Skip to content

Latest commit

 

History

History
719 lines (595 loc) · 67.9 KB

File metadata and controls

719 lines (595 loc) · 67.9 KB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

2.26.0

Added

  • Supervisor: Added a panic handler to record supervisor failures. #1062

Changed

  • Agent: Added more context to file upload errors. #1063
  • CLI: Made errors locating azcopy more clear. #1061

Fixed

  • Service: Fixed an issue where long-lived VM scaleset instances could get reimaged with out-of-date VM setup scripts. #1060
  • Service: Fixed an issue where VM setup script updates were not always pushed. #1059

2.25.1

Fixed

  • Service: Fixed an issue detecting and reimaging failed nodes. #1054
  • Service: Fixed an issue with the supervisor restarting too quickly. #1055

2.25.0

Added

  • Agent: Added minimized_stack_function_lines and minimized_stack_function_lines_sha256 to crash reports. #993
  • CLI/Service: Added timestamp to Notification objects. #1043
  • Service: Added the scaleset_resize_scheduled event. #1047
  • Service: Added pool_id to Node objects. #1049

Changed

  • Agent/Supervisor/Proxy: Updated multiple third-party Rust dependencies. #1040, #1052
  • CLI/Deployment/Service: Updated multiple first-party and third-party Python dependencies. #922, #1045
  • CLI/Service: Moved to using Pydantic built-in size validation for types. #1048
  • Service: Continued development related to upcoming features. #1046, #1050

Fixed

  • CLI: Fixed an issue handling column sorting in onefuzz status top. #1037
  • Service: Fixed an issue adding SSH keys to Windows VMs. #1038

2.24.0

Added

  • CLI/Service: Added instance configuration that can be managed via onefuzz instance_config. #1010
  • Service: Added automatic retry for Azure Devops notifications. #1026
  • CLI/Service: Added validation to GitHub Issues integration configuration. #1019

Changed

  • Agent/Supervisor/Proxy: Moved to rustls to enable running the Agent and Supervisor on Ubuntu 20.04. #1029
  • Agent: Continued development related to upcoming features. #1016

Fixed

  • Agent: Fixed an issue handling invalid data during coverage collection. #1032
  • Agent: Fixed retry logic on coverage recording failures #1033

2.23.1

Fixed

  • Service: Fixed an issue preventing deletion or reimaging of nodes in some cases. #1023

2.23.0

Changed

  • Agent/Supervisor/Proxy: Updated multiple third-party Rust dependencies. #1018, #1009, #1004
  • Service: Tasks running on nodes without recent heartbeats are now marked as failed due to heartbeat issues. #1015
  • Service: Updated multiple first-party Python dependencies. #1012

Fixed

  • Agent: Fixed an issue where libfuzzer_fuzz tasks on Windows that found crashes too rapidly were unable recover handles. #1002
  • Agent: Fixed an issue with the regression tasks after using the onefuzz debug notification commands. #1011
  • Deployment: Fixed a configuration issue reducing log retention durations. #1007
  • Service: Fixed an issue creating GitHub Issues notifications. #1008
  • Service: Fixed an issue handling reimaging nodes that took an excessive amount of time. #1005

2.22.0

Changed

  • Service: Update node and task-related log messages to ease debugging. #988
  • Agent: Changed the log level for azcopy retry notification to DEBUG. #986
  • Agent: Updated stack minimization regular expressions from libclusterfuzz. #992
  • Agent: Added more context to synchronized directory errors. #995
  • Deployment: Reduced the Application Insights log retention duration to 30 days. #997
  • Agent: Improved tracking of threads during win32 debugging. #1000

Fixed

  • Agent: Fixed an issue using relative paths with synchronized directories. #996
  • Service: Fixed an issue creating GitHub Issues notifications #990
  • CLI/Service: Fixed an issue handling Union fields in the onefuzztypes library #982
  • Service: Fixed an issue handling manually-resized scalesets #984

2.21.0

Added

  • CLI: Added onefuzz debug job rerun command. #960

Changed

  • Agent: Added more context to coverage recording errors. #979
  • Agent: The coverage task now retries an input in the case of coverage recording failure. #978
  • Service: Nodes with the debug_keep_node flag will now be reimaged once the node is 7 days old. #968
  • Service: Updates to scalesets can now be requested while the node is in the resize state. #969

Fixed

  • Service: Fixed an issue when reimaging nodes that previously failed to reimage as expected. #970
  • Service: Fixed an issue when resizing scalesets that exceed Azure VM quotas. #967
  • Supervisor: Fixed an issue with refreshing service authentication tokens. #976

2.20.0

Added

  • Agent: Added a new coverage task that enables coverage analysis for both uninstrumented and Sancov targets on Linux and Windows. #763

Changed

  • Agent: Improved performance of the libFuzzer fuzzing tasks. #941
  • CLI: Changed the libfuzzer basic job template to use the new coverage task. #763
  • Deployment: Added automatic retry when authorizing newly-created applications during deployment. #959
  • Supervisor: Simplified the service coordination logic and added increased context upon failure. #963

2.19.0

Added

  • Agent/Supervisor: Added azcopy log recording upon azcopy failure. #945
  • CLI: Added onefuzz jobs containers delete command. #949
  • CLI: Added onefuzz jobs containers download command. #953

Changed

  • Agent/Service: Agents scheduled to shut down no longer wait for work prior to shutting down. #940
  • Agent/Supervisor/Proxy: Updated multiple third-party Rust dependencies. #942
  • Agent: Continued deveopment related to upcoming features. #937, #929, #919
  • CLI: Message details are now always shown in onefuzz status top. #933
  • CLI: Renamed template helper methods for uploading task setup files. #926
  • Contrib: Updated multiple third-party Python dependencies. #950
  • Service: Tasks that are stopped without ever having started are now marked as failed. #935
  • Supervisor: Added increased context when recording supervisor failures. #931

Fixed

  • CLI/Service: Worked around a third-party dependency issue in handling Python Unions in Events. #939
  • Deployment: Fixed an authentication issue during deployment. #947, #954
  • Deployment: Fixed an issue limiting application creation logs. #952
  • Service: Fixed an issue deleting nodes with expired heartbeats. #930
  • Service: Fixed an issue deleting nonexistent containers. #948
  • Service: Fixed an issue deleting proxies. #932
  • Service: Fixed an issue that prevented automatic migration of notification secrets to Azure KeyVault in some cases. #936
  • Supervisor: Fixed an issue adding multiple SSH keys to Windows VMs. #928

2.18.0

Added

  • Agent: Added setup_dir configuration value expansion for generator tasks. #901
  • CLI: Enable specifying alternate tenant configuration via command line arguments. #900
  • CLI/Service: Proxy status is now available via onefuzz scaleset_proxy list command. #905

Changes

  • Deployment: Moved to using Microsoft Graph User.Read rather than Azure AD Graph. #894
  • Service: Tasks are now stopped on nodes before task related storage queues are deleted. #801
  • Proxy: Proxies are automatically deployed and always available based on regions with active fuzzing scalesets. #839, #908, #907, #909, #904
  • CLI: Added explanations to errors generated when parsing arguments whose values are key/value pairs. #910, #911
  • Agent: Continued development related to upcoming features. #913, #918
  • Service: Updated first-party Python libraries #903

2.17.0

Added

Changes

  • Agent/Supervisor/Proxy: Addressed multiple new cargo-clippy warnings. #884
  • Agent/Supervisor/Proxy: Updated and removed third-party Rust dependencies. #892, #873, #865
  • Service: Improved the Python typing signatures used in the service. #881
  • Service: Updated multiple first-party and third-party Python libraries. #893, #889, #866, #885, #861, #890,
  • Supervisor: The supervisor now includes the full error context upon failure. #879
  • Service: Cleaned up scaleset update logs. #880
  • Agent: Continued development related to upcoming features. #874, #868, #864
  • SDK/CLI: Replaced Python based directory uploading with azcopy sync. #878

Fixed

  • Service/Supervisor: Fixed an issue shrinking scalesets where idle nodes would not shut down as expected. #866
  • Deployment: Fixed an issue deploying to non-Microsoft single-tenant instances. #872, #898

2.16.0

Aded

  • Deployment: Added ability to only deploy RBAC rsources. #818
  • Agent: Continued development related to upcoming features. #855, #858

Fixed

  • Agent: Fixed issue where directory monitoring would fail due to azcopy temporary files. #859
  • Service: Fixed issue where scalesets could get stuck trying to resize if also manually deleted. #860

2.15.0

Added

Changes

  • Agent/Proxy/Supervisor : Updated multiple third-party Rust dependencies. #842, #826, #829,
  • Service/Contrib: Updated multiple Python dependencies. #828, #827, #823, #822, #821, #847
  • Service: Resetting nodes no longer requires waiting for the node to acknowledge the shutdown in some cases. #834

Fixed

  • Supervisor: Fixed an issue introduced in 2.14.0 that sometimes prevents nodes from stopping processing tasks. #833
  • Service: Fixed an issue related to Azure Storage Queues being deleted while in use. #832
  • Deployment: Fixed an issue where the CLI client application role was not assigned during deployment. #825

2.14.0

Added

  • Contrib: Added a sample GitHub Actions workflow and an Azure DevOps Pipeline to demonstrate deploying OneFuzz jobs using CICD. #778
  • CLI/Service: Added creation timestamps to Job, Node, Pool, Scaleset, Repro, Task, and TaskEvent records returned by the service. #796, #805, #804
  • Agent/Proxy/Supervisor: Added additional context to web request failures to assist in debugging issues. #798
  • Service: Added task configuration to the crash_reported and regression_reported events. #793

Changes

  • Agent: The full error context is now logged upon task failure. #802
  • CLI: The libfuzzer-dotnet template no longer defaults to failing the task if the fuzzer exits with a non-zero status but no crash artifact. #807
  • Agent/Proxy/Supervisor: Updated multiple Rust dependencies. #800
  • Service: When multiple failures are reported for a given task, only the first failure is recorded. #797
  • Agent: Continued development related to upcoming features. #820, #816, #790, #809, #812, #811, #810, #794, #799, #779

Fixed

  • Deployment: Added missing actions to the example Custom Azure Role for deployment. #808
  • Service: Fixed an issue in scaleset creation with incompatible VM SKUs and VM Images. #803
  • Service: Fixed an issue removing user identity information from logging to user instances. #795

2.13.0

Added

  • Deployment: Allow specifying the Azure subscription to use for deployment, instead of always using the default #774

Changed

  • Agent/Supervisor: Added automatic retry when executing azcopy. #701
  • Service: When task setup fails, the error that caused the setup failure is now included in the Task error message. #781
  • Agent: The libfuzzer-fuzz task no longer queries the full local system status when only reporting process status. #784
  • Agent: The libfuzzer-fuzz task now limits the stderr collected to the last 1024 lines for potential failure reporting. #785
  • Agent: The libfuzzer-fuzz task now summarizes the executions per second and iteration counts from all of the workers on each VM. #786
  • Agent: The libfuzzer-coverage task no longer removes the initial copy of inputs. #788
  • Agent: Debugger scripts for extracting libFuzzer coverage are now embedded in the agent. #783
  • Agent: Continued development related to upcoming features. #787, #776, #663

Fixed

  • CLI: Fixed issue relating to line endings in the libfuzzer-qemu job template setup script. #782
  • Service: Fixed backward compatibility issue in ephemeral disk support when creating scalesets. #780
  • Deployment: Fixed issue in multi-tenant deployment support. #773

2.12.0

Added

  • Agent: LibFuzzer tasks now include a verification step that verifies the fuzzer can test a small number of seeds at the start of the task. #752
  • Integration Tests: Added verification that no errors are logged to Application Insights during testing. #700
  • Agent/Supervisor/Service/Deployment: Added support for multi-tenant authentication. #746
  • CLI/Service: Added support for Ephemeral OS Disks. #461, #761

Changed

  • Agent: Continued development related to upcoming features. #765, #762, #754, #756, #750, #744, #753
  • Contrib: Updated multiple python dependencies. #764
  • CLI/Agent: LibFuzzer fuzzing tasks no longer default to failing the task if the fuzzer exits with a non-zero status but no crash artifact. #748

Fixed

  • Agent/Proxy/Supervisor: Fixed issues prevent HTTPS retries. #766
  • Agent/Service/Proxy/Supervisor: Fixed logging and telemetry from the agent. #769

2.11.1

Fixed

  • Agent/Proxy/Supervisor: Fixed issues preventing heartbeats. #749

2.11.0

Changed

  • Agent: Continued log simplification and clarification. #736, #740, #742
  • Agent: Prevent invalid queue messages from being ignored. #731
  • Agent: Separated module and symbol names for Windows debugger-based crash reports. #723
  • Deployment/Agent: Updated AFL++ to 3.11c. #728
  • CLI/Deployment: Updated Python dependencies. #721
  • Agent: Updated stack minimization regular expressions from ClusterFuzz. #722
  • Service: Removed user's identity information from logging to user instances. #724, #725
  • Agent: Continued development related to upcoming features. #699, #729, #733, #735, #738, #739

Fixed

  • Deployment: Worked around a race condition in service principal creation. #716
  • Agent: Dotfiles are now ignored in libFuzzer-related directories. #741

2.10.0

Added

Changed

  • Agent/Proxy/Supervisor: Changed web request retry logic to include the underlying failure upon giving up retrying a request. #696
  • Supervisor: Added automatic web request retry logic when communicating to the service. #704
  • CLI/Service: Updated Python dependencies. #698, #687
  • Supervisor: Clarified log message when the supervisor unexpectedly exits. #685
  • Proxy: Simplified service communication logic. #683
  • Proxy: Increased log verbosity on proxy failure. #702
  • Agent: Increased setup script timestamp resolution. #709
  • Agent: Continued development related to an upcoming feature. #508, #688, #703, #710, #711

Fixed

  • Agent: Fixed support for libFuzzer targets that use shared objects or DLLs from the setup container. #680, #681, #682, #689, #713

2.9.0

Added

  • Contrib: Added sample Webhook Service #666
  • Agent: Add OneFuzz version and Software role to telemetry #586
  • Agent: Add multiple telemetry data types for the upcoming functionality #619
  • Agent: Added input_file_sha256 to configuration value expansion. #641
  • Agent: Added job_id to Task Heartbeat #646
  • Service: Added task information to job_stopped events #648

Changed

  • Service: task_stopped and task_failed now trigger once the task has stopped instead of upon entering the stopping state. #651
  • CLI: Authentication tokens are saved upon successful login rather than on program exit. #665
  • Service: If a task with dependent tasks fails, all of the dependent tasks are marked as failed. #650
  • Agent: Fixed PC address in crash report backtraces. #658
  • Service: Upon task completion, if all of the tasks in the associated job are completed, the job is marked as stopped. #649
  • Deployment/Agent: Updated AFL++ to 3.11c. #675
  • Agent/Proxy/Supervisor: Changed web request retry logic to always retry any request that fails, regardless of why the request failed. #674
  • Agent: Downloading files from task queues will now automatically retry on failure. #676
  • Service: User information is now stripped from Events before being logged to Application Insights. #661

Fixed

  • Service: Handle exception related to manually deleted scalesets #672
  • Agent: Fixed Rust lifetime issues exposed by an update to Rust regex library #671

2.8.0

Added

Changed

  • Agent: Clarified batch-processing logs. #622
  • Agent/Proxy: Updated multiple rust dependencies. #624
  • Service/CLI/Contrib: Updated multiple python dependencies. #607, #608, #610, #611, #612, #625, #626, #630, #640
  • Service: Update task configuration to verify target_exe is a canonicalized relative path. #613
  • Deployment/Agent: Updated AFL++ to 3.10c. #609
  • Deployment: Clarify application password creation succeeded after earlier failures. #629
  • Service: VM passwords are no longer set on Linux VMs. #620
  • Service: Clarify source of task failures when notification integration marks a task as failed. #635

Fixed

  • Agent/Proxy/Supervisor: Fixed web request retry logic when handling operating system level errors. #623
  • Service: Handle exceptions when creating scalesets fail due to Azure VM quota issues. #614

2.7.0

Added

  • CLI: Added onefuzz containers files download_dir to enable downloading the contents of a container. #598
  • Agent: Added microsoft_telemetry_key and instance_telemetry_key and expanded the availability reports_dir in configuration value expansion. #561
  • Agent/Service: Added job_id to agent-based heartbeats. #594
  • Agent/Proxy/Supervisor: Added additional context to errors during Storage Queue and service interactions to improve debugging. #601

Changed

  • Agent/Proxy/Supervisor: Renamed the Application Insights token names used for telemetry to microsoft_telemetry_key and instance_telemetry_key and the function that gated telemetry sharing to can_share_with_microsoft to make the telemetry implementation easier to understand. #587
  • Deployment: Updated multiple Python dependencies. #596
  • Service: Updated multiple Python dependencies. Addresses potential security issue CVE-2020-28493 #595
  • Service: Don't let nodes run new tasks if they are part of a scaleset or pool that is scheduled to be shut down. #583

Fixed

  • Service: Fixed the queries used to identify nodes running outdated OneFuzz releases. #597
  • Agent: Fixed an issue that would stop an agent or supervisor from performing work if an HTTPS request has failed in certain conditions. #603
  • Agent: Fixed an issue that would stop a task if the task printed a significant amount of data to stdout or stderr. #588
  • Deployment: Address deployment failures relating to cross-region Azure Active Directory resource creation delays. #585

2.6.0

Added

  • Service: Jobs that do not start within 30 days are automatically stopped. #565

Changed

  • Service: Debug proxies now use ports 28000 through 32000. #552
  • Service: Events now include the instance name and unique identifier. #577
  • Service: All task related Events now include the task configuration. #580
  • Service: Errors generated during report crash report notification due to invalid jobs or tasks now include the reason for the error. #576
  • CLI: Namespaced containers for coverage used in job templates now include build and platform in addition to project and name. #572
  • Service: User triggered node reimaging no longer waits for confirmation from the node prior to starting the reimage process. #566

Fixed

  • Service: Fixed an error condition when users recreate a container immediately after deleting it. #582
  • Service: Fixed an issue when one task on a node ended, the node was reimaged regardless of the state of other tasks running on the node. #567

2.5.0

Added

  • CLI: Added the ability to poll task status until the tasks have started to managed templates using --wait_for_running. #532
  • CLI: Added a libfuzzer-dotnet support. #535
  • Agent: Added crashes_account and crashes_container to configuration value expansion. #551
  • CLI: Added onefuzz status job and onefuzz status project to provide a user-friendly job status. #550

Changed

  • Agent: Logs and local telemetry from the agent now include the role (agent or supervisor) in recorded events. #527
  • Agent: Clarified the errors generated when libFuzzer coverage extraction fails #554

Fixed

  • Service: Handled SkuNotAvailable errors from Azure when creating scalesets. #557
  • Agent/Proxy: Updated multiple third-party Rust libraries. Addresses potential security issue RUSTSEC-2021-0023. #548

2.4.1

Changed

  • Agent: Verifying LibFuzzer targets at the start of a task using -help=1 now happens prior to sending heartbeats. #528

Fixed

  • Service: Fixed issue related to Azure Functions not always providing the JWT token via Authorization headers. #531
  • CLI: Fixed --wait_for_running in job templates. #530
  • Deployment: Fixed a log error by setting the default SignalR transport used by Azure Functions. #525
  • Agent: Fixed LibFuzzer coverage collection when instrumenting DLLs loaded at runtime. #519
  • Service: Fixed issue where the cached Azure Identity was not being used. #526
  • Service: Fixed log message related to identifying secondary corpus instances. #524

2.4.0

Added

  • Service: Handle scaleset nodes that never register, such as nodes with instance-specific setup script failures. #518

Changed

  • Agent: Added stdout/stderr logging and clarifying context during failures to the generic_analysis task. #522
  • Agent/Service/Proxy: Clarify log messages from the scaleset proxy. #520
  • Agent/Proxy: Update multiple third-party Rust libraries. #517

Fixed

  • Agent: Fixed potential race condition when single stepping when debugging during the generic_crash_reporter and generic_generator tasks running on Windows. #440

2.3.0

Changed

  • Service: Clarify log messages when the service and agent versions mismatch. #510
  • Service: Scalesets and Nodes are now updated in a consistent order during scheduled updates. #512
  • CLI/Service: Expanded the use of Primitive data types that provide data validation. #514

Fixed

  • Service: Fixed an error generated when scalesets scheduled for deletion had configurations updated. #511
  • Service: Fixed an issue where scaleset configurations were updated too frequently. #511

2.2.0

Added

  • Proxy: The logs from the proxy manager logged to Application Insights. #502

Changed

  • Agent: Updated the web request retry logic to retry requests upon connection refused errors. #506
  • Service: Improved the performance of shutting down pools. #503
  • Service: Updated azure-mgmt-compute Python dependency. #499

Fixed

  • Proxy: Fixed an issue in the proxy heartbeats that caused proxy VMs to be reset after 10 minutes. #502
  • Agent: Fixed an issue that broke libFuzzer based crash reporting that was introduced 2.1.1. #505

2.1.1

Added

Fixed

  • Service: Fixed an issue where scalesets could get in a state that would stop updating configurations. #489

2.1.0

Added

Changed

  • CLI/Service/Agent: Supervisor can now be fully self-contained fuzzing tasks, no longer requiring target_exe. Additionally, supervisor tasks can now optionally have managed report containers. #474
  • Service: Managed nodes that are unused beyond 7 days are automatically reimaged to ensure OS patch levels are maintained. #476
  • CLI/Service: Updated the default Windows VM image to MicrosoftWindowsDesktop:Windows-10:20h2-pro:latest. Existing scalesets will not be impacted by this change, only newly created scalesets using the default image. #469

Fixed

  • Agent: New inputs discovered by supervisor tasks are now saved to the inputs container. #484
  • CLI: The license is now properly set in the python package metadata. #472
  • Agent: Failure to download files via HTTP from queues now results in a failure, rather than the HTTP error being interpreted as the requested file. #485
  • Deployment: Fixed error when checking if the default CLI application exists. #488

2.0.0

Added

Changed

  • CLI/Service: Migrated onefuzz status top to use Webhook Events. (BREAKING CHANGE) #394
  • CLI/Service: New notification secrets, such as ADO tokens, are managed in Azure KeyVault and are no longer accessible to the user once created. (BREAKING CHANGE) #326, #389
  • CLI/Service: Updated multiple Python dependencies. #426, #427, #430

Fixed

  • Agent: Fixed triggering condition for new unique report events #422
  • Deployment: Mitigate issues related to deployments within conditional access policy scenarios. #447
  • Agent: Fixed an issue where unused nodes would stop requesting new work. #459
  • Service: Fixed dead node cleanup. #458
  • Service: Fixed an issue logging excessively large stdout/stderr from tasks. #460

1.11.0

Added

  • Service: Added support for sharding corpus storage accounts using "Premium" storage accounts for improved IOPs. #334
  • CLI/Service/Agent: Added the ability to optionally colocate multiple compatible tasks on a single machine. The coverage and crash reporting tasks in the LibFuzzer template make use of this functionality by default. #402
  • CLI: Added onefuzz debug log tail which enables continuously following Application Insights query results. #401
  • CLI/Agent: Support verifying LibFuzzer targets at the start of a task using -help=1, which will enable identifying non-functional LibFuzzer targets. #381
  • CLI/Agent: Support specifying whether to log a warning or fail the task when a LibFuzzer target exits with a non-zero status code (without also generating a crashing input). #381
  • Agent: The stdout and stderr for the supervisors and generators are now logged to Application Insights. #400
  • Service: Enabled per-Scaleset SSH keys on Windows VMs, similar to existing Linux support, enabling onefuzz debug node ssh to both Windows and Linux nodes. #390
  • Agent: Support ASAN odr-violation results. #380
  • CLI/Service/Agent: Added the ability add SSH keys to nodes within scalesets. #441
  • CLI: Added support for multi-tenant authentication. #346

Changed

  • Service: Updating outdated nodes is now limited to 500 nodes at a time. #397
  • Service: Restrict agent from accessing API endpoints not specific to the agent. #404
  • Service: Increased Azure Functions runtime timeout to 15 minutes. #384
  • Deployment/Agent: Updated AFL++ to 3.00c. #393
  • Agent: Added randomized initial jitter to agent heartbeats, which reduce API query storms when launching large number of nodes concurrently. #387

Fixed

  • CLI/Agent: Add support to verify LibFuzzer targets execute correctly at the start of a task using -help=1. #381
  • Service: Re-enable API endpoint used by onefuzz nodes update. #412
  • Agent: Addressed a race condition in LibFuzzer coverage analysis without initial seeds. #403
  • Agent: Prevent supervisor that fatally exits from processing additional new tasks. #378
  • Agent: Address issues handling LibFuzzer targets that produce non-UTF8 output to stderr. #379

1.10.0

Added

  • CLI: Added libfuzzer merge job template, which enables running performing libFuzzer input minimization as a batch operation. #282
  • CLI/Service: Added the instance-specific Application Insights telemetry key to onefuzz info get, which will enable logging to the instance specific application insights from the SDK. #353
  • Agent: Added support for parsing ASAN CHECK failed entries, which can occur during large amounts of memory corruption. #358
  • Agent/Service: Added support for parsing the ASAN "scariness" score and description when print_scariness=1 in ASAN_OPTIONS. #359

Changed

  • Agent: Mark tasks as failed if the application under test generates an ASAN log file that the agent is unable to parse. #351
  • Agent: Updated the libfuzzer_merge task to merge pre-existing inputs in a single pass. #282
  • CLI: Clarified the error messages when prefix-expansion fails. #342
  • Service: Rendered pydantic models as JSON when logging to prevent error=None from showing up in the error logs. #350
  • Deployment: Pinned the version of pyOpenssl to the version used by multiple Azure libraries. #348
  • CLI/Service: (PREVIEW FEATURE) Multiple updates to job template management. #354, #360, #361

Fixed

  • Agent: Fixed issue preventing the supervisor from notifying the service on some state changes. #337
  • Deployment: Fixed a regression in retrying password creation during deployment #338
  • Deployment: Fixed uploading tools when rolling back deployments. #347

1.9.0

Added

  • CLI/Service: Added Service-Managed Job Templates as a preview feature. Enable via onefuzz config --enable_feature job_templates. #226
  • Service/agent: Added internal support for unmanaged nodes. This paves the way for bring your own compute for fuzzing. #318
  • CLI: Added onefuzz debug subcommands to simplify coverage and fuzzing performance for libFuzzer jobs from Application Insights. #325
  • Service: Information about the user responsible for creating jobs and repro VMs is now associated with the Job and Repro VMs. #327

Changed

  • Deployment: deploy.py now automatically retries on failure when deploying the Azure Function App. #330

Fixed

  • Service: Address multiple minor issues previously hidden by function decorators used for caching. #322
  • Agent: Fixed libFuzzer coverage support for internal builds of MSVC #324
  • Agent: Address issue preventing instance-wide setup scripts from executing in some cases. #331

1.8.0

Added

  • CLI/Service: Added Event-based webhooks. #296
  • Service: Information about the user responsible for creating tasks is now associated with the tasks (this information is available in the task related event webhooks). #303

Changed

  • Contrib: Azure Devops deployment pipeline uses the --upgrade feature added in 1.7.0. #304

Fixed

  • Service: Fixed setting target_workers, used to configure the number of concurrent libFuzzer workers within a task. #305

1.7.0

Added

  • Deployment: deploy.py now takes --upgrade to enable simplify upgrading deployments. For now, this skips assignment of the managed identity role which only needs to be done on installation. #271
  • CLI: Added Application Insights debug CLI. See onefuzz debug logs #281
  • CLI: Added unique_inputs to the default container types for onefuzz reset --containers and onefuzz containers reset. #290
  • CLI: Added onefuzz debug node to enable debugging a node in a scaleset without having to specify the scaleset. #298

Changed

  • Service: When shutting down an individual scaleset, all of the nodes in the scaleset are now marked for shutdown. #252
  • Service: The scaleset service principal IDs are now cached as part of the respective Scaleset object #255
  • Service: The association from nodes that ran a task are now kept until the node is reimaged, enabling easily connecting to the node that ran a task after task completion. #273
  • Deployment: Pinned urllib3 version due to an incompatible new release #292
  • CLI: Removed calls to containers.list, significantly improving job template creation performance. #289
  • Service: No longer use HTTP 404 response codes during agent registration. #287
  • Agent: Heartbeats are now only sent as part of the execution loop. #283
  • Service: Refactored handlers for agent events, including much more detailed logging. #261
  • Deployment: Prevent users from enabling public access ton containers. #300

Fixed

  • Service: Fixed libfuzzer_merge tasks #240
  • Service: Fixed an issue where scheduled tasks waiting in the queue for longer than 7 days would never get scheduled. #259
  • Service: Removed stale Node references from scalesets #275

1.6.0

Added

  • Service: The service now auto-scales the number of Azure Functions instances as needed #238
  • CLI/Service/Agent: Added the ability to configure ensemble synchronization interval (including disabling ensemble altogether) #229
  • Contrib: Added sample Azure Devops pipeline to maintain instances of OneFuzz #233
  • Deployment: Added utility to create CLI application registrations #236
  • Deployment/Service/Agent: Added a per-instance uniquely generated UUID to telemetry (see docs/telemetry.md for more information) #245

Changed

  • CLI: The CLI now internally caches container authorization tokens #224
  • Service: Moved to using user-assigned managed identities for Scalesets #219
  • Agent: Added stdout to azcopy error logs #247
  • Service: Increased function timeouts to 5 minutes

1.5.0

Added

  • CLI/Service: Added the ability to prevent a VM from getting reset in order to debug tasks #201
  • SDK: Add examples directory to the python package #216
  • Agent: Added connection resiliency via automatic retry (with back-off) throughout the agent #153
  • Deployment: Added the ability to log the application passwords during registration #214
  • Agent: LibFuzzer Coverage metrics are now reported after the batch processing phase #218
  • Deployment: Added a utility to assign scalesets to roles #185
  • Contrib: Added a utility to automate deployment of new releases of OneFuzz via Azure Devops pipelines #208

Fixed

  • Agent: Addressed a race condition syncing input seeds #204

Changed

  • Agent: Instead of ignoring all access violations during libFuzzer coverage processing, stop on second-chance access violations #210
  • Agent: During libFuzzer coverage, disable default symbol paths unless _NT_SYMBOL_PATH is set via target_env. #222

1.4.0

Added

  • CLI: Added onefuzz containers reset to delete containers by type en masse. #198, #202
  • Agent: Added missing approved telemetry as to tool names & crash report identification. #203

Changed

  • Service: Enabled log sampling at the service at 20 items per second. #174

Fixed

  • Service: Fixed multiple bugs in the service, including an exception due to invalid format string proxy or repro VM creation #206

1.3.4

Fixed

  • CLI: Fixed incorrect resetting of granularly selected components introduced in 1.3.3 #193
  • Service: Fixed rate-limiting issues requesting MSI and Storage Account tokens #195

Changed

  • Service: Moved the SDK to use the same pydantic models as the service in request generation #191
  • Service: Improved performance of container validation #196

1.3.3

Fixed

  • Service: Fixed exception generated when deleting repro & proxy VMs #188

1.3.2

Added

  • Service/Agent: Non-functional nodes are now automatically re-imaged #154, #164, #30
  • CLI: Added more granularity for the onefuzz reset sub-command #161, #182
  • Deployment/Agent: Now includes AFL++ #7
  • Deployment/Agent: Now includes Radamsa for Windows #143
  • CLI: The onefuzz status top TUI now allows filtering based on job ID, project, or name #152

Changed

  • Service: Nodes no longer have to wait for the scaleset to finish setup before being able to fuzz #144
  • Agent: Agent now only notifies the service about its current state upon state change #175
  • Service: Task error messages now limit the stdout and stderr to the last 4096 bytes #170
  • Service: Replaced custom queue based event loop with timers #160, #159
  • Agent: Uploads that fail now report the failure earlier #166
  • Agent: All timers now include automatic jitter to reduce request storms #180
  • Agent: Ensemble container synchronization has been unified to once every 60 seconds (plus jitter) #180
  • Agent: Upon agent failure, it will no longer incorrectly re-register and request new work. #150, #146

Fixed

  • Deployment: Addressed an issue with nested exceptions triggered during a failed deployment [#172] (microsoft#172)
  • Deployment: Addressed incompatible prerequisite library warnings during deployment #167

1.3.1

Added

  • Testing: Added rust based libFuzzer in the end-to-end integration tests #132

Fixed

  • Agent: Always parse stderr when generating crash reports for LibFuzzer instead of using ASAN_OPTIONS=log_path, which fixes crash reports from non-sanitizer based crashes. #131
  • Deployment: Added data-migration script to fix notifications for pre-release installs #135

1.3.0

Added

  • Agent: Crash reports for LibFuzzer now attempts to parse stderr in addition to ASAN_OPTIONS=log_path. This enables crash reporting of go-fuzz based binaries. #127
  • Deployment: During deployment, App Insights logs can be configured to automatically export logs to the app-insights container in instance specific func storage account. #102

Changed

  • Agent: Reduced logs sent from the agent #125
  • Service: Scalesets now use multiple placement groups, allowing a scaleset to grow to 1000 nodes (or 600 if using a custom image). #121

Fixed

  • Deployment: Support deploying additional platforms (such as OSX). #126
  • Service: Fixed typing error in sorting TaskEvent. #129

1.2.0

Added

  • CLI/Service: Added creating and updating GitHub Issues based on crash reports. #110

Changed

  • Agent: LibFuzzer fuzzing that exits with a non-zero exit code without a resulting crashing input now mark the task as failed. #108
  • Service: The automatic variable repro_cmd used in crash report notifications now includes '--endpoint URL' to reduce friction for users with multiple OneFuzz instances. #113

1.1.0

Added

  • Agent/Service: Added the ability to automatically re-image nodes that are out-of-date #35
  • Deployment: Added data-migration scripts for pre-release installs #12
  • SDK/CLI: Added more onefuzz debug sub-commands to support debugging tasks #95
  • Agent: Added machine_id and version to log messages #94
  • Service: Errors in creating Azure Devops work items from reports now mark the task as failed #77
  • Service: The nodes executing a task are now included when fetching details for a task (such as onefuzz tasks get $TASKID) #54
  • SDK: Added example Azure Functions that uses the SDK #56
  • SDK/CLI: Added the ability to execute debugger commands automatically during repro #39
  • CLI: Added documentation of CLI sub-command arguments (used to describe afl_container in AFL templates #10
  • Agent: Added ONEFUZZ_TARGET_SETUP_PATH environment variable that indicates the path to the task specific setup container on the fuzzing nodes #15
  • CICD: Use sccache to speed up build times #47
  • SDK: Added end-to-end integration test script to verify full fuzzing pipelines #46
  • Documentation: Added definitions for pool, node, and scaleset #17

Changed

  • Agent/Service: Refactored state management for on-VM supervisors #96
  • Agent: Added 'done' semaphore to the agent to prevent agent from fetching additional work once the node should be reset. #86
  • Agent: Nodes now sleep longer between checking for new work. #78
  • Agent: The task execution clock is now started once the task is in the 'setting up' state #82
  • Service: Drastically reduced logs sent to App Insights from third-party libraries #63
  • Agent/Service: Added the ability to upgrade out-of-date VMs upon requesting new tasking #35
  • CICD: Non-release builds now include the GIT hash in the versions and localchanges if built locally with un-committed code. #58
  • Agent: Command replacements now use absolute rather than relative paths. #22

Fixed

  • CLI: Fixed issue using onefuzz template stop which would improperly stop jobs that had the same 'name' but different 'project' values. #97
  • Agent: Fixed input marker expansion (used in AFL templates related to handling @@). #87
  • Service: Errors generated after the task shutdown has started are ignored. #83
  • Agent: Instance specific tools now download and run on windows nodes as expected #81
  • CLI: Using --wait_for_running in onefuzz template jobs now properly waits for tasks to launch before exiting #84
  • Service: Handled more Azure Devops notification errors #80
  • Agent: WSearch service is now properly disabled by default on Windows VMs #67
  • Service: Properly deletes repro VMs #36
  • Agent: Supervisor now flushes logs to Application Insights upon exit #21
  • Agent: Task specific setup script failures now properly get recorded as a failed task and trigger the node to be re-imaged #24

1.0.0

Added

  • Initial public release