Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Monorail to GitHub issue mirrorer #7023

Closed
oliverchang opened this issue Dec 16, 2021 · 18 comments
Closed

Monorail to GitHub issue mirrorer #7023

oliverchang opened this issue Dec 16, 2021 · 18 comments

Comments

@oliverchang
Copy link
Collaborator

No description provided.

@oliverchang
Copy link
Collaborator Author

Implemented by @alan32liu in google/clusterfuzz#2578.

We'll start trying to roll this out to a few projects soon.

@oliverchang
Copy link
Collaborator Author

The implementation of this is done. See e.g. https://github.com/Alan32Liu/github-scarecrow/issues/2#issuecomment-1087695761 for exampl reports (The incorrect monorail links are a known issue that has been fixed since).

We're looking to roll this out project by project. Eventually the goal is for this to be opt-out by default.

@evverx any interest in testing this? We'll just need to add file_github_issue: True to the project.yaml file to enable this (and main_repo needs to exist too).

@evverx
Copy link
Contributor

evverx commented Apr 5, 2022

@oliverchang I think it would be great if it was possible to report systemd bugs on GitHub but I'm not sure how it works. Could it be used to clone existing issues like https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44881 to GitHub or is it applicable to new issues only?

@evverx
Copy link
Contributor

evverx commented Apr 5, 2022

@oliverchang also since access to oss-fuzz.com is limited I'm wondering if bug reports were public by default could it also add backtraces to GitHub issues?

@evverx
Copy link
Contributor

evverx commented Apr 5, 2022

Anyway I'm all for mirroring OSS-Fuzz bug reports to GitHub. @mrc0mmand what do you think?

@evverx
Copy link
Contributor

evverx commented Apr 5, 2022

FWIW I think ideally GitHub issues should look like systemd/systemd#13578 but even without backtraces it should make it easier to keep track of them

@oliverchang
Copy link
Collaborator Author

Thanks for the feedback @evverx ! It's currently only applicable to new issues.

Re adding public backtraces (opt-in), that's certainly a feature we can consider, but it's just not something we're prioritising right now given that we're trying to roll this out and make this stable first.

@evverx
Copy link
Contributor

evverx commented Apr 5, 2022

it's just not something we're prioritising right now given that we're trying to roll this out and make this stable first.

Fair enough.

Since most issues are caught by CIFuzz at this point I'm not sure new systemd issues are opened very often so probably systemd isn't the best project in terms of testing this new feature. (New fuzz targets can change that and judging by systemd/systemd#20156 (comment) a "sysupdate" target is on the TODO list but last time I checked it wasn't possible to build that part of systemd without external dependencies (which would prevent it from being fuzzed on OSS-Fuzz). Anyway I'd wait for @mrc0mmand to chime in.

@evverx
Copy link
Contributor

evverx commented Apr 5, 2022

@oliverchang looking at https://github.com/Alan32Liu/github-scarecrow/issues/2 I'm not sure the last sentence should be included in bug reports in its current form. I wonder if it would make sense to either remove

If you have trouble accessing this report, please file an issue at https://github.com/google/oss-fuzz/issues/new

or make it refer to https://github.com/google/oss-fuzz/blob/master/projects/systemd/project.yaml or something like that.

@mrc0mmand
Copy link

Anyway I'm all for mirroring OSS-Fuzz bug reports to GitHub. @mrc0mmand what do you think?

+1, that would definitely help with tracking of the issues!

evverx added a commit to evverx/oss-fuzz that referenced this issue Apr 5, 2022
It should hopefully make it easier to keep track of them.

It was discussed in google#7023
@evverx
Copy link
Contributor

evverx commented Apr 5, 2022

I've just opened #7510.

@evverx
Copy link
Contributor

evverx commented Apr 5, 2022

I think it would be great if the bot could reopen issues closed automatically on GitHub with commit messages like "Closes ..." that weren't actually fixed. As far as I can tell it isn't implemented yet (and I have to admit I'm not sure how it can be implemented considering it can take CF some time to verify patches) but it would be helpful anyway. More generally it would be interesting to find out how it reacts to issues closed on GitHub but opened on Monorail.

jonathanmetzman pushed a commit that referenced this issue Apr 5, 2022
It should hopefully make it easier to keep track of them.

It was discussed in #7023
@evverx
Copy link
Contributor

evverx commented Apr 12, 2022

It's currently only applicable to new issues.

@oliverchang I wonder if it is possible to somehow close old bugs and let OSS-Fuzz report them once again?

@evverx
Copy link
Contributor

evverx commented Apr 12, 2022

I think one option would be to rename fuzz targets but it isn't ideal because the corpora would be removed as far as I understand.

@evverx
Copy link
Contributor

evverx commented Apr 13, 2022

Apparently OSS-Fuzz has reported issues like libbpf/libbpf#481 at least three time so probably it would make sense to move the old issues manually to avoid filing more bug reports than necessary.

@oliverchang
Copy link
Collaborator Author

It's currently only applicable to new issues.

@oliverchang I wonder if it is possible to somehow close old bugs and let OSS-Fuzz report them once again?

I wouldn't recommend that.

We can certainly look into backfilling existing bugs. I've opened #7564 to track this.

I've also opened #7563 to track your request to include more details in the bug report by default, but this is lower priority for now as the number of eligible projects is quite low.

MartinPetkov pushed a commit to MartinPetkov/oss-fuzz that referenced this issue Aug 15, 2022
It should hopefully make it easier to keep track of them.

It was discussed in google#7023
@jonathanmetzman
Copy link
Contributor

I think we can close this issue right?

@DonggeLiu
Copy link
Contributor

Yep, I think so, too.
I will close this now but feel free to reopen it if I missed anything : )

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants