Integrate Mayhem

Author: ebell495

.github/workflows/mayhem.yml

@@ -0,0 +1,64 @@
+name: Mayhem
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+  workflow_call:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build:
+    name: ${{ matrix.os }} shared=${{ matrix.shared }} ${{ matrix.build_type }}
+    runs-on: ${{ matrix.os }}
+    permissions:
+      packages: write
+      contents: write
+      security-events: write
+
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+        shared: [false]
+        build_type: [Release]
+        include:
+          - os: ubuntu-latest
+            triplet: x64-linux
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Start analysis
+        uses: ForAllSecure/mcode-action@v1
+        with:
+          mayhem-token: ${{ secrets.MAYHEM_TOKEN }}
+          args: --image ${{ steps.meta.outputs.tags }} --duration 300
+          sarif-output: sarif
+
+      - name: Upload SARIF file(s)
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: sarif

Dockerfile

@@ -0,0 +1,7 @@
+FROM python:3.8-bullseye
+RUN pip3 install atheris
+
+COPY . /html5lib
+WORKDIR /html5lib
+RUN python3 -m pip install -r requirements.txt
+RUN python3 -m pip install . && chmod +x fuzz/fuzz.py

Mayhemfile

@@ -0,0 +1,10 @@
+project: html5lib-python
+target: html5lib-python
+image: ghcr.io/ebell495/html5lib-python:latest
+duration: 300
+
+tests: null
+
+cmds:
+    - cmd: fuzz/fuzz.py
+      libfuzzer: true

fuzz/fuzz.py

@@ -0,0 +1,17 @@
+#!/usr/local/bin/python3
+import atheris
+import sys
+
+with atheris.instrument_imports():
+    import html5lib
+
+
+@atheris.instrument_func
+def TestOneInput(data):
+    fdp = atheris.FuzzedDataProvider(data)
+    html5lib.parse(fdp.ConsumeString(len(data)))
+
+
+# atheris.instrument_all()
+atheris.Setup(sys.argv, TestOneInput)
+atheris.Fuzz()