crabgraph 0.3.1

A safe, ergonomic, high-performance cryptographic library for Rust built on audited primitives
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

# Lightweight Rust fuzzing image based on Debian Slim (compatible with sanitizers)
FROM rust:slim AS builder

# Install required build tools
RUN apt-get update && apt-get install -y \
    build-essential \
    pkg-config \
    libssl-dev \
    && rm -rf /var/lib/apt/lists/*

# Install nightly toolchain and cargo-fuzz
RUN rustup default nightly && \
    cargo install cargo-fuzz

# Production image
FROM rust:slim

# Install runtime dependencies
RUN apt-get update && apt-get install -y \
    build-essential \
    pkg-config \
    libssl-dev \
    && rm -rf /var/lib/apt/lists/*

# Copy cargo-fuzz from builder
COPY --from=builder /usr/local/cargo/bin/cargo-fuzz /usr/local/cargo/bin/cargo-fuzz

# Set nightly as default
RUN rustup default nightly

WORKDIR /workspace

# Copy Cargo files first for better layer caching
COPY Cargo.toml ./
COPY Cargo.lock* ./
COPY fuzz/Cargo.toml ./fuzz/

# Create dummy src to build dependencies (caching layer)
RUN mkdir src && \
    echo "fn main() {}" > src/lib.rs && \
    mkdir -p fuzz/fuzz_targets && \
    echo "#![no_main]\nuse libfuzzer_sys::fuzz_target;\nfuzz_target!(|_data: &[u8]| {});" > fuzz/fuzz_targets/dummy.rs

# Build dependencies to cache them
RUN cd fuzz && cargo +nightly build --release 2>/dev/null || true

# Remove dummy files
RUN rm -rf src fuzz/fuzz_targets/dummy.rs

# Copy actual source code
COPY src ./src
COPY fuzz ./fuzz

# Default command runs all fuzz targets for 60 seconds each
# Cleans up old artifacts before starting
CMD ["sh", "-c", "cd fuzz && \
    echo '=========================================='; \
    echo 'Cleaning old artifacts...'; \
    echo '=========================================='; \
    rm -rf artifacts/*/* 2>/dev/null || true; \
    echo 'Old artifacts removed. Starting fuzzing...' && \
    echo '' && \
    for target in fuzz_targets/*.rs; do \
    target_name=$(basename $target .rs); \
    echo '=========================================='; \
    echo 'Fuzzing: '$target_name; \
    echo '=========================================='; \
    cargo fuzz run $target_name -- -max_total_time=60 || echo 'Issues found in '$target_name; \
    done && \
    echo '' && \
    echo '=========================================='; \
    echo 'Fuzzing complete!'; \
    echo '=========================================='; \
    if [ -d artifacts ] && [ \"$(find artifacts -type f 2>/dev/null)\" ]; then \
        echo 'Artifacts found:'; \
        find artifacts -type f -exec echo '  {}' \\;; \
    else \
        echo 'No artifacts generated (no crashes/issues found)'; \
    fi"]