The process of integrating a project written in Swift with OSS-Fuzz is very similar to the general Setting up a new project process. The key specifics of integrating a Swift project are outlined below.
First, you need to write a Swift fuzz target that accepts a stream of bytes and calls the program API with that. This fuzz target should reside in your project repository.
The structure of the project directory in OSS-Fuzz repository doesn’t differ for projects written in Swift. The project files have the following Swift specific aspects.
language attribute must be specified.
The only supported fuzzing engine is
The supported sanitizers are and
fuzzing_engines: - libfuzzer sanitizers: - address - thread
The Dockerfile should start by
FROM gcr.io/oss-fuzz-base/base-builder-swift instead of using the simple base-builder
precompile_swift generates an environment variable
SWIFTFLAGS This can then be used in the building command such as
swift build -c release $SWIFTFLAGS
A usage example from swift-protobuf project is
. precompile_swift # build project cd FuzzTesting swift build -c debug $SWIFTFLAGS ( cd .build/debug/ find . -maxdepth 1 -type f -name "*Fuzzer" -executable | while read i; do cp $i $OUT/"$i"-debug; done )