Add cwltool #6579
Add cwltool #6579
Conversation
|
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
1 similar comment
|
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
There was a problem hiding this comment.
@mr-c I merged your previous suggestion, but the bot is complaining about not finding a Google CLA for your user. Would you like to fill one? Otherwise I can squash your commit here.
Added one comment for you about the primary contact too. Finally, if this PR is accepted by oss-fuzz maintainers, their infrastructure would start building and fuzzing cwltool and sending any crashes notifications to the e-mails listed in the project configuration file.
Should a bug is found, then we would be notified and have 90 days 1, plus a 14 days grace period (if a developer tells them the issue is being fixed). I think that should be fine? WDYT?
Finally, there is also a reward 2 given to some projects considered important once their fuzzing is running in OSS Fuzz. Later we can review it and, if you and the other project maintainers agree, apply for this reward? That can be added to some Open Source/foundation funds for cwltool or Common Workflow Language, and sponsor infra or more great initiatives like Outreachy/GSoC, or nominate a charity to donate it (Google doubles the value) 👍
Thanks!
Bruno
Footnotes
projects/cwltool/project.yaml
Outdated
| language: python | ||
| primary_contact: "[email protected]" | ||
| #auto_ccs: | ||
| # - "" # TODO: add michael's email? |
There was a problem hiding this comment.
@mr-c I added my e-mail as primary_contact only so that this PR could be built, but it would be better if it were a core maintainer of cwltool. From the oss-fuzz docs1:
The address belongs to an established project committer (according to VCS logs). If the address isn’t you, or if the address differs from VCS, we’ll require an informal email verification.
The address is associated with a Google account (why?). If you use an alternate email address linked to a Google Account, you’ll only get access to filed bugs in the issue tracker, not to the ClusterFuzz dashboard. This is due to appengine API limitations.
Would you like to be the primary contact? Or if there is a project e-mail, we can use that, and add our e-mails to auto_css (CC'ed in each notification e-mail).
Footnotes
There was a problem hiding this comment.
Since a Google account is needed, please use [email protected] as the primary contact. Feel free to add yourself in CC ; [email protected] can also be CCd.
|
@kinow My suggestion was trivial, so I suggest squashing :-)
Fine by me!
Thanks again! |
kinow
force-pushed
the
add-cwltool
branch
2 times, most recently
from
204aeb5 to
1285a8f
Compare
| @atheris.instrument_func | ||
| def test_one_input(input_bytes): | ||
| with tempfile.NamedTemporaryFile() as nf: | ||
| nf.write(input_bytes) |
There was a problem hiding this comment.
This CWL workflow file will contain the generated bytes. It is expected it will fail with ValueError. No other errors are accepted.
| cmd_args.append(f"--{k.replace('_', '-')}") | ||
| # values that are not boolean, are argument values, such as `--orcid $v`, so we include it | ||
| if type(v) != bool: | ||
| cmd_args.append(v) |
There was a problem hiding this comment.
Simply generating possible combinations with some parameters of cwltool. The text values are the most interesting, as it will generate something like --orcid ”あかさたな。。。”, i.e. will use hypothesis to create random values for cwltool parameters.
There was a problem hiding this comment.
The --debug is also useful, as Python is interpreted this might force parts of cwltool code to be evaluated.
|
|
||
| try: | ||
| # add the workflow file name as last positional argument | ||
| cmd_args.extend(['echo.cwl', '--inp', inp]) |
There was a problem hiding this comment.
echo.cwl is a simple - really simple - workflow from the cwltool docs & tests. It simply prints the --inp value back. The inp value is a hypothesis random string.
We could have used the atheris generated bytes, but that would always fail. Instead, here it always passes, and no exception other than ValueError is accepted.
|
Ready for review.
Thanks! |
projects/cwltool/build.sh
Outdated
|
|
||
| # Build and install project (using current CFLAGS, CXXFLAGS). This is required | ||
| # for projects with C extensions so that they're built with the proper flags. | ||
| pip3 install . |
There was a problem hiding this comment.
ModuleNotFoundError: No module named '941ff00c0a6010009091__mypyc'
On PyPI we ship a version of schema-salad as a binary wheel with some of the Python code compiled using mypyc, so maybe this will help:
| pip3 install . | |
| pip3 install --no-binary schema_salad . |
There was a problem hiding this comment.
Ah, that could be the reason why some builds are failing @mr-c . Just updated it, let me see if GH actions will pass now. Thanks 💯 !!!
Adding
cwltool, reference implementation of the Common Workflow Language. cc @mr-c I still need finish reading the docs and experimenting running the fuzzer locally to see if we need to move the fuzzed data to another function, or if we can keep usingcwltool.main.main.Used
pyamlfuzzer as reference.