A self-hosted Fuzzing-As-A-Service platform
tui
to ratatui
#3155
users
crate #3150
CustomMetrics
for the Node and Task Heartbeat. #3082
qemu_user
setup script. #3114
readonly_inputs
for qemu_user
template. #3116
check_fuzzer_help
. #3130
maxPerPage
to ORM #3016
onefuzz containers files download
command to download the blob content to a file #3060
S_LABEL
symbols from PDBs #3046
elsa::sync::FrozenMap
now implements Default #3044
ExtensionData
property #3079
--check_fuzzer_help
to --no_check_fuzzer_help
#3063
This release removes the parameters --client_id
, --override_authority
, and override_tenant_domain
from the config
command.
For those accessing the CLI with a service principal, the parameters can be supplied on the command line for each of the CLI commands.
For example, if deploying a job:
onefuzz --client_id [CLIENT_ID] --client_secret [CLIENT_SECRET] template libfuzzer basic --setup_dir .....
validate
command to the agent to help validate a fuzzer #2948
config
command and require them on each CLI request if accessing the CLI with a service principal #3000
target_options
are always passed last to the fuzzer #2952
GetNotification
nullable to fix errors looking up non-existent notification IDs #2981
delete
action #2987
AdoFields
#2986
ITruncatable
for JobConfig
& EventJobStopped
to avoid exceptions for messages being too large for Azure Queue #2993
jinja
templates and will only accept scriban
templates.onefuzz config
command has removed the --authority
and --tenant_domain
parameters. The only required parameter for interactive use is the --endpoint
parameters. The other values needed for authentication are now retrieved dynamically.coverage
task have been rewritten for improved source-level reporting. The task-level API has one breaking change: the coverage_filter
field has been removed and replaced by the module_allowlist
and source_allowlist
fields. See here for documentation of the new format.dotnet
template has been removed and dotnet_dll
is now dotnet
.get
command to retrieve specific notification definitions. #2818
coverage
task. #2741
--notification_config
support for dotnet templates. #2842
dir
of coverage test inputs. #2853
coverage
crate and tool. #2904
AssignedTo
to telemetry. #2829
onefuzz config
command lines. #2861
onefuzz config
command. #2835
libfuzzer dotnet
template. #2875
registration.py
when creating CLI service principals. #2828
PreserveExistingOutputs
to the task. #2905
--auto_create_cli_app
flag bug used during deployment. #2921
In the config.json used during deployment; tenant_id
, tenant_domain
, multi_tenant_domain
, and cli_client_id
are now required values. These values are being moved from parameters used in the onefuzz config
CLI command, which will not be present in a future release, however they are unchanged for this version. There is an updated version of the config.json with default values that correspond to the Microsoft.com tenant in this release as well. Please review Pull Request - #2771 for more information.
tenant_id
, tenant_domain
, multi_tenant_domain
, and cli_client_id
are now required values in the config.json used during deployment and no longer required when running the config command. #2771, #2811
onefuzz debug notification template
to validate scriban notification templates #2800
AssignedTo
when failing to create a work item due to an authentication exception #2770
Expand
behavior #2789
readonly_inputs
parameter in dotnet & dotnet_dll templates #2740
elsa
for improved interface with debuggable_module::Loader
#2703
stdio
dumping to example #2757
CoverageRecord
builder to capture output of target child process and allow Loader
reuse in coverage recording #2716
Output
type when recording coverage #2723
info
response #2693
7.0.101
#2698
public
identifier to Events
to restore missing events #2705
For this release you need to add the resource provider Microsoft.AppConfiguration
to the subscription before deploying.
input-tester
. #2681
coverage
to coverage-legacy
. #2685
Create
command will now fail if insert fails. Also add additional tests. #2678
Contains Words
in WIQL #2686
When upgrading from version 5.20 a manual step is required. Before deploying 6.0 delete both Azure App Functions and the Azure App Service plan before upgrading. This is required because we have migrated the service from python
to C#
.
After deployment, there will be two App Functions deployed, one with the name of the deployment and a second one with the same name and a -net
suffix. This is a temporary situation and the -net
app function will be removed in a following release.
If you have not used the deployment parameters to deploy C# functions in 5.20, you can manually delete the -net
app function immediately. Deploying the C# functions was not a default action in 5.20, for most deployments deleting the -net
app function immediately is ok.
With this release we are moving from jinja templates to scriban templates. See the documentation for scriban here.
Version 6.0 will convert jinja templates on-the-fly for a short period of time. We do not guarantee that this will be successful for all jinja template options. These on-the-fly conversions are not persisted in the notifications table in this release. They will be in a following release. This will allow time for conversions of templates that are not handled by the current automatic conversion process.
The default value for the --container_type
parameter to the container
command has been removed. The container_type
parameter is still required for the command. This change removes the ambiguity of the container information being returned.
machine_id
from the Agent to the Task. #2662
Ctrl-C
will fall back to using the device flow. #2612
TelemetryKey
optional. #2619
--container_type
parameter required when using the containers
command. #2631
targetUrl
parameter fix. Only use the filename instead of the absolute path in the URL. The makes the links created in ADO bugs work as expected. #2625
functionapp
in the deployment script. Where the wrong value/parameter pair were used. #2645
running
state during VM setup. #2667