Error: The Mayhem for Code scan detected the Mayhem run for your target was unsuccessful and Multiple Docker files in the repository

Error: The Mayhem for Code scan detected the Mayhem run for your target was unsuccessful.

When I run mayhem locally, it works.

But it doesn’t work as a GitHub action. I doubt it because the original repository has a Dockerfile. I created a different Dockerfile. If the repository has multiple docker files, should we make any changes to the mayhem.yml file?

Hi @prateekvishnu, I had meant to reach out to you about this. I suspect one of the reasons that the target fails is because you have multiple commands invoking different targets in the Mayhemfiles. Mayhemfiles should be one-to-one with a particular target. I noticed that by removing some of the commands from the Mayhemfile, your target eventually succeeded. Your question:

If the repository has multiple docker files, should we make any changes to the mayhem.yml file?

does hint at a possible issue. By default, the mayhem.yml will use the Build Docker action defined here:

However, by default this looks for a file called “Dockerfile”. As your file is called Dockerfile.fuzz, you’ll need to specify this in the mayhem.yml, something like:

      - name: Build and push Docker image
        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
        with:
          context: .
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          file: {context}/Dockerfile.fuzz

(the default is {context}/Dockerfile; see here for more information: GitHub - docker/build-push-action: GitHub Action to build and push Docker images with Buildx)

@abrewer Is there an example for a one-to-one target. As I suspect, there will be changes to mayhem.yml then.

I took a look at your Mayhemfile, it is reflected below:

# Namespaced project name that the target belongs to
project: prateekvishnu/zeitgeist

# Target name (should be unique within the project)
target: zeitgeist

# Base image to run the binary in.
image: ghcr.io/prateekvishnu/zeitgeist:mayhem

# List of commands used to test the target
cmds:

    # Command used to start the target, "@@" is the input file
    # (when "@@" is omitted Mayhem defaults to stdin inputs)
  - cmd: /balance_to_fixedu_conversion
  - cmd: /ema_market_volume_first_state
  - cmd: /ema_market_volume_second_state
  - cmd: /ema_market_volume_third_state
  - cmd: /fee_sigmoid
  - cmd: /fixedi_to_fixedu_conversion
  - cmd: /fixedu_to_balance_conversion
  - cmd: /fixedu_to_fixedi_conversion
  - cmd: /rikiddo_pallet
duration: '60'

Here, you are specifying 9 different fuzzing targets for a single Mayhem run. This will not work. A more appropriate Mayhemfile might look like this:

# Namespaced project name that the target belongs to
project: prateekvishnu/zeitgeist

# Target name (should be unique within the project)
target: balance_to_fixedu_conversion     #target name and command should agree

# Base image to run the binary in.
image: ghcr.io/prateekvishnu/zeitgeist:mayhem

# List of commands used to test the target
cmds:

    # Command used to start the target, "@@" is the input file
    # (when "@@" is omitted Mayhem defaults to stdin inputs)
  - cmd: /balance_to_fixedu_conversion

Does that make sense? In your case, creating a one-to-one target relationship only reflects a change in the Mayhemfile, not in the mayhem.yml. The change in the mayhem.yml, however, comes from using an explicit Dockerfile name (Dockerfile.fuzz, in your case).

We actually do have several other contributors who have approached this scenario of multiple fuzzing targets with quite creative solutions. For example, see the below:

Here the contributor specified the Mayhem action twice in their workflow, referring to a different Mayhemfile each time. Whether or not you do the same thing is entirely up to you, but at a minimum, paring your Mayhemfile down to a single target, and explicitly specifying the Dockerfile name in the Docker Build-Push action (as the name is non-standard) should be all you need to do to get going.

Hope that helps! Feel free to follow up with any additional questions.

Thanks. This worked.

1 Like