Onefuzz

Added

* Agent: Added clarifying context to file system errors. [423](https://github.com/microsoft/onefuzz/pull/423)
* CLI/Service: Significantly expanded the [events](docs/webhook_events.md) available for webhooks. [394](https://github.com/microsoft/onefuzz/pull/394)
* Agent: Added `{setup_dir}` to [configuration value expansion](docs/command-replacements.md) [417](https://github.com/microsoft/onefuzz/pull/417)
* Agent: Added `{tools_dir}` [configuration value expansion](docs/command-replacements.md) to `{supervisor_options}` and `{supervisor_env}` [444](https://github.com/microsoft/onefuzz/pull/444)

Changed

* CLI/Service: Migrated `onefuzz status top` to use [Webhook Events](docs/webhook_events.md). (BREAKING CHANGE) [394](https://github.com/microsoft/onefuzz/pull/394)
* CLI/Service: New notification secrets, such as ADO tokens, are managed in Azure KeyVault and are no longer accessible to the user once created. (BREAKING CHANGE) [326](https://github.com/microsoft/onefuzz/pull/326), [#389](https://github.com/microsoft/onefuzz/pull/389)
* CLI/Service: Updated multiple Python dependencies. [426](https://github.com/microsoft/onefuzz/pull/426), [#427](https://github.com/microsoft/onefuzz/pull/427), [#430](https://github.com/microsoft/onefuzz/pull/430)

Fixed

* Agent: Fixed triggering condition for new unique report events [422](https://github.com/microsoft/onefuzz/pull/422)
* Deployment: Mitigate issues related to deployments within conditional access policy scenarios. [447](https://github.com/microsoft/onefuzz/pull/447)
* Agent: Fixed an issue where unused nodes would stop requesting new work. [459](https://github.com/microsoft/onefuzz/pull/459)
* Service: Fixed dead node cleanup. [458](https://github.com/microsoft/onefuzz/pull/458)
* Service: Fixed an issue logging excessively large stdout/stderr from tasks. [460](https://github.com/microsoft/onefuzz/pull/460)

Added

* Service: Added support for sharding corpus storage accounts using "Premium" storage accounts for improved IOPs. [334](https://github.com/microsoft/onefuzz/pull/334)
* CLI/Service/Agent: Added the ability to optionally colocate multiple compatible tasks on a single machine. The coverage and crash reporting tasks in the LibFuzzer template make use of this functionality by default. [402](https://github.com/microsoft/onefuzz/pull/402)
* CLI: Added `onefuzz debug log tail` which enables continuously following Application Insights query results. [401](https://github.com/microsoft/onefuzz/pull/401)
* CLI/Agent: Support verifying LibFuzzer targets at the start of a task using `-help=1`, which will enable identifying non-functional LibFuzzer targets. [381](https://github.com/microsoft/onefuzz/pull/381)
* CLI/Agent: Support specifying whether to log a warning or fail the task when a LibFuzzer target exits with a non-zero status code (without also generating a crashing input). [381](https://github.com/microsoft/onefuzz/pull/381)
* Agent: The stdout and stderr for the supervisors and generators are now logged to Application Insights. [400](https://github.com/microsoft/onefuzz/pull/400)
* Service: Enabled per-Scaleset SSH keys on Windows VMs, similar to existing Linux support, enabling `onefuzz debug node ssh` to both Windows and Linux nodes. [390](https://github.com/microsoft/onefuzz/pull/390)
* Agent: Support ASAN odr-violation results. [380](https://github.com/microsoft/onefuzz/pull/380)
* CLI/Service/Agent: Added the ability add SSH keys to nodes within scalesets. [441](https://github.com/microsoft/onefuzz/pull/441)
* CLI: Added support for multi-tenant authentication. [346](https://github.com/microsoft/onefuzz/pull/346)

Changed

* Service: Updating outdated nodes is now limited to 500 nodes at a time. [397](https://github.com/microsoft/onefuzz/pull/397)
* Service: Restrict agent from accessing API endpoints not specific to the agent. [404](https://github.com/microsoft/onefuzz/pull/404)
* Service: Increased Azure Functions runtime timeout to 15 minutes. [384](https://github.com/microsoft/onefuzz/pull/384)
* Deployment/Agent: Updated AFL++ to 3.00c. [393](https://github.com/microsoft/onefuzz/pull/393)
* Agent: Added randomized initial jitter to agent heartbeats, which reduce API query storms when launching large number of nodes concurrently. [387](https://github.com/microsoft/onefuzz/pull/387)

Fixed

* CLI/Agent: Add support to verify LibFuzzer targets execute correctly at the start of a task using `-help=1`. [381](https://github.com/microsoft/onefuzz/pull/381)
* Service: Re-enable API endpoint used by `onefuzz nodes update`. [412](https://github.com/microsoft/onefuzz/pull/412)
* Agent: Addressed a race condition in LibFuzzer coverage analysis without initial seeds. [403](https://github.com/microsoft/onefuzz/pull/403)
* Agent: Prevent supervisor that fatally exits from processing additional new tasks. [378](https://github.com/microsoft/onefuzz/pull/378)
* Agent: Address issues handling LibFuzzer targets that produce non-UTF8 output to stderr. [379](https://github.com/microsoft/onefuzz/pull/379)

Added

* CLI: Added `libfuzzer merge` job template, which enables running performing libFuzzer input minimization as a batch operation. [282](https://github.com/microsoft/onefuzz/pull/282)
* CLI/Service: Added the instance-specific Application Insights telemetry key to `onefuzz info get`, which will enable logging to the instance specific application insights from the SDK. [353](https://github.com/microsoft/onefuzz/pull/353)
* Agent: Added support for parsing ASAN `CHECK failed` entries, which can occur during large amounts of memory corruption. [358](https://github.com/microsoft/onefuzz/pull/358)
* Agent/Service: Added support for parsing the ASAN "scariness" score and description when `print_scariness=1` in `ASAN_OPTIONS`. [359](https://github.com/microsoft/onefuzz/pull/359)

Changed

* Agent: Mark tasks as failed if the application under test generates an ASAN log file that the agent is unable to parse. [351](https://github.com/microsoft/onefuzz/pull/351)
* Agent: Updated the `libfuzzer_merge` task to merge pre-existing inputs in a single pass. [282](https://github.com/microsoft/onefuzz/pull/282)
* CLI: Clarified the error messages when prefix-expansion fails. [342](https://github.com/microsoft/onefuzz/pull/342)
* Service: Rendered `pydantic` models as JSON when logging to prevent `error=None` from showing up in the error logs. [350](https://github.com/microsoft/onefuzz/pull/350)
* Deployment: Pinned the version of pyOpenssl to the version used by multiple Azure libraries. [348](https://github.com/microsoft/onefuzz/pull/348)
* CLI/Service: (PREVIEW FEATURE) Multiple updates to job template management. [354](https://github.com/microsoft/onefuzz/pull/354), [#360](https://github.com/microsoft/onefuzz/pull/360), [#361](https://github.com/microsoft/onefuzz/pull/361)

Fixed

* Agent: Fixed issue preventing the supervisor from notifying the service on some state changes. [337](https://github.com/microsoft/onefuzz/pull/337)
* Deployment: Fixed a regression in retrying password creation during deployment [338](https://github.com/microsoft/onefuzz/pull/338)
* Deployment: Fixed uploading tools when rolling back deployments. [347](https://github.com/microsoft/onefuzz/pull/347)

Added

* CLI/Service: Added [Service-Managed Job Templates](docs/declarative-templates.md) as a preview feature. Enable via `onefuzz config --enable_feature job_templates`. [226](https://github.com/microsoft/onefuzz/pull/296)
* Service/agent: Added internal support for unmanaged nodes. This paves the way for _bring your own compute_ for fuzzing. [318](https://github.com/microsoft/onefuzz/pull/318)
* CLI: Added `onefuzz debug` subcommands to simplify coverage and fuzzing performance for libFuzzer jobs from Application Insights. [325](https://github.com/microsoft/onefuzz/pull/325)
* Service: Information about the user responsible for creating jobs and repro VMs is now associated with the Job and Repro VMs. [327](https://github.com/microsoft/onefuzz/pull/327)

Changed

* Deployment: `deploy.py` now automatically retries on failure when deploying the Azure Function App. [330](https://github.com/microsoft/onefuzz/pull/330)

Fixed

* Service: Address multiple minor issues previously hidden by function decorators used for caching. [322](https://github.com/microsoft/onefuzz/pull/322)
* Agent: Fixed libFuzzer coverage support for internal builds of MSVC [324](https://github.com/microsoft/onefuzz/pull/324)
* Agent: Address issue preventing instance-wide setup scripts from executing in some cases. [331](https://github.com/microsoft/onefuzz/pull/331)

Added

* CLI/Service: Added [Event-based webhooks](docs/webhooks.md). [296](https://github.com/microsoft/onefuzz/pull/296)
* Service: Information about the user responsible for creating tasks is now associated with the tasks (this information is available in the task related event webhooks). [303](https://github.com/microsoft/onefuzz/pull/303)

Changed

* Contrib: Azure Devops deployment pipeline uses the `--upgrade` feature added in 1.7.0. [304](https://github.com/microsoft/onefuzz/pull/304)

Fixed

* Service: Fixed setting `target_workers`, used to configure the number of concurrent libFuzzer workers within a task. [305](https://github.com/microsoft/onefuzz/pull/305)

Added

* Deployment: `deploy.py` now takes `--upgrade` to enable simplify upgrading deployments. For now, this skips assignment of the managed identity role which only needs to be done on installation. [271](https://github.com/microsoft/onefuzz/pull/271)
* CLI: Added Application Insights debug CLI. See `onefuzz debug logs` [281](https://github.com/microsoft/onefuzz/pull/281)
* CLI: Added unique_inputs to the default container types for `onefuzz reset --containers` and `onefuzz containers reset`. [290](https://github.com/microsoft/onefuzz/pull/290)
* CLI: Added `onefuzz debug node` to enable debugging a node in a scaleset without having to specify the scaleset. [298](https://github.com/microsoft/onefuzz/pull/289)

Changed

* Service: When shutting down an individual scaleset, all of the nodes in the scaleset are now marked for shutdown. [252](https://github.com/microsoft/onefuzz/pull/252)
* Service: The scaleset service principal IDs are now cached as part of the respective Scaleset object [255](https://github.com/microsoft/onefuzz/pull/255)
* Service: The association from nodes that ran a task are now kept until the node is reimaged, enabling easily connecting to the node that ran a task after task completion. [273](https://github.com/microsoft/onefuzz/pull/273)
* Deployment: Pinned `urllib3` version due to an incompatible new release [292](https://github.com/microsoft/onefuzz/pull/292)
* CLI: Removed calls to `containers.list`, significantly improving job template creation performance. [289](https://github.com/microsoft/onefuzz/pull/289)
* Service: No longer use HTTP 404 response codes during agent registration. [287](https://github.com/microsoft/onefuzz/pull/287)
* Agent: Heartbeats are now only sent as part of the execution loop. [283](https://github.com/microsoft/onefuzz/pull/283)
* Service: Refactored handlers for agent events, including much more detailed logging. [261](https://github.com/microsoft/onefuzz/pull/261)
* Deployment: Prevent users from enabling public access ton containers. [300](https://github.com/microsoft/onefuzz/pull/300)

Fixed

* Service: Fixed libfuzzer_merge tasks [240](https://github.com/microsoft/onefuzz/pull/240)
* Service: Fixed an issue where scheduled tasks waiting in the queue for longer than 7 days would never get scheduled. [259](https://github.com/microsoft/onefuzz/pull/259)
* Service: Removed stale Node references from scalesets [275](https://github.com/microsoft/onefuzz/pull/275)