Add new feature

.code-intelligence/.gitignore

@@ -0,0 +1 @@
+.build

.code-intelligence/build.sh

@@ -0,0 +1,3 @@
+cd make/mp4d/linux_amd64
+make
+cd ../../../

.code-intelligence/fuzz_targets/default.yaml

@@ -0,0 +1,52 @@
+## Configuration of a CI Fuzz test
+## Generated on 2022-01-25 with CI Fuzz 2.27.0
+##
+## Lines that start with "##" are explanations for the following
+## setting, lines that start with "#" are settings that can be enabled
+## by removing the "#".
+##
+## Settings in this file override settings in the project.yaml.
+
+## The fuzz target type. If unspecified, the type is derived from the
+## extension of the fuzz target source file.
+type: "c++"
+
+## Additional arguments to pass to the compiler when building the
+## fuzz target.
+compiler_extra_args:
+  - "-Iinclude"
+  - "make/mp4d/linux_amd64/mp4d_debug.a"
+
+## Additional arguments to pass to the fuzz target when it is executed.
+## Note that any relative paths are resolved relative to the root of the
+## project directory.
+#run_extra_args:
+#  - "-c myapp.conf"
+
+## Options to pass to the fuzzing engine.
+engine_options:
+ libfuzzer:
+   - -timeout=120
+
+## Environment variables to set when executing the target.
+#environment:
+#  - ASAN_OPTIONS=detect_leaks=0
+
+## If set to true, do not use the generic input corpus for this
+## fuzz target.
+#no_initial_corpus: false
+
+##### This section is only for Java fuzz targets #####
+
+## Autofuzz target definition. 
+## Fully qualified method reference with an optional signature to a Jazzer autofuzz target. 
+## Stated targets have to be available in the referenced artifacts.
+#autofuzz_target: "com.example.MyClass::myMethod(java.lang.String)"
+
+## Package filters to apply when instrumenting the source code.
+#instrumentation_filters:
+#  - com.my_company
+
+## List of jar dependencies needed by the fuzz target.
+#jars:
+#  - target/library_under_test-1.0.jar

.code-intelligence/fuzz_targets/mp4d_demuxer_parse.cpp

@@ -0,0 +1,46 @@
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include "mp4d_demux.h"
+#include "mp4d_internal.h"
+#include "FuzzedDataProvider.h"
+
+#include <inttypes.h>
+
+
+
+mp4d_demuxer_ptr_t p_dmux;
+
+void *static_mem_ptr = NULL, *dyn_mem_ptr = NULL;
+
+// extern "C" int FUZZ_INIT_WITH_ARGS(int *argc, char ***argv) {
+extern "C" int FUZZ_INIT() {
+
+  uint64_t static_mem_size, dyn_mem_size;
+
+  mp4d_demuxer_query_mem(&static_mem_size, &dyn_mem_size);
+
+  if (static_mem_size) {
+    static_mem_ptr = malloc((size_t) static_mem_size);
+  }
+
+  if (dyn_mem_size) {
+    dyn_mem_ptr = malloc ((size_t) dyn_mem_size);
+  }
+
+  mp4d_demuxer_init(&p_dmux, static_mem_ptr, dyn_mem_ptr);
+
+  return 0; 
+}
+
+extern "C" int FUZZ(const uint8_t *Data, size_t Size) {
+  FuzzedDataProvider fdp(Data, Size);
+  int is_eof = fdp.PickValueInArray<int>({0, 1});
+  uint64_t atom_size;
+  auto bytes = fdp.ConsumeRemainingBytes<unsigned char>();
+
+  mp4d_demuxer_parse(p_dmux, bytes.data(), bytes.size(), is_eof, 0, &atom_size);
+  return 0; 
+}

.code-intelligence/project.yaml

@@ -0,0 +1,84 @@
+## Configuration for a CI Fuzz project
+## Generated on 2022-01-25 with CI Fuzz 2.27.0
+##
+## Lines that start with "##" are explanations for the following
+## setting, lines that start with "#" are settings that can be enabled
+## by removing the "#".
+
+## The fuzz targets are built and run in Docker containers. This setting
+## allows you to specify the Docker image that should be used for
+## building this project. It must contain all the dependencies required
+## to build the project.
+## If you're running ci-daemon on your local system, you can leave this
+## setting empty, in which case a distroless image is used and several
+## directories (/lib, /bin/, /usr, ...) from the host system are
+## automatically mounted into the container, effectively creating a
+## build environment from the host.
+build_container: "cifuzz/builders:zint"
+
+## The name of the container image used for running the fuzz tests. If
+## unspecified, the image of the build container is used.
+run_container: "cifuzz/builders:zint"
+
+## A list of paths which should be mounted from the host into the
+## build and run containers. The format is SOURCE-DIR:DEST-DIR, where
+## SOURCE-DIR will be bind-mounted from the host filesystem to DEST-DIR
+## in the container.
+## Environment variables in the paths are expanded from the host's
+## environment.
+#mounts:
+#  - $HOME/build:/build
+
+## The relative path to a script that builds the project. This script
+## be will automatically copied into the build container and executed to
+## build the project.
+## The path must be relative to the root of the project directory.
+build_script: ".code-intelligence/build.sh"
+
+
+
+## Paths to the fuzz targets to execute.
+fuzz_tests:
+  - .code-intelligence/fuzz_targets/*.cpp
+
+## Go packages containing fuzz targets. A fuzzer is created 
+## for each function starting with "Fuzz"
+#go_fuzz_packages:
+#  - github.com/my-org/my-project/my-package
+
+## Paths to web app fuzz target configs.
+#web_app_target_configs:
+#  - .code-intelligence/fuzz_targets/*.yaml
+
+## Paths to Jazzer autofuzz target configs.
+#autofuzz_configs:
+#  - .code-intelligence/fuzz_targets/Autofuzz*.yaml
+
+## The sanitizers to use for the fuzz tests. Only applies to C/C++
+## targets. Note that the Undefined Behavior Sanitizer (UBSan) is
+## always used, regardless of this setting. By default, only
+## Address Sanitizer (and Undefined Behavior Sanitizer) is used.
+# sanitizers:
+#   - address
+
+## The fuzzing engines to use for the fuzz tests. By default, only
+## libfuzzer is used. Only valid for C/C++ targets.
+# engines:
+#   - libfuzzer
+#  - afl
+#  - afl_llvm_mode
+
+## The run time after which the fuzz tests are cancelled and
+## considered as having passed. The default is 30 minutes.
+max_runtime: "30m0s"
+
+## The number of parallel executions per fuzz test. The default is 1,
+## which means for each combination of fuzzing engine and sanitizer,
+## each fuzz target is executed once.
+parallel_executions: 1
+
+## By default, fuzz targets are seeded with an initial input corpus,
+## which consists of files of various data formats. This often improves
+## results, but could take a long time for slow fuzz targets. Set to
+## true if you don't want to use the initial input corpus.
+#no_initial_corpus: true

.github/workflows/main.yaml

@@ -0,0 +1,53 @@
+name: CI Fuzz
+
+on:
+  pull_request:
+    branches: [ master ]
+
+env:
+  FUZZING_SERVER_ADDRESS: app.code-intelligence.com:6773
+  WEB_APP_ADDRESS:  https://app.code-intelligence.com
+
+
+jobs:
+  fuzz_tests:
+    runs-on: ubuntu-latest
+    steps:
+      - run: ls -la
+        working-directory: ${{ github.workspace }}
+      - id: start-fuzzing
+        name: Build and Instrument
+        uses: CodeIntelligenceTesting/github-actions/start-fuzzing@v3
+        with:
+          ci_fuzz_api_token: ${{ secrets.CIFUZZ_API_TOKEN }}
+          project: ${{ env.PROJECT_ID }}
+          git_reference: ${{ github.sha }}
+          fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }}
+      - id: monitor-fuzzing
+        name: Fuzzing
+        uses: CodeIntelligenceTesting/github-actions/monitor-fuzzing@v3
+        with:
+          ci_fuzz_api_token: ${{ secrets.CIFUZZ_API_TOKEN }}
+          test_collection_run: ${{ steps.start-fuzzing.outputs.test_collection_run }}
+          fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }}
+          dashboard_address: ${{ env.WEB_APP_ADDRESS }}
+          timeout: 1800
+      - id: save-results
+        name: Save Fuzz Test Results
+        uses: CodeIntelligenceTesting/github-actions/save-results@v3
+        if: ${{ github.event_name == 'pull_request' && (success() || failure()) }}
+        with:
+          test_collection_run: ${{ steps.start-fuzzing.outputs.test_collection_run }}
+          ci_fuzz_api_token: ${{ secrets.CIFUZZ_API_TOKEN }}
+          fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }}
+          project: ${{env.PROJECT_ID}}
+          dashboard_address: ${{ env.WEB_APP_ADDRESS }}
+      - id: upload-artifact
+        uses: actions/upload-artifact@v2
+        if: ${{ (success() || failure()) }}
+        with:
+          name: ci_fuzz_results
+          path: | 
+            findings.json
+            coverage.json
+            web_app_address.txt