you can use Onefuzz.
OneFuzz is cross-platform, and the actively-supported platforms vary by component.
We continuously test the CLI on Windows 10 Pro and Ubuntu 18.04 LTS, both on the x64 architecture. The CLI client is written in Python 3, and targets Python 3.7 and up. We distribute a self-contained executable CLI build for Windows which bundles a Python interpreter.
Virtual Machine Scale Sets
OneFuzz deploys targets into Azure Virtual Machine Scale Sets for fuzzing (and supporting tasks). OneFuzz permits arbitrary choice of VM SKU and OS Image, including custom images.
We continuously test on Window 10 Pro x64 (using the Azure OS image URN MicrosoftWindowsDesktop:Windows-10:rs5-pro:latest) and Ubuntu 18.04 LTS x64 (using the Azure OS image URN Canonical:UbuntuServer:18.04-LTS:latest).
LibFuzzer targets are built by linking the libFuzzer runtime to a test function, tied together with compiler-provided static instrumentation (sanitizers). The resulting executable has runtime options and output that can vary with the compiler and libFuzzer runtime used.
We actively support libFuzzer targets produced using the following compiler toolchains:
- LLVM 8 and up, Windows and Linux, x86 and x64
- MSVC 16.8 and later that support x64 ASAN instrumentation
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repositories using our CLA.
The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository.
There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement.
Read Microsoft privacy statement is located here. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.
For more information:
Reporting Security Issues
Security issues and bugs should be reported privately, via email, to the Microsoft Security Response Center (MSRC) at [email protected]. You should receive a response within 24 hours.